From 8a2c6280e87df7fbbbcc86b319b29d105fb12fc8 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 22 Oct 2003 00:00:00 -0500 Subject: [PATCH] postfix-2.0.16-20031022 --- postfix/HISTORY | 70 ++++++++- postfix/README_FILES/FILTER_README | 7 + postfix/README_FILES/SMTPD_PROXY_README | 85 ++++++----- postfix/README_FILES/VERP_README | 4 +- postfix/RELEASE_NOTES | 49 +++++++ postfix/RELEASE_NOTES-2.0 | 12 +- postfix/conf/postfix-files | 3 + postfix/conf/sample-filter.cf | 4 +- postfix/conf/sample-resource.cf | 6 + postfix/conf/sample-smtp.cf | 11 ++ postfix/conf/sample-smtpd.cf | 68 ++++++++- postfix/examples/smtpd-policy/smtpd-policy.pl | 6 +- postfix/html/basic.html | 4 +- postfix/html/faq.html | 7 +- postfix/html/master.8.html | 50 +++---- postfix/html/smtp.8.html | 107 +++++++------- postfix/html/smtpd.8.html | 123 +++++++++------- postfix/man/man8/smtp.8 | 6 + postfix/man/man8/smtpd.8 | 19 ++- postfix/src/dns/dns_lookup.c | 3 +- postfix/src/global/mail_addr_map.c | 8 ++ postfix/src/global/mail_params.h | 21 ++- postfix/src/global/mail_version.h | 2 +- postfix/src/global/maps.c | 10 +- postfix/src/local/alias.c | 4 + postfix/src/master/master.c | 4 +- postfix/src/smtp/smtp.c | 12 +- postfix/src/smtp/smtp_addr.c | 3 +- postfix/src/smtp/smtp_proto.c | 10 +- postfix/src/smtpd/smtpd.c | 133 +++++++++++++++++- postfix/src/smtpd/smtpd.h | 5 + postfix/src/smtpd/smtpd_check.c | 24 ++-- postfix/src/smtpd/smtpd_check.ref | 3 +- postfix/src/smtpd/smtpd_check.ref2 | 3 +- postfix/src/smtpd/smtpd_check.ref4 | 2 +- postfix/src/smtpd/smtpd_check_access | 1 + postfix/src/smtpd/smtpd_exp.in | 13 +- postfix/src/smtpd/smtpd_exp.ref | 34 ++--- postfix/src/smtpd/smtpd_peer.c | 2 +- postfix/src/smtpd/smtpd_proxy.c | 48 +++++-- postfix/src/smtpd/smtpd_sasl_proto.c | 4 +- postfix/src/util/attr_scan0.c | 2 +- postfix/src/util/attr_scan64.c | 2 + postfix/src/util/attr_scan_plain.c | 2 + postfix/src/util/base64_code.c | 7 +- postfix/src/util/sane_connect.c | 2 +- 46 files changed, 744 insertions(+), 261 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index da6213776..ebca95e2d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -8625,6 +8625,73 @@ Apologies for any names omitted. everything that invokes these routines including queue manager and delivery agents. +20030922 + + Feature: "XADDR address hostname" SMTP command, for SMTPD + restriction debugging, and for sites with fetchmail-like + software that extracts client information from the first + Received: header. The smtpd_authorized_xaddr_clients + parameter specifies what clients are allowed to use XADDR + (default: none). Files: smtpd/smtpd.c. + +20031015 + + Workaround: smtpd access maps should not apply subdomain + name magic to numerical hostnames. File: smtpd/smtpd_check.c. + + Safety: the local delivery agent now defers delivery when + alias lookup produces an empty result. File: local/alias.c. + +20031019 + + Workaround: disable request/reply size limit in attr_scan*.c + to prevent mail from getting stuck when rewriting a malformed + message header. This limit was turned on with snapshot + 20030715 to harden the protocol that is used by SMTPD policy + delegation. A "no code change" workaround is to specify + "header_size_limit = $line_length_limit". The proper fix + is to enforce request/reply size limits only for data from + outside of Postfix. Problem reported by Brandon Mullenberg, + Dialup USA. Files: util/attr_scan*.c. + + Feature: "XLOGINFO address hostname" SMTP command, so that + Postfix daemons behind SMTPD pass-through proxies log useful + client name/address information instead of localhost[127.0.0.1]. + The smtpd_authorized_xloginfo_clients parameter specifies + what clients are allowed to use XLOGINFO (default: none). + Files: smtpd/smtpd.c. + + Cleanup: renamed the authorized_verp_clients parameter to + smtpd_authorized_verp_clients for consistency. + +20031021 + + Workaround: the demo greylist script now uses BTREE instead + of HASH files for hopefully better stability. The real fix + is to use a single updater process that serves multiple + clients. That approach seems to work well with the verify + daemon. File: examples/smtpd-policy/smtpd-policy.pl. + +20031022 + + Safety: the SMTP server now warns when the queue_minfree + value is less than twice the message size limit. File: + smtpd/smtpd.c. + + Safety: the SMTP server no longer accepts mail when the + amount of free space is less than twice the message size + limit. File: smtpd/smtpd_check.c. + + Safety: log a warning and defer mail when canonical or + virtual lookups return a non-address result (like a string + that contains no address). File: global/mail_addr_map.c. + + Safety: log a warning and defer mail when any map lookup + returns an empty string result, and explain that "no result" + is expected in case of a "not found" condition. This happens + with incorrectly implemented SQL or LDAP tables. File: + global/maps_find.c. + Open problems: High: when virtual aliasing is turned off after content @@ -8663,9 +8730,6 @@ Open problems: Low: sendmail does not store null command-line recipients. - Low: sendmail, not cleanup, should extract recipients from - message headers. - Low: have a configurable list of errno values for mailbox or maildir delivery that result in deferral rather than bouncing mail. diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index 9c8e592d8..6c377b0fd 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -155,6 +155,13 @@ queue, mail will bounce. The same lack of robustness can happen when the content filtering software itself runs into a resource problem. +The simple content filter method is not suitable for content filter +actions that are invoked via header_checks or body_checks patterns. +These patterns will be applied again after mail is re-injected with +the Postfix sendmail command, resulting in a mail filtering loop. +Instead, use the advanced content filtering method (see below) and +turn off header_checks or body_checks patterns for filtered mail. + Advanced content filtering example =================================== diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README index 04943a581..d39e64cfc 100644 --- a/postfix/README_FILES/SMTPD_PROXY_README +++ b/postfix/README_FILES/SMTPD_PROXY_README @@ -1,15 +1,10 @@ Purpose of the before-queue content filter feature ================================================== -Normally, Postfix receives mail, stores it in the mail queue and -then delivers it. The Postfix SMTP server can be configured to -forward all incoming mail to a content filter (for example, a -real-time SPAM filter) that inspects all mail BEFORE it is stored -in the Postfix mail queue. - -[This is not to be confused with the approach described in the -FILTER_README document, where all mail is inspected AFTER it is -stored in the Postfix mail queue] +The Postfix SMTP server can be configured to forward all incoming +mail to a content filter (for example, a real-time SPAM filter) +that inspects all mail BEFORE it is stored in the Postfix mail +queue. The before-queue content filter is meant to be used as follows: @@ -17,25 +12,32 @@ The before-queue content filter is meant to be used as follows: Internet -> smtpd -> queue -> smtpd -> cleanup -> queue -> local Postfix filter Postfix \ virtual etc. -For reference, this is the normal path through Postfix: +Normally, Postfix receives mail, stores it in the mail queue and +then delivers it. The next diagram shows the normal path through +Postfix for mail that arrives via the network: / smtp Internet -> smtpd -> cleanup -> queue -> local Postfix \ virtual etc. -For comparison, this is the FILTER_README approach with an SMTP-based -after-queue content filter: - / smtp - Internet -> smtpd -> cleanup -> queue -> local - Postfix ^ v \ virtual etc. - smtpd smtp - Postfix Postfix - \ after / - queue <- - filter +The before-queue content filter is not to be confused with the +approach described in the FILTER_README document, where mail is +filtered AFTER it is stored in the Postfix mail queue. For example, +below is the FILTER_README approach with an SMTP-based after-queue +content filter: -The before-queue content filter receives unfiltered SMTP mail from -Postfix and does one of the following: + / smtp + Internet -> smtpd -> cleanup -> queue -> local + Postfix ^ v \ virtual etc. + smtpd smtp + Postfix Postfix + \ after / + queue <- + filter + +The before-queue content filter functions just like the after-queue +content filter. It receives unfiltered SMTP mail from Postfix and +does one of the following: 1 - Re-inject the mail back into Postfix via SMTP, perhaps after changing content. @@ -44,7 +46,7 @@ Postfix and does one of the following: to Postfix. Postfix passes the status back to the remote SMTP client. This way, Postfix does not have to send a bounce message. -3 - Send the mail somewhere else. +3 - Send the mail somewhere else, or discard the mail. Limitations =========== @@ -63,24 +65,27 @@ accepting mail or you have to stop filtering the mail. How Postfix talks to the before-queue content filter ================================================== -Postfix makes one connection per email message. Postfix speaks -ESMTP, but uses no command pipelining. Postfix generates its own -EHLO, DATA and QUIT commands, and forwards unmodified copies of -all the MAIL FROM and RCPT TO commands that the Postfix SMTP server -didn't reject itself. The SMTP proxy server should accept the same +The before-filter Postfix SMTP server connects to the content +filter, delivers one message, and disconnects. While sending mail +into the content filter, Postfix speaks ESMTP but uses no command +pipelining. Postfix generates its own EHLO, XLOGINFO (for logging +the remote client IP address instead of localhost[127.0.0.1]), DATA +and QUIT commands, and forwards unmodified copies of all the MAIL +FROM and RCPT TO commands that the before-filter Postfix SMTP server +didn't reject itself. The SMTP proxy server should accept the same MAIL FROM and RCPT TO command syntax as the Postfix SMTP server. Postfix sends no other SMTP commands. The content filter is expected to pass on unmodified SMTP commands from a before-filter Postfix SMTP server to an after-filter Postfix -SMTP server that listens on a non-standard port. When the filter -rejects content, it should send a negative SMTP response back to -the before-filter Postfix SMTP server, and it should abort any -connection with the after-filter Postfix SMTP server without +SMTP server that usually listens on a non-standard port. When the +filter rejects content, it should send a negative SMTP response +back to the before-filter Postfix SMTP server, and it should abort +the connection with the after-filter Postfix SMTP server without completing the SMTP conversation with the after-filter Postfix SMTP server. -Configuration parameters +Configuration parameters ======================== Parameters that control proxying: @@ -111,21 +116,31 @@ server process without intervening content filter. This useful only for testing, of course. /etc/postfix/master.cf - smtp inet n - n - - smtpd + smtp inet n - n - - smtpd -o smtpd_proxy_filter=26 :26 inet n - n - - smtpd + -o smtpd_authorized_xloginfo_clients=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 - -o receive_override_options=no_unknown_recipient_checks + -o receive_override_options=no_unknown_recipient_checks Note: do not specify spaces around the "=" or "," characters. The ":26" causes Postfix to listen on the localhost address only. DO NOT expose the secondary SMTP server to the Internet :-) +The smtpd_authorized_xloginfo_clients parameter allows the before +filter SMTP server to pass the remote SMTP client name and address +to the after-filter SMTP server, so that the after-filter Postfix +daemons log the remote client name and address instead of logging +localhost[127.0.0.1]. + +The other parameter settings avoid duplication of effort that is +done in the "before filter" SMTP server. + The result is as follows: Internet -> smtpd on port 25 -> smtpd on port 26 -> cleanup -> queue diff --git a/postfix/README_FILES/VERP_README b/postfix/README_FILES/VERP_README index 49a8e33a9..45059a703 100644 --- a/postfix/README_FILES/VERP_README +++ b/postfix/README_FILES/VERP_README @@ -35,8 +35,8 @@ are used as part of a username or domain name (such as alphanumerics), or because they are non-ASCII or control characters. And who knows, some characters may tickle bugs in vulnerable software. -- authorized_verp_clients (default value: $mynetworks) controls -what network clients are allowed to request VERP style delivery. +- smtpd_authorized_verp_clients (default value: none) controls +what SMTP clients are allowed to request VERP style delivery. Exceptions: the Postfix QMQP server uses its own access control mechanism, and local submission (via /usr/sbin/sendmail etc.) is always authorized. To authorize a host, list its name, IP address, diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 