postfix-beta-19990122-pl01

2025-08-29 13:18:12 +00:00 · 1999-02-01 00:00:00 -05:00 · 1999-02-01 00:00:00 -05:00 · 85a3f810e5
commit 85a3f810e5
parent 01563531ac
41 changed files with 837 additions and 206 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -1999,3 +1999,67 @@ Apologies for any names omitted.
 	Bugfix: in Received: headers, the "for <recipient>"
 	information was in the wrong place. Pointed out by Jon
 	Ribbens, Oaktree Internet Solutions Ltd.
 19990124
 	Portability: more workarounds for GNU getopt() by Liviu
 	Daia, Institute of Mathematics, Romanian Academy. File:
 	sendmail/sendmail.c.
 19990125
 	Bugfix: Postfix should not masquerade recipient addresses
 	extracted from message headers. Problem reported by David
 	Blacka, Network Solutions. File: cleanup/cleanup_message.c.
 19990126
 	Feature: smtpd_etrn_restrictions parameter to restrict who
 	may use ETRN and what domains may be specified.  Example:
 	"smtpd_etrn_restrictions = permit_mynetworks, reject".
 	Requested by Jon Ribbens, Oaktree Internet Solutions Ltd.
 	File: smtpd/smtpd_check.c.
 19990127
 	Bugfix: in an attempt to shave some cycles, the anti junk
 	mail routines would use the wrong resolved address. This
 	"optimization" is now turned off. Problem reported by Sam
 	Eaton, Pavilion Internet Plc. File: smtpd/smtpd_check.c.
 	Feature: BIFF notifications.  For compatibility reasons
 	this feature is on by default.  This "protocol" can be a
 	real performance pig.  Specify "biff = no" in main.cf if
 	your machine has lots of shell users. Feature requested by
 	Dan Farmer - it's one of the things one does for friends.
 	Files:  local/mailbox.c, local/biff_notify.c.
 	Bugfix: another case sensitivity problem, this time with
 	virtual lookups to recognize unknown@virtual.domain.
 	Problem reported by Bo Kleve, Linkoping University. File:
 	qmgr/qmgr_message.c.
 19990128
 	Feature: with "soft_bounce = yes", defer delivery instead
 	of bouncing mail. This is a safety net for configuration
 	errors with delivery agents. It has no effect on errors in
 	virtual maps, canonical maps, or in junk mail restrictions.
 	Feature requested by Bennett Todd. File: global/bounce.c.
 19990129
 	Compatibility: the qmail maildir.5 documentation prescribes
 	maildir file names of the form time.pid.hostname, which is
 	wrong because Postfix processes perform multiple deliveries.
 	Elsewhere the qmail author has documented how maildir files
 	should be named under such conditions. Postfix has been
 	changed to be conformant. File: local/maildir.c.
 19990131
 	Feature: special treatment of owner-foo and foo-request
 	can be turned off. Specify "owner_request_special = no".
 	Requested by Matthew Green and others. Files: local/alias.c,
 	global/split_addr.c. This affects canonical, virtual and
 	alias lookups.
--- a/postfix/INSTALL
+++ b/postfix/INSTALL
@ -479,7 +479,7 @@ Postfix offers a choice of submission mechanims.
    and to make maildrop non-writable for unprivileged users:
    # chgrp maildrop /var/spool/postfix/maildrop /some/where/postdrop
-    # chmod 730 /var/spool/postfix/maildrop
+    # chmod 1730 /var/spool/postfix/maildrop
    # chmod 2755 /some/where/postdrop
    The sendmail posting program will automatically invoke the
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -1,8 +1,28 @@
-This release introduces lots of new functionality in response to feedback
+Incompatible changes with postfix-beta-19990122-pl01:
-from users.
+=====================================================
-Incompatible changes:
+None.
-=====================
+
 Major changes with postfix-beta-19990122-pl01:
 ==============================================
 - Restrict who may use ETRN and what domains may be specified.
 Example:  "smtpd_etrn_restrictions = permit_mynetworks, reject".
 - BIFF notifications.  For compatibility reasons this feature is
 on by default.  Specify "biff = no" in main.cf if your machine has
 lots of shell users.
 - With "soft_bounce = yes", defer delivery instead of bouncing
 mail. This is a safety net for configuration errors with delivery
 agents. It has no effect on errors in virtual maps, canonical maps,
 or in junk mail restrictions.
 - Specify "owner_request_special = no" to turn off special treatment
 of owner-foo and foo-request addresses.
 Incompatible changes with postfix-beta-19990122:
 ================================================
 - The syntax of the transport table has changed. An entry like:
@ -21,8 +41,8 @@ Incompatible changes:
 logged as hostname[address]; the pickup daemon logs queue file uid
 and sender address.
-Major changes over the previous version:
+Major changes with postfix-beta-19990122:
-========================================
+=========================================
 - Junk mail restrictions can now be postoned to the RCPT TO command.
 Specify: "smtpd_recipient_restrictions = reject_maps_rbl...".
--- a/postfix/cleanup/cleanup_message.c
+++ b/postfix/cleanup/cleanup_message.c
@ -197,6 +197,11 @@ static void cleanup_rewrite_recip(HEADER_OPTS *hdr_opts)
 	    cleanup_map11_tree(*tpp, cleanup_rcpt_canon_maps);
 	if (cleanup_comm_canon_maps)
 	    cleanup_map11_tree(*tpp, cleanup_comm_canon_maps);
 	tok822_internalize(cleanup_temp1, tpp[0]->head, TOK822_STR_DEFL);
 	if (cleanup_recip == 0 && (hdr_opts->flags & HDR_OPT_EXTRACT) != 0)
 	    argv_add((hdr_opts->flags & HDR_OPT_RR) ?
 		     cleanup_resent_recip : cleanup_recipients,
 		     vstring_str(cleanup_temp1), (char *) 0);
 	if (cleanup_masq_domains)
 	    cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
 	if (hdr_opts->type == HDR_RETURN_RECEIPT_TO && !cleanup_return_receipt)
@ -205,11 +210,6 @@ static void cleanup_rewrite_recip(HEADER_OPTS *hdr_opts)
 	if (hdr_opts->type == HDR_ERRORS_TO && !cleanup_errors_to)
 	    cleanup_errors_to =
 		cleanup_extract_internal(cleanup_header_buf, *tpp);
 	tok822_internalize(cleanup_temp1, tpp[0]->head, TOK822_STR_DEFL);
 	if (cleanup_recip == 0 && (hdr_opts->flags & HDR_OPT_EXTRACT) != 0)
 	    argv_add((hdr_opts->flags & HDR_OPT_RR) ?
 		     cleanup_resent_recip : cleanup_recipients,
 		     vstring_str(cleanup_temp1), (char *) 0);
    }
    vstring_sprintf(cleanup_header_buf, "%s: ", hdr_opts->name);
    tok822_externalize(cleanup_header_buf, tree, TOK822_STR_HEAD);
--- a/postfix/conf/aliases
+++ b/postfix/conf/aliases
@ -96,6 +96,9 @@
 #	Restrict the usage of mail delivery to external command.
 # .IP \fBallow_mail_to_files\fR
 #	Restrict the usage of mail delivery to external file.
 # .IP \fBowner_request_special\fR
 #	Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 #	addresses.
 # .IP \fBrecipient_delimiter\fR
 #	Delimiter that separates recipients from address extensions.
 # STANDARDS
--- a/postfix/conf/canonical
+++ b/postfix/conf/canonical
@ -94,6 +94,9 @@
 #	List of domains that this mail system considers local.
 # .IP \fBmyorigin\fR
 #	The domain that is appended to locally-posted mail.
 # .IP \fBowner_request_special\fR
 #	Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 #	addresses.
 # SEE ALSO
 #	cleanup(8) canonicalize and enqueue mail
 #	postmap(1) create mapping table
--- a/postfix/conf/postfix-script-sgid
+++ b/postfix/conf/postfix-script-sgid
@ -170,7 +170,7 @@ check)
 	test -d maildrop || {
 		$WARN creating missing Postfix maildrop directory
 		mkdir maildrop || exit 1
-		chmod 730 maildrop
+		chmod 1730 maildrop
 		chown $mail_owner maildrop
 		chgrp maildrop maildrop
 	}
--- a/postfix/conf/virtual
+++ b/postfix/conf/virtual
@ -87,6 +87,9 @@
 #	List of domains that this mail system considers local.
 # .IP \fBmyorigin\fR
 #	The domain that is appended to locally-posted mail.
 # .IP \fBowner_request_special\fR
 #	Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 #	addresses.
 # SEE ALSO
 #	cleanup(8) canonicalize and enqueue mail
 #	postmap(1) create mapping table
--- a/postfix/global/Makefile.in
+++ b/postfix/global/Makefile.in
@ -222,6 +222,7 @@ bounce.o: ../include/sys_defs.h
 bounce.o: ../include/msg.h
 bounce.o: ../include/vstring.h
 bounce.o: ../include/vbuf.h
 bounce.o: mail_params.h
 bounce.o: mail_proto.h
 bounce.o: ../include/vstream.h
 bounce.o: ../include/iostuff.h
--- a/postfix/global/bounce.c
+++ b/postfix/global/bounce.c
@ -105,6 +105,7 @@
 /* Global library. */
 #include "mail_params.h"
 #include "mail_proto.h"
 #include "defer.h"
 #include "bounce.h"
@ -128,17 +129,29 @@ int     bounce_append(int flags, const char *id, const char *recipient,
 int     vbounce_append(int flags, const char *id, const char *recipient,
               const char *relay, time_t entry, const char *fmt, va_list ap)
 {
-    VSTRING *why = vstring_alloc(100);
+    VSTRING *why;
    int     status;
-    int     delay = time((time_t *) 0) - entry;
+    int     delay;
    /*
     * When we're pretending that we can't bounce, don't create a defer log
     * file when we wouldn't keep the bounce log file. That's a lot of
     * negatives in one sentence.
