postfix-2.0.16-20031022

2025-08-29 13:18:12 +00:00 · 2003-10-22 00:00:00 -05:00 · 2003-10-22 00:00:00 -05:00 · 8a2c6280e8
commit 8a2c6280e8
parent 7650921ea0
46 changed files with 744 additions and 261 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -8625,6 +8625,73 @@ Apologies for any names omitted.
 	everything that invokes these routines including queue
 	manager and delivery agents.
 20030922
 	Feature: "XADDR address hostname" SMTP command, for SMTPD
 	restriction debugging, and for sites with fetchmail-like
 	software that extracts client information from the first
 	Received:  header. The smtpd_authorized_xaddr_clients
 	parameter specifies what clients are allowed to use XADDR
 	(default: none).  Files:  smtpd/smtpd.c.
 20031015
 	Workaround: smtpd access maps should not apply subdomain
 	name magic to numerical hostnames. File: smtpd/smtpd_check.c.
 	Safety: the local delivery agent now defers delivery when
 	alias lookup produces an empty result. File: local/alias.c.
 20031019
 	Workaround: disable request/reply size limit in attr_scan*.c
 	to prevent mail from getting stuck when rewriting a malformed
 	message header.  This limit was turned on with snapshot
 	20030715 to harden the protocol that is used by SMTPD policy
 	delegation. A "no code change" workaround is to specify
 	"header_size_limit = $line_length_limit".  The proper fix
 	is to enforce request/reply size limits only for data from
 	outside of Postfix. Problem reported by Brandon Mullenberg,
 	Dialup USA. Files:  util/attr_scan*.c.
 	Feature: "XLOGINFO address hostname" SMTP command, so that
 	Postfix daemons behind SMTPD pass-through proxies log useful
 	client name/address information instead of localhost[127.0.0.1].
 	The smtpd_authorized_xloginfo_clients parameter specifies
 	what clients are allowed to use XLOGINFO (default: none).
 	Files:  smtpd/smtpd.c.
 	Cleanup: renamed the authorized_verp_clients parameter to
 	smtpd_authorized_verp_clients for consistency.
 20031021
 	Workaround: the demo greylist script now uses BTREE instead
 	of HASH files for hopefully better stability. The real fix
 	is to use a single updater process that serves multiple
 	clients. That approach seems to work well with the verify
 	daemon. File: examples/smtpd-policy/smtpd-policy.pl.
 20031022
 	Safety: the SMTP server now warns when the queue_minfree
 	value is less than twice the message size limit. File:
 	smtpd/smtpd.c.
 	Safety:  the SMTP server no longer accepts mail when the
 	amount of free space is less than twice the message size
 	limit.  File: smtpd/smtpd_check.c.
 	Safety: log a warning and defer mail when canonical or
 	virtual lookups return a non-address result (like a string
 	that contains no address). File: global/mail_addr_map.c.
 	Safety: log a warning and defer mail when any map lookup
 	returns an empty string result, and explain that "no result"
 	is expected in case of a "not found" condition. This happens
 	with incorrectly implemented SQL or LDAP tables. File:
 	global/maps_find.c.
 Open problems:
 	High: when virtual aliasing is turned off after content
@ -8663,9 +8730,6 @@ Open problems:
 	Low: sendmail does not store null command-line recipients.
 	Low: sendmail, not cleanup, should extract recipients from
 	message headers.
 	Low: have a configurable list of errno values for mailbox
 	or maildir delivery that result in deferral rather than
 	bouncing mail.
--- a/postfix/README_FILES/FILTER_README
+++ b/postfix/README_FILES/FILTER_README
@ -155,6 +155,13 @@ queue, mail will bounce.  The same lack of robustness can happen
 when the content filtering software itself runs into a resource
 problem.
 The simple content filter method is not suitable for content filter
 actions that are invoked via header_checks or body_checks patterns.
 These patterns will be applied again after mail is re-injected with
 the Postfix sendmail command, resulting in a mail filtering loop.
 Instead, use the advanced content filtering method (see below) and
 turn off header_checks or body_checks patterns for filtered mail.
 Advanced content filtering example
 ===================================
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@ -1,15 +1,10 @@
 Purpose of the before-queue content filter feature
 ==================================================
-Normally, Postfix receives mail, stores it in the mail queue and
+The Postfix SMTP server can be configured to forward all incoming
-then delivers it.  The Postfix SMTP server can be configured to
+mail to a content filter (for example, a real-time SPAM filter)
-forward all incoming mail to a content filter (for example, a
+that inspects all mail BEFORE it is stored in the Postfix mail
-real-time SPAM filter) that inspects all mail BEFORE it is stored
+queue.
 in the Postfix mail queue.
 [This is not to be confused with the approach described in the
 FILTER_README document, where all mail is inspected AFTER it is
 stored in the Postfix mail queue]
 The before-queue content filter is meant to be used as follows:
@ -17,14 +12,20 @@ The before-queue content filter is meant to be used as follows:
    Internet -> smtpd -> queue -> smtpd -> cleanup -> queue -> local
               Postfix  filter   Postfix                     \ virtual etc.
-For reference, this is the normal path through Postfix:
+Normally, Postfix receives mail, stores it in the mail queue and
 then delivers it.  The next diagram shows the normal path through
 Postfix for mail that arrives via the network:
                                           / smtp
    Internet -> smtpd -> cleanup -> queue -> local
                Postfix                    \ virtual etc.
-For comparison, this is the FILTER_README approach with an SMTP-based
+The before-queue content filter is not to be confused with the
-after-queue content filter:
+approach described in the FILTER_README document, where mail is
 filtered AFTER it is stored in the Postfix mail queue. For example,
 below is the FILTER_README approach with an SMTP-based after-queue
 content filter:
 					   / smtp
    Internet -> smtpd -> cleanup -> queue -> local
 	       Postfix      ^         v    \ virtual etc.
@ -34,8 +35,9 @@ after-queue content filter:
 			      queue <-
                              filter
-The before-queue content filter receives unfiltered SMTP mail from
+The before-queue content filter functions just like the after-queue
-Postfix and does one of the following:
+content filter. It receives unfiltered SMTP mail from Postfix and
 does one of the following:
 1 - Re-inject the mail back into Postfix via SMTP, perhaps after
    changing content.
@ -44,7 +46,7 @@ Postfix and does one of the following:
    to Postfix. Postfix passes the status back to the remote SMTP
    client. This way, Postfix does not have to send a bounce message.
-3 - Send the mail somewhere else.
+3 - Send the mail somewhere else, or discard the mail.
 Limitations
 ===========
@ -63,20 +65,23 @@ accepting mail or you have to stop filtering the mail.
 How Postfix talks to the before-queue content filter
 ==================================================
-Postfix makes one connection per email message.  Postfix speaks
+The before-filter Postfix SMTP server connects to the content
-ESMTP, but uses no command pipelining. Postfix generates its own
+filter, delivers one message, and disconnects.  While sending mail
-EHLO, DATA and QUIT commands, and forwards unmodified copies of
+into the content filter, Postfix speaks ESMTP but uses no command
-all the MAIL FROM and RCPT TO commands that the Postfix SMTP server
+pipelining.  Postfix generates its own EHLO, XLOGINFO (for logging
 the remote client IP address instead of localhost[127.0.0.1]), DATA
 and QUIT commands, and forwards unmodified copies of all the MAIL
 FROM and RCPT TO commands that the before-filter Postfix SMTP server
 didn't reject itself.  The SMTP proxy server should accept the same
 MAIL FROM and RCPT TO command syntax as the Postfix SMTP server.
 Postfix sends no other SMTP commands.
 The content filter is expected to pass on unmodified SMTP commands
 from a before-filter Postfix SMTP server to an after-filter Postfix
-SMTP server that listens on a non-standard port.  When the filter
+SMTP server that usually listens on a non-standard port.  When the
-rejects content, it should send a negative SMTP response back to
+filter rejects content, it should send a negative SMTP response
-the before-filter Postfix SMTP server, and it should abort any
+back to the before-filter Postfix SMTP server, and it should abort
-connection with the after-filter Postfix SMTP server without
+the connection with the after-filter Postfix SMTP server without
 completing the SMTP conversation with the after-filter Postfix SMTP
 server.
@ -114,6 +119,7 @@ for testing, of course.
    smtp      inet  n       -       n       -       -       smtpd
        -o smtpd_proxy_filter=26
    :26       inet  n       -       n       -       -       smtpd
 	-o smtpd_authorized_xloginfo_clients=127.0.0.0/8
 	-o smtpd_client_restrictions=
 	-o smtpd_helo_restrictions=
 	-o smtpd_sender_restrictions=
@ -126,6 +132,15 @@ Note: do not specify spaces around the "=" or "," characters.
 The ":26" causes Postfix to listen on the localhost address only.
 DO NOT expose the secondary SMTP server to the Internet :-)
 The smtpd_authorized_xloginfo_clients parameter allows the before
 filter SMTP server to pass the remote SMTP client name and address
 to the after-filter SMTP server, so that the after-filter Postfix
 daemons log the remote client name and address instead of logging
 localhost[127.0.0.1].
 The other parameter settings avoid duplication of effort that is
 done in the "before filter" SMTP server.
 The result is as follows:
    Internet -> smtpd on port 25 -> smtpd on port 26 -> cleanup -> queue
--- a/postfix/README_FILES/VERP_README
+++ b/postfix/README_FILES/VERP_README
@ -35,8 +35,8 @@ are used as part of a username or domain name (such as alphanumerics),
 or because they are non-ASCII or control characters.  And who knows,
 some characters may tickle bugs in vulnerable software.
- authorized_verp_clients (default value: $mynetworks) controls
+- smtpd_authorized_verp_clients (default value: none) controls
-what network clients are allowed to request VERP style delivery.
+what SMTP clients are allowed to request VERP style delivery.
 Exceptions:  the Postfix QMQP server uses its own access control
 mechanism, and local submission (via /usr/sbin/sendmail etc.) is
 always authorized. To authorize a host, list its name, IP address,
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -22,6 +22,55 @@ snapshot release).  Patches change the patchlevel and the release
 date. Snapshots change only the release date, unless they include
 the same bugfixes as a patch release.