84211b0c8..aa14f09d0 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -22,6 +22,55 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. +Incompatible changes with Postfix snapshot 2.0.16-20031022 +========================================================== + +Postfix no longer retries delivery when no MX host has a valid A +record, for compatibility with most other MTAs. This change is made +in anticipation of a possible Verisign "wild-card MX record without +A record" for unregistered domains. To get the old behavior, specify +"smtp_defer_if_no_mx_address_found = yes". + +The Postfix SMTP client no longer looks in /etc/hosts by default. +To get the old behavior, specify "smtp_host_lookup = dns, native". + +The authorized_verp_clients configuration parameter has been renamed +to smtpd_authorized_verp_clients. This is for consistency with the +new smtpd_authorized_xaddr_clients and smtpd_authorized_xloginfo_clients +configuration parameters that control the use of the new XADDR and +XLOGINFO commands. + +The smtpd_authorized_verp_clients parameter now defaults to nothing +(no XVERP command is accepted). + +The Postfix SMTP server no longer allows queue_minfree values that +are less than twice the message_size_limit value. + +The Postfix SMTP server no longer accepts mail when the amount of +free queue space is less than twice the message_size_limit value. + +Major changes with Postfix snapshot 2.0.16-20031022 +=================================================== + +Easier debugging of SMTPD access restrictions. The SMTP command +"XADDR client-address client-hostname" changes Postfix's idea of +the remote client name and address, so that you can pretend to +connect from anywhere on the Internet. Use of this command is +restricted to clients that match the list of names or addresses +specified with the smtpd_authorized_xaddr_clients parameter. By +default, XADDR is not accepted from anywhere. + +More useful logging by Postfix daemons behind a real-time SMTP +proxy filter (the logging now shows the remote client name and +address, instead of localhost[127.0.0.1]). This uses the new SMTP +command "XLOGINFO client-address client-hostname", which specifies +the client name and address for logging purposes without changing +the name/address that are used for SMTPD access control. Use of +this command is restricted to clients that match the list of names +or addresses specified with the smtpd_authorized_xloginfo_clients +parameter. By default, XLOGINFO is not accepted from anywhere. +For an example, see the updated SMTPD_PROXY_README file. + Major changes with Postfix snapshot 2.0.16-20030917 =================================================== diff --git a/postfix/RELEASE_NOTES-2.0 b/postfix/RELEASE_NOTES-2.0 index 7a7c664ff..586f2d78f 100644 --- a/postfix/RELEASE_NOTES-2.0 +++ b/postfix/RELEASE_NOTES-2.0 @@ -126,7 +126,10 @@ more flexible "reject_rbl_client" feature instead. [Obsolete 20021209] The "check_relay_domains" restriction is going away. The SMTP server logs a warning and suggests using the more -robust "reject_unauth_destination" instead. +robust "reject_unauth_destination" instead. This means that Postfix +by default no longer grants relay permissions on the basis of the +client hostname, and that relay clients must be authorized via +other means such as permit_mynetworks. [Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/ is going away. Use the cleaner and more flexible "if !/pattern2/..endif" @@ -246,7 +249,7 @@ mail relay traffic from outbound traffic. This eliminates a problem where inbound mail deliveries could become resource starved in the presence of a high volume of outbound mail. -[Feature 20021013] The body_checks_max_size parameter limits the +[Feature 20021013] The body_checks_size_limit parameter limits the amount of text per message body segment (or attachment, if you prefer to use that term) that is subjected to body_checks inspection. The default limit is 50 kbytes. This speeds up the processing of @@ -399,7 +402,8 @@ or html/uce.html for details. IP address blacklisting. Based on code by LaMont Jones. The old "reject_maps_rbl" is now implemented as a wrapper around the reject_rbl_client code, and logs a warning that "reject_maps_rbl" -is going away. +is going away. To upgrade, specify "reject_rbl_client domainname" +once for each domain name that is listed in maps_rbl_domains. [Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient @@ -657,7 +661,7 @@ mime_header_checks (for MIME headers), and nested_header_checks (for headers of attached email messages except MIME headers). By default, all headers are matched with header_checks. -[Feature 20021013] The body_checks_max_size parameter limits the +[Feature 20021013] The body_checks_size_limit parameter limits the amount of text per message body segment (or attachment, if you prefer to use that term) that is subjected to body_checks inspection. The default limit is 50 kbytes. This speeds up the processing of diff --git a/postfix/conf/postfix-files b/postfix/conf/postfix-files index ce99b8294..75cade480 100644 --- a/postfix/conf/postfix-files +++ b/postfix/conf/postfix-files @@ -199,11 +199,14 @@ $readme_directory/MYSQL_README:f:root:-:644 $readme_directory/NFS_README:f:root:-:644 $readme_directory/PACKAGE_README:f:root:-:644 $readme_directory/PCRE_README:f:root:-:644 +$readme_directory/PGSQL_README:f:root:-:644 $readme_directory/QMQP_README:f:root:-:644 $readme_directory/RELEASE_NOTES:f:root:-:644 $readme_directory/RESTRICTION_CLASS_README:f:root:-:644 $readme_directory/SASL_README:f:root:-:644 $readme_directory/SCHEDULER_README:f:root:-:644 +$readme_directory/SMTPD_POLICY_README:f:root:-:644 +$readme_directory/SMTPD_PROXY_README:f:root:-:644 $readme_directory/ULTRIX_README:f:root:-:644 $readme_directory/UUCP_README:f:root:-:644 $readme_directory/VERP_README:f:root:-:644 diff --git a/postfix/conf/sample-filter.cf b/postfix/conf/sample-filter.cf index 0f667ca7e..962a8809c 100644 --- a/postfix/conf/sample-filter.cf +++ b/postfix/conf/sample-filter.cf @@ -99,14 +99,14 @@ nested_header_checks = $header_checks # body_checks = regexp:/etc/postfix/body_checks -# The body_checks_max_size parameter controls how much text in a +# The body_checks_size_limit parameter controls how much text in a # message body segment (or attachment, if you prefer to use that # term) is subjected to body_checks inspection. # # By default, only the first 50 kbytes of a message body segment are # inspected with body_checks patterns. # -body_checks_max_size = 51200 +body_checks_size_limit = 51200 # The receive_override_options parameter controls what input processing # happens before or after an external content filter. diff --git a/postfix/conf/sample-resource.cf b/postfix/conf/sample-resource.cf index 03b14fd75..895b545ef 100644 --- a/postfix/conf/sample-resource.cf +++ b/postfix/conf/sample-resource.cf @@ -143,6 +143,12 @@ qmgr_message_recipient_minimum = 10 # space in bytes in the queue file system. This is currently used by # the SMTP server to decide if it will accept any mail at all. # +# By default, the SMTP server rejects MAIL FROM commands when the +# amount of free space is less than 2*$message_size_limit. +# +# To specify a higher minimum free space limit, specify a value that +# is at least 2*$message_size_limit. +# queue_minfree = 0 # The stale_lock_time parameter limits the time after which a stale diff --git a/postfix/conf/sample-smtp.cf b/postfix/conf/sample-smtp.cf index b9c521b2f..ca85a151a 100644 --- a/postfix/conf/sample-smtp.cf +++ b/postfix/conf/sample-smtp.cf @@ -65,6 +65,17 @@ smtp_never_send_ehlo = no # #smtp_bind_address=111.222.333.444 +# The smtp_defer_if_no_mx_address_found parameter controls what +# Postfix will do when no MX record resolves to an IP address (Postfix +# always ignores MX records with equal or worse preference than the +# local MTA). +# +# The default (no) is to return the mail as undeliverable. With older +# Postfix versions the default was to keep trying to deliver the mail +# until someone fixed the MX record or until the mail was too old. +# +smtp_defer_if_no_mx_address_found = no + # The smtp_line_length_limit parameter controls the length of # message header and body lines that Postfix will send via SMTP. # Lines that are longer are broken by inserting . diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf index 7e07cec12..eb501492f 100644 --- a/postfix/conf/sample-smtpd.cf +++ b/postfix/conf/sample-smtpd.cf @@ -47,10 +47,10 @@ #local_recipient_maps = unix:passwd.byname $alias_maps local_recipient_maps = proxy:unix:passwd.byname $alias_maps -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# $inet_interfaces, while $local_recipient_maps is non-empty and the -# recipient address or address local-part is not found. +# The unknown_local_recipient_reject_code parameter specifies the +# SMTP server response code when a recipient domain matches $mydestination +# or $inet_interfaces, while $local_recipient_maps is non-empty and +# the recipient address or address local-part is not found. # # The default setting is 550 (reject mail) but it is safer to start # with 450 (try again later) until you are certain that your @@ -113,6 +113,59 @@ unknown_local_recipient_reject_code = 550 # #disable_vrfy_command = no +# The smtpd_authorized_xaddr_clients parameter specifies what clients +# are allowed to specify the SMTP "XADDR client-address client-name" +# command. This command changes Postfix's idea of the client hostname +# and IP address for logging and for access control. Typical use is +# for SMTPD access testing. +# +# By default, no clients are allowed to specify XADDR. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +smtpd_authorized_xaddr_clients = + +# The smtpd_authorized_xloginfo_clients parameter specifies what +# clients are allowed to specify the SMTP "XLOGINFO client-address +# client-name" command. This command changes Postfix's idea of the +# client hostname and IP address for logging but not for access +# control. Typical use is for SMTP-based content filters. +# +# By default, no clients are allowed to specify XLOGINFO. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +smtpd_authorized_xloginfo_clients = + +# The smtpd_authorized_xverp_clients parameter specifies what clients +# are allowed to specify the SMTP XVERP command. This command requests +# that mail be delivered one recipient at a time with a per recipient +# return address. +# +# By default, no clients are allowed to specify XVERP. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +smtpd_authorized_xverp_clients = + # The smtpd_banner parameter specifies the text that follows the 220 # status code in the SMTP greeting banner. Some people like to see # the mail version advertised. By default, Postfix shows no version. @@ -156,9 +209,10 @@ smtpd_banner = $myhostname ESMTP $mail_name # smtpd_etrn_restrictions = -# The smtpd_history_flush_threshold specifies how many lines the SMTP -# server command history is allowed to contain before it is flushed -# to postmaster upon receipt of EHLO, RSET, or end of DATA. +# The smtpd_history_flush_threshold parameter specifies how many +# lines the SMTP server command history is allowed to contain before +# it is flushed to postmaster upon receipt of EHLO, RSET, or end of +# DATA. # smtpd_history_flush_threshold = 100 diff --git a/postfix/examples/smtpd-policy/smtpd-policy.pl b/postfix/examples/smtpd-policy/smtpd-policy.pl index b42cfc3b0..de106cc00 100755 --- a/postfix/examples/smtpd-policy/smtpd-policy.pl +++ b/postfix/examples/smtpd-policy/smtpd-policy.pl @@ -69,7 +69,7 @@ use Sys::Syslog qw(:DEFAULT setlogsock); # $database_name.time(), so that the mail system does not get stuck. # $database_name="/var/mta/smtpd-policy.db"; -$greylist_delay=3600; +$greylist_delay=60; # # Syslogging options for verbose mode and for fatal errors. @@ -140,7 +140,7 @@ sub open_database { # Use tied database to make complex manipulations easier to express. $database_obj = tie(%db_hash, 'DB_File', $database_name, - O_CREAT|O_RDWR, 0644) || + O_CREAT|O_RDWR, 0644, $DB_BTREE) || fatal_exit "Cannot open database %s: $!", $database_name; $database_fd = $database_obj->fd; open DATABASE_HANDLE, "+<&=$database_fd" || @@ -193,7 +193,7 @@ sub update_database { # out of the way, and start with a new database. # sub sigsegv_handler { - my $backup = $database_name . time(); + my $backup = $database_name . "." . time(); rename $database_name, $backup || fatal_exit "Can't save %s as %s: $!", $database_name, $backup; diff --git a/postfix/html/basic.html b/postfix/html/basic.html index 0e4262009..3dea94305 100644 --- a/postfix/html/basic.html +++ b/postfix/html/basic.html @@ -195,8 +195,8 @@ is attached to. You should set up a postmaster alias that points to a human person. -This alias is required to exist, so that people can report mail -delivery problems. +The postmaster address is required to exist, so that people +can report mail delivery problems.

