From 8d4f8c5d807f1b1a9b75eecaab83895d36f4f40a Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Sat, 2 Jan 2010 00:00:00 -0500
Subject: [PATCH] postfix-2.7-20100102

---
 postfix/HISTORY                               |  6 ++
 .../README_FILES/ADDRESS_VERIFICATION_README  | 68 +++++++++--------
 postfix/html/ADDRESS_VERIFICATION_README.html | 76 ++++++++++---------
 postfix/html/postconf.5.html                  | 27 +++----
 postfix/html/verify.8.html                    |  6 +-
 postfix/html/virtual.8.html                   | 43 ++++++-----
 postfix/man/man5/postconf.5                   | 27 +++----
 postfix/man/man8/verify.8                     |  4 +-
 postfix/man/man8/virtual.8                    |  4 +-
 .../proto/ADDRESS_VERIFICATION_README.html    | 76 ++++++++++---------
 postfix/proto/postconf.proto                  | 29 +++----
 postfix/src/global/mail_version.h             |  2 +-
 postfix/src/util/Makefile.in                  |  6 ++
 postfix/src/util/dict_db.c                    | 13 +++-
 postfix/src/util/dict_open.c                  | 15 +++-
 postfix/src/util/dict_seq.in                  | 11 +++
 postfix/src/util/dict_seq.ref                 | 22 ++++++
 postfix/src/verify/verify.c                   |  4 +-
 postfix/src/virtual/virtual.c                 |  4 +-
 19 files changed, 258 insertions(+), 185 deletions(-)
 create mode 100644 postfix/src/util/dict_seq.in
 create mode 100644 postfix/src/util/dict_seq.ref

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 7e074741d..f2c8f7bc2 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -15615,3 +15615,9 @@ Apologies for any names omitted.
 	Bugfix: the mantools/postlink script applied hyperlinks
 	for the "virtual:" transport to "/etc/postfix/virtual:".
 	Symptom reported by Christoph Anton Mitterer.
+
+20200102
+
+	Workaround: don't report bogus Berkeley DB close errors as
+	fatal errors. All operations before close are already error
+	checked, so the data is known to be safe.  File: util/dict_db.c.
diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README
index 08d717242..3251de38e 100644
--- a/postfix/README_FILES/ADDRESS_VERIFICATION_README
+++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README
@@ -261,54 +261,56 @@ probe fails with some temporary error.
 
 AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
 
-NOTE: By default, address verification information is not stored in a
-persistent file. You have to specify one in main.cf (see below). Persistent
-storage is off by default because it may need more disk space than is available
-in your file system.
-
-Address verification information is cached by the Postfix verify daemon.
-Postfix has a bunch of parameters that control the caching of positive and
-negative results. Refer to the verify(8) manual page for details.
-
-The address_verify_map (NOTE: singular) configuration parameter specifies an
-optional database for sender or recipient address verification results. If you
-don't specify a file, all address verification information is lost after
-"postfix reload" or "postfix stop".
-
-If your /var file system has sufficient space, try:
+To improve performance, the Postfix verify(8) daemon can save address
+verification results to a persistent database. The address_verify_map (NOTE:
+singular) configuration parameter specifies persistent storage for sender or
+recipient address verification results. If you specify an empty value, all
+address verification results are lost after "postfix reload" or "postfix stop".
 
     /etc/postfix/main.cf:
+        # Default setting for Postfix 2.7 and later.
         # Note: avoid hash files here. Use btree instead.
-        address_verify_map = btree:/var/lib/postfix/verify
+        address_verify_map = btree:$data_directory/verify_cache
 
-NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening
-this file. The file should now be stored under the Postfix-owned
-data_directory. As a migration aid, an attempt to open the file under a non-
-Postfix directory is redirected to the Postfix-owned data_directory, and a
-warning is logged. If you wish to continue using a pre-existing database file,
-move it to the data_directory, and change ownership to the account specified
-with the mail_owner parameter.
+        # Default setting for Postfix 2.6 and earlier.
+        # This uses non-persistent storage only.
+        address_verify_map =
+
+NOTE 1: The database file should be stored under a Postfix-owned directory,
+such as $data_directory.
+
+    As of version 2.5, Postfix no longer uses root privileges when opening this
+    file. To maintain backwards compatibility, an attempt to open the file
+    under a non-Postfix directory is redirected to the Postfix-owned
+    data_directory, and a warning is logged. If you wish to continue using a
+    pre-existing database file, change its file ownership to the account
+    specified with the mail_owner parameter, and either move the file to the
+    data_directory, or move it to some other Postfix-owned directory.
 