     */
    if (var_soft_bounce && (flags & BOUNCE_FLAG_CLEAN))
 	return (-1);
    why = vstring_alloc(100);
    delay = time((time_t *) 0) - entry;
    vstring_vsprintf(why, fmt, ap);
-    if (mail_command_write(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE,
+    if (mail_command_write(MAIL_CLASS_PRIVATE, var_soft_bounce ?
 			   MAIL_SERVICE_DEFER : MAIL_SERVICE_BOUNCE,
 			   "%d %d %s %s %s", BOUNCE_CMD_APPEND,
 			   flags, id, recipient, vstring_str(why)) == 0) {
-	msg_info("%s: to=<%s>, relay=%s, delay=%d, status=bounced (%s)",
+	msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s)",
-		 id, recipient, relay, delay, vstring_str(why));
+		 id, recipient, relay, delay, var_soft_bounce ? "deferred" :
-	status = 0;
+		 "bounced", vstring_str(why));
 	status = (var_soft_bounce ? -1 : 0);
    } else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
 	status = defer_append(flags, id, recipient, "bounce", delay,
 			      "bounce failed");
@ -154,6 +167,13 @@ int     vbounce_append(int flags, const char *id, const char *recipient,
 int     bounce_flush(int flags, const char *queue, const char *id,
 		             const char *sender)
 {
    /*
     * When we're pretending that we can't bounce, don't send a bounce
     * message.
     */
    if (var_soft_bounce)
 	return (-1);
    if (mail_command_write(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE,
 			   "%d %d %s %s %s", BOUNCE_CMD_FLUSH,
 			   flags, queue, id, sender) == 0) {
--- a/postfix/global/mail_params.c
+++ b/postfix/global/mail_params.c
@ -52,6 +52,9 @@
 /*	int	var_flock_delay;
 /*	int	var_flock_stale;
 /*	int	var_disable_dns;
 /*	int	var_soft_bounce;
 /*	time_t	var_starttime;
 /*	int	var_ownreq_special;
 /*
 /*	char	*var_ldap_server_host;
 /*	char	*var_ldap_search_base;
@ -86,6 +89,7 @@
 #include <unistd.h>
 #include <string.h>
 #include <pwd.h>
 #include <time.h>
 #ifdef STRCASECMP_IN_STRINGS_H
 #include <strings.h>
@ -153,6 +157,9 @@ int     var_flock_tries;
 int     var_flock_delay;
 int     var_flock_stale;
 int     var_disable_dns;
 int     var_soft_bounce;
 time_t  var_starttime;
 int     var_ownreq_special;
 #ifdef HAS_LDAP
@ -285,6 +292,8 @@ void    mail_params_init()
    };
    static CONFIG_BOOL_TABLE bool_defaults[] = {
 	VAR_DISABLE_DNS, DEF_DISABLE_DNS, &var_disable_dns,
 	VAR_SOFT_BOUNCE, DEF_SOFT_BOUNCE, &var_soft_bounce,
 	VAR_OWNREQ_SPECIAL, DEF_OWNREQ_SPECIAL, &var_ownreq_special,
 	0,
    };
@ -319,6 +328,11 @@ void    mail_params_init()
     */
    set_config_int(VAR_PID, var_pid = getpid());
    /*
     * Neither can the start time variable. It isn't even visible.
     */
    time(&var_starttime);
    /*
     * If have seen this happen just too often.
     */
--- a/postfix/global/mail_params.h
+++ b/postfix/global/mail_params.h
@ -147,6 +147,11 @@ extern char *var_command_dir;
 #endif
 extern char *var_pid_dir;
 /*
  * Program startup time.
  */
 extern time_t var_starttime;
 /*
  * Location of configuration files.
  */
@ -243,6 +248,13 @@ extern int var_ldap_timeout;
 #endif
 extern char *var_alias_maps;
 /*
  * Local delivery: to BIFF or not to BIFF.
  */
 #define VAR_BIFF		"biff"
 #define DEF_BIFF		1
 extern bool var_biff;
 /*
  * Local delivery: mail to files/commands.
  */
@ -597,6 +609,10 @@ extern char *var_mail_checks;
 #define DEF_RCPT_CHECKS		PERMIT_MYNETWORKS "," CHECK_RELAY_DOMAINS
 extern char *var_rcpt_checks;
 #define VAR_ETRN_CHECKS		"smtpd_etrn_restrictions"
 #define DEF_ETRN_CHECKS		""
 extern char *var_etrn_checks;
 /*
  * Names of specific restrictions, and the corresponding configuration
  * parameters that control the status codes sent in response to rejected
@ -647,6 +663,7 @@ extern int var_access_map_code;
 #define CHECK_HELO_ACL		"check_helo_access"
 #define CHECK_SENDER_ACL	"check_sender_access"
 #define CHECK_RECIP_ACL		"check_recipient_access"
 #define CHECK_ETRN_ACL		"check_etrn_access"
 #define REJECT_MAPS_RBL		"reject_maps_rbl"
 #define VAR_MAPS_RBL_CODE	"maps_rbl_reject_code"
@ -675,6 +692,20 @@ extern int var_pid;
 #define DEF_DONT_REMOVE		0
 extern bool var_dont_remove;
 /*
  * Paranoia: defer messages instead of bouncing them.
  */
 #define VAR_SOFT_BOUNCE		"soft_bounce"
 #define DEF_SOFT_BOUNCE		0
 extern bool var_soft_bounce;
 /*
  * Give special treatment to owner- and -request.
  */
 #define VAR_OWNREQ_SPECIAL		"owner_request_special"
 #define DEF_OWNREQ_SPECIAL		1
 extern bool var_ownreq_special;
 extern void mail_params_init(void);
 /* LICENSE
--- a/postfix/global/mail_version.h
+++ b/postfix/global/mail_version.h
@ -15,7 +15,7 @@
  * Version of this program.
  */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Beta-19990122"
+#define DEF_MAIL_VERSION	"Beta-19990122-pl01"
 extern char *var_mail_version;
 /* LICENSE
--- a/postfix/global/split_addr.c
+++ b/postfix/global/split_addr.c
@ -15,8 +15,9 @@
 /*	returns a pointer to the remainder.
 /*
 /*	Reserved addresses are not split: postmaster, mailer-daemon,
-/*	double-bounce, addresses that begin with owner-, or addresses
+/*	double-bounce. Addresses that begin with owner-, or addresses
-/*	that end in -request.
+/*	that end in -request are not split, unless the owner_request_special
 /*	parameter is set.
 /* LICENSE
 /* .ad
 /* .fi
@ -51,7 +52,7 @@
 char   *split_addr(char *localpart, int delimiter)
 {
-    int    len;
+    int     len;
    /*
     * Don't split these, regardless of what the delimiter is.
@ -66,11 +67,13 @@ char   *split_addr(char *localpart, int delimiter)
    /*
     * Backwards compatibility: don't split owner-foo or foo-request.
     */
-    if (strncasecmp(localpart, "owner-", 6) == 0)
+    if (var_ownreq_special != 0) {
-	return (0);
+	if (strncasecmp(localpart, "owner-", 6) == 0)
-    if ((len = strlen(localpart) - 8) > 0
+	    return (0);
-	&& strcasecmp(localpart + len, "-request") == 0)
+	if ((len = strlen(localpart) - 8) > 0
-	return (0);
+	    && strcasecmp(localpart + len, "-request") == 0)
 	    return (0);
    }
    /*
     * Safe to split this address.
--- a/postfix/html/aliases.5.html
+++ b/postfix/html/aliases.5.html
@ -137,8 +137,12 @@ ALIASES(5)                                             ALIASES(5)
 ALIASES(5)                                             ALIASES(5)
       <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
              Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
              addresses.
       <b>recipient</b><i>_</i><b>delimiter</b>
-              Delimiter  that  separates  recipients from address
+              Delimiter that separates  recipients  from  address
              extensions.
 <b>STANDARDS</b>
@ -149,7 +153,7 @@ ALIASES(5)                                             ALIASES(5)
       <a href="postalias.1.html">postalias(1)</a> alias database management
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
       software.
 <b>AUTHOR(S)</b>
@ -185,10 +189,6 @@ ALIASES(5)                                             ALIASES(5)
--- a/postfix/html/canonical.5.html
+++ b/postfix/html/canonical.5.html
@ -144,13 +144,17 @@ CANONICAL(5)                                         CANONICAL(5)
       <b>myorigin</b>
              The domain that is appended to locally-posted mail.
       <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
              Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
              addresses.
 <b>SEE</b> <b>ALSO</b>
       <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
       <a href="postmap.1.html">postmap(1)</a> create mapping table
       <a href="virtual.5.html">virtual(5)</a> virtual domain mapping
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
       software.
