From 453b66fac73c7a1e6d59dae2ef9b8773f6b334c6 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 28 Mar 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.4.0 --- postfix/HISTORY | 260 ------------------ postfix/README_FILES/BACKSCATTER_README | 40 ++- postfix/README_FILES/OVERVIEW | 11 +- postfix/RELEASE_NOTES | 46 ++-- .../{RELEASE_NOTES_2.3 => RELEASE_NOTES-2.3} | 0 postfix/TODO | 5 - postfix/conf/header_checks | 203 +++++++------- postfix/html/BACKSCATTER_README.html | 43 +-- postfix/html/OVERVIEW.html | 11 +- postfix/html/header_checks.5.html | 201 +++++++------- postfix/man/man5/header_checks.5 | 17 +- postfix/proto/BACKSCATTER_README.html | 43 +-- postfix/proto/OVERVIEW.html | 11 +- postfix/proto/header_checks | 15 +- postfix/src/global/mail_version.h | 4 +- 15 files changed, 351 insertions(+), 559 deletions(-) rename postfix/{RELEASE_NOTES_2.3 => RELEASE_NOTES-2.3} (100%) delete mode 100644 postfix/TODO diff --git a/postfix/HISTORY b/postfix/HISTORY index 5fdc812a7..e8117e769 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13396,263 +13396,3 @@ Apologies for any names omitted. Workaround: Eric Raymond's man page formatters don't handle low-level *roff .in or .ti controls. We now use .nf and .fi instead. Files: many. - -Wish list: - - Remove defer(8) and trace(8) references and man pages. These - are services not program names. - - Bind all deliveries to the same local delivery process, - making Postfix perform as poorly as monolithic mailers, - but giving a possibility to eliminate duplicate deliveries. - - Maybe declare loop when resolve_local(mxhost) is true? - - Update message content length when adding/removing headers. - - Need scache size limit. - - Update BACKSCATTER_README to use PCRE because that's what I - am using now. - - Make postcat header/body aware so people can grep headers. - - Make postmap header/body aware so people can test multi-line - header checks. - - REDIRECT should override original recipient info, and - probably override DSN as well. - - Find out if with Sendmail, a Milter "add recipient" request - results in NOTIFY=NONE as Postfix does now. - - Update FILTER_README with mailing list suggestions to tag - with a badness indicator and then filter down-stream. - - Either document or remove the internal_mail_filter_classes - feature (it's disabled by default). - - Build a command-line test driver for the cleanup engine. - This allows us to test it with arbitrary record sequences - without having to use a live mail queue. - - Make null local-part handling configurable: either expand - into mailer-daemon (current bahavior) or disallow (strict - behavior, currently implemented only in the SMTP server). - - The type of var_message_limit should be changed from int - to long or better, to take advantage of LP64 architectures. - This also requires checking all expressions in which - var_message_limit appears. - - Add M flag (enable multi-recipient delivery) to pipe daemon. - - The usage of TLScontext->cache_type is unclear. It specifies - a TLS session cache type (smtpd, smtp, or lmtp), but it is - sometimes used as an indicator that TLS session caching is - unavailable. In reality, that decision is made by not - registering call-back functions for cache maintenance. - - Postfix TLS library code should copy any strings that it - receives from the application, instead of passing them - around as pointers. TLScontext->cache_type is a case in - point. - - Are transport:nexthop null fields the same as in the case - of default_transport etc. parameters? - - Don't lose bits when converting st_dev into maildir file - name. It's 64 bits on Linux. Found with the BEAM source - code analyzer. Is this really a problem, or are they just - using 64 bits for upwards compatibility with LP64 systems? - - Do or don't introduce unknown_reverse_client_reject_code. - - Check that "UINT32 == unsigned int" choice is ok (i.e. LP64 - UNIX). - - Tempfail when a Milter application wants content access, - while it is configured in an SMTP server that runs before - the smtpd_proxy filter. - - Log DSN original recipient when rejecting mail. - - Keep whitespace between label and ":"? - - Make the map case folding/locking options configurable, if - not at run-time then at least at compile time so we get - consistent behavior across applications. - - Investigate what it would take to eliminate oqmgr, and to - make the old behavior configurable in a unified queue - manager. This would shave another 2.7 KLOC from the source - footprint. - - Document the case folding strategy for match_list like - features. - - Eliminate the (incoming,deferred)->active rename operation. - - Softbounce fallback-to-ISP for SOHO users. This requires - playing with the soft_error test in the smtp_trouble.c - module, and avoiding delivery to backup MX hosts. - - In the SMTP server, set a "pipelining detected" flag at the - start of a session and at protocol synchronization points, - so that reject_unauth_pipelining can be specified in any - access rule. - - Centralize main.cf parameter input so that defaults work - consistently. What about parameter names that are prefixed - with mail delivery transport names? - - Fix default time unit handling so that we can have a default - bounce lifetime of $maximal_queue_lifetime, without causing - panics when a non-default maximal_queue_lifetime setting - includes no time unit. - - After the 20051222 ISASCII paranoia, lowercase() lowercases - ASCII text only. - - Privacy: remove local command/pathname details from remote - delivery status reports, and log them via local msg_warn(). - - Is it safe to cache a connection after it has been used for - more than some number of address verification probes? - - Try to recognize that Resent- headers appear in blocks, - newest block first. But don't break on incorrect header - block organization. - - Hard limits on cache sizes (anvil, specifically). - - Laptop friendliness: make the qmgr remember when the next - deferred queue scan needs to be done, and have the pickup - server stat() the maildrop directory before searching it. - - Low: replace_sender/replace_recipient actions in access - maps? - - Low: configurable order of local(8) delivery methods. - - Med: local and remote source port and IP address for smtpd - policy hook. - - Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout) - to limit the total time spent trying to connect. - - Med: transform IPv4-in-IPv6 address literals to IPv4 form - when comparing against local IP addresses? - - Med: transform IPv4-in-IPv6 address literals to IPv4 form - when eliminating MX mailer loops? - - Med: Postfix requires [] around IPv6 address information - in match lists such as mynetworks, debug_peer_list etc., - but the [] must not be specified in access(5) maps. Other - places don't care. For now, this gotcha is documented in - IPV6_README and in postconf(5) with each feature that may - use IPv6 address information. The general recommendation - is not to use [] unless absolutely necessary. - - Med: the partial address matching of IPv6 addresses in - access(5) maps is a bit lame: it repeatedly truncates the - last ":octetpair" from the printable address representation - until a match is found or until truncation is no longer - possible. Since one or more ":" are usually omitted from - the printable IPv6 address representation, this does not - really try all the possibilities that one might expect to - be tried. For now, this gotcha is documented in access(5). - - Med: the TLS certificate verification depth parameters never - worked. - - Low: reject HELO with any domain name or IP address that - this MTA is the final destination for. - - Low: should the Delivered-To: test in local(8) be configurable? - - Low: make mail_addr_find() lookup configurable. - - Low: update events.c so that 1-second timer requests do not - suffer from rounding errors. This is needed for 1-second - SMTP session caching time limits. A 1-second interval would - become arbitrarily short when an event is scheduled just - before the current second rolls over. - - Low: configurable internal/system