 Incompatible changes with Postfix snapshot 2.0.16-20031022
 ==========================================================
 Postfix no longer retries delivery when no MX host has a valid A
 record, for compatibility with most other MTAs. This change is made
 in anticipation of a possible Verisign "wild-card MX record without
 A record" for unregistered domains. To get the old behavior, specify
 "smtp_defer_if_no_mx_address_found = yes".
 The Postfix SMTP client no longer looks in /etc/hosts by default.
 To get the old behavior, specify "smtp_host_lookup = dns, native".
 The authorized_verp_clients configuration parameter has been renamed
 to smtpd_authorized_verp_clients. This is for consistency with the
 new smtpd_authorized_xaddr_clients and smtpd_authorized_xloginfo_clients
 configuration parameters that control the use of the new XADDR and
 XLOGINFO commands.
 The smtpd_authorized_verp_clients parameter now defaults to nothing
 (no XVERP command is accepted).
 The Postfix SMTP server no longer allows queue_minfree values that
 are less than twice the message_size_limit value.
 The Postfix SMTP server no longer accepts mail when the amount of
 free queue space is less than twice the message_size_limit value.
 Major changes with Postfix snapshot 2.0.16-20031022
 ===================================================
 Easier debugging of SMTPD access restrictions. The SMTP command
 "XADDR client-address client-hostname" changes Postfix's idea of
 the remote client name and address, so that you can pretend to
 connect from anywhere on the Internet.  Use of this command is
 restricted to clients that match the list of names or addresses
 specified with the smtpd_authorized_xaddr_clients parameter. By
 default, XADDR is not accepted from anywhere.
 More useful logging by Postfix daemons behind a real-time SMTP
 proxy filter (the logging now shows the remote client name and
 address, instead of localhost[127.0.0.1]).  This uses the new SMTP
 command "XLOGINFO client-address client-hostname", which specifies
 the client name and address for logging purposes without changing
 the name/address that are used for SMTPD access control.  Use of
 this command is restricted to clients that match the list of names
 or addresses specified with the smtpd_authorized_xloginfo_clients
 parameter. By default, XLOGINFO is not accepted from anywhere.
 For an example, see the updated SMTPD_PROXY_README file.
 Major changes with Postfix snapshot 2.0.16-20030917
 ===================================================
--- a/postfix/RELEASE_NOTES-2.0
+++ b/postfix/RELEASE_NOTES-2.0
@ -126,7 +126,10 @@ more flexible "reject_rbl_client" feature instead.
 [Obsolete 20021209] The "check_relay_domains" restriction is going
 away.  The SMTP server logs a warning and suggests using the more
-robust "reject_unauth_destination" instead.
+robust "reject_unauth_destination" instead. This means that Postfix 
 by default no longer grants relay permissions on the basis of the 
 client hostname, and that relay clients must be authorized via 
 other means such as permit_mynetworks.
 [Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/
 is going away. Use the cleaner and more flexible "if !/pattern2/..endif"
@ -246,7 +249,7 @@ mail relay traffic from outbound traffic. This eliminates a problem
 where inbound mail deliveries could become resource starved in the
 presence of a high volume of outbound mail.
-[Feature 20021013] The body_checks_max_size parameter limits the
+[Feature 20021013] The body_checks_size_limit parameter limits the
 amount of text per message body segment (or attachment, if you
 prefer to use that term) that is subjected to body_checks inspection.
 The default limit is 50 kbytes. This speeds up the processing of
@ -399,7 +402,8 @@ or html/uce.html for details.
 IP address blacklisting. Based on code by LaMont Jones.  The old
 "reject_maps_rbl" is now implemented as a wrapper around the
 reject_rbl_client code, and logs a warning that "reject_maps_rbl"
-is going away.
+is going away. To upgrade, specify "reject_rbl_client domainname"
 once for each domain name that is listed in maps_rbl_domains.
 [Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender
 domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient
@ -657,7 +661,7 @@ mime_header_checks (for MIME headers), and nested_header_checks
 (for headers of attached email messages except MIME headers).  By
 default, all headers are matched with header_checks.
-[Feature 20021013] The body_checks_max_size parameter limits the
+[Feature 20021013] The body_checks_size_limit parameter limits the
 amount of text per message body segment (or attachment, if you
 prefer to use that term) that is subjected to body_checks inspection.
 The default limit is 50 kbytes. This speeds up the processing of
--- a/postfix/conf/postfix-files
+++ b/postfix/conf/postfix-files
@ -199,11 +199,14 @@ $readme_directory/MYSQL_README:f:root:-:644
 $readme_directory/NFS_README:f:root:-:644
 $readme_directory/PACKAGE_README:f:root:-:644
 $readme_directory/PCRE_README:f:root:-:644
 $readme_directory/PGSQL_README:f:root:-:644
 $readme_directory/QMQP_README:f:root:-:644
 $readme_directory/RELEASE_NOTES:f:root:-:644
 $readme_directory/RESTRICTION_CLASS_README:f:root:-:644
 $readme_directory/SASL_README:f:root:-:644
 $readme_directory/SCHEDULER_README:f:root:-:644
 $readme_directory/SMTPD_POLICY_README:f:root:-:644
 $readme_directory/SMTPD_PROXY_README:f:root:-:644
 $readme_directory/ULTRIX_README:f:root:-:644
 $readme_directory/UUCP_README:f:root:-:644
 $readme_directory/VERP_README:f:root:-:644
--- a/postfix/conf/sample-filter.cf
+++ b/postfix/conf/sample-filter.cf
@ -99,14 +99,14 @@ nested_header_checks = $header_checks
 #
 body_checks = regexp:/etc/postfix/body_checks
-# The body_checks_max_size parameter controls how much text in a
+# The body_checks_size_limit parameter controls how much text in a
 # message body segment (or attachment, if you prefer to use that
 # term) is subjected to body_checks inspection.
 # 
 # By default, only the first 50 kbytes of a message body segment are
 # inspected with body_checks patterns.
 #
-body_checks_max_size = 51200
+body_checks_size_limit = 51200
 # The receive_override_options parameter controls what input processing
 # happens before or after an external content filter.
--- a/postfix/conf/sample-resource.cf
+++ b/postfix/conf/sample-resource.cf
@ -143,6 +143,12 @@ qmgr_message_recipient_minimum = 10
 # space in bytes in the queue file system. This is currently used by
 # the SMTP server to decide if it will accept any mail at all.
 #
 # By default, the SMTP server rejects MAIL FROM commands when the
 # amount of free space is less than 2*$message_size_limit.
 # 
 # To specify a higher minimum free space limit, specify a value that
 # is at least 2*$message_size_limit.
 #
 queue_minfree = 0
 # The stale_lock_time parameter limits the time after which a stale
--- a/postfix/conf/sample-smtp.cf
+++ b/postfix/conf/sample-smtp.cf
@ -65,6 +65,17 @@ smtp_never_send_ehlo = no
 # 
 #smtp_bind_address=111.222.333.444
 # The smtp_defer_if_no_mx_address_found parameter controls what
 # Postfix will do when no MX record resolves to an IP address (Postfix
 # always ignores MX records with equal or worse preference than the
 # local MTA).
 # 
 # The default (no) is to return the mail as undeliverable. With older
 # Postfix versions the default was to keep trying to deliver the mail
 # until someone fixed the MX record or until the mail was too old.
 # 
 smtp_defer_if_no_mx_address_found = no
 # The smtp_line_length_limit parameter controls the length of
 # message header and body lines that Postfix will send via SMTP.
 # Lines that are longer are broken by inserting <CR> <LF> <SPACE>.
--- a/postfix/conf/sample-smtpd.cf
+++ b/postfix/conf/sample-smtpd.cf
@ -47,10 +47,10 @@
 #local_recipient_maps = unix:passwd.byname $alias_maps
 local_recipient_maps = proxy:unix:passwd.byname $alias_maps
-# The unknown_local_recipient_reject_code specifies the SMTP server
+# The unknown_local_recipient_reject_code parameter specifies the
-# response code when a recipient domain matches $mydestination or
+# SMTP server response code when a recipient domain matches $mydestination
-# $inet_interfaces, while $local_recipient_maps is non-empty and the
+# or $inet_interfaces, while $local_recipient_maps is non-empty and
-# recipient address or address local-part is not found.
+# the recipient address or address local-part is not found.
 #
 # The default setting is 550 (reject mail) but it is safer to start
 # with 450 (try again later) until you are certain that your
@ -113,6 +113,59 @@ unknown_local_recipient_reject_code = 550
 #
 #disable_vrfy_command = no
 # The smtpd_authorized_xaddr_clients parameter specifies what clients
 # are allowed to specify the SMTP "XADDR client-address client-name"
 # command. This command changes Postfix's idea of the client hostname
 # and IP address for logging and for access control. Typical use is
 # for SMTPD access testing.
 #
 # By default, no clients are allowed to specify XADDR.
 #
 # Specify an explicit list of network/netmask patterns, where the
 # mask specifies the number of bits in the network part of a host
 # address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here. Specify type:table for table-based lookups
 # (the value on the table right-hand side is not used).
 #
 smtpd_authorized_xaddr_clients =
 # The smtpd_authorized_xloginfo_clients parameter specifies what
 # clients are allowed to specify the SMTP "XLOGINFO client-address
 # client-name" command. This command changes Postfix's idea of the
 # client hostname and IP address for logging but not for access
 # control. Typical use is for SMTP-based content filters.
 #
 # By default, no clients are allowed to specify XLOGINFO.
 #
 # Specify an explicit list of network/netmask patterns, where the
 # mask specifies the number of bits in the network part of a host
 # address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here. Specify type:table for table-based lookups
 # (the value on the table right-hand side is not used).
 #
 smtpd_authorized_xloginfo_clients =
 # The smtpd_authorized_xverp_clients parameter specifies what clients
 # are allowed to specify the SMTP XVERP command. This command requests
 # that mail be delivered one recipient at a time with a per recipient
 # return address.
 #
 # By default, no clients are allowed to specify XVERP.
 #
 # Specify an explicit list of network/netmask patterns, where the
 # mask specifies the number of bits in the network part of a host
 # address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here. Specify type:table for table-based lookups
 # (the value on the table right-hand side is not used).
 #
 smtpd_authorized_xverp_clients =
 # The smtpd_banner parameter specifies the text that follows the 220
 # status code in the SMTP greeting banner. Some people like to see
 # the mail version advertised. By default, Postfix shows no version.
@ -156,9 +209,10 @@ smtpd_banner = $myhostname ESMTP $mail_name
 #
 smtpd_etrn_restrictions =
-# The smtpd_history_flush_threshold specifies how many lines the SMTP
+# The smtpd_history_flush_threshold parameter specifies how many
-# server command history is allowed to contain before it is flushed
+# lines the SMTP server command history is allowed to contain before
-# to postmaster upon receipt of EHLO, RSET, or end of DATA.
+# it is flushed to postmaster upon receipt of EHLO, RSET, or end of
 # DATA.
 #
 smtpd_history_flush_threshold = 100
--- a/postfix/examples/smtpd-policy/smtpd-policy.pl
+++ b/postfix/examples/smtpd-policy/smtpd-policy.pl
@ -69,7 +69,7 @@ use Sys::Syslog qw(:DEFAULT setlogsock);
 # $database_name.time(), so that the mail system does not get stuck.
 #
 $database_name="/var/mta/smtpd-policy.db";
-$greylist_delay=3600;
+$greylist_delay=60;
 #
 # Syslogging options for verbose mode and for fatal errors.
@ -140,7 +140,7 @@ sub open_database {
    # Use tied database to make complex manipulations easier to express.
    $database_obj = tie(%db_hash, 'DB_File', $database_name,
-			    O_CREAT|O_RDWR, 0644) ||
+			    O_CREAT|O_RDWR, 0644, $DB_BTREE) ||
 	fatal_exit "Cannot open database %s: $!", $database_name;
    $database_fd = $database_obj->fd;
    open DATABASE_HANDLE, "+<&=$database_fd" ||
@ -193,7 +193,7 @@ sub update_database {
 # out of the way, and start with a new database.
 #
 sub sigsegv_handler {
-    my $backup = $database_name . time();
+    my $backup = $database_name . "." . time();
    rename $database_name, $backup || 
 	fatal_exit "Can't save %s as %s: $!", $database_name, $backup;
--- a/postfix/html/basic.html
+++ b/postfix/html/basic.html
@ -195,8 +195,8 @@ is attached to.
 You should set up a <b>postmaster</b> <a
 href="rewrite.html#aliases">alias</a> that points to a human person.
-This alias is required to exist, so that people can report mail
+The <b>postmaster</b> address is required to exist, so that people
-delivery problems.
+can report mail delivery problems.
 <p>
--- a/postfix/html/faq.html
+++ b/postfix/html/faq.html
@ -1081,8 +1081,8 @@ for you.
 <p>
-On SuSE systems the file permission fixing utulity is called
+On SuSE systems the utulity is called <b>SuSEconfig</b>.  Other
-<b>SuSEconfig</b>.  Other Linux systems may use different names.
+Linux systems may use different names.
 The usual disclaimers about mileages etc. apply.
 <p>
@ -1109,7 +1109,8 @@ add to /etc/permissions.local the following line:
 </pre>
 </blockquote>
-and to make sure that in /etc/rc.config,
+and to make sure that in the file /etc/sysconfig/security (with
 older SuSE versions, in the file /etc/rc.config),
 PERMISSIONS_SECURITY mentions local last, EXAMPLE:
 <blockquote>
--- a/postfix/html/master.8.html
+++ b/postfix/html/master.8.html
@ -1,11 +1,11 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 MASTER(8)                                               MASTER(8)
 <b>NAME</b>
       master - Postfix master process
 <b>SYNOPSIS</b>
-       <b>master</b> [<b>-Dtv</b>] [<b>-c</b> <i>config_dir</i>] [<b>-e</b> <i>exit_time</i>]
+       <b>master</b> [<b>-Dtv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-e</b> <i>exit</i><b>_</b><i>time</i>]
 <b>DESCRIPTION</b>
       The  <b>master</b> daemon is the resident process that runs Post-
@ -28,19 +28,19 @@ MASTER(8)                                               MASTER(8)
       Options:
-       <b>-c</b> <i>config_dir</i>
+       <b>-c</b> <i>config</i><b>_</b><i>dir</i>
              Read  the <b>main.cf</b> and <b>master.cf</b> configuration files
              in the named directory instead of the default  con-
              figuration directory.
-       <b>-e</b> <i>exit_time</i>
+       <b>-e</b> <i>exit</i><b>_</b><i>time</i>
-              Terminate  the  master process after <i>exit_time</i> sec-
+              Terminate  the  master process after <i>exit</i><b>_</b><i>time</i> sec-
              onds. Child processes  terminate  at  their  conve-
              nience.
       <b>-D</b>     After  initialization, run a debugger on the master
              process. The debugging command  is  specified  with
-              the <b>debugger</b><i>_</i><b>command</b> in the <b>main.cf</b> global configu-
+              the <b>debugger_command</b> in the <b>main.cf</b> global configu-
              ration file.
       <b>-t</b>     Test mode. Return a zero exit status when the  <b>mas-</b>
@ -68,7 +68,7 @@ MASTER(8)                                               MASTER(8)
              <b>abort</b>),  the master process passes the signal on to
              its child processes and terminates.  This is useful
              for  an emergency shutdown. Normally one would ter-
-              minate only the master  (<b>postfix</b>  <b>stop</b>)  and  allow
+              minate only the master  (<b>postfix  stop</b>)  and  allow
              running processes to finish what they are doing.
 <b>DIAGNOSTICS</b>
@ -76,62 +76,62 @@ MASTER(8)                                               MASTER(8)
 <b>BUGS</b>
 <b>ENVIRONMENT</b>
-       <b>MAIL</b><i>_</i><b>DEBUG</b>
+       <b>MAIL_DEBUG</b>
              After initialization, start a debugger as specified
-              with the <b>debugger</b><i>_</i><b>command</b>  configuration  parameter
+              with the <b>debugger_command</b>  configuration  parameter
              in the <b>main.cf</b> configuration file.
-       <b>MAIL</b><i>_</i><b>CONFIG</b>
+       <b>MAIL_CONFIG</b>
              Directory with Postfix configuration files.
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
+<b>CONFIGURATION PARAMETERS</b>
       The  following  <b>main.cf</b> parameters are especially relevant
       to this program. See the Postfix <b>main.cf</b> file  for  syntax
-       details  and  for  default  values. Use the <b>postfix</b> <b>reload</b>
+       details  and  for  default  values. Use the <b>postfix reload</b>
       command after a configuration change.
 <b>Miscellaneous</b>
-       <b>import</b><i>_</i><b>environment</b>
+       <b>import_environment</b>
-       <b>export</b><i>_</i><b>environment</b>
+       <b>export_environment</b>
              Lists of names of environment parameters  that  can
              be  imported  from  (exported  to) non-Postfix pro-
              cesses.
-       <b>mail</b><i>_</i><b>owner</b>
+       <b>mail_owner</b>
              The owner of the mail queue  and  of  most  Postfix
              processes.
-       <b>command</b><i>_</i><b>directory</b>
+       <b>command_directory</b>
              Directory with Postfix support programs.
-       <b>daemon</b><i>_</i><b>directory</b>
+       <b>daemon_directory</b>
              Directory with Postfix daemon programs.
-       <b>queue</b><i>_</i><b>directory</b>
+       <b>queue_directory</b>
              Top-level  directory  of the Postfix queue. This is
              also the root directory of Postfix daemons that run
              chrooted.
-       <b>inet</b><i>_</i><b>interfaces</b>
+       <b>inet_interfaces</b>
              The  network  interface  addresses that this system
              receives mail on.  You need to stop and start Post-
              fix when this parameter changes.
-<b>Resource</b> <b>controls</b>
+<b>Resource controls</b>
-       <b>default</b><i>_</i><b>process</b><i>_</i><b>limit</b>
+       <b>default_process_limit</b>
              Default  limit for the number of simultaneous child
              processes that provide a given service.
-       <b>max</b><i>_</i><b>idle</b>
+       <b>max_idle</b>
              Limit the time in  seconds  that  a  child  process
              waits between service requests.
-       <b>max</b><i>_</i><b>use</b>
+       <b>max_use</b>
              Limit  the  number of service requests handled by a
              child process.
-       <b>service</b><i>_</i><b>throttle</b><i>_</i><b>time</b>
+       <b>service_throttle_time</b>
              Time to avoid forking a server that appears  to  be
              broken.
@ -140,7 +140,7 @@ MASTER(8)                                               MASTER(8)
       /etc/postfix/master.cf: master process configuration file.
       /var/spool/postfix/pid/master.pid: master lock file.
-<b>SEE</b> <b>ALSO</b>
+<b>SEE ALSO</b>
       <a href="qmgr.8.html">qmgr(8)</a> queue manager
       <a href="pickup.8.html">pickup(8)</a> local mail pickup
       syslogd(8) system logging
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@ -1,4 +1,4 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 SMTP(8)                                                   SMTP(8)
 <b>NAME</b>
@ -52,7 +52,7 @@ SMTP(8)                                                   SMTP(8)
       rupted message files are marked so that the queue  manager
       can move them to the <b>corrupt</b> queue for further inspection.
-       Depending on the setting of the <b>notify</b><i>_</i><b>classes</b>  parameter,
+       Depending on the setting of the <b>notify_classes</b>  parameter,
       the  postmaster is notified of bounces, protocol problems,
       and of other trouble.
@ -64,140 +64,140 @@ SMTP(8)                                                   SMTP(8)
       command after a configuration change.
 <b>Miscellaneous</b>
-       <b>best</b><i>_</i><b>mx</b><i>_</i><b>transport</b>
+       <b>best_mx_transport</b>
              Name  of  the  delivery  transport  to use when the
              local machine is the most-preferred mail  exchanger
              (by  default,  a  mailer  loop is reported, and the
              message is bounced).
-       <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
+       <b>debug_peer_level</b>
              Verbose logging  level  increment  for  hosts  that
-              match a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> parameter.
+              match a pattern in the <b>debug_peer_list</b> parameter.
