diff --git a/postfix/HISTORY b/postfix/HISTORY
index 0540862c2..edb53b26b 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -9092,6 +9092,31 @@ Apologies for any names omitted.
 
 	Misc. documentation fixes by Victor Duchovni.
 
+20040126
+
+	Safety: handle the case that main.cf is updated while it
+	is being read. File: util/dict.c.
+
+20040127
+
+	Bugfix: missing flush_init() call. Introduced 20040105.
+	File: postqueue/postqueue.c.
+
+20040202
+
+	Bugfix: changed mis-leading warning about text>4096 characters
+	into "unexpected end-of-input". File: util/attr_scan0.c.
+
+20040204
+
+	Bugfix: don't panic on a corrupt queue file.  File:
+	*qmgr/qmgr_message.c.
+
+20040205
+
+	Cleanup: sample-filter.cf is gone. Better documentation is
+	available with "man header_checks".
+
 Open problems:
 
 	Low: log xdelay (esp. for SMTP and delivery to command).
diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks
index 6b46495a9..df3313eb2 100644
--- a/postfix/conf/header_checks
+++ b/postfix/conf/header_checks
@@ -57,8 +57,10 @@
 #        find  out what lookup table types your Postfix system sup-
 #        ports.
 # 
-#        The general format of a Postfix regular  expression  table
-#        is:
+#        The general format of Postfix regular expression tables is
+#        given  below.   For  a  discussion  of specific pattern or
+#        flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
+#        respectively.
 # 
 #        /pattern/flags action
 #               When  pattern matches the input string, execute the
@@ -94,10 +96,6 @@
 #               text. A line that starts with whitespace  continues
 #               a logical line.
 # 
-#        For  a  discussion  of  specific  pattern  or flags syntax
-#        details, see  pcre_table(5)  or  regexp_table(5),  respec-
-#        tively.
-# 
 # TABLE SEARCH ORDER
 #        For  each  line of message input, the patterns are applied
 #        in the order as specified in the table. When a pattern  is
@@ -138,12 +136,12 @@
 #               as DUNNO.
 # 
 #        FILTER transport:destination
-#               Write a content filter request record to the  queue
-#               file  and  inspect  the next input line.  After the
-#               complete  message  is  received  it  will  be  sent
-#               through  the  specified  external  content  filter.
-#               More information about external content filters  is
-#               in the Postfix FILTER_README file.
+#               Write a content filter request to  the  queue  file
+#               and  inspect  the  next input line.  After the com-
+#               plete message is received it will be  sent  through
+#               the specified external content filter.  More infor-
+#               mation about external content  filters  is  in  the
+#               Postfix FILTER_README file.
 # 
 #               Note:   this  action  overrides  the  main.cf  con-
 #               tent_filter setting, and affects all recipients  of
@@ -167,6 +165,15 @@
 #        IGNORE Delete the current line from the input and  inspect
 #               the next input line.
 # 
+#        PREPEND text...
+#               Prepend  one  line  with  the  specified  text  and
+#               inspect the next input line. The prepended line  of
+#               text is output before the input line that triggered
+#               the PREPEND pattern.
+# 
+#               Note: this action cannot be used to prepend  multi-
+#               line text.
+# 
 #        REDIRECT user@domain
 #               Write  a  message  redirection request to the queue
 #               file and inspect the next  input  line.  After  the
@@ -245,6 +252,19 @@
 #               process  a  multi-line message header one line at a
 #               time.
 # 
+# EXAMPLES
+#        Header pattern to block attachments  with  bad  file  name
+#        extensions.
+# 
+#        /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
+#            REJECT Bad attachment file name extension: $1
+# 
+#        Body pattern to stop a specific HTML browser vulnerability
+#        exploit.
+# 
+#        /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+#            REJECT IFRAME vulnerability exploit
+# 
 # SEE ALSO
 #        cleanup(8) canonicalize and enqueue Postfix message
 #        pcre_table(5) format of PCRE tables
diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index c72bf165c..b86950d6c 100644
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -516,7 +516,7 @@ unknown_local_recipient_reject_code = 450
 # headers of attached messages. With older Postfix versions, MIME and
 # attached message headers were treated as body text.
 #
-# For details, see the sample-filter.cf file.
+# For details, see "man header_checks".
 #
 #header_checks = regexp:/etc/postfix/header_checks
 