diff --git a/postfix/html/faq.html b/postfix/html/faq.html index 1f593d55f..a5ea4ecf2 100644 --- a/postfix/html/faq.html +++ b/postfix/html/faq.html @@ -1081,8 +1081,8 @@ for you.

-On SuSE systems the file permission fixing utulity is called -SuSEconfig. Other Linux systems may use different names. +On SuSE systems the utulity is called SuSEconfig. Other +Linux systems may use different names. The usual disclaimers about mileages etc. apply.

@@ -1109,7 +1109,8 @@ add to /etc/permissions.local the following line: -and to make sure that in /etc/rc.config, +and to make sure that in the file /etc/sysconfig/security (with +older SuSE versions, in the file /etc/rc.config), PERMISSIONS_SECURITY mentions local last, EXAMPLE:

diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index 512485ca7..6ca80a666 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -1,11 +1,11 @@ - 
+  
 MASTER(8)                                               MASTER(8)
 
 NAME
        master - Postfix master process
 
 SYNOPSIS
-       master [-Dtv] [-c config_dir] [-e exit_time]
+       master [-Dtv] [-c config_dir] [-e exit_time]
 
 DESCRIPTION
        The  master daemon is the resident process that runs Post-
@@ -28,19 +28,19 @@ MASTER(8)                                               MASTER(8)
 
        Options:
 
-       -c config_dir
+       -c config_dir
               Read  the main.cf and master.cf configuration files
               in the named directory instead of the default  con-
               figuration directory.
 
-       -e exit_time
-              Terminate  the  master process after exit_time sec-
+       -e exit_time
+              Terminate  the  master process after exit_time sec-
               onds. Child processes  terminate  at  their  conve-
               nience.
 
        -D     After  initialization, run a debugger on the master
               process. The debugging command  is  specified  with
-              the debugger_command in the main.cf global configu-
+              the debugger_command in the main.cf global configu-
               ration file.
 
        -t     Test mode. Return a zero exit status when the  mas-
@@ -68,7 +68,7 @@ MASTER(8)                                               MASTER(8)
               abort),  the master process passes the signal on to
               its child processes and terminates.  This is useful
               for  an emergency shutdown. Normally one would ter-
-              minate only the master  (postfix  stop)  and  allow
+              minate only the master  (postfix  stop)  and  allow
               running processes to finish what they are doing.
 
 DIAGNOSTICS
@@ -76,62 +76,62 @@ MASTER(8)                                               MASTER(8)
 
 BUGS
 ENVIRONMENT
-       MAIL_DEBUG
+       MAIL_DEBUG
               After initialization, start a debugger as specified
-              with the debugger_command  configuration  parameter
+              with the debugger_command  configuration  parameter
               in the main.cf configuration file.
 
-       MAIL_CONFIG
+       MAIL_CONFIG
               Directory with Postfix configuration files.
 
-CONFIGURATION PARAMETERS
+CONFIGURATION PARAMETERS
        The  following  main.cf parameters are especially relevant
        to this program. See the Postfix main.cf file  for  syntax
-       details  and  for  default  values. Use the postfix reload
+       details  and  for  default  values. Use the postfix reload
        command after a configuration change.
 
 Miscellaneous
-       import_environment
+       import_environment
 
-       export_environment
+       export_environment
               Lists of names of environment parameters  that  can
               be  imported  from  (exported  to) non-Postfix pro-
               cesses.
 
-       mail_owner
+       mail_owner
               The owner of the mail queue  and  of  most  Postfix
               processes.
 
-       command_directory
+       command_directory
               Directory with Postfix support programs.
 
-       daemon_directory
+       daemon_directory
               Directory with Postfix daemon programs.
 
-       queue_directory
+       queue_directory
               Top-level  directory  of the Postfix queue. This is
               also the root directory of Postfix daemons that run
               chrooted.
 
-       inet_interfaces
+       inet_interfaces
               The  network  interface  addresses that this system
               receives mail on.  You need to stop and start Post-
               fix when this parameter changes.
 
-Resource controls
-       default_process_limit
+Resource controls
+       default_process_limit
               Default  limit for the number of simultaneous child
               processes that provide a given service.
 
-       max_idle
+       max_idle
               Limit the time in  seconds  that  a  child  process
               waits between service requests.
 
-       max_use
+       max_use
               Limit  the  number of service requests handled by a
               child process.
 
-       service_throttle_time
+       service_throttle_time
               Time to avoid forking a server that appears  to  be
               broken.
 
@@ -140,7 +140,7 @@ MASTER(8)                                               MASTER(8)
        /etc/postfix/master.cf: master process configuration file.
        /var/spool/postfix/pid/master.pid: master lock file.
 
-SEE ALSO
+SEE ALSO
        qmgr(8) queue manager
        pickup(8) local mail pickup
        syslogd(8) system logging
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index a6ebcb31a..f9fe0ab72 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -1,4 +1,4 @@
-    
+  
 SMTP(8)                                                   SMTP(8)
 
 NAME
@@ -52,7 +52,7 @@ SMTP(8)                                                   SMTP(8)
        rupted message files are marked so that the queue  manager
        can move them to the corrupt queue for further inspection.
 
-       Depending on the setting of the notify_classes  parameter,
+       Depending on the setting of the notify_classes  parameter,
        the  postmaster is notified of bounces, protocol problems,
        and of other trouble.
 
@@ -64,140 +64,140 @@ SMTP(8)                                                   SMTP(8)
        command after a configuration change.
 
 Miscellaneous
-       best_mx_transport
+       best_mx_transport
               Name  of  the  delivery  transport  to use when the
               local machine is the most-preferred mail  exchanger
               (by  default,  a  mailer  loop is reported, and the
               message is bounced).
 
-       debug_peer_level
+       debug_peer_level
               Verbose logging  level  increment  for  hosts  that
-              match a pattern in the debug_peer_list parameter.
+              match a pattern in the debug_peer_list parameter.
 
-       debug_peer_list
+       debug_peer_list
               List  of  domain or network patterns. When a remote
               host matches a pattern, increase the  verbose  log-
               ging   level   by   the  amount  specified  in  the
-              debug_peer_level parameter.
+              debug_peer_level parameter.
 
-       disable_dns_lookups
+       disable_dns_lookups
               Disable DNS lookups. This means that mail  must  be
               forwarded via a smart relay host.
 
-       smtp_host_lookup
+       smtp_host_lookup
               What  host  lookup mechanism the SMTP client should
               use.  Specify dns (use DNS  lookup)  and/or  native
               (use  the  native  naming  service  which also uses
               /etc/hosts).  This  setting  is  ignored  when  DNS
               lookups are disabled.
 
-       error_notice_recipient
+       error_notice_recipient
               Recipient    of   protocol/policy/resource/software
               error notices.
 
-       fallback_relay
+       fallback_relay
               Hosts to hand off mail to if a message  destination
               is not found or if a destination is unreachable.
 
-       ignore_mx_lookup_error
+       ignore_mx_lookup_error
               When a name server fails to respond to an MX query,
               search for an A record, instead of  deferring  mail
               delivery.
 
-       inet_interfaces
+       inet_interfaces
               The network interface addresses that this mail sys-
               tem receives mail on. When any of  those  addresses
               appears in the list of mail exchangers for a remote
               destination, the list is truncated  to  avoid  mail
-              delivery  loops.   See  also  the  proxy_interfaces
+              delivery  loops.   See  also  the  proxy_interfaces
               parameter.
 
-       notify_classes
+       notify_classes
               When this parameter includes  the  protocol  class,
               send  mail  to  the  postmaster with transcripts of
               SMTP sessions with protocol errors.
 
-       proxy_interfaces
+       proxy_interfaces
               Network interfaces that this mail  system  receives
               mail on by way of a proxy or network address trans-
               lator. When any of those addresses appears  in  the
               list  of  mail exchangers for a remote destination,
               the list is truncated to avoid mail delivery loops.
-              See also the inet_interfaces parameter.
+              See also the inet_interfaces parameter.
 
-       smtp_always_send_ehlo
+       smtp_always_send_ehlo
               Always send EHLO at the start of a connection.
 
-       smtp_never_send_ehlo
+       smtp_never_send_ehlo
               Never send EHLO at the start of a connection.
 
-       smtp_bind_address
+       smtp_bind_address
               Numerical  source  network  address to bind to when
               making a connection.
 
-       smtp_line_length_limit
+       smtp_line_length_limit
               Length limit for SMTP message content  lines.  Zero
               means  no  limit.   Some  SMTP servers misbehave on
               long lines.
 
-       smtp_helo_name
+       smtp_helo_name
               The hostname to be used in HELO and EHLO  commands.
 
-       smtp_quote_rfc821_envelope
+       smtp_quote_rfc821_envelope
               Whether  or  not  to  quote  MAIL  FROM and RCPT TO
               addresses as per the rules laid out in RFC 821.
 
-       smtp_skip_4xx_greeting
+       smtp_skip_4xx_greeting
               Skip servers that greet us with a 4xx status  code.
 
-       smtp_skip_5xx_greeting
+       smtp_skip_5xx_greeting
               Skip  servers that greet us with a 5xx status code.
 
-       smtp_skip_quit_response
+       smtp_skip_quit_response
               Do not wait for the server response  after  sending
               QUIT.
 
-       smtp_pix_workaround_delay_time
+       smtp_pix_workaround_delay_time
               The  time  to pause before sending .<CR><LF>, while
               working   around    the    CISCO    PIX    firewall
               <CR><LF>.<CR><LF> bug.
 
-       smtp_pix_workaround_threshold_time
+       smtp_pix_workaround_threshold_time
               The  time a message must be queued before the CISCO
               PIX firewall <CR><LF>.<CR><LF>  bug  workaround  is
               turned on.
 