locking method. - - Low: add INSTALL section for pre-existing Postfix systems. - - Low: add INSTALL section for pre-existing RPM Postfixes. - - Low: disallow smtpd_recipient_limit < 100 (the RFC minimum). - - Low: noise filter: allow smtp(8) to retry immediately if - all MXes return a quick ECONNRESET or 4xx reply during the - initial handshake. Retry once? How many times? - - Low: make post-install a "postfix-only script" so it can - take data from the environment instead of main.cf. - - Low: randomize deferred mail backoff. - - Med: separate ulimit for delivery to command? - - Med: option to open queue file early, after MAIL FROM. This - would allow correlation of rejected RCPT TO requests with - accepted requests for the same mail transaction. - - Med: postsuper -r should do something with recipients in - bounce logfiles, to make sure the sender will be notified. - To be perfectly safe, no process other than the queue manager - should move a queue file away from the active queue. - - This could involve tagging a queue file, and use up another - permission bit (postsuper tags a "hot" file, qmgr requeues it). - - Low: postsuper re-run after renaming files, but only a - limited number of times. - - Low: smtp-source may block when sending large test messages. - - Med: find a way to log the sender address when MAIL FROM - is rejected due to lack of disk space. - - Low: revise other local delivery agent duplicate filters. - - Low: all table lookups should consistently use internalized - (unquoted) or externalized (quoted) forms as lookup keys. - smtpd, qmgr, local, etc. use unquoted address forms as keys. - cleanup uses quoted forms. - - Low: have a configurable list of errno values for mailbox - or maildir delivery that result in deferral rather than - bouncing mail. What about "killed by signal" exits? - - Low: after reorganizing configuration parameters, add flags - to all parameters whose value can be read from file. - - Medium: need in-process caching for map lookups. LDAP servers - seem to need this in particular. Need a way to expire cached - results that are too old. - - Low: generic showq protocol, to allow for more intelligent - processing than just mailq. Maybe marry this with postsuper. - - Low: default domain for appending to unqualified recipients, - so that unqualified names can be delivered locally. - - Low: The $process_id_directory setting is not used anywhere - in Postfix. Problem reported by Michael Smith, texas.net. - This should be documented, or better, the code should warn - about attempts to set read-only parameters. - - Low: postconf -e edits parameters that postconf won't list. - - Low: while converting 8bit text to quoted-printable, perhaps - use =46rom to avoid having to produce >From when delivering - to mailbox. - - virtual_mailbox_path expression like forward_path, so that - people can specify prefix and suffix. diff --git a/postfix/README_FILES/BACKSCATTER_README b/postfix/README_FILES/BACKSCATTER_README index a7a82c02a..90a16bfa2 100644 --- a/postfix/README_FILES/BACKSCATTER_README +++ b/postfix/README_FILES/BACKSCATTER_README @@ -4,7 +4,11 @@ PPoossttffiixx BBaacckkssccaatttteerr HHoowwttoo OOvveerrvviieeww -This document describes features that require Postfix version 2.0 or later. +This document describes features that require Postfix version 2.0 or later. The +examples use Perl Compatible Regular Expressions (Postfix pcre: tables), but +also provide a translation to POSIX regular expressions (Postfix regexp: +tables). PCRE is preferred primarily because the implementation is often +faster. Topics covered in this document: @@ -97,8 +101,8 @@ To block such backscatter I use header_checks and body_checks patterns like this: /etc/postfix/main.cf: - header_checks = regexp:/etc/postfix/header_checks - body_checks = regexp:/etc/postfix/body_checks + header_checks = pcre:/etc/postfix/header_checks + body_checks = pcre:/etc/postfix/body_checks /etc/postfix/header_checks: if /^Received:/ @@ -107,7 +111,7 @@ this: /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +) (porcupine\.org)\)/ reject forged client name in Received: header: $2 - /^Received:.* +by +(porcupine\.org)[[:>:]]/ + /^Received:.* +by +(porcupine\.org)\b/ reject forged mail server name in Received: header: $1 endif /^Message-ID:.* ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +) (porcupine\.org)\)/ reject forged client name in Received: header: $2 - /^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/ + /^[> ]*Received:.* +by +(porcupine\.org)\b/ reject forged mail server name in Received: header: $1 endif /^[> ]*Message-ID:.* :]]" matches the end of a word. On some systems you should specify - "\>" instead. For details see your system documentation. + * The "\b" is used here to match the end of a word. If you use regexp: + tables, specify "[[:>:]]" (on some systems you should specify "\>" instead; + for details see your system documentation). * The "if /pattern/" and "endif" eliminate unnecessary matching attempts. DO NOT indent lines starting with /pattern/ between the "if" and "endif"! @@ -202,25 +210,29 @@ the backscatter mail that I get claims to be sent from these addresses. Such mail is obviously forged and is very easy to stop. /etc/postfix/main.cf: - header_checks = regexp:/etc/postfix/header_checks - body_checks = regexp:/etc/postfix/body_checks + header_checks = pcre:/etc/postfix/header_checks + body_checks = pcre:/etc/postfix/body_checks /etc/postfix/header_checks: - /^(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ + /^(From|Return-Path):.*\b(user@domain\.tld)\b/ reject forged sender address in $1: header: $2 /etc/postfix/body_checks: - /^[> ]*(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ + /^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/ reject forged sender address in $1: header: $2 Notes: + * The example uses pcre: tables mainly for speed; with minor modifications, + you can use regexp: tables as explained below. + * The example is simplified for educational purposes. In reality, my patterns list multiple email addresses as "(user1@domain1\.tld|user2@domain2\.tld)". - * The "[[:<:]]" and "[[:>:]]" match the beginning and end of a word, - respectively. On some systems you should specify "\<" and "\>" instead. For - details see your system documentation. + * The two "\b" as used in "\b(user@domain\.tld)\b" match the beginning and + end of a word, respectively. If you use regexp: tables, specify "[[:<:]] + and [[:>:]]" (on some systems you should specify "\< and \>" instead; for + details see your system documentation). * The "\." matches "." literally. Without the "\", the "." would match any character. diff --git a/postfix/README_FILES/OVERVIEW b/postfix/README_FILES/OVERVIEW index dc5026a22..7fe2b5221 100644 --- a/postfix/README_FILES/OVERVIEW +++ b/postfix/README_FILES/OVERVIEW @@ -209,12 +209,13 @@ queues. Network -> smtpd(8) <-> anvil(8) - * The bounce(8), defer(8) and trace(8) servers each maintain their own queue - directory trees with per-message logfiles. This information is used to send - delivery or non-delivery notifications to the sender. + * The bounce(8), defer(8) and trace(8) services each maintain their own queue + directory trees with per-message logfiles. Postfix uses this information + when sending "failed", "delayed" or "success" delivery status notifications + to the sender. - The trace(8) service implements support for the Postfix "sendmail -bv" and - "sendmail -v" commands which produce reports about how Postfix delivers + The trace(8) service also implements support for the Postfix "sendmail -bv" + and "sendmail -v" commands which produce reports about how Postfix delivers mail, and is available with Postfix version 2.1 and later. See DEBUG_README for examples. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 23e96ea81..e56972d73 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -14,6 +14,8 @@ specifies the release date of a stable release or snapshot release. Major changes - critical ------------------------ +See RELEASE_NOTES-2.3 if you upgrade from Postfix 2.2 or earlier. + [Incompat 20070122] To take advantage of the new support for BSD kqueue, Linux epoll, or Solaris /dev/poll, you must restart (not reload) Postfix after upgrading from Postfix 2.3. @@ -42,8 +44,8 @@ creates mailbox dotlock files on all systems. This prevents problems with GNU POP3D which subverts kernel locking by creating a new mailbox file and deleting the old one. -Major changes - milter ----------------------- +Major changes - Milter support +------------------------------ [Feature 20070121] The support for Milter header modification requests was revised. With minimal change in the on-disk representation, @@ -55,8 +57,13 @@ format is entirely backwards compatible with Postfix 2.3. body. Postfix now implements all the header/body modification requests that are available with Sendmail 8.13. -Major changes - tls -------------------- +[Incompat 20070116] A new field is added to the queue file "size" +record that specifies the message content length. Postfix 2.3 and +older Postfix 2.4 snapshots will ignore this field, and will report +the message size as it was before the body was replaced. + +Major changes - TLS support +--------------------------- [Incompat 20061214] The check_smtpd_policy client sends TLS certificate attributes (client ccert_subject, ccert_issuer) only after successful @@ -113,35 +120,34 @@ default_recipient_refill_delay (how long to wait between refill operations). These two parameters act as defaults for optional per-transport settings. -Major changes - delivery status notification --------------------------------------------- +Major changes - delivery status notifications +--------------------------------------------- [Incompat 20061209] Small changes were made to the default bounce message templates, to prevent HTML-aware software from hiding or removing the text "", and producing misleading text. -[Incompat 20060806] [Incompat 20060806] Postfix no longer announces -its name in delivery status notifications. Users believe that -Wietse provides a free help desk service that solves all their email -problems. +[Incompat 20060806] Postfix no longer announces its name in delivery +status notifications. Users believe that Wietse provides a free +help desk service that solves all their email problems. -Major changes - etrn --------------------- +Major changes - ETRN support +---------------------------- [Feature 20061217] More precise queue flushing with the ETRN, "postqueue -s site", and "sendmail -qRsite" commands, after minimization of race conditions. New per-queue-file flushing with "postqueue -i queueid" and "sendmail -qIqueueid". -Major changes - small office/home office ----------------------------------------- +Major changes - small office/home office support +------------------------------------------------ [Incompat 20061217] Postfix no longer requires a domain name. It uses "localdomain" as the default Internet domain name when no domain is specified via main.cf or via the machine's hostname. -Major changes - access control ------------------------------- +Major changes - SMTP access control +----------------------------------- [Incompat 20061214] The check_smtpd_policy client sends TLS certificate attributes (client ccert_subject, ccert_issuer) only after successful @@ -190,11 +196,3 @@ on/off configurable. This introduces new parameters: smtp_pix_workarounds (default: disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps (workarounds indexed by server IP address). The default settings are backwards compatible. - -Major changes - other ---------------------- - -[Incompat 20070116] A new field is added to the queue file "size" -record that specifies the message content length. Postfix 2.3 and -older Postfix 2.4 versions will ignore this field, and will report -the message size as it was before the body was replaced. diff --git a/postfix/RELEASE_NOTES_2.3 b/postfix/RELEASE_NOTES-2.3 similarity index 100% rename from postfix/RELEASE_NOTES_2.3 rename to postfix/RELEASE_NOTES-2.3 diff --git a/postfix/TODO b/postfix/TODO deleted file mode 100644 index 20f5909ee..000000000 --- a/postfix/TODO +++ /dev/null @@ -1,5 +0,0 @@ -What needs to be done before Postfix 2.4.0 is finished: - -- Update BACKSCATTER_README with PCRE rules. - -- Truncate wish list from HISTORY. diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 4b03b9093..5ae99a5b7 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -66,70 +66,75 @@ # time, even when a message header spans multiple lines. # Body lines are always examined one line at a time. # +# COMPATIBILITY +# With Postfix version 2.2 and earlier specify "postmap -fq" +# to query a table that contains case sensitive patterns. By +# default, regexp: and pcre: patterns are case insensitive. +# # TABLE FORMAT -# This document assumes that header and body_checks rules -# are specified in the form of Postfix regular expression -# lookup tables. Usually the best performance is obtained +# This document assumes that header and body_checks rules +# are specified in the form of Postfix regular expression +# lookup tables. Usually the best performance is obtained # with pcre (Perl Compatible Regular Expression) tables, but -# the slower regexp (POSIX regular expressions) support is -# more widely available. Use the command "postconf -m" to -# find out what lookup table types your Postfix system sup- +# the slower regexp (POSIX regular expressions) support is +# more widely available. Use the command "postconf -m" to +# find out what lookup table types your Postfix system sup- # ports. # # The general format of Postfix regular expression tables is -# given below. For a discussion of specific pattern or -# flags syntax, see pcre_table(5) or regexp_table(5), +# given below. For a discussion of specific pattern or +# flags syntax, see pcre_table(5) or regexp_table(5), # respectively. # # /pattern/flags action -# When pattern matches the input string, execute the -# corresponding action. See below for a list of pos- +# When pattern matches the input string, execute the +# corresponding action. See below for a list of pos- # sible actions. # # !/pattern/flags action -# When pattern does not match the input string, exe- +# When pattern does not match the input string, exe- # cute the corresponding action. # # if /pattern/flags # # endif Match the input string against the patterns between -# if and endif, if and only if the same input string +# if and endif, if and only if the same input string # also matches pattern. The if..endif can nest. # -# Note: do not prepend whitespace to patterns inside +# Note: do not prepend whitespace to patterns inside # if..endif. # # if !/pattern/flags # # endif Match the input string against the patterns between -# if and endif, if and only if the same input string +# if and endif, if and only if the same input string # does not match pattern. The if..endif can nest. # # blank lines and comments -# Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # # multi-line text -# A pattern/action line starts with non-whitespace -# text. A line that starts with whitespace continues +# A pattern/action line starts with non-whitespace +# text. A line that starts with whitespace continues # a logical line. # # TABLE SEARCH ORDER -# For each line of message input, the patterns are applied -# in the order as specified in the table. When a pattern is -# found that matches the input line, the corresponding -# action is executed and then the next input line is +# For each line of message input, the patterns are applied +# in the order as specified in the table. When a pattern is +# found that matches the input line, the corresponding +# action is executed and then the next input line is # inspected. # # TEXT SUBSTITUTION -# Substitution of substrings from the matched expression -# into the action string is possible using the conventional -# Perl syntax ($1, $2, etc.). The macros in the result -# string may need to be written as ${n} or $(n) if they +# Substitution of substrings from the matched expression +# into the action string is possible using the conventional +# Perl syntax ($1, $2, etc.). The macros in the result +# string may need to be written as ${n} or $(n) if they # aren't followed by whitespace. # -# Note: since negated patterns (those preceded by !) return +# Note: since negated patterns (those preceded by !) return # a result when the expression does not match, substitutions # are not available for negated patterns. # @@ -138,12 +143,12 @@ # case for consistency with other Postfix documentation. # # DISCARD optional text... -# Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. To discard only one recip- # ient without discarding the entire message, use the # transport(5) table to direct mail to the discard(8) @@ -151,49 +156,49 @@ # # This feature is available in Postfix 2.0 and later. # -# DUNNO Pretend that the input line did not match any pat- -# tern, and inspect the next input line. This action +# DUNNO Pretend that the input line did not match any pat- +# tern, and inspect the next input line. This action # can be used to shorten the table search. # -# For backwards compatibility reasons, Postfix also -# accepts OK but it is (and always has been) treated +# For backwards compatibility reasons, Postfix also +# accepts OK but it is (and always has been) treated # as DUNNO. # # This feature is available in Postfix 2.1 and later. # # FILTER transport:destination -# Write a content filter request to the queue file, -# and inspect the next input line. After the com- -# plete message is received it will be sent through +# Write a content filter request to the queue file, +# and inspect the next input line. After the com- +# plete message is received it will be sent through # the specified external content filter. More infor- -# mation about external content filters is in the +# mation about external content filters is in the # Postfix FILTER_README file. # # Note: this action overrides the content_filter set- # ting, and affects all recipients of the message. In -# the case that multiple FILTER actions fire, only +# the case that multiple FILTER actions fire, only # the last one is executed. # # This feature is available in Postfix 2.0 and later. # # HOLD optional text... -# Arrange for the message to be placed on the hold -# queue, and inspect the next input line. The mes- -# sage remains on hold until someone either deletes -# it or releases it for delivery. Log the optional +# Arrange for the message to be placed on the hold +# queue, and inspect the next input line. The mes- +# sage remains on hold until someone either deletes +# it or releases it for delivery. Log the optional # text if specified, otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: use "postsuper -r" to release mail that was -# kept on hold for a significant fraction of $maxi- +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- # mal_queue_lifetime or $bounce_queue_lifetime, or -# longer. Use "postsuper -H" only for mail that will +# longer. Use "postsuper -H" only for mail that will # not expire within a few delivery attempts. # -# Note: this action affects all recipients of the +# Note: this action affects all recipients of the # message. # # This feature is available in Postfix 2.0 and later. @@ -202,23 +207,23 @@ # the next input line. # # PREPEND text... -# Prepend one line with the specified text, and +# Prepend one line with the specified text, and # inspect the next input line. # # Notes: # -# o The prepended text is output on a separate +# o The prepended text is output on a separate # line, immediately before the input that # triggered the PREPEND action. # # o The prepended text is not considered part of -# the input stream: it is not subject to +# the input stream: it is not subject to # header/body checks or address rewriting, and # it does not affect the way that Postfix adds # missing message headers. # # o When prepending text before a message header -# line, the prepended text must begin with a +# line, the prepended text must begin with a # valid message header label. # # o This action cannot be used to prepend multi- @@ -227,46 +232,46 @@ # This feature is available in Postfix 2.1 and later. # # REDIRECT user@domain -# Write a message redirection request to the queue -# file, and inspect the next input line. After the +# Write a message redirection request to the queue +# file, and inspect the next input line. After the # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- +# Note: this action overrides the FILTER action, and +# affects all recipients of the message. If multiple +# REDIRECT actions fire, only the last one is exe- # cuted. # # This feature is available in Postfix 2.1 and later. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Reply with optional +# Reject the entire message. Reply with optional # text... when the optional text is specified, other- # wise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -275,32 +280,32 @@ # enhanced status code of "5.7.1". # # WARN optional text... -# Log a warning with the optional text... (or log a -# generic message), and inspect the next input line. +# Log a warning with the optional text... (or log a +# generic message), and inspect the next input line. # This action is useful for debugging and for testing # a pattern before applying more drastic actions. # # BUGS -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) -# then the rules have to specified for the encoded +# o If text in the message body is encoded (RFC 2045) +# then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # @@ -308,11 +313,11 @@ # body_checks # Lookup tables with content filter rules for message # body lines. These filters see one physical line at -# a time, in chunks of at most $line_length_limit +# a time, in chunks of at most $line_length_limit # bytes. # # body_checks_size_limit -# The amount of content per message body segment +# The amount of content per message body segment # (attachment) that is subjected to $body_checks fil- # tering. # @@ -322,32 +327,32 @@ # # nested_header_checks (default: $header_checks) # Lookup tables with content filter rules for message -# header lines: respectively, these are applied to -# the initial message headers (not including MIME -# headers), to the MIME headers anywhere in the mes- -# sage, and to the initial headers of attached mes- +# header lines: respectively, these are applied to +# the initial message headers (not including MIME +# headers), to the MIME headers anywhere in the mes- +# sage, and to the initial headers of attached mes- # sages. # -# Note: these filters see one logical message header -# at a time, even when a message header spans multi- -# ple lines. Message headers that are longer than +# Note: these filters see one logical message header +# at a time, even when a message header spans multi- +# ple lines. Message headers that are longer than # $header_size_limit characters are truncated. # # disable_mime_input_processing -# While receiving mail, give no special treatment to -# MIME related message headers; all text after the +# While receiving mail, give no special treatment to +# MIME related message headers; all text after the # initial message headers is considered to be part of -# the message body. This means that header_checks is -# applied to all the initial message headers, and +# the message body. This means that header_checks is +# applied to all the initial message headers, and # that body_checks is applied to the remainder of the # message. # -# Note: when used in this manner, body_checks will -# process a multi-line message header one line at a +# Note: when used in this manner, body_checks will +# process a multi-line message header one line at a # time. # # EXAMPLES -# Header pattern to block attachments with bad file name +# Header pattern to block attachments with bad file name # extensions. # # /etc/postfix/main.cf: @@ -379,7 +384,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -387,7 +392,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/BACKSCATTER_README.html b/postfix/html/BACKSCATTER_README.html index 2c757bffc..2ef613f58 100644 --- a/postfix/html/BACKSCATTER_README.html +++ b/postfix/html/BACKSCATTER_README.html @@ -21,7 +21,10 @@ Backscatter Howto