 <b>AUTHOR(S)</b>
@ -185,10 +189,6 @@ CANONICAL(5)                                         CANONICAL(5)
--- a/postfix/html/faq.html
+++ b/postfix/html/faq.html
@ -197,7 +197,14 @@ was introduced with the <b>qmail</b> system by Daniel Bernstein.
 <p>
 Postfix supports the <b>maildir</b> mailbox format.  Edit <b>main.cf</b>
-and specify a line with: <b>home_mailbox = maildir</b>.
+and specify a line with: <b>home_mailbox = Maildir/</b> (any relative
 pathname that ends in <b>/</b> will do).
 <p>
 The maildir format is also supported for delivery from aliases or
 <b>.forward</b> files. Specify <i>/file/name/</i> as destination.
 The trailing <b>/</b> turns on <b>maildir</b> delivery.
 <hr>
@ -347,7 +354,7 @@ you change the <b>transport</b> file.
 <pre>
    uucp      unix  -       n       n       -       -       pipe
-      flags=F user=uucp argv=uux -n -z -a$sender - $nexthop!rmail ($recipient)
+      flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 </pre>
 <p>
@ -425,7 +432,7 @@ via the <b>uucp</b> message transport:
 <pre>
    uucp      unix  -       n       n       -       -       pipe
-      flags=F user=uucp argv=uux -n -z -a$sender - $nexthop!rmail ($recipient)
+      flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 </pre>
 This runs the <b>uux</b> command, and substitutes the next-hop
--- a/postfix/html/local.8.html
+++ b/postfix/html/local.8.html
@ -81,35 +81,42 @@ LOCAL(8)                                                 LOCAL(8)
       mailbox directory (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>)
       or  it  is a file in the user's home directory with a name
       specified via the  <b>home</b><i>_</i><b>mailbox</b>  configuration  parameter.
-       Mailbox  delivery  can be delegated to an external command
+       Specify  a  path  name  ending  in  <b>/</b> for <b>qmail</b>-compatible
-       specified with the <b>mailbox</b><i>_</i><b>command</b>  configuration  parame-
+       <b>maildir</b> delivery.  Mailbox delivery can be delegated to an
-       ter.
+       external  command  specified with the <b>mailbox</b><i>_</i><b>command</b> con-
       figuration parameter.
       The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve-
-       lope header to  each  message,  prepends  a  <b>Delivered-To:</b>
+       lope  header  to  each  message,  prepends a <b>Delivered-To:</b>
-       header  with  the envelope recipient address, prepends a &gt;
+       header with the envelope recipient address, prepends  a  &gt;
-       character to lines beginning with "<b>From</b> ", and appends  an
+       character  to lines beginning with "<b>From</b> ", and appends an
-       empty  line.   The  mailbox is locked for exclusive access
+       empty line.  The envelope sender address is  available  in
-       while delivery is in progress. In  case  of  problems,  an
+       the <b>Return-Path:</b> header.  The mailbox is locked for exclu-
-       attempt  is  made  to truncate the mailbox to its original
+       sive access while delivery is  in  progress.  In  case  of
-       length.
+       problems,  an  attempt  is made to truncate the mailbox to
       its original length.
       In the case of <b>maildir</b> delivery, the local daemon prepends
       a   <b>Delivered-To:</b>   header  with  the  envelope  recipient
       address.  The envelope sender address is available in  the
       <b>Return-Path:</b> header.
 <b>EXTERNAL</b> <b>COMMAND</b> <b>DELIVERY</b>
-       The   <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>    configuration    parameter
+       The    <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>    configuration   parameter
-       restricts  delivery to external commands. The default set-
+       restricts delivery to external commands. The default  set-
-       ting (<b>alias,</b>  <b>forward</b>)  forbids  command  destinations  in
+       ting  (<b>alias,</b>  <b>forward</b>)  forbids  command  destinations in
       <b>:include:</b> files.
-       The  command  is  executed directly where possible. Assis-
+       The command is executed directly  where  possible.  Assis-
-       tance by the shell (<b>/bin/sh</b> on UNIX systems) is used  only
+       tance  by the shell (<b>/bin/sh</b> on UNIX systems) is used only
-       when  the command contains shell magic characters, or when
+       when the command contains shell magic characters, or  when
       the command invokes a shell built-in command.
-       A limited amount of command output  (standard  output  and
+       A  limited  amount  of command output (standard output and
-       standard  error) is captured for inclusion with non-deliv-
+       standard error) is captured for inclusion with  non-deliv-
-       ery status reports.  A command is forcibly  terminated  if
+       ery  status  reports.  A command is forcibly terminated if
-       it  does  not  complete within <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b> seconds.
+       it does not complete  within  <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b>  seconds.
-       Command exit status codes are expected to follow the  con-
+       Command  exit status codes are expected to follow the con-
       ventions defined in &lt;<b>sysexits.h</b>&gt;.
       When mail is delivered on behalf of a user, the <b>HOME</b>, <b>LOG-</b>
@ -118,13 +125,6 @@ LOCAL(8)                                                 LOCAL(8)
       dependent default path, and the <b>TZ</b> (time zone) environment
       variable is always passed on without change.
       The current working directory is the mail queue directory.
       The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve-
       lope  header  to  each  message,  prepends a <b>Delivered-To:</b>
       header with the recipient envelope address, and appends an
       empty line.
@ -137,19 +137,35 @@ LOCAL(8)                                                 LOCAL(8)
 LOCAL(8)                                                 LOCAL(8)
       The current working directory is the mail queue directory.
       The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve-
       lope header to  each  message,  prepends  a  <b>Delivered-To:</b>
       header with the recipient envelope address, and appends an
       empty line.  The envelope sender address is  available  in
       the <b>Return-Path:</b> header.
 <b>EXTERNAL</b> <b>FILE</b> <b>DELIVERY</b>
       The  <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b> configuration parameter restricts
       delivery to external files. The  default  setting  (<b>alias,</b>
-       <b>forward</b>) forbids file destinations in <b>:include:</b> files.
+       <b>forward</b>)  forbids  file  destinations  in <b>:include:</b> files.
       Specify  a  pathname  ending  in  <b>/</b>  for  <b>qmail</b>-compatible
       <b>maildir</b> delivery.
       The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve-
       lope header to  each  message,  prepends  a  <b>Delivered-To:</b>
       header  with  the recipient envelope address, prepends a &gt;
       character to lines beginning with "<b>From</b> ", and appends  an
-       empty line.  When the destination is a regular file, it is
+       empty  line.   The envelope sender address is available in
-       locked for exclusive access while delivery is in progress.
+       the <b>Return-Path:</b> header.  When the destination is a  regu-
-       In case of problems, an attempt is made to truncate a reg-
+       lar file, it is locked for exclusive access while delivery
-       ular file to its original length.
+       is in progress. In case of problems, an attempt is made to
       truncate a regular file to its original length.
       In the case of <b>maildir</b> delivery, the local daemon prepends
       a  <b>Delivered-To:</b>  header  with  the   envelope   recipient
       address.   The envelope sender address is available in the
       <b>Return-Path:</b> header.
 <b>ADDRESS</b> <b>EXTENSION</b>
       The optional <b>recipient</b><i>_</i><b>delimiter</b>  configuration  parameter
@ -174,6 +190,19 @@ LOCAL(8)                                                 LOCAL(8)
       superuser, delivery is made with the rights specified with
       the <b>default</b><i>_</i><b>privs</b> configuration parameter.
                                                                3
 LOCAL(8)                                                 LOCAL(8)
 <b>STANDARDS</b>
       RFC 822 (ARPA Internet Text Messages)
@ -190,20 +219,8 @@ LOCAL(8)                                                 LOCAL(8)
       For  security  reasons,  the  message  delivery  status of
       external commands or of external  files  is  never  check-
       pointed to file. As a result, the program may occasionally
-       deliver more than once to  a  command  or  external  file.
+       deliver more than once to a command or external file. Bet-
-
+       ter safe than sorry.
                                                                3
 LOCAL(8)                                                 LOCAL(8)
       Better safe than sorry.
       Mutually-recursive  aliases  or  ~/.<b>forward</b>  files are not
       detected early.  The resulting  mail  forwarding  loop  is
@ -221,8 +238,8 @@ LOCAL(8)                                                 LOCAL(8)
       <b>home</b><i>_</i><b>mailbox</b>
              Pathname of a mailbox relative  to  a  user's  home
-              directory.    Specify   <b>maildir</b>  for  maildir-style
+              directory.  Specify a path ending in <b>/</b> for maildir-
-              delivery.
+              style delivery.
       <b>local</b><i>_</i><b>command</b><i>_</i><b>shell</b>
              Shell to use for external  command  execution  (for
@ -234,30 +251,13 @@ LOCAL(8)                                                 LOCAL(8)
       <b>mailbox</b><i>_</i><b>command</b>
              External command to use for mailbox delivery.
       <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
              Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
              addresses.
       <b>recipient</b><i>_</i><b>delimiter</b>
              Separator between username and address extension.
 <b>Locking</b> <b>controls</b>
       <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
              Limit the number of attempts to acquire  an  exclu-
              sive lock on a mailbox or external file.
       <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
              Time  in  seconds  between  successive  attempts to
              acquire an exclusive lock.
       <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
              Limit the time after which a stale lock is removed.
 <b>Resource</b> <b>controls</b>
       <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b>
              Limit  the  amount of time for delivery to external
              command.