-       <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
+       <b>debug_peer_list</b>
              List  of  domain or network patterns. When a remote
              host matches a pattern, increase the  verbose  log-
              ging   level   by   the  amount  specified  in  the
-              <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
+              <b>debug_peer_level</b> parameter.
-       <b>disable</b><i>_</i><b>dns</b><i>_</i><b>lookups</b>
+       <b>disable_dns_lookups</b>
              Disable DNS lookups. This means that mail  must  be
              forwarded via a smart relay host.
-       <b>smtp</b><i>_</i><b>host</b><i>_</i><b>lookup</b>
+       <b>smtp_host_lookup</b>
              What  host  lookup mechanism the SMTP client should
              use.  Specify <b>dns</b> (use DNS  lookup)  and/or  <b>native</b>
              (use  the  native  naming  service  which also uses
              /etc/hosts).  This  setting  is  ignored  when  DNS
              lookups are disabled.
-       <b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
+       <b>error_notice_recipient</b>
              Recipient    of   protocol/policy/resource/software
              error notices.
-       <b>fallback</b><i>_</i><b>relay</b>
+       <b>fallback_relay</b>
              Hosts to hand off mail to if a message  destination
              is not found or if a destination is unreachable.
-       <b>ignore</b><i>_</i><b>mx</b><i>_</i><b>lookup</b><i>_</i><b>error</b>
+       <b>ignore_mx_lookup_error</b>
              When a name server fails to respond to an MX query,
              search for an A record, instead of  deferring  mail
              delivery.
-       <b>inet</b><i>_</i><b>interfaces</b>
+       <b>inet_interfaces</b>
              The network interface addresses that this mail sys-
              tem receives mail on. When any of  those  addresses
              appears in the list of mail exchangers for a remote
              destination, the list is truncated  to  avoid  mail
-              delivery  loops.   See  also  the  <b>proxy</b><i>_</i><b>interfaces</b>
+              delivery  loops.   See  also  the  <b>proxy_interfaces</b>
              parameter.
-       <b>notify</b><i>_</i><b>classes</b>
+       <b>notify_classes</b>
              When this parameter includes  the  <b>protocol</b>  class,
              send  mail  to  the  postmaster with transcripts of
              SMTP sessions with protocol errors.
-       <b>proxy</b><i>_</i><b>interfaces</b>
+       <b>proxy_interfaces</b>
              Network interfaces that this mail  system  receives
              mail on by way of a proxy or network address trans-
              lator. When any of those addresses appears  in  the
              list  of  mail exchangers for a remote destination,
              the list is truncated to avoid mail delivery loops.
-              See also the <b>inet</b><i>_</i><b>interfaces</b> parameter.
+              See also the <b>inet_interfaces</b> parameter.
-       <b>smtp</b><i>_</i><b>always</b><i>_</i><b>send</b><i>_</i><b>ehlo</b>
+       <b>smtp_always_send_ehlo</b>
              Always send EHLO at the start of a connection.
-       <b>smtp</b><i>_</i><b>never</b><i>_</i><b>send</b><i>_</i><b>ehlo</b>
+       <b>smtp_never_send_ehlo</b>
              Never send EHLO at the start of a connection.
-       <b>smtp</b><i>_</i><b>bind</b><i>_</i><b>address</b>
+       <b>smtp_bind_address</b>
              Numerical  source  network  address to bind to when
              making a connection.
-       <b>smtp</b><i>_</i><b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
+       <b>smtp_line_length_limit</b>
              Length limit for SMTP message content  lines.  Zero
              means  no  limit.   Some  SMTP servers misbehave on
              long lines.
-       <b>smtp</b><i>_</i><b>helo</b><i>_</i><b>name</b>
+       <b>smtp_helo_name</b>
              The hostname to be used in HELO and EHLO  commands.
-       <b>smtp</b><i>_</i><b>quote</b><i>_</i><b>rfc821</b><i>_</i><b>envelope</b>
+       <b>smtp_quote_rfc821_envelope</b>
              Whether  or  not  to  quote  MAIL  FROM and RCPT TO
              addresses as per the rules laid out in <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
-       <b>smtp</b><i>_</i><b>skip</b><i>_</i><b>4xx</b><i>_</i><b>greeting</b>
+       <b>smtp_skip_4xx_greeting</b>
              Skip servers that greet us with a 4xx status  code.
-       <b>smtp</b><i>_</i><b>skip</b><i>_</i><b>5xx</b><i>_</i><b>greeting</b>
+       <b>smtp_skip_5xx_greeting</b>
              Skip  servers that greet us with a 5xx status code.
-       <b>smtp</b><i>_</i><b>skip</b><i>_</i><b>quit</b><i>_</i><b>response</b>
+       <b>smtp_skip_quit_response</b>
              Do not wait for the server response  after  sending
              QUIT.
-       <b>smtp</b><i>_</i><b>pix</b><i>_</i><b>workaround</b><i>_</i><b>delay</b><i>_</i><b>time</b>
+       <b>smtp_pix_workaround_delay_time</b>
              The  time  to pause before sending .&lt;CR&gt;&lt;LF&gt;, while
              working   around    the    CISCO    PIX    firewall
              &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt; bug.
-       <b>smtp</b><i>_</i><b>pix</b><i>_</i><b>workaround</b><i>_</i><b>threshold</b><i>_</i><b>time</b>
+       <b>smtp_pix_workaround_threshold_time</b>
              The  time a message must be queued before the CISCO
              PIX firewall &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;  bug  workaround  is
              turned on.
 <b>MIME Conversion</b>
-       <b>disable</b><i>_</i><b>mime</b><i>_</i><b>output</b><i>_</i><b>conversion</b>
+       <b>disable_mime_output_conversion</b>
              Disable  the  conversion of 8BITMIME format to 7BIT
              format when the remote system  does  not  advertise
              8BITMIME support.
-       <b>mime</b><i>_</i><b>boundary</b><i>_</i><b>length</b><i>_</i><b>limit</b>
+       <b>mime_boundary_length_limit</b>
              The amount of space that will be allocated for MIME
              multipart boundary strings. The MIME  processor  is
              unable to distinguish between boundary strings that
-              do   not   differ   in   the   first   <b>$mime</b><i>_</i><b>bound-</b>
+              do   not   differ   in   the   first   <b>$mime_bound-</b>
-              <b>ary</b><i>_</i><b>length</b><i>_</i><b>limit</b> characters.
+              <b>ary_length_limit</b> characters.
-       <b>mime</b><i>_</i><b>nesting</b><i>_</i><b>limit</b>
+       <b>mime_nesting_limit</b>
              The  maximal  nesting  level of multipart mail that
              the MIME processor can handle. Refuse mail that  is
              nested deeper, when converting from 8BITMIME format
              to 7BIT format.
 <b>Authentication controls</b>
-       <b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>enable</b>
+       <b>smtp_sasl_auth_enable</b>
              Enable per-session authentication as per  <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC  2554</a>
              (SASL).   By default, Postfix is built without SASL
              support.
-       <b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
+       <b>smtp_sasl_password_maps</b>
              Lookup tables with per-host or domain <i>name</i>:<i>password</i>
              entries.   No  entry for a host means no attempt to
              authenticate.
-       <b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
+       <b>smtp_sasl_security_options</b>
              Zero or more of the following.
              <b>noplaintext</b>
@ -216,15 +216,15 @@ SMTP(8)                                                   SMTP(8)
                     Disallow anonymous logins.
 <b>Resource controls</b>
-       <b>smtp</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+       <b>smtp_destination_concurrency_limit</b>
              Limit the number of parallel deliveries to the same
              destination.   The  default limit is taken from the
-              <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> parameter.
+              <b>default_destination_concurrency_limit</b> parameter.
-       <b>smtp</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>smtp_destination_recipient_limit</b>
              Limit the number of recipients per  message  deliv-
              ery.    The   default   limit  is  taken  from  the
-              <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
+              <b>default_destination_recipient_limit</b> parameter.
 <b>Timeout controls</b>
       The default time unit is seconds; an  explicit  time  unit
@ -232,48 +232,55 @@ SMTP(8)                                                   SMTP(8)
       value: s (seconds), m (minutes), h (hours), d (days) or  w
       (weeks).
-       <b>smtp</b><i>_</i><b>connect</b><i>_</i><b>timeout</b>
+       <b>smtp_connect_timeout</b>
              Timeout  for  completing  a TCP connection. When no
              connection can be made  within  the  deadline,  the
              SMTP  client  tries  the  next  address on the mail
              exchanger list.
-       <b>smtp</b><i>_</i><b>helo</b><i>_</i><b>timeout</b>
+       <b>smtp_helo_timeout</b>
              Timeout for receiving  the  SMTP  greeting  banner.
              When  the server drops the connection without send-
              ing a greeting banner, or when it sends no greeting
              banner  within  the deadline, the SMTP client tries
              the next address on the mail exchanger list.
-       <b>smtp</b><i>_</i><b>helo</b><i>_</i><b>timeout</b>
+       <b>smtp_helo_timeout</b>
              Timeout for  sending  the  <b>HELO</b>  command,  and  for
              receiving the server response.
-       <b>smtp</b><i>_</i><b>mail</b><i>_</i><b>timeout</b>
+       <b>smtp_mail_timeout</b>
              Timeout  for sending the <b>MAIL FROM</b> command, and for
              receiving the server response.
-       <b>smtp</b><i>_</i><b>rcpt</b><i>_</i><b>timeout</b>
+       <b>smtp_rcpt_timeout</b>
              Timeout for sending the <b>RCPT TO</b>  command,  and  for
              receiving the server response.
-       <b>smtp</b><i>_</i><b>data</b><i>_</i><b>init</b><i>_</i><b>timeout</b>
+       <b>smtp_data_init_timeout</b>
              Timeout  for  sending  the  <b>DATA</b>  command,  and for
              receiving the server response.
-       <b>smtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
+       <b>smtp_data_xfer_timeout</b>
              Timeout for sending the message content.
-       <b>smtp</b><i>_</i><b>data</b><i>_</i><b>done</b><i>_</i><b>timeout</b>
+       <b>smtp_data_done_timeout</b>
              Timeout  for  sending  the  "<b>.</b>"  command,  and  for
              receiving  the server response. When no response is
              received, a warning is logged that the mail may  be
              delivered multiple times.
