@@ -701,7 +701,7 @@ Postfix version 2.1 and later./etc/postfix/master.cf: - :10026 inet n - n - - smtpd + 127.0.0.1:10026 inet n - n - - smtpd -o receive_override_options=no_address_mappings
@@ -751,7 +751,7 @@ is available in Postfix version 2.1 and later./etc/postfix/master.cf: - :10026 inet n - n - - smtpd + 127.0.0.1:10026 inet n - n - - smtpd -o receive_override_options=no_address_mappings
@@ -810,7 +810,7 @@ in the master.cf file. This feature is available in/etc/postfix/master.cf: - :10026 inet n - n - - smtpd + 127.0.0.1:10026 inet n - n - - smtpd -o receive_override_options=no_address_mappings
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index 5d85c8bee..918ca7b86 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -370,7 +370,7 @@ example, the lookup table "static:foobar" always returns the string described in tcp_table(5). The lookup table name is "tcp:host:port" where "host" specifies a symbolic hostname or a numeric IP address, and "port" specifies a symbolic service name or a numeric port -number. This protocol is not available in the stable Postfix release. +number./etc/postfix/master.cf: - :10026 inet n - n - - smtpd + 127.0.0.1:10026 inet n - n - - smtpd -o receive_override_options=no_address_mappings
Sometimes an SMTP client needs "same network" privileges when -it connects from elsewhere. To address this problem, Postfix +
SMTP clients outside the SMTP server's network need a different +way to get "same network" privileges. To address this need, Postfix supports SASL authentication (RFC 4954, formerly RFC 2554). With this a remote SMTP client can authenticate to the Postfix SMTP server, and the Postfix SMTP client can authenticate to a remote @@ -176,10 +176,10 @@ later.
Dovecot is a POP/IMAP server that must be configured to +
Dovecot is a POP/IMAP server that has its own configuration to authenticate POP/IMAP clients. When the Postfix SMTP server uses -Dovecot SASL, it also reuses this configuration. Consult the Dovecot documentation for how +Dovecot SASL, it reuses parts of this configuration. Consult the +Dovecot documentation for how to configure and operate the Dovecot authentication server.
/var/spool/postfix/private/auth, and
lines 11-13 limit read+write permissions to user and group
postfix only.
-Proceed with the section "Enabling SASL authentication and -authorization in the Postfix SMTP server" to turn on and use -SASL in the Postfix SMTP server.
+Proceed with the section "Enabling +SASL authentication and authorization in the Postfix SMTP server" +to turn on and use SASL in the Postfix SMTP server.
The Cyrus SASL framework was supports a wide variety of -applications. Different applications may require different +
The Cyrus SASL framework supports a wide variety of applications +(POP, IMAP, SMTP, etc.). Different applications may require different configurations. As a consequence each application may have its own configuration file.
@@ -438,9 +436,9 @@ by an additional security layer such as a TLS-encrypted SMTP session Additionally the saslauthd server itself must be
configured. It must be told which authentication backend to turn
-to for password verification. The backend is choosen as a command
-line option when saslauthd is started and will be shown
-in the following examples.
saslauthd command-line option and will be shown in the
+following examples.
@@ -561,14 +559,15 @@ when authentication is successful:Sometimes the
+distributed withtestsaslauthdprogram is not distributed with a the Cyrus SASL main package. In that case, it may be -distributed with -devel, -dev or -debug packages.-devel,-devor +-debugpackages.
Specify an additional "-s smtp" if saslauthd
-was configured to contact the PAM authentication framework and an
-additional "-f /path/to/socketdir/mux" if
-saslauthd establishes the UNIX-domain socket in a
+was configured to contact the PAM authentication framework, and
+specify an additional "-f /path/to/socketdir/mux"
+if saslauthd establishes the UNIX-domain socket in a
non-default location.
If authentication succeeds, proceed with the section "
Accounts are stored stored in a Cyrus SASL Berkeley DB
-database Accounts are stored in a SQL database Accounts are stored stored in an LDAP database
-
@@ -718,12 +715,13 @@ stored as plaintext.
+
-
-Plugin Description
-sasldb Accounts
+are stored stored in a Cyrus SASL Berkeley DB database
-sql Accounts are
+stored in a SQL database
-ldapdb Accounts
+are stored stored in an LDAP database
If you must store encrypted passwords, see section "Using saslauthd with PAM", and configure
-PAM to look up the encrypted passwords with, for example, the
-pam_mysql module. You will not be able to use any of
-the methods that require access to plaintext passwords, such as the
-shared-secret methods CRAM-MD5 and DIGEST-MD5.
If you must store encrypted passwords, you cannot use the sql
+auxprop plugin. Instead, see section "Using
+saslauthd with PAM", and configure PAM to look up the encrypted
+passwords with, for example, the pam_mysql module.
+You will not be able to use any of the methods that require access
+to plaintext passwords, such as the shared-secret methods CRAM-MD5
+and DIGEST-MD5.
If you must store encrypted passwords, you can use "saslauthd
--a ldap" to query the LDAP database directly, with appropriate
-configuration in saslauthd.conf. This may be documented
-in a later version of this document. You will not be able to use
-any of the methods that require access to plaintext passwords, such
-as the shared-secret methods CRAM-MD5 and DIGEST-MD5.
If you must store encrypted passwords, you cannot use the ldapdb
+auxprop plugin. Instead, you can use "saslauthd -a ldap"
+to query the LDAP database directly, with appropriate configuration
+in saslauthd.conf. This may be documented in a later
+version of this document. You will not be able to use any of the
+methods that require access to plaintext passwords, such as the
+shared-secret methods CRAM-MD5 and DIGEST-MD5.
Regardless of the SASL implementation type, enabling SMTP
-authentication in the Postfix SMTP server always requires seting
+authentication in the Postfix SMTP server always requires setting
the smtpd_sasl_auth_enable option:
@@ -1775,10 +1774,11 @@ mechanism):-
This default policy leads to authentication failures if the -remote server only offers plaintext authentication mechanisms. In -such cases the SMTP client will log the following error message: -
+ This default policy, which allows no plaintext passwords, leads
+to authentication failures if the remote server only offers plaintext
+authentication mechanisms (the SMTP server announces "AUTH
+PLAIN LOGIN"). In such cases the SMTP client will log the
+following error message:
+@@ -1786,6 +1786,16 @@ SASL authentication failure: No worthy mechs found
+ +Note + ++This same error message will also be logged when the +
+ +libplain.soorliblogin.somodules are +not installed in the/usr/lib/sasl2directory.
The less secure approach is to lower the security standards and permit plaintext authentication mechanisms:
diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index 3a6e49ab2..4896b1f11 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -45,10 +45,11 @@ BOUNCE(8) BOUNCE(8) STANDARDS RFC 822 (ARPA Internet Text Messages) RFC 2045 (Format of Internet Message Bodies) - RFC 2822 (ARPA Internet Text Messages) + RFC 2822 (Internet Message Format) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) RFC 3834 (Auto-Submitted: message header) + RFC 5322 (Internet Message Format) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/defer.8.html b/postfix/html/defer.8.html index 3a6e49ab2..4896b1f11 100644 --- a/postfix/html/defer.8.html +++ b/postfix/html/defer.8.html @@ -45,10 +45,11 @@ BOUNCE(8) BOUNCE(8) STANDARDS RFC 822 (ARPA Internet Text Messages) RFC 2045 (Format of Internet Message Bodies) - RFC 2822 (ARPA Internet Text Messages) + RFC 2822 (Internet Message Format) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) RFC 3834 (Auto-Submitted: message header) + RFC 5322 (Internet Message Format) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index bcc7eca5d..bf10f6f58 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -274,19 +274,18 @@ This feature is available in Postfix 2.1 and later.How many times to query the verify(8) service for the completion of an address verification request in progress.
--The Postfix SMTP server polls the verify(8) service up to three -times under non-overload conditions, and only once when under -overload. With Postfix version 2.6 and earlier, the SMTP server -always polls the verify(8) service up to three times. -
+By default, the Postfix SMTP server polls the verify(8) service +up to three times under non-overload conditions, and only once when +under overload. With Postfix version 2.6 and earlier, the SMTP +server always polls the verify(8) service up to three times by +default.