Overview

This document describes features that require Postfix version 2.0 -or later. +or later. The examples use Perl Compatible Regular Expressions +(Postfix pcre: tables), but also provide a translation to POSIX +regular expressions (Postfix regexp: tables). PCRE is preferred +primarily because the implementation is often faster.

Topics covered in this document:

@@ -174,8 +177,8 @@ patterns like this: 

 /etc/postfix/main.cf:
-    header_checks = regexp:/etc/postfix/header_checks
-    body_checks = regexp:/etc/postfix/body_checks
+    header_checks = pcre:/etc/postfix/header_checks
+    body_checks = pcre:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
     if /^Received:/
@@ -183,7 +186,7 @@ patterns like this: 

         reject forged client name in Received: header: $1
     /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
-    /^Received:.* +by +(porcupine\.org)[[:>:]]/
+    /^Received:.* +by +(porcupine\.org)\b/
         reject forged mail server name in Received: header: $1
     endif
     /^Message-ID:.* <!&!/ DUNNO
@@ -196,7 +199,7 @@ patterns like this: 

         reject forged client name in Received: header: $1
     /^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
-    /^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/
+    /^[> ]*Received:.* +by +(porcupine\.org)\b/
         reject forged mail server name in Received: header: $1
     endif
     /^[> ]*Message-ID:.* <!&!/ DUNNO
@@ -209,6 +212,9 @@ patterns like this: 

 
 
    
 
+
  •  
     The example uses pcre: tables mainly for speed; with minor
+modifications, you can use regexp: tables as explained below. 
    
+
 
  •  
     The example is simplified for educational purposes.  In
 reality my patterns list multiple domain names, as
 "(domain|domain|...)".  
    
@@ -220,9 +226,10 @@ the "\", the "." would match any character. 
    
 and ")" literally. Without the "\", the "("
 and ")" would be grouping operators.  
    
 
-
  •  
     The "[[:>:]]" matches the end of a word. On
-some systems you should specify "\>" instead. For details
-see your system documentation. 
    
+
  •  
     The "\b" is used here to match the end of a word.
+If you use regexp: tables, specify "[[:>:]]" (on some
+systems you should specify "\>" instead; for details
+see your system documentation).
 
 
  •  
     The "if /pattern/" and "endif" eliminate unnecessary
 matching attempts. DO NOT indent lines starting with /pattern/
@@ -311,15 +318,15 @@ and is very easy to stop.
 
    
 
     /etc/postfix/main.cf:
-    header_checks = regexp:/etc/postfix/header_checks
-    body_checks = regexp:/etc/postfix/body_checks
+    header_checks = pcre:/etc/postfix/header_checks
+    body_checks = pcre:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
-    /^(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ 
+    /^(From|Return-Path):.*\b(user@domain\.tld)\b/ 
         reject forged sender address in $1: header: $2
 
 /etc/postfix/body_checks:
-    /^[> ]*(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ 
+    /^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/ 
         reject forged sender address in $1: header: $2
 
    
 
    
@@ -328,14 +335,18 @@ and is very easy to stop.
 
 
      
 
+
    •  
       The example uses pcre: tables mainly for speed; with minor
+modifications, you can use regexp: tables as explained below. 
      
+
 
    •  
       The example is simplified for educational purposes.  In
 reality, my patterns list multiple email addresses as
 "(user1@domain1\.tld|user2@domain2\.tld)".  
      
 
-
    •  
       The "[[:<:]]" and "[[:>:]]" match
-the beginning and end of a word, respectively. On some systems you
-should specify "\<" and "\>" instead. For
-details see your system documentation. 
      
+
    •  
       The two "\b" as used in "\b(user@domain\.tld)\b"
+match the beginning and end of a word, respectively.  If you use
+regexp: tables, specify "[[:<:]] and [[:>:]]"
+(on some systems you should specify "\< and \>"
+instead; for details see your system documentation).  
      