-       <b>smtp</b><i>_</i><b>rset</b><i>_</i><b>timeout</b>
+       <b>smtp_defer_if_no_mx_address_found</b>
              If  no,  bounce mail when no MX host resolves to an
              address (Postfix always ignores MX hosts with equal
              or  worse  preference than the local MTA).  If yes,
              keep trying until a suitable MX  host  resolves  or
              until the mail is too old.
       <b>smtp_rset_timeout</b>
              Timeout for sending the <b>RSET</b> command.
-       <b>smtp</b><i>_</i><b>quit</b><i>_</i><b>timeout</b>
+       <b>smtp_quit_timeout</b>
              Timeout  for  sending  the  <b>QUIT</b>  command,  and for
              receiving the server response.
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@ -166,10 +166,28 @@ SMTPD(8)                                                 SMTPD(8)
              restriction.
 <b>Miscellaneous</b>
-       <b>authorized_verp_clients</b>
+       <b>smtpd_authorized_verp_clients</b>
              Hostnames, domain names and/or addresses of clients
              that are authorized to use the XVERP extension.
       <b>smtpd_authorized_xaddr_clients</b>
              Hostnames, domain names and/or addresses of clients
              that are  authorized  to  use  the  "XADDR  client-
              address  client-name"  command.  This changes Post-
              fix's idea of the SMTP client IP address and  host-
              name for access control and for logging purposes.
       <b>smtpd_authorized_xloginfo_clients</b>
              Hostnames, domain names and/or addresses of clients
              that are authorized to use  the  "XLOGINFO  client-
              address  client-name"  command.   This  changes the
              client name and address that are used for  logging,
              without  affecting  the client IP address and host-
              name that are used for access control.  XLOGINFO is
              typically  used to propagate remote client informa-
              tion through an SMTP-based content  filter  to  the
              after-filter SMTP server.
       <b>debug_peer_level</b>
              Increment  in  verbose  logging level when a remote
              host  matches  a  pattern  in  the  <b>debug_peer_list</b>
@ -275,7 +293,8 @@ SMTPD(8)                                                 SMTPD(8)
       <b>queue_minfree</b>
              Minimal amount of free space in bytes in the  queue
              file  system for the SMTP server to accept any mail
-              at all.
+              at  all  (default:  twice  the   <b>message_size_limit</b>
              value).
       <b>smtpd_history_flush_threshold</b>
              Flush  the  command  history  to  postmaster  after
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@ -225,6 +225,12 @@ Timeout for sending the message content.
 Timeout for sending the "\fB.\fR" command, and for
 receiving the server response. When no response is received, a
 warning is logged that the mail may be delivered multiple times.
 .IP \fBsmtp_defer_if_no_mx_address_found\fR
 If no, bounce mail when no MX host resolves to an address
 (Postfix always ignores MX hosts with equal or worse preference
 than the local MTA).
 If yes, keep trying until a suitable MX host resolves or until
 the mail is too old.
 .IP \fBsmtp_rset_timeout\fR
 Timeout for sending the \fBRSET\fR command.
 .IP \fBsmtp_quit_timeout\fR
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@ -154,9 +154,23 @@ anti-spoofing restriction.
 .SH Miscellaneous
 .ad
 .fi
-.IP \fBauthorized_verp_clients\fR
+.IP \fBsmtpd_authorized_verp_clients\fR
 Hostnames, domain names and/or addresses of clients that are
 authorized to use the XVERP extension.
 .IP \fBsmtpd_authorized_xaddr_clients\fR
 Hostnames, domain names and/or addresses of clients that are
 authorized to use the "XADDR client-address client-name" command.
 This changes Postfix's
 idea of the SMTP client IP address and hostname for access
 control and for logging purposes.
 .IP \fBsmtpd_authorized_xloginfo_clients\fR
 Hostnames, domain names and/or addresses of clients that are
 authorized to use the "XLOGINFO client-address client-name" command.
 This changes the client
 name and address that are used for logging, without affecting the
 client IP address and hostname that are used for access control.
 XLOGINFO is typically used to propagate remote client information
 through an SMTP-based content filter to the after-filter SMTP server.
 .IP \fBdebug_peer_level\fR
 Increment in verbose logging level when a remote host matches a
 pattern in the \fBdebug_peer_list\fR parameter.
@ -233,7 +247,8 @@ Limit the total size in bytes of a message, including on-disk
 storage for envelope information.
 .IP \fBqueue_minfree\fR
 Minimal amount of free space in bytes in the queue file system
-for the SMTP server to accept any mail at all.
+for the SMTP server to accept any mail at all (default: twice
 the \fBmessage_size_limit\fR value).
 .IP \fBsmtpd_history_flush_threshold\fR
 Flush the command history to postmaster after receipt of RSET etc.
 only if the number of history lines exceeds the given threshold.
--- a/postfix/src/dns/dns_lookup.c
+++ b/postfix/src/dns/dns_lookup.c
@ -169,7 +169,8 @@ static int dns_query(const char *name, int type, int flags,
    len = res_search((char *) name, C_IN, type, reply->buf, sizeof(reply->buf));
    if (len < 0) {
 	if (why)
-	    vstring_sprintf(why, "Name service error for name=%s type=%s: %s",
+	    vstring_sprintf(why, "Host or domain name not found. "
 			    "Name service error for name=%s type=%s: %s",
 			    name, dns_strtype(type), dns_strerror(h_errno));
 	if (msg_verbose)
 	    msg_info("dns_query: %s (%s): %s",
--- a/postfix/src/global/mail_addr_map.c
+++ b/postfix/src/global/mail_addr_map.c
@ -30,6 +30,8 @@
 /* .IP address
 /*	The address to be looked up.
 /* DIAGNOSTICS
 /*	Warnings: map lookup returns a non-address result.
 /*
 /*	The global \fIdict_errno\fR is non-zero when the lookup
 /*	should be tried again.
 /* SEE ALSO
@ -114,6 +116,12 @@ ARGV   *mail_addr_map(MAPS *path, const char *address, int propagate)
 	if (msg_verbose)
 	    for (i = 0; i < argv->argc; i++)
 		msg_info("%s: %s -> %d: %s", myname, address, i, argv->argv[i]);
 	if (argv->argc == 0) {
 	    msg_warn("%s lookup of %s returns non-address result \"%s\"",
 		     path->title, address, string);
 	    argv = argv_free(argv);
 	    dict_errno = DICT_ERR_RETRY;
 	}
    }
    /*
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@ -177,7 +177,7 @@ extern bool var_disable_dns;
 #define SMTP_HOST_LOOKUP_NATIVE	"native"
 #define VAR_SMTP_HOST_LOOKUP	"smtp_host_lookup"
-#define DEF_SMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS "," SMTP_HOST_LOOKUP_NATIVE
+#define DEF_SMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS
 extern int var_smtp_dns_lookup;
 /*
@ -837,6 +837,10 @@ extern int var_smtp_pix_thresh;
 #define DEF_SMTP_PIX_DELAY	"10s"
 extern int var_smtp_pix_delay;
 #define VAR_SMTP_DEFER_MXADDR	"smtp_defer_if_no_mx_address_found"
 #define DEF_SMTP_DEFER_MXADDR	0
 extern bool var_smtp_defer_mxaddr;
 /*
  * SMTP server. The soft error limit determines how many errors an SMTP
  * client may make before we start to slow down; the hard error limit
@ -1558,10 +1562,21 @@ extern char *var_verp_filter;
 #define DEF_VERP_BOUNCE_OFF		0
 extern bool var_verp_bounce_off;
-#define VAR_VERP_CLIENTS		"authorized_verp_clients"
+#define VAR_VERP_CLIENTS		"smtpd_authorized_verp_clients"
-#define DEF_VERP_CLIENTS		"$mynetworks"
+#define DEF_VERP_CLIENTS		"$authorized_verp_clients"
 extern char *var_verp_clients;
 /*
  * XADDR.
  */
 #define VAR_XADDR_CLIENTS		"smtpd_authorized_xaddr_clients"
 #define DEF_XADDR_CLIENTS		""
 extern char *var_xaddr_clients;
 #define VAR_XLOGINFO_CLIENTS		"smtpd_authorized_xloginfo_clients"
 #define DEF_XLOGINFO_CLIENTS		""
 extern char *var_xloginfo_clients;
 /*
  * Inbound mail flow control. This allows for a stiffer coupling between
  * receiving mail and sending mail. A sending process produces one token for
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change the patchlevel and the release date. Snapshots change the
  * release date only, unless they include the same bugfix as a patch release.
  */
-#define MAIL_RELEASE_DATE	"20030921"
+#define MAIL_RELEASE_DATE	"20031022"
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	"2.0.16-" MAIL_RELEASE_DATE
--- a/postfix/src/global/maps.c
+++ b/postfix/src/global/maps.c
@ -56,7 +56,7 @@
 /*	sensitive.
 /* DIAGNOSTICS
 /*	Panic: inappropriate use; fatal errors: out of memory, unable
-/*	to open database.
+/*	to open database. Warnings: null string lookup result.
