diff --git a/postfix/HISTORY b/postfix/HISTORY index 2643b31ad..5fdc812a7 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13386,8 +13386,22 @@ Apologies for any names omitted. Currently, nothing in Postfix uses this functionality. File: global/dict_proxy.c. +20070325 + + Bugfix: postfix-install didn't work for symlink or hardlink + targets, when the parent directory had a value of "no". + +20070326 + + Workaround: Eric Raymond's man page formatters don't handle + low-level *roff .in or .ti controls. We now use .nf and .fi + instead. Files: many. + Wish list: + Remove defer(8) and trace(8) references and man pages. These + are services not program names. + Bind all deliveries to the same local delivery process, making Postfix perform as poorly as monolithic mailers, but giving a possibility to eliminate duplicate deliveries. @@ -13398,16 +13412,9 @@ Wish list: Need scache size limit. - Don't transform bare username into user@localdomain.localdomain - when no domain is specified via main.cf or via the machine - hostname. - Update BACKSCATTER_README to use PCRE because that's what I am using now. - Update MILTER_README with Martinec info. - http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim - Make postcat header/body aware so people can grep headers. Make postmap header/body aware so people can test multi-line @@ -13490,8 +13497,6 @@ Wish list: playing with the soft_error test in the smtp_trouble.c module, and avoiding delivery to backup MX hosts. - select -> kqueue, epoll, /dev/poll, poll() ... - In the SMTP server, set a "pipelining detected" flag at the start of a session and at protocol synchronization points, so that reject_unauth_pipelining can be specified in any @@ -13512,9 +13517,6 @@ Wish list: Privacy: remove local command/pathname details from remote delivery status reports, and log them via local msg_warn(). - Remove defer(8) and trace(8) references and man pages. These - are services not program names. - Is it safe to cache a connection after it has been used for more than some number of address verification probes? diff --git a/postfix/README_FILES/BACKSCATTER_README b/postfix/README_FILES/BACKSCATTER_README index a7a82c02a..90a16bfa2 100644 --- a/postfix/README_FILES/BACKSCATTER_README +++ b/postfix/README_FILES/BACKSCATTER_README @@ -4,7 +4,11 @@ PPoossttffiixx BBaacckkssccaatttteerr HHoowwttoo OOvveerrvviieeww -This document describes features that require Postfix version 2.0 or later. +This document describes features that require Postfix version 2.0 or later. The +examples use Perl Compatible Regular Expressions (Postfix pcre: tables), but +also provide a translation to POSIX regular expressions (Postfix regexp: +tables). PCRE is preferred primarily because the implementation is often +faster. Topics covered in this document: @@ -97,8 +101,8 @@ To block such backscatter I use header_checks and body_checks patterns like this: /etc/postfix/main.cf: - header_checks = regexp:/etc/postfix/header_checks - body_checks = regexp:/etc/postfix/body_checks + header_checks = pcre:/etc/postfix/header_checks + body_checks = pcre:/etc/postfix/body_checks /etc/postfix/header_checks: if /^Received:/ @@ -107,7 +111,7 @@ this: /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +) (porcupine\.org)\)/ reject forged client name in Received: header: $2 - /^Received:.* +by +(porcupine\.org)[[:>:]]/ + /^Received:.* +by +(porcupine\.org)\b/ reject forged mail server name in Received: header: $1 endif /^Message-ID:.* ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +) (porcupine\.org)\)/ reject forged client name in Received: header: $2 - /^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/ + /^[> ]*Received:.* +by +(porcupine\.org)\b/ reject forged mail server name in Received: header: $1 endif /^[> ]*Message-ID:.* :]]" matches the end of a word. On some systems you should specify - "\>" instead. For details see your system documentation. + * The "\b" is used here to match the end of a word. If you use regexp: + tables, specify "[[:>:]]" (on some systems you should specify "\>" instead; + for details see your system documentation). * The "if /pattern/" and "endif" eliminate unnecessary matching attempts. DO NOT indent lines starting with /pattern/ between the "if" and "endif"! @@ -202,25 +210,29 @@ the backscatter mail that I get claims to be sent from these addresses. Such mail is obviously forged and is very easy to stop. /etc/postfix/main.cf: - header_checks = regexp:/etc/postfix/header_checks - body_checks = regexp:/etc/postfix/body_checks + header_checks = pcre:/etc/postfix/header_checks + body_checks = pcre:/etc/postfix/body_checks /etc/postfix/header_checks: - /^(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ + /^(From|Return-Path):.*\b(user@domain\.tld)\b/ reject forged sender address in $1: header: $2 /etc/postfix/body_checks: - /^[> ]*(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ + /^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/ reject forged sender address in $1: header: $2 Notes: + * The example uses pcre: tables mainly for speed; with minor modifications, + you can use regexp: tables as explained below. + * The example is simplified for educational purposes. In reality, my patterns list multiple email addresses as "(user1@domain1\.tld|user2@domain2\.tld)". - * The "[[:<:]]" and "[[:>:]]" match the beginning and end of a word, - respectively. On some systems you should specify "\<" and "\>" instead. For - details see your system documentation. + * The two "\b" as used in "\b(user@domain\.tld)\b" match the beginning and + end of a word, respectively. If you use regexp: tables, specify "[[:<:]] + and [[:>:]]" (on some systems you should specify "\< and \>" instead; for + details see your system documentation). * The "\." matches "." literally. Without the "\", the "." would match any character. diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL index 596873f8d..b8f51e698 100644 --- a/postfix/README_FILES/INSTALL +++ b/postfix/README_FILES/INSTALL @@ -88,6 +88,7 @@ At some point in time, a version of Postfix was supported on: Linux RedHat 3.x (January 2004) - 9.x Linux Slackware 3.x, 4.x, 7.x Linux SuSE 5.x, 6.x, 7.x + Linux Ubuntu 4.10..7.04 Mac OS X NEXTSTEP 3.x NetBSD 1.x diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index 7c7a34a27..a667ce411 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -443,9 +443,6 @@ NOTES: * This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. - * This fixes only the ugly message header, but not the WARNING message. - Fortunately, sid-milter logs that message only once. - To fix the ugly message header with other Milter applications, you will need to do something like this: diff --git a/postfix/README_FILES/OVERVIEW b/postfix/README_FILES/OVERVIEW index dc5026a22..7fe2b5221 100644 --- a/postfix/README_FILES/OVERVIEW +++ b/postfix/README_FILES/OVERVIEW @@ -209,12 +209,13 @@ queues. Network -> smtpd(8) <-> anvil(8) - * The bounce(8), defer(8) and trace(8) servers each maintain their own queue - directory trees with per-message logfiles. This information is used to send - delivery or non-delivery notifications to the sender. + * The bounce(8), defer(8) and trace(8) services each maintain their own queue + directory trees with per-message logfiles. Postfix uses this information + when sending "failed", "delayed" or "success" delivery status notifications + to the sender. - The trace(8) service implements support for the Postfix "sendmail -bv" and - "sendmail -v" commands which produce reports about how Postfix delivers + The trace(8) service also implements support for the Postfix "sendmail -bv" + and "sendmail -v" commands which produce reports about how Postfix delivers mail, and is available with Postfix version 2.1 and later. See DEBUG_README for examples. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index ffc0493d8..2ae10b550 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,184 +1,18 @@ -The stable Postfix release is called postfix-2.3.x where 2=major -release number, 3=minor release number, x=patchlevel. The stable +The stable Postfix release is called postfix-2.4.x where 2=major +release number, 4=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called -postfix-2.4-yyyymmdd where yyyymmdd is the release date (yyyy=year, +postfix-2.5-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. -Incompatibility with Postfix 2.2 and earlier +Incompatibility with Postfix 2.3 and earlier ============================================ -If you upgrade from Postfix 2.2 or earlier, read RELEASE_NOTES-2.3 +If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4 before proceeding. - -Incompatibility with Postfix snapshot 200702224 -=============================================== - -As a safety measure, Postfix now by default creates mailbox dotlock -files on all systems. This prevents problems with GNU POP3D which -subverts kernel locking by creating a new mailbox file and deleting -the old one. - -Major changes with Postfix snapshot 20070212-event -================================================== - -Better support for systems that run thousands of Postfix processes. -Postfix now supports FreeBSD kqueue(2), Solaris poll(7d) and Linux -epoll(4) as more scalable alternatives to the traditional select(2) -system call, and uses poll(2) when examining a single file descriptor -for readability or writability. These features are supported on -sufficiently recent versions of FreeBSD, NetBSD, OpenBSD, Solaris -and Linux; support for other systems will be added as evidence -becomes available that usable implementations exist. - -Incompatibility with Postfix snapshot 20070201 -============================================== - -Some default settings have been adjusted to better match contemporary -requirements: - -- queue_run_delay and minimal_backoff_time were reduced from 1000s -to 300s so that deliveries are retried earlier after the first -failure. - -- ipc_idle was reduced from 100s to 5s, so that tlsmgr and scache -clients will more quickly release unused file handles. - -Major changes with Postfix snapshot 20070121 -============================================ - -The support for Milter header modification requests was revised. -With minimal change in the on-disk representation, the code was -greatly simplified, and regression tests were updated to ensure -that old errors were not re-introduced. The queue file format is -entirely backwards compatible with Postfix 2.3. - -Incompatible changes with Postfix snapshot 20070116 -=================================================== - -A new field is added to the queue file "size" record that specifies -the message content length. Postfix 2.3 and older Postfix 2.4 -versions will ignore this field, and will report the message size -as it was before the body was replaced. - -Major changes with Postfix snapshot 20070116 -============================================ - -Support for Milter requests to replace the message body. Postfix -now implements all the header/body modification requests that are -available with Sendmail 8.13. - -Incompatible changes with Postfix snapshot 20061217 -=================================================== - -Postfix no longer requires a domain name. It uses "localdomain" as -the default Internet domain name when no domain is specified via -main.cf or via the machine's hostname. - -Major changes with Postfix snapshot 20061217 -============================================ - -More precise queue flushing with the ETRN, "postqueue -s site", and -"sendmail -qRsite" commands, after minimization of race conditions. -New per-queue-file flushing with "postqueue -i queueid" and "sendmail --qIqueueid". - -Incompatible changes with Postfix snapshot 20061214 -=================================================== - -The check_smtpd_policy client sends TLS certificate attributes -(client ccert_subject, ccert_issuer) only after successful client -certificate verification. The reason is that the certification -verification status itself is not available in the policy request. - -The check_smtpd_policy client sends TLS certificate fingerprint -information even when the certificate itself was not verified. - -The remote SMTP client TLS certificate fingerprint can be used for -access control even when the certificate itself was not verified. - -Incompatible changes with Postfix snapshot 20061209 -=================================================== - -The Postfix installation procedure no longer updates main.cf with -"unknown_local_recipient_reject_code = 450". Four years after the -introduction of mandatory recipient validation, this transitional -tool is no longer neeed. - -After upgrading Postfix you MUST execute "postfix reload", otherwise -the queue manager may log a warnings with: - - warning: connect to transport retry: Connection refused - -The upgrade procedure adds a new "retry" service to the master.cf -file. If you make the mistake of copying old Postfix configuration -files over the new files, the queue manager may log warnings with: - - warning: connect to transport retry: Connection refused - -To fix your master.cf file, use "postfix upgrade-configuration" -followed by "postfix reload". - -Small changes were made to the default bounce message templates, -to prevent HTML-aware software from hiding or removing the text -"", and producing misleading text. - -Major changes with Postfix snapshot 20061209 -============================================ - -Better interoperability with non-conforming SMTP servers that reply -and disconnect before Postfix has sent the complete message content. - -Improved worst-case (old and new) queue manager performance when -deferring or bouncing large amounts of mail. Instead of talking to -the bounce or defer service synchronously, this work is now done -in the background by the error or retry service. - -Improved worst-case (new) queue manager performance when delivering -multi-recipient mail. The queue manager now proactively reads -recipients from the queue file, instead of waiting for the slowest -deliveries to complete before reading in new recipients. This -introduces two parameters: default_recipient_refill_limit (how many -recipient slots to refill at a time) and default_recipient_refill_delay -(how long to wait between refill operations). These two parameters -act as defaults for optional per-transport settings. - -Better support for queue file systems on file servers with drifting -clocks. Clock skew can be a problem, because Postfix does not deliver -mail until the local clock catches up with the queue file's last -modification time stamp. On systems with usable futimes() or -equivalent (Solaris, *BSD, MacOS, but not Linux), Postfix now always -explicitly sets the queue file last modification time stamps while -creating a queue file. On systems without usable futimes() (Linux, -and ancient versions of Solaris, SunOS and *BSD) Postfix keeps using -the slower utime() system call to update queue file time stamps -when the file system clock is off with respect to the local system -clock, and logs a warning. - -Incompatible changes with Postfix snapshot 20061006 -=================================================== - -The format of SMTP server TLS session cache lookup keys has changed. -The lookup key now includes the master.cf service name. - -Major changes with Postfix snapshot 20061006 -============================================ - -Individual CISCO PIX bug workarounds are now on/off configurable. -This introduces new parameters: smtp_pix_workarounds (default: -disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps (workarounds -indexed by server IP address). The default settings are backwards -compatible. - -Incompatible changes with Postfix snapshot 20060806 -=================================================== - -Postfix no longer announces its name in delivery status notifications. -Users believe that Wietse provides a free help desk service that -solves all their email problems. diff --git a/postfix/RELEASE_NOTES_2.3 b/postfix/RELEASE_NOTES-2.3 similarity index 100% rename from postfix/RELEASE_NOTES_2.3 rename to postfix/RELEASE_NOTES-2.3 diff --git a/postfix/RELEASE_NOTES-2.4 b/postfix/RELEASE_NOTES-2.4 new file mode 100644 index 000000000..e56972d73 --- /dev/null +++ b/postfix/RELEASE_NOTES-2.4 @@ -0,0 +1,198 @@ +The stable Postfix release is called postfix-2.4.x where 2=major +release number, 4=minor release number, x=patchlevel. The stable +release never changes except for patches that address bugs or +emergencies. Patches change the patchlevel and the release date. + +New features are developed in snapshot releases. These are called +postfix-2.5-yyyymmdd where yyyymmdd is the release date (yyyy=year, +mm=month, dd=day). Patches are never issued for snapshot releases; +instead, a new snapshot is released. + +The mail_release_date configuration parameter (format: yyyymmdd) +specifies the release date of a stable release or snapshot release. + +Major changes - critical +------------------------ + +See RELEASE_NOTES-2.3 if you upgrade from Postfix 2.2 or earlier. + +[Incompat 20070122] To take advantage of the new support for BSD +kqueue, Linux epoll, or Solaris /dev/poll, you must restart (not +reload) Postfix after upgrading from Postfix 2.3. + +[Incompat 20061209] If you upgrade Postfix without