diff --git a/postfix/conf/postfix-files b/postfix/conf/postfix-files
index 30410ec39..392f8c10c 100644
--- a/postfix/conf/postfix-files
+++ b/postfix/conf/postfix-files
@@ -172,7 +172,7 @@ $sample_directory/sample-auth.cf:f:root:-:644
 $sample_directory/sample-canonical.cf:f:root:-:644:o
 $sample_directory/sample-compatibility.cf:f:root:-:644
 $sample_directory/sample-debug.cf:f:root:-:644
-$sample_directory/sample-filter.cf:f:root:-:644
+$sample_directory/sample-filter.cf:f:root:-:644:o
 $sample_directory/sample-flush.cf:f:root:-:644
 $sample_directory/sample-ldap.cf:f:root:-:644
 $sample_directory/sample-lmtp.cf:f:root:-:644
diff --git a/postfix/conf/sample-filter.cf b/postfix/conf/sample-filter.cf
deleted file mode 100644
index 962a8809c..000000000
--- a/postfix/conf/sample-filter.cf
+++ /dev/null
@@ -1,137 +0,0 @@
-# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF
-# HERE JUST SERVES AS AN EXAMPLE.
-#
-# This file contains example settings for miscellaneous Postfix
-# content filtering parameters.
-
-# The header_checks parameter specifies an optional table with patterns
-# that each logical message header is matched against, including
-# headers that span multiple physical lines.  Patterns are matched
-# in the specified order, and the search stops upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-header.cf and
-# sample-pcre-header.cf files.
-#
-# When a pattern matches, what happens next depends on the associated
-# action that is specified in the right-hand side of the table:
-#
-# REJECT [optional text...]
-#	Reject the entire message. The optional text is sent to the
-#	originator and is logged to the maillog file.
-# DUNNO [optional text...]
-#	Skip all further header patterns for this header line.
-# IGNORE [optional text...]
-#	Silently discard the header line.
-# WARN [optional text...]
-#	Log the message header and the optional text. This is useful
-#	for testing. When the pattern is good, change the WARN into a
-#	REJECT or into a DISCARD.
-# HOLD [optional text...]
-#	Place the message on the hold queue. Mail on hold can be
-#	inspected with the postcat command, and can be destroyed or
-#	taken off hold (i.e. delivered) with the postsuper command.
-#	The matched header is logged with the optional text.
-# DISCARD [optional text...]
-#	Claim successful delivery and silently discard the message.
-#	The matched header is logged with the optional text.
-# FILTER transport:nexthop
-#	After the message is queued, send the message through
-#	a content filter. This requires different cleanup servers
-#	before and after the filter, with header/body checks turned
-#	off in the second cleanup server. More info about content
-#	filtering is in the Postfix FILTER_README file. This feature
-#	overrides the main.cf content_filter setting.
-# REDIRECT user@domain
-#	Send the message to the specified address instead of the
-#	intended recipient(s). This feature overrides the FILTER action.
-#
-# By default, these patterns apply the primary message headers, to
-# MIME headers, and to the headers of attached messages. With older
-# Postfix versions, MIME and attached message headers were treated
-# as body text.
-#
-header_checks = regexp:/etc/postfix/header_checks
-
-# The mime_header_checks specifies an optional table with patterns
-# that each MIME header is matched against. This applies to MIME
-# related headers in message headers, and to the headers that follow
-# multipart boundary strings. Headers may span multiple physical lines.
-# Patterns are matched in the specified order, and the search stops
-# upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-header.cf and
-# sample-pcre-header files.
-#
-# Actions on the table right-hand side are the same as with header_checks.
-#
-mime_header_checks = $header_checks
-
-# The nested_header_checks specifies an optional table with patterns
-# that each attached message header is matched against (except for
-# MIME related headers). Headers may span multiple physical lines.
-# Patterns are matched in the specified order, and the search stops
-# upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-header.cf and
-# sample-pcre-header.cf files.
-#
-# When a pattern matches, what happens next depends on the associated
-# action that is specified in the right-hand side of the table:
-#
-# Actions on the table right-hand side are the same as with header_checks.
-#
-# By default, the same patterns are applied as for header_checks.
-#
-nested_header_checks = $header_checks
-
-# The body_checks parameter specifies an optional table with patterns
-# that each physical line in the message body is matched against
-# (including MIME headers inside the message body - Postfix does not
-# recognize multi-line MIME headers in the message body).
-# Lines are matched one at a time.  Long lines are matched in chunks
-# of at most $line_length_limit characters. Patterns are matched in
-# the specified order, and the search stops upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-body.cf and
-# sample-pcre-body.cf files.
-#
-# Actions on the table right-hand side are the same as with header_checks.
-#
-body_checks = regexp:/etc/postfix/body_checks
-
-# The body_checks_size_limit parameter controls how much text in a
-# message body segment (or attachment, if you prefer to use that
-# term) is subjected to body_checks inspection.
-# 
-# By default, only the first 50 kbytes of a message body segment are
-# inspected with body_checks patterns.
-#
-body_checks_size_limit = 51200
-
-# The receive_override_options parameter controls what input processing
-# happens before or after an external content filter.
-# 
-# Specify zero or more of the following options.  The options override
-# main.cf settings and are either implemented by the SMTP server, by
-# the QMQP server, or by the pickup server, or they are passed on to
-# the cleanup server.
-#
-# When the receive_override_options setting BEFORE the content filter 
-# is specified in the main.cf file, specify the "AFTER content filter"
-# receive_override_options setting in master.cf (or vice versa).
-# 
-# - no_unknown_recipient_checks: Do not try to reject unknown
-#   recipients (SMTP server only).  This is typically specified AFTER
-#   an external content filter.
-# 
-# - no_address_mappings: Disable canonical address mapping, virtual
-#   alias map expansion, address masquerading, and automatic BCC
-#   recipients. This is typically specified BEFORE an external content
-#   filter.
-# 
-# - no_header_body_checks: Disable header/body_checks. This is
-#   typically specified AFTER an external content filter.
-#
-# receive_override_options = no_unknown_recipient_checks, no_header_body_checks
-# receive_override_options = no_address_mappings
-receive_override_options =
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index 5cb3ca370..2739dcba3 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -58,8 +58,10 @@ HEADER_CHECKS(5)                                 HEADER_CHECKS(5)
        find  out what lookup table types your Postfix system sup-
        ports.
 