Specify 1 to implement a crude form of greylisting, that is, always @@ -294,10 +293,13 @@ defer the first delivery request for a new address.
-Example: +Examples:
+# Postfix ≤ 2.6 default +address_verify_poll_count = 3 +# Poor man's greylisting address_verify_poll_count = 1diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 746389669..1e08cc9bc 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -345,7 +345,7 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.1 and 2.2: - smtpd_sasl_application_name (smtpd) + smtpd_sasl_application_name (smtpd) The application name that the Postfix SMTP server uses for SASL server initialization. @@ -992,7 +992,7 @@ SMTPD(8) SMTPD(8) and operate the Postfix sender/recipient address verifica- tion service. - address_verify_poll_count (see 'postconf -d' output) + address_verify_poll_count (${stress?1}${stress:3}) How many times to query the verify(8) service for the completion of an address verification request in progress. diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index 3a6e49ab2..4896b1f11 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -45,10 +45,11 @@ BOUNCE(8) BOUNCE(8) STANDARDS RFC 822 (ARPA Internet Text Messages) RFC 2045 (Format of Internet Message Bodies) - RFC 2822 (ARPA Internet Text Messages) + RFC 2822 (Internet Message Format) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) RFC 3834 (Auto-Submitted: message header) + RFC 5322 (Internet Message Format) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d43365561..811b82f92 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -157,23 +157,27 @@ be refreshed. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.1 and later. -.SH address_verify_poll_count (default: see "postconf -d" output) +.SH address_verify_poll_count (default: ${stress?1}${stress:3}) How many times to query the \fBverify\fR(8) service for the completion of an address verification request in progress. .PP -The Postfix SMTP server polls the \fBverify\fR(8) service up to three -times under non-overload conditions, and only once when under -overload. With Postfix version 2.6 and earlier, the SMTP server -always polls the \fBverify\fR(8) service up to three times. +By default, the Postfix SMTP server polls the \fBverify\fR(8) service +up to three times under non-overload conditions, and only once when +under overload. With Postfix version 2.6 and earlier, the SMTP +server always polls the \fBverify\fR(8) service up to three times by +default. .PP Specify 1 to implement a crude form of greylisting, that is, always defer the first delivery request for a new address. .PP -Example: +Examples: .PP .nf .na .ft C +# Postfix <= 2.6 default +address_verify_poll_count = 3 +# Poor man's greylisting address_verify_poll_count = 1 .fi .ad diff --git a/postfix/man/man8/bounce.8 b/postfix/man/man8/bounce.8 index 4c1489f55..41f5183d4 100644 --- a/postfix/man/man8/bounce.8 +++ b/postfix/man/man8/bounce.8 @@ -43,10 +43,11 @@ themselves, and that depend on retry logic in their own client. .nf RFC 822 (ARPA Internet Text Messages) RFC 2045 (Format of Internet Message Bodies) -RFC 2822 (ARPA Internet Text Messages) +RFC 2822 (Internet Message Format) RFC 3462 (Delivery Status Notifications) RFC 3464 (Delivery Status Notifications) RFC 3834 (Auto-Submitted: message header) +RFC 5322 (Internet Message Format) .SH DIAGNOSTICS .ad .fi diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 9c812e944..ec5ba6abc 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -384,8 +384,8 @@ File with the Postfix SMTP server RSA private key in PEM format. .IP "\fBsmtpd_tls_loglevel (0)\fR" Enable additional Postfix SMTP server logging of TLS activity. .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR" -The minimum TLS cipher grade that the Postfix SMTP server -will use with mandatory TLS encryption. +The minimum TLS cipher grade that the Postfix SMTP server will +use with mandatory TLS encryption. .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR" Additional list of ciphers or cipher types to exclude from the SMTP server cipher list at mandatory TLS security levels. @@ -794,7 +794,7 @@ verification probes is maintained by the \fBverify\fR(8) server. See the file ADDRESS_VERIFICATION_README for information about how to configure and operate the Postfix sender/recipient address verification service. -.IP "\fBaddress_verify_poll_count (see 'postconf -d' output)\fR" +.IP "\fBaddress_verify_poll_count (${stress?1}${stress:3})\fR" How many times to query the \fBverify\fR(8) service for the completion of an address verification request in progress. .IP "\fBaddress_verify_poll_delay (3s)\fR" diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html index 94612cc16..b3796f3d0 100644 --- a/postfix/proto/ADDRESS_REWRITING_README.html +++ b/postfix/proto/ADDRESS_REWRITING_README.html @@ -602,7 +602,7 @@ in the master.cf file. This feature is available in Postfix version
/etc/postfix/master.cf:
- :10026 inet n - n - - smtpd
+ 127.0.0.1:10026 inet n - n - - smtpd
-o receive_override_options=no_address_mappings
@@ -701,7 +701,7 @@ Postfix version 2.1 and later.