 MIME Conversion
-       disable_mime_output_conversion
+       disable_mime_output_conversion
               Disable  the  conversion of 8BITMIME format to 7BIT
               format when the remote system  does  not  advertise
               8BITMIME support.
 
-       mime_boundary_length_limit
+       mime_boundary_length_limit
               The amount of space that will be allocated for MIME
               multipart boundary strings. The MIME  processor  is
               unable to distinguish between boundary strings that
-              do   not   differ   in   the   first   $mime_bound-
-              ary_length_limit characters.
+              do   not   differ   in   the   first   $mime_bound-
+              ary_length_limit characters.
 
-       mime_nesting_limit
+       mime_nesting_limit
               The  maximal  nesting  level of multipart mail that
               the MIME processor can handle. Refuse mail that  is
               nested deeper, when converting from 8BITMIME format
               to 7BIT format.
 
 Authentication controls
-       smtp_sasl_auth_enable
+       smtp_sasl_auth_enable
               Enable per-session authentication as per  RFC  2554
               (SASL).   By default, Postfix is built without SASL
               support.
 
-       smtp_sasl_password_maps
+       smtp_sasl_password_maps
               Lookup tables with per-host or domain name:password
               entries.   No  entry for a host means no attempt to
               authenticate.
 
-       smtp_sasl_security_options
+       smtp_sasl_security_options
               Zero or more of the following.
 
               noplaintext
@@ -216,15 +216,15 @@ SMTP(8)                                                   SMTP(8)
                      Disallow anonymous logins.
 
 Resource controls
-       smtp_destination_concurrency_limit
+       smtp_destination_concurrency_limit
               Limit the number of parallel deliveries to the same
               destination.   The  default limit is taken from the
-              default_destination_concurrency_limit parameter.
+              default_destination_concurrency_limit parameter.
 
-       smtp_destination_recipient_limit
+       smtp_destination_recipient_limit
               Limit the number of recipients per  message  deliv-
               ery.    The   default   limit  is  taken  from  the
-              default_destination_recipient_limit parameter.
+              default_destination_recipient_limit parameter.
 
 Timeout controls
        The default time unit is seconds; an  explicit  time  unit
@@ -232,48 +232,55 @@ SMTP(8)                                                   SMTP(8)
        value: s (seconds), m (minutes), h (hours), d (days) or  w
        (weeks).
 
-       smtp_connect_timeout
+       smtp_connect_timeout
               Timeout  for  completing  a TCP connection. When no
               connection can be made  within  the  deadline,  the
               SMTP  client  tries  the  next  address on the mail
               exchanger list.
 
-       smtp_helo_timeout
+       smtp_helo_timeout
               Timeout for receiving  the  SMTP  greeting  banner.
               When  the server drops the connection without send-
               ing a greeting banner, or when it sends no greeting
               banner  within  the deadline, the SMTP client tries
               the next address on the mail exchanger list.
 
-       smtp_helo_timeout
+       smtp_helo_timeout
               Timeout for  sending  the  HELO  command,  and  for
               receiving the server response.
 
-       smtp_mail_timeout
+       smtp_mail_timeout
               Timeout  for sending the MAIL FROM command, and for
               receiving the server response.
 
-       smtp_rcpt_timeout
+       smtp_rcpt_timeout
               Timeout for sending the RCPT TO  command,  and  for
               receiving the server response.
 
-       smtp_data_init_timeout
+       smtp_data_init_timeout
               Timeout  for  sending  the  DATA  command,  and for
               receiving the server response.
 
-       smtp_data_xfer_timeout
+       smtp_data_xfer_timeout
               Timeout for sending the message content.
 
-       smtp_data_done_timeout
+       smtp_data_done_timeout
               Timeout  for  sending  the  "."  command,  and  for
               receiving  the server response. When no response is
               received, a warning is logged that the mail may  be
               delivered multiple times.
 
-       smtp_rset_timeout
+       smtp_defer_if_no_mx_address_found
+              If  no,  bounce mail when no MX host resolves to an
+              address (Postfix always ignores MX hosts with equal
+              or  worse  preference than the local MTA).  If yes,
+              keep trying until a suitable MX  host  resolves  or
+              until the mail is too old.
+
+       smtp_rset_timeout
               Timeout for sending the RSET command.
 
-       smtp_quit_timeout
+       smtp_quit_timeout
               Timeout  for  sending  the  QUIT  command,  and for
               receiving the server response.
 
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index b9e87a03e..8a615624f 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -166,10 +166,28 @@ SMTPD(8)                                                 SMTPD(8)
               restriction.
 
 Miscellaneous
-       authorized_verp_clients
+       smtpd_authorized_verp_clients
               Hostnames, domain names and/or addresses of clients
               that are authorized to use the XVERP extension.
 
+       smtpd_authorized_xaddr_clients
+              Hostnames, domain names and/or addresses of clients
+              that are  authorized  to  use  the  "XADDR  client-
+              address  client-name"  command.  This changes Post-
+              fix's idea of the SMTP client IP address and  host-
+              name for access control and for logging purposes.
+
+       smtpd_authorized_xloginfo_clients
+              Hostnames, domain names and/or addresses of clients
+              that are authorized to use  the  "XLOGINFO  client-
+              address  client-name"  command.   This  changes the
+              client name and address that are used for  logging,
+              without  affecting  the client IP address and host-
+              name that are used for access control.  XLOGINFO is
+              typically  used to propagate remote client informa-
+              tion through an SMTP-based content  filter  to  the
+              after-filter SMTP server.
+
        debug_peer_level
               Increment  in  verbose  logging level when a remote
               host  matches  a  pattern  in  the  debug_peer_list
@@ -275,7 +293,8 @@ SMTPD(8)                                                 SMTPD(8)
        queue_minfree
               Minimal amount of free space in bytes in the  queue
               file  system for the SMTP server to accept any mail
-              at all.
+              at  all  (default:  twice  the   message_size_limit
+              value).
 
        smtpd_history_flush_threshold
               Flush  the  command  history  to  postmaster  after
@@ -289,17 +308,17 @@ SMTPD(8)                                                 SMTPD(8)
 
        smtpd_soft_error_limit
               When an SMTP client has made this number of errors,
-              wait error_count seconds before responding  to  any
+              wait  error_count  seconds before responding to any
               client request.
 
        smtpd_hard_error_limit
-              Disconnect  after  a client has made this number of
+              Disconnect after a client has made this  number  of
               errors.
 
        smtpd_junk_command_limit
               Limit the number of times a client can issue a junk
-              command  such  as  NOOP,  VRFY, ETRN or RSET in one
-              SMTP session before it  is  penalized  with  tarpit
+              command such as NOOP, VRFY, ETRN  or  RSET  in  one
+              SMTP  session  before  it  is penalized with tarpit
               delays.
 
 Delegated policy
@@ -308,17 +327,17 @@ SMTPD(8)                                                 SMTPD(8)
               receiving from a delegated SMTPD policy server.
 
        smtpd_policy_service_max_idle
-              Time after which an  unused  SMTPD  policy  service
+              Time  after  which  an  unused SMTPD policy service
               connection is closed.
 
        smtpd_policy_service_timeout
-              Time  after  which  an  active SMTPD policy service
+              Time after which an  active  SMTPD  policy  service
               connection is closed.
 
 UCE control restrictions
        parent_domain_matches_subdomains
-              List of Postfix features that use  domain.tld  pat-
-              terns   to  match  sub.domain.tld  (as  opposed  to
+              List  of  Postfix features that use domain.tld pat-
+              terns  to  match  sub.domain.tld  (as  opposed   to
               requiring .domain.tld patterns).
 
        smtpd_client_restrictions
@@ -326,19 +345,19 @@ SMTPD(8)                                                 SMTPD(8)
               tem.
 
        smtpd_helo_required
-              Require  that  clients  introduce themselves at the
+              Require that clients introduce  themselves  at  the
               beginning of an SMTP session.
 
        smtpd_helo_restrictions
-              Restrict what client hostnames are allowed in  HELO
+              Restrict  what client hostnames are allowed in HELO
               and EHLO commands.
 
        smtpd_sender_restrictions
-              Restrict  what sender addresses are allowed in MAIL
+              Restrict what sender addresses are allowed in  MAIL
               FROM commands.
 
        smtpd_recipient_restrictions
-              Restrict what recipient addresses  are  allowed  in
+              Restrict  what  recipient  addresses are allowed in
               RCPT TO commands.
 
        smtpd_etrn_restrictions
@@ -346,96 +365,96 @@ SMTPD(8)                                                 SMTPD(8)
               mands, and what clients may issue ETRN commands.
 
        smtpd_data_restrictions
-              Restrictions on the DATA  command.  Currently,  the
-              only   restriction   that   makes   sense  here  is
+              Restrictions  on  the  DATA command. Currently, the
+              only  restriction  that   makes   sense   here   is
               reject_unauth_pipelining.
 
        allow_untrusted_routing
-              Allow untrusted clients to specify  addresses  with
-              sender-specified  routing.   Enabling this opens up
-              nasty relay loopholes involving trusted  backup  MX
+              Allow  untrusted  clients to specify addresses with
+              sender-specified routing.  Enabling this  opens  up
+              nasty  relay  loopholes involving trusted backup MX
               hosts.
 
        smtpd_restriction_classes
-              Declares  the  name of zero or more parameters that
-              contain a list of UCE restrictions.  The  names  of
-              these  parameters  can  then be used instead of the
+              Declares the name of zero or more  parameters  that
+              contain  a  list  of UCE restrictions. The names of
+              these parameters can then be used  instead  of  the
               restriction lists that they represent.
 
        smtpd_null_access_lookup_key
-              The lookup key to be used in  SMTPD  access  tables
-              instead  of  the null sender address. A null sender
+              The  lookup  key  to be used in SMTPD access tables
+              instead of the null sender address. A  null  sender
               address cannot be looked up.
 
        maps_rbl_domains (deprecated)
-              List of DNS domains that publish the  addresses  of
+              List  of  DNS domains that publish the addresses of
               blacklisted hosts. This is used with the deprecated
               reject_maps_rbl restriction.
 
        permit_mx_backup_networks
-              Only domains  whose  primary  MX  hosts  match  the
-              listed   networks   are   eligible   for  the  per-
+              Only  domains  whose  primary  MX  hosts  match the
+              listed  networks  are   eligible   for   the   per-
               mit_mx_backup feature.
 
        relay_domains
-              Restrict what domains this mail system  will  relay
-              mail  to.  The  domains  are routed to the delivery
+              Restrict  what  domains this mail system will relay
+              mail to. The domains are  routed  to  the  delivery
               agent specified with the relay_transport setting.
 
 Sender/recipient address verification
        Address verification is implemented by sending probe email
-       messages  that  are not actually delivered, and is enabled
-       via   the   reject_unverified_{sender,recipient}    access
-       restriction.   The  status of verification probes is main-
+       messages that are not actually delivered, and  is  enabled
+       via    the   reject_unverified_{sender,recipient}   access
+       restriction.  The status of verification probes  is  main-
        tained by the address verification service.
 
        address_verify_poll_count
-              How many times to query  the  address  verification
-              service  for  completion of an address verification
-              request.  Specify 1 to implement a simple  form  of
-              greylisting,  that is, always defer the request for
+              How  many  times  to query the address verification
+              service for completion of an  address  verification
+              request.   Specify  1 to implement a simple form of
+              greylisting, that is, always defer the request  for
               a new sender or recipient address.
 
        address_verify_poll_delay
-              Time to wait after querying the  address  verifica-
+              Time  to  wait after querying the address verifica-
               tion service for completion of an address verifica-
               tion request.
 