       <b>duplicate</b><i>_</i><b>filter</b><i>_</i><b>limit</b>
              Limit the size of the duplicate filter for  results
              from alias etc. expansion.
                                                                4
@ -269,40 +269,72 @@ LOCAL(8)                                                 LOCAL(8)
 LOCAL(8)                                                 LOCAL(8)
 <b>Locking</b> <b>controls</b>
       <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
              Limit  the  number of attempts to acquire an exclu-
              sive lock on a mailbox or external file.
       <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
              Time in  seconds  between  successive  attempts  to
              acquire an exclusive lock.
       <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
              Limit the time after which a stale lock is removed.
 <b>Resource</b> <b>controls</b>
       <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b>
              Limit the amount of time for delivery  to  external
              command.
       <b>duplicate</b><i>_</i><b>filter</b><i>_</i><b>limit</b>
              Limit  the size of the duplicate filter for results
              from alias etc. expansion.
       <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
-              Limit  the  amount  of memory used for processing a
+              Limit the amount of memory used  for  processing  a
              partial input line.
       <b>local</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
              Limit the number of parallel deliveries to the same
-              user.    The   default  limit  is  taken  from  the
+              user.   The  default  limit  is  taken   from   the
              <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> parameter.
       <b>local</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
-              Limit the number of recipients per  message  deliv-
+              Limit  the  number of recipients per message deliv-
-              ery.    The   default   limit  is  taken  from  the
+              ery.   The  default  limit  is   taken   from   the
              <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
 <b>Security</b> <b>controls</b>
       <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
-              Restrict the usage of  mail  delivery  to  external
+              Restrict  the  usage  of  mail delivery to external
              command.
       <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
-              Restrict  the  usage  of  mail delivery to external
+              Restrict the usage of  mail  delivery  to  external
              file.
       <b>default</b><i>_</i><b>privs</b>
-              Default rights for delivery  to  external  file  or
+              Default  rights  for  delivery  to external file or
              command.
 <b>HISTORY</b>
-       The  <b>Delivered-To:</b>  header  appears in the <b>qmail</b> system by
+       The <b>Delivered-To:</b> header appears in the  <b>qmail</b>  system  by
       Daniel Bernstein.
-       The <i>maildir</i> structure  appears  in  the  <b>qmail</b>  system  by
+       The  <i>maildir</i>  structure  appears  in  the  <b>qmail</b> system by
       Daniel Bernstein.
                                                                5
 LOCAL(8)                                                 LOCAL(8)
 <b>SEE</b> <b>ALSO</b>
       <a href="aliases.5.html">aliases(5)</a> format of alias database
       <a href="bounce.8.html">bounce(8)</a> non-delivery status reports
@ -311,7 +343,7 @@ LOCAL(8)                                                 LOCAL(8)
       <a href="qmgr.8.html">qmgr(8)</a> queue manager
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
       software.
 <b>AUTHOR(S)</b>
@ -326,7 +358,41 @@ LOCAL(8)                                                 LOCAL(8)
-                                                                5
+
                                                                6
 </pre> </body> </html>
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@ -177,19 +177,19 @@ SMTPD(8)                                                 SMTPD(8)
              Restrict  what  recipient  addresses are allowed in
              <b>RCPT</b> <b>TO</b> commands.
       <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
              Restrict what domain names can be used in <b>ETRN</b> com-
              mands, and what clients may issue <b>ETRN</b> commands.
       <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
-              List of DNS domains that publish the  addresses  of
+              List  of  DNS domains that publish the addresses of
              blacklisted hosts.
       <b>relay</b><i>_</i><b>domains</b>
-              Restrict  what domains or networks this mail system
+              Restrict what domains or networks this mail  system
              will relay mail from or to.
 <b>UCE</b> <b>control</b> <b>responses</b>
       <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
              Server response when a client  violates  an  access
              database restriction.
@ -203,33 +203,37 @@ SMTPD(8)                                                 SMTPD(8)
 SMTPD(8)                                                 SMTPD(8)
       <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
              Server  response  when  a client violates an access
              database restriction.
       <b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
-              Server   response   when   a  client  violates  the
+              Server  response  when  a   client   violates   the
              <b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
       <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
-              Server  response  when  a   client   violates   the
+              Server   response   when   a  client  violates  the
              <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
       <b>reject</b><i>_</i><b>code</b>
-              Response  code  when  the  client  matches a <b>reject</b>
+              Response code when  the  client  matches  a  <b>reject</b>
              restriction.
       <b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
-              Server response when a client attempts  to  violate
+              Server  response  when a client attempts to violate
              the mail relay policy.
       <b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
-              Server   response   when   a  client  violates  the
+              Server  response  when  a   client   violates   the
              <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
       <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
-              Server response when a client  without  address  to
+              Server  response  when  a client without address to
-              name  mapping  violates  the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
+              name mapping  violates  the  <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
              restriction.
       <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
-              Server  response  when  a   client   violates   the
+              Server   response   when   a  client  violates  the
              <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
 <b>SEE</b> <b>ALSO</b>
@ -238,7 +242,7 @@ SMTPD(8)                                                 SMTPD(8)
       syslogd(8) system logging
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
       software.
 <b>AUTHOR(S)</b>
@ -256,10 +260,6 @@ SMTPD(8)                                                 SMTPD(8)
                                                                4
--- a/postfix/html/uce.html
+++ b/postfix/html/uce.html
@ -68,6 +68,10 @@ restrictions</a>
 <p>
 <li> <a href="#smtpd_etrn_restrictions">ETRN command restrictions</a>
 <p>
 <li> <a href="#generic">Generic restrictions</a>
 <p>
@ -522,6 +526,94 @@ for rejected requests (default: <b>550</b>).
 </dl>
 <a name="smtpd_etrn_restrictions">
 <h2> ETRN command restrictions</h2>
 Not really an UCE restriction, the <b>smtpd_etrn_restrictions</b>
 parameter restricts what domains may be specified in ETRN commands,
 and what clients may issue ETRN commands.
 <dl>
 <dt>Default:
 <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
 accepts any ETRN command from any client.
 <p>
 <dt>Syntax:
 <dd>Specify a list of zero or more restrictions, separated by
 whitespace or commas. Restrictions are applied in the order as
 specified; the first restriction that matches wins.
 <p>
 In addition to restrictions that are specific to ETRN domain names,
 you can also specify restrictions based on the information passed
 with the HELO/EHLO command, and on the client hostname or network
 address.
 <p>
 <dt> Example:
 <dd> <b>smtpd_etrn_restrictions = permit_mynetworks, reject</b>
 <p>
 <dt> Restrictions:
 <dl>
 <a name="check_etrn_access">
 <dt> <b>check_etrn_access</b> <i>maptype</i>:<i>mapname</i>
 <dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
 href="access.5.html">access database</a> for the domain specified
 in the ETRN command, or its parent domains. Reject the request if
 the result is <b>REJECT</b> or "[<b>45</b>]<i>XX text</i>".  Permit
 the request if the result is anything else.  The <b>access_map_reject_code
 </b> parameter specifies the result code for rejected requests
 (default: <b>550</b>).
 <p>
 <dt> <b><a href="#permit_naked_ip_address">permit_naked_ip_address</a></b>
 <dt> <b><a href="#reject_invalid_hostname">reject_invalid_hostname</a></b>
 <dt> <b><a href="#reject_unknown_hostname">reject_unknown_hostname</a></b>
 <dt> <b><a href="#check_helo_access">check_helo_access</a></b> <i>maptype</i>:<i>mapname</i>
 <dd> See HELO (EHLO) hostname restrictions.
 <p>
 <dt> <b><a href="#reject_unknown_client">reject_unknown_client</a></b>
 <dt> <b><a href="#permit_mynetworks">permit_mynetworks</a></b>
 <dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
 <dd> See client name/address restrictions.
 <p>
 <dt> <b><a href="#permit">permit</a></b>
 <dt> <b><a href="#reject">reject</a></b>
 <dd> See generic restrictions.
 </dl>
 </dl>
 <a name="generic">
 <h2> Generic restrictions</h2>
--- a/postfix/html/virtual.5.html
+++ b/postfix/html/virtual.5.html
@ -116,14 +116,14 @@ VIRTUAL(5)                                             VIRTUAL(5)
       <b>myorigin</b>
              The domain that is appended to locally-posted mail.
       <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
              Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
              addresses.
 <b>SEE</b> <b>ALSO</b>
       <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
       <a href="postmap.1.html">postmap(1)</a> create mapping table
 <b>LICENSE</b>
       The  Secure  Mailer  license must be distributed with this
       software.
@ -137,6 +137,10 @@ VIRTUAL(5)                                             VIRTUAL(5)
 VIRTUAL(5)                                             VIRTUAL(5)
 <b>LICENSE</b>
       The Secure Mailer license must be  distributed  with  this
       software.
 <b>AUTHOR(S)</b>
       Wietse Venema
       IBM T.J. Watson Research
@ -185,10 +189,6 @@ VIRTUAL(5)                                             VIRTUAL(5)
--- a/postfix/local/Makefile.in
+++ b/postfix/local/Makefile.in
@ -1,10 +1,10 @@
 SHELL	= /bin/sh
 SRCS	= alias.c command.c delivered.c dotforward.c file.c forward.c \
 	include.c indirect.c local.c mailbox.c recipient.c resolve.c token.c \
-	deliver_attr.c feature.c maildir.c
+	deliver_attr.c feature.c maildir.c biff_notify.c
 OBJS	= alias.o command.o delivered.o dotforward.o file.o forward.o \
 	include.o indirect.o local.o mailbox.o recipient.o resolve.o token.o \
-	deliver_attr.o feature.o maildir.o
+	deliver_attr.o feature.o maildir.o biff_notify.o
 HDRS	= local.h
 TESTSRC	=
 WARN	= -W -Wformat -Wimplicit -Wmissing-prototypes \
@ -81,6 +81,10 @@ alias.o: local.h
 alias.o: ../include/been_here.h
 alias.o: ../include/tok822.h
 alias.o: ../include/resolve_clnt.h
 biff_notify.o: biff_notify.c
 biff_notify.o: ../include/sys_defs.h
 biff_notify.o: ../include/msg.h
 biff_notify.o: biff_notify.h
 command.o: command.c
 command.o: ../include/sys_defs.h
 command.o: ../include/msg.h
@ -270,8 +274,6 @@ mailbox.o: ../include/vstream.h
 mailbox.o: ../include/mymalloc.h
 mailbox.o: ../include/stringops.h
 mailbox.o: ../include/set_eugid.h
 mailbox.o: ../include/get_hostname.h
 mailbox.o: ../include/make_dirs.h
 mailbox.o: ../include/mail_copy.h
 mailbox.o: ../include/safe_open.h
 mailbox.o: ../include/deliver_flock.h
@ -284,6 +286,7 @@ mailbox.o: ../include/mail_params.h
 mailbox.o: local.h
 mailbox.o: ../include/tok822.h
 mailbox.o: ../include/resolve_clnt.h
 mailbox.o: biff_notify.h
 maildir.o: maildir.c
 maildir.o: ../include/sys_defs.h
 maildir.o: ../include/msg.h
--- a/postfix/local/alias.c
+++ b/postfix/local/alias.c
@ -26,7 +26,8 @@
 /*	When an alias exists for recipient \fIname\fR, and an alias
 /*	exists for \fIowner-name\fR, the sender address is changed
 /*	to \fIowner-name\fR, and the owner delivery attribute is
-/*	set accordingly.
+/*	set accordingly. This feature is disabled with
 /*	"owner_request_special = no".
 /* .PP
 /*	Arguments:
 /* .IP state
@ -229,10 +230,12 @@ int     deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp)
 	     * Save the dict_lookup() result before something clobbers it.
 	     */
 #define STR(x)	vstring_str(x)
 #define OWNER_ASSIGN(own) \
 	    (own = (var_ownreq_special == 0 ? 0 : \
 	    concatenate("owner-", state.msg_attr.local, (char *) 0)))
 	    expansion = mystrdup(alias_result);
-	    owner = concatenate("owner-", state.msg_attr.local, (char *) 0);
+	    if (OWNER_ASSIGN(owner) != 0 && maps_find(maps, owner)) {
 	    if (maps_find(maps, owner)) {
 		canon_owner = canon_addr_internal(vstring_alloc(10), owner);
 		SET_OWNER_ATTR(state.msg_attr, STR(canon_owner), state.level);
 	    } else {
@ -257,7 +260,8 @@ int     deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp)
 			      "alias database unavailable") :
 	       deliver_token_string(state, usr_attr, expansion, (int *) 0));
 	    myfree(expansion);
-	    myfree(owner);
+	    if (owner)
 		myfree(owner);
 	    if (canon_owner)
 		vstring_free(canon_owner);
 	    if (alias_pwd)
--- a/postfix/local/biff_notify.c
+++ b/postfix/local/biff_notify.c
@ -0,0 +1,94 @@
 /*++
 /* NAME
 /*	biff_notify 3
 /* SUMMARY
 /*	send biff notification
 /* SYNOPSIS
 /*	#include <biff_notify.h>
 /*
 /*	void	biff_notify(text, len)
 /*	const char *text;
 /*	int	len;
 /* DESCRIPTION
 /*	biff_notify() sends a \fBBIFF\fR notification request to the
 /*	\fBcomsat\fR daemon.
 /*
 /*	Arguments:
 /* .IP text
 /*	Null-terminated text (username@mailbox-offset).
 /* .IP len
 /*	Length of text, including null terminator.
 /* BUGS
 /*	The \fBBIFF\fR "service" can be a noticeable load for
 /*	systems that have many logged-in users.
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 /* System library. */
 #include "sys_defs.h"
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <netdb.h>
 #include <string.h>
 /* Utility library. */
 #include <msg.h>
 /* Application-specific. */
 #include <biff_notify.h>
 /* biff_notify - notify recipient via the biff "protocol" */
 void    biff_notify(const char *text, int len)
 {
    static struct sockaddr_in sin;
    static int sock = -1;
    struct hostent *hp;
    struct servent *sp;
    /*
     * Initialize a socket address structure, or re-use an existing one.
     */
    if (sin.sin_family == 0) {
 	if ((sp = getservbyname("biff", "udp")) == 0) {
 	    msg_warn("service not found: biff/udp");
 	    return;
 	}
 	if ((hp = gethostbyname("localhost")) == 0) {
 	    msg_warn("host not found: localhost");
 	    return;
 	}
 	if ((int) hp->h_length > (int) sizeof(sin.sin_addr)) {
 	    msg_warn("bad address size %d for localhost", hp->h_length);
 	    return;
 	}
 	sin.sin_family = hp->h_addrtype;
 	sin.sin_port = sp->s_port;
 	memcpy((char *) &sin.sin_addr, hp->h_addr_list[0], hp->h_length);
    }
    /*
     * Open a socket, or re-use an existing one.
     */
    if (sock < 0 && (sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
 	msg_warn("socket: %m");
 	return;
    }
    /*
     * Biff!
     */
    if (sendto(sock, text, len, 0, (struct sockaddr *) & sin, sizeof(sin)) != len)
 	msg_warn("biff_notify: %m");
 }
--- a/postfix/local/biff_notify.h
+++ b/postfix/local/biff_notify.h
@ -0,0 +1,30 @@
 #ifndef _BIFF_H_INCLUDED_
 #define _BIFF_H_INCLUDED_
 /*++
 /* NAME
 /*	biff_notify 3h
 /* SUMMARY
 /*	read logical line
 /* SYNOPSIS
 /*	#include <biff_notify.h>
 /* DESCRIPTION
 /* .nf
 /*
  * External interface.
  */
 extern void biff_notify(const char *, int);
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 #endif
--- a/postfix/local/local.c
+++ b/postfix/local/local.c
@ -65,7 +65,9 @@
 /*	The per-user mailbox is either a file in the default UNIX mailbox
 /*	directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR)
 /*	or it is a file in the user's home directory with a name specified
-/*	via the \fBhome_mailbox\fR configuration parameter.
+/*	via the \fBhome_mailbox\fR configuration parameter. Specify a path
 /*	name ending in \fB/\fR for \fBqmail\fR-compatible \fBmaildir\fR
 /*	delivery.
 /*	Mailbox delivery can be delegated to an external command specified
 /*	with the \fBmailbox_command\fR configuration parameter.
 /*
@ -73,9 +75,16 @@
 /*	envelope header to each message, prepends a \fBDelivered-To:\fR header
 /*	with the envelope recipient address, prepends a \fB>\fR character to
 /*	lines beginning with "\fBFrom \fR", and appends an empty line.
 /*	The envelope sender address is available in the \fBReturn-Path:\fR
 /*	header.
 /*	The mailbox is locked for exclusive access while delivery is in
 /*	progress. In case of problems, an attempt is made to truncate the
 /*	mailbox to its original length.
 /*
 /*	In the case of \fBmaildir\fR delivery, the local daemon prepends
 /*	a \fBDelivered-To:\fR header with the envelope recipient address.
 /*	The envelope sender address is available in the \fBReturn-Path:\fR
 /*	header.
 /* EXTERNAL COMMAND DELIVERY
 /* .ad
 /* .fi
@ -106,21 +115,32 @@
 /*	The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
 /*	envelope header to each message, prepends a \fBDelivered-To:\fR
 /*	header with the recipient envelope address, and appends an empty line.
 /*	The envelope sender address is available in the \fBReturn-Path:\fR
 /*	header.
 /* EXTERNAL FILE DELIVERY
 /* .ad
 /* .fi
 /*	The \fBallow_mail_to_files\fR configuration parameter restricts
 /*	delivery to external files. The default setting (\fBalias,
 /*	forward\fR) forbids file destinations in \fB:include:\fR files.
 /*	Specify a pathname ending in \fB/\fR for \fBqmail\fR-compatible
 /*	\fBmaildir\fR delivery.
 /*
 /*	The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
 /*	envelope header to each message, prepends a \fBDelivered-To:\fR
 /*	header with the recipient envelope address, prepends a \fB>\fR
 /*	character to lines beginning with "\fBFrom \fR", and appends an
 /*	empty line.
 /*	The envelope sender address is available in the \fBReturn-Path:\fR
 /*	header.
 /*	When the destination is a regular file, it is locked for exclusive
 /*	access while delivery is in progress. In case of problems, an attempt
 /*	is made to truncate a regular file to its original length.
 /*
 /*	In the case of \fBmaildir\fR delivery, the local daemon prepends
 /*	a \fBDelivered-To:\fR header with the envelope recipient address.