/etc/postfix/master.cf:
- :10026 inet n - n - - smtpd
+ 127.0.0.1:10026 inet n - n - - smtpd
-o receive_override_options=no_address_mappings
@@ -751,7 +751,7 @@ is available in Postfix version 2.1 and later.
/etc/postfix/master.cf:
- :10026 inet n - n - - smtpd
+ 127.0.0.1:10026 inet n - n - - smtpd
-o receive_override_options=no_address_mappings
@@ -810,7 +810,7 @@ in the master.cf file. This feature is available in Postfix version
/etc/postfix/master.cf:
- :10026 inet n - n - - smtpd
+ 127.0.0.1:10026 inet n - n - - smtpd
-o receive_override_options=no_address_mappings
diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html
index b9ffa3a52..5e5f03bec 100644
--- a/postfix/proto/DATABASE_README.html
+++ b/postfix/proto/DATABASE_README.html
@@ -370,7 +370,7 @@ example, the lookup table "static:foobar" always returns the string
described in tcp_table(5). The lookup table name is "tcp:host:port"
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
-number. This protocol is not available in the stable Postfix release.
+number.
Sometimes an SMTP client needs "same network" privileges when -it connects from elsewhere. To address this problem, Postfix +
SMTP clients outside the SMTP server's network need a different +way to get "same network" privileges. To address this need, Postfix supports SASL authentication (RFC 4954, formerly RFC 2554). With this a remote SMTP client can authenticate to the Postfix SMTP server, and the Postfix SMTP client can authenticate to a remote @@ -176,10 +176,10 @@ later.
Dovecot is a POP/IMAP server that must be configured to +
Dovecot is a POP/IMAP server that has its own configuration to authenticate POP/IMAP clients. When the Postfix SMTP server uses -Dovecot SASL, it also reuses this configuration. Consult the Dovecot documentation for how +Dovecot SASL, it reuses parts of this configuration. Consult the +Dovecot documentation for how to configure and operate the Dovecot authentication server.
/var/spool/postfix/private/auth, and
lines 11-13 limit read+write permissions to user and group
postfix only.
-Proceed with the section "Enabling SASL authentication and -authorization in the Postfix SMTP server" to turn on and use -SASL in the Postfix SMTP server.
+Proceed with the section "Enabling +SASL authentication and authorization in the Postfix SMTP server" +to turn on and use SASL in the Postfix SMTP server.
The Cyrus SASL framework was supports a wide variety of -applications. Different applications may require different +
The Cyrus SASL framework supports a wide variety of applications +(POP, IMAP, SMTP, etc.). Different applications may require different configurations. As a consequence each application may have its own configuration file.
@@ -438,9 +436,9 @@ by an additional security layer such as a TLS-encrypted SMTP session Additionally the saslauthd server itself must be
configured. It must be told which authentication backend to turn
-to for password verification. The backend is choosen as a command
-line option when saslauthd is started and will be shown
-in the following examples.
saslauthd command-line option and will be shown in the
+following examples.
@@ -561,14 +559,15 @@ when authentication is successful:Sometimes the
+distributed withtestsaslauthdprogram is not distributed with a the Cyrus SASL main package. In that case, it may be -distributed with -devel, -dev or -debug packages.-devel,-devor +-debugpackages.
Specify an additional "-s smtp" if saslauthd
-was configured to contact the PAM authentication framework and an
-additional "-f /path/to/socketdir/mux" if
-saslauthd establishes the UNIX-domain socket in a
+was configured to contact the PAM authentication framework, and
+specify an additional "-f /path/to/socketdir/mux"
+if saslauthd establishes the UNIX-domain socket in a
non-default location.
If authentication succeeds, proceed with the section "
Accounts are stored stored in a Cyrus SASL Berkeley DB
-database Accounts are stored in a SQL database Accounts are stored stored in an LDAP database
-
@@ -718,12 +715,13 @@ stored as plaintext.
+
-
-Plugin Description
-sasldb Accounts
+are stored stored in a Cyrus SASL Berkeley DB database
-sql Accounts are
+stored in a SQL database
-ldapdb Accounts
+are stored stored in an LDAP database
If you must store encrypted passwords, see section "Using saslauthd with PAM", and configure
-PAM to look up the encrypted passwords with, for example, the
-pam_mysql module. You will not be able to use any of
-the methods that require access to plaintext passwords, such as the
-shared-secret methods CRAM-MD5 and DIGEST-MD5.
If you must store encrypted passwords, you cannot use the sql
+auxprop plugin. Instead, see section "Using
+saslauthd with PAM", and configure PAM to look up the encrypted
+passwords with, for example, the pam_mysql module.
+You will not be able to use any of the methods that require access
+to plaintext passwords, such as the shared-secret methods CRAM-MD5
+and DIGEST-MD5.
If you must store encrypted passwords, you can use "saslauthd
--a ldap" to query the LDAP database directly, with appropriate
-configuration in saslauthd.conf. This may be documented
-in a later version of this document. You will not be able to use
-any of the methods that require access to plaintext passwords, such
-as the shared-secret methods CRAM-MD5 and DIGEST-MD5.
If you must store encrypted passwords, you cannot use the ldapdb
+auxprop plugin. Instead, you can use "saslauthd -a ldap"
+to query the LDAP database directly, with appropriate configuration
+in saslauthd.conf. This may be documented in a later
+version of this document. You will not be able to use any of the
+methods that require access to plaintext passwords, such as the
+shared-secret methods CRAM-MD5 and DIGEST-MD5.
Regardless of the SASL implementation type, enabling SMTP
-authentication in the Postfix SMTP server always requires seting
+authentication in the Postfix SMTP server always requires setting
the smtpd_sasl_auth_enable option:
@@ -1775,10 +1774,11 @@ mechanism):-
This default policy leads to authentication failures if the -remote server only offers plaintext authentication mechanisms. In -such cases the SMTP client will log the following error message: -
+ This default policy, which allows no plaintext passwords, leads
+to authentication failures if the remote server only offers plaintext
+authentication mechanisms (the SMTP server announces "AUTH
+PLAIN LOGIN"). In such cases the SMTP client will log the
+following error message:
+@@ -1786,6 +1786,16 @@ SASL authentication failure: No worthy mechs found
+ +Note + ++This same error message will also be logged when the +
+ +libplain.soorliblogin.somodules are +not installed in the/usr/lib/sasl2directory.
The less secure approach is to lower the security standards and permit plaintext authentication mechanisms:
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index e4fcd4853..10677e9d1 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -301,19 +301,18 @@ seconds.This feature is available in Postfix 2.7.
-%PARAM address_verify_poll_count see "postconf -d" output +%PARAM address_verify_poll_count ${stress?1}${stress:3}How many times to query the verify(8) service for the completion of an address verification request in progress.
--The Postfix SMTP server polls the verify(8) service up to three -times under non-overload conditions, and only once when under -overload. With Postfix version 2.6 and earlier, the SMTP server -always polls the verify(8) service up to three times. -
+By default, the Postfix SMTP server polls the verify(8) service +up to three times under non-overload conditions, and only once when +under overload. With Postfix version 2.6 and earlier, the SMTP +server always polls the verify(8) service up to three times by +default.
