postfix-2.7-20100102

postfix/HISTORY

@@ -15615,3 +15615,9 @@ Apologies for any names omitted.
 	Bugfix: the mantools/postlink script applied hyperlinks
 	for the "virtual:" transport to "/etc/postfix/virtual:".
 	Symptom reported by Christoph Anton Mitterer.
+
+20200102
+
+	Workaround: don't report bogus Berkeley DB close errors as
+	fatal errors. All operations before close are already error
+	checked, so the data is known to be safe.  File: util/dict_db.c.

postfix/README_FILES/ADDRESS_VERIFICATION_README

@@ -261,54 +261,56 @@ probe fails with some temporary error.
 
 AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
 
-NOTE: By default, address verification information is not stored in a
+To improve performance, the Postfix verify(8) daemon can save address
-persistent file. You have to specify one in main.cf (see below). Persistent
+verification results to a persistent database. The address_verify_map (NOTE:
-storage is off by default because it may need more disk space than is available
+singular) configuration parameter specifies persistent storage for sender or
-in your file system.
+recipient address verification results. If you specify an empty value, all
-
+address verification results are lost after "postfix reload" or "postfix stop".
-Address verification information is cached by the Postfix verify daemon.
-Postfix has a bunch of parameters that control the caching of positive and
-negative results. Refer to the verify(8) manual page for details.
-
-The address_verify_map (NOTE: singular) configuration parameter specifies an
-optional database for sender or recipient address verification results. If you
-don't specify a file, all address verification information is lost after
-"postfix reload" or "postfix stop".
-
-If your /var file system has sufficient space, try:
 
     /etc/postfix/main.cf:
+        # Default setting for Postfix 2.7 and later.
         # Note: avoid hash files here. Use btree instead.
-        address_verify_map = btree:/var/lib/postfix/verify
+        address_verify_map = btree:$data_directory/verify_cache
 
-NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening
+        # Default setting for Postfix 2.6 and earlier.
-this file. The file should now be stored under the Postfix-owned
+        # This uses non-persistent storage only.
-data_directory. As a migration aid, an attempt to open the file under a non-
+        address_verify_map =
-Postfix directory is redirected to the Postfix-owned data_directory, and a
+
-warning is logged. If you wish to continue using a pre-existing database file,
+NOTE 1: The database file should be stored under a Postfix-owned directory,
-move it to the data_directory, and change ownership to the account specified
+such as $data_directory.
-with the mail_owner parameter.
+
+    As of version 2.5, Postfix no longer uses root privileges when opening this
+    file. To maintain backwards compatibility, an attempt to open the file
+    under a non-Postfix directory is redirected to the Postfix-owned
+    data_directory, and a warning is logged. If you wish to continue using a
+    pre-existing database file, change its file ownership to the account
+    specified with the mail_owner parameter, and either move the file to the
+    data_directory, or move it to some other Postfix-owned directory.
 
 NOTE 2: Do not put this file in a file system that may run out of space. When
 the address verification table gets corrupted the world comes to an end and YOU
 will have to MANUALLY fix things as described in the next section. Meanwhile,
 you will not receive mail via SMTP.
 
-NOTE 3: The verify(8) daemon process will create a new database when none
+NOTE 3: The verify(8) daemon will create a new database when none exists. It
-exists, and will open/create the file before it enters the chroot jail.
+will open or create the file before entering the chroot jail.
 
 MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
 
-The verify(8) manual page describes parameters that control how long
+The verify(8) manual page describes parameters that control how long address
-information remains cached before it needs to be refreshed, and how long
+verification results are cached before they need to be refreshed, and how long
-information can remain "unrefreshed" before it expires. Postfix uses different
+results can remain "unrefreshed" before they expire. Postfix uses different
 controls for positive results (address was accepted) and for negative results
-(address was rejected).
+(address was rejected, or address verification failed for some other reason).
 
-Right now, no tools are provided to manage the address verification database.
+Current Postfix versions will periodically remove expired entries from the
-If the file gets too big, or if it gets corrupted, you can manually rename or
+address verification database. With Postfix version 2.6 and earlier, database
-delete the file and run "postfix reload". The new verify daemon process will
+cleanup had to be done as described next.
-then create a new database.
+
+If the address verification database file becomes too big, or if it becomes
+corrupted, the solution is to manually rename or delete (NOT: truncate) the
+file and run "postfix reload". The verify(8) daemon will then create a new
+database file.
 
 CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess
 

postfix/html/ADDRESS_VERIFICATION_README.html

@@ -402,40 +402,37 @@ sender address verification probe fails with some temporary error.
 
 <h2><a name="caching">Address verification database</a></h2>
 
-<p> NOTE: By default, address verification information is not stored
+<p> To improve performance, the Postfix <a href="verify.8.html">verify(8)</a> daemon can save
-in a persistent file. You have to specify one in <a href="postconf.5.html">main.cf</a> (see
+address verification results to a persistent database.  The
-below). Persistent storage is off by default because it may need
+<a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter specifies
-more disk space than is available in your file system. </p>
+persistent storage for sender or recipient address verification
-
+results.  If you specify an empty value, all address verification
-<p> Address verification information is cached by the Postfix verify
+results are lost after "postfix reload" or "postfix stop". </p>
-daemon.  Postfix has a bunch of parameters that control the caching
-of positive and negative results. Refer to the <a href="verify.8.html">verify(8)</a> manual
-page for details. </p>
-
-<p> The <a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter
-specifies an optional database for sender or recipient address
-verification results.  If you don't specify a file, all address
-verification information is lost after "postfix reload" or "postfix
-stop". </p>
-
-<p> If your /var file system has sufficient space, try: </p>
 
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    # Default setting for Postfix 2.7 and later.
     # Note: avoid hash files here. Use btree instead.
-    <a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/lib/postfix/verify
+    <a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+
+    # Default setting for Postfix 2.6 and earlier.
+    # This uses non-persistent storage only.
+    <a href="postconf.5.html#address_verify_map">address_verify_map</a> =
 </pre>
 </blockquote>
 
-<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
+<p> NOTE 1: The database file should be stored under a Postfix-owned
-when opening this file. The file should now be stored under the
+directory, such as $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
-Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
+
-open the file under a non-Postfix directory is redirected to the
+<blockquote> As of version 2.5, Postfix no longer uses root privileges
-Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish
+when opening this file. To maintain backwards compatibility, an
-to continue using a pre-existing database file, move it to the
+attempt to open the file under a non-Postfix directory is redirected
-<a href="postconf.5.html#data_directory">data_directory</a>, and change ownership to the account specified with
+to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If
-the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter.  </p>
+you wish to continue using a pre-existing database file, change its
+file ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter,
+and either move the file to the <a href="postconf.5.html#data_directory">data_directory</a>, or move it to some
+other Postfix-owned directory.  </blockquote>
 
 <p> NOTE 2: Do not put this file in a file system that may run out
 of space.  When the address verification table gets corrupted the
@@ -443,23 +440,28 @@ world comes to an end and YOU will have to MANUALLY fix things as
 described in the next section. Meanwhile, you will not receive mail
 via SMTP. </p>
 
-<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon process will create a new database when
+<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon will create a new database when
-none exists, and will open/create the file before it enters the
+none exists. It will open or create the file before entering the
 chroot jail. </p>
 
 <h2><a name="dirty_secret">Managing the address verification
 database</a></h2>
 
-<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control
+<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control how
-how long information remains cached before it needs to be refreshed,
+long address verification results are cached before they need to
-and how long information can remain "unrefreshed" before it expires.
+be refreshed, and how long results can remain "unrefreshed" before
-Postfix uses different controls for positive results (address was
+they expire.  Postfix uses different controls for positive results
-accepted) and for negative results (address was rejected). </p>
+(address was accepted) and for negative results (address was rejected,
+or address verification failed for some other reason). </p>
 
-<p> Right now, no tools are provided to manage the address verification
+<p> Current Postfix versions will periodically remove expired entries
-database. If the file gets too big, or if it gets corrupted, you
+from the address verification database. With Postfix version 2.6
-can manually rename or delete the file and run "postfix reload".
+and earlier, database cleanup had to be done as described next. </p>
-The new verify daemon process will then create a new database. </p>
+
+<p> If the address verification database file becomes too big, or
+if it becomes corrupted, the solution is to manually rename or
+delete (NOT: truncate) the file and run "postfix reload".  The
+<a href="verify.8.html">verify(8)</a> daemon will then create a new database file.  </p>
 
 <h2><a name="probe_routing">Controlling the routing of address
 verification probes</a></h2>

postfix/html/postconf.5.html

@@ -124,11 +124,10 @@ Do not change this unless you have a complete understanding of <a href="http://t
 <DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a>
 (default: 12h)</b></DT><DD>
 
-<p> The amount of time between <a href="verify.8.html">verify(8)</a> cache cleanup runs.  Cache
+<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification
-cleanup increases the load on the cache database and should therefore
+database cleanup runs. This feature requires that the database
-not be run frequently. This feature requires that the cache database
 supports the "delete" and "sequence" operators.  Specify a zero
-interval to disable cache cleanup. </p>
+interval to disable database cleanup. </p>
 
 <p> Time units: s (seconds), m (minutes), h (hours), d (days), w
 (weeks). </p>
@@ -169,30 +168,32 @@ This feature is available in Postfix 2.1 and later.
 </DD>
 
 <DT><b><a name="address_verify_map">address_verify_map</a>
-(default: empty)</b></DT><DD>
+(default: see "postconf -d" output)</b></DT><DD>
 
 <p>
-Optional lookup table for persistent address verification status
+Lookup table for persistent address verification status
 storage.  The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and
 is opened before the process releases privileges.
 </p>
 
 <p>
-By default, the information is kept in volatile memory, and is lost
+The lookup table is persistent by default as of Postfix version
-after "<b>postfix reload</b>" or "<b>postfix stop</b>".
+2.7. Specify an empty table name to keep the information in volatile
+memory which is lost after "<b>postfix reload</b>" or "<b>postfix
+stop</b>" (this is default with earlier Postfix versions).
 </p>
 
 <p>
 Specify a location in a file system that will not fill up. If the
 database becomes corrupted, the world comes to an end. To recover
-delete the file and do "<b>postfix reload</b>".
+delete (NOT: truncate) the file and do "<b>postfix reload</b>".
 </p>
 
 <p> As of version 2.5, Postfix no longer uses root privileges when
-opening this file. The file should now be stored under the Postfix-owned
+opening this file. The file must now be stored under a Postfix-owned
-<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
+directory such as the <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt
-under a non-Postfix directory is redirected to the Postfix-owned
+to open the file under a non-Postfix directory is redirected to the
-<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
 
 <p>
 Examples:

postfix/html/verify.8.html

@@ -86,9 +86,9 @@ VERIFY(8)                                                            VERIFY(8)
        <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
 
 <b>CACHE CONTROLS</b>
-       <b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (empty)</b>
+       <b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b>
-              Optional  lookup table for persistent address veri-
+              Lookup  table  for  persistent address verification
-              fication status storage.
+              status storage.
 
        <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
               The sender address to use in  address  verification

postfix/html/virtual.8.html

@@ -236,21 +236,22 @@ VIRTUAL(8)                                                          VIRTUAL(8)
               the virtual message delivery transport.
 
        <b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
-              The maximal size in bytes of an individual  mailbox
+              The maximal size in bytes  of  an  individual  <a href="virtual.8.html"><b>vir-</b></a>
-              or maildir file, or zero (no limit).
+              <a href="virtual.8.html"><b>tual</b>(8)</a>  mailbox  or  maildir  file,  or  zero  (no
+              limit).
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
+              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How much time a Postfix daemon process may take  to
+              How  much time a Postfix daemon process may take to
-              handle  a  request  before  it  is  terminated by a
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
               point when logging sub-second delay values.
 
        <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -258,33 +259,33 @@ VIRTUAL(8)                                                          VIRTUAL(8)
               over an internal communication channel.
 
        <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time  that  an  idle  Postfix
+              The  maximum  amount  of  time that an idle Postfix
-              daemon  process  waits  for  an incoming connection
+              daemon process waits  for  an  incoming  connection
               before terminating voluntarily.
 