restarting, you +MUST execute "postfix reload", otherwise the queue manager may log +a warnings with: + + warning: connect to transport retry: Connection refused + +[Incompat 20061209] The upgrade procedure adds a new "retry" service +to the master.cf file. If you make the mistake of copying old +Postfix configuration files over the new files, the queue manager +may log warnings with: + + warning: connect to transport retry: Connection refused + +To fix your master.cf file, use "postfix upgrade-configuration" +followed by "postfix reload". + +Major changes - safety +---------------------- + +[Incompat 20070222] As a safety measure, Postfix now by default +creates mailbox dotlock files on all systems. This prevents problems +with GNU POP3D which subverts kernel locking by creating a new +mailbox file and deleting the old one. + +Major changes - Milter support +------------------------------ + +[Feature 20070121] The support for Milter header modification +requests was revised. With minimal change in the on-disk representation, +the code was greatly simplified, and regression tests were updated +to ensure that old errors were not re-introduced. The queue file +format is entirely backwards compatible with Postfix 2.3. + +[Feature 20070116] Support for Milter requests to replace the message +body. Postfix now implements all the header/body modification +requests that are available with Sendmail 8.13. + +[Incompat 20070116] A new field is added to the queue file "size" +record that specifies the message content length. Postfix 2.3 and +older Postfix 2.4 snapshots will ignore this field, and will report +the message size as it was before the body was replaced. + +Major changes - TLS support +--------------------------- + +[Incompat 20061214] The check_smtpd_policy client sends TLS certificate +attributes (client ccert_subject, ccert_issuer) only after successful +client certificate verification. The reason is that the certification +verification status itself is not available in the policy request. + +[Incompat 20061214] The check_smtpd_policy client sends TLS certificate +fingerprint information even when the certificate itself was not +verified. + +[Incompat 20061214] The remote SMTP client TLS certificate fingerprint +can be used for access control even when the certificate itself was +not verified. + +[Incompat 20061006] The format of SMTP server TLS session cache +lookup keys has changed. The lookup key now includes the master.cf +service name. + +Major changes - performance +--------------------------- + +[Feature 20070212] Better support for systems that run thousands +of Postfix processes. Postfix now supports FreeBSD kqueue(2), +Solaris poll(7d) and Linux epoll(4) as more scalable alternatives +to the traditional select(2) system call, and uses poll(2) when +examining a single file descriptor for readability or writability. +These features are supported on sufficiently recent versions of +FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other +systems will be added as evidence becomes available that usable +implementations exist. + +[Incompat 20070201] Some default settings have been adjusted to +better match contemporary requirements: + +- queue_run_delay and minimal_backoff_time were reduced from 1000s + to 300s so that deliveries are retried earlier after the first + failure. + +- ipc_idle was reduced from 100s to 5s, so that tlsmgr and scache + clients will more quickly release unused file handles. + +[Feature 20061209] Improved worst-case (old and new) queue manager +performance when deferring or bouncing large amounts of mail. Instead +of talking to the bounce or defer service synchronously, this work +is now done in the background by the error or retry service. + +[Feature 20061209] Improved worst-case (new) queue manager performance +when delivering multi-recipient mail. The queue manager now proactively +reads recipients from the queue file, instead of waiting for the +slowest deliveries to complete before reading in new recipients. +This introduces two parameters: default_recipient_refill_limit (how +many recipient slots to refill at a time) and +default_recipient_refill_delay (how long to wait between refill +operations). These two parameters act as defaults for optional +per-transport settings. + +Major changes - delivery status notifications +--------------------------------------------- + +[Incompat 20061209] Small changes were made to the default bounce +message templates, to prevent HTML-aware software from hiding or +removing the text "", and producing misleading text. + +[Incompat 20060806] Postfix no longer announces its name in delivery +status notifications. Users believe that Wietse provides a free +help desk service that solves all their email problems. + +Major changes - ETRN support +---------------------------- + +[Feature 20061217] More precise queue flushing with the ETRN, +"postqueue -s site", and "sendmail -qRsite" commands, after +minimization of race conditions. New per-queue-file flushing with +"postqueue -i queueid" and "sendmail -qIqueueid". + +Major changes - small office/home office support +------------------------------------------------ + +[Incompat 20061217] Postfix no longer requires a domain name. It +uses "localdomain" as the default Internet domain name when no +domain is specified via main.cf or via the machine's hostname. + +Major changes - SMTP access control +----------------------------------- + +[Incompat 20061214] The check_smtpd_policy client sends TLS certificate +attributes (client ccert_subject, ccert_issuer) only after successful +client certificate verification. The reason is that the certification +verification status itself is not available in the policy request. + +[Incompat 20061214] The check_smtpd_policy client sends TLS certificate +fingerprint information even when the certificate itself was not +verified. + +[Incompat 20061214] The remote SMTP client TLS certificate fingerprint +can be used for +access control even when the certificate itself was not verified. + +[Incompat 20061209] The Postfix installation procedure no longer +updates main.cf with "unknown_local_recipient_reject_code = 450". +Four years after the introduction of mandatory recipient validation, +this transitional tool is no longer neeed. + +Major changes - workarounds +--------------------------- + +[Incompat 20070222] As a safety measure, Postfix now by default +creates mailbox dotlock files on all systems. This prevents problems +with GNU POP3D which subverts kernel locking by creating a new +mailbox file and deleting the old one. + +[Feature 20061209] Better interoperability with non-conforming SMTP +servers that reply and disconnect before Postfix has sent the +complete message content. + +[Feature 20061209] Better support for queue file systems on file +servers with drifting clocks. Clock skew can be a problem, because +Postfix does not deliver mail until the local clock catches up with +the queue file's last modification time stamp. On systems with +usable futimes() or equivalent (Solaris, *BSD, MacOS, but not Linux), +Postfix now always explicitly sets the queue file last modification +time stamps while creating a queue file. On systems without usable +futimes() (Linux, and ancient versions of Solaris, SunOS and *BSD) +Postfix keeps using the slower utime() system call to update queue +file time stamps when the file system clock is off with respect to +the local system clock, and logs a warning. + +[Feature 20061006] Individual CISCO PIX bug workarounds are now +on/off configurable. This introduces new parameters: smtp_pix_workarounds +(default: disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps +(workarounds indexed by server IP address). The default settings +are backwards compatible. diff --git a/postfix/conf/access b/postfix/conf/access index cda6ec84c..6026a80f4 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -382,11 +382,11 @@ # 1.2.3 REJECT # 1.2.3.4 OK # -# Execute the command "postmap /etc/postfix/access" after +# Execute the command "postmap /etc/postfix/access" after # editing the file. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1), Postfix lookup table manager @@ -395,13 +395,13 @@ # transport(5), transport:nexthop syntax # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # SMTPD_ACCESS_README, built-in SMTP server access control # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/canonical b/postfix/conf/canonical index fc0c3ee6a..720db18cc 100644 --- a/postfix/conf/canonical +++ b/postfix/conf/canonical @@ -111,8 +111,10 @@ # applied to recipient addresses, the Postfix SMTP # server accepts mail for any recipient in domain, # regardless of whether that recipient exists. This -# may turn your mail system into a backscatter source -# that returns undeliverable spam to innocent people. +# may turn your mail system into a backscatter +# source: Postfix first accepts mail for non-existent +# recipients and then tries to return that mail as +# "undeliverable" to the often forged sender address. # # RESULT ADDRESS REWRITING # The lookup result is subject to address rewriting: diff --git a/postfix/conf/generic b/postfix/conf/generic index f5e5a10e9..d5ab42a66 100644 --- a/postfix/conf/generic +++ b/postfix/conf/generic @@ -155,12 +155,12 @@ # that the ISP supports "+" style address extensions). # # /etc/postfix/main.cf: -# smtp_generic_maps = hash:/etc/postfix/generic +# smtp_generic_maps = hash:/etc/postfix/generic # # /etc/postfix/generic: -# his@localdomain.local hisaccount@hisisp.example -# her@localdomain.local heraccount@herisp.example -# @localdomain.local hisaccount+local@hisisp.example +# his@localdomain.local hisaccount@hisisp.example +# her@localdomain.local heraccount@herisp.example +# @localdomain.local hisaccount+local@hisisp.example # # Execute the command "postmap /etc/postfix/generic" when- # ever the table is changed. Instead of hash, some systems diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 4b03b9093..5ae99a5b7 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -66,70 +66,75 @@ # time, even when a message header spans multiple lines. # Body lines are always examined one line at a time. # +# COMPATIBILITY +# With Postfix version 2.2 and earlier specify "postmap -fq" +# to query a table that contains case sensitive patterns. By +# default, regexp: and pcre: patterns are case insensitive. +# # TABLE FORMAT -# This document assumes that header and body_checks rules -# are specified in the form of Postfix regular expression -# lookup tables. Usually the best performance is obtained +# This document assumes that header and body_checks rules +# are specified in the form of Postfix regular expression +# lookup tables. Usually the best performance is obtained # with pcre (Perl Compatible Regular Expression) tables, but -# the slower regexp (POSIX regular expressions) support is -# more widely available. Use the command "postconf -m" to -# find out what lookup table types your Postfix system sup- +# the slower regexp (POSIX regular expressions) support is +# more widely available. Use the command "postconf -m" to +# find out what lookup table types your Postfix system sup- # ports. # # The general format of Postfix regular expression tables is -# given below. For a discussion of specific pattern or -# flags syntax, see pcre_table(5) or regexp_table(5), +# given below. For a discussion of specific pattern or +# flags syntax, see pcre_table(5) or regexp_table(5), # respectively. # # /pattern/flags action -# When pattern matches the input string, execute the -# corresponding action. See below for a list of pos- +# When pattern matches the input string, execute the +# corresponding action. See below for a list of pos- # sible actions. # # !/pattern/flags action -# When pattern does not match the input string, exe- +# When pattern does not match the input string, exe- # cute the corresponding action. # # if /pattern/flags # # endif Match the input string against the patterns between -# if and endif, if and only if the same input string +# if and endif, if and only if the same input string # also matches pattern. The if..endif can nest. # -# Note: do not prepend whitespace to patterns inside +# Note: do not prepend whitespace to patterns inside # if..endif. # # if !/pattern/flags # # endif Match the input string against the patterns between -# if and endif, if and only if the same input string +# if and endif, if and only if the same input string # does not match pattern. The if..endif can nest. # # blank lines and comments -# Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # # multi-line text -# A pattern/action line starts with non-whitespace -# text. A line that starts with whitespace continues +# A pattern/action line starts with non-whitespace +# text. A line that starts with whitespace continues # a logical line. # # TABLE SEARCH ORDER -# For each line of message input, the patterns are applied -# in the order as specified in the table. When a pattern is -# found that matches the input line, the corresponding -# action is executed and then the next input line is +# For each line of message input, the patterns are applied +# in the order as specified in the table. When a pattern is +# found that matches the input line, the corresponding +# action is executed and then the next input line is # inspected. # # TEXT SUBSTITUTION -# Substitution of substrings from the matched expression -# into the action string is possible using the conventional -# Perl syntax ($1, $2, etc.). The macros in the result -# string may need to be written as ${n} or $(n) if they +# Substitution of substrings from the matched expression +# into the action string is possible using the conventional +# Perl syntax ($1, $2, etc.). The macros in the result +# string may need to be written as ${n} or $(n) if they # aren't followed by whitespace. # -# Note: since negated patterns (those preceded by !) return +# Note: since negated patterns (those preceded by !) return # a result when the expression does not match, substitutions # are not available for negated patterns. # @@ -138,12 +143,12 @@ # case for consistency with other Postfix documentation. # # DISCARD optional text... -# Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. To discard only one recip- # ient without discarding the entire message, use the # transport(5) table to direct mail to the discard(8) @@ -151,49 +156,49 @@ # # This feature is available in Postfix 2.0 and later. # -# DUNNO Pretend that the input line did not match any pat- -# tern, and inspect the next input line. This action +# DUNNO Pretend that the input line did not match any pat- +# tern, and inspect the next input line. This action # can be used to shorten the table search. # -# For backwards compatibility reasons, Postfix also -# accepts OK but it is (and always has been) treated +# For backwards compatibility reasons, Postfix also +# accepts OK but it is (and always has been) treated # as DUNNO. # # This feature is available in Postfix 2.1 and later. # # FILTER transport:destination -# Write a content filter request to the queue file, -# and inspect the next input line. After the com- -# plete message is received it will be sent through +# Write a content filter request to the queue file, +# and inspect the next input line. After the com- +# plete message is received it will be sent through # the specified external content filter. More infor- -# mation about external content filters is in the +# mation about external content filters is in the # Postfix FILTER_README file. # # Note: this action overrides the content_filter set- # ting, and affects all recipients of the message. In -# the case that multiple FILTER actions fire, only +# the case that multiple FILTER actions fire, only # the last one is executed. # # This feature is available in Postfix 2.0 and later. # # HOLD optional text... -# Arrange for the message to be placed on the hold -# queue, and inspect the next input line. The mes- -# sage remains on hold until someone either deletes -# it or releases it for delivery. Log the optional +# Arrange for the message to be placed on the hold +# queue, and inspect the next input line. The mes- +# sage remains on hold until someone either deletes +# it or releases it for delivery. Log the optional # text if specified, otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: use "postsuper -r" to release mail that was -# kept on hold for a significant fraction of $maxi- +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- # mal_queue_lifetime or $bounce_queue_lifetime, or -# longer. Use "postsuper -H" only for mail that will +# longer. Use "postsuper -H" only for mail that will # not expire within a few delivery attempts. # -# Note: this action affects all recipients of the +# Note: this action affects all recipients of the # message. # # This feature is available in Postfix 2.0 and later. @@ -202,23 +207,23 @@ # the next input line. # # PREPEND text... -# Prepend one line with the specified text, and +# Prepend one line with the specified text, and # inspect the next input line. # # Notes: # -# o The prepended text is output on a separate +# o The prepended text is output on a separate # line, immediately before the input that # triggered the PREPEND action. # # o The prepended text is not considered part of -# the input stream: it is not subject to +# the input stream: it is not subject to # header/body checks or address rewriting, and # it does not affect the way that Postfix adds # missing message headers. # # o When prepending text before a message header -# line, the prepended text must begin with a +# line, the prepended text must begin with a # valid message header label. # # o This action cannot be used to prepend multi- @@ -227,46 +232,46 @@ # This feature is available in Postfix 2.1 and later. # # REDIRECT user@domain -# Write a message redirection request to the queue -# file, and inspect the next input line. After the +# Write a message redirection request to the queue +# file, and inspect the next input line. After the # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- +# Note: this action overrides the FILTER action, and +# affects all recipients of the message. If multiple +# REDIRECT actions fire, only the last one is exe- # cuted. # # This feature is available in Postfix 2.1 and later. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Reply with optional +# Reject the entire message. Reply with optional # text... when the optional text is specified, other- # wise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -275,32 +280,32 @@ # enhanced status code of "5.7.1". # # WARN optional text... -# Log a warning with the optional text... (or log a -# generic message), and inspect the next input line. +# Log a warning with the optional text... (or log a +# generic message), and inspect the next input line. # This action is useful for debugging and for testing # a pattern before applying more drastic actions. # # BUGS -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) -# then the rules have to specified for the encoded +# o If text in the message body is encoded (RFC 2045) +# then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # @@ -308,11 +313,11 @@ # body_checks # Lookup tables with content filter rules for message # body lines. These filters see one physical line at -# a time, in chunks of at most $line_length_limit +# a time, in chunks of at most $line_length_limit # bytes. # # body_checks_size_limit -# The amount of content per message body segment +# The amount of content per message body segment # (attachment) that is subjected to $body_checks fil- # tering. # @@ -322,32 +327,32 @@ # # nested_header_checks (default: $header_checks) # Lookup tables with content filter rules for message -# header lines: respectively, these are applied to -# the initial message headers (not including MIME -# headers), to the MIME headers anywhere in the mes- -# sage, and to the initial headers of attached mes- +# header lines: respectively, these are applied to +# the initial message headers (not including MIME +# headers), to the MIME headers anywhere in the mes- +# sage, and to the initial headers of attached mes- # sages. # -# Note: these filters see one logical message header -# at a time, even when a message header spans multi- -# ple lines. Message headers that are longer than +# Note: these filters see one logical message header +# at a time, even when a message header spans multi- +# ple lines. Message headers that are longer than # $header_size_limit characters are truncated. # # disable_mime_input_processing -# While receiving mail, give no special treatment to -# MIME related message headers; all text after the +# While receiving mail, give no special treatment to +# MIME related message headers; all text after the # initial message headers is considered to be part of -# the message body. This means that header_checks is -# applied to all the initial message headers, and +# the message body. This means that header_checks is +# applied to all the initial message headers, and # that body_checks is applied to the remainder of the # message. # -# Note: when used in this manner, body_checks will -# process a multi-line message header one line at a +# Note: when used in this manner, body_checks will +# process a multi-line message header one line at a # time. # # EXAMPLES -# Header pattern to block attachments with bad file name +# Header pattern to block attachments with bad file name # extensions. # # /etc/postfix/main.cf: @@ -379,7 +384,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -387,7 +392,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/relocated b/postfix/conf/relocated index 5c602103d..3fcab4cd4 100644 --- a/postfix/conf/relocated +++ b/postfix/conf/relocated @@ -41,7 +41,9 @@ # The input format for the postmap(1) command is as follows: # # o An entry has one of the following form: +# # pattern new_location +# # Where new_location specifies contact information # such as an email address, or perhaps a street # address or telephone number. diff --git a/postfix/conf/transport b/postfix/conf/transport index 2a6fa3795..8e4db2b16 100644 --- a/postfix/conf/transport +++ b/postfix/conf/transport @@ -13,8 +13,10 @@ # DESCRIPTION # The optional transport(5) table specifies a mapping from # email addresses to message delivery transports and next- -# hop hosts. The table is searched by the trivial-rewrite(8) -# daemon. +# hop destinations. Message delivery transports such as +# local or smtp are defined in the master.cf file, and next- +# hop destinations are typically hosts or domain names. The +# table is searched by the trivial-rewrite(8) daemon. # # This mapping overrides the default transport:nexthop # selection that is built into Postfix: @@ -166,7 +168,7 @@ # # my.domain : # .my.domain : -# * smtp:outbound-relay.my.domain +# * smtp:outbound-relay.my.domain # # In order to send mail for example.com and its subdomains # via the uucp transport to the UUCP host named example: @@ -207,30 +209,30 @@ # # The error mailer can be used to bounce mail: # -# .example.com error:mail for *.example.com is not -# deliverable +# .example.com error:mail for *.example.com is not deliverable # -# This causes all mail for user@anything.example.com to be +# This causes all mail for user@anything.example.com to be # bounced. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to -# the entire address being looked up. Thus, -# some.domain.hierarchy is not looked up via its parent -# domains, nor is user+foo@domain looked up as user@domain. +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, +# some.domain.hierarchy is not looked up via its parent +# domains, nor is user+foo@domain looked up as user@domain. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from -# the pattern can be interpolated as $1, $2 and so on. +# The trivial-rewrite(8) server disallows regular expression +# substitution of $1 etc. in regular expression lookup +# tables, because that could open a security hole (Postfix +# version 2.3 and later). # # TCP-BASED TABLES # This section describes how the table lookups change when diff --git a/postfix/conf/virtual b/postfix/conf/virtual index 6e4ca70d5..3be6ab985 100644 --- a/postfix/conf/virtual +++ b/postfix/conf/virtual @@ -107,8 +107,10 @@ # Postfix SMTP server accepts mail for any recipient # in domain, regardless of whether that recipient # exists. This may turn your mail system into a -# backscatter source that returns undeliverable spam -# to innocent people. +# backscatter source: Postfix first accepts mail for +# non-existent recipients and then tries to return +# that mail as "undeliverable" to the often forged +# sender address. # # RESULT ADDRESS REWRITING # The lookup result is subject to address rewriting: @@ -156,15 +158,15 @@ # /etc/postfix/main.cf: # virtual_alias_maps = hash:/etc/postfix/virtual # -# Note: some systems use dbm databases instead of hash. -# See the output from "postconf -m" for available data- -# base types. +# Note: some systems use dbm databases instead of hash. See +# the output from "postconf -m" for available database +# types. # # /etc/postfix/virtual: -# virtual-alias.domain anything (right-hand content does not matter) -# postmaster@virtual-alias.domain postmaster -# user1@virtual-alias.domain address1 -# user2@virtual-alias.domain address2, address3 +# virtual-alias.domain anything (right-hand content does not matter) +# postmaster@virtual-alias.domain postmaster +# user1@virtual-alias.domain address1 +# user2@virtual-alias.domain address2, address3 # # The virtual-alias.domain anything entry is required for a # virtual alias domain. Without this entry, mail is rejected diff --git a/postfix/html/BACKSCATTER_README.html b/postfix/html/BACKSCATTER_README.html index 2c757bffc..2ef613f58 100644 --- a/postfix/html/BACKSCATTER_README.html +++ b/postfix/html/BACKSCATTER_README.html @@ -21,7 +21,10 @@ Backscatter Howto