 UCE control responses
        access_map_reject_code
-              Response code when  a  client  violates  an  access
+              Response  code  when  a  client  violates an access
               database restriction.
 
        default_rbl_reply
               Default template reply when a request is RBL black-
-              listed.  This template is used by the  reject_rbl_*
-              and    reject_rhsbl_*   restrictions.   See   also:
+              listed.   This template is used by the reject_rbl_*
+              and   reject_rhsbl_*   restrictions.   See    also:
               rbl_reply_maps and smtpd_expansion_filter.
 
        defer_code
-              Response code when a client request is rejected  by
+              Response  code when a client request is rejected by
               the defer restriction.
 
        invalid_hostname_reject_code
-              Response   code   when   a   client   violates  the
+              Response  code   when   a   client   violates   the
               reject_invalid_hostname restriction.
 
        maps_rbl_reject_code
               Response code when a request is RBL blacklisted.
 
        multi_recipient_bounce_reject_code
-              Response code  when  a  multi-recipient  bounce  is
+              Response  code  when  a  multi-recipient  bounce is
               blocked.
 
        rbl_reply_maps
-              Table  with  template responses for RBL blacklisted
-              requests, indexed by RBL domain  name.  These  tem-
+              Table with template responses for  RBL  blacklisted
+              requests,  indexed  by  RBL domain name. These tem-
               plates   are   used   by   the   reject_rbl_*   and
-              reject_rhsbl_*     restrictions.     See      also:
+              reject_rhsbl_*      restrictions.     See     also:
               default_rbl_reply and smtpd_expansion_filter.
 
        reject_code
-              Response  code  when  the  client  matches a reject
+              Response code when  the  client  matches  a  reject
               restriction.
 
        relay_domains_reject_code
@@ -443,7 +462,7 @@ SMTPD(8)                                                 SMTPD(8)
               mail relay policy.
 
        unknown_address_reject_code
-              Response   code   when   a   client   violates  the
+              Response  code   when   a   client   violates   the
               reject_unknown_address restriction.
 
        unknown_client_reject_code
@@ -452,15 +471,15 @@ SMTPD(8)                                                 SMTPD(8)
               tion.
 
        unknown_hostname_reject_code
-              Response  code   when   a   client   violates   the
+              Response   code   when   a   client   violates  the
               reject_unknown_hostname restriction.
 
        unverified_sender_reject_code
-              Response  code when a sender address is known to be
+              Response code when a sender address is known to  be
               undeliverable.
 
        unverified_recipient_reject_code
-              Response code when a recipient address is known  to
+              Response  code when a recipient address is known to
               be undeliverable.
 
 SEE ALSO
@@ -471,7 +490,7 @@ SMTPD(8)                                                 SMTPD(8)
        verify(8) address verification service
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 4f751864b..4d5495fcf 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -225,6 +225,12 @@ Timeout for sending the message content.
 Timeout for sending the "\fB.\fR" command, and for
 receiving the server response. When no response is received, a
 warning is logged that the mail may be delivered multiple times.
+.IP \fBsmtp_defer_if_no_mx_address_found\fR
+If no, bounce mail when no MX host resolves to an address
+(Postfix always ignores MX hosts with equal or worse preference
+than the local MTA).
+If yes, keep trying until a suitable MX host resolves or until
+the mail is too old.
 .IP \fBsmtp_rset_timeout\fR
 Timeout for sending the \fBRSET\fR command.
 .IP \fBsmtp_quit_timeout\fR
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 71ba43107..585c8c36f 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -154,9 +154,23 @@ anti-spoofing restriction.
 .SH Miscellaneous
 .ad
 .fi
-.IP \fBauthorized_verp_clients\fR
+.IP \fBsmtpd_authorized_verp_clients\fR
 Hostnames, domain names and/or addresses of clients that are
 authorized to use the XVERP extension.
+.IP \fBsmtpd_authorized_xaddr_clients\fR
+Hostnames, domain names and/or addresses of clients that are
+authorized to use the "XADDR client-address client-name" command.
+This changes Postfix's
+idea of the SMTP client IP address and hostname for access
+control and for logging purposes.
+.IP \fBsmtpd_authorized_xloginfo_clients\fR
+Hostnames, domain names and/or addresses of clients that are
+authorized to use the "XLOGINFO client-address client-name" command.
+This changes the client
+name and address that are used for logging, without affecting the
+client IP address and hostname that are used for access control.
+XLOGINFO is typically used to propagate remote client information
+through an SMTP-based content filter to the after-filter SMTP server.
 .IP \fBdebug_peer_level\fR
 Increment in verbose logging level when a remote host matches a
 pattern in the \fBdebug_peer_list\fR parameter.
@@ -233,7 +247,8 @@ Limit the total size in bytes of a message, including on-disk
 storage for envelope information.
 .IP \fBqueue_minfree\fR
 Minimal amount of free space in bytes in the queue file system
-for the SMTP server to accept any mail at all.
+for the SMTP server to accept any mail at all (default: twice
+the \fBmessage_size_limit\fR value).
 .IP \fBsmtpd_history_flush_threshold\fR
 Flush the command history to postmaster after receipt of RSET etc.
 only if the number of history lines exceeds the given threshold.
diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c
index e7816e442..2b1ecec2b 100644
--- a/postfix/src/dns/dns_lookup.c
+++ b/postfix/src/dns/dns_lookup.c
@@ -169,7 +169,8 @@ static int dns_query(const char *name, int type, int flags,
     len = res_search((char *) name, C_IN, type, reply->buf, sizeof(reply->buf));
     if (len < 0) {
 	if (why)
-	    vstring_sprintf(why, "Name service error for name=%s type=%s: %s",
+	    vstring_sprintf(why, "Host or domain name not found. "
+			    "Name service error for name=%s type=%s: %s",
 			    name, dns_strtype(type), dns_strerror(h_errno));
 	if (msg_verbose)
 	    msg_info("dns_query: %s (%s): %s",
diff --git a/postfix/src/global/mail_addr_map.c b/postfix/src/global/mail_addr_map.c
index 7d05d0a88..df6237ec6 100644
--- a/postfix/src/global/mail_addr_map.c
+++ b/postfix/src/global/mail_addr_map.c
@@ -30,6 +30,8 @@
 /* .IP address
 /*	The address to be looked up.
 /* DIAGNOSTICS
+/*	Warnings: map lookup returns a non-address result.
+/*
 /*	The global \fIdict_errno\fR is non-zero when the lookup
 /*	should be tried again.
 /* SEE ALSO
@@ -114,6 +116,12 @@ ARGV   *mail_addr_map(MAPS *path, const char *address, int propagate)
 	if (msg_verbose)
 	    for (i = 0; i < argv->argc; i++)
 		msg_info("%s: %s -> %d: %s", myname, address, i, argv->argv[i]);
+	if (argv->argc == 0) {
+	    msg_warn("%s lookup of %s returns non-address result \"%s\"",
+		     path->title, address, string);
+	    argv = argv_free(argv);
+	    dict_errno = DICT_ERR_RETRY;
+	}
     }
 
     /*
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 3a035f14e..af146e1c3 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -177,7 +177,7 @@ extern bool var_disable_dns;
 #define SMTP_HOST_LOOKUP_NATIVE	"native"
 
 #define VAR_SMTP_HOST_LOOKUP	"smtp_host_lookup"
-#define DEF_SMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS "," SMTP_HOST_LOOKUP_NATIVE
+#define DEF_SMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS
 extern int var_smtp_dns_lookup;
 
  /*
@@ -837,6 +837,10 @@ extern int var_smtp_pix_thresh;
 #define DEF_SMTP_PIX_DELAY	"10s"
 extern int var_smtp_pix_delay;
 
+#define VAR_SMTP_DEFER_MXADDR	"smtp_defer_if_no_mx_address_found"
+#define DEF_SMTP_DEFER_MXADDR	0
+extern bool var_smtp_defer_mxaddr;
+
  /*
   * SMTP server. The soft error limit determines how many errors an SMTP
   * client may make before we start to slow down; the hard error limit
@@ -1558,10 +1562,21 @@ extern char *var_verp_filter;
 #define DEF_VERP_BOUNCE_OFF		0
 extern bool var_verp_bounce_off;
 
-#define VAR_VERP_CLIENTS		"authorized_verp_clients"
-#define DEF_VERP_CLIENTS		"$mynetworks"
+#define VAR_VERP_CLIENTS		"smtpd_authorized_verp_clients"
+#define DEF_VERP_CLIENTS		"$authorized_verp_clients"
 extern char *var_verp_clients;
 
+ /*
+  * XADDR.
+  */
+#define VAR_XADDR_CLIENTS		"smtpd_authorized_xaddr_clients"
+#define DEF_XADDR_CLIENTS		""
+extern char *var_xaddr_clients;
+
+#define VAR_XLOGINFO_CLIENTS		"smtpd_authorized_xloginfo_clients"
+#define DEF_XLOGINFO_CLIENTS		""
+extern char *var_xloginfo_clients;
+
  /*
   * Inbound mail flow control. This allows for a stiffer coupling between
   * receiving mail and sending mail. A sending process produces one token for
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index c79c8fa98..5c6b6ce10 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only, unless they include the same bugfix as a patch release.
   */
-#define MAIL_RELEASE_DATE	"20030921"
+#define MAIL_RELEASE_DATE	"20031022"
 
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	"2.0.16-" MAIL_RELEASE_DATE
diff --git a/postfix/src/global/maps.c b/postfix/src/global/maps.c
index ae345e3ea..8df010706 100644
--- a/postfix/src/global/maps.c
+++ b/postfix/src/global/maps.c
@@ -56,7 +56,7 @@
 /*	sensitive.
 /* DIAGNOSTICS
 /*	Panic: inappropriate use; fatal errors: out of memory, unable
-/*	to open database.
+/*	to open database. Warnings: null string lookup result.
 /*
 /*	maps_find() returns a null pointer when the requested
 /*	information was not found. The global \fIdict_errno\fR
@@ -171,6 +171,14 @@ const char *maps_find(MAPS *maps, const char *name, int flags)
 	if (flags != 0 && (dict->flags & flags) == 0)
 	    continue;
 	if ((expansion = dict_get(dict, name)) != 0) {
+	    if (*expansion == 0) {
+		msg_warn("%s lookup of %s returns an empty string result",
+			 maps->title, name);
+		msg_warn("%s should return NO RESULT in case of NOT FOUND",
+			 maps->title);
+		dict_errno = DICT_ERR_RETRY;
+		return (0);
+	    }
 	    if (msg_verbose)
 		msg_info("%s: %s: %s: %s = %s", myname, maps->title,
 			 *map_name, name, expansion);
diff --git a/postfix/src/local/alias.c b/postfix/src/local/alias.c
index 14b51eac9..b4fa86859 100644
--- a/postfix/src/local/alias.c
+++ b/postfix/src/local/alias.c
@@ -283,6 +283,10 @@ int     deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr,
 		msg_warn("mailing list \"%s\" needs an \"owner-%s\" alias",
 			 name, name);
 #endif
+	    if (alias_count < 1)
+		*statusp = defer_append(BOUNCE_FLAGS(state.request),
+					BOUNCE_ATTR(state.msg_attr),
+					"no recipient in alias lookup result");
 	    myfree(expansion);
 	    if (owner)
 		myfree(owner);
diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c
index e4b29c6e9..a405fee70 100644
--- a/postfix/src/master/master.c
+++ b/postfix/src/master/master.c
@@ -323,8 +323,8 @@ int     main(int argc, char **argv)
     clean_env(import_env->argv);
     argv_free(import_env);
 