-       The general format of a Postfix regular  expression  table
-       is:
+       The general format of Postfix regular expression tables is
+       given  below.   For  a  discussion  of specific pattern or
+       flags  syntax,  see  <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>   or   <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
+       respectively.
 
        <b>/</b><i>pattern</i><b>/</b><i>flags action</i>
               When  <i>pattern</i> matches the input string, execute the
@@ -95,10 +97,6 @@ HEADER_CHECKS(5)                                 HEADER_CHECKS(5)
               text. A line that starts with whitespace  continues
               a logical line.
 
-       For  a  discussion  of  specific  pattern  or flags syntax
-       details, see  <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>  or  <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,  respec-
-       tively.
-
 <b>TABLE SEARCH ORDER</b>
        For  each  line of message input, the patterns are applied
        in the order as specified in the table. When a pattern  is
@@ -139,12 +137,12 @@ HEADER_CHECKS(5)                                 HEADER_CHECKS(5)
               as <b>DUNNO</b>.
 
        <b>FILTER</b> <i>transport:destination</i>
-              Write a content filter request record to the  queue
-              file  and  inspect  the next input line.  After the
-              complete  message  is  received  it  will  be  sent
-              through  the  specified  external  content  filter.
-              More information about external content filters  is
-              in the Postfix FILTER_README file.
+              Write a content filter request to  the  queue  file
+              and  inspect  the  next input line.  After the com-
+              plete message is received it will be  sent  through
+              the specified external content filter.  More infor-
+              mation about external content  filters  is  in  the
+              Postfix FILTER_README file.
 
               Note:   this  action  overrides  the  <b>main.cf  con-</b>
               <b>tent_filter</b> setting, and affects all recipients  of
@@ -168,6 +166,15 @@ HEADER_CHECKS(5)                                 HEADER_CHECKS(5)
        <b>IGNORE</b> Delete the current line from the input and  inspect
               the next input line.
 
+       <b>PREPEND</b> <i>text...</i>
+              Prepend  one  line  with  the  specified  text  and
+              inspect the next input line. The prepended line  of
+              text is output before the input line that triggered
+              the <b>PREPEND</b> pattern.
+
+              Note: this action cannot be used to prepend  multi-
+              line text.
+
        <b>REDIRECT</b> <i>user@domain</i>
               Write  a  message  redirection request to the queue
               file and inspect the next  input  line.  After  the
@@ -246,6 +253,19 @@ HEADER_CHECKS(5)                                 HEADER_CHECKS(5)
               process  a  multi-line message header one line at a
               time.
 
+<b>EXAMPLES</b>
+       Header pattern to block attachments  with  bad  file  name
+       extensions.
+
+       /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
+           REJECT Bad attachment file name extension: $1
+
+       Body pattern to stop a specific HTML browser vulnerability
+       exploit.
+
+       /^&lt;iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0&gt;$/
+           REJECT IFRAME vulnerability exploit
+
 <b>SEE ALSO</b>
        <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue Postfix message
        <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html
index bbe42bd9e..3d431596a 100644
--- a/postfix/html/postqueue.1.html
+++ b/postfix/html/postqueue.1.html
@@ -1,13 +1,13 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 POSTQUEUE(1)                                         POSTQUEUE(1)
 
 <b>NAME</b>
        postqueue - Postfix queue control
 
 <b>SYNOPSIS</b>
-       <b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-f</b>
-       <b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-p</b>
-       <b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-s</b> <i>site</i>
+       <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-f</b>
+       <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-p</b>
+       <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-s</b> <i>site</i>
 
 <b>DESCRIPTION</b>
        The  <b>postqueue</b>  program implements the Postfix user inter-
@@ -19,7 +19,7 @@ POSTQUEUE(1)                                         POSTQUEUE(1)
 
        The following options are recognized:
 
-       <b>-c</b> <i>config_dir</i>
+       <b>-c</b> <i>config</i><b>_</b><i>dir</i>
               The <b>main.cf</b> configuration  file  is  in  the  named
               directory  instead  of  the  default  configuration
               directory. See  also  the  MAIL_CONFIG  environment
@@ -28,7 +28,7 @@ POSTQUEUE(1)                                         POSTQUEUE(1)
        <b>-f</b>     Flush  the  queue:  attempt  to  deliver all queued
               mail.
 
-              This option implements the traditional <b>sendmail</b>  <b>-q</b>
+              This option implements the traditional <b>sendmail  -q</b>
               command,  by contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
 
        <b>-p</b>     Produce a traditional sendmail-style queue listing.
@@ -83,7 +83,7 @@ POSTQUEUE(1)                                         POSTQUEUE(1)
 
               A non-standard directory is  allowed  only  if  the
               name is listed in the standard <b>main.cf</b> file, in the
-              <b>alternate</b><i>_</i><b>config</b><i>_</i><b>directories</b> configuration  parame-
+              <b>alternate_config_directories</b> configuration  parame-
               ter value.
 