 /*	The envelope sender address is available in the \fBReturn-Path:\fR
 /*	header.
 /* ADDRESS EXTENSION
 /* .ad
 /* .fi
@ -179,7 +199,7 @@
 /*	List of alias databases.
 /* .IP \fBhome_mailbox\fR
 /*	Pathname of a mailbox relative to a user's home directory.
-/*	Specify \fBmaildir\fR for maildir-style delivery.
+/*	Specify a path ending in \fB/\fR for maildir-style delivery.
 /* .IP \fBlocal_command_shell\fR
 /*	Shell to use for external command execution (for example,
 /*	/some/where/smrsh -c).
@ -187,6 +207,9 @@
 /*	contains no shell built-in commands or meta characters.
 /* .IP \fBmailbox_command\fR
 /*	External command to use for mailbox delivery.
 /* .IP \fBowner_request_special\fR
 /*	Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 /*	addresses.
 /* .IP \fBrecipient_delimiter\fR
 /*	Separator between username and address extension.
 /* .SH "Locking controls"
@ -303,6 +326,7 @@ char   *var_home_mailbox;
 char   *var_mailbox_command;
 char   *var_rcpt_fdelim;
 char   *var_local_cmd_shell;
 int     var_biff;
 int     local_cmd_deliver_mask;
 int     local_file_deliver_mask;
@ -458,10 +482,15 @@ int     main(int argc, char **argv)
 	VAR_LOCAL_CMD_SHELL, DEF_LOCAL_CMD_SHELL, &var_local_cmd_shell, 0, 0,
 	0,
    };
    static CONFIG_BOOL_TABLE bool_table[] = {
 	VAR_BIFF, DEF_BIFF, &var_biff,
 	0,
    };
    single_server_main(argc, argv, local_service,
 		       MAIL_SERVER_INT_TABLE, int_table,
 		       MAIL_SERVER_STR_TABLE, str_table,
 		       MAIL_SERVER_BOOL_TABLE, bool_table,
 		       MAIL_SERVER_POST_INIT, post_init,
 		       0);
 }
--- a/postfix/local/mailbox.c
+++ b/postfix/local/mailbox.c
@ -76,6 +76,7 @@
 /* Application-specific. */
 #include "local.h"
 #include "biff_notify.h"
 /* deliver_mailbox_file - deliver to recipient mailbox */
@ -86,6 +87,8 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
    VSTREAM *dst;
    int     status;
    int     copy_flags;
    VSTRING *biff;
    long    end;
    if (msg_verbose)
 	msg_info("deliver_mailbox_file: %s", state.msg_attr.recipient);
@ -124,11 +127,20 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
 			S_IRUSR | S_IWUSR, usr_attr.uid, usr_attr.gid, why);
 	set_eugid(usr_attr.uid, usr_attr.gid);
 	if (dst != 0) {
 	    end = vstream_fseek(dst, (off_t) 0, SEEK_END);
 	    if (deliver_flock(vstream_fileno(dst), why) < 0)
 		vstream_fclose(dst);
 	    else if (mail_copy(COPY_ATTR(state.msg_attr), dst,
-			       copy_flags, why) == 0)
+			       copy_flags, why) == 0) {
 		status = 0;
 		if (var_biff) {
 		    biff = vstring_alloc(100);
 		    vstring_sprintf(biff, "%s@%ld", usr_attr.logname,
 				    (long) end);
 		    biff_notify(vstring_str(biff), VSTRING_LEN(biff) + 1);
 		    vstring_free(biff);
 		}
 	    }
 	}
 #ifdef USE_DOT_LOCK
 	set_eugid(0, 0);
--- a/postfix/local/maildir.c
+++ b/postfix/local/maildir.c
@ -71,6 +71,7 @@ int     deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path)
 {
    char   *newdir;
    char   *tmpdir;
    char   *curdir;
    char   *tmpfile;
    char   *newfile;
    VSTRING *why;
@ -100,16 +101,27 @@ int     deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path)
    newdir = concatenate(path, "new/", (char *) 0);
    tmpdir = concatenate(path, "tmp/", (char *) 0);
    curdir = concatenate(path, "cur/", (char *) 0);
    /*
     * Create and write the file as the recipient, so that file quota work.
-     * Create any missing directories on the fly.
+     * Create any missing directories on the fly. The file name is chosen
     * according to ftp://koobera.math.uic.edu/www/proto/maildir.html:
     * 
     * "A unique name has three pieces, separated by dots. On the left is the
     * result of time(). On the right is the result of gethostname(). In the
     * middle is something that doesn't repeat within one second on a single
     * host. I fork a new process for each delivery, so I just use the
     * process ID. If you're delivering several messages from one process,
     * use starttime.pid_count.host, where starttime is the time that your
     * process started, and count is the number of messages you've
     * delivered."
     */
 #define STR vstring_str
    set_eugid(usr_attr.uid, usr_attr.gid);
-    vstring_sprintf(buf, "%ld.%d.%s.%d", (long) time((time_t *) 0),
+    vstring_sprintf(buf, "%ld.%d_%d.%s", (long) var_starttime,
-		    var_pid, get_hostname(), count++);
+		    var_pid, count++, get_hostname());
    tmpfile = concatenate(tmpdir, STR(buf), (char *) 0);
    newfile = concatenate(newdir, STR(buf), (char *) 0);
    if ((dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0
@ -121,7 +133,7 @@ int     deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path)
 	if (mail_copy(COPY_ATTR(state.msg_attr), dst, copy_flags, why) == 0) {
 	    if (link(tmpfile, newfile) < 0
 		&& (errno != ENOENT
-		    || make_dirs(newdir, 0700) < 0
+		    || (make_dirs(curdir,0700), make_dirs(newdir, 0700)) < 0
 		    || link(tmpfile, newfile) < 0)) {
 		vstring_sprintf(why, "link to %s: %m", newfile);
 	    } else {
@ -142,6 +154,7 @@ int     deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path)
    vstring_free(why);
    myfree(newdir);
    myfree(tmpdir);
    myfree(curdir);
    myfree(tmpfile);
    myfree(newfile);
    return (0);
--- a/postfix/man/man5/aliases.5
+++ b/postfix/man/man5/aliases.5
@ -106,6 +106,9 @@ List of alias databases.
 Restrict the usage of mail delivery to external command.
 .IP \fBallow_mail_to_files\fR
 Restrict the usage of mail delivery to external file.
 .IP \fBowner_request_special\fR
 Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 addresses.
 .IP \fBrecipient_delimiter\fR
 Delimiter that separates recipients from address extensions.
 .SH STANDARDS
--- a/postfix/man/man5/canonical.5
+++ b/postfix/man/man5/canonical.5
@ -106,6 +106,9 @@ List of user names that are not subject to address masquerading.
 List of domains that this mail system considers local.
 .IP \fBmyorigin\fR
 The domain that is appended to locally-posted mail.
 .IP \fBowner_request_special\fR
 Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 addresses.
 .SH SEE ALSO
 .na
 .nf
--- a/postfix/man/man5/virtual.5
+++ b/postfix/man/man5/virtual.5
@ -99,6 +99,9 @@ The network interface addresses that this system receives mail on.
 List of domains that this mail system considers local.
 .IP \fBmyorigin\fR
 The domain that is appended to locally-posted mail.
 .IP \fBowner_request_special\fR
 Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 addresses.
 .SH SEE ALSO
 .na
 .nf
--- a/postfix/man/man8/local.8
+++ b/postfix/man/man8/local.8
@ -77,7 +77,9 @@ mail arrives for a recipient that is already listed in a
 The per-user mailbox is either a file in the default UNIX mailbox
 directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR)
 or it is a file in the user's home directory with a name specified
-via the \fBhome_mailbox\fR configuration parameter.
+via the \fBhome_mailbox\fR configuration parameter. Specify a path
 name ending in \fB/\fR for \fBqmail\fR-compatible \fBmaildir\fR
 delivery.
 Mailbox delivery can be delegated to an external command specified
 with the \fBmailbox_command\fR configuration parameter.
@ -85,9 +87,16 @@ The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
 envelope header to each message, prepends a \fBDelivered-To:\fR header
 with the envelope recipient address, prepends a \fB>\fR character to
 lines beginning with "\fBFrom \fR", and appends an empty line.
 The envelope sender address is available in the \fBReturn-Path:\fR
 header.
 The mailbox is locked for exclusive access while delivery is in
 progress. In case of problems, an attempt is made to truncate the
 mailbox to its original length.
 In the case of \fBmaildir\fR delivery, the local daemon prepends
 a \fBDelivered-To:\fR header with the envelope recipient address.
 The envelope sender address is available in the \fBReturn-Path:\fR
 header.
 .SH EXTERNAL COMMAND DELIVERY
 .na
 .nf
@ -120,6 +129,8 @@ The current working directory is the mail queue directory.
 The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
 envelope header to each message, prepends a \fBDelivered-To:\fR
 header with the recipient envelope address, and appends an empty line.
 The envelope sender address is available in the \fBReturn-Path:\fR
 header.
 .SH EXTERNAL FILE DELIVERY
 .na
 .nf
@ -128,15 +139,24 @@ header with the recipient envelope address, and appends an empty line.
 The \fBallow_mail_to_files\fR configuration parameter restricts
 delivery to external files. The default setting (\fBalias,
 forward\fR) forbids file destinations in \fB:include:\fR files.
 Specify a pathname ending in \fB/\fR for \fBqmail\fR-compatible
 \fBmaildir\fR delivery.
 The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
 envelope header to each message, prepends a \fBDelivered-To:\fR
 header with the recipient envelope address, prepends a \fB>\fR
 character to lines beginning with "\fBFrom \fR", and appends an
 empty line.
 The envelope sender address is available in the \fBReturn-Path:\fR
 header.
 When the destination is a regular file, it is locked for exclusive
 access while delivery is in progress. In case of problems, an attempt
 is made to truncate a regular file to its original length.
 In the case of \fBmaildir\fR delivery, the local daemon prepends
 a \fBDelivered-To:\fR header with the envelope recipient address.
 The envelope sender address is available in the \fBReturn-Path:\fR
 header.
 .SH ADDRESS EXTENSION
 .na
 .nf
@ -207,7 +227,7 @@ a configuration change.
 List of alias databases.
 .IP \fBhome_mailbox\fR
 Pathname of a mailbox relative to a user's home directory.
-Specify \fBmaildir\fR for maildir-style delivery.
+Specify a path ending in \fB/\fR for maildir-style delivery.
 .IP \fBlocal_command_shell\fR
 Shell to use for external command execution (for example,
 /some/where/smrsh -c).
@ -215,6 +235,9 @@ When a shell is specified, it is invoked even when the command
 contains no shell built-in commands or meta characters.
 .IP \fBmailbox_command\fR
 External command to use for mailbox delivery.
 .IP \fBowner_request_special\fR
 Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
 addresses.
 .IP \fBrecipient_delimiter\fR
 Separator between username and address extension.
 .SH "Locking controls"
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@ -140,6 +140,9 @@ Restrict what client hostnames are allowed in \fBHELO\fR and
 Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
 .IP \fBsmtpd_recipient_restrictions\fR
 Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
 .IP \fBsmtpd_etrn_restrictions\fR
 Restrict what domain names can be used in \fBETRN\fR commands,
 and what clients may issue \fBETRN\fR commands.
 .IP \fBmaps_rbl_domains\fR
 List of DNS domains that publish the addresses of blacklisted
 hosts.
--- a/postfix/qmgr/Makefile.in
+++ b/postfix/qmgr/Makefile.in
@ -149,6 +149,7 @@ qmgr_message.o: ../include/vstream.h
 qmgr_message.o: ../include/split_at.h
 qmgr_message.o: ../include/valid_hostname.h
 qmgr_message.o: ../include/argv.h
 qmgr_message.o: ../include/stringops.h
 qmgr_message.o: ../include/dict.h
 qmgr_message.o: ../include/mail_queue.h
 qmgr_message.o: ../include/mail_params.h
--- a/postfix/qmgr/qmgr_message.c
+++ b/postfix/qmgr/qmgr_message.c
@ -88,6 +88,7 @@
 #include <split_at.h>
 #include <valid_hostname.h>
 #include <argv.h>
 #include <stringops.h>
 /* Global library. */
@ -381,6 +382,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
    const char *newloc;
    char   *at;
    char  **cpp;
    char   *domain;
    const char *junk;
 #define STREQ(x,y)	(strcasecmp(x,y) == 0)
 #define STR		vstring_str
@ -443,11 +446,15 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	 */
 	if (VSTRING_LEN(reply.nexthop) > 0
 	    && qmgr_virtual != 0
-	    && (at = strrchr(recipient->address, '@')) != 0
+	    && (at = strrchr(recipient->address, '@')) != 0) {
-	    && maps_find(qmgr_virtual, at + 1)) {
+	    domain = lowercase(mystrdup(at + 1));
-	    qmgr_bounce_recipient(message, recipient,
+	    junk = maps_find(qmgr_virtual, domain);
 	    myfree(domain);
 	    if (junk) {
 		qmgr_bounce_recipient(message, recipient,
 				"unknown user: \"%s\"", recipient->address);
-	    continue;
+		continue;
 	    }
 	}
 	/*
--- a/postfix/sendmail/sendmail.c
+++ b/postfix/sendmail/sendmail.c
@ -726,7 +726,7 @@ int     main(int argc, char **argv)
    if (extract_recipients && mode != SM_MODE_ENQUEUE)
 	msg_fatal("-t can be used only in delivery mode");
-    if (extract_recipients && argv[optind])
+    if (extract_recipients && argv[OPTIND])
 	msg_fatal("cannot delete recipients with -t");
    /*
@ -739,7 +739,7 @@ int     main(int argc, char **argv)
 	msg_panic("unknown operation mode: %d", mode);
 	/* NOTREACHED */
    case SM_MODE_ENQUEUE:
-	enqueue(sender, full_name, argv + optind);
+	enqueue(sender, full_name, argv + OPTIND);
 	exit(0);
 	break;
    case SM_MODE_MAILQ:
@ -751,7 +751,7 @@ int     main(int argc, char **argv)
 	exit(0);
 	break;
    case SM_MODE_DAEMON:
-	if (argv[optind])
+	if (argv[OPTIND])
 	    msg_fatal("daemon mode requires no recipient");
 	ext_argv = argv_alloc(2);
 	argv_add(ext_argv, "postfix", (char *) 0);
@ -764,7 +764,7 @@ int     main(int argc, char **argv)
 	exit(err);
 	break;
    case SM_MODE_NEWALIAS:
-	if (argv[optind])
+	if (argv[OPTIND])
 	    msg_fatal("alias initialization mode requires no recipient");
 	ext_argv = argv_alloc(2);
 	argv_add(ext_argv, "postalias", (char *) 0);
@ -774,7 +774,7 @@ int     main(int argc, char **argv)
 	mail_run_replace(var_command_dir, ext_argv->argv);
 	/* NOTREACHED */
    case SM_MODE_USER:
-	if (argv[optind])
+	if (argv[OPTIND])
 	    msg_fatal("stand-alone mode requires no recipient");
 	ext_argv = argv_alloc(2);
 	argv_add(ext_argv, "smtpd", "-S", (char *) 0);
--- a/postfix/smtpd/Makefile.in
+++ b/postfix/smtpd/Makefile.in
@ -78,6 +78,7 @@ smtpd.o: ../include/stringops.h
 smtpd.o: ../include/events.h
 smtpd.o: ../include/smtp_stream.h
 smtpd.o: ../include/peer_name.h
 smtpd.o: ../include/valid_hostname.h
 smtpd.o: ../include/mail_params.h
 smtpd.o: ../include/record.h
 smtpd.o: ../include/rec_type.h
--- a/postfix/smtpd/smtpd.c
+++ b/postfix/smtpd/smtpd.c
@ -124,6 +124,9 @@
 /*	Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
 /* .IP \fBsmtpd_recipient_restrictions\fR
 /*	Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
 /* .IP \fBsmtpd_etrn_restrictions\fR
 /*	Restrict what domain names can be used in \fBETRN\fR commands,
 /*	and what clients may issue \fBETRN\fR commands.
 /* .IP \fBmaps_rbl_domains\fR
 /*	List of DNS domains that publish the addresses of blacklisted
 /*	hosts.
@ -203,6 +206,7 @@
 #include <events.h>
 #include <smtp_stream.h>
 #include <peer_name.h>
 #include <valid_hostname.h>
 /* Global library. */
@ -253,6 +257,7 @@ char   *var_client_checks;
 char   *var_helo_checks;
 char   *var_mail_checks;
 char   *var_rcpt_checks;
 char   *var_etrn_checks;
 int     var_unk_client_code;
 int     var_bad_name_code;
 int     var_unk_name_code;
@ -789,13 +794,43 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 static int etrn_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 {
    char   *err;
    /*
     * Sanity checks.
     */
    if (var_helo_required && state->helo_name == 0) {
 	state->error_mask |= MAIL_ERROR_POLICY;
 	smtpd_chat_reply(state, "503 Error: send HELO/EHLO first");
 	return (-1);
    }
    if (state->cleanup != 0) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	smtpd_chat_reply(state, "503 Error: MAIL transaction in progress");
 	return (-1);
    }
    if (argc != 2) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
-	smtpd_chat_reply(state, "501 Syntax: ETRN domain");
+	smtpd_chat_reply(state, "500 Syntax: ETRN domain");
 	return (-1);
    }
    if (!ISALNUM(argv[1].strval[0]))
 	argv[1].strval++;
    if (!valid_hostname(argv[1].strval)) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	smtpd_chat_reply(state, "501 Error: invalid parameter syntax");
 	return (-1);
    }
    /*
     * XXX The implementation borrows heavily from the code that implements
     * UCE restrictions. These typically return 450 or 550 when a request is
     * rejected. RFC 1985 requires that 459 be sent when the server refuses
     * to perform the request.
     */
    if (SMTPD_STAND_ALONE(state) == 0
 	&& (err = smtpd_check_etrn(state, argv[1].strval)) != 0) {
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
    }
@ -1103,6 +1138,7 @@ int     main(int argc, char **argv)
 	VAR_HELO_CHECKS, DEF_HELO_CHECKS, &var_helo_checks, 0, 0,
 	VAR_MAIL_CHECKS, DEF_MAIL_CHECKS, &var_mail_checks, 0, 0,
 	VAR_RCPT_CHECKS, DEF_RCPT_CHECKS, &var_rcpt_checks, 0, 0,
 	VAR_ETRN_CHECKS, DEF_ETRN_CHECKS, &var_etrn_checks, 0, 0,
 	VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0,
 	0,
    };
--- a/postfix/smtpd/smtpd_check.c
+++ b/postfix/smtpd/smtpd_check.c
@ -23,6 +23,10 @@
 /*	char	*smtpd_check_rcpt(state, recipient)
 /*	SMTPD_STATE *state;
 /*	char	*recipient;
 /*
 /*	char	*smtpd_check_etrn(state, recipient)
 /*	SMTPD_STATE *state;
 /*	char	*recipient;
 /* DESCRIPTION
 /*	This module implements additional checks on SMTP client requests.
 /*	A client request is validated in the context of the session state.
@ -116,28 +120,35 @@
 /* .PP
 /*	smtpd_check_client() validates the client host name or address.
 /*	Relevant configuration parameters:
-/* .IP client_restrictions
+/* .IP smtpd_client_restrictions
 /*	Restrictions on the names or addresses of clients that may connect
 /*	to this SMTP server.
 /* .PP
 /*	smtpd_check_helo() validates the hostname provided with the
 /*	HELO/EHLO commands. Relevant configuration parameters:
-/* .IP helo_restrictions
+/* .IP smtpd_helo_restrictions
 /*	Restrictions on the hostname that is sent with the HELO/EHLO
 /*	command.
 /* .PP
 /*	smtpd_check_mail() validates the sender address provided with
 /*	a MAIL FROM request. Relevant configuration parameters:
-/* .IP sender_restrictions
+/* .IP smtpd_sender_restrictions
 /*	Restrictions on the sender address that is sent with the MAIL FROM
 /*	command.
 /* .PP
 /*	smtpd_check_rcpt() validates the recipient address provided
 /*	with an RCPT TO request. Relevant configuration parameters:
-/* .IP recipient_restrictions
+/* .IP smtpd_recipient_restrictions
 /*	Restrictions on the recipient address that is sent with the RCPT
 /*	TO command.
 /* .PP
 /*	smtpd_check_etrn() validates the domain name provided with the
 /*	ETRN command, and other client-provided information. Relevant
 /*	configuration parameters:
 /* .IP smtpd_etrn_restrictions
 /*	Restrictions on the hostname that is sent with the HELO/EHLO
 /*	command.
 /* .PP
 /*	smtpd_check_size() checks if a message with the given size can
 /*	be received (zero means that the message size is unknown).  The
 /*	message is rejected when:
@ -268,6 +279,7 @@ static ARGV *client_restrctions;
 static ARGV *helo_restrctions;
 static ARGV *mail_restrctions;
 static ARGV *rcpt_restrctions;
 static ARGV *etrn_restrctions;
 #define STR	vstring_str
@ -325,6 +337,7 @@ void    smtpd_check_init(void)
    helo_restrctions = smtpd_check_parse(var_helo_checks);
    mail_restrctions = smtpd_check_parse(var_mail_checks);
    rcpt_restrctions = smtpd_check_parse(var_rcpt_checks);
    etrn_restrctions = smtpd_check_parse(var_etrn_checks);
 }
 /* smtpd_check_reject - do the boring things that must be done */
@ -493,12 +506,10 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient)
 	return (SMTPD_CHECK_OK);
    /*
-     * Resolve the address if not yet done.
+     * Resolve the address.
     */
-    if (VSTRING_LEN(reply.recipient) == 0) {
+    canon_addr_internal(reply.recipient, recipient);
-	canon_addr_internal(reply.recipient, recipient);
+    resolve_clnt_query(STR(reply.recipient), &reply);
 	resolve_clnt_query(STR(reply.recipient), &reply);
    }
    /*
     * Permit if destination is local. XXX This must be generalized for
@ -578,12 +589,10 @@ static int permit_mx_backup(SMTPD_STATE *unused_state, const char *recipient)
 	msg_info("%s: %s", myname, recipient);
    /*
-     * Resolve the address if not yet done.
+     * Resolve the address.
     */
-    if (VSTRING_LEN(reply.recipient) == 0) {
+    canon_addr_internal(reply.recipient, recipient);
-	canon_addr_internal(reply.recipient, recipient);
+    resolve_clnt_query(STR(reply.recipient), &reply);
 	resolve_clnt_query(STR(reply.recipient), &reply);
    }
    /*
     * If the destination is local, it is acceptable, because we are
@ -661,12 +670,10 @@ static int reject_unknown_address(SMTPD_STATE *state, char *addr)
 	msg_info("%s: %s", myname, addr);
    /*
-     * Resolve the address if not yet done.
+     * Resolve the address.
     */
-    if (VSTRING_LEN(reply.recipient) == 0) {
+    canon_addr_internal(reply.recipient, addr);
-	canon_addr_internal(reply.recipient, addr);
+    resolve_clnt_query(STR(reply.recipient), &reply);
 	resolve_clnt_query(STR(reply.recipient), &reply);
    }
    /*
     * Skip local destinations and non-DNS forms.
@ -833,12 +840,10 @@ static int check_mail_access(SMTPD_STATE *state, char *table, char *addr)
 	msg_info("%s: %s", myname, addr);
    /*
-     * Resolve the address if not yet done.
+     * Resolve the address.
     */
-    if (VSTRING_LEN(reply.recipient) == 0) {
+    canon_addr_internal(reply.recipient, addr);
-	canon_addr_internal(reply.recipient, addr);
+    resolve_clnt_query(STR(reply.recipient), &reply);
 	resolve_clnt_query(STR(reply.recipient), &reply);
    }
    /*
     * Garbage in, garbage out. Every address from canon_addr_internal() and
@ -1051,7 +1056,6 @@ char   *smtpd_check_client(SMTPD_STATE *state)
    /*
     * Initialize.
     */
    VSTRING_RESET(reply.recipient);
    status = setjmp(smtpd_check_buf);
    if (status != 0)
 	return (0);
@ -1083,7 +1087,6 @@ char   *smtpd_check_helo(SMTPD_STATE *state, char *helohost)
    /*
     * Initialize.
     */
    VSTRING_RESET(reply.recipient);
    status = setjmp(smtpd_check_buf);
    if (status != 0)
 	return (0);
@ -1119,7 +1122,6 @@ char   *smtpd_check_mail(SMTPD_STATE *state, char *sender)
    /*
     * Initialize.
     */
    VSTRING_RESET(reply.recipient);
    status = setjmp(smtpd_check_buf);
    if (status != 0)
 	return (0);
@ -1155,7 +1157,6 @@ char   *smtpd_check_rcpt(SMTPD_STATE *state, char *recipient)
    /*
     * Initialize.
     */
    VSTRING_RESET(reply.recipient);
    status = setjmp(smtpd_check_buf);
    if (status != 0)
 	return (0);
@ -1182,6 +1183,39 @@ char   *smtpd_check_rcpt(SMTPD_STATE *state, char *recipient)
    return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
 }
 /* smtpd_check_etrn - validate ETRN request */
 char   *smtpd_check_etrn(SMTPD_STATE *state, char *domain)
 {
    char  **cpp;
    char   *name;
    int     status;
    /*
     * Initialize.
     */
    status = setjmp(smtpd_check_buf);
    if (status != 0)
 	return (0);
    /*
     * Apply restrictions in the order as specified.
     */
    for (cpp = etrn_restrctions->argv; (name = *cpp) != 0; cpp++) {
 	if (strchr(name, ':') != 0) {
 	    status = check_domain_access(state, name, domain);
 	} else if (is_map_command(name, CHECK_ETRN_ACL, &cpp)) {
 	    status = check_domain_access(state, *cpp, domain);
 	} else if (generic_checks(state, name, &cpp, &status, domain) == 0) {
 	    msg_warn("unknown %s check: \"%s\"", VAR_RCPT_CHECKS, name);
 	    break;
 	}
 	if (status != 0)
 	    break;
    }
    return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
 }
 /* smtpd_check_size - check optional SIZE parameter value */
 char   *smtpd_check_size(SMTPD_STATE *state, off_t size)
@ -1358,13 +1392,14 @@ static int int_update(char **argv)
 typedef struct {
    char   *name;
    ARGV  **target;
-}       REST_TABLE;
+} REST_TABLE;
 static REST_TABLE rest_table[] = {
    "client_restrictions", &client_restrctions,
    "helo_restrictions", &helo_restrctions,
    "sender_restrictions", &mail_restrctions,
    "recipient_restrictions", &rcpt_restrctions,
    "etrn_restrictions", &etrn_restrctions,
    0,
 };
--- a/postfix/smtpd/smtpd_check.h
+++ b/postfix/smtpd/smtpd_check.h
@ -18,6 +18,7 @@ extern char *smtpd_check_helo(SMTPD_STATE *, char *);
 extern char *smtpd_check_mail(SMTPD_STATE *, char *);
 extern char *smtpd_check_size(SMTPD_STATE *, off_t);
 extern char *smtpd_check_rcpt(SMTPD_STATE *, char *);
 extern char *smtpd_check_etrn(SMTPD_STATE *, char *);
 /* LICENSE
 /* .ad
--- a/postfix/util/doze.c
+++ b/postfix/util/doze.c
@ -30,6 +30,9 @@
 #include <sys/time.h>
 #include <unistd.h>
 #include <errno.h>
 #ifdef USE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
 /* Utility library. */