-    if ((inherited_limit = get_file_limit()) < (off_t) INT_MAX)
-	set_file_limit(INT_MAX);
+    if ((inherited_limit = get_file_limit()) < 0)
+	set_file_limit(OFF_T_MAX);
 
     if (chdir(var_queue_dir))
 	msg_fatal("chdir %s: %m", var_queue_dir);
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index cd48b8bf7..b1324c835 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -76,7 +76,7 @@
 /*	Disable DNS lookups. This means that mail must be forwarded
 /*	via a smart relay host.
 /* .IP \fBsmtp_host_lookup\fR
-/*	What host lookup mechanism the SMTP client should use. 
+/*	What host lookup mechanism the SMTP client should use.
 /*	Specify \fBdns\fR (use DNS lookup) and/or \fBnative\fR
 /*	(use the native naming service which also uses /etc/hosts).
 /*	This setting is ignored when DNS lookups are disabled.
@@ -209,6 +209,12 @@
 /*	Timeout for sending the "\fB.\fR" command, and for
 /*	receiving the server response. When no response is received, a
 /*	warning is logged that the mail may be delivered multiple times.
+/* .IP \fBsmtp_defer_if_no_mx_address_found\fR
+/*	If no, bounce mail when no MX host resolves to an address
+/*	(Postfix always ignores MX hosts with equal or worse preference
+/*	than the local MTA).
+/*	If yes, keep trying until a suitable MX host resolves or until
+/*	the mail is too old.
 /* .IP \fBsmtp_rset_timeout\fR
 /*	Timeout for sending the \fBRSET\fR command.
 /* .IP \fBsmtp_quit_timeout\fR
@@ -297,7 +303,8 @@ int     var_smtp_pix_delay;
 int     var_smtp_line_limit;
 char   *var_smtp_helo_name;
 char   *var_smtp_host_lookup;
-int     var_smtp_quote_821_env;
+bool    var_smtp_quote_821_env;
+bool    var_smtp_defer_mxaddr;
 
  /*
   * Global variables. smtp_errno is set by the address lookup routines and by
@@ -510,6 +517,7 @@ int     main(int argc, char **argv)
 	VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable,
 	VAR_SMTP_RAND_ADDR, DEF_SMTP_RAND_ADDR, &var_smtp_rand_addr,
 	VAR_SMTP_QUOTE_821_ENV, DEF_SMTP_QUOTE_821_ENV, &var_smtp_quote_821_env,
+	VAR_SMTP_DEFER_MXADDR, DEF_SMTP_DEFER_MXADDR, &var_smtp_defer_mxaddr,
 	0,
     };
 
diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index 021496b3e..123b4cb53 100644
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -408,7 +408,8 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why, int *found_myself)
 	addr_list = smtp_addr_list(mx_names, why);
 	dns_rr_free(mx_names);
 	if (addr_list == 0) {
-	    smtp_errno = SMTP_RETRY;
+	    if (var_smtp_defer_mxaddr)
+		smtp_errno = SMTP_RETRY;
 	    msg_warn("no MX host for %s has a valid A record", name);
 	    break;
 	}
diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c
index 53fcd9e44..024d78e19 100644
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@@ -368,7 +368,7 @@ int     smtp_xfer(SMTP_STATE *state)
     int     except;
     int     rec_type;
     int     prev_type = 0;
-    int     sndbufsize;
+    int     sndbufsize = 0;
     int     sndbuffree;
     SOCKOPT_SIZE optlen = sizeof(sndbufsize);
     int     mail_from_rejected;
@@ -443,6 +443,12 @@ int     smtp_xfer(SMTP_STATE *state)
 	    msg_fatal("%s: getsockopt: %m", myname);
 	if (sndbufsize > VSTREAM_BUFSIZE)
 	    sndbufsize = VSTREAM_BUFSIZE;
+	if (sndbufsize == 0) {
+	    sndbufsize = VSTREAM_BUFSIZE;
+	    if (setsockopt(vstream_fileno(state->session->stream), SOL_SOCKET,
+			   SO_SNDBUF, (char *) &sndbufsize, optlen) < 0)
+		msg_fatal("%s: setsockopt: %m", myname);
+	}
 	if (msg_verbose)
 	    msg_info("Using ESMTP PIPELINING, TCP send buffer size is %d",
 		     sndbufsize);
@@ -658,7 +664,7 @@ int     smtp_xfer(SMTP_STATE *state)
 				&& sent(DEL_REQ_TRACE_FLAGS(request->flags),
 					request->queue_id, rcpt->orig_addr,
 					rcpt->address, rcpt->offset,
-					session->namaddr, request->arrival_time,
+				    session->namaddr, request->arrival_time,
 					"%s",
 				     translit(resp->str, "\n", " ")) == 0) {
 				if (request->flags & DEL_REQ_FLAG_SUCCESS)
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index df570de89..add76b4b6 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -140,9 +140,23 @@
 /* .SH Miscellaneous
 /* .ad
 /* .fi
-/* .IP \fBauthorized_verp_clients\fR
+/* .IP \fBsmtpd_authorized_verp_clients\fR
 /*	Hostnames, domain names and/or addresses of clients that are
 /*	authorized to use the XVERP extension.
+/* .IP \fBsmtpd_authorized_xaddr_clients\fR
+/*	Hostnames, domain names and/or addresses of clients that are
+/*	authorized to use the "XADDR client-address client-name" command.
+/*	This changes Postfix's
+/*	idea of the SMTP client IP address and hostname for access
+/*	control and for logging purposes.
+/* .IP \fBsmtpd_authorized_xloginfo_clients\fR
+/*	Hostnames, domain names and/or addresses of clients that are
+/*	authorized to use the "XLOGINFO client-address client-name" command.
+/*	This changes the client
+/*	name and address that are used for logging, without affecting the
+/*	client IP address and hostname that are used for access control.
+/*	XLOGINFO is typically used to propagate remote client information
+/*	through an SMTP-based content filter to the after-filter SMTP server.
 /* .IP \fBdebug_peer_level\fR
 /*	Increment in verbose logging level when a remote host matches a
 /*	pattern in the \fBdebug_peer_list\fR parameter.
@@ -219,7 +233,8 @@
 /*	storage for envelope information.
 /* .IP \fBqueue_minfree\fR
 /*	Minimal amount of free space in bytes in the queue file system
-/*	for the SMTP server to accept any mail at all.
+/*	for the SMTP server to accept any mail at all (default: twice
+/*	the \fBmessage_size_limit\fR value).
 /* .IP \fBsmtpd_history_flush_threshold\fR
 /*	Flush the command history to postmaster after receipt of RSET etc.
 /*	only if the number of history lines exceeds the given threshold.
@@ -527,6 +542,8 @@ char   *var_input_transp;
 int     var_smtpd_policy_tmout;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
+char   *var_xaddr_clients;
+char   *var_xloginfo_clients;
 
  /*
   * Silly little macros.
@@ -542,6 +559,18 @@ int     var_smtpd_policy_ttl;
 
 static NAMADR_LIST *verp_clients;
 
+ /*
+  * XADDR command.
+  */
+#define XADDR_CMD		"XADDR"
+
+static NAMADR_LIST *xaddr_clients;
+
+ /*
+  * XLOGINFO command.
+  */
+static NAMADR_LIST *xloginfo_clients;
+
  /*
   * Other application-specific globals.
   */
@@ -682,6 +711,10 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 #endif
     if (namadr_list_match(verp_clients, state->name, state->addr))
 	smtpd_chat_reply(state, "250-%s", VERP_CMD);
+    if (namadr_list_match(xaddr_clients, state->name, state->addr))
+	smtpd_chat_reply(state, "250-%s", XADDR_CMD);
+    if (namadr_list_match(xloginfo_clients, state->name, state->addr))
+	smtpd_chat_reply(state, "250-%s", XLOGINFO_CMD);
     smtpd_chat_reply(state, "250 8BITMIME");
     return (0);
 }
@@ -759,7 +792,7 @@ static void mail_open_stream(SMTPD_STATE *state, SMTPD_TOKEN *argv,
 	smtpd_sasl_mail_log(state);
     else
 #endif
-	msg_info("%s: client=%s[%s]", state->queue_id, state->name, state->addr);
+	msg_info("%s: client=%s", state->queue_id, state->namaddr);
 
     /*
      * Record the time of arrival, the sender envelope address, some session
@@ -1586,6 +1619,80 @@ static int quit_cmd(SMTPD_STATE *state, int unused_argc, SMTPD_TOKEN *unused_arg
     return (0);
 }
 
+/* xaddr_cmd - process XADDR */
+
+static int xaddr_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
+{
+
+    /*
+     * Sanity checks.
+     */
+    if (namadr_list_match(xaddr_clients, state->name, state->addr) == 0) {
+	state->error_mask |= MAIL_ERROR_POLICY;
+	smtpd_chat_reply(state, "554 Error: insufficient authorization");
+	return (-1);
+    }
+    /* Todo: "XADDR address" to let Postfix look up the client name. */
+    if (argc != 3
+	|| !valid_hostaddr(argv[1].strval, DONT_GRIPE)
+	|| !valid_hostname(argv[2].strval, DONT_GRIPE)) {
+	state->error_mask |= MAIL_ERROR_PROTOCOL;
+	smtpd_chat_reply(state, "501 Syntax: %s address hostname", XADDR_CMD);
+	return (-1);
+    }
+
+    /*
+     * Change peer information for logging and for access control. Change a
+     * numerical hostname into "unknown", to make it easy to extract client
+     * information from Received: headers.
+     */
+#define FIX_NUMERICAL_NAME(s) \
+	(valid_hostaddr((s), DONT_GRIPE) ?  "unknown" : (s))
+
+    smtpd_peer_reset(state);
+    state->name = mystrdup(FIX_NUMERICAL_NAME(argv[2].strval));
+    state->addr = mystrdup(argv[1].strval);
+    state->namaddr =
+	concatenate(state->name, "[", state->addr, "]", (char *) 0);
+    state->peer_code = strcmp(state->name, "unknown") ? 2 : 5;
+    smtpd_chat_reply(state, "250 Ok");
+    return (0);
+}
+
+/* xloginfo_cmd - process XLOGINFO */
+
+static int xloginfo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
+{
+    char   *cp;
+
+    /*
+     * Sanity checks.
+     */
+    if (namadr_list_match(xloginfo_clients, state->name, state->addr) == 0) {
+	state->error_mask |= MAIL_ERROR_POLICY;
+	smtpd_chat_reply(state, "554 Error: insufficient authorization");
+	return (-1);
+    }
+    if (argc != 3
+	|| !valid_hostaddr(argv[1].strval, DONT_GRIPE)
+	|| !valid_hostname(argv[2].strval, DONT_GRIPE)) {
+	state->error_mask |= MAIL_ERROR_PROTOCOL;
+	smtpd_chat_reply(state, "501 Syntax: %s address hostname", XLOGINFO_CMD);
+	return (-1);
+    }
+
+    /*
+     * Change peer information for logging but not for access control. Change
+     * a numerical hostname into "unknown", for consistency with XADDR.
+     */
+    myfree(state->namaddr);
+    state->namaddr =
+	concatenate(FIX_NUMERICAL_NAME(argv[2].strval),
+		    "[", argv[1].strval, "]", (char *) 0);
+    smtpd_chat_reply(state, "250 Ok");
+    return (0);
+}
+
 /* chat_reset - notify postmaster and reset conversation log */
 