 /*
 /*	maps_find() returns a null pointer when the requested
 /*	information was not found. The global \fIdict_errno\fR
@ -171,6 +171,14 @@ const char *maps_find(MAPS *maps, const char *name, int flags)
 	if (flags != 0 && (dict->flags & flags) == 0)
 	    continue;
 	if ((expansion = dict_get(dict, name)) != 0) {
 	    if (*expansion == 0) {
 		msg_warn("%s lookup of %s returns an empty string result",
 			 maps->title, name);
 		msg_warn("%s should return NO RESULT in case of NOT FOUND",
 			 maps->title);
 		dict_errno = DICT_ERR_RETRY;
 		return (0);
 	    }
 	    if (msg_verbose)
 		msg_info("%s: %s: %s: %s = %s", myname, maps->title,
 			 *map_name, name, expansion);
--- a/postfix/src/local/alias.c
+++ b/postfix/src/local/alias.c
@ -283,6 +283,10 @@ int     deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr,
 		msg_warn("mailing list \"%s\" needs an \"owner-%s\" alias",
 			 name, name);
 #endif
 	    if (alias_count < 1)
 		*statusp = defer_append(BOUNCE_FLAGS(state.request),
 					BOUNCE_ATTR(state.msg_attr),
 					"no recipient in alias lookup result");
 	    myfree(expansion);
 	    if (owner)
 		myfree(owner);
--- a/postfix/src/master/master.c
+++ b/postfix/src/master/master.c
@ -323,8 +323,8 @@ int     main(int argc, char **argv)
    clean_env(import_env->argv);
    argv_free(import_env);
-    if ((inherited_limit = get_file_limit()) < (off_t) INT_MAX)
+    if ((inherited_limit = get_file_limit()) < 0)
-	set_file_limit(INT_MAX);
+	set_file_limit(OFF_T_MAX);
    if (chdir(var_queue_dir))
 	msg_fatal("chdir %s: %m", var_queue_dir);
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@ -209,6 +209,12 @@
 /*	Timeout for sending the "\fB.\fR" command, and for
 /*	receiving the server response. When no response is received, a
 /*	warning is logged that the mail may be delivered multiple times.
 /* .IP \fBsmtp_defer_if_no_mx_address_found\fR
 /*	If no, bounce mail when no MX host resolves to an address
 /*	(Postfix always ignores MX hosts with equal or worse preference
 /*	than the local MTA).
 /*	If yes, keep trying until a suitable MX host resolves or until
 /*	the mail is too old.
 /* .IP \fBsmtp_rset_timeout\fR
 /*	Timeout for sending the \fBRSET\fR command.
 /* .IP \fBsmtp_quit_timeout\fR
@ -297,7 +303,8 @@ int     var_smtp_pix_delay;
 int     var_smtp_line_limit;
 char   *var_smtp_helo_name;
 char   *var_smtp_host_lookup;
-int     var_smtp_quote_821_env;
+bool    var_smtp_quote_821_env;
 bool    var_smtp_defer_mxaddr;
 /*
  * Global variables. smtp_errno is set by the address lookup routines and by
@ -510,6 +517,7 @@ int     main(int argc, char **argv)
 	VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable,
 	VAR_SMTP_RAND_ADDR, DEF_SMTP_RAND_ADDR, &var_smtp_rand_addr,
 	VAR_SMTP_QUOTE_821_ENV, DEF_SMTP_QUOTE_821_ENV, &var_smtp_quote_821_env,
 	VAR_SMTP_DEFER_MXADDR, DEF_SMTP_DEFER_MXADDR, &var_smtp_defer_mxaddr,
 	0,
    };
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@ -408,6 +408,7 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why, int *found_myself)
 	addr_list = smtp_addr_list(mx_names, why);
 	dns_rr_free(mx_names);
 	if (addr_list == 0) {
 	    if (var_smtp_defer_mxaddr)
 		smtp_errno = SMTP_RETRY;
 	    msg_warn("no MX host for %s has a valid A record", name);
 	    break;
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@ -368,7 +368,7 @@ int     smtp_xfer(SMTP_STATE *state)
    int     except;
    int     rec_type;
    int     prev_type = 0;
-    int     sndbufsize;
+    int     sndbufsize = 0;
    int     sndbuffree;
    SOCKOPT_SIZE optlen = sizeof(sndbufsize);
    int     mail_from_rejected;
@ -443,6 +443,12 @@ int     smtp_xfer(SMTP_STATE *state)
 	    msg_fatal("%s: getsockopt: %m", myname);
 	if (sndbufsize > VSTREAM_BUFSIZE)
 	    sndbufsize = VSTREAM_BUFSIZE;
 	if (sndbufsize == 0) {
 	    sndbufsize = VSTREAM_BUFSIZE;
 	    if (setsockopt(vstream_fileno(state->session->stream), SOL_SOCKET,
 			   SO_SNDBUF, (char *) &sndbufsize, optlen) < 0)
 		msg_fatal("%s: setsockopt: %m", myname);
 	}
 	if (msg_verbose)
 	    msg_info("Using ESMTP PIPELINING, TCP send buffer size is %d",
 		     sndbufsize);
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@ -140,9 +140,23 @@
 /* .SH Miscellaneous
 /* .ad
 /* .fi
-/* .IP \fBauthorized_verp_clients\fR
+/* .IP \fBsmtpd_authorized_verp_clients\fR
 /*	Hostnames, domain names and/or addresses of clients that are
 /*	authorized to use the XVERP extension.
 /* .IP \fBsmtpd_authorized_xaddr_clients\fR
 /*	Hostnames, domain names and/or addresses of clients that are
 /*	authorized to use the "XADDR client-address client-name" command.
 /*	This changes Postfix's
 /*	idea of the SMTP client IP address and hostname for access
 /*	control and for logging purposes.
 /* .IP \fBsmtpd_authorized_xloginfo_clients\fR
 /*	Hostnames, domain names and/or addresses of clients that are
 /*	authorized to use the "XLOGINFO client-address client-name" command.
 /*	This changes the client
 /*	name and address that are used for logging, without affecting the
 /*	client IP address and hostname that are used for access control.
 /*	XLOGINFO is typically used to propagate remote client information
 /*	through an SMTP-based content filter to the after-filter SMTP server.
 /* .IP \fBdebug_peer_level\fR
 /*	Increment in verbose logging level when a remote host matches a
 /*	pattern in the \fBdebug_peer_list\fR parameter.
@ -219,7 +233,8 @@
 /*	storage for envelope information.
 /* .IP \fBqueue_minfree\fR
 /*	Minimal amount of free space in bytes in the queue file system
-/*	for the SMTP server to accept any mail at all.
+/*	for the SMTP server to accept any mail at all (default: twice
 /*	the \fBmessage_size_limit\fR value).
 /* .IP \fBsmtpd_history_flush_threshold\fR
 /*	Flush the command history to postmaster after receipt of RSET etc.
 /*	only if the number of history lines exceeds the given threshold.
@ -527,6 +542,8 @@ char   *var_input_transp;
 int     var_smtpd_policy_tmout;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 char   *var_xaddr_clients;
 char   *var_xloginfo_clients;
 /*
  * Silly little macros.
@ -542,6 +559,18 @@ int     var_smtpd_policy_ttl;
 static NAMADR_LIST *verp_clients;
 /*
  * XADDR command.
  */
 #define XADDR_CMD		"XADDR"
 static NAMADR_LIST *xaddr_clients;
 /*
  * XLOGINFO command.
  */
 static NAMADR_LIST *xloginfo_clients;
 /*
  * Other application-specific globals.
  */
@ -682,6 +711,10 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 #endif
    if (namadr_list_match(verp_clients, state->name, state->addr))
 	smtpd_chat_reply(state, "250-%s", VERP_CMD);
    if (namadr_list_match(xaddr_clients, state->name, state->addr))
 	smtpd_chat_reply(state, "250-%s", XADDR_CMD);
    if (namadr_list_match(xloginfo_clients, state->name, state->addr))
 	smtpd_chat_reply(state, "250-%s", XLOGINFO_CMD);
    smtpd_chat_reply(state, "250 8BITMIME");
    return (0);
 }
@ -759,7 +792,7 @@ static void mail_open_stream(SMTPD_STATE *state, SMTPD_TOKEN *argv,
 	smtpd_sasl_mail_log(state);
    else
 #endif
-	msg_info("%s: client=%s[%s]", state->queue_id, state->name, state->addr);
+	msg_info("%s: client=%s", state->queue_id, state->namaddr);
    /*
     * Record the time of arrival, the sender envelope address, some session
@ -1586,6 +1619,80 @@ static int quit_cmd(SMTPD_STATE *state, int unused_argc, SMTPD_TOKEN *unused_arg
    return (0);
 }
 /* xaddr_cmd - process XADDR */
 static int xaddr_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 {
    /*
     * Sanity checks.
     */
    if (namadr_list_match(xaddr_clients, state->name, state->addr) == 0) {
 	state->error_mask |= MAIL_ERROR_POLICY;
 	smtpd_chat_reply(state, "554 Error: insufficient authorization");
 	return (-1);
    }
    /* Todo: "XADDR address" to let Postfix look up the client name. */
    if (argc != 3
 	|| !valid_hostaddr(argv[1].strval, DONT_GRIPE)
 	|| !valid_hostname(argv[2].strval, DONT_GRIPE)) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	smtpd_chat_reply(state, "501 Syntax: %s address hostname", XADDR_CMD);
 	return (-1);
    }
    /*
     * Change peer information for logging and for access control. Change a
     * numerical hostname into "unknown", to make it easy to extract client
     * information from Received: headers.
     */
 #define FIX_NUMERICAL_NAME(s) \
 	(valid_hostaddr((s), DONT_GRIPE) ?  "unknown" : (s))
    smtpd_peer_reset(state);
    state->name = mystrdup(FIX_NUMERICAL_NAME(argv[2].strval));
    state->addr = mystrdup(argv[1].strval);
    state->namaddr =
 	concatenate(state->name, "[", state->addr, "]", (char *) 0);
    state->peer_code = strcmp(state->name, "unknown") ? 2 : 5;
    smtpd_chat_reply(state, "250 Ok");
    return (0);
 }
 /* xloginfo_cmd - process XLOGINFO */
 static int xloginfo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 {
    char   *cp;
    /*
     * Sanity checks.
     */
    if (namadr_list_match(xloginfo_clients, state->name, state->addr) == 0) {
 	state->error_mask |= MAIL_ERROR_POLICY;
 	smtpd_chat_reply(state, "554 Error: insufficient authorization");
 	return (-1);
    }
    if (argc != 3
 	|| !valid_hostaddr(argv[1].strval, DONT_GRIPE)
 	|| !valid_hostname(argv[2].strval, DONT_GRIPE)) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	smtpd_chat_reply(state, "501 Syntax: %s address hostname", XLOGINFO_CMD);
 	return (-1);
    }
    /*
     * Change peer information for logging but not for access control. Change
     * a numerical hostname into "unknown", for consistency with XADDR.