        <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
-              The maximal number of incoming connections  that  a
+              The  maximal  number of incoming connections that a
-              Postfix  daemon  process will service before termi-
+              Postfix daemon process will service  before  termi-
               nating voluntarily.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The location of the Postfix top-level queue  direc-
+              The  location of the Postfix top-level queue direc-
               tory.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
+              The mail system  name  that  is  prepended  to  the
-              process name in syslog  records,  so  that  "smtpd"
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>SEE ALSO</b>
@@ -297,20 +298,20 @@ VIRTUAL(8)                                                          VIRTUAL(8)
        <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>HISTORY</b>
-       This delivery agent was originally based  on  the  Postfix
+       This  delivery  agent  was originally based on the Postfix
-       local  delivery  agent.  Modifications mainly consisted of
+       local delivery agent. Modifications  mainly  consisted  of
-       removing code that either was not applicable or  that  was
+       removing  code  that either was not applicable or that was
-       not  safe  in this context: aliases, ~user/.forward files,
+       not safe in this context: aliases,  ~user/.forward  files,
        delivery to "|command" or to /file/name.
 
        The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
        tem by Daniel Bernstein.
 
-       The  <b>maildir</b>  structure  appears  in  the  <b>qmail</b> system by
+       The <b>maildir</b> structure  appears  in  the  <b>qmail</b>  system  by
        Daniel Bernstein.
 
 <b>AUTHOR(S)</b>

postfix/man/man5/postconf.5

@@ -78,11 +78,10 @@ an \fBaccess\fR(5) map "reject" action.
 .PP
 Do not change this unless you have a complete understanding of RFC 2821.
 .SH address_verify_cache_cleanup_interval (default: 12h)
-The amount of time between \fBverify\fR(8) cache cleanup runs.  Cache
+The amount of time between \fBverify\fR(8) address verification
-cleanup increases the load on the cache database and should therefore
+database cleanup runs. This feature requires that the database
-not be run frequently. This feature requires that the cache database
 supports the "delete" and "sequence" operators.  Specify a zero
-interval to disable cache cleanup.
+interval to disable database cleanup.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w
 (weeks).
@@ -98,23 +97,25 @@ Overrides the local_transport parameter setting for address
 verification probes.
 .PP
 This feature is available in Postfix 2.1 and later.
-.SH address_verify_map (default: empty)
+.SH address_verify_map (default: see "postconf -d" output)
-Optional lookup table for persistent address verification status
+Lookup table for persistent address verification status
 storage.  The table is maintained by the \fBverify\fR(8) service, and
 is opened before the process releases privileges.
 .PP
-By default, the information is kept in volatile memory, and is lost
+The lookup table is persistent by default as of Postfix version
-after "\fBpostfix reload\fR" or "\fBpostfix stop\fR".
+2.7. Specify an empty table name to keep the information in volatile
+memory which is lost after "\fBpostfix reload\fR" or "\fBpostfix
+stop\fR" (this is default with earlier Postfix versions).
 .PP
 Specify a location in a file system that will not fill up. If the
 database becomes corrupted, the world comes to an end. To recover
-delete the file and do "\fBpostfix reload\fR".
+delete (NOT: truncate) the file and do "\fBpostfix reload\fR".
 .PP
 As of version 2.5, Postfix no longer uses root privileges when
-opening this file. The file should now be stored under the Postfix-owned
+opening this file. The file must now be stored under a Postfix-owned
-data_directory. As a migration aid, an attempt to open the file
+directory such as the data_directory. As a migration aid, an attempt
-under a non-Postfix directory is redirected to the Postfix-owned
+to open the file under a non-Postfix directory is redirected to the
-data_directory, and a warning is logged.
+Postfix-owned data_directory, and a warning is logged.
 .PP
 Examples:
 .PP

postfix/man/man8/verify.8

@@ -93,8 +93,8 @@ The text below provides only a parameter summary. See
 .nf
 .ad
 .fi
-.IP "\fBaddress_verify_map (empty)\fR"
+.IP "\fBaddress_verify_map (see 'postconf -d' output)\fR"
-Optional lookup table for persistent address verification status
+Lookup table for persistent address verification status
 storage.
 .IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
 The sender address to use in address verification probes; prior

postfix/man/man8/virtual.8

@@ -245,8 +245,8 @@ via the virtual message delivery transport.
 The maximal number of recipients per message for the virtual
 message delivery transport.
 .IP "\fBvirtual_mailbox_limit (51200000)\fR"
-The maximal size in bytes of an individual mailbox or maildir file,
+The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
-or zero (no limit).
+maildir file, or zero (no limit).
 .SH "MISCELLANEOUS CONTROLS"
 .na
 .nf

postfix/proto/ADDRESS_VERIFICATION_README.html

@@ -402,40 +402,37 @@ sender address verification probe fails with some temporary error.
 
 <h2><a name="caching">Address verification database</a></h2>
 
-<p> NOTE: By default, address verification information is not stored
+<p> To improve performance, the Postfix verify(8) daemon can save
-in a persistent file. You have to specify one in main.cf (see
+address verification results to a persistent database.  The
-below). Persistent storage is off by default because it may need
+address_verify_map (NOTE: singular) configuration parameter specifies
-more disk space than is available in your file system. </p>
+persistent storage for sender or recipient address verification
-
+results.  If you specify an empty value, all address verification
-<p> Address verification information is cached by the Postfix verify
+results are lost after "postfix reload" or "postfix stop". </p>
-daemon.  Postfix has a bunch of parameters that control the caching
-of positive and negative results. Refer to the verify(8) manual
-page for details. </p>
-
-<p> The address_verify_map (NOTE: singular) configuration parameter
-specifies an optional database for sender or recipient address
-verification results.  If you don't specify a file, all address
-verification information is lost after "postfix reload" or "postfix
-stop". </p>
-
-<p> If your /var file system has sufficient space, try: </p>
 
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
+    # Default setting for Postfix 2.7 and later.
     # Note: avoid hash files here. Use btree instead.
-    address_verify_map = btree:/var/lib/postfix/verify
+    address_verify_map = btree:$data_directory/verify_cache
+
+    # Default setting for Postfix 2.6 and earlier.
+    # This uses non-persistent storage only.
+    address_verify_map =
 </pre>
 </blockquote>
 
-<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
+<p> NOTE 1: The database file should be stored under a Postfix-owned
-when opening this file. The file should now be stored under the
+directory, such as $data_directory. </p>
-Postfix-owned data_directory. As a migration aid, an attempt to
+
-open the file under a non-Postfix directory is redirected to the
+<blockquote> As of version 2.5, Postfix no longer uses root privileges
-Postfix-owned data_directory, and a warning is logged. If you wish
+when opening this file. To maintain backwards compatibility, an
-to continue using a pre-existing database file, move it to the
+attempt to open the file under a non-Postfix directory is redirected
-data_directory, and change ownership to the account specified with
+to the Postfix-owned data_directory, and a warning is logged. If
-the mail_owner parameter.  </p>
+you wish to continue using a pre-existing database file, change its
+file ownership to the account specified with the mail_owner parameter,
+and either move the file to the data_directory, or move it to some
+other Postfix-owned directory.  </blockquote>
 
 <p> NOTE 2: Do not put this file in a file system that may run out
 of space.  When the address verification table gets corrupted the
@@ -443,23 +440,28 @@ world comes to an end and YOU will have to MANUALLY fix things as
 described in the next section. Meanwhile, you will not receive mail
 via SMTP. </p>
 
-<p> NOTE 3: The verify(8) daemon process will create a new database when
+<p> NOTE 3: The verify(8) daemon will create a new database when
-none exists, and will open/create the file before it enters the
+none exists. It will open or create the file before entering the
 chroot jail. </p>
 
 <h2><a name="dirty_secret">Managing the address verification
 database</a></h2>
 
-<p> The verify(8) manual page describes parameters that control
+<p> The verify(8) manual page describes parameters that control how
-how long information remains cached before it needs to be refreshed,
+long address verification results are cached before they need to
-and how long information can remain "unrefreshed" before it expires.
+be refreshed, and how long results can remain "unrefreshed" before
-Postfix uses different controls for positive results (address was
+they expire.  Postfix uses different controls for positive results
-accepted) and for negative results (address was rejected). </p>
+(address was accepted) and for negative results (address was rejected,
+or address verification failed for some other reason). </p>
 
-<p> Right now, no tools are provided to manage the address verification
+<p> Current Postfix versions will periodically remove expired entries
-database. If the file gets too big, or if it gets corrupted, you
+from the address verification database. With Postfix version 2.6
-can manually rename or delete the file and run "postfix reload".
+and earlier, database cleanup had to be done as described next. </p>
-The new verify daemon process will then create a new database. </p>
+
+<p> If the address verification database file becomes too big, or
+if it becomes corrupted, the solution is to manually rename or
+delete (NOT: truncate) the file and run "postfix reload".  The
+verify(8) daemon will then create a new database file.  </p>
 
 <h2><a name="probe_routing">Controlling the routing of address
 verification probes</a></h2>

postfix/proto/postconf.proto

@@ -199,30 +199,32 @@ verification probes.
 This feature is available in Postfix 2.1 and later.
 </p>
 
-%PARAM address_verify_map
+%PARAM address_verify_map see "postconf -d" output
 
 <p>
-Optional lookup table for persistent address verification status
+Lookup table for persistent address verification status
 storage.  The table is maintained by the verify(8) service, and
 is opened before the process releases privileges.
 </p>
 
 <p>
-By default, the information is kept in volatile memory, and is lost
+The lookup table is persistent by default as of Postfix version
-after "<b>postfix reload</b>" or "<b>postfix stop</b>".
+2.7. Specify an empty table name to keep the information in volatile
+memory which is lost after "<b>postfix reload</b>" or "<b>postfix
+stop</b>" (this is default with earlier Postfix versions).
 </p>
 
 <p>
 Specify a location in a file system that will not fill up. If the
 database becomes corrupted, the world comes to an end. To recover
-delete the file and do "<b>postfix reload</b>".
+delete (NOT: truncate) the file and do "<b>postfix reload</b>".
 </p>
- 
+
 <p> As of version 2.5, Postfix no longer uses root privileges when
-opening this file. The file should now be stored under the Postfix-owned
+opening this file. The file must now be stored under a Postfix-owned
-data_directory. As a migration aid, an attempt to open the file
+directory such as the data_directory. As a migration aid, an attempt
-under a non-Postfix directory is redirected to the Postfix-owned
+to open the file under a non-Postfix directory is redirected to the
-data_directory, and a warning is logged. </p>
+Postfix-owned data_directory, and a warning is logged. </p>
 
 <p>
 Examples:
@@ -282,11 +284,10 @@ This feature is available in Postfix 2.1 and later.
 
 %PARAM address_verify_cache_cleanup_interval 12h
 
-<p> The amount of time between verify(8) cache cleanup runs.  Cache
+<p> The amount of time between verify(8) address verification
-cleanup increases the load on the cache database and should therefore
+database cleanup runs. This feature requires that the database
-not be run frequently. This feature requires that the cache database
 supports the "delete" and "sequence" operators.  Specify a zero
-interval to disable cache cleanup. </p>
+interval to disable database cleanup. </p>
 
 <p> Time units: s (seconds), m (minutes), h (hours), d (days), w
 (weeks). </p>

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20100101"
+#define MAIL_RELEASE_DATE	"20100102"
 #define MAIL_VERSION_NUMBER	"2.7"
 
 #ifdef SNAPSHOT

postfix/src/util/Makefile.in

@@ -498,6 +498,12 @@ dict_cidr_test: dict_open dict_cidr.in dict_cidr.map dict_cidr.ref
 	diff dict_cidr.ref dict_cidr.tmp
 	rm -f dict_cidr.tmp
 
+dict_seq_test: dict_open testdb dict_seq.in dict_seq.ref
+	rm -f testdb.db testdb.dir testdb.pag
+	./dict_open hash:testdb create sync < dict_seq.in > dict_seq.tmp 2>&1
+	diff dict_seq.ref dict_seq.tmp
+	rm -f testdb.db testdb.dir testdb.pag dict_seq.tmp
+
 host_port_test: host_port host_port.in host_port.ref
 	./host_port <host_port.in >host_port.tmp 2>&1
 	diff host_port.ref host_port.tmp

postfix/src/util/dict_db.c

@@ -535,8 +535,19 @@ static void dict_db_close(DICT *dict)
 #endif
     if (DICT_DB_SYNC(dict_db->db, 0) < 0)
 	msg_fatal("flush database %s: %m", dict_db->dict.name);
+
+    /*
+     * With some Berkeley DB implementations, close fails with a bogus ENOENT
+     * error, while it reports no errors with put+sync, no errors with
+     * del+sync, and no errors with the sync operation just before this
+     * comment. This happens in programs that never fork and that never share
+     * the database with other processes. The bogus close error has been
+     * reported for programs that use the first/next iterator. Instead of
+     * making Postfix look bad because it reports errors that other programs
+     * ignore, I'm going to report the bogus error as a non-error.
+     */
     if (DICT_DB_CLOSE(dict_db->db) < 0)
-	msg_fatal("close database %s: %m", dict_db->dict.name);
+	msg_info("close database %s: %m", dict_db->dict.name);
     if (dict_db->key_buf)
 	vstring_free(dict_db->key_buf);
     if (dict_db->val_buf)

postfix/src/util/dict_open.c

@@ -387,7 +387,7 @@ ARGV   *dict_mapnames()
 
 static NORETURN usage(char *myname)
 {
-    msg_fatal("usage: %s type:file read|write|create [fold]", myname);
+    msg_fatal("usage: %s type:file read|write|create [fold] [sync]", myname);
 }
 
 int     main(int argc, char **argv)
@@ -403,6 +403,7 @@ int     main(int argc, char **argv)
     const char *value;
     int     ch;
     int     dict_flags = DICT_FLAG_LOCK | DICT_FLAG_DUP_REPLACE;
+    int     n;
 
     signal(SIGPIPE, SIG_IGN);
 
@@ -417,7 +418,7 @@ int     main(int argc, char **argv)
 	}
     }
     optind = OPTIND;
-    if (argc - optind < 2 || argc - optind > 3)
+    if (argc - optind < 2)
 	usage(argv[0]);
     if (strcasecmp(argv[optind + 1], "create") == 0)
 	open_flags = O_CREAT | O_RDWR | O_TRUNC;
@@ -427,8 +428,14 @@ int     main(int argc, char **argv)
 	open_flags = O_RDONLY;
     else
 	msg_fatal("unknown access mode: %s", argv[2]);
-    if (argv[optind + 2] && strcasecmp(argv[optind + 2], "fold") == 0)
+    for (n = 2; argv[optind + n]; n++) {
-	dict_flags |= DICT_FLAG_FOLD_ANY;
+	if (strcasecmp(argv[optind + 2], "fold") == 0)
+	    dict_flags |= DICT_FLAG_FOLD_ANY;
+	else if (strcasecmp(argv[optind + 2], "sync") == 0)
+	    dict_flags |= DICT_FLAG_SYNC_UPDATE;
+	else
+	    usage(argv[0]);
+    }
     dict_name = argv[optind];
     dict = dict_open(dict_name, open_flags, dict_flags);
     dict_register(dict_name, dict);

postfix/src/util/dict_seq.in

@@ -0,0 +1,11 @@
+put 5 5
+put 3 3
+put 4 4
+put 1 1
+put 2 2
+first
+next
+next
+next
+next
+next

postfix/src/util/dict_seq.ref

@@ -0,0 +1,22 @@
+> put 5 5
+5=5
+> put 3 3
+3=3
+> put 4 4
+4=4
+> put 1 1
+1=1
+> put 2 2
+2=2
+> first
+4=4
+> next
+2=2
+> next
+5=5
+> next
+3=3
+> next
+1=1
+> next
+not found

postfix/src/verify/verify.c

@@ -77,8 +77,8 @@
 /* CACHE CONTROLS
 /* .ad
 /* .fi
-/* .IP "\fBaddress_verify_map (empty)\fR"
+/* .IP "\fBaddress_verify_map (see 'postconf -d' output)\fR"
-/*	Optional lookup table for persistent address verification status
+/*	Lookup table for persistent address verification status
 /*	storage.
 /* .IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
 /*	The sender address to use in address verification probes; prior

postfix/src/virtual/virtual.c

@@ -211,8 +211,8 @@
 /*	The maximal number of recipients per message for the virtual
 /*	message delivery transport.
 /* .IP "\fBvirtual_mailbox_limit (51200000)\fR"
-/*	The maximal size in bytes of an individual mailbox or maildir file,
+/*	The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
-/*	or zero (no limit).
+/*	maildir file, or zero (no limit).
 /* MISCELLANEOUS CONTROLS
 /* .ad
 /* .fi