 static void chat_reset(SMTPD_STATE *state, int threshold)
@@ -1637,6 +1744,8 @@ static SMTPD_CMD smtpd_cmd_table[] = {
     "VRFY", vrfy_cmd, SMTPD_CMD_FLAG_LIMIT,
     "ETRN", etrn_cmd, SMTPD_CMD_FLAG_LIMIT,
     "QUIT", quit_cmd, 0,
+    "XADDR", xaddr_cmd, SMTPD_CMD_FLAG_LIMIT,
+    "XLOGINFO", xloginfo_cmd, SMTPD_CMD_FLAG_LIMIT,
     "Received:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
     "Reply-To:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
     "Message-ID:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
@@ -1849,6 +1958,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
      */
     smtpd_noop_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_noop_cmds);
     verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients);
+    xaddr_clients = namadr_list_init(MATCH_FLAG_NONE, var_xaddr_clients);
+    xloginfo_clients = namadr_list_init(MATCH_FLAG_NONE, var_xloginfo_clients);
     if (getuid() == 0 || getuid() == var_owner_uid)
 	smtpd_check_init();
     debug_peer_init();
@@ -1877,7 +1988,19 @@ static void post_jail_init(char *unused_name, char **unused_argv)
      * recipient checks, address mapping, header_body_checks?.
      */
     smtpd_input_transp_mask =
-    input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
+	input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
+
+    /*
+     * Sanity checks. The queue_minfree value should be at least as large as
+     * (process_limit * message_size_limit) but that is unpractical, so we
+     * arbitrarily pick a number and require twice the message size limit.
+     */
+    if (var_queue_minfree > 0
+	&& var_message_limit > 0
+	&& var_queue_minfree / 2 < var_message_limit)
+	msg_warn("%s(%lu) should be at least 2*%s(%lu)",
+		  VAR_QUEUE_MINFREE, (unsigned long) var_queue_minfree,
+		  VAR_MESSAGE_LIMIT, (unsigned long) var_message_limit);
 }
 
 /* main - the main program */
@@ -1965,6 +2088,8 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
 	VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
 	VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
+	VAR_XADDR_CLIENTS, DEF_XADDR_CLIENTS, &var_xaddr_clients, 0, 0,
+	VAR_XLOGINFO_CLIENTS, DEF_XLOGINFO_CLIENTS, &var_xloginfo_clients, 0, 0,
 	0,
     };
     static CONFIG_RAW_TABLE raw_table[] = {
diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h
index 8cc4e5ab5..40438248a 100644
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@@ -128,6 +128,11 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
   */
 extern int smtpd_input_transp_mask;
 
+ /*
+  * XLOGINFO command.
+  */
+#define XLOGINFO_CMD		"XLOGINFO"
+
 /* LICENSE
 /* .ad
 /* .fi
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 96bbe1ebf..368ee31a3 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -233,12 +233,12 @@
 /*	\fImessage_size_limit\fR configuration parameter. This is a
 /*	permanent error.
 /* .IP \(bu
-/*	The message would cause the available queue file system space
-/*	to drop below the bound specified with the \fImin_queue_free\fR
-/*	configuration parameter. This is a temporary error.
+/*	The available queue file system space is less than the amount
+/*	specified with the \fImin_queue_free\fR configuration parameter.
+/*	This is a temporary error.
 /* .IP \(bu
-/*	The message would use up more than half the available queue file
-/*	system space. This is a temporary error.
+/*	The available queue file system space is less than twice the
+/*	message size limit. This is a temporary error.
 /* .PP
 /*	smtpd_check_data() enforces generic restrictions after the
 /*	client has sent the DATA command.
@@ -2060,6 +2060,7 @@ static int check_domain_access(SMTPD_STATE *state, const char *table,
     char   *next;
     const char *value;
     DICT   *dict;
+    int     maybe_numerical = 1;
 
     if (msg_verbose)
 	msg_info("%s: %s", myname, domain);
@@ -2084,6 +2085,10 @@ static int check_domain_access(SMTPD_STATE *state, const char *table,
 	    if (dict_errno != 0)
 		msg_fatal("%s: table lookup problem", table);
 	}
+	/* Don't apply subdomain magic to numerical hostnames. */
+	if (maybe_numerical
+	    && (maybe_numerical = valid_hostaddr(domain, DONT_GRIPE)) != 0)
+	    break;
 	if ((next = strchr(name + 1, '.')) == 0)
 	    break;
 	if (access_parent_style == MATCH_FLAG_PARENT)
@@ -2252,6 +2257,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
      * Check the hostnames first, then the addresses.
      */
     for (server = server_list; server != 0; server = server->next) {
+	h_errno = 0;				/* XXX */
 	if ((hp = gethostbyname((char *) server->data)) == 0) {
 	    msg_warn("Unable to look up %s host %s for %s %s: %s",
 		     dns_strtype(type), (char *) server->data,
@@ -3793,17 +3799,17 @@ char   *smtpd_check_size(SMTPD_STATE *state, off_t size)
 				  "552 Message size exceeds fixed limit");
 	return (STR(error_text));
     }
+
     fsspace(".", &fsbuf);
     if (msg_verbose)
-	msg_info("%s: blocks %lu avail %lu min_free %lu size %lu",
+	msg_info("%s: blocks %lu avail %lu min_free %lu msg_size_limit %lu",
 		 myname,
 		 (unsigned long) fsbuf.block_size,
 		 (unsigned long) fsbuf.block_free,
 		 (unsigned long) var_queue_minfree,
-		 (unsigned long) size);
+		 (unsigned long) var_message_limit);
     if (BLOCKS(var_queue_minfree) >= fsbuf.block_free
-	|| BLOCKS(size) >= fsbuf.block_free - BLOCKS(var_queue_minfree)
-	|| BLOCKS(size) >= fsbuf.block_free / 2) {
+	|| BLOCKS(var_message_limit) >= fsbuf.block_free / 2) {
 	(void) smtpd_check_reject(state, MAIL_ERROR_RESOURCE,
 				  "452 Insufficient system storage");
 	return (STR(error_text));
diff --git a/postfix/src/smtpd/smtpd_check.ref b/postfix/src/smtpd/smtpd_check.ref
index 563260e4f..859e8b381 100644
--- a/postfix/src/smtpd/smtpd_check.ref
+++ b/postfix/src/smtpd/smtpd_check.ref
@@ -55,7 +55,8 @@ OK
 ./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found; proto=SMTP helo=
 450 : Helo command rejected: Host not found
 >>> helo spike.porcupine.org
-OK
+./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=
+554 : Helo command rejected: name server spike.porcupine.org
 >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access
 OK
 >>> helo random.bad.domain
diff --git a/postfix/src/smtpd/smtpd_check.ref2 b/postfix/src/smtpd/smtpd_check.ref2
index b7327232d..8b178fb40 100644
--- a/postfix/src/smtpd/smtpd_check.ref2
+++ b/postfix/src/smtpd/smtpd_check.ref2
@@ -55,7 +55,8 @@ OK
 ./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found; proto=SMTP helo=
 450 : Helo command rejected: Host not found
 >>> helo spike.porcupine.org
-OK
+./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=
+554 : Helo command rejected: name server spike.porcupine.org
 >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access
 OK
 >>> helo random.bad.domain
diff --git a/postfix/src/smtpd/smtpd_check.ref4 b/postfix/src/smtpd/smtpd_check.ref4
index a73b5a1fc..687827480 100644
--- a/postfix/src/smtpd/smtpd_check.ref4
+++ b/postfix/src/smtpd/smtpd_check.ref4
@@ -6,7 +6,7 @@
 >>> smtpd_delay_reject 0
 OK
 >>> #
->>> # Test the nex access map features
+>>> # Test the new access map features
 >>> #
 >>> sender_restrictions hash:./smtpd_check_access
 OK
diff --git a/postfix/src/smtpd/smtpd_check_access b/postfix/src/smtpd/smtpd_check_access
index 4e230914c..988a9d0ba 100644
--- a/postfix/src/smtpd/smtpd_check_access
+++ b/postfix/src/smtpd/smtpd_check_access
@@ -60,3 +60,4 @@ dunnotext@dunno.domain	dunno text
 topica.com		reject
 10.10.10.10		reject mail server 10.10.10.10
 spike.porcupine.org	reject name server spike.porcupine.org
+241			reject class E subnet
diff --git a/postfix/src/smtpd/smtpd_exp.in b/postfix/src/smtpd/smtpd_exp.in
index 10f514bd8..e31a39fd5 100644
--- a/postfix/src/smtpd/smtpd_exp.in
+++ b/postfix/src/smtpd/smtpd_exp.in
@@ -64,14 +64,15 @@ rcpt rname@rdomain
 # Check MX access
 #
 helo_restrictions check_helo_mx_access,hash:smtpd_check_access
-helo verisign-wildcard.com
+#helo verisign-wildcard.com
 helo verisign.com
 helo example.tld
 sender_restrictions check_sender_mx_access,hash:smtpd_check_access
-mail foo@verisign-wildcard.com
+mail foo@pls.net.au
+#mail foo@verisign-wildcard.com
 mail foo@verisign.com
 recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
-rcpt foo@verisign-wildcard.com
+#rcpt foo@verisign-wildcard.com
 rcpt foo@verisign.com
 rcpt foo@1.2.3.porcupine.org
 #
@@ -80,14 +81,14 @@ rcpt foo@1.2.3.porcupine.org
 helo_restrictions check_helo_ns_access,hash:smtpd_check_access
 helo email-publisher.com
 helo ns1.topica.com
-helo verisign-wildcard.com
+#helo verisign-wildcard.com
 helo example.tld
 sender_restrictions check_sender_ns_access,hash:smtpd_check_access
 mail foo@email-publisher.com
 mail foo@ns1.topica.com
-mail foo@verisign-wildcard.com
+#mail foo@verisign-wildcard.com
 recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
 rcpt foo@email-publisher.com
 rcpt foo@ns1.topica.com
-rcpt foo@verisign-wildcard.com
+#rcpt foo@verisign-wildcard.com
 rcpt foo@1.2.3.porcupine.org
diff --git a/postfix/src/smtpd/smtpd_exp.ref b/postfix/src/smtpd/smtpd_exp.ref
index d426f1df6..e9e825efe 100644
--- a/postfix/src/smtpd/smtpd_exp.ref
+++ b/postfix/src/smtpd/smtpd_exp.ref
@@ -114,26 +114,23 @@ OK
 >>> #
 >>> helo_restrictions check_helo_mx_access,hash:smtpd_check_access
 OK
->>> helo verisign-wildcard.com
-./smtpd_check: : reject: HELO from spike.porcupine.org[168.100.189.2]: 554 : Helo command rejected: Verisign wild-card; from= proto=SMTP helo=
-554 : Helo command rejected: Verisign wild-card
+>>> #helo verisign-wildcard.com
 >>> helo verisign.com
 OK
 >>> helo example.tld
-./smtpd_check: warning: Unable to look up MX host for example.tld
+./smtpd_check: warning: Unable to look up MX host for example.tld: Host not found
 OK
 >>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
 OK
->>> mail foo@verisign-wildcard.com
-./smtpd_check: : reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 : Sender address rejected: Verisign wild-card; from= proto=SMTP helo=
-554 : Sender address rejected: Verisign wild-card
+>>> mail foo@pls.net.au
+./smtpd_check: warning: numeric domain name in resource data of MX record for pls.net.au: 203.3.110.241
+OK
+>>> #mail foo@verisign-wildcard.com
 >>> mail foo@verisign.com
 OK
 >>> recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
 OK
->>> rcpt foo@verisign-wildcard.com
-./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: Verisign wild-card; from= to= proto=SMTP helo=
-554 : Recipient address rejected: Verisign wild-card
+>>> #rcpt foo@verisign-wildcard.com
 >>> rcpt foo@verisign.com
 OK
 >>> rcpt foo@1.2.3.porcupine.org
@@ -150,10 +147,9 @@ OK
 >>> helo ns1.topica.com
 ./smtpd_check: : reject: HELO from spike.porcupine.org[168.100.189.2]: 554 : Helo command rejected: Access denied; from= proto=SMTP helo=
 554 : Helo command rejected: Access denied
->>> helo verisign-wildcard.com
-OK
+>>> #helo verisign-wildcard.com
 >>> helo example.tld
-./smtpd_check: warning: Unable to look up NS host for example.tld
+./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
 OK
 >>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access
 OK
@@ -163,18 +159,16 @@ OK
 >>> mail foo@ns1.topica.com
 ./smtpd_check: : reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 : Sender address rejected: Access denied; from= proto=SMTP helo=
 554 : Sender address rejected: Access denied
->>> mail foo@verisign-wildcard.com
-OK
+>>> #mail foo@verisign-wildcard.com
 >>> recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
 OK
 >>> rcpt foo@email-publisher.com
-./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: Access denied; from= to= proto=SMTP helo=
+./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: Access denied; from= to= proto=SMTP helo=
 554 : Recipient address rejected: Access denied
 >>> rcpt foo@ns1.topica.com
-./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: Access denied; from= to= proto=SMTP helo=
+./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: Access denied; from= to= proto=SMTP helo=
 554 : Recipient address rejected: Access denied
->>> rcpt foo@verisign-wildcard.com
-OK
+>>> #rcpt foo@verisign-wildcard.com
 >>> rcpt foo@1.2.3.porcupine.org
-./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: name server spike.porcupine.org; from= to= proto=SMTP helo=
+./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 : Recipient address rejected: name server spike.porcupine.org; from= to= proto=SMTP helo=
 554 : Recipient address rejected: name server spike.porcupine.org
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index 5679f8b64..583c6ebcc 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -40,7 +40,7 @@
 /*	name->address mapping, client address not listed for hostname).
 /* .RE
 /* .PP
-/*	smtpd_peer_reset() releases memory allocate by smtpd_peer_init().
+/*	smtpd_peer_reset() releases memory allocated by smtpd_peer_init().
 /* LICENSE
 /* .ad
 /* .fi
diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c
index 0d00537d0..f7d2ae1bd 100644
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@@ -15,7 +15,7 @@
 /*		/* other fields... */
 /* .in -4
 /*	} SMTPD_STATE;
-/* 
+/*
 /*	int	smtpd_proxy_open(state, service, timeout, ehlo_name, mail_from)
 /*	SMTPD_STATE *state;
 /*	const char *service;
@@ -175,6 +175,8 @@ int     smtpd_proxy_open(SMTPD_STATE *state, const char *service,
 			         const char *mail_from)
 {
     int     fd;
+    char   *lines;
+    char   *line;
 