     */
    myfree(state->namaddr);
    state->namaddr =
 	concatenate(FIX_NUMERICAL_NAME(argv[2].strval),
 		    "[", argv[1].strval, "]", (char *) 0);
    smtpd_chat_reply(state, "250 Ok");
    return (0);
 }
 /* chat_reset - notify postmaster and reset conversation log */
 static void chat_reset(SMTPD_STATE *state, int threshold)
@ -1637,6 +1744,8 @@ static SMTPD_CMD smtpd_cmd_table[] = {
    "VRFY", vrfy_cmd, SMTPD_CMD_FLAG_LIMIT,
    "ETRN", etrn_cmd, SMTPD_CMD_FLAG_LIMIT,
    "QUIT", quit_cmd, 0,
    "XADDR", xaddr_cmd, SMTPD_CMD_FLAG_LIMIT,
    "XLOGINFO", xloginfo_cmd, SMTPD_CMD_FLAG_LIMIT,
    "Received:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
    "Reply-To:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
    "Message-ID:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
@ -1849,6 +1958,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
     */
    smtpd_noop_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_noop_cmds);
    verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients);
    xaddr_clients = namadr_list_init(MATCH_FLAG_NONE, var_xaddr_clients);
    xloginfo_clients = namadr_list_init(MATCH_FLAG_NONE, var_xloginfo_clients);
    if (getuid() == 0 || getuid() == var_owner_uid)
 	smtpd_check_init();
    debug_peer_init();
@ -1878,6 +1989,18 @@ static void post_jail_init(char *unused_name, char **unused_argv)
     */
    smtpd_input_transp_mask =
 	input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
    /*
     * Sanity checks. The queue_minfree value should be at least as large as
     * (process_limit * message_size_limit) but that is unpractical, so we
     * arbitrarily pick a number and require twice the message size limit.
     */
    if (var_queue_minfree > 0
 	&& var_message_limit > 0
 	&& var_queue_minfree / 2 < var_message_limit)
 	msg_warn("%s(%lu) should be at least 2*%s(%lu)",
 		  VAR_QUEUE_MINFREE, (unsigned long) var_queue_minfree,
 		  VAR_MESSAGE_LIMIT, (unsigned long) var_message_limit);
 }
 /* main - the main program */
@ -1965,6 +2088,8 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
 	VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
 	VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
 	VAR_XADDR_CLIENTS, DEF_XADDR_CLIENTS, &var_xaddr_clients, 0, 0,
 	VAR_XLOGINFO_CLIENTS, DEF_XLOGINFO_CLIENTS, &var_xloginfo_clients, 0, 0,
 	0,
    };
    static CONFIG_RAW_TABLE raw_table[] = {
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@ -128,6 +128,11 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
  */
 extern int smtpd_input_transp_mask;
 /*
  * XLOGINFO command.
  */
 #define XLOGINFO_CMD		"XLOGINFO"
 /* LICENSE
 /* .ad
 /* .fi
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@ -233,12 +233,12 @@
 /*	\fImessage_size_limit\fR configuration parameter. This is a
 /*	permanent error.
 /* .IP \(bu
-/*	The message would cause the available queue file system space
+/*	The available queue file system space is less than the amount
-/*	to drop below the bound specified with the \fImin_queue_free\fR
+/*	specified with the \fImin_queue_free\fR configuration parameter.
-/*	configuration parameter. This is a temporary error.
+/*	This is a temporary error.
 /* .IP \(bu
-/*	The message would use up more than half the available queue file
+/*	The available queue file system space is less than twice the
-/*	system space. This is a temporary error.
+/*	message size limit. This is a temporary error.
 /* .PP
 /*	smtpd_check_data() enforces generic restrictions after the
 /*	client has sent the DATA command.
@ -2060,6 +2060,7 @@ static int check_domain_access(SMTPD_STATE *state, const char *table,
    char   *next;
    const char *value;
    DICT   *dict;
    int     maybe_numerical = 1;
    if (msg_verbose)
 	msg_info("%s: %s", myname, domain);
@ -2084,6 +2085,10 @@ static int check_domain_access(SMTPD_STATE *state, const char *table,
 	    if (dict_errno != 0)
 		msg_fatal("%s: table lookup problem", table);
 	}
 	/* Don't apply subdomain magic to numerical hostnames. */
 	if (maybe_numerical
 	    && (maybe_numerical = valid_hostaddr(domain, DONT_GRIPE)) != 0)
 	    break;
 	if ((next = strchr(name + 1, '.')) == 0)
 	    break;
 	if (access_parent_style == MATCH_FLAG_PARENT)
@ -2252,6 +2257,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
     * Check the hostnames first, then the addresses.
     */
    for (server = server_list; server != 0; server = server->next) {
 	h_errno = 0;				/* XXX */
 	if ((hp = gethostbyname((char *) server->data)) == 0) {
 	    msg_warn("Unable to look up %s host %s for %s %s: %s",
 		     dns_strtype(type), (char *) server->data,
@ -3793,17 +3799,17 @@ char   *smtpd_check_size(SMTPD_STATE *state, off_t size)
 				  "552 Message size exceeds fixed limit");
 	return (STR(error_text));
    }
    fsspace(".", &fsbuf);
    if (msg_verbose)
-	msg_info("%s: blocks %lu avail %lu min_free %lu size %lu",
+	msg_info("%s: blocks %lu avail %lu min_free %lu msg_size_limit %lu",
 		 myname,
 		 (unsigned long) fsbuf.block_size,
 		 (unsigned long) fsbuf.block_free,
 		 (unsigned long) var_queue_minfree,
-		 (unsigned long) size);
+		 (unsigned long) var_message_limit);
    if (BLOCKS(var_queue_minfree) >= fsbuf.block_free
-	|| BLOCKS(size) >= fsbuf.block_free - BLOCKS(var_queue_minfree)
+	|| BLOCKS(var_message_limit) >= fsbuf.block_free / 2) {
 	|| BLOCKS(size) >= fsbuf.block_free / 2) {
 	(void) smtpd_check_reject(state, MAIL_ERROR_RESOURCE,
 				  "452 Insufficient system storage");
 	return (STR(error_text));
--- a/postfix/src/smtpd/smtpd_check.ref
+++ b/postfix/src/smtpd/smtpd_check.ref
@ -55,7 +55,8 @@ OK
 ./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 450 <foo>: Helo command rejected: Host not found; proto=SMTP helo=<foo>
 450 <foo>: Helo command rejected: Host not found
 >>> helo spike.porcupine.org
-OK
+./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=<spike.porcupine.org>
 554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org
 >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access
 OK
 >>> helo random.bad.domain
--- a/postfix/src/smtpd/smtpd_check.ref2
+++ b/postfix/src/smtpd/smtpd_check.ref2
@ -55,7 +55,8 @@ OK
 ./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 450 <foo>: Helo command rejected: Host not found; proto=SMTP helo=<foo>
 450 <foo>: Helo command rejected: Host not found
 >>> helo spike.porcupine.org
-OK
+./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=<spike.porcupine.org>
 554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org
 >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access
 OK
 >>> helo random.bad.domain
--- a/postfix/src/smtpd/smtpd_check.ref4
+++ b/postfix/src/smtpd/smtpd_check.ref4
@ -6,7 +6,7 @@
 >>> smtpd_delay_reject 0
 OK
 >>> #
->>> # Test the nex access map features
+>>> # Test the new access map features
 >>> #
 >>> sender_restrictions hash:./smtpd_check_access
 OK
--- a/postfix/src/smtpd/smtpd_check_access
+++ b/postfix/src/smtpd/smtpd_check_access
@ -60,3 +60,4 @@ dunnotext@dunno.domain	dunno text
 topica.com		reject
 10.10.10.10		reject mail server 10.10.10.10
 spike.porcupine.org	reject name server spike.porcupine.org
 241			reject class E subnet
--- a/postfix/src/smtpd/smtpd_exp.in
+++ b/postfix/src/smtpd/smtpd_exp.in
@ -64,14 +64,15 @@ rcpt rname@rdomain
 # Check MX access
 #
 helo_restrictions check_helo_mx_access,hash:smtpd_check_access
-helo verisign-wildcard.com
+#helo verisign-wildcard.com
 helo verisign.com
 helo example.tld
 sender_restrictions check_sender_mx_access,hash:smtpd_check_access
-mail foo@verisign-wildcard.com
+mail foo@pls.net.au
 #mail foo@verisign-wildcard.com
 mail foo@verisign.com
 recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
-rcpt foo@verisign-wildcard.com
+#rcpt foo@verisign-wildcard.com
 rcpt foo@verisign.com
 rcpt foo@1.2.3.porcupine.org
 #
@ -80,14 +81,14 @@ rcpt foo@1.2.3.porcupine.org
 helo_restrictions check_helo_ns_access,hash:smtpd_check_access
 helo email-publisher.com
 helo ns1.topica.com
-helo verisign-wildcard.com
+#helo verisign-wildcard.com
 helo example.tld
 sender_restrictions check_sender_ns_access,hash:smtpd_check_access
 mail foo@email-publisher.com
 mail foo@ns1.topica.com
-mail foo@verisign-wildcard.com
+#mail foo@verisign-wildcard.com
 recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
 rcpt foo@email-publisher.com
 rcpt foo@ns1.topica.com
-rcpt foo@verisign-wildcard.com
+#rcpt foo@verisign-wildcard.com
 rcpt foo@1.2.3.porcupine.org
--- a/postfix/src/smtpd/smtpd_exp.ref
+++ b/postfix/src/smtpd/smtpd_exp.ref
@ -114,26 +114,23 @@ OK
 >>> #
 >>> helo_restrictions check_helo_mx_access,hash:smtpd_check_access
 OK
->>> helo verisign-wildcard.com
+>>> #helo verisign-wildcard.com
 ./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 <verisign-wildcard.com>: Helo command rejected: Verisign wild-card; from=<sname@sdomain> proto=SMTP helo=<verisign-wildcard.com>
 554 <verisign-wildcard.com>: Helo command rejected: Verisign wild-card
 >>> helo verisign.com
 OK
 >>> helo example.tld
-./smtpd_check: warning: Unable to look up MX host for example.tld
+./smtpd_check: warning: Unable to look up MX host for example.tld: Host not found
 OK
 >>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
 OK
->>> mail foo@verisign-wildcard.com
+>>> mail foo@pls.net.au
-./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 <foo@verisign-wildcard.com>: Sender address rejected: Verisign wild-card; from=<foo@verisign-wildcard.com> proto=SMTP helo=<example.tld>
+./smtpd_check: warning: numeric domain name in resource data of MX record for pls.net.au: 203.3.110.241
-554 <foo@verisign-wildcard.com>: Sender address rejected: Verisign wild-card
+OK
 >>> #mail foo@verisign-wildcard.com
 >>> mail foo@verisign.com
 OK
 >>> recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
 OK
->>> rcpt foo@verisign-wildcard.com
+>>> #rcpt foo@verisign-wildcard.com
 ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@verisign-wildcard.com>: Recipient address rejected: Verisign wild-card; from=<foo@verisign.com> to=<foo@verisign-wildcard.com> proto=SMTP helo=<example.tld>
 554 <foo@verisign-wildcard.com>: Recipient address rejected: Verisign wild-card
 >>> rcpt foo@verisign.com
 OK
 >>> rcpt foo@1.2.3.porcupine.org
@ -150,10 +147,9 @@ OK
 >>> helo ns1.topica.com
 ./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 <ns1.topica.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<ns1.topica.com>
 554 <ns1.topica.com>: Helo command rejected: Access denied
->>> helo verisign-wildcard.com
+>>> #helo verisign-wildcard.com
 OK
 >>> helo example.tld
-./smtpd_check: warning: Unable to look up NS host for example.tld
+./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
 OK
 >>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access
 OK
@ -163,18 +159,16 @@ OK
 >>> mail foo@ns1.topica.com
 ./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 <foo@ns1.topica.com>: Sender address rejected: Access denied; from=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
 554 <foo@ns1.topica.com>: Sender address rejected: Access denied
->>> mail foo@verisign-wildcard.com
+>>> #mail foo@verisign-wildcard.com
 OK
 >>> recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
 OK
 >>> rcpt foo@email-publisher.com
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@verisign-wildcard.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
 554 <foo@email-publisher.com>: Recipient address rejected: Access denied
 >>> rcpt foo@ns1.topica.com
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@verisign-wildcard.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
 554 <foo@ns1.topica.com>: Recipient address rejected: Access denied
->>> rcpt foo@verisign-wildcard.com
+>>> #rcpt foo@verisign-wildcard.com
 OK
 >>> rcpt foo@1.2.3.porcupine.org
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@verisign-wildcard.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@ns1.topica.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
 554 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@ -40,7 +40,7 @@
 /*	name->address mapping, client address not listed for hostname).
