diff --git a/postfix/HISTORY b/postfix/HISTORY
index 836bc1e80..a2fec501e 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -8419,6 +8419,12 @@ Apologies for any names omitted.
 	and dict_mysql modules. These maps must be opened in
 	read-only mode.
 
+20030804
+
+	Bugfix: the 20030712 safety against invalid DNS results
+	was broken. Reported by Ralf Hildebrandt. File:
+	dns/dns_lookup.c.
+
 Open problems:
 
 	Low: smtp-source may block when sending large test messages.
diff --git a/postfix/conf/access b/postfix/conf/access
index e69de29bb..aa6e33db8 100644
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -0,0 +1,267 @@
+# ACCESS(5)                                               ACCESS(5)
+# 
+# NAME
+#        access - format of Postfix access table
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/access
+# 
+#        postmap -q "string" /etc/postfix/access
+# 
+#        postmap -q - /etc/postfix/access <inputfile
+# 
+# DESCRIPTION
+#        The  optional access table directs the Postfix SMTP server
+#        to selectively  reject  or  accept  mail.  Access  can  be
+#        allowed  or  denied for specific host names, domain names,
+#        networks, host network addresses or mail addresses.
+# 
+#        Normally, the access table is specified  as  a  text  file
+#        that  serves  as  input  to  the  postmap(1) command.  The
+#        result, an indexed file in dbm or db format, is  used  for
+#        fast  searching  by  the  mail system. Execute the command
+#        postmap  /etc/postfix/access  in  order  to  rebuild   the
+#        indexed file after changing the access table.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be provided as a regular-
+#        expression map where patterns are given as regular expres-
+#        sions,  or lookups can be directed to TCP-based server. In
+#        that case, the lookups are done in  a  slightly  different
+#        way  as  described below under "REGULAR EXPRESSION TABLES"
+#        and "TCP-BASED TABLES".
+# 
+# TABLE FORMAT
+#        The format of the access table is as follows:
+# 
+#        pattern action
+#               When pattern matches a mail address, domain or host
+#               address, perform the corresponding action.
+# 
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+# 
+#        multi-line text
+#               A  logical  line starts with non-whitespace text. A
+#               line that starts with whitespace continues a  logi-
+#               cal line.
+# 
+# EMAIL ADDRESS PATTERNS
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked tables such as NIS, LDAP or SQL,  the  following
+#        lookup patterns are examined in the order as listed:
+# 
+#        user@domain
+#               Matches the specified mail address.
+# 
+#        domain.tld
+#               Matches  domain.tld  as the domain part of an email
+#               address.
+# 
+#               The pattern domain.tld also matches subdomains, but
+#               only when the string smtpd_access_maps is listed in
+#               the Postfix  parent_domain_matches_subdomains  con-
+#               figuration setting.  Otherwise, specify .domain.tld
+#               (note the initial dot) in  order  to  match  subdo-
+#               mains.
+# 
+#        user@  Matches  all mail addresses with the specified user
+#               part.
+# 
+#        Note: lookup of the null sender address  is  not  possible
+#        with  some types of lookup table. By default, Postfix uses
+#        <> as the lookup key for  such  addresses.  The  value  is
+#        specified  with the smtpd_null_access_lookup_key parameter
+#        in the Postfix main.cf file.
+# 
+# EMAIL ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient  delimiter  (e.g., user+foo@domain), the lookup order
+#        becomes: user+foo@domain, user@domain, domain,  user+foo@,
+#        and user@.
+# 
+# HOST NAME/ADDRESS PATTERNS
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked tables such as NIS, LDAP or SQL,  the  following
+#        lookup patterns are examined in the order as listed:
+# 
+#        domain.tld
+#               Matches domain.tld.
+# 
+#               The pattern domain.tld also matches subdomains, but
+#               only when the string smtpd_access_maps is listed in
+#               the  Postfix  parent_domain_matches_subdomains con-
+#               figuration setting.  Otherwise, specify .domain.tld
+#               (note  the  initial  dot)  in order to match subdo-
+#               mains.
+# 
+#        net.work.addr.ess
+# 
+#        net.work.addr
+# 
+#        net.work
+# 
+#        net    Matches any host address in the specified  network.
+#               A  network  address  is  a  sequence of one or more
+#               octets separated by ".".
+# 
+#               NOTE: use the cidr lookup  table  type  to  specify
+#               network/netmask  patterns.  See  cidr_table(5)  for
+#               details.
+# 
+# ACTIONS
+#        [45]NN text
+#               Reject the address etc. that matches  the  pattern,
+#               and respond with the numerical code and text.
+# 
+#        REJECT
+# 
+#        REJECT optional text...
+#               Reject  the  address etc. that matches the pattern.
+#               Reply with $reject_code optional text...  when  the
+#               optional  text is specified, otherwise reply with a
+#               generic error response message.
+# 
+#        DEFER_IF_REJECT
+# 
+#        DEFER_IF_REJECT optional text...
+#               Defer the request if some later  restriction  would
+#               result in a REJECT action. Reply with "450 optional
+#               text... when the optional text is specified, other-
+#               wise reply with a generic error response message.
+# 
+#        DEFER_IF_PERMIT
+# 
+#        DEFER_IF_PERMIT optional text...
+#               Defer  the  request if some later restriction would
+#               result in a PERMIT action (there is an implied PER-
+#               MIT  at  the  end  of each restriction list). Reply
+#               with "450 optional text... when the  optional  text
+#               is  specified, otherwise reply with a generic error
+#               response message.
+# 
+#        OK     Accept the address etc. that matches the pattern.
+# 
+#        all-numerical
+#               An all-numerical result is treated as OK. This for-
+#               mat  is generated by address-based relay authoriza-
+#               tion schemes.
+# 
+#        DUNNO  Pretend that the lookup key was not found  in  this
+#               table. This prevents Postfix from trying substrings
+#               of the lookup key (such as a subdomain name,  or  a
+#               network address subnetwork).
+# 
+#        HOLD
+# 
+#        HOLD optional text...
+#               Place  the message on the hold queue, where it will
+#               sit until someone either deletes it or releases  it
+#               for  delivery.  Log the optional text if specified,
+#               otherwise log a generic message.
+# 
+#               Mail that is placed on hold can  be  examined  with
+#               the  postcat(1)  command,  and  can be destroyed or
+#               released with the postsuper(1) command.
+# 
+#               Note: this action currently affects all  recipients
+#               of the message.
+# 
+#        DISCARD
+# 
+#        DISCARD optional text...
+#               Claim  successful delivery and silently discard the
+#               message.  Log the optional text if specified,  oth-
+#               erwise log a generic message.
+# 
+#               Note:  this action currently affects all recipients
+#               of the message.
+# 
+#        FILTER transport:destination
+#               After the message is queued, send the  entire  mes-
+#               sage  through  a  content filter.  More information
+#               about  content  filters  is  in  the  Postfix  FIL-
+#               TER_README file.
+# 
+#               Note:   this  action  overrides  the  main.cf  con-
+#               tent_filter  setting,  and  currently  affects  all
+#               recipients of the message.
+# 
+#        REDIRECT user@domain
+#               After  the  message  is queued, send the message to
+#               the  specified  address  instead  of  the  intended
+#               recipient(s).
+# 
+#               Note:  this action overrides the FILTER action, and
+#               currently affects all recipients of the message.
+# 
+#        restriction...
+#               Apply the named UCE restriction(s) (permit, reject,
+#               reject_unauth_destination, and so on).
+# 
+# REGULAR EXPRESSION TABLES
+#        This  section  describes how the table lookups change when
+#        the table is given in the form of regular expressions. For
+#        a  description  of regular expression lookup table syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each pattern is a regular expression that  is  applied  to
+#        the entire string being looked up. Depending on the appli-
+#        cation, that string  is  an  entire  client  hostname,  an
+#        entire client IP address, or an entire mail address. Thus,
+#        no  parent  domain  or  parent  network  search  is  done,
+#        user@domain  mail  addresses  are not broken up into their
+#        user@ and domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Patterns  are  applied  in  the  order as specified in the
+#        table, until a pattern is found that  matches  the  search
+#        string.
+# 
+#        Actions  are  the  same as with indexed file lookups, with
+#        the additional feature that parenthesized substrings  from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This  section  describes how the table lookups change when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion   of  the  TCP  client/server  lookup  protocol,  see
+#        tcp_table(5).
+# 
+#        Each lookup operation uses the entire query  string  once.
+#        Depending  on  the  application,  that string is an entire
+#        client hostname, an entire client IP address, or an entire
+#        mail  address.   Thus,  no parent domain or parent network
+#        search is done, user@domain mail addresses are not  broken
+#        up  into  their user@ and domain constituent parts, nor is
+#        user+foo broken up into user and foo.
+# 
+#        Actions are the same as with indexed file lookups.
+# 
+# BUGS
+#        The table format does not understand quoting  conventions.
+# 
+# SEE ALSO
+#        postmap(1) create lookup table
+#        smtpd(8) smtp server
+#        cidr_table(5) format of CIDR tables
+#        pcre_table(5) format of PCRE tables
+#        regexp_table(5) format of POSIX regular expression tables
+#        tcp_table(5) TCP client/server table lookup protocol
+# 
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#                                                         ACCESS(5)
diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c
index 5281296d9..c35338159 100644
--- a/postfix/src/dns/dns_lookup.c
+++ b/postfix/src/dns/dns_lookup.c
@@ -547,10 +547,6 @@ int     dns_lookup(const char *name, unsigned type, unsigned flags,
 				"Malformed name server reply",
 				name, dns_strtype(type));
 	case DNS_OK:
-	    /* Don't return DNS_OK when all results are censored away. */
-	    if (rrlist && *rrlist == 0)
-		msg_panic("dns_lookup: name=%s type=%s: success but no data",
-			  name, dns_strtype(type));
 	case DNS_NOTFOUND:
 	    return (status);
 	case DNS_RECURSE:
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f72a39535..6256a10c4 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only, unless they include the same bugfix as a patch release.
   */
-#define MAIL_RELEASE_DATE	"20030728"
+#define MAIL_RELEASE_DATE	"200307804"
 
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	"2.0.14-" MAIL_RELEASE_DATE