Overview

This document describes features that require Postfix version 2.0 -or later. +or later. The examples use Perl Compatible Regular Expressions +(Postfix pcre: tables), but also provide a translation to POSIX +regular expressions (Postfix regexp: tables). PCRE is preferred +primarily because the implementation is often faster.

Topics covered in this document:

@@ -174,8 +177,8 @@ patterns like this: 

 /etc/postfix/main.cf:
-    header_checks = regexp:/etc/postfix/header_checks
-    body_checks = regexp:/etc/postfix/body_checks
+    header_checks = pcre:/etc/postfix/header_checks
+    body_checks = pcre:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
     if /^Received:/
@@ -183,7 +186,7 @@ patterns like this: 

         reject forged client name in Received: header: $1
     /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
-    /^Received:.* +by +(porcupine\.org)[[:>:]]/
+    /^Received:.* +by +(porcupine\.org)\b/
         reject forged mail server name in Received: header: $1
     endif
     /^Message-ID:.* <!&!/ DUNNO
@@ -196,7 +199,7 @@ patterns like this: 

         reject forged client name in Received: header: $1
     /^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
-    /^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/
+    /^[> ]*Received:.* +by +(porcupine\.org)\b/
         reject forged mail server name in Received: header: $1
     endif
     /^[> ]*Message-ID:.* <!&!/ DUNNO
@@ -209,6 +212,9 @@ patterns like this: 

 
 
    
 
+
  •  
     The example uses pcre: tables mainly for speed; with minor
+modifications, you can use regexp: tables as explained below. 
    
+
 
  •  
     The example is simplified for educational purposes.  In
 reality my patterns list multiple domain names, as
 "(domain|domain|...)".  
    
@@ -220,9 +226,10 @@ the "\", the "." would match any character. 
    
 and ")" literally. Without the "\", the "("
 and ")" would be grouping operators.  
    
 
-
  •  
     The "[[:>:]]" matches the end of a word. On
-some systems you should specify "\>" instead. For details
-see your system documentation. 
    
+
  •  
     The "\b" is used here to match the end of a word.
+If you use regexp: tables, specify "[[:>:]]" (on some
+systems you should specify "\>" instead; for details
+see your system documentation).
 
 
  •  
     The "if /pattern/" and "endif" eliminate unnecessary
 matching attempts. DO NOT indent lines starting with /pattern/
@@ -311,15 +318,15 @@ and is very easy to stop.
 
    
 
     /etc/postfix/main.cf:
-    header_checks = regexp:/etc/postfix/header_checks
-    body_checks = regexp:/etc/postfix/body_checks
+    header_checks = pcre:/etc/postfix/header_checks
+    body_checks = pcre:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
-    /^(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ 
+    /^(From|Return-Path):.*\b(user@domain\.tld)\b/ 
         reject forged sender address in $1: header: $2
 
 /etc/postfix/body_checks:
-    /^[> ]*(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ 
+    /^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/ 
         reject forged sender address in $1: header: $2
 
    
 
    
@@ -328,14 +335,18 @@ and is very easy to stop.
 
 
      
 
+
    •  
       The example uses pcre: tables mainly for speed; with minor
+modifications, you can use regexp: tables as explained below. 
      
+
 
    •  
       The example is simplified for educational purposes.  In
 reality, my patterns list multiple email addresses as
 "(user1@domain1\.tld|user2@domain2\.tld)".  
      
 
-
    •  
       The "[[:<:]]" and "[[:>:]]" match
-the beginning and end of a word, respectively. On some systems you
-should specify "\<" and "\>" instead. For
-details see your system documentation. 
      
+
    •  
       The two "\b" as used in "\b(user@domain\.tld)\b"
+match the beginning and end of a word, respectively.  If you use
+regexp: tables, specify "[[:<:]] and [[:>:]]"
+(on some systems you should specify "\< and \>"
+instead; for details see your system documentation).  
      
 
 
    •  
       The "\." matches "." literally. Without
 the "\", the "." would match any character. 
      
diff --git a/postfix/html/INSTALL.html b/postfix/html/INSTALL.html
index 49da3ddc1..ee09a25c2 100644
--- a/postfix/html/INSTALL.html
+++ b/postfix/html/INSTALL.html
@@ -149,6 +149,7 @@ Linux Debian 1.3.1, 2.x, 3.x 
      
 Linux RedHat 3.x (January 2004) - 9.x 
      
 Linux Slackware 3.x, 4.x, 7.x 
      
 Linux SuSE 5.x, 6.x, 7.x 
      
+Linux Ubuntu 4.10..7.04
      
 Mac OS X 
      
 NEXTSTEP 3.x 
      
 NetBSD 1.x 
      
diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html
index 76816476d..226f62e2e 100644
--- a/postfix/html/MILTER_README.html
+++ b/postfix/html/MILTER_README.html
@@ -708,9 +708,6 @@ text below: 
      
 
 
    •  
       This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. 
      
 
-
    •  
       This fixes only the ugly message header, but not the WARNING
-message.  Fortunately, sid-milter logs that message only once. 
      
-
 
    
 
 
     To fix the ugly message header with other Milter applications,
diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html
index 2c7f23538..b24fc2841 100644
--- a/postfix/html/OVERVIEW.html
+++ b/postfix/html/OVERVIEW.html
@@ -460,12 +460,13 @@ bgcolor="#f0f0ff"> 
     smtpd(8)

       <
 
 
 
-
  •  
     The bounce(8), defer(8) and trace(8) servers each maintain
-their own queue directory trees with per-message logfiles. This
-information is used to send delivery or non-delivery notifications
-to the sender. 
    
+
  •  
     The bounce(8), defer(8) and trace(8) services each maintain
+their own queue directory trees with per-message logfiles. Postfix
+uses this information when sending "failed", "delayed" or "success"
+delivery status notifications to the sender. 
    
 
-
     The trace(8) service implements support for the Postfix "sendmail
+
     The trace(8) service also implements support for the Postfix
+"sendmail
 -bv" and "sendmail -v" commands which produce reports about how
 Postfix delivers mail, and is available with Postfix version 2.1
 and later. See  DEBUG_README
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html
index 8cde22633..c90f9c545 100644
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -388,11 +388,11 @@ ACCESS(5)                                                            ACCESS(5)
            1.2.3   REJECT
            1.2.3.4 OK
 
-       Execute the command "postmap /etc/postfix/access" after
+       Execute  the  command  "postmap /etc/postfix/access" after
        editing the file.
 
 BUGS
-       The  table format does not understand quoting conventions.
+       The table format does not understand quoting  conventions.
 
 SEE ALSO
        postmap(1), Postfix lookup table manager
@@ -405,7 +405,7 @@ ACCESS(5)                                                            ACCESS(5)
        DATABASE_README, Postfix lookup table overview
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/bounce.5.html b/postfix/html/bounce.5.html
index 261a91cc3..0f872ac05 100644
--- a/postfix/html/bounce.5.html
+++ b/postfix/html/bounce.5.html
@@ -52,7 +52,7 @@ BOUNCE(5)                                                            BOUNCE(5)
        something like:
 
        /etc/postfix/main.cf:
-               bounce_template_file = /etc/postfix/bounce.cf
+           bounce_template_file = /etc/postfix/bounce.cf
 
 TEMPLATE FILE FORMAT
        The template file can specify templates for  failed  mail,
@@ -86,7 +86,7 @@ BOUNCE(5)                                                            BOUNCE(5)
            If you do so, please include this problem report. You can
            delete your own text from the attached returned message.
 