 
 
    •  
       The "\." matches "." literally. Without
 the "\", the "." would match any character. 
      
diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html
index 2c7f23538..b24fc2841 100644
--- a/postfix/html/OVERVIEW.html
+++ b/postfix/html/OVERVIEW.html
@@ -460,12 +460,13 @@ bgcolor="#f0f0ff"> 
       smtpd(8)

         <
 
 
 
-
    •  
       The bounce(8), defer(8) and trace(8) servers each maintain
-their own queue directory trees with per-message logfiles. This
-information is used to send delivery or non-delivery notifications
-to the sender. 
      
+
    •  
       The bounce(8), defer(8) and trace(8) services each maintain
+their own queue directory trees with per-message logfiles. Postfix
+uses this information when sending "failed", "delayed" or "success"
+delivery status notifications to the sender. 
      
 
-
       The trace(8) service implements support for the Postfix "sendmail
+
       The trace(8) service also implements support for the Postfix
+"sendmail
 -bv" and "sendmail -v" commands which produce reports about how
 Postfix delivers mail, and is available with Postfix version 2.1
 and later. See  DEBUG_README
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index c47f19bdc..18b17040e 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -72,70 +72,75 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        time, even when a message  header  spans  multiple  lines.
        Body lines are always examined one line at a time.
 
+COMPATIBILITY
+       With Postfix version 2.2 and earlier specify "postmap -fq"
+       to query a table that contains case sensitive patterns. By
+       default,  regexp: and pcre: patterns are case insensitive.
+
 TABLE FORMAT
-       This  document  assumes  that header and body_checks rules
-       are specified in the form of  Postfix  regular  expression
-       lookup  tables.  Usually  the best performance is obtained
+       This document assumes that header  and  body_checks  rules
+       are  specified  in  the form of Postfix regular expression
+       lookup tables. Usually the best  performance  is  obtained
        with pcre (Perl Compatible Regular Expression) tables, but
-       the  slower  regexp (POSIX regular expressions) support is
-       more widely available.  Use the command "postconf  -m"  to
-       find  out what lookup table types your Postfix system sup-
+       the slower regexp (POSIX regular expressions)  support  is
+       more  widely  available.  Use the command "postconf -m" to
+       find out what lookup table types your Postfix system  sup-
        ports.
 
        The general format of Postfix regular expression tables is
-       given  below.   For  a  discussion  of specific pattern or
-       flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
+       given below.  For a  discussion  of  specific  pattern  or
+       flags   syntax,   see  pcre_table(5)  or  regexp_table(5),
        respectively.
 
        /pattern/flags action
-              When  pattern matches the input string, execute the
-              corresponding action. See below for a list of  pos-
+              When pattern matches the input string, execute  the
+              corresponding  action. See below for a list of pos-
               sible actions.
 
        !/pattern/flags action
-              When  pattern does not match the input string, exe-
+              When pattern does not match the input string,  exe-
               cute the corresponding action.
 
        if /pattern/flags
 
        endif  Match the input string against the patterns between
-              if  and endif, if and only if the same input string
+              if and endif, if and only if the same input  string
               also matches pattern. The if..endif can nest.
 
-              Note: do not prepend whitespace to patterns  inside
+              Note:  do not prepend whitespace to patterns inside
               if..endif.
 
        if !/pattern/flags
 
        endif  Match the input string against the patterns between
-              if and endif, if and only if the same input  string
+              if  and endif, if and only if the same input string
               does not match pattern. The if..endif can nest.
 
        blank lines and comments
-              Empty  lines and whitespace-only lines are ignored,
-              as are lines whose first  non-whitespace  character
+              Empty lines and whitespace-only lines are  ignored,
+              as  are  lines whose first non-whitespace character
               is a `#'.
 
        multi-line text
-              A  pattern/action  line  starts with non-whitespace
-              text. A line that starts with whitespace  continues
+              A pattern/action line  starts  with  non-whitespace
+              text.  A line that starts with whitespace continues
               a logical line.
 
 TABLE SEARCH ORDER
-       For  each  line of message input, the patterns are applied
-       in the order as specified in the table. When a pattern  is
-       found  that  matches  the  input  line,  the corresponding
-       action is  executed  and  then  the  next  input  line  is
+       For each line of message input, the patterns  are  applied
+       in  the order as specified in the table. When a pattern is
+       found that  matches  the  input  line,  the  corresponding
+       action  is  executed  and  then  the  next  input  line is
        inspected.
 
 TEXT SUBSTITUTION
-       Substitution  of  substrings  from  the matched expression
-       into the action string is possible using the  conventional
-       Perl  syntax  ($1,  $2,  etc.).   The macros in the result
-       string may need to be written as  ${n}  or  $(n)  if  they
+       Substitution of substrings  from  the  matched  expression
+       into  the action string is possible using the conventional
+       Perl syntax ($1, $2, etc.).   The  macros  in  the  result
+       string  may  need  to  be  written as ${n} or $(n) if they
        aren't followed by whitespace.
 
-       Note:  since negated patterns (those preceded by !) return
+       Note: since negated patterns (those preceded by !)  return
        a result when the expression does not match, substitutions
        are not available for negated patterns.
 
@@ -144,12 +149,12 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        case for consistency with other Postfix documentation.
 
        DISCARD optional text...
-              Claim successful delivery and silently discard  the
-              message.   Log the optional text if specified, oth-
+              Claim  successful delivery and silently discard the
+              message.  Log the optional text if specified,  oth-
               erwise log a generic message.
 
-              Note:  this  action  disables  further  header   or
-              body_checks  inspection  of the current message and
+              Note:   this  action  disables  further  header  or
+              body_checks inspection of the current  message  and
               affects all recipients.  To discard only one recip-
               ient without discarding the entire message, use the
               transport(5) table to direct mail to the discard(8)
@@ -157,49 +162,49 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
               This feature is available in Postfix 2.0 and later.
 
-       DUNNO  Pretend that the input line did not match any  pat-
-              tern,  and inspect the next input line. This action
+       DUNNO  Pretend  that the input line did not match any pat-
+              tern, and inspect the next input line. This  action
               can be used to shorten the table search.
 
-              For backwards compatibility reasons,  Postfix  also
-              accepts  OK but it is (and always has been) treated
+              For  backwards  compatibility reasons, Postfix also
+              accepts OK but it is (and always has been)  treated
               as DUNNO.
 
               This feature is available in Postfix 2.1 and later.
 
        FILTER transport:destination
-              Write  a  content filter request to the queue file,
-              and inspect the next input line.   After  the  com-
-              plete  message  is received it will be sent through
+              Write a content filter request to the  queue  file,
+              and  inspect  the  next input line.  After the com-
+              plete message is received it will be  sent  through
               the specified external content filter.  More infor-
-              mation  about  external  content  filters is in the
+              mation about external content  filters  is  in  the
               Postfix FILTER_README file.
 
               Note: this action overrides the content_filter set-
               ting, and affects all recipients of the message. In
-              the case that multiple FILTER  actions  fire,  only
+              the  case  that  multiple FILTER actions fire, only
               the last one is executed.
 
               This feature is available in Postfix 2.0 and later.
 
        HOLD optional text...
-              Arrange for the message to be placed  on  the  hold
-              queue,  and  inspect the next input line.  The mes-
-              sage remains on hold until someone  either  deletes
-              it  or  releases it for delivery.  Log the optional
+              Arrange  for  the  message to be placed on the hold
+              queue, and inspect the next input line.   The  mes-
+              sage  remains  on hold until someone either deletes
+              it or releases it for delivery.  Log  the  optional
               text if specified, otherwise log a generic message.
 
-              Mail  that  is  placed on hold can be examined with
-              the postcat(1) command, and  can  be  destroyed  or
+              Mail that is placed on hold can  be  examined  with
+              the  postcat(1)  command,  and  can be destroyed or
               released with the postsuper(1) command.
 
-              Note:  use  "postsuper -r" to release mail that was
-              kept on hold for a significant fraction  of  $maxi-
+              Note: use "postsuper -r" to release mail  that  was
+              kept  on  hold for a significant fraction of $maxi-
               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
-              longer. Use "postsuper -H" only for mail that  will
+              longer.  Use "postsuper -H" only for mail that will
               not expire within a few delivery attempts.
 
-              Note:  this  action  affects  all recipients of the
+              Note: this action affects  all  recipients  of  the
               message.
 
               This feature is available in Postfix 2.0 and later.
@@ -208,23 +213,23 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               the next input line.
 
        PREPEND text...
-              Prepend one  line  with  the  specified  text,  and
+              Prepend  one  line  with  the  specified  text, and
               inspect the next input line.
 
               Notes:
 
-              o      The  prepended  text is output on a separate
+              o      The prepended text is output on  a  separate
                      line,  immediately  before  the  input  that
                      triggered the PREPEND action.
 
               o      The prepended text is not considered part of
-                     the input  stream:  it  is  not  subject  to
+                     the  input  stream:  it  is  not  subject to
                      header/body checks or address rewriting, and
                      it does not affect the way that Postfix adds
                      missing message headers.
 
               o      When prepending text before a message header
-                     line, the prepended text must begin  with  a
+                     line,  the  prepended text must begin with a
                      valid message header label.
 
               o      This action cannot be used to prepend multi-
@@ -233,46 +238,46 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is available in Postfix 2.1 and later.
 
        REDIRECT user@domain
-              Write  a  message  redirection request to the queue
-              file, and inspect the next input  line.  After  the
+              Write a message redirection request  to  the  queue
+              file,  and  inspect  the next input line. After the
               message is queued, it will be sent to the specified
               address instead of the intended recipient(s).
 
-              Note: this action overrides the FILTER action,  and
-              affects  all recipients of the message. If multiple
-              REDIRECT actions fire, only the last  one  is  exe-
+              Note:  this action overrides the FILTER action, and
+              affects all recipients of the message. If  multiple
+              REDIRECT  actions  fire,  only the last one is exe-
               cuted.
 
               This feature is available in Postfix 2.1 and later.
 
        REPLACE text...
-              Replace the current line with the  specified  text,
+              Replace  the  current line with the specified text,
               and inspect the next input line.
 
               This feature is available in Postfix 2.2 and later.
-              The description below applies to Postfix 2.2.2  and
+              The  description below applies to Postfix 2.2.2 and
               later.
 
               Notes:
 
-              o      When  replacing  a  message header line, the
-                     replacement text must  begin  with  a  valid
+              o      When replacing a message  header  line,  the
+                     replacement  text  must  begin  with a valid
                      header label.
 
-              o      The  replaced text remains part of the input
-                     stream. Unlike the result from  the  PREPEND
-                     action,  a  replaced  message  header may be
-                     subject to address rewriting and may  affect
-                     the  way  that  Postfix adds missing message
+              o      The replaced text remains part of the  input
+                     stream.  Unlike  the result from the PREPEND
+                     action, a replaced  message  header  may  be
+                     subject  to address rewriting and may affect
+                     the way that Postfix  adds  missing  message
                      headers.
 
        REJECT optional text...
-              Reject the  entire  message.  Reply  with  optional
+              Reject  the  entire  message.  Reply  with optional
               text... when the optional text is specified, other-
               wise reply with a generic error message.
 
-              Note:  this  action  disables  further  header   or
-              body_checks  inspection  of the current message and
+              Note:   this  action  disables  further  header  or
+              body_checks inspection of the current  message  and
               affects all recipients.
 
               Postfix version 2.3 and later support enhanced sta-
@@ -281,32 +286,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               enhanced status code of "5.7.1".
 
        WARN optional text...
-              Log  a  warning with the optional text... (or log a
-              generic message), and inspect the next input  line.
+              Log a warning with the optional text... (or  log  a
+              generic  message), and inspect the next input line.
               This action is useful for debugging and for testing
               a pattern before applying more drastic actions.
 
 BUGS
-       Many people overlook the main limitations  of  header  and
+       Many  people  overlook  the main limitations of header and
        body_checks rules.
 
-       o      These  rules  operate on one logical message header
+       o      These rules operate on one logical  message  header
               or one body line at a time. A decision made for one
               line is not carried over to the next line.
 
-       o      If  text  in the message body is encoded (RFC 2045)
-              then the rules have to specified  for  the  encoded
+       o      If text in the message body is encoded  (RFC  2045)
+              then the rules need to be specified for the encoded
               form.
 