     /*
      * This buffer persists beyond the end of a proxy session so we can
@@ -225,6 +227,18 @@ int     smtpd_proxy_open(SMTPD_STATE *state, const char *service,
 	return (-1);
     }
 
+    /*
+     * Parse the EHLO reply and see if we can forward the client hostname and
+     * address info for logging purposes. If the command fails, then proceed.
+     * It is not the end of the world.
+     */
+    lines = STR(state->proxy_buffer);
+    while ((line = mystrtok(&lines, "\n")) != 0)
+	if ((line[3] == ' ' || line[3] == '-')
+	    && strcmp(line + 4, XLOGINFO_CMD) == 0)
+	    (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, "%s %s %s",
+				   XLOGINFO_CMD, state->addr, state->name);
+
     /*
      * Pass-through the client's MAIL FROM command. If this fails, then we
      * have a problem because the proxy should always accept any MAIL FROM
@@ -282,6 +296,7 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
     char   *cp;
     int     last_char;
     int     err = 0;
+    static VSTRING *buffer = 0;
 
     /*
      * Errors first. Be prepared for delayed errors from the DATA phase.
@@ -336,19 +351,32 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
 	return (0);
 
     /*
-     * Censor out non-printable characters in server responses and keep the
-     * last line of multi-line responses.
+     * Censor out non-printable characters in server responses and save
+     * complete multi-line responses if possible.
      */
+    VSTRING_RESET(state->proxy_buffer);
+    if (buffer == 0)
+	buffer = vstring_alloc(10);
     for (;;) {
-	last_char = smtp_get(state->proxy_buffer, state->proxy, var_line_limit);
-	printable(STR(state->proxy_buffer), '?');
+	last_char = smtp_get(buffer, state->proxy, var_line_limit);
+	printable(STR(buffer), '?');
 	if (last_char != '\n')
 	    msg_warn("%s: response longer than %d: %.30s...",
 		     VSTREAM_PATH(state->proxy), var_line_limit,
-		     STR(state->proxy_buffer));
+		     STR(buffer));
 	if (msg_verbose)
 	    msg_info("< %s: %.100s", VSTREAM_PATH(state->proxy),
-		     STR(state->proxy_buffer));
+		     STR(buffer));
+
+	/*
+	 * Defend against a denial of service attack by limiting the amount
+	 * of multi-line text that we are willing to store.
+	 */
+	if (LEN(state->proxy_buffer) < var_line_limit) {
+	    if (VSTRING_LEN(state->proxy_buffer))
+		VSTRING_ADDCH(state->proxy_buffer, '\n');
+	    vstring_strcat(state->proxy_buffer, STR(buffer));
+	}
 
 	/*
 	 * Parse the response into code and text. Ignore unrecognized
@@ -356,16 +384,16 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
 	 * line) will have the same effect as the '-' line continuation
 	 * character.
 	 */
-	for (cp = STR(state->proxy_buffer); *cp && ISDIGIT(*cp); cp++)
+	for (cp = STR(buffer); *cp && ISDIGIT(*cp); cp++)
 	     /* void */ ;
-	if (cp - STR(state->proxy_buffer) == 3) {
+	if (cp - STR(buffer) == 3) {
 	    if (*cp == '-')
 		continue;
 	    if (*cp == ' ' || *cp == 0)
 		break;
 	}
 	msg_warn("received garbage from proxy %s: %.100s",
-		 VSTREAM_PATH(state->proxy), STR(state->proxy_buffer));
+		 VSTREAM_PATH(state->proxy), STR(buffer));
     }
 
     /*
diff --git a/postfix/src/smtpd/smtpd_sasl_proto.c b/postfix/src/smtpd/smtpd_sasl_proto.c
index 8b9834554..a0654384e 100644
--- a/postfix/src/smtpd/smtpd_sasl_proto.c
+++ b/postfix/src/smtpd/smtpd_sasl_proto.c
@@ -197,8 +197,8 @@ void    smtpd_sasl_mail_log(SMTPD_STATE *state)
 {
 #define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
 
-    msg_info("%s: client=%s[%s]%s%s%s%s%s%s",
-	     state->queue_id, state->name, state->addr,
+    msg_info("%s: client=%s%s%s%s%s%s%s",
+	     state->queue_id, state->namaddr,
 	     IFELSE(state->sasl_method, ", sasl_method=", ""),
 	     IFELSE(state->sasl_method, state->sasl_method, ""),
 	     IFELSE(state->sasl_username, ", sasl_username=", ""),
diff --git a/postfix/src/util/attr_scan0.c b/postfix/src/util/attr_scan0.c
index c95342601..a73b4eee9 100644
--- a/postfix/src/util/attr_scan0.c
+++ b/postfix/src/util/attr_scan0.c
@@ -164,7 +164,7 @@ static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *contex
     int     limit = var_line_limit * 4;
     int     ch;
 
-    if ((ch = vstring_get_null_bound(plain_buf, fp, limit)) == VSTREAM_EOF) {
+    if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) {
 	msg_warn("%s on %s while reading %s",
 		 vstream_ftimeout(fp) ? "timeout" : "premature end-of-input",
 		 VSTREAM_PATH(fp), context);
diff --git a/postfix/src/util/attr_scan64.c b/postfix/src/util/attr_scan64.c
index 4da29aedd..5d88c97b7 100644
--- a/postfix/src/util/attr_scan64.c
+++ b/postfix/src/util/attr_scan64.c
@@ -179,11 +179,13 @@ static int attr_scan64_string(VSTREAM *fp, VSTRING *plain_buf, const char *conte
 	    return (-1);
 	}
 	VSTRING_ADDCH(base64_buf, ch);
+#if 0
 	if (LEN(base64_buf) > limit) {
 	    msg_warn("string length > %d characters from %s while reading %s",
 		     limit, VSTREAM_PATH(fp), context);
 	    return (-1);
 	}
+#endif
     }
     VSTRING_TERMINATE(base64_buf);
     if (base64_decode(plain_buf, STR(base64_buf), LEN(base64_buf)) == 0) {
diff --git a/postfix/src/util/attr_scan_plain.c b/postfix/src/util/attr_scan_plain.c
index de3c155c6..bdd769434 100644
--- a/postfix/src/util/attr_scan_plain.c
+++ b/postfix/src/util/attr_scan_plain.c
@@ -174,11 +174,13 @@ static int attr_scan_plain_string(VSTREAM *fp, VSTRING *plain_buf,
 	    return (-1);
 	}
 	VSTRING_ADDCH(plain_buf, ch);
+#if 0
 	if (LEN(plain_buf) > limit) {
 	    msg_warn("string length > %d characters from %s while reading %s",
 		     limit, VSTREAM_PATH(fp), context);
 	    return (-1);
 	}
+#endif
     }
     VSTRING_TERMINATE(plain_buf);
 
diff --git a/postfix/src/util/base64_code.c b/postfix/src/util/base64_code.c
index 21210e605..0c3a95370 100644
--- a/postfix/src/util/base64_code.c
+++ b/postfix/src/util/base64_code.c
@@ -41,6 +41,11 @@
 #include "sys_defs.h"
 #include 
 #include 
+#include 
+
+#ifndef UCHAR_MAX
+#define UCHAR_MAX 0xff
+#endif
 
 /* Utility library. */
 
@@ -102,7 +107,7 @@ VSTRING *base64_decode(VSTRING *result, const char *in, int len)
     int     ch2;
     int     ch3;
 
-#define CHARS_PER_BYTE	256
+#define CHARS_PER_BYTE	(UCHAR_MAX + 1)
 #define INVALID		0xff
 
     /*
diff --git a/postfix/src/util/sane_connect.c b/postfix/src/util/sane_connect.c
index cdb2874bc..ab18c5188 100644
--- a/postfix/src/util/sane_connect.c
+++ b/postfix/src/util/sane_connect.c
@@ -11,7 +11,7 @@
 /*	struct sockaddr	*buf;
 /*	SOCKADDR_SIZE *len;
 /* DESCRIPTION
-/*	sane_connect() implements the accept(2) socket call, and maps
+/*	sane_connect() implements the connect(2) socket call, and maps
 /*	known harmless error results to EAGAIN.
 /* BUGS
 /*	Bizarre systems may have other harmless error results. Such