 NOTE 2: Do not put this file in a file system that may run out of space. When
 the address verification table gets corrupted the world comes to an end and YOU
 will have to MANUALLY fix things as described in the next section. Meanwhile,
 you will not receive mail via SMTP.
 
-NOTE 3: The verify(8) daemon process will create a new database when none
-exists, and will open/create the file before it enters the chroot jail.
+NOTE 3: The verify(8) daemon will create a new database when none exists. It
+will open or create the file before entering the chroot jail.
 
 MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
 
-The verify(8) manual page describes parameters that control how long
-information remains cached before it needs to be refreshed, and how long
-information can remain "unrefreshed" before it expires. Postfix uses different
+The verify(8) manual page describes parameters that control how long address
+verification results are cached before they need to be refreshed, and how long
+results can remain "unrefreshed" before they expire. Postfix uses different
 controls for positive results (address was accepted) and for negative results
-(address was rejected).
+(address was rejected, or address verification failed for some other reason).
 
-Right now, no tools are provided to manage the address verification database.
-If the file gets too big, or if it gets corrupted, you can manually rename or
-delete the file and run "postfix reload". The new verify daemon process will
-then create a new database.
+Current Postfix versions will periodically remove expired entries from the
+address verification database. With Postfix version 2.6 and earlier, database
+cleanup had to be done as described next.
+
+If the address verification database file becomes too big, or if it becomes
+corrupted, the solution is to manually rename or delete (NOT: truncate) the
+file and run "postfix reload". The verify(8) daemon will then create a new
+database file.
 
 CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess
 
diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html
index 98132aa2f..3e92d10ce 100644
--- a/postfix/html/ADDRESS_VERIFICATION_README.html
+++ b/postfix/html/ADDRESS_VERIFICATION_README.html
@@ -402,40 +402,37 @@ sender address verification probe fails with some temporary error.
 
 <h2><a name="caching">Address verification database</a></h2>
 
-<p> NOTE: By default, address verification information is not stored
-in a persistent file. You have to specify one in <a href="postconf.5.html">main.cf</a> (see
-below). Persistent storage is off by default because it may need
-more disk space than is available in your file system. </p>
-
-<p> Address verification information is cached by the Postfix verify
-daemon.  Postfix has a bunch of parameters that control the caching
-of positive and negative results. Refer to the <a href="verify.8.html">verify(8)</a> manual
-page for details. </p>
-
-<p> The <a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter
-specifies an optional database for sender or recipient address
-verification results.  If you don't specify a file, all address
-verification information is lost after "postfix reload" or "postfix
-stop". </p>
-
-<p> If your /var file system has sufficient space, try: </p>
+<p> To improve performance, the Postfix <a href="verify.8.html">verify(8)</a> daemon can save
+address verification results to a persistent database.  The
+<a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter specifies
+persistent storage for sender or recipient address verification
+results.  If you specify an empty value, all address verification
+results are lost after "postfix reload" or "postfix stop". </p>
 
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    # Default setting for Postfix 2.7 and later.
     # Note: avoid hash files here. Use btree instead.
-    <a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/lib/postfix/verify
+    <a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+
+    # Default setting for Postfix 2.6 and earlier.
+    # This uses non-persistent storage only.
+    <a href="postconf.5.html#address_verify_map">address_verify_map</a> =
 </pre>
 </blockquote>
 
-<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
-when opening this file. The file should now be stored under the
-Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
-open the file under a non-Postfix directory is redirected to the
-Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish
-to continue using a pre-existing database file, move it to the
-<a href="postconf.5.html#data_directory">data_directory</a>, and change ownership to the account specified with
-the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter.  </p>
+<p> NOTE 1: The database file should be stored under a Postfix-owned
+directory, such as $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
+
+<blockquote> As of version 2.5, Postfix no longer uses root privileges
+when opening this file. To maintain backwards compatibility, an
+attempt to open the file under a non-Postfix directory is redirected
+to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If
+you wish to continue using a pre-existing database file, change its
+file ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter,
+and either move the file to the <a href="postconf.5.html#data_directory">data_directory</a>, or move it to some
+other Postfix-owned directory.  </blockquote>
 
 <p> NOTE 2: Do not put this file in a file system that may run out
 of space.  When the address verification table gets corrupted the
@@ -443,23 +440,28 @@ world comes to an end and YOU will have to MANUALLY fix things as
 described in the next section. Meanwhile, you will not receive mail
 via SMTP. </p>
 
-<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon process will create a new database when
-none exists, and will open/create the file before it enters the
+<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon will create a new database when
+none exists. It will open or create the file before entering the
 chroot jail. </p>
 
 <h2><a name="dirty_secret">Managing the address verification
 database</a></h2>
 
-<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control
-how long information remains cached before it needs to be refreshed,
-and how long information can remain "unrefreshed" before it expires.
-Postfix uses different controls for positive results (address was
-accepted) and for negative results (address was rejected). </p>
+<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control how
+long address verification results are cached before they need to
+be refreshed, and how long results can remain "unrefreshed" before
+they expire.  Postfix uses different controls for positive results
+(address was accepted) and for negative results (address was rejected,
+or address verification failed for some other reason). </p>
 
-<p> Right now, no tools are provided to manage the address verification
-database. If the file gets too big, or if it gets corrupted, you
-can manually rename or delete the file and run "postfix reload".
-The new verify daemon process will then create a new database. </p>
+<p> Current Postfix versions will periodically remove expired entries
+from the address verification database. With Postfix version 2.6
+and earlier, database cleanup had to be done as described next. </p>
+
+<p> If the address verification database file becomes too big, or
+if it becomes corrupted, the solution is to manually rename or
+delete (NOT: truncate) the file and run "postfix reload".  The
+<a href="verify.8.html">verify(8)</a> daemon will then create a new database file.  </p>
 
 <h2><a name="probe_routing">Controlling the routing of address
 verification probes</a></h2>
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 9bae584ca..955936e00 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -124,11 +124,10 @@ Do not change this unless you have a complete understanding of <a href="http://t
 <DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a>
 (default: 12h)</b></DT><DD>
 
-<p> The amount of time between <a href="verify.8.html">verify(8)</a> cache cleanup runs.  Cache
-cleanup increases the load on the cache database and should therefore
-not be run frequently. This feature requires that the cache database
+<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification
+database cleanup runs. This feature requires that the database
 supports the "delete" and "sequence" operators.  Specify a zero
-interval to disable cache cleanup. </p>
+interval to disable database cleanup. </p>
 
 <p> Time units: s (seconds), m (minutes), h (hours), d (days), w
 (weeks). </p>
@@ -169,30 +168,32 @@ This feature is available in Postfix 2.1 and later.
 </DD>
 
 <DT><b><a name="address_verify_map">address_verify_map</a>
-(default: empty)</b></DT><DD>
+(default: see "postconf -d" output)</b></DT><DD>
 
 <p>
-Optional lookup table for persistent address verification status
+Lookup table for persistent address verification status
 storage.  The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and
 is opened before the process releases privileges.
 </p>
 
 <p>
-By default, the information is kept in volatile memory, and is lost
-after "<b>postfix reload</b>" or "<b>postfix stop</b>".
+The lookup table is persistent by default as of Postfix version
+2.7. Specify an empty table name to keep the information in volatile
+memory which is lost after "<b>postfix reload</b>" or "<b>postfix
+stop</b>" (this is default with earlier Postfix versions).
 </p>
 
 <p>
 Specify a location in a file system that will not fill up. If the
 database becomes corrupted, the world comes to an end. To recover
-delete the file and do "<b>postfix reload</b>".
+delete (NOT: truncate) the file and do "<b>postfix reload</b>".
 </p>
 
 <p> As of version 2.5, Postfix no longer uses root privileges when
-opening this file. The file should now be stored under the Postfix-owned
-<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
-under a non-Postfix directory is redirected to the Postfix-owned
-<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+opening this file. The file must now be stored under a Postfix-owned
+directory such as the <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt
+to open the file under a non-Postfix directory is redirected to the
+Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
 
 <p>
 Examples:
diff --git a/postfix/html/verify.8.html b/postfix/html/verify.8.html
index 7143c1cb0..60df931ee 100644
--- a/postfix/html/verify.8.html
+++ b/postfix/html/verify.8.html
@@ -86,9 +86,9 @@ VERIFY(8)                                                            VERIFY(8)
        <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
 
 <b>CACHE CONTROLS</b>
-       <b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (empty)</b>
-              Optional  lookup table for persistent address veri-
-              fication status storage.
+       <b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b>
+              Lookup  table  for  persistent address verification
+              status storage.
 
        <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
               The sender address to use in  address  verification
diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html
index 5064d787e..bff378fd7 100644
--- a/postfix/html/virtual.8.html
+++ b/postfix/html/virtual.8.html
@@ -236,21 +236,22 @@ VIRTUAL(8)                                                          VIRTUAL(8)
               the virtual message delivery transport.
 
        <b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
-              The maximal size in bytes of an individual  mailbox
-              or maildir file, or zero (no limit).
+              The maximal size in bytes  of  an  individual  <a href="virtual.8.html"><b>vir-</b></a>
+              <a href="virtual.8.html"><b>tual</b>(8)</a>  mailbox  or  maildir  file,  or  zero  (no
+              limit).
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
+              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
               point when logging sub-second delay values.
 
        <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -258,33 +259,33 @@ VIRTUAL(8)                                                          VIRTUAL(8)
               over an internal communication channel.
 
        <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits  for  an incoming connection
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits  for  an  incoming  connection
               before terminating voluntarily.
 
        <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
-              The maximal number of incoming connections  that  a
-              Postfix  daemon  process will service before termi-
+              The  maximal  number of incoming connections that a
+              Postfix daemon process will service  before  termi-
               nating voluntarily.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The location of the Postfix top-level queue  direc-
+              The  location of the Postfix top-level queue direc-
               tory.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>SEE ALSO</b>
@@ -297,20 +298,20 @@ VIRTUAL(8)                                                          VIRTUAL(8)
        <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>HISTORY</b>
-       This delivery agent was originally based  on  the  Postfix
-       local  delivery  agent.  Modifications mainly consisted of
-       removing code that either was not applicable or  that  was
-       not  safe  in this context: aliases, ~user/.forward files,
+       This  delivery  agent  was originally based on the Postfix
+       local delivery agent. Modifications  mainly  consisted  of
+       removing  code  that either was not applicable or that was
+       not safe in this context: aliases,  ~user/.forward  files,
        delivery to "|command" or to /file/name.
 
        The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
        tem by Daniel Bernstein.
 
-       The  <b>maildir</b>  structure  appears  in  the  <b>qmail</b> system by
+       The <b>maildir</b> structure  appears  in  the  <b>qmail</b>  system  by
        Daniel Bernstein.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 7e5f62d27..d58f43a00 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -78,11 +78,10 @@ an \fBaccess\fR(5) map "reject" action.
 .PP
 Do not change this unless you have a complete understanding of RFC 2821.
 .SH address_verify_cache_cleanup_interval (default: 12h)
-The amount of time between \fBverify\fR(8) cache cleanup runs.  Cache
-cleanup increases the load on the cache database and should therefore
-not be run frequently. This feature requires that the cache database
+The amount of time between \fBverify\fR(8) address verification
+database cleanup runs. This feature requires that the database
 supports the "delete" and "sequence" operators.  Specify a zero
-interval to disable cache cleanup.
+interval to disable database cleanup.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w
 (weeks).
@@ -98,23 +97,25 @@ Overrides the local_transport parameter setting for address
 verification probes.
 .PP
 This feature is available in Postfix 2.1 and later.
-.SH address_verify_map (default: empty)
-Optional lookup table for persistent address verification status
+.SH address_verify_map (default: see "postconf -d" output)
+Lookup table for persistent address verification status
 storage.  The table is maintained by the \fBverify\fR(8) service, and
 is opened before the process releases privileges.
 .PP
-By default, the information is kept in volatile memory, and is lost
-after "\fBpostfix reload\fR" or "\fBpostfix stop\fR".
+The lookup table is persistent by default as of Postfix version
+2.7. Specify an empty table name to keep the information in volatile
+memory which is lost after "\fBpostfix reload\fR" or "\fBpostfix
+stop\fR" (this is default with earlier Postfix versions).
 .PP
 Specify a location in a file system that will not fill up. If the
 database becomes corrupted, the world comes to an end. To recover
-delete the file and do "\fBpostfix reload\fR".
+delete (NOT: truncate) the file and do "\fBpostfix reload\fR".
 .PP
 As of version 2.5, Postfix no longer uses root privileges when
-opening this file. The file should now be stored under the Postfix-owned
-data_directory. As a migration aid, an attempt to open the file
-under a non-Postfix directory is redirected to the Postfix-owned
-data_directory, and a warning is logged.
+opening this file. The file must now be stored under a Postfix-owned
+directory such as the data_directory. As a migration aid, an attempt
+to open the file under a non-Postfix directory is redirected to the
+Postfix-owned data_directory, and a warning is logged.
 .PP
 Examples:
 .PP
diff --git a/postfix/man/man8/verify.8 b/postfix/man/man8/verify.8
index a73d8a6b6..e7d0b96e1 100644
--- a/postfix/man/man8/verify.8
+++ b/postfix/man/man8/verify.8
@@ -93,8 +93,8 @@ The text below provides only a parameter summary. See
 .nf
 .ad
 .fi
-.IP "\fBaddress_verify_map (empty)\fR"
-Optional lookup table for persistent address verification status
+.IP "\fBaddress_verify_map (see 'postconf -d' output)\fR"
+Lookup table for persistent address verification status
 storage.
 .IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
 The sender address to use in address verification probes; prior
diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8
index b82beef4d..809474d9a 100644
--- a/postfix/man/man8/virtual.8
+++ b/postfix/man/man8/virtual.8
@@ -245,8 +245,8 @@ via the virtual message delivery transport.
 The maximal number of recipients per message for the virtual
 message delivery transport.
 .IP "\fBvirtual_mailbox_limit (51200000)\fR"
-The maximal size in bytes of an individual mailbox or maildir file,
-or zero (no limit).
+The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
+maildir file, or zero (no limit).
 .SH "MISCELLANEOUS CONTROLS"
 .na
 .nf
diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html
index 973e5095c..4f8d55e3a 100644
--- a/postfix/proto/ADDRESS_VERIFICATION_README.html
+++ b/postfix/proto/ADDRESS_VERIFICATION_README.html
@@ -402,40 +402,37 @@ sender address verification probe fails with some temporary error.
 
 <h2><a name="caching">Address verification database</a></h2>
 
-<p> NOTE: By default, address verification information is not stored
-in a persistent file. You have to specify one in main.cf (see
-below). Persistent storage is off by default because it may need
-more disk space than is available in your file system. </p>
-
-<p> Address verification information is cached by the Postfix verify
-daemon.  Postfix has a bunch of parameters that control the caching
-of positive and negative results. Refer to the verify(8) manual
-page for details. </p>
-
-<p> The address_verify_map (NOTE: singular) configuration parameter
-specifies an optional database for sender or recipient address
-verification results.  If you don't specify a file, all address
-verification information is lost after "postfix reload" or "postfix
-stop". </p>
-
-<p> If your /var file system has sufficient space, try: </p>
+<p> To improve performance, the Postfix verify(8) daemon can save
+address verification results to a persistent database.  The
+address_verify_map (NOTE: singular) configuration parameter specifies
+persistent storage for sender or recipient address verification
+results.  If you specify an empty value, all address verification
+results are lost after "postfix reload" or "postfix stop". </p>
 