               Only  the superuser is allowed to specify arbitrary
@@ -93,24 +93,24 @@ POSTQUEUE(1)                                         POSTQUEUE(1)
        /var/spool/postfix, mail queue
        /etc/postfix, configuration files
 
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
-       <b>import</b><i>_</i><b>environment</b>
+<b>CONFIGURATION PARAMETERS</b>
+       <b>import_environment</b>
               List of names of environment parameters that can be
               imported from non-Postfix processes.
 
-       <b>queue</b><i>_</i><b>directory</b>
+       <b>queue_directory</b>
               Top-level  directory  of the Postfix queue. This is
               also the root directory of Postfix daemons that run
               chrooted.
 
-       <b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
+       <b>fast_flush_domains</b>
               List of domains that will receive "fast flush" ser-
               vice (default: all  domains  that  this  system  is
               willing  to relay mail to). This list specifies the
               domains that  Postfix  accepts  in  the  SMTP  <b>ETRN</b>
-              request and in the <b>sendmail</b> <b>-qR</b> command.
+              request and in the <b>sendmail -qR</b> command.
 
-<b>SEE</b> <b>ALSO</b>
+<b>SEE ALSO</b>
        <a href="sendmail.1.html">sendmail(1)</a> sendmail-compatible user interface
        <a href="postsuper.1.html">postsuper(1)</a> privileged queue operations
        <a href="qmgr.8.html">qmgr(8)</a> queue manager
diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5
index a2ec8840a..f6c4f4213 100644
--- a/postfix/man/man5/header_checks.5
+++ b/postfix/man/man5/header_checks.5
@@ -61,7 +61,10 @@ expressions) support is more widely available.
 Use the command \fBpostconf -m\fR to find out what lookup table
 types your Postfix system supports.
 
-The general format of a Postfix regular expression table is:
+The general format of Postfix regular expression tables is
+given below.
+For a discussion of specific pattern or flags syntax,
+see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
 .IP "\fB/\fIpattern\fB/\fIflags action\fR"
 When \fIpattern\fR matches the input string, execute
 the corresponding \fIaction\fR. See below for a list
@@ -88,9 +91,6 @@ are lines whose first non-whitespace character is a `#'.
 .IP "multi-line text"
 A pattern/action line starts with non-whitespace text. A line that
 starts with whitespace continues a logical line.
-.PP
-For a discussion of specific pattern or flags syntax details,
-see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
 .SH TABLE SEARCH ORDER
 .na
 .nf
@@ -135,7 +135,7 @@ next input line. This action can be used to shorten the table search.
 For backwards compatibility reasons, Postfix also accepts
 \fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
 .IP "\fBFILTER \fItransport:destination\fR"
-Write a content filter request record to the queue file and
+Write a content filter request to the queue file and
 inspect the next input line.
 After the complete message is received it will be sent through
 the specified external content filter.  More information about
@@ -159,6 +159,12 @@ Note: this action affects all recipients of the message.
 .IP \fBIGNORE\fR
 Delete the current line from the input and inspect
 the next input line.
+.IP "\fBPREPEND \fItext...\fR"
+Prepend one line with the specified text and inspect the next
+input line. The prepended line of text is output before the
+input line that triggered the \fBPREPEND\fR pattern.
+.sp
+Note: this action cannot be used to prepend multi-line text.
 .IP "\fBREDIRECT \fIuser@domain\fR"
 Write a message redirection request to the queue file and
 inspect the next input line. After the message is queued,
@@ -224,6 +230,28 @@ message.
 .sp
 Note: when used in this manner, \fBbody_checks\fR will process
 a multi-line message header one line at a time.
+.SH EXAMPLES
+.na
+.nf
+.ad
+.fi
+Header pattern to block attachments with bad file name extensions.
+
+.na
+.nf
+/^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
+.ti +4
+REJECT Bad attachment file name extension: $1
+
+.ad
+.fi
+Body pattern to stop a specific HTML browser vulnerability exploit.
+
+.na
+.nf
+/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+.ti +4
+REJECT IFRAME vulnerability exploit
 .SH SEE ALSO
 .na
 .nf
diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks
index 8cb3b4c86..efc3eed68 100644
--- a/postfix/proto/header_checks
+++ b/postfix/proto/header_checks
@@ -53,7 +53,10 @@
 #	Use the command \fBpostconf -m\fR to find out what lookup table
 #	types your Postfix system supports.
 #
-#	The general format of a Postfix regular expression table is:
+#	The general format of Postfix regular expression tables is
+#	given below.
+#	For a discussion of specific pattern or flags syntax,
+#	see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
 # .IP "\fB/\fIpattern\fB/\fIflags action\fR"
 #	When \fIpattern\fR matches the input string, execute
 #	the corresponding \fIaction\fR. See below for a list
@@ -80,9 +83,6 @@
 # .IP "multi-line text"
 #	A pattern/action line starts with non-whitespace text. A line that
 #	starts with whitespace continues a logical line.
-# .PP
-#	For a discussion of specific pattern or flags syntax details,
-#	see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
 # TABLE SEARCH ORDER
 # .ad
 # .fi
@@ -121,7 +121,7 @@
 #	For backwards compatibility reasons, Postfix also accepts
 #	\fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
 # .IP "\fBFILTER \fItransport:destination\fR"
-#	Write a content filter request record to the queue file and
+#	Write a content filter request to the queue file and
 #	inspect the next input line.
 #	After the complete message is received it will be sent through
 #	the specified external content filter.  More information about
@@ -145,6 +145,12 @@
 # .IP \fBIGNORE\fR
 #	Delete the current line from the input and inspect
 #	the next input line.
+# .IP "\fBPREPEND \fItext...\fR"
+#	Prepend one line with the specified text and inspect the next
+#	input line. The prepended line of text is output before the
+#	input line that triggered the \fBPREPEND\fR pattern.
+# .sp
+#	Note: this action cannot be used to prepend multi-line text.
 # .IP "\fBREDIRECT \fIuser@domain\fR"
 #	Write a message redirection request to the queue file and
 #	inspect the next input line. After the message is queued,
@@ -206,6 +212,26 @@
 # .sp
 #	Note: when used in this manner, \fBbody_checks\fR will process
 #	a multi-line message header one line at a time.
+# EXAMPLES
+# .ad
+# .fi
+#	Header pattern to block attachments with bad file name extensions.
+#
+# .na
+# .nf
+#	/^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
+# .ti +4
+#	REJECT Bad attachment file name extension: $1
+#
+# .ad
+# .fi
+#	Body pattern to stop a specific HTML browser vulnerability exploit.
+#
+# .na
+# .nf
+#	/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+# .ti +4
+#	REJECT IFRAME vulnerability exploit
 # SEE ALSO
 #	cleanup(8) canonicalize and enqueue Postfix message
 #	pcre_table(5) format of PCRE tables
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 11c705be3..eb411ce02 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only, unless they include the same bugfix as a patch release.
   */
-#define MAIL_RELEASE_DATE	"20040122"
+#define MAIL_RELEASE_DATE	"20040205"
 #define MAIL_VERSION_NUMBER	"2.0.18"
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c
index 87c824f06..a722d0908 100644
--- a/postfix/src/oqmgr/qmgr_message.c
+++ b/postfix/src/oqmgr/qmgr_message.c
@@ -584,7 +584,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
      * IPC channel, sending an empty string is more convenient than sending a
      * null pointer.
      */
-    if (message->errors_to == 0)
+    if (message->errors_to == 0 && message->sender)
 	message->errors_to = mystrdup(message->sender);
     if (message->return_receipt == 0)
 	message->return_receipt = mystrdup("");
diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c
index 5189518b4..5594320d8 100644
--- a/postfix/src/postqueue/postqueue.c
+++ b/postfix/src/postqueue/postqueue.c
@@ -264,6 +264,8 @@ static void flush_site(const char *site)
 {
     int     status;
 
+    flush_init();
+
     switch (status = flush_send(site)) {
     case FLUSH_STAT_OK:
 	exit(0);
diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c
index 2357eaa41..708f48923 100644
--- a/postfix/src/qmgr/qmgr_message.c
+++ b/postfix/src/qmgr/qmgr_message.c
@@ -619,7 +619,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
      * IPC channel, sending an empty string is more convenient than sending a
      * null pointer.
      */
-    if (message->errors_to == 0)
+    if (message->errors_to == 0 && message->sender)
 	message->errors_to = mystrdup(message->sender);
     if (message->return_receipt == 0)
 	message->return_receipt = mystrdup("");
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index d88e59bb9..422390ca3 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -589,6 +589,7 @@ dict.o: vstring.h
 dict.o: readlline.h
 dict.o: mac_parse.h
 dict.o: stringops.h
+dict.o: iostuff.h
 dict.o: dict.h
 dict.o: argv.h
 dict.o: dict_ht.h
diff --git a/postfix/src/util/attr_scan0.c b/postfix/src/util/attr_scan0.c
index a73b4eee9..11454ce1f 100644
--- a/postfix/src/util/attr_scan0.c
+++ b/postfix/src/util/attr_scan0.c
@@ -160,8 +160,6 @@
 
 static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *context)
 {
-    extern int var_line_limit;		/* XXX */
-    int     limit = var_line_limit * 4;
     int     ch;
 
     if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) {
@@ -171,8 +169,8 @@ static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *contex
 	return (-1);
     }
     if (ch != 0) {
-	msg_warn("string length > %d characters from %s while reading %s",
-		 limit, VSTREAM_PATH(fp), context);
+	msg_warn("unexpected end-of-input from %s while reading %s",
+		 VSTREAM_PATH(fp), context);
 	return (-1);
     }
     if (msg_verbose)
diff --git a/postfix/src/util/dict.c b/postfix/src/util/dict.c
index 538dbc95b..51c63cde6 100644
--- a/postfix/src/util/dict.c
+++ b/postfix/src/util/dict.c
@@ -173,6 +173,7 @@
 #include <fcntl.h>
 #include <ctype.h>
 #include <string.h>
+#include <time.h>
 
 /* Utility library. */
 
@@ -184,6 +185,7 @@
 #include "readlline.h"
 #include "mac_parse.h"
 #include "stringops.h"
+#include "iostuff.h"
 #include "dict.h"
 #include "dict_ht.h"
 
@@ -361,12 +363,29 @@ int     dict_sequence(const char *dict_name, const int func,
 void    dict_load_file(const char *dict_name, const char *path)
 {
     VSTREAM *fp;
+    struct stat st;
+    time_t  before;
+    time_t  after;
 
-    if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
-	msg_fatal("open %s: %m", path);
-    dict_load_fp(dict_name, fp);
-    if (vstream_ferror(fp) || vstream_fclose(fp))
-	msg_fatal("read %s: %m", path);
+    /*
+     * Read the file again if it is hot. This may result in reading a partial
+     * parameter name when a file changes in the middle of a read.
+     */
+    for (before = time((time_t *) 0); /* see below */ ; before = after) {
+	if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
+	    msg_fatal("open %s: %m", path);
+	dict_load_fp(dict_name, fp);
+	if (fstat(vstream_fileno(fp), &st) < 0)
+	    msg_fatal("fstat %s: %m", path);
+	if (vstream_ferror(fp) || vstream_fclose(fp))
+	    msg_fatal("read %s: %m", path);
+	after = time((time_t *) 0);
+	if (st.st_mtime < before - 1 || st.st_mtime > after)
+	    break;
+	if (msg_verbose)
+	    msg_info("pausing to let %s cool down", path);
+	doze(300000);
+    }
 }
 
 /* dict_load_fp - read entries from open stream */