Specify 1 to implement a crude form of greylisting, that is, always @@ -321,10 +320,13 @@ defer the first delivery request for a new address.
-Example: +Examples:
+# Postfix ≤ 2.6 default +address_verify_poll_count = 3 +# Poor man's greylisting address_verify_poll_count = 1diff --git a/postfix/src/bounce/bounce.c b/postfix/src/bounce/bounce.c index 81d09942f..3c52e7aea 100644 --- a/postfix/src/bounce/bounce.c +++ b/postfix/src/bounce/bounce.c @@ -35,10 +35,11 @@ /* STANDARDS /* RFC 822 (ARPA Internet Text Messages) /* RFC 2045 (Format of Internet Message Bodies) -/* RFC 2822 (ARPA Internet Text Messages) +/* RFC 2822 (Internet Message Format) /* RFC 3462 (Delivery Status Notifications) /* RFC 3464 (Delivery Status Notifications) /* RFC 3834 (Auto-Submitted: message header) +/* RFC 5322 (Internet Message Format) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* CONFIGURATION PARAMETERS diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ff112740f..c2e976e10 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20100208" +#define MAIL_RELEASE_DATE "20100213" #define MAIL_VERSION_NUMBER "2.8" #ifdef SNAPSHOT diff --git a/postfix/src/local/bounce_workaround.c b/postfix/src/local/bounce_workaround.c index b09df7d41..13af3434e 100644 --- a/postfix/src/local/bounce_workaround.c +++ b/postfix/src/local/bounce_workaround.c @@ -19,14 +19,15 @@ /* /* Sender address override is a problem only when delivering /* to command or file, or when breaking a Delivered-To loop. -/* The local(8) delivery agent saves other recipients to a new -/* queue file, together with the replacement envelope sender -/* address; delivery then proceeds from that new queue file. +/* The local(8) delivery agent saves normal recipients to a +/* new queue file, together with the replacement envelope +/* sender address; delivery then proceeds from that new queue +/* file, and no workaround is needed. /* /* The workaround sends one non-delivery notification for each /* failed delivery that has a replacement sender address. The /* notifications are not aggregated, unlike notifications to -/* non-replaced sender addresses). In practice, a local alias +/* non-replaced sender addresses. In practice, a local alias /* rarely has more than one file or command destination (if /* only because soft error handling is problematic). /* diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index abec2da99..307cdd406 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -352,8 +352,8 @@ /* .IP "\fBsmtpd_tls_loglevel (0)\fR" /* Enable additional Postfix SMTP server logging of TLS activity. /* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR" -/* The minimum TLS cipher grade that the Postfix SMTP server -/* will use with mandatory TLS encryption. +/* The minimum TLS cipher grade that the Postfix SMTP server will +/* use with mandatory TLS encryption. /* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR" /* Additional list of ciphers or cipher types to exclude from the /* SMTP server cipher list at mandatory TLS security levels. @@ -744,7 +744,7 @@ /* See the file ADDRESS_VERIFICATION_README for information /* about how to configure and operate the Postfix sender/recipient /* address verification service. -/* .IP "\fBaddress_verify_poll_count (see 'postconf -d' output)\fR" +/* .IP "\fBaddress_verify_poll_count (${stress?1}${stress:3})\fR" /* How many times to query the \fBverify\fR(8) service for the completion /* of an address verification request in progress. /* .IP "\fBaddress_verify_poll_delay (3s)\fR" diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index 04df52b65..b807bc2b0 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -223,9 +223,7 @@ static const DICT_OPEN_INFO dict_open_info[] = { DICT_TYPE_ENVIRON, dict_env_open, DICT_TYPE_HT, dict_ht_open, DICT_TYPE_UNIX, dict_unix_open, -#ifdef SNAPSHOT DICT_TYPE_TCP, dict_tcp_open, -#endif #ifdef HAS_SDBM DICT_TYPE_SDBM, dict_sdbm_open, #endif