-                                          The mail system
+                              The mail system
            EOF
 
        The usage and specification of bounce templates is subject
diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html
index c43a1df35..c97f910ac 100644
--- a/postfix/html/canonical.5.html
+++ b/postfix/html/canonical.5.html
@@ -117,8 +117,10 @@ CANONICAL(5)                                                      CANONICAL(5)
               applied to recipient addresses,  the  Postfix  SMTP
               server  accepts  mail  for any recipient in domain,
               regardless of whether that recipient exists.   This
-              may turn your mail system into a backscatter source
-              that returns undeliverable spam to innocent people.
+              may  turn  your  mail  system  into  a  backscatter
+              source: Postfix first accepts mail for non-existent
+              recipients  and  then  tries to return that mail as
+              "undeliverable" to the often forged sender address.
 
 RESULT ADDRESS REWRITING
        The lookup result is subject to address rewriting:
diff --git a/postfix/html/generic.5.html b/postfix/html/generic.5.html
index 9b0ffc2e4..debee93ac 100644
--- a/postfix/html/generic.5.html
+++ b/postfix/html/generic.5.html
@@ -161,12 +161,12 @@ GENERIC(5)                                                          GENERIC(5)
        that the ISP supports "+" style address extensions).
 
        /etc/postfix/main.cf:
-               smtp_generic_maps = hash:/etc/postfix/generic
+           smtp_generic_maps = hash:/etc/postfix/generic
 
        /etc/postfix/generic:
-               his@localdomain.local   hisaccount@hisisp.example
-               her@localdomain.local   heraccount@herisp.example
-               @localdomain.local      hisaccount+local@hisisp.example
+           his@localdomain.local   hisaccount@hisisp.example
+           her@localdomain.local   heraccount@herisp.example
+           @localdomain.local      hisaccount+local@hisisp.example
 
        Execute  the  command "postmap /etc/postfix/generic" when-
        ever the table is changed.  Instead of hash, some  systems
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index c47f19bdc..18b17040e 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -72,70 +72,75 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        time, even when a message  header  spans  multiple  lines.
        Body lines are always examined one line at a time.
 
+COMPATIBILITY
+       With Postfix version 2.2 and earlier specify "postmap -fq"
+       to query a table that contains case sensitive patterns. By
+       default,  regexp: and pcre: patterns are case insensitive.
+
 TABLE FORMAT
-       This  document  assumes  that header and body_checks rules
-       are specified in the form of  Postfix  regular  expression
-       lookup  tables.  Usually  the best performance is obtained
+       This document assumes that header  and  body_checks  rules
+       are  specified  in  the form of Postfix regular expression
+       lookup tables. Usually the best  performance  is  obtained
        with pcre (Perl Compatible Regular Expression) tables, but
-       the  slower  regexp (POSIX regular expressions) support is
-       more widely available.  Use the command "postconf  -m"  to
-       find  out what lookup table types your Postfix system sup-
+       the slower regexp (POSIX regular expressions)  support  is
+       more  widely  available.  Use the command "postconf -m" to
+       find out what lookup table types your Postfix system  sup-
        ports.
 
        The general format of Postfix regular expression tables is
-       given  below.   For  a  discussion  of specific pattern or
-       flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
+       given below.  For a  discussion  of  specific  pattern  or
+       flags   syntax,   see  pcre_table(5)  or  regexp_table(5),
        respectively.
 
        /pattern/flags action
-              When  pattern matches the input string, execute the
-              corresponding action. See below for a list of  pos-
+              When pattern matches the input string, execute  the
+              corresponding  action. See below for a list of pos-
               sible actions.
 
        !/pattern/flags action
-              When  pattern does not match the input string, exe-
+              When pattern does not match the input string,  exe-
               cute the corresponding action.
 
        if /pattern/flags
 
        endif  Match the input string against the patterns between
-              if  and endif, if and only if the same input string
+              if and endif, if and only if the same input  string
               also matches pattern. The if..endif can nest.
 
-              Note: do not prepend whitespace to patterns  inside
+              Note:  do not prepend whitespace to patterns inside
               if..endif.
 
        if !/pattern/flags
 
        endif  Match the input string against the patterns between
-              if and endif, if and only if the same input  string
+              if  and endif, if and only if the same input string
               does not match pattern. The if..endif can nest.
 
        blank lines and comments
-              Empty  lines and whitespace-only lines are ignored,
-              as are lines whose first  non-whitespace  character
+              Empty lines and whitespace-only lines are  ignored,
+              as  are  lines whose first non-whitespace character
               is a `#'.
 
        multi-line text
-              A  pattern/action  line  starts with non-whitespace
-              text. A line that starts with whitespace  continues
+              A pattern/action line  starts  with  non-whitespace
+              text.  A line that starts with whitespace continues
               a logical line.
 
 TABLE SEARCH ORDER
-       For  each  line of message input, the patterns are applied
-       in the order as specified in the table. When a pattern  is
-       found  that  matches  the  input  line,  the corresponding
-       action is  executed  and  then  the  next  input  line  is
+       For each line of message input, the patterns  are  applied
+       in  the order as specified in the table. When a pattern is
+       found that  matches  the  input  line,  the  corresponding
+       action  is  executed  and  then  the  next  input  line is
        inspected.
 
 TEXT SUBSTITUTION
-       Substitution  of  substrings  from  the matched expression
-       into the action string is possible using the  conventional
-       Perl  syntax  ($1,  $2,  etc.).   The macros in the result
-       string may need to be written as  ${n}  or  $(n)  if  they
+       Substitution of substrings  from  the  matched  expression
+       into  the action string is possible using the conventional
+       Perl syntax ($1, $2, etc.).   The  macros  in  the  result
+       string  may  need  to  be  written as ${n} or $(n) if they
        aren't followed by whitespace.
 
-       Note:  since negated patterns (those preceded by !) return
+       Note: since negated patterns (those preceded by !)  return
        a result when the expression does not match, substitutions
        are not available for negated patterns.
 
@@ -144,12 +149,12 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        case for consistency with other Postfix documentation.
 
        DISCARD optional text...
-              Claim successful delivery and silently discard  the
-              message.   Log the optional text if specified, oth-
+              Claim  successful delivery and silently discard the
+              message.  Log the optional text if specified,  oth-
               erwise log a generic message.
 
-              Note:  this  action  disables  further  header   or
-              body_checks  inspection  of the current message and
+              Note:   this  action  disables  further  header  or
+              body_checks inspection of the current  message  and
               affects all recipients.  To discard only one recip-
               ient without discarding the entire message, use the
               transport(5) table to direct mail to the discard(8)
@@ -157,49 +162,49 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
               This feature is available in Postfix 2.0 and later.
 
-       DUNNO  Pretend that the input line did not match any  pat-
-              tern,  and inspect the next input line. This action
+       DUNNO  Pretend  that the input line did not match any pat-
+              tern, and inspect the next input line. This  action
               can be used to shorten the table search.
 
-              For backwards compatibility reasons,  Postfix  also
-              accepts  OK but it is (and always has been) treated
+              For  backwards  compatibility reasons, Postfix also
+              accepts OK but it is (and always has been)  treated
               as DUNNO.
 