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
+    # Default setting for Postfix 2.7 and later.
     # Note: avoid hash files here. Use btree instead.
-    address_verify_map = btree:/var/lib/postfix/verify
+    address_verify_map = btree:$data_directory/verify_cache
+
+    # Default setting for Postfix 2.6 and earlier.
+    # This uses non-persistent storage only.
+    address_verify_map =
 </pre>
 </blockquote>
 
-<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
-when opening this file. The file should now be stored under the
-Postfix-owned data_directory. As a migration aid, an attempt to
-open the file under a non-Postfix directory is redirected to the
-Postfix-owned data_directory, and a warning is logged. If you wish
-to continue using a pre-existing database file, move it to the
-data_directory, and change ownership to the account specified with
-the mail_owner parameter.  </p>
+<p> NOTE 1: The database file should be stored under a Postfix-owned
+directory, such as $data_directory. </p>
+
+<blockquote> As of version 2.5, Postfix no longer uses root privileges
+when opening this file. To maintain backwards compatibility, an
+attempt to open the file under a non-Postfix directory is redirected
+to the Postfix-owned data_directory, and a warning is logged. If
+you wish to continue using a pre-existing database file, change its
+file ownership to the account specified with the mail_owner parameter,
+and either move the file to the data_directory, or move it to some
+other Postfix-owned directory.  </blockquote>
 
 <p> NOTE 2: Do not put this file in a file system that may run out
 of space.  When the address verification table gets corrupted the
@@ -443,23 +440,28 @@ world comes to an end and YOU will have to MANUALLY fix things as
 described in the next section. Meanwhile, you will not receive mail
 via SMTP. </p>
 
-<p> NOTE 3: The verify(8) daemon process will create a new database when
-none exists, and will open/create the file before it enters the
+<p> NOTE 3: The verify(8) daemon will create a new database when
+none exists. It will open or create the file before entering the
 chroot jail. </p>
 
 <h2><a name="dirty_secret">Managing the address verification
 database</a></h2>
 
-<p> The verify(8) manual page describes parameters that control
-how long information remains cached before it needs to be refreshed,
-and how long information can remain "unrefreshed" before it expires.
-Postfix uses different controls for positive results (address was
-accepted) and for negative results (address was rejected). </p>
+<p> The verify(8) manual page describes parameters that control how
+long address verification results are cached before they need to
+be refreshed, and how long results can remain "unrefreshed" before
+they expire.  Postfix uses different controls for positive results
+(address was accepted) and for negative results (address was rejected,
+or address verification failed for some other reason). </p>
 
-<p> Right now, no tools are provided to manage the address verification
-database. If the file gets too big, or if it gets corrupted, you
-can manually rename or delete the file and run "postfix reload".
-The new verify daemon process will then create a new database. </p>
+<p> Current Postfix versions will periodically remove expired entries
+from the address verification database. With Postfix version 2.6
+and earlier, database cleanup had to be done as described next. </p>
+
+<p> If the address verification database file becomes too big, or
+if it becomes corrupted, the solution is to manually rename or
+delete (NOT: truncate) the file and run "postfix reload".  The
+verify(8) daemon will then create a new database file.  </p>
 
 <h2><a name="probe_routing">Controlling the routing of address
 verification probes</a></h2>
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 46070e5d9..716fbc5c1 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -199,30 +199,32 @@ verification probes.
 This feature is available in Postfix 2.1 and later.
 </p>
 
-%PARAM address_verify_map
+%PARAM address_verify_map see "postconf -d" output
 
 <p>
-Optional lookup table for persistent address verification status
+Lookup table for persistent address verification status
 storage.  The table is maintained by the verify(8) service, and
 is opened before the process releases privileges.
 </p>
 
 <p>
-By default, the information is kept in volatile memory, and is lost
-after "<b>postfix reload</b>" or "<b>postfix stop</b>".
+The lookup table is persistent by default as of Postfix version
+2.7. Specify an empty table name to keep the information in volatile
+memory which is lost after "<b>postfix reload</b>" or "<b>postfix
+stop</b>" (this is default with earlier Postfix versions).
 </p>
 
 <p>
 Specify a location in a file system that will not fill up. If the
 database becomes corrupted, the world comes to an end. To recover
-delete the file and do "<b>postfix reload</b>".
+delete (NOT: truncate) the file and do "<b>postfix reload</b>".
 </p>
- 
+
 <p> As of version 2.5, Postfix no longer uses root privileges when
-opening this file. The file should now be stored under the Postfix-owned
-data_directory. As a migration aid, an attempt to open the file
-under a non-Postfix directory is redirected to the Postfix-owned
-data_directory, and a warning is logged. </p>
+opening this file. The file must now be stored under a Postfix-owned
+directory such as the data_directory. As a migration aid, an attempt
+to open the file under a non-Postfix directory is redirected to the
+Postfix-owned data_directory, and a warning is logged. </p>
 
 <p>
 Examples:
@@ -282,11 +284,10 @@ This feature is available in Postfix 2.1 and later.
 
 %PARAM address_verify_cache_cleanup_interval 12h
 
-<p> The amount of time between verify(8) cache cleanup runs.  Cache
-cleanup increases the load on the cache database and should therefore
-not be run frequently. This feature requires that the cache database
+<p> The amount of time between verify(8) address verification
+database cleanup runs. This feature requires that the database
 supports the "delete" and "sequence" operators.  Specify a zero
-interval to disable cache cleanup. </p>
+interval to disable database cleanup. </p>
 
 <p> Time units: s (seconds), m (minutes), h (hours), d (days), w
 (weeks). </p>
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index ef6c78c8c..5e5a8d5e2 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20100101"
+#define MAIL_RELEASE_DATE	"20100102"
 #define MAIL_VERSION_NUMBER	"2.7"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 4a8088840..653919c85 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -498,6 +498,12 @@ dict_cidr_test: dict_open dict_cidr.in dict_cidr.map dict_cidr.ref
 	diff dict_cidr.ref dict_cidr.tmp
 	rm -f dict_cidr.tmp
 
+dict_seq_test: dict_open testdb dict_seq.in dict_seq.ref
+	rm -f testdb.db testdb.dir testdb.pag
+	./dict_open hash:testdb create sync < dict_seq.in > dict_seq.tmp 2>&1
+	diff dict_seq.ref dict_seq.tmp
+	rm -f testdb.db testdb.dir testdb.pag dict_seq.tmp
+
 host_port_test: host_port host_port.in host_port.ref
 	./host_port <host_port.in >host_port.tmp 2>&1
 	diff host_port.ref host_port.tmp
diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c
index d58e3f459..e4b301d10 100644
--- a/postfix/src/util/dict_db.c
+++ b/postfix/src/util/dict_db.c
@@ -535,8 +535,19 @@ static void dict_db_close(DICT *dict)
 #endif
     if (DICT_DB_SYNC(dict_db->db, 0) < 0)
 	msg_fatal("flush database %s: %m", dict_db->dict.name);
+
+    /*
+     * With some Berkeley DB implementations, close fails with a bogus ENOENT
+     * error, while it reports no errors with put+sync, no errors with
+     * del+sync, and no errors with the sync operation just before this
+     * comment. This happens in programs that never fork and that never share
+     * the database with other processes. The bogus close error has been
+     * reported for programs that use the first/next iterator. Instead of
+     * making Postfix look bad because it reports errors that other programs
+     * ignore, I'm going to report the bogus error as a non-error.
+     */
     if (DICT_DB_CLOSE(dict_db->db) < 0)
-	msg_fatal("close database %s: %m", dict_db->dict.name);
+	msg_info("close database %s: %m", dict_db->dict.name);
     if (dict_db->key_buf)
 	vstring_free(dict_db->key_buf);
     if (dict_db->val_buf)
diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c
index 700eaee35..04df52b65 100644
--- a/postfix/src/util/dict_open.c
+++ b/postfix/src/util/dict_open.c
@@ -387,7 +387,7 @@ ARGV   *dict_mapnames()
 
 static NORETURN usage(char *myname)
 {
-    msg_fatal("usage: %s type:file read|write|create [fold]", myname);
+    msg_fatal("usage: %s type:file read|write|create [fold] [sync]", myname);
 }
 
 int     main(int argc, char **argv)
@@ -403,6 +403,7 @@ int     main(int argc, char **argv)
     const char *value;
     int     ch;
     int     dict_flags = DICT_FLAG_LOCK | DICT_FLAG_DUP_REPLACE;
+    int     n;
 
     signal(SIGPIPE, SIG_IGN);
 
@@ -417,7 +418,7 @@ int     main(int argc, char **argv)
 	}
     }
     optind = OPTIND;
-    if (argc - optind < 2 || argc - optind > 3)
+    if (argc - optind < 2)
 	usage(argv[0]);
     if (strcasecmp(argv[optind + 1], "create") == 0)
 	open_flags = O_CREAT | O_RDWR | O_TRUNC;
@@ -427,8 +428,14 @@ int     main(int argc, char **argv)
 	open_flags = O_RDONLY;
     else
 	msg_fatal("unknown access mode: %s", argv[2]);
-    if (argv[optind + 2] && strcasecmp(argv[optind + 2], "fold") == 0)
-	dict_flags |= DICT_FLAG_FOLD_ANY;
+    for (n = 2; argv[optind + n]; n++) {
+	if (strcasecmp(argv[optind + 2], "fold") == 0)
+	    dict_flags |= DICT_FLAG_FOLD_ANY;
+	else if (strcasecmp(argv[optind + 2], "sync") == 0)
+	    dict_flags |= DICT_FLAG_SYNC_UPDATE;
+	else
+	    usage(argv[0]);
+    }
     dict_name = argv[optind];
     dict = dict_open(dict_name, open_flags, dict_flags);
     dict_register(dict_name, dict);
diff --git a/postfix/src/util/dict_seq.in b/postfix/src/util/dict_seq.in
new file mode 100644
index 000000000..998e7c455
--- /dev/null
+++ b/postfix/src/util/dict_seq.in
@@ -0,0 +1,11 @@
+put 5 5
+put 3 3
+put 4 4
+put 1 1
+put 2 2
+first
+next
+next
+next
+next
+next
diff --git a/postfix/src/util/dict_seq.ref b/postfix/src/util/dict_seq.ref
new file mode 100644
index 000000000..ce7d74432
--- /dev/null
+++ b/postfix/src/util/dict_seq.ref
@@ -0,0 +1,22 @@
+> put 5 5
+5=5
+> put 3 3
+3=3
+> put 4 4
+4=4
+> put 1 1
+1=1
+> put 2 2
+2=2
+> first
+4=4
+> next
+2=2
+> next
+5=5
+> next
+3=3
+> next
+1=1
+> next
+not found
diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c
index 43be02e27..b716ca48e 100644
--- a/postfix/src/verify/verify.c
+++ b/postfix/src/verify/verify.c
@@ -77,8 +77,8 @@
 /* CACHE CONTROLS
 /* .ad
 /* .fi
-/* .IP "\fBaddress_verify_map (empty)\fR"
-/*	Optional lookup table for persistent address verification status
+/* .IP "\fBaddress_verify_map (see 'postconf -d' output)\fR"
+/*	Lookup table for persistent address verification status
 /*	storage.
 /* .IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
 /*	The sender address to use in address verification probes; prior
diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c
index 80d3bcf8c..599be61c9 100644
--- a/postfix/src/virtual/virtual.c
+++ b/postfix/src/virtual/virtual.c
@@ -211,8 +211,8 @@
 /*	The maximal number of recipients per message for the virtual
 /*	message delivery transport.
 /* .IP "\fBvirtual_mailbox_limit (51200000)\fR"
-/*	The maximal size in bytes of an individual mailbox or maildir file,
-/*	or zero (no limit).
+/*	The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
+/*	maildir file, or zero (no limit).
 /* MISCELLANEOUS CONTROLS
 /* .ad
 /* .fi