 /* .RE
 /* .PP
-/*	smtpd_peer_reset() releases memory allocate by smtpd_peer_init().
+/*	smtpd_peer_reset() releases memory allocated by smtpd_peer_init().
 /* LICENSE
 /* .ad
 /* .fi
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@ -175,6 +175,8 @@ int     smtpd_proxy_open(SMTPD_STATE *state, const char *service,
 			         const char *mail_from)
 {
    int     fd;
    char   *lines;
    char   *line;
    /*
     * This buffer persists beyond the end of a proxy session so we can
@ -225,6 +227,18 @@ int     smtpd_proxy_open(SMTPD_STATE *state, const char *service,
 	return (-1);
    }
    /*
     * Parse the EHLO reply and see if we can forward the client hostname and
     * address info for logging purposes. If the command fails, then proceed.
     * It is not the end of the world.
     */
    lines = STR(state->proxy_buffer);
    while ((line = mystrtok(&lines, "\n")) != 0)
 	if ((line[3] == ' ' || line[3] == '-')
 	    && strcmp(line + 4, XLOGINFO_CMD) == 0)
 	    (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, "%s %s %s",
 				   XLOGINFO_CMD, state->addr, state->name);
    /*
     * Pass-through the client's MAIL FROM command. If this fails, then we
     * have a problem because the proxy should always accept any MAIL FROM
@ -282,6 +296,7 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
    char   *cp;
    int     last_char;
    int     err = 0;
    static VSTRING *buffer = 0;
    /*
     * Errors first. Be prepared for delayed errors from the DATA phase.
@ -336,19 +351,32 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
 	return (0);
    /*
-     * Censor out non-printable characters in server responses and keep the
+     * Censor out non-printable characters in server responses and save
-     * last line of multi-line responses.
+     * complete multi-line responses if possible.
     */
    VSTRING_RESET(state->proxy_buffer);
    if (buffer == 0)
 	buffer = vstring_alloc(10);
    for (;;) {
-	last_char = smtp_get(state->proxy_buffer, state->proxy, var_line_limit);
+	last_char = smtp_get(buffer, state->proxy, var_line_limit);
-	printable(STR(state->proxy_buffer), '?');
+	printable(STR(buffer), '?');
 	if (last_char != '\n')
 	    msg_warn("%s: response longer than %d: %.30s...",
 		     VSTREAM_PATH(state->proxy), var_line_limit,
-		     STR(state->proxy_buffer));
+		     STR(buffer));
 	if (msg_verbose)
 	    msg_info("< %s: %.100s", VSTREAM_PATH(state->proxy),
-		     STR(state->proxy_buffer));
+		     STR(buffer));
 	/*
 	 * Defend against a denial of service attack by limiting the amount
 	 * of multi-line text that we are willing to store.
 	 */
 	if (LEN(state->proxy_buffer) < var_line_limit) {
 	    if (VSTRING_LEN(state->proxy_buffer))
 		VSTRING_ADDCH(state->proxy_buffer, '\n');
 	    vstring_strcat(state->proxy_buffer, STR(buffer));
 	}
 	/*
 	 * Parse the response into code and text. Ignore unrecognized
@ -356,16 +384,16 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
 	 * line) will have the same effect as the '-' line continuation
 	 * character.
 	 */
-	for (cp = STR(state->proxy_buffer); *cp && ISDIGIT(*cp); cp++)
+	for (cp = STR(buffer); *cp && ISDIGIT(*cp); cp++)
 	     /* void */ ;
-	if (cp - STR(state->proxy_buffer) == 3) {
+	if (cp - STR(buffer) == 3) {
 	    if (*cp == '-')
 		continue;
 	    if (*cp == ' ' || *cp == 0)
 		break;
 	}
 	msg_warn("received garbage from proxy %s: %.100s",
-		 VSTREAM_PATH(state->proxy), STR(state->proxy_buffer));
+		 VSTREAM_PATH(state->proxy), STR(buffer));
    }
    /*
--- a/postfix/src/smtpd/smtpd_sasl_proto.c
+++ b/postfix/src/smtpd/smtpd_sasl_proto.c
@ -197,8 +197,8 @@ void    smtpd_sasl_mail_log(SMTPD_STATE *state)
 {
 #define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
-    msg_info("%s: client=%s[%s]%s%s%s%s%s%s",
+    msg_info("%s: client=%s%s%s%s%s%s%s",
-	     state->queue_id, state->name, state->addr,
+	     state->queue_id, state->namaddr,
 	     IFELSE(state->sasl_method, ", sasl_method=", ""),
 	     IFELSE(state->sasl_method, state->sasl_method, ""),
 	     IFELSE(state->sasl_username, ", sasl_username=", ""),
--- a/postfix/src/util/attr_scan0.c
+++ b/postfix/src/util/attr_scan0.c
@ -164,7 +164,7 @@ static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *contex
    int     limit = var_line_limit * 4;
    int     ch;
-    if ((ch = vstring_get_null_bound(plain_buf, fp, limit)) == VSTREAM_EOF) {
+    if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) {
 	msg_warn("%s on %s while reading %s",
 		 vstream_ftimeout(fp) ? "timeout" : "premature end-of-input",
 		 VSTREAM_PATH(fp), context);
--- a/postfix/src/util/attr_scan64.c
+++ b/postfix/src/util/attr_scan64.c
@ -179,11 +179,13 @@ static int attr_scan64_string(VSTREAM *fp, VSTRING *plain_buf, const char *conte
 	    return (-1);
 	}
 	VSTRING_ADDCH(base64_buf, ch);
 #if 0
 	if (LEN(base64_buf) > limit) {
 	    msg_warn("string length > %d characters from %s while reading %s",
 		     limit, VSTREAM_PATH(fp), context);
 	    return (-1);
 	}
 #endif
    }
    VSTRING_TERMINATE(base64_buf);
    if (base64_decode(plain_buf, STR(base64_buf), LEN(base64_buf)) == 0) {
--- a/postfix/src/util/attr_scan_plain.c
+++ b/postfix/src/util/attr_scan_plain.c
@ -174,11 +174,13 @@ static int attr_scan_plain_string(VSTREAM *fp, VSTRING *plain_buf,
 	    return (-1);
 	}
 	VSTRING_ADDCH(plain_buf, ch);
 #if 0
 	if (LEN(plain_buf) > limit) {
 	    msg_warn("string length > %d characters from %s while reading %s",
 		     limit, VSTREAM_PATH(fp), context);
 	    return (-1);
 	}
 #endif
    }
    VSTRING_TERMINATE(plain_buf);
--- a/postfix/src/util/base64_code.c
+++ b/postfix/src/util/base64_code.c
@ -41,6 +41,11 @@
 #include "sys_defs.h"
 #include <ctype.h>
 #include <string.h>
 #include <limits.h>
 #ifndef UCHAR_MAX
 #define UCHAR_MAX 0xff
 #endif
 /* Utility library. */
@ -102,7 +107,7 @@ VSTRING *base64_decode(VSTRING *result, const char *in, int len)
    int     ch2;
    int     ch3;
-#define CHARS_PER_BYTE	256
+#define CHARS_PER_BYTE	(UCHAR_MAX + 1)
 #define INVALID		0xff
    /*
--- a/postfix/src/util/sane_connect.c
+++ b/postfix/src/util/sane_connect.c
@ -11,7 +11,7 @@
 /*	struct sockaddr	*buf;
 /*	SOCKADDR_SIZE *len;
 /* DESCRIPTION
-/*	sane_connect() implements the accept(2) socket call, and maps
+/*	sane_connect() implements the connect(2) socket call, and maps
 /*	known harmless error results to EAGAIN.
 /* BUGS
 /*	Bizarre systems may have other harmless error results. Such