-       o      Likewise,  when  message  headers  are encoded (RFC
-              2047) then the rules need to be specified  for  the
+       o      Likewise, when message  headers  are  encoded  (RFC
+              2047)  then  the rules need to be specified for the
               encoded form.
 
-       Message  headers added by the cleanup(8) daemon itself are
+       Message headers added by the cleanup(8) daemon itself  are
        excluded from inspection. Examples of such message headers
        are From:, To:, Message-ID:, Date:.
 
-       Message  headers  deleted by the cleanup(8) daemon will be
+       Message headers deleted by the cleanup(8) daemon  will  be
        examined before they are deleted. Examples are: Bcc:, Con-
        tent-Length:, Return-Path:.
 
@@ -314,11 +319,11 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        body_checks
               Lookup tables with content filter rules for message
               body lines.  These filters see one physical line at
-              a  time,  in  chunks  of at most $line_length_limit
+              a time, in chunks  of  at  most  $line_length_limit
               bytes.
 
        body_checks_size_limit
-              The amount of  content  per  message  body  segment
+              The  amount  of  content  per  message body segment
               (attachment) that is subjected to $body_checks fil-
               tering.
 
@@ -328,32 +333,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
        nested_header_checks (default: $header_checks)
               Lookup tables with content filter rules for message
-              header  lines:  respectively,  these are applied to
-              the initial message  headers  (not  including  MIME
-              headers),  to the MIME headers anywhere in the mes-
-              sage, and to the initial headers of  attached  mes-
+              header lines: respectively, these  are  applied  to
+              the  initial  message  headers  (not including MIME
+              headers), to the MIME headers anywhere in the  mes-
+              sage,  and  to the initial headers of attached mes-
               sages.
 
-              Note:  these filters see one logical message header
-              at a time, even when a message header spans  multi-
-              ple  lines.  Message  headers  that are longer than
+              Note: these filters see one logical message  header
+              at  a time, even when a message header spans multi-
+              ple lines. Message headers  that  are  longer  than
               $header_size_limit characters are truncated.
 
        disable_mime_input_processing
-              While receiving mail, give no special treatment  to
-              MIME  related  message  headers; all text after the
+              While  receiving mail, give no special treatment to
+              MIME related message headers; all  text  after  the
               initial message headers is considered to be part of
-              the  message body. This means that header_checks is
-              applied to all the  initial  message  headers,  and
+              the message body. This means that header_checks  is
+              applied  to  all  the  initial message headers, and
               that body_checks is applied to the remainder of the
               message.
 
-              Note: when used in this  manner,  body_checks  will
-              process  a  multi-line message header one line at a
+              Note:  when  used  in this manner, body_checks will
+              process a multi-line message header one line  at  a
               time.
 
 EXAMPLES
-       Header pattern to block attachments  with  bad  file  name
+       Header  pattern  to  block  attachments with bad file name
        extensions.
 
        /etc/postfix/main.cf:
@@ -391,7 +396,7 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        BACKSCATTER_README, blocking returned forged mail
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5
index a86de82a0..63d625376 100644
--- a/postfix/man/man5/header_checks.5
+++ b/postfix/man/man5/header_checks.5
@@ -8,17 +8,15 @@ Postfix built-in content inspection
 .SH "SYNOPSIS"
 .na
 .nf
+.nf
 \fBheader_checks = pcre:/etc/postfix/header_checks\fR
-.br
 \fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR
-.br
 \fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR
-.br
 \fBbody_checks = pcre:/etc/postfix/body_checks\fR
 .sp
 \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
-.br
 \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+.fi
 .SH DESCRIPTION
 .ad
 .fi
@@ -66,6 +64,15 @@ message headers is treated as body content.
 Note: message headers are examined one logical header at a time,
 even when a message header spans multiple lines. Body lines are
 always examined one line at a time.
+.SH "COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+With Postfix version 2.2 and earlier specify "\fBpostmap
+-fq\fR" to query a table that contains case sensitive
+patterns. By default, regexp: and pcre: patterns are case
+insensitive.
 .SH "TABLE FORMAT"
 .na
 .nf
@@ -273,7 +280,7 @@ line at a time. A decision made for one line is not carried over
 to the next line.
 .IP \(bu
 If text in the message body is encoded
-(RFC 2045) then the rules have to specified for the encoded
+(RFC 2045) then the rules need to be specified for the encoded
 form.
 .IP \(bu
 Likewise, when message headers are encoded (RFC
diff --git a/postfix/proto/BACKSCATTER_README.html b/postfix/proto/BACKSCATTER_README.html
index c93add454..376d896cf 100644
--- a/postfix/proto/BACKSCATTER_README.html
+++ b/postfix/proto/BACKSCATTER_README.html
@@ -21,7 +21,10 @@ Backscatter Howto
 
      Overview 
      
 
 This document describes features that require Postfix version 2.0
-or later.
+or later.  The examples use Perl Compatible Regular Expressions
+(Postfix pcre: tables), but also provide a translation to POSIX
+regular expressions (Postfix regexp: tables). PCRE is preferred
+primarily because the implementation is often faster.
      
 
 
       Topics covered in this document: 
      
 
@@ -174,8 +177,8 @@ patterns like this: 
      
 
      
 
       /etc/postfix/main.cf:
-    header_checks = regexp:/etc/postfix/header_checks
-    body_checks = regexp:/etc/postfix/body_checks
+    header_checks = pcre:/etc/postfix/header_checks
+    body_checks = pcre:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
     if /^Received:/
@@ -183,7 +186,7 @@ patterns like this: 
      
         reject forged client name in Received: header: $1
     /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
-    /^Received:.* +by +(porcupine\.org)[[:>:]]/
+    /^Received:.* +by +(porcupine\.org)\b/
         reject forged mail server name in Received: header: $1
     endif
     /^Message-ID:.* <!&!/ DUNNO
@@ -196,7 +199,7 @@ patterns like this: 
      
         reject forged client name in Received: header: $1
     /^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
-    /^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/
+    /^[> ]*Received:.* +by +(porcupine\.org)\b/
         reject forged mail server name in Received: header: $1
     endif
     /^[> ]*Message-ID:.* <!&!/ DUNNO
@@ -209,6 +212,9 @@ patterns like this: