postfix-3.3-20170729

2025-08-29 13:18:12 +00:00 · 2017-07-29 00:00:00 -05:00 · 2017-07-29 00:00:00 -05:00 · 852cf62baf
commit 852cf62baf
parent 5204816be8
22 changed files with 177 additions and 83 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -23087,11 +23087,26 @@ Apologies for any names omitted.
 20170728

 	Documentation: added warnings that "enable_original_recipient
-	= no" prevents Postfix from saving the address verification
-	result under the original probe destination address, if it
-	is changed by aliasing or canonical mapping.  Files:
-	proto/ADDRESS_VERIFICATION_README.html, proto/postconf.proto.
+	= no" prevents Postfix <= 3.2 from saving the address
+	verification result under the original probe destination
+	address, if it is changed by aliasing or canonical mapping.
+	Files: proto/ADDRESS_VERIFICATION_README.html,
+	proto/postconf.proto.

 	Cleanup: don't store an empty address in the verify cache
 	(this could happen with "enable_original_recipient = no").
 	File: global/verify.c.
+
+20170729
+
+	Cleanup: the setting "enable_original_recipient = no" no
+	longer breaks address verification for aliased addresses.
+	This does not change the behavior of the X-Original-To
+	header and of recipient deduplication. The fix is to always
+	store the original recipient in queue files. Some other
+	changes were needed to move ownership of the var_enable_orcpt
+	parameter from the cleanup daemon to the global library.
+	Files: cleanup/cleanup_init.c, cleanup/cleanup_milter.c,
+	cleanup_out_recipient.c, global/mail_params.c, global/mail_copy.c,
+	proto/postconf.proto proto/ADDRESS_VERIFICATION_README.html,
+	local/local.c, virtual/virtual.c, pipe/pipe.c.
--- a/postfix/README_FILES/ADDRESS_VERIFICATION_README
+++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README
@ -164,6 +164,7 @@ same address repeatedly.
        # Postfix 2.6 and later privacy feature.
        # unverified_recipient_reject_reason = Address lookup failed

+        # Postfix 3.2 and earlier workaround.
        # Do not set enable_original_recipient=no. This prevents Postfix
        # from saving the recipient address verification result under
        # the original address, when the address verification probe
@ -209,6 +210,7 @@ verification for specific domains that often appear in forged email.
        # Note 2: Avoid hash files here. Use btree or lmdb instead.
        address_verify_map = btree:/var/lib/postfix/verify

+        # Postfix 3.2 and earlier workaround.
        # Do not set enable_original_recipient=no. This prevents Postfix
        # from saving the sender address verification result under the
        # original address, when the address verification probe message
--- a/postfix/html/ADDRESS_VERIFICATION_README.html
+++ b/postfix/html/ADDRESS_VERIFICATION_README.html
@ -299,6 +299,7 @@ the same address repeatedly.  </p>
    # Postfix 2.6 and later privacy feature.
    # <a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Address lookup failed

+    # Postfix 3.2 and earlier workaround.
    # Do not set <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>=no. This prevents Postfix
    # from saving the recipient address verification result under
    # the original address, when the address verification probe
@ -354,6 +355,7 @@ in forged email.  </p>
    # Note 2: Avoid hash files here. Use btree or lmdb instead.
    <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/verify

+    # Postfix 3.2 and earlier workaround.
    # Do not set <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>=no. This prevents Postfix
    # from saving the sender address verification result under the
    # original address, when the address verification probe message
--- a/postfix/html/local.8.html
+++ b/postfix/html/local.8.html
@ -564,6 +564,13 @@ LOCAL(8)                                                              LOCAL(8)
              A  prefix  that  is  prepended  to  the  process  name in syslog
              records, so that, for example, "smtpd" becomes "prefix/smtpd".

+       Available in Postfix version 3.3 and later:
+
+       <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+              Enable support for  the  original  recipient  address  after  an
+              address  is  rewritten  to a different address (for example with
+              aliasing or with canonical mapping).
+
 <b>FILES</b>
       The following are examples; details differ between systems.
       $HOME/.forward, per-user aliasing
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@ -461,6 +461,13 @@ PIPE(8)                                                                PIPE(8)
              delivery status code or explanatory text of successful or unsuc-
              cessful deliveries.

+       Available in Postfix version 3.3 and later:
+
+       <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+              Enable support for  the  original  recipient  address  after  an
+              address  is  rewritten  to a different address (for example with
+              aliasing or with canonical mapping).
+
 <b>SEE ALSO</b>
       <a href="qmgr.8.html">qmgr(8)</a>, queue manager
       <a href="bounce.8.html">bounce(8)</a>, delivery status reports
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -3203,32 +3203,34 @@ name changes. </p>
 <DT><b><a name="enable_original_recipient">enable_original_recipient</a>
 (default: yes)</b></DT><DD>

-<p> Enable support to save the original address if a recipient address
-is rewritten to a different address (for example with an alias or with
-canonical mapping). </p>
+<p> Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping). </p>

 <p> The original recipient address is used as follows: </p>

 <dl>

-<dt> X-Original-To message header </dt> <dd> When this parameter
-is set to <b>yes</b>, the original recipient address is stored in
-the X-Original-To message header. This header is needed to distinguish
-between different recipients that share the same mailbox. </dd>
+<dt> Final delivery </dt> <dd> With "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> =
+yes", the original recipient address is stored in the <b>X-Original-To</b>
+message header. This header may be used to distinguish between
+different recipients that share the same mailbox.  </dd>

-<dt> Recipient deduplication </dt> <dd> When this parameter is set
-to <b>yes</b>, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate elimination
-on distinct pairs of (original recipient, rewritten recipient), and
-generates non-empty original recipient queue file records. When
-this parameter is set to <b>no</b>, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs
-duplicate elimination on the rewritten recipient address only, and
-generates empty original recipient queue file records. </dd>
+<dt> Recipient deduplication </dt> <dd> With "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
+= yes", the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate recipient elimination
+based on the content of (original recipient, maybe-rewritten
+recipient) pairs.  Otherwise, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate
+recipient elimination based only on the maybe-rewritten recipient
+address.  </dd>

-<dt>Address verification </dt> <dd> When this parameter is set to
-<b>yes</b>, an addres verification result is stored under both the
-original and the final recipient address. When this parameter is
-set to <b>no</b>, an address verification result is stored only
-under the final recipient address. </dd>
+</dl>
+
+<p> Note: with Postfix &le; 3.2 the "setting <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
+= <b>no</b>" breaks address verification for addresses that are
+aliased or otherwise rewritten (Postfix is unable to store the
+addres verification result under the original probe destination
+address; instead, it can store the result only under the rewritten
+address).  </p>

 </ul>

@ -15276,8 +15278,8 @@ temporary problem (default: 450). <br> The
 <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action
 after address probe failure due to a temporary problem (default:
 <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature breaks for aliased addresses
-when <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> is set to "no". <br> This feature
-is available in Postfix 2.1 and later.  </dd>
+with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix &le; 3.2). <br>
+This feature is available in Postfix 2.1 and later. </dd>

 </dl>

@ -16021,8 +16023,9 @@ code when an address probe failed due to a temporary problem
 (default: 450).  <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter
 specifies the action after address probe failure due to a temporary
 problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>).  <br> This feature breaks for
-aliased addresses when <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> is set to "no".
-<br> This feature is avaiable in Postfix 2.1 and later.  </dd>
+aliased addresses with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix
+&le; 3.2).  <br> This feature is avaiable in Postfix 2.1 and later.
+</dd>

 </dl>

--- a/postfix/html/virtual.8.html
+++ b/postfix/html/virtual.8.html
@ -269,6 +269,13 @@ VIRTUAL(8)                                                          VIRTUAL(8)
              delivery status code or explanatory text of successful or unsuc-
              cessful deliveries.

+       Available in Postfix version 3.3 and later:
+
+       <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+              Enable  support  for  the  original  recipient  address after an
+              address is rewritten to a different address  (for  example  with
+              aliasing or with canonical mapping).
+
 <b>SEE ALSO</b>
       <a href="qmgr.8.html">qmgr(8)</a>, queue manager
       <a href="bounce.8.html">bounce(8)</a>, delivery status reports
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -2007,33 +2007,33 @@ name changes.
 .PP
 This feature is available in Postfix 2.9 and later.
 .SH enable_original_recipient (default: yes)
-Enable support to save the original address if a recipient address
-is rewritten to a different address (for example with an alias or with
-canonical mapping).
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
 .PP
 The original recipient address is used as follows:
-.IP "X\-Original\-To message header"
-When this parameter
-is set to \fByes\fR, the original recipient address is stored in
-the X\-Original\-To message header. This header is needed to distinguish
-between different recipients that share the same mailbox.
+.IP "Final delivery"
+With "enable_original_recipient =
+yes", the original recipient address is stored in the \fBX\-Original\-To\fR
+message header. This header may be used to distinguish between
+different recipients that share the same mailbox.
 .br
 .IP "Recipient deduplication"
-When this parameter is set
-to \fByes\fR, the \fBcleanup\fR(8) daemon performs duplicate elimination
-on distinct pairs of (original recipient, rewritten recipient), and
-generates non\-empty original recipient queue file records. When
-this parameter is set to \fBno\fR, the \fBcleanup\fR(8) daemon performs
-duplicate elimination on the rewritten recipient address only, and
-generates empty original recipient queue file records.
+With "enable_original_recipient
+= yes", the \fBcleanup\fR(8) daemon performs duplicate recipient elimination
+based on the content of (original recipient, maybe\-rewritten
+recipient) pairs.  Otherwise, the \fBcleanup\fR(8) daemon performs duplicate
+recipient elimination based only on the maybe\-rewritten recipient
+address.
 .br
-.IP "Address verification"
-When this parameter is set to
-\fByes\fR, an addres verification result is stored under both the
-original and the final recipient address. When this parameter is
-set to \fBno\fR, an address verification result is stored only
-under the final recipient address.
 .br
+.PP
+Note: with Postfix <= 3.2 the "setting enable_original_recipient
+= \fBno\fR" breaks address verification for addresses that are
+aliased or otherwise rewritten (Postfix is unable to store the
+addres verification result under the original probe destination
+address; instead, it can store the result only under the rewritten
+address).
 .br
 .PP
 This feature is available in Postfix 2.1 and later. Postfix
@ -10272,10 +10272,9 @@ after address probe failure due to a temporary problem (default:
 defer_if_permit).
 .br
 This feature breaks for aliased addresses
-when enable_original_recipient is set to "no".
+with "enable_original_recipient = no" (Postfix <= 3.2).
 .br
-This feature
-is available in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and later.
 .br
 .br
 .PP
@ -10855,7 +10854,8 @@ specifies the action after address probe failure due to a temporary
 problem (default: defer_if_permit).
 .br
 This feature breaks for
-aliased addresses when enable_original_recipient is set to "no".
+aliased addresses with "enable_original_recipient = no" (Postfix
+<= 3.2).
 .br
 This feature is avaiable in Postfix 2.1 and later.
 .br
--- a/postfix/man/man8/local.8
+++ b/postfix/man/man8/local.8
@ -594,6 +594,12 @@ The syslog facility of Postfix logging.
 .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
 A prefix that is prepended to the process name in syslog
 records, so that, for example, "smtpd" becomes "prefix/smtpd".
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
 .SH "FILES"
 .na
 .nf
--- a/postfix/man/man8/pipe.8
+++ b/postfix/man/man8/pipe.8
@ -440,6 +440,12 @@ Available in Postfix version 3.0 and later:
 Optional filter for the \fBpipe\fR(8) delivery agent to change the
 delivery status code or explanatory text of successful or unsuccessful
 deliveries.
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
 .SH "SEE ALSO"
 .na
 .nf
--- a/postfix/man/man8/virtual.8
+++ b/postfix/man/man8/virtual.8
@ -289,6 +289,12 @@ Available in Postfix version 3.0 and later:
 Optional filter for the \fBvirtual\fR(8) delivery agent to change the
 delivery status code or explanatory text of successful or unsuccessful
 deliveries.
+.PP
+Available in Postfix version 3.3 and later:
+.IP "\fBenable_original_recipient (yes)\fR"
+Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping).
 .SH "SEE ALSO"
 .na
 .nf
--- a/postfix/proto/ADDRESS_VERIFICATION_README.html
+++ b/postfix/proto/ADDRESS_VERIFICATION_README.html
@ -299,6 +299,7 @@ the same address repeatedly.  </p>
    # Postfix 2.6 and later privacy feature.
    # unverified_recipient_reject_reason = Address lookup failed

+    # Postfix 3.2 and earlier workaround.
    # Do not set enable_original_recipient=no. This prevents Postfix
    # from saving the recipient address verification result under
    # the original address, when the address verification probe
@ -354,6 +355,7 @@ in forged email.  </p>
    # Note 2: Avoid hash files here. Use btree or lmdb instead.
    address_verify_map = btree:/var/lib/postfix/verify

+    # Postfix 3.2 and earlier workaround.
    # Do not set enable_original_recipient=no. This prevents Postfix
    # from saving the sender address verification result under the
    # original address, when the address verification probe message
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -1402,32 +1402,34 @@ for showq(8) queue displays.  </p>

 %PARAM enable_original_recipient yes

-<p> Enable support to save the original address if a recipient address
-is rewritten to a different address (for example with an alias or with
-canonical mapping). </p>
+<p> Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping). </p>

 <p> The original recipient address is used as follows: </p>

 <dl>

-<dt> X-Original-To message header </dt> <dd> When this parameter
-is set to <b>yes</b>, the original recipient address is stored in
-the X-Original-To message header. This header is needed to distinguish
-between different recipients that share the same mailbox. </dd>
+<dt> Final delivery </dt> <dd> With "enable_original_recipient =
+yes", the original recipient address is stored in the <b>X-Original-To</b>
+message header. This header may be used to distinguish between
+different recipients that share the same mailbox.  </dd>

-<dt> Recipient deduplication </dt> <dd> When this parameter is set
-to <b>yes</b>, the cleanup(8) daemon performs duplicate elimination
-on distinct pairs of (original recipient, rewritten recipient), and
-generates non-empty original recipient queue file records. When
-this parameter is set to <b>no</b>, the cleanup(8) daemon performs
-duplicate elimination on the rewritten recipient address only, and
-generates empty original recipient queue file records. </dd>
+<dt> Recipient deduplication </dt> <dd> With "enable_original_recipient
+= yes", the cleanup(8) daemon performs duplicate recipient elimination
+based on the content of (original recipient, maybe-rewritten
+recipient) pairs.  Otherwise, the cleanup(8) daemon performs duplicate
+recipient elimination based only on the maybe-rewritten recipient
+address.  </dd>

-<dt>Address verification </dt> <dd> When this parameter is set to
-<b>yes</b>, an addres verification result is stored under both the
-original and the final recipient address. When this parameter is
-set to <b>no</b>, an address verification result is stored only
-under the final recipient address. </dd>
+</dl>
+
+<p> Note: with Postfix &le; 3.2 the "setting enable_original_recipient
+= <b>no</b>" breaks address verification for addresses that are
+aliased or otherwise rewritten (Postfix is unable to store the
+addres verification result under the original probe destination
+address; instead, it can store the result only under the rewritten
+address).  </p>

 </ul>

@ -6139,8 +6141,8 @@ temporary problem (default: 450). <br> The
 unverified_recipient_tempfail_action parameter specifies the action
 after address probe failure due to a temporary problem (default:
 defer_if_permit). <br> This feature breaks for aliased addresses
-when enable_original_recipient is set to "no". <br> This feature
-is available in Postfix 2.1 and later.  </dd>
+with "enable_original_recipient = no" (Postfix &le; 3.2). <br>
+This feature is available in Postfix 2.1 and later. </dd>

 </dl>

@ -6609,8 +6611,9 @@ code when an address probe failed due to a temporary problem
 (default: 450).  <br> The unverified_sender_tempfail_action parameter
 specifies the action after address probe failure due to a temporary
 problem (default: defer_if_permit).  <br> This feature breaks for
-aliased addresses when enable_original_recipient is set to "no".
-<br> This feature is avaiable in Postfix 2.1 and later.  </dd>
+aliased addresses with "enable_original_recipient = no" (Postfix
+&le; 3.2).  <br> This feature is avaiable in Postfix 2.1 and later.
+</dd>

 </dl>

--- a/postfix/src/cleanup/cleanup_init.c
+++ b/postfix/src/cleanup/cleanup_init.c
@ -133,7 +133,6 @@ char   *var_mimehdr_checks;		/* mime header checks */
 char   *var_nesthdr_checks;		/* nested header checks */
 char   *var_body_checks;		/* any body checks */
 int     var_dup_filter_limit;		/* recipient dup filter */
-bool    var_enable_orcpt;		/* Include orcpt in dup filter? */
 char   *var_empty_addr;			/* destination of bounced bounces */
 int     var_delay_warn_time;		/* delay that triggers warning */
 char   *var_prop_extension;		/* propagate unmatched extension */
@ -184,7 +183,6 @@ const CONFIG_INT_TABLE cleanup_int_table[] = {
 };

 const CONFIG_BOOL_TABLE cleanup_bool_table[] = {
-    VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
    VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
    VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
    VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
--- a/postfix/src/cleanup/cleanup_milter.c
+++ b/postfix/src/cleanup/cleanup_milter.c
@ -2244,7 +2244,6 @@ int     cleanup_send_canon_flags;
 MAPS   *cleanup_send_canon_maps;
 int     var_dup_filter_limit = DEF_DUP_FILTER_LIMIT;
 char   *var_empty_addr = DEF_EMPTY_ADDR;
-int     var_enable_orcpt = DEF_ENABLE_ORCPT;
 MAPS   *cleanup_virt_alias_maps;
 char   *var_milt_daemon_name = "host.example.com";
 char   *var_milt_v = DEF_MILT_V;
@ -2439,6 +2438,7 @@ int     main(int unused_argc, char **argv)
    msg_vstream_init(argv[0], VSTREAM_ERR);
    var_line_limit = DEF_LINE_LIMIT;
    var_header_limit = DEF_HEADER_LIMIT;
+    var_enable_orcpt = DEF_ENABLE_ORCPT;

    for (;;) {
 	ARGV   *argv;
--- a/postfix/src/cleanup/cleanup_out_recipient.c
+++ b/postfix/src/cleanup/cleanup_out_recipient.c
@ -53,6 +53,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/

 /* System library. */
@ -133,8 +138,6 @@ void    cleanup_out_recipient(CLEANUP_STATE *state,
    /*
     * XXX Not elegant, but eliminates complexity in the record reading loop.
     */
-    if (!var_enable_orcpt)
-	orcpt = "";
    if (dsn_orcpt == 0)
 	dsn_orcpt = "";

--- a/postfix/src/global/mail_copy.c
+++ b/postfix/src/global/mail_copy.c
@ -52,7 +52,8 @@
 /*	The address is quoted according to RFC822 rules.
 /* .IP MAIL_COPY_ORIG_RCPT
 /*	Prepend an X-Original-To: header with the original
-/*	envelope recipient address.
+/*	envelope recipient address. This is a NOOP with
+/*	var_enable_orcpt === 0.
 /* .IP MAIL_COPY_RETURN_PATH
 /*	Prepend a Return-Path: header with the value of the
 /*	\fIsender\fR attribute.
@ -87,6 +88,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/

 /* System library. */
@ -197,7 +203,7 @@ int     mail_copy(const char *sender,
 	 * An empty original recipient record almost certainly means that
 	 * original recipient processing was disabled.
 	 */
-	if (*orig_rcpt) {
+	if (var_enable_orcpt && *orig_rcpt) {
 	    quote_822_local(buf, orig_rcpt);
 	    vstream_fprintf(dst, "X-Original-To: %s%s", vstring_str(buf), eol);
 	}
--- a/postfix/src/global/mail_params.c
+++ b/postfix/src/global/mail_params.c
@ -130,6 +130,7 @@
 /*	int     var_idna2003_compat;
 /*	int     var_compat_level;
 /*	char	*var_drop_hdrs;
+/*	bool	var_enable_orcpt;
 /*
 /*	void	mail_params_init()
 /*
@ -342,6 +343,7 @@ char   *var_smtputf8_autoclass;
 int     var_idna2003_compat;
 int     var_compat_level;
 char   *var_drop_hdrs;
+bool    var_enable_orcpt;

 const char null_format_string[1] = "";

@ -783,6 +785,7 @@ void    mail_params_init()
 	VAR_MULTI_ENABLE, DEF_MULTI_ENABLE, &var_multi_enable,
 	VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
 	VAR_STRICT_SMTPUTF8, DEF_STRICT_SMTPUTF8, &var_strict_smtputf8,
+	VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
 	0,
    };
    const char *cp;
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20170728"
+#define MAIL_RELEASE_DATE	"20170729"
 #define MAIL_VERSION_NUMBER	"3.3"

 #ifdef SNAPSHOT
--- a/postfix/src/local/local.c
+++ b/postfix/src/local/local.c
@ -550,6 +550,12 @@
 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
 /*	A prefix that is prepended to the process name in syslog
 /*	records, so that, for example, "smtpd" becomes "prefix/smtpd".
+/* .PP
+/*	Available in Postfix version 3.3 and later:
+/* .IP "\fBenable_original_recipient (yes)\fR"
+/*	Enable support for the original recipient address after an
+/*	address is rewritten to a different address (for example with
+/*	aliasing or with canonical mapping).
 /* FILES
 /*	The following are examples; details differ between systems.
 /*	$HOME/.forward, per-user aliasing
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@ -418,6 +418,12 @@
 /*	Optional filter for the \fBpipe\fR(8) delivery agent to change the
 /*	delivery status code or explanatory text of successful or unsuccessful
 /*	deliveries.
+/* .PP
+/*	Available in Postfix version 3.3 and later:
+/* .IP "\fBenable_original_recipient (yes)\fR"
+/*	Enable support for the original recipient address after an
+/*	address is rewritten to a different address (for example with
+/*	aliasing or with canonical mapping).
 /* SEE ALSO
 /*	qmgr(8), queue manager
 /*	bounce(8), delivery status reports
--- a/postfix/src/virtual/virtual.c
+++ b/postfix/src/virtual/virtual.c
@ -253,6 +253,12 @@
 /*	Optional filter for the \fBvirtual\fR(8) delivery agent to change the
 /*	delivery status code or explanatory text of successful or unsuccessful
 /*	deliveries.
+/* .PP
+/*	Available in Postfix version 3.3 and later:
+/* .IP "\fBenable_original_recipient (yes)\fR"
+/*	Enable support for the original recipient address after an
+/*	address is rewritten to a different address (for example with
+/*	aliasing or with canonical mapping).
 /* SEE ALSO
 /*	qmgr(8), queue manager
 /*	bounce(8), delivery status reports