diff --git a/postfix/HISTORY b/postfix/HISTORY
index 4540a81da..52751c546 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -24162,3 +24162,13 @@ Apologies for any names omitted.
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
+
+20190226
+
+ Documentation: postconf(1) and DATABASE_README were out of
+ sync. Added a note that this should be deduplicated. File:
+ proto/DATABASE_README.html.
+
+20190227
+
+ Documentation: strict_smtputf8 in SMTPUTF8_README.
diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README
index 97287f32a..99e10a755 100644
--- a/postfix/README_FILES/DATABASE_README
+++ b/postfix/README_FILES/DATABASE_README
@@ -269,7 +269,8 @@ To find out what database types your Postfix system supports, use the "p�po�os�s
{result1. ..., resultn}". Each table query returns a random choice from
the specified results. The first and last characters of the "randmap:
" table name must be "{" and "}". Within these, individual maps are
- separated with comma or whitespace.
+ separated with comma or whitespace. To give a specific result more
+ weight, specify it multiple times.
r�re�eg�ge�ex�xp�p (read-only)
A lookup table based on regular expressions. The file format is
described in regexp_table(5). The lookup table name as used in "regexp:
diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README
index cf1bf1398..0d3fb12c7 100644
--- a/postfix/README_FILES/FORWARD_SECRECY_README
+++ b/postfix/README_FILES/FORWARD_SECRECY_README
@@ -219,8 +219,8 @@ E�EE�EC�CD�DH�H C�Cl�li�ie�en�nt�t s�su�up�pp�po�or�rt�t (�(P�Po�os�st�tf�fi�ix�
This works "out of the box" with no need for additional configuration.
-Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The
-list of candidate curves can be changed via the "tls_eecdh_auto_curves"
+Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
+of candidate curves can be changed via the "tls_eecdh_auto_curves"
configuration parameter, which can be used to select a prioritized list of
supported curves (most preferred first) on both the Postfix SMTP server and
SMTP client. The default list is suitable for most users.
@@ -426,7 +426,7 @@ multiple lines for readability):
In the above connections, the "key-exchange" value records the "Diffie-Hellman"
algorithm used for key agreement. The "server-signature" value records the
-public key algoritm used by the server to sign the key exchange. The "server-
+public key algorithm used by the server to sign the key exchange. The "server-
digest" value records any hash algorithm used to prepare the data for signing.
With "ED25519" and "ED448", no separate hash algorithm is used.
diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README
index c2aa7ca36..5496a3b0d 100644
--- a/postfix/README_FILES/SMTPUTF8_README
+++ b/postfix/README_FILES/SMTPUTF8_README
@@ -253,12 +253,21 @@ localparts (and in headers) as before. The vast majority of email software is
perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not
support such practice.
-However, when you specify "smtputf8_enable = yes", Postfix requires that non-
-ASCII address information is encoded in UTF-8 and will reject other encodings
-such as ISO-8859. It is not practical for Postfix to support multiple encodings
-at the same time. There is no problem with RFC 2047 encodings such as "=?ISO-
-8859-1?Q?text?=", because those use only characters from the ASCII
-characterset.
+R�Re�ej�je�ec�ct�ti�in�ng�g n�no�on�n-�-U�UT�TF�F8�8 a�ad�dd�dr�re�es�ss�se�es�s
+
+With "smtputf8_enable = yes", Postfix requires that non-ASCII address
+information is encoded in UTF-8 and will reject other encodings such as ISO-
+8859. It is not practical for Postfix to support multiple encodings at the same
+time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-
+1?Q?text?=", because those use only characters from the ASCII characterset.
+
+R�Re�ej�je�ec�ct�ti�in�ng�g n�no�on�n-�-A�AS�SC�CI�II�I a�ad�dd�dr�re�es�ss�se�es�s i�in�n n�no�on�n-�-S�SM�MT�TP�PU�UT�TF�F8�8 t�tr�ra�an�ns�sa�ac�ct�ti�io�on�ns�s
+
+Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable = yes" will
+enable stricter enforcement of the SMTPUTF8 protocol. Specifically, the Postfix
+SMTP server will not only reject non-UTF8 sender or recipient addresses, it
+will in addition accept UTF-8 sender or recipient addresses only when the
+client requests an SMTPUTF8 mail transaction.
C�Co�om�mp�pa�at�ti�ib�bi�il�li�it�ty�y w�wi�it�th�h I�ID�DN�NA�A2�20�00�03�3
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 23f7e4e0f..35ab5c714 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -7,6 +7,10 @@ Wish list:
Disable -DSNAPSHOT and -DNONPROD in makedefs.
+ Move map descriptions from postconf(1) to DATABASE_README
+ and point there. The text in DATABASE_README is less complete
+ than that in postconf(1).
+
make tls_pre_jail_init() safe by design for use in programs
that implement both clients and servers.
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html
index dc10dd50e..fedb86230 100644
--- a/postfix/html/DATABASE_README.html
+++ b/postfix/html/DATABASE_README.html
@@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy:
Each table query returns a random choice from the specified results.
The first and last characters of the "randmap:" table name must be
"{" and "}". Within these, individual maps are separated with comma
-or whitespace.
+or whitespace. To give a specific result more weight, specify it
+multiple times.
regexp (read-only)
diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html
index fe619c8a4..3bdb047f3 100644
--- a/postfix/html/FORWARD_SECRECY_README.html
+++ b/postfix/html/FORWARD_SECRECY_README.html
@@ -298,7 +298,7 @@ table.
This works "out of the box" with no need for additional
configuration.
- Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL
+
Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL
≥ 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
@@ -549,7 +549,7 @@ postfix/smtp[process-id]:
In the above connections, the "key-exchange" value records the
"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
-records the public key algoritm used by the server to sign the key exchange.
+records the public key algorithm used by the server to sign the key exchange.
The "server-digest" value records any hash algorithm used to prepare the data
for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html
index 3a90f31cb..1a3c8d5f1 100644
--- a/postfix/html/SMTPUTF8_README.html
+++ b/postfix/html/SMTPUTF8_README.html
@@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority
of email software is perfectly capable of handling such email, even
if pre-SMTPUTF8 standards do not support such practice.
- However, when you specify "smtputf8_enable = yes", Postfix
+
Rejecting non-UTF8 addresses
+
+ With "smtputf8_enable = yes", Postfix
requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There
is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=",
-because those use only characters from the ASCII characterset.
+because those use only characters from the ASCII characterset.
+
+ Rejecting non-ASCII addresses in non-SMTPUTF8 transactions
+
+ Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable
+= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
+Specifically, the Postfix SMTP server will not only reject non-UTF8
+sender or recipient addresses, it will in addition accept UTF-8
+sender or recipient addresses only when the client requests an
+SMTPUTF8 mail transaction.
@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the
Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility
= yes" to get the historical behavior.
-This affects the conversion of domain names that contain for example
-the German sz (ß) and the Greek zeta (ς). See
+ This affects the conversion of domain names that contain for
+example the German sz (ß) and the Greek zeta (ς). See
http://unicode.org/cldr/utility/idna.jsp for more examples.
diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html
index 828772e78..19bb9ae32 100644
--- a/postfix/proto/DATABASE_README.html
+++ b/postfix/proto/DATABASE_README.html
@@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy:type:table".
Each table query returns a random choice from the specified results.
The first and last characters of the "randmap:" table name must be
"{" and "}". Within these, individual maps are separated with comma
-or whitespace.
+or whitespace. To give a specific result more weight, specify it
+multiple times.
regexp (read-only)
diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html
index 30fb5329d..eee8b0961 100644
--- a/postfix/proto/FORWARD_SECRECY_README.html
+++ b/postfix/proto/FORWARD_SECRECY_README.html
@@ -298,7 +298,7 @@ table.
This works "out of the box" with no need for additional
configuration.
- Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL
+
Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL
≥ 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
@@ -549,7 +549,7 @@ postfix/smtp[process-id]:
In the above connections, the "key-exchange" value records the
"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
-records the public key algoritm used by the server to sign the key exchange.
+records the public key algorithm used by the server to sign the key exchange.
The "server-digest" value records any hash algorithm used to prepare the data
for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html
index 381b3e074..9389297ad 100644
--- a/postfix/proto/SMTPUTF8_README.html
+++ b/postfix/proto/SMTPUTF8_README.html
@@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority
of email software is perfectly capable of handling such email, even
if pre-SMTPUTF8 standards do not support such practice.
- However, when you specify "smtputf8_enable = yes", Postfix
+
Rejecting non-UTF8 addresses
+
+ With "smtputf8_enable = yes", Postfix
requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There
is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=",
-because those use only characters from the ASCII characterset.
+because those use only characters from the ASCII characterset.
+
+ Rejecting non-ASCII addresses in non-SMTPUTF8 transactions
+
+ Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable
+= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
+Specifically, the Postfix SMTP server will not only reject non-UTF8
+sender or recipient addresses, it will in addition accept UTF-8
+sender or recipient addresses only when the client requests an
+SMTPUTF8 mail transaction.
@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the
Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility
= yes" to get the historical behavior.
-This affects the conversion of domain names that contain for example
-the German sz (ß) and the Greek zeta (ς). See
+ This affects the conversion of domain names that contain for
+example the German sz (ß) and the Greek zeta (ς). See
http://unicode.org/cldr/utility/idna.jsp for more examples.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 654ea75f8..aa04858af 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190221"
+#define MAIL_RELEASE_DATE "20190301"
#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT