postfix-2.3-20050304

2025-08-30 21:55:20 +00:00 · 2005-03-04 00:00:00 -05:00
parent 5ec20d1d05
commit 9bf2b1e43e
21 changed files with 189 additions and 667 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -10405,18 +10405,51 @@ Apologies for any names omitted.
 	FROM: or CC: by From: or Cc:. Files: cleanup/cleanup_message.c,
 	smtp/smtp_proto.c.
 20050228
 	Cleanup/portability: missing #includes and bad prototypes.
 	Matthias Andree, Carsten Hoeger, and others.
 20050302
 	Workaround: make TLS session caching work with perverse
 	sites that have multiple servers per hostname or even
 	multiple servers per IP address, but no shared TLS session
 	cache. The SMTP client TLS session cache is now indexed by
 	(server hostname, server address, server port, server helo
 	hostname). After an idea by Victor Duchovni. Files:
 	smtp/smtp_proto.c, tls/tls_client.c.
 20050303
 	Bugfix (bug inherited from Postfix/TLS patch): a rare 9kbyte
 	memory leak when in-memory TLS session information expires;
 	found by setting the expiry time shorter than the time to
 	deliver one or two messages with a very slow machine.  This
 	was due to a missing SSL_SESSION_free() call in the "new
 	session" call-back routines. Found by Victor Duchovni.
 	Files: tls/tls_client.c, tls/tls_server.c.
 	Workaround: OpenSSL is overly agressive when purging a
 	not-yet expired entry from a full in-memory cache: it also
 	purges the entry from the on-disk server session cache.
 	Workaround is to let only the tlsmgr purge entries from the
 	on-disk server session cache.  Found by Victor Duchovni.
 	File: tls/tls_server.c.
 20050304
 	Postfix releases are now signed with Wietse's new PGP key.
 	The old key was getting a bit short for today's standards.
 	The new public key can be found on the Postfix download
 	webpage. As proof of authenticity the new PGP key is signed
 	with Wietse's old PGP key.
 Open problems:
 	Med: disable header address rewriting after XCLIENT?
 	Introduce a better concept of original submission?
 	Low: 9kbyte memory leak when expired in-memory session
 	information is removed by SSL_CTX_flush_sessions(); found
 	by setting the expiry time shorter than the time to deliver
 	one or two messages. Postfix processes are short-lived,
 	and the occurrance of this leak is rare enough that it is
 	a low priority.
 	Low: configurable order of local(8) delivery methods.
 	Med: local and remote source port and IP address for smtpd
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,491 +1,15 @@
-The official Postfix release is called 2.1.x where 2=major release
+The stable Postfix release is called postfix-2.2.x where 2=major
-number, 1=minor release number, x=patchlevel.  Snapshot releases
+release number, 2=minor release number, x=patchlevel.  The stable
-are now called 2.2-yyyymmdd where yyyymmdd is the release date
+release never changes except for patches that address bugs or
-(yyyy=year, mm=month, dd=day).  The mail_release_date configuration
+emergencies. Patches change the patchlevel and the release date.
 parameter contains the release date (both for official release and
 snapshot release).  Patches are issued for the official release
 and change the patchlevel and the release date. Patches are never
 issued for snapshot releases.
-Major changes with snapshot Postfix-2.2-20050212
+New features are developed in snapshot releases. These are called
-================================================
+postfix-2.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
 mm=month, dd=day).  Patches are never issued for snapshot releases;
 instead, a new snapshot is released.
-When header address rewriting is enabled, Postfix now updates a
+The mail_release_date configuration parameter (format: yyyymmdd)
-message header only when at least one address in that header
+specifies the release date of a stable release or snapshot release.
 is modified.  Older Postfix versions first parse and then unparse
 a header so that there may be subtle changes in formatting, such
 as the amount of whitespace between tokens, or in capitalization
 of header labels such as FROM:/CC: because they are not replaced
 by From:/Cc:.
-Major changes with snapshot Postfix-2.2-20050211
+See RELEASE_NOTES-2.2 for changes introduced during the development
-================================================
+of Postfix version 2.2.
 The "generics" table feature is renamed to "generic", for consistency
 with other Postfix table names which are also singular.
 Major changes with snapshot Postfix-2.2-20050209
 ================================================
 The policy delegation protocol now supplies TLS client certificate
 information after successful verification. The new attribute names
 are ccert_subject, ccert_issuer and ccert_fingerprint.
 Major changes with snapshot Postfix-2.2-20050208
 ================================================
 New "check_ccert_maps maptype:mapname" feature to enforce access
 control based on (hexadecimal) client certificate fingerprints.
 Major changes with snapshot Postfix-2.2-20050206
 ================================================
 Support for address rewriting in outgoing SMTP mail. This is useful
 for sites that have no valid Internet domain name, and that use a
 domain name such as localdomain.local instead. Mail addresses that
 use such domain names are often rejected by mail servers.  
 The new smtp_generic_maps feature allows you to replace local mail
 addresses by valid Internet addresses when mail is sent across the
 Internet.  It has no effect on mail that is sent between accounts
 on the local machine. The syntax is described in generic(5) and
 a detailed example is in the STANDARD_CONFIGURATION_README file.
 Example:
 /etc/postfix/main.cf:
    smtp_generic_maps = hash:/etc/postfix/generic
 /etc/postfix/generic:
    you@localdomain.local		youraccount@yourisp.net
    her@localdomain.local		heraccount@herisp.net
    @localdomain.local			youraccount+local@yourisp.net
 When mail is sent to a remote host via SMTP, this replaces your
 local mail address you@localdomain.local by your ISP mail address,
 replaces her@localdomain.local by her ISP mail address, and replaces
 all other local addresses by your ISP account, with an address
 extension of +local (this example assumes that the ISP supports
 "+" style address extensions).
 Major changes with snapshot Postfix-2.2-20050205
 ================================================
 REPLACE action in header_checks and body_checks. See header_checks(5)
 for details.
 Incompatible changes with snapshot Postfix-2.2-20050203
 =======================================================
 Postfix rewrites message header addresses only in mail that originates
 from the local machine. Specify "local_header_rewrite_clients =
 static:all" to get the old behavior of Postfix 2.1 and earlier.
 All "postfix start" file permission checks are run in the foreground
 while Postfix is started.
 Major changes with snapshot Postfix-2.2-20050203
 ================================================
 To create a ready-to-install package for distribution to other
 systems use "make package" or "make non-interactive-package",
 instead of invoking the postfix-install script by hand (which is
 deprecated). See the PACKAGE_README file for details.
 New "permit_inet_interfaces" access restriction to allow access
 from local IP addresses only. This is used for the default, purist,
 setting of local_header_rewrite_clients in the previous paragraph.
 New "sleep time-in-seconds" pseudo access restriction to block
 zombie clients with reject_unauthorized_pipelining before the
 Postfix SMTP server sends the SMTP greeting. See postconf(5)
 for example.
 Safety: Postfix no longer tries to send mail to the fallback_relay
 when the local machine is MX host for the mail destination. See
 the postconf(5) description of fallback_relay for details.
 Incompatible changes with snapshot Postfix-2.2-20050117
 =======================================================
 Only the deferred and defer queue directories are hashed by default,
 instead of eight queue directories.  With modern file systems, this
 speeds up Postfix boot time without compromising performance under
 high load too much. Hashing is now turned on only for the defer and
 deferred queue directories, because those contain lots of mail when
 undeliverable mail is backing up.
 The SMTP server now requires that IPv6 addresses in SMTP commands
 are specified as [ipv6:ipv6address], as described in RFC 2821.
 Incompatible changes with snapshot Postfix-2.2-20050111+IPV6
 ============================================================
 Postfix version 2.2 IP version 6 support is based on the Postfix/IPv6
 patch by Dean Strik, but differs in a few minor ways.
 - Network protocol support including DNS lookup is selected with
 the inet_protocols parameter instead of the inet_interfaces parameter.
 This is needed so that Postfix will not attempt to deliver mail
 via IPv6 when the system has no IPv6 connectivity.
 - The lmtp_bind_address6 feature was omitted. The Postfix LMTP
 client will be absorbed into the SMTP client, so there is no reason
 to keep adding features to the LMTP client.
 - The cidr-based address matching code was rewritten.  The new
 behavior is believed to be closer to expectation. The results may
 be incompatible with that of the Postfix/IPv6 patch.
 Major changes with snapshot Postfix-2.2-20050111+IPV6
 =====================================================
 Postfix version 2.2 IP version 6 support based on the Postfix/IPv6
 patch by Dean Strik and others. IP version 6 support is selected
 in main.cf; it is not selected at compile time as with TLS or SASL.
 IP version 6 support is always compiled into Postfix on systems
 that have Postfix compatible IP version 6 support. On other systems
 Postfix will simply use IP version 4 just like it did before. See
 the IPV6_README document for what systems are supported, and how
 to turn on IPv6 in main.cf.
 Incompatible changes with snapshot Postfix-2.2-20041210+TLS
 ===========================================================
 Postfix version 2.2 TLS support is based on the Postfix/TLS patch
 by Lutz Jaenicke, but differs in a few minor ways.
 - main.cf: Use btree instead of sdbm for TLS session cache databases.
  Session caches are now accessed only by the tlsmgr(8) process,
  so there are no more concurrency issues. Although Postfix still
  has an sdbm client, the sdbm library (1000 lines of code) is no
  longer included with Postfix/TLS.
  TLS session caches can use any database that can store objects
  of several kbytes or more, and that implements the sequence
  operation. In most cases, btree databases should be adequate.
  NOTE: You cannot use dbm databases. TLS session objects are too
  large.
 - master.cf: Specify unix instead of fifo as the tlsmgr service type.
  The smtp(8) and smtpd(8) processes now use a client-server protocol
  in order to access the tlsmgr(8)'s pseudo-random number generation
  (PRNG) pool, and in order to access the TLS session cache databases.
  Such a protocol cannot be run across fifos.
 Major changes with snapshot Postfix-2.2-20041210+TLS
 =====================================================
 TLS support based on the Postfix/TLS patch by Lutz Jaenicke.  This
 is not compiled in by default. To build Postfix with TLS support,
 see the TLS_README document.
 Major changes with snapshot Postfix-2.2-20041218
 ================================================
 Fine control for SMTP inter-operability problems, by discarding
 keywords sent or received with the EHLO handshake. Typically one
 would discard "pipelining", "starttls", or "auth".  Specify a list
 of EHLO keywords with the smtp(d)_discard_ehlo_keywords parameters,
 or specify one or more lookup tables, indexed by remote network
 address, with the smtp(d)_discard_ehlo_keyword_address_maps
 parameters. Note: this only discards words from the EHLO conversation;
 it does not turn off the actual features in the SMTP server.
 More client attributes for delivery to command with the local(8)
 and pipe(8) delivery agents: client_hostname, client_address,
 client_protocol, client_helo, sasl_method, sasl_sender, and
 sasl_username.  With local(8), attribute names must be specified
 in upper case.
 Major changes with snapshot Postfix-2.2-20041210
 ================================================
 You can now dump an entire database with the new postmap/postalias
 "-s" option. This works only for database types with Postfix sequence
 operator support: hash, btree, dbm, and sdbm.
 Major changes with snapshot Postfix-2.2-20041208
 ================================================
 Support for CDB databases by Michael Tokarev. This supports both
 Michael's tinycdb and Daniel Bernstein's cdb implementations, but
 neither of the two implementations is bundled with Postfix.
 Incompatible changes with snapshot Postfix-2.2-20041118
 =======================================================
 You must restart Postfix, because the master-child protocol has
 changed.  Postfix will log warnings about partial status updates
 if you forget to restart the master.
 Major changes with snapshot Postfix-2.2-20041118
 ================================================
 New "smtpd_end_of_data_restrictions" feature that is invoked after
 the client terminates the SMTP DATA command. The syntax is the same
 as with "smtpd_data_restrictions", but the message size is the
 actual byte count of the message content.
 Incompatible changes with snapshot Postfix-2.2-20041030
 =======================================================
 The SMTP session cache is renamed to connection cache, to avoid
 confusion with the TLS session cache. Thus, all session_cache_mumble
 parameters are now called connection_cache_mumble.
 Incompatible changes with snapshot Postfix-2.2-20041023
 =======================================================
 You must reload or stop/start Postfix, because the queue manager
 to delivery agent protocol has changed. If you forget this, mail
 will remain queued until the queue manager is restarted.
 Support for the non-standard Errors-To: return addresses is removed.
 It was already disabled by default with Postfix version 2.1. Since
 Errors-To: is non-standard, there was no guarantee that it would
 have effect with other MTAs.
 Major changes with snapshot Postfix-2.2-20041023
 ================================================
 The NIS+ client by Geoff Gibbs is now part of the Postfix source
 tree. Details are given in the nisplus_table(5) manual page.
 By default, Postfix no longer appends its own domain to addresses
 in message headers from remote clients. Thus, spam from poorly
 written software no longer looks like it came from a local user.
 Postfix either does not rewrite remote message headers at all, or
 it rewrites headers and appends the domain name that is specified
 with the remote_header_rewrite_domain parameter (like "domain.invalid").
 To get the behavior of earlier Postfix versions (always append
 Postfix's own domain to incomplete addresses in message headers)
 specify:
 /etc/postfix/main.cf:
    local_header_rewrite_clients = static:all
 Postfix always appends its own domain information to addresses in
 message headers from Postfix sendmail and from local SMTP clients.
 By default, Postfix considers an SMTP client local (and thus updates
 message header addresses with the Postfix's own domain) when the
 client IP address matches mynetworks, or when the client is SASL
 or TLS authenticated.  
 If you want to include other clients via a pop-before-smtp table,
 then you have to specify that via the new local_header_rewrite_clients
 parameter:
 /etc/postfix/main.cf:
    local_header_rewrite_clients = permit_mynetworks,
 	permit_sasl_authenticated, permit_tls_clientcerts,
 	check_address_map hash:/etc/postfix/pop-before-smtp
 As before, Postfix appends local domain information to envelope
 addresses (as opposed to header addresses), because an unqualified
 envelope address is effectively local for the purpose of delivery,
 and for the purpose of replying to it.
 Full details are given in ADDRESS_REWRITING_README, and in the
 postconf(5) manual. For best results, point your browser at the
 ADDRESS_REWRITING_README.html file and navigate to the section
 titled "To rewrite or not to rewrite, or to label as invalid".
 Incompatible changes with snapshot Postfix-2.2-20041009
 =======================================================
 You must reload or stop/start Postfix, because the queue manager
 to delivery agent protocol has changed. If you forget this, mail
 will remain queued until the queue manager is restarted.
 The smtpd_client_connection_limit_exceptions parameter is renamed
 to smtpd_client_event_limit_exceptions. Besides connections it now
 also applies to per-client message rate and recipient rate limits.
 Major changes with snapshot Postfix-2.2-20041009
 ================================================
 Per SMTP client message rate and recipient rate limits. These limit
 the number of MAIL FROM or RCPT TO requests regardless of whether
 or not Postfix would have accepted them otherwise. The user interface
 (smtpd_client_message_rate_limit and smtpd_client_recipient_rate_limit)
 is similar to that of the existing per SMTP client connection rate
 limit, and the same warnings apply: these features are to be used
 to stop abuse, and must not be used to regulate legitimate mail.
 More details can be found in the postconf(5) manual.
 Incompatible changes with snapshot Postfix-2.2-20040919
 =======================================================
 This snapshot adds a discard service to the master.cf file.
 Major changes with snapshot Postfix-2.2-20040919
 ================================================
 A new discard(8) mail delivery agent that makes throwing away mail
 easier and more efficient. It's the Postfix equivalent of /dev/null
 for deliveries. On the input side, Postfix already has a /dev/null
 equivalent in the form of the DISCARD action in access maps and
 header_body_checks.
 Access control for local mail submission, for listing the queue
 and for flushing the queue. These features are controlled with
 authorized_submit_users, authorized_mailq_users, and with
 authorized_flush_users, respectively. The last two controls are
 always permitted for the super-user and for the mail system owner.
 More information is in the postconf(5) manual.
 Incompatible changes with snapshot Postfix-2.2-20040829
 =======================================================
 When no recipients are specified on the command line or via the -t
 option, the Postfix sendmail command terminates with status EX_USAGE
 and produces an error message instead of accepting the mail first
 and bouncing it later. This gives more direct feedback in case of
 a common client configuration error.
 Major changes with snapshot Postfix-2.2-20040827
 ================================================
 Easier use of the proxymap service with the virtual(8) delivery
 agent. As of now, the virtual(8) delivery agent will silently open
 maps directly when they can't be proxied.  This means you can now
 specify "virtual_mailbox_maps = proxy:mysql:whatever" without
 triggering fatal errors in the virtual(8) delivery agent.
 Better SMTP client control over the use of SASL mechanisms. New
 smtp_sasl_mechanism_filter mechanism to shorten the list of SASL
 mechanisms from a remote server to just those that the local SASL
 library can actually use.
 Finer control over canonical mapping with canonical_classes,
 sender_canonical_classes and recipient_canonical_classes.  These
 specify one or more of envelope_sender, header_sender, envelope_recipient
 or header_recipient. The default settings are backwards compatible.
 Incompatible changes with snapshot Postfix-2.2-20040729
 =======================================================
 SMTP session caching is enabled temporarily when a destination has
 a high volume of mail in the active queue.  To disable, specify
 "smtp_connection_cache_on_demand = no".
 Major changes with snapshot Postfix-2.2-20040729
 ================================================
 Opportunistic SMTP session caching. When a destination has a high
 volume of mail in the active queue, SMTP session caching is enabled
 temporarily.  This is controlled with a new configuration parameter
 "smtp_connection_cache_on_demand" (default:  yes).
 Incompatible changes with snapshot Postfix-2.2-20040723
 =======================================================
 Permanent SMTP session caching is now enabled with the
 smtp_session_cache_destinations parameter. This requires "bare"
 domain names without "[]" or TCP port.  The change eliminates a
 syntax conflict between host:port and maptype:mapname, and simplifies
 the user interface, at the cost of a minor loss of control over
 what sessions are cached.
 Major changes with snapshot Postfix-2.2-20040721
 ================================================
 The session cache manager now logs cache hit and miss statistics
 every $session_cache_status_update_time seconds (default: 600s).
 It reports the hit and miss rates for lookups by domain, as well
 as for lookups by network address. 
 Hit rates for cache lookups by domain will tell you how useful
 session caching is.
 Cache lookups by network address will always fail, unless you're
 sending mail to different domains that share the same MX host.
 Incompatible changes with snapshot Postfix-2.2-20040720
 =======================================================
 The default SMTP/LMTP timeouts for sending RSET are reduced to 20s.
 Major changes with snapshot Postfix-2.2-20040720
 ================================================
 Selective permanent SMTP session caching. Instead of disconnecting
 immediately after a mail transaction, the SMTP client can save the
 open session to a session cache daemon, so that any SMTP client
 process can use that session for another mail transaction.
 This feature introduces the scache (session cache) server, which
 is added to your master.cf file when you upgrade Postfix.
 *** You need to execute "postfix reload" when upgrading from Postfix
 *** version 2.1 or later.
 *** You need to execute "postfix stop" when upgrading from Postfix
 *** version 2.0 or earlier. Execute "postfix start" when done.
 Session caching is enabled with the new smtp_connection_cache_destinations
 parameter. Specify a list of destinations or lookup tables:
 - if mail is sent without relay host: a domain (the right-hand side
 of an email address),
 - if mail is sent via a relay host, the relay host (without [],
 and without non-default TCP port) that is specified in main.cf or
 in the transport map,
 - a /file/name with domains and/or relay hosts,
 - a type:table with domains and/or relay hosts on the left-hand
 side; the right-hand side result from type:table lookups is ignored.
 The following optimizes deliveries to hosts that your machine relays
 mail to:
    smtp_connection_cache_destinations = $relay_domains $relayhost
 A setting that tries to optimize deliveries to problem sites:
    smtp_connection_cache_destinations = hotmail.com...
 Cached SMTP sessions are allowed to remain unused for only a limited
 amount of time (smtp_connection_cache_time_limit, default:  2
 seconds). This limits the impact on remote server resources.
 Specify larger values only with permission from the remote sites.
 To avoid triggering remote problems, the same SMTP session is used
 only a limited number of times (smtp_connection_cache_reuse_limit,
 default:  10).
 Robustness note: to prevent mail from being delivered to the wrong
 server, the session caching feature explicitly labels each cached
 session with destination domain and IP address information. A
 session cache lookup succeeds only when the correct information is
 specified.
 Limitations:
 - SMTP session caching does not work with TLS (the necessary support
 for object passivation and re-activation does not exist without
 closing the connection).
 - SMTP session caching assumes that SASL credentials are valid for
 all hostnames or domain names that map onto the same IP address
 and TCP port.
 Major changes with snapshot Postfix-2.2-20040621
 ================================================
 Control over the working directory when executing an external
 command.  With the pipe(8) mailer, specify directory=pathname, and
 with local(8) specify "command_execution_directory = expression"
 where "expression" is subject to $home etc. macro expansion. The
 result of macro expansion is restricted by the set of characters
 specified with execution_directory_expansion_filter.
--- a/postfix/RELEASE_NOTES-2.2
+++ b/postfix/RELEASE_NOTES-2.2
@@ -21,8 +21,8 @@ the following sections of this document.
 from third-party patches.
 - SMTP client-side connection reuse. This can dramatically speed
-up deliveries to high-volume destinations that have good and
+up deliveries to high-volume destinations that have some servers
-non-responding mail servers.
+that respond, and some non-responding mail servers.
 - By default, message header address rewriting is now disabled for
 SMTP mail from other systems.  Thus, spam from poorly written
@@ -75,8 +75,8 @@ the Postfix/TLS patch.
 [Feature 20040919] The upgrade procedure adds the discard service
 to the master.cf file.
-[Feature 20040720] The upgrade procedure adds the scache (connection
+[Feature 20040720] The upgrade procedure adds the scache (shared
-cache) service to the master.cf file.
+connection cache) service to the master.cf file.
 Major changes - IPv6 support
 ----------------------------
@@ -116,15 +116,6 @@ Postfix/TLS patch by Lutz Jaenicke.  TLS support is not compiled
 in by default.  For more information about Postfix 2.2 TLS support,
 see the TLS_README document.
 [Feature 20050209] The Postfix SMTP server policy delegation protocol
 now supplies TLS client certificate information after successful
 verification.  The new policy delegation protocol attribute names
 are ccert_subject, ccert_issuer and ccert_fingerprint.
 [Feature 20050208] New "check_ccert_maps maptype:mapname" feature
 to enforce access control based on hexadecimal client certificate
 fingerprints.
 [Incompat 20041210] Postfix version 2.2 TLS support differs from
 the Postfix/TLS patch by Lutz Jaenicke in a few minor ways.
@@ -150,6 +141,15 @@ the Postfix/TLS patch by Lutz Jaenicke in a few minor ways.
  (PRNG) pool, and in order to access the TLS session cache databases.
  Such a protocol cannot be run across fifos.
 [Feature 20050209] The Postfix SMTP server policy delegation protocol
 now supplies TLS client certificate information after successful
 verification.  The new policy delegation protocol attribute names
 are ccert_subject, ccert_issuer and ccert_fingerprint.
 [Feature 20050208] New "check_ccert_maps maptype:mapname" feature
 to enforce access control based on hexadecimal client certificate
 fingerprints.
 Major changes - SMTP client connection cache
 --------------------------------------------
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -582,11 +582,24 @@ debugger_command =
 	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
-# If you don't have X installed on the Postfix machine, try:
+# If you can't use X, use this to capture the call stack when a
 # daemon crashes. The result is in a file in the configuration
 # directory, and is named after the process name and the process ID.
 #
 # debugger_command =
 #	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
 #	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
 # To attach to the screen sesssion, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
 # debugger_command =
 #	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
 #	-dmS $process_name gdb $daemon_directory/$process_name
 #	$process_id & sleep 1
 # INSTALL-TIME CONFIGURATION INFORMATION
 #
--- a/postfix/src/anvil/anvil.c
+++ b/postfix/src/anvil/anvil.c
@@ -387,7 +387,7 @@ typedef struct {
 	    (remote)->rcpt = 0; \
 	    (remote)->newtls = 1; \
 	    (remote)->start = _now; \
-	} else if ((remote)->rcpt < INT_MAX) { \
+	} else if ((remote)->newtls < INT_MAX) { \
            (remote)->newtls += 1; \
 	} \
    } while(0)
--- a/postfix/src/discard/discard.c
+++ b/postfix/src/discard/discard.c
@@ -115,6 +115,7 @@
 #include <bounce.h>
 #include <deliver_completed.h>
 #include <flush_clnt.h>
 #include <sent.h>
 /* Single server skeleton. */
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
  * Patches change the patchlevel and the release date. Snapshots change the
  * release date only.
  */
-#define MAIL_RELEASE_DATE	"20050227"
+#define MAIL_RELEASE_DATE	"20050304"
 #define MAIL_VERSION_NUMBER	"2.2"
 #define VAR_MAIL_VERSION	"mail_version"
--- a/postfix/src/master/master_vars.c
+++ b/postfix/src/master/master_vars.c
@@ -25,6 +25,7 @@
 /* System library. */
 #include <sys_defs.h>
 #include <string.h>
 #include <unistd.h>
 /* Utility library. */
--- a/postfix/src/postdrop/postdrop.c
+++ b/postfix/src/postdrop/postdrop.c
@@ -152,7 +152,7 @@
 /*
  * Local mail submission access list.
  */
-static char *var_submit_acl;
+char   *var_submit_acl;
 static CONFIG_STR_TABLE str_table[] = {
    VAR_SUBMIT_ACL, DEF_SUBMIT_ACL, &var_submit_acl, 0, 0,
--- a/postfix/src/postqueue/postqueue.c
+++ b/postfix/src/postqueue/postqueue.c
@@ -222,8 +222,8 @@
 /*
  * Queue manipulation access lists.
  */
-static char *var_flush_acl;
+char   *var_flush_acl;
-static char *var_showq_acl;
+char   *var_showq_acl;
 static CONFIG_STR_TABLE str_table[] = {
    VAR_FLUSH_ACL, DEF_FLUSH_ACL, &var_flush_acl, 0, 0,
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -447,7 +447,7 @@ typedef struct SM_STATE {
 /*
  * Mail submission ACL
  */
-static char *var_submit_acl;
+char   *var_submit_acl;
 static CONFIG_STR_TABLE str_table[] = {
    VAR_SUBMIT_ACL, DEF_SUBMIT_ACL, &var_submit_acl, 0, 0,
--- a/postfix/src/smtp/smtp.h
+++ b/postfix/src/smtp/smtp.h
@@ -173,6 +173,7 @@ typedef struct SMTP_SESSION {
    char   *host;			/* mail exchanger */
    char   *addr;			/* mail exchanger */
    char   *namaddr;			/* mail exchanger */
    char   *helo;			/* helo response */
    unsigned port;			/* network byte order */
    VSTRING *buffer;			/* I/O buffer */
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@@ -219,6 +219,8 @@ char   *xfer_request[SMTP_STATE_LAST] = {
    "QUIT command",
 };
 static int smtp_start_tls(SMTP_STATE *, int);
 /* smtp_helo - perform initial handshake with SMTP server */
 int     smtp_helo(SMTP_STATE *state, NOCLOBBER int misc_flags)
@@ -245,7 +247,6 @@ int     smtp_helo(SMTP_STATE *state, NOCLOBBER int misc_flags)
    int     discard_mask;
 #ifdef USE_TLS
    static int smtp_start_tls(SMTP_STATE *, int);
    int     saved_features = session->features;
 #endif
@@ -361,9 +362,22 @@ int     smtp_helo(SMTP_STATE *state, NOCLOBBER int misc_flags)
     * MicroSoft implemented AUTH based on an old draft.
     */
    lines = resp->str;
-    while ((words = mystrtok(&lines, "\n")) != 0) {
+    for (n = 0; (words = mystrtok(&lines, "\n")) != 0; /* see below */ ) {
 	if (mystrtok(&words, "- ") && (word = mystrtok(&words, " \t=")) != 0) {
-	    if (strcasecmp(word, "8BITMIME") == 0) {
+	    if (n == 0) {
 		if (session->helo != 0)
 		    myfree(session->helo);
 		session->helo = lowercase(mystrdup(word));
 		if (strcasecmp(word, var_myhostname) == 0
 		    && (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT) != 0) {
 		    msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
 			     session->namaddr, var_myhostname);
 		    return (smtp_site_fail(state,
 		     (session->features & SMTP_FEATURE_BEST_MX) ? 550 : 450,
 					 "mail for %s loops back to myself",
 					   request->nexthop));
 		}
 	    } else if (strcasecmp(word, "8BITMIME") == 0) {
 		if ((discard_mask & EHLO_MASK_8BITMIME) == 0)
 		    session->features |= SMTP_FEATURE_8BITMIME;
 	    } else if (strcasecmp(word, "PIPELINING") == 0) {
@@ -396,16 +410,8 @@ int     smtp_helo(SMTP_STATE *state, NOCLOBBER int misc_flags)
 		if ((discard_mask & EHLO_MASK_AUTH) == 0)
 		    smtp_sasl_helo_auth(session, words);
 #endif
 	    } else if (strcasecmp(word, var_myhostname) == 0) {
 		if (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT) {
 		    msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
 			     session->namaddr, var_myhostname);
 		    return (smtp_site_fail(state,
 		     (session->features & SMTP_FEATURE_BEST_MX) ? 550 : 450,
 					 "mail for %s loops back to myself",
 					   request->nexthop));
 		}
 	    }
 	    n++;
 	}
    }
    if (msg_verbose)
@@ -554,6 +560,7 @@ int     smtp_helo(SMTP_STATE *state, NOCLOBBER int misc_flags)
 static int smtp_start_tls(SMTP_STATE *state, int misc_flags)
 {
    SMTP_SESSION *session = state->session;
    VSTRING *serverid;
    /*
     * Turn off SMTP connection caching. When the TLS handshake succeeds, we
@@ -580,13 +587,26 @@ static int smtp_start_tls(SMTP_STATE *state, int misc_flags)
     * follow below AFTER the tls_client_start() call. These tests should be
     * done inside tls_client_start() or its call-backs, to keep the SMTP
     * client code clean (as it is in the SMTP server).
     * 
     * The following assumes sites that use TLS in a perverse configuration:
     * multiple hosts per hostname, or even multiple hosts per IP address.
     * All this without a shared TLS session cache, and they still want to
     * use TLS session caching???
     */
    serverid = vstring_alloc(10);
    vstring_sprintf(serverid, "%s:%s:%u",
 		    session->host, session->addr,
 		    ntohs(session->port));
    if (session->helo && strcasecmp(session->host, session->helo) != 0)
 	vstring_sprintf_append(serverid, ":%s", session->helo);
    session->tls_context =
 	tls_client_start(smtp_tls_ctx, session->stream,
 			 var_smtp_starttls_tmout,
 			 session->tls_enforce_peername,
 			 session->host,
 			 lowercase(vstring_str(serverid)),
 			 &(session->tls_info));
    vstring_free(serverid);
    if (session->tls_context == 0)
 	return (smtp_site_fail(state, 450,
 			       "Cannot start TLS: handshake failure"));
@@ -741,10 +761,10 @@ static void smtp_header_rewrite(void *context, int header_class,
    char   *end_line;
    /*
-     * Rewrite primary header addresses that match the smtp_generic_maps.
+     * Rewrite primary header addresses that match the smtp_generic_maps. The
-     * The cleanup server already enforces that all headers have proper
+     * cleanup server already enforces that all headers have proper lengths
-     * lengths and that all addresses are in proper form, so we don't have to
+     * and that all addresses are in proper form, so we don't have to repeat
-     * repeat that.
+     * that.
     */
    if (header_info && header_class == MIME_HDR_PRIMARY
 	&& (header_info->flags & (HDR_OPT_SENDER | HDR_OPT_RECIP)) != 0) {
--- a/postfix/src/smtp/smtp_sasl_proto.c
+++ b/postfix/src/smtp/smtp_sasl_proto.c
@@ -98,8 +98,8 @@ static const char *smtp_sasl_compat_mechs(const char *words)
    save_mech = mech_list = mystrdup(words);
-    while (mech = mystrtok(&mech_list, " \t")) {
+    while ((mech = mystrtok(&mech_list, " \t")) != 0) {
-    	if (string_list_match(smtp_sasl_mechs, mech)) {
+	if (string_list_match(smtp_sasl_mechs, mech)) {
 	    if (VSTRING_LEN(buf) > 0)
 		VSTRING_ADDCH(buf, ' ');
 	    vstring_strcat(buf, mech);
--- a/postfix/src/smtp/smtp_session.c
+++ b/postfix/src/smtp/smtp_session.c
@@ -96,6 +96,7 @@
 #include <sys_defs.h>
 #include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h>
 #ifdef STRCASECMP_IN_STRINGS_H
 #include <strings.h>
@@ -118,6 +119,7 @@
 /* Application-specific. */
 #include "smtp.h"
 #include "smtp_sasl.h"
 #define STR(x) vstring_str(x)
@@ -211,6 +213,7 @@ SMTP_SESSION *smtp_session_alloc(VSTREAM *stream, const char *dest,
    session->host = mystrdup(host);
    session->addr = mystrdup(addr);
    session->namaddr = concatenate(host, "[", addr, "]", (char *) 0);
    session->helo = 0;
    session->port = port;
    session->features = 0;
@@ -298,6 +301,8 @@ void    smtp_session_free(SMTP_SESSION *session)
    myfree(session->host);
    myfree(session->addr);
    myfree(session->namaddr);
    if (session->helo)
 	myfree(session->helo);
    vstring_free(session->buffer);
    vstring_free(session->scratch);
--- a/postfix/src/smtpd/smtpd_sasl_glue.c
+++ b/postfix/src/smtpd/smtpd_sasl_glue.c
@@ -93,6 +93,7 @@
 #include <mymalloc.h>
 #include <namadr_list.h>
 #include <name_mask.h>
 #include <stringops.h>
 /* Global library. */
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -52,6 +52,7 @@ typedef struct {
    SSL    *con;
    BIO    *internal_bio;		/* postfix/TLS side of pair */
    BIO    *network_bio;		/* network side of pair */
    char   *serverid;			/* unique server identifier */
    char    peer_subject[CCERT_BUFSIZ];
    char    peer_issuer[CCERT_BUFSIZ];
    char    peer_CN[CCERT_BUFSIZ];
@@ -67,6 +68,18 @@ typedef struct {
 #define TLS_BIO_BUFSIZE	8192
 #define NEW_TLS_CONTEXT(p) do { \
 	p = (TLScontext_t *) mymalloc(sizeof(*p)); \
 	memset((char *) p, 0, sizeof(*p)); \
 	p->serverid = 0; \
    } while (0)
 #define FREE_TLS_CONTEXT(p) do { \
 	if ((p)->serverid) \
 	    myfree((p)->serverid); \
 	myfree((char *) (p)); \
    } while (0)
 typedef struct {
    int     peer_verified;
    int     hostname_matched;
@@ -88,7 +101,8 @@ extern const tls_info_t tls_info_zero;
  */
 extern SSL_CTX *tls_client_init(int);
 extern TLScontext_t *tls_client_start(SSL_CTX *, VSTREAM *, int, int,
-				              const char *, tls_info_t *);
+				              const char *, const char *,
 				              tls_info_t *);
 #define tls_client_stop(ctx , stream, timeout, failure, tls_info) \
 	tls_session_stop((ctx), (stream), (timeout), (failure), (tls_info))
@@ -183,7 +197,6 @@ extern int tls_set_my_certificate_key_info(SSL_CTX *, const char *,
  * tls_misc.c
  */
 extern int TLScontext_index;
 extern int TLSpeername_index;
 extern void tls_print_errors(void);
 extern void tls_info_callback(const SSL *, int, int);
--- a/postfix/src/tls/tls_client.c
+++ b/postfix/src/tls/tls_client.c
@@ -9,13 +9,15 @@
 /*	SSL_CTX	*tls_client_init(verifydepth)
 /*	int	verifydepth; /* unused */
 /*
-/*	TLScontext_t *tls_client_start(client_ctx, stream, timeout, peername,
+/*	TLScontext_t *tls_client_start(client_ctx, stream, timeout, 
-/*					peeraddr, tls_info)
+/*					enforce_peername, peername, 
 /*					serverid, tls_info)
 /*	SSL_CTX	*client_ctx;
 /*	VSTREAM	*stream;
 /*	int	timeout;
 /*	int	enforce_peername;
 /*	const char *peername;
-/*	const char *peeraddr;
+/*	const char *serverid;
 /*	tls_info_t *tls_info;
 /*
 /*	void	tls_client_stop(client_ctx, stream, failure, tls_info)
@@ -36,6 +38,9 @@
 /*	passed as argument. We expect that network buffers are flushed and the
 /*	TLS handshake can begin	immediately. Information about the peer
 /*	is stored into the tls_info structure passed as argument.
 /*	The serverid argument specifies a string that hopefully
 /*	uniquely identifies a server. It is used as the client
 /*	session cache lookup key.
 /*
 /*	tls_client_stop() sends the "close notify" alert via
 /*	SSL_shutdown() to the peer and resets all connection specific
@@ -144,12 +149,10 @@ static int client_verify_callback(int ok, X509_STORE_CTX *ctx)
 /* load_clnt_session - load session from client cache (non-callback) */
-static SSL_SESSION *load_clnt_session(const char *hostname,
+static SSL_SESSION *load_clnt_session(const char *cache_id,
 				              int enforce_peername)
 {
    SSL_SESSION *session = 0;
    char   *cache_id;
    VSTRING *cache_id_buffer;
    VSTRING *session_data = vstring_alloc(2048);
    int     flags = 0;
@@ -158,7 +161,6 @@ static SSL_SESSION *load_clnt_session(const char *hostname,
    /*
     * Prepare the query.
     */
    cache_id = lowercase(mystrdup(hostname));
    if (var_smtp_tls_loglevel >= 3)
 	msg_info("looking for session %s in client cache", cache_id);
    if (enforce_peername)
@@ -174,97 +176,34 @@ static SSL_SESSION *load_clnt_session(const char *hostname,
 	if (session) {
 	    if (var_smtp_tls_loglevel >= 3)
 		msg_info("reloaded session %s from client cache", cache_id);
 	    cache_id_buffer =
 		(VSTRING *) SSL_SESSION_get_ex_data(session, TLSpeername_index);
 	    vstring_strcpy(cache_id_buffer, cache_id);
 	}
    }
    /*
     * Clean up.
     */
    myfree(cache_id);
    vstring_free(session_data);
    return (session);
 }
 /*
  * The client session cache is indexed by peer name, not by session id. The
  * following routines maintain string storage for the peer name in an
  * SSL_SESSION object. We use VSTRING buffers so that we don't have to worry
  * about hostname length problems.
  */
 /* new_cache_id_func - create space for peer name in SSL_SESSION object */
 static int new_cache_id_func(void *unused_parent, void *unused_ptr,
 			             CRYPTO_EX_DATA *ad, int idx,
 			             long unused_argl, void *unused_argp)
 {
    VSTRING *cache_id_buffer;
    cache_id_buffer = vstring_alloc(32);
    return (CRYPTO_set_ex_data(ad, idx, (void *) cache_id_buffer));
 }
 /* free_cache_id_func - destroy space for peer name in SSL_SESSION object */
 static void free_cache_id_func(void *unused_parent, void *unused_ptr,
 			               CRYPTO_EX_DATA *ad, int idx,
 			               long unused_argl, void *unused_argp)
 {
    VSTRING *cache_id_buffer;
    cache_id_buffer = (VSTRING *) CRYPTO_get_ex_data(ad, idx);
    vstring_free(cache_id_buffer);
 }
 /* dup_cache_id_func - duplicate peer name when SSL_SESSION is duplicated */
 static int dup_cache_id_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
          void *unused_from_d, int idx, long unused_argl, void *unused_argp)
 {
    const char *myname = "dup_cache_id_func";
    VSTRING *old_cache_id_buffer;
    VSTRING *new_cache_id_buffer;
    old_cache_id_buffer = (VSTRING *) CRYPTO_get_ex_data(from, idx);
    if (old_cache_id_buffer == 0) {
 	msg_warn("%s: cannot get old SSL_SESSION peer name buffer", myname);
 	return (0);
    }
    new_cache_id_buffer = (VSTRING *) CRYPTO_get_ex_data(to, idx);
    if (new_cache_id_buffer == 0) {
 	msg_warn("%s: cannot get new SSL_SESSION peer name buffer", myname);
 	return (0);
    }
    vstring_strcpy(new_cache_id_buffer, STR(old_cache_id_buffer));
    return (1);
 }
 /* new_client_session_cb - name new session and save it to client cache */
 static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
 {
    TLScontext_t *TLScontext;
    VSTRING *session_data;
-    VSTRING *cache_id_buffer;
+    const char *cache_id;
    int     flags = 0;
    /*
-     * Attach the cache ID string to the session object. Don't worry about
+     * Look up the cache ID string for this session object.
     * the length; that is the concern of the code that updates the session
     * cache.
     */
    cache_id_buffer =
 	(VSTRING *) SSL_SESSION_get_ex_data(session, TLSpeername_index);
    TLScontext = SSL_get_ex_data(ssl, TLScontext_index);
-    vstring_strcpy(cache_id_buffer, TLScontext->peername_save);
+    cache_id = TLScontext->serverid;
    lowercase(STR(cache_id_buffer));		/* just in case */
    if (var_smtp_tls_loglevel >= 3)
-	msg_info("save session %s to client cache", STR(cache_id_buffer));
+	msg_info("save session %s to client cache", cache_id);
    /*
     * Remember whether peername matching was enforced when the session was
@@ -295,7 +234,7 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
     */
    session_data = tls_session_passivate(session);
    if (session_data)
-	tls_mgr_update(tls_client_cache, STR(cache_id_buffer),
+	tls_mgr_update(tls_client_cache, cache_id,
 		       OPENSSL_VERSION_NUMBER, flags,
 		       STR(session_data), LEN(session_data));
@@ -304,6 +243,7 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
     */
    if (session_data)
 	vstring_free(session_data);
    SSL_SESSION_free(session);			/* 200502 */
    return (1);
 }
@@ -479,19 +419,6 @@ SSL_CTX *tls_client_init(int unused_verifydepth)
    if (TLScontext_index < 0)
 	TLScontext_index = SSL_get_ex_new_index(0, "TLScontext ex_data index",
 						NULL, NULL, NULL);
    /*
     * Create a global index so that we can attach peer name information to
     * SSL_SESSION objects; the client session cache manager uses this to
     * generate cache ID strings.
     */
    if (TLSpeername_index < 0)
 	TLSpeername_index = SSL_SESSION_get_ex_new_index(0,
 						"TLSpeername ex_data index",
 							 new_cache_id_func,
 							 dup_cache_id_func,
 							 free_cache_id_func);
    return (client_ctx);
 }
@@ -500,14 +427,15 @@ SSL_CTX *tls_client_init(int unused_verifydepth)
  * buffers are flushed and the "220 Ready to start TLS" was received by us,
  * so that we can immediately start the TLS handshake process.
  */
-TLScontext_t *tls_client_start(SSL_CTX *client_ctx, VSTREAM *stream, int timeout,
+TLScontext_t *tls_client_start(SSL_CTX *client_ctx, VSTREAM *stream,
 			               int timeout,
 			               int enforce_peername,
 			               const char *peername,
 			               const char *serverid,
 			               tls_info_t *tls_info)
 {
    int     sts;
-    SSL_SESSION *session,
+    SSL_SESSION *session, *old_session;
           *old_session;
    SSL_CIPHER *cipher;
    X509   *peer;
    int     verify_flags;
@@ -526,24 +454,24 @@ TLScontext_t *tls_client_start(SSL_CTX *client_ctx, VSTREAM *stream, int timeout
     */
 #define PEERNAME_SIZE sizeof(TLScontext->peername_save)
-    TLScontext = (TLScontext_t *) mymalloc(sizeof(TLScontext_t));
+    NEW_TLS_CONTEXT(TLScontext);
    memset((char *) TLScontext, 0, sizeof(*TLScontext));
    TLScontext->log_level = var_smtp_tls_loglevel;
    strncpy(TLScontext->peername_save, peername, PEERNAME_SIZE - 1);
    TLScontext->peername_save[PEERNAME_SIZE - 1] = 0;
    (void) lowercase(TLScontext->peername_save);
    TLScontext->serverid = mystrdup(serverid);
    if ((TLScontext->con = (SSL *) SSL_new(client_ctx)) == NULL) {
 	msg_info("Could not allocate 'TLScontext->con' with SSL_new()");
 	tls_print_errors();
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
    if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) {
 	msg_info("Could not set application data for 'TLScontext->con'");
 	tls_print_errors();
 	SSL_free(TLScontext->con);
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
@@ -574,7 +502,7 @@ TLScontext_t *tls_client_start(SSL_CTX *client_ctx, VSTREAM *stream, int timeout
 	msg_info("Could not obtain BIO_pair");
 	tls_print_errors();
 	SSL_free(TLScontext->con);
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
    old_session = NULL;
@@ -587,7 +515,7 @@ TLScontext_t *tls_client_start(SSL_CTX *client_ctx, VSTREAM *stream, int timeout
     * will be reused.
     */
    if (tls_client_cache) {
-	old_session = load_clnt_session(peername, enforce_peername);
+	old_session = load_clnt_session(serverid, enforce_peername);
 	if (old_session) {
 	    SSL_set_session(TLScontext->con, old_session);
 	    SSL_SESSION_free(old_session);	/* 200411 */
@@ -661,7 +589,7 @@ TLScontext_t *tls_client_start(SSL_CTX *client_ctx, VSTREAM *stream, int timeout
 	}
 	SSL_free(TLScontext->con);
 	BIO_free(TLScontext->network_bio);	/* 200411 */
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
    if (var_smtp_tls_loglevel >= 3 && SSL_session_reused(TLScontext->con))
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -82,7 +82,6 @@
  * so that it can be accessed by call-back routines.
  */
 int     TLScontext_index = -1;
 int     TLSpeername_index = -1;
 /* tls_print_errors - print and clear the error stack */
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -191,28 +191,6 @@ static SSL_SESSION *get_server_session_cb(SSL *unused_ssl,
    return (session);
 }
 /* remove_server_session_cb - callback to remove session from server cache */
 static void remove_server_session_cb(SSL_CTX *unused_ctx, SSL_SESSION *session)
 {
    VSTRING *cache_id;
    /*
     * Encode the session ID.
     */
    cache_id =
 	MAKE_SERVER_CACHE_ID(session->session_id, session->session_id_length);
    if (var_smtpd_tls_loglevel >= 3)
 	msg_info("remove session %s from server cache", STR(cache_id));
    /*
     * Delete the session from cache.
     */
    tls_mgr_delete(tls_server_cache, STR(cache_id));
    vstring_free(cache_id);
 }
 /* new_server_session_cb - callback to save session to server cache */
 static int new_server_session_cb(SSL *unused_ssl, SSL_SESSION *session)
@@ -243,6 +221,7 @@ static int new_server_session_cb(SSL *unused_ssl, SSL_SESSION *session)
    if (session_data)
 	vstring_free(session_data);
    vstring_free(cache_id);
    SSL_SESSION_free(session);			/* 200502 */
    return (1);
 }
@@ -425,6 +404,13 @@ SSL_CTX *tls_server_init(int unused_verifydepth, int askcert)
    /*
     * The session cache is implemented by the tlsmgr(8) server.
     * 
     * XXX 200502 Surprise: when OpenSSL purges an entry from the in-memory
     * cache, it also attempts to purge the entry from the on-disk cache.
     * This is undesirable, especially when we set the in-memory cache size
     * to 1. For this reason we don't allow OpenSSL to purge on-disk cache
     * entries, and leave it up to the tlsmgr process instead. Found by
     * Victor Duchovni.
     */
    if (tls_mgr_policy(&cache_types) == TLS_MGR_STAT_OK
 	&& (tls_server_cache = (cache_types & TLS_MGR_SCACHE_SERVER)) != 0) {
@@ -432,7 +418,6 @@ SSL_CTX *tls_server_init(int unused_verifydepth, int askcert)
 		      SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
 	SSL_CTX_sess_set_get_cb(server_ctx, get_server_session_cb);
 	SSL_CTX_sess_set_new_cb(server_ctx, new_server_session_cb);
 	SSL_CTX_sess_set_remove_cb(server_ctx, remove_server_session_cb);
    }
    /*
@@ -480,8 +465,7 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
     */
 #define PEERNAME_SIZE sizeof(TLScontext->peername_save)
-    TLScontext = (TLScontext_t *) mymalloc(sizeof(TLScontext_t));
+    NEW_TLS_CONTEXT(TLScontext);
    memset((char *) TLScontext, 0, sizeof(*TLScontext));
    TLScontext->log_level = var_smtpd_tls_loglevel;
    strncpy(TLScontext->peername_save, peername, PEERNAME_SIZE - 1);
    TLScontext->peername_save[PEERNAME_SIZE - 1] = 0;
@@ -490,14 +474,14 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
    if ((TLScontext->con = (SSL *) SSL_new(server_ctx)) == NULL) {
 	msg_info("Could not allocate 'TLScontext->con' with SSL_new()");
 	tls_print_errors();
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
    if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) {
 	msg_info("Could not set application data for 'TLScontext->con'");
 	tls_print_errors();
 	SSL_free(TLScontext->con);
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
@@ -528,7 +512,7 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
 	msg_info("Could not obtain BIO_pair");
 	tls_print_errors();
 	SSL_free(TLScontext->con);
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
@@ -577,7 +561,7 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
 	tls_print_errors();
 	SSL_free(TLScontext->con);
 	BIO_free(TLScontext->network_bio);	/* 200411 */
-	myfree((char *) TLScontext);
+	FREE_TLS_CONTEXT(TLScontext);
 	return (0);
    }
    /* Only loglevel==4 dumps everything */
@@ -622,7 +606,6 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
 		msg_info("fingerprint=%s", TLScontext->fingerprint);
 	    tls_info->peer_fingerprint = TLScontext->fingerprint;
 	}
 	TLScontext->peer_CN[0] = '\0';
 	if (!X509_NAME_get_text_by_NID(X509_get_subject_name(peer),
 				       NID_commonName, TLScontext->peer_CN,
@@ -672,7 +655,7 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
 	    SSL_CTX_remove_session(server_ctx, session);
 	    SSL_free(TLScontext->con);
 	    BIO_free(TLScontext->network_bio);	/* 200411 */
-	    myfree((char *) TLScontext);
+	    FREE_TLS_CONTEXT(TLScontext);
 	    return (0);
 	}
    }
--- a/postfix/src/tls/tls_session.c
+++ b/postfix/src/tls/tls_session.c
@@ -113,7 +113,7 @@ void    tls_session_stop(SSL_CTX *ctx, VSTREAM *stream, int timeout,
    SSL_free(TLScontext->con);
    BIO_free(TLScontext->network_bio);
-    myfree((char *) TLScontext);
+    FREE_TLS_CONTEXT(TLScontext);
    tls_stream_stop(stream);
    SSL_CTX_flush_sessions(ctx, time(NULL));