               This feature is available in Postfix 2.1 and later.
 
        FILTER transport:destination
-              Write  a  content filter request to the queue file,
-              and inspect the next input line.   After  the  com-
-              plete  message  is received it will be sent through
+              Write a content filter request to the  queue  file,
+              and  inspect  the  next input line.  After the com-
+              plete message is received it will be  sent  through
               the specified external content filter.  More infor-
-              mation  about  external  content  filters is in the
+              mation about external content  filters  is  in  the
               Postfix FILTER_README file.
 
               Note: this action overrides the content_filter set-
               ting, and affects all recipients of the message. In
-              the case that multiple FILTER  actions  fire,  only
+              the  case  that  multiple FILTER actions fire, only
               the last one is executed.
 
               This feature is available in Postfix 2.0 and later.
 
        HOLD optional text...
-              Arrange for the message to be placed  on  the  hold
-              queue,  and  inspect the next input line.  The mes-
-              sage remains on hold until someone  either  deletes
-              it  or  releases it for delivery.  Log the optional
+              Arrange  for  the  message to be placed on the hold
+              queue, and inspect the next input line.   The  mes-
+              sage  remains  on hold until someone either deletes
+              it or releases it for delivery.  Log  the  optional
               text if specified, otherwise log a generic message.
 
-              Mail  that  is  placed on hold can be examined with
-              the postcat(1) command, and  can  be  destroyed  or
+              Mail that is placed on hold can  be  examined  with
+              the  postcat(1)  command,  and  can be destroyed or
               released with the postsuper(1) command.
 
-              Note:  use  "postsuper -r" to release mail that was
-              kept on hold for a significant fraction  of  $maxi-
+              Note: use "postsuper -r" to release mail  that  was
+              kept  on  hold for a significant fraction of $maxi-
               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
-              longer. Use "postsuper -H" only for mail that  will
+              longer.  Use "postsuper -H" only for mail that will
               not expire within a few delivery attempts.
 
-              Note:  this  action  affects  all recipients of the
+              Note: this action affects  all  recipients  of  the
               message.
 
               This feature is available in Postfix 2.0 and later.
@@ -208,23 +213,23 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               the next input line.
 
        PREPEND text...
-              Prepend one  line  with  the  specified  text,  and
+              Prepend  one  line  with  the  specified  text, and
               inspect the next input line.
 
               Notes:
 
-              o      The  prepended  text is output on a separate
+              o      The prepended text is output on  a  separate
                      line,  immediately  before  the  input  that
                      triggered the PREPEND action.
 
               o      The prepended text is not considered part of
-                     the input  stream:  it  is  not  subject  to
+                     the  input  stream:  it  is  not  subject to
                      header/body checks or address rewriting, and
                      it does not affect the way that Postfix adds
                      missing message headers.
 
               o      When prepending text before a message header
-                     line, the prepended text must begin  with  a
+                     line,  the  prepended text must begin with a
                      valid message header label.
 
               o      This action cannot be used to prepend multi-
@@ -233,46 +238,46 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is available in Postfix 2.1 and later.
 
        REDIRECT user@domain
-              Write  a  message  redirection request to the queue
-              file, and inspect the next input  line.  After  the
+              Write a message redirection request  to  the  queue
+              file,  and  inspect  the next input line. After the
               message is queued, it will be sent to the specified
               address instead of the intended recipient(s).
 
-              Note: this action overrides the FILTER action,  and
-              affects  all recipients of the message. If multiple
-              REDIRECT actions fire, only the last  one  is  exe-
+              Note:  this action overrides the FILTER action, and
+              affects all recipients of the message. If  multiple
+              REDIRECT  actions  fire,  only the last one is exe-
               cuted.
 
               This feature is available in Postfix 2.1 and later.
 
        REPLACE text...
-              Replace the current line with the  specified  text,
+              Replace  the  current line with the specified text,
               and inspect the next input line.
 
               This feature is available in Postfix 2.2 and later.
-              The description below applies to Postfix 2.2.2  and
+              The  description below applies to Postfix 2.2.2 and
               later.
 
               Notes:
 
-              o      When  replacing  a  message header line, the
-                     replacement text must  begin  with  a  valid
+              o      When replacing a message  header  line,  the
+                     replacement  text  must  begin  with a valid
                      header label.
 
-              o      The  replaced text remains part of the input
-                     stream. Unlike the result from  the  PREPEND
-                     action,  a  replaced  message  header may be
-                     subject to address rewriting and may  affect
-                     the  way  that  Postfix adds missing message
+              o      The replaced text remains part of the  input
+                     stream.  Unlike  the result from the PREPEND
+                     action, a replaced  message  header  may  be
+                     subject  to address rewriting and may affect
+                     the way that Postfix  adds  missing  message
                      headers.
 
        REJECT optional text...
-              Reject the  entire  message.  Reply  with  optional
+              Reject  the  entire  message.  Reply  with optional
               text... when the optional text is specified, other-
               wise reply with a generic error message.
 
-              Note:  this  action  disables  further  header   or
-              body_checks  inspection  of the current message and
+              Note:   this  action  disables  further  header  or
+              body_checks inspection of the current  message  and
               affects all recipients.
 
               Postfix version 2.3 and later support enhanced sta-
@@ -281,32 +286,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               enhanced status code of "5.7.1".
 
        WARN optional text...
-              Log  a  warning with the optional text... (or log a
-              generic message), and inspect the next input  line.
+              Log a warning with the optional text... (or  log  a
+              generic  message), and inspect the next input line.
               This action is useful for debugging and for testing
               a pattern before applying more drastic actions.
 
 BUGS
-       Many people overlook the main limitations  of  header  and
+       Many  people  overlook  the main limitations of header and
        body_checks rules.
 
-       o      These  rules  operate on one logical message header
+       o      These rules operate on one logical  message  header
               or one body line at a time. A decision made for one
               line is not carried over to the next line.
 
-       o      If  text  in the message body is encoded (RFC 2045)
-              then the rules have to specified  for  the  encoded
+       o      If text in the message body is encoded  (RFC  2045)
+              then the rules need to be specified for the encoded
               form.
 
-       o      Likewise,  when  message  headers  are encoded (RFC
-              2047) then the rules need to be specified  for  the
+       o      Likewise, when message  headers  are  encoded  (RFC
+              2047)  then  the rules need to be specified for the
               encoded form.
 
-       Message  headers added by the cleanup(8) daemon itself are
+       Message headers added by the cleanup(8) daemon itself  are
        excluded from inspection. Examples of such message headers
        are From:, To:, Message-ID:, Date:.
 
-       Message  headers  deleted by the cleanup(8) daemon will be
+       Message headers deleted by the cleanup(8) daemon  will  be
        examined before they are deleted. Examples are: Bcc:, Con-
        tent-Length:, Return-Path:.
 
@@ -314,11 +319,11 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        body_checks
               Lookup tables with content filter rules for message
               body lines.  These filters see one physical line at
-              a  time,  in  chunks  of at most $line_length_limit
+              a time, in chunks  of  at  most  $line_length_limit
               bytes.
 
        body_checks_size_limit
-              The amount of  content  per  message  body  segment
+              The  amount  of  content  per  message body segment
               (attachment) that is subjected to $body_checks fil-
               tering.
 
@@ -328,32 +333,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
        nested_header_checks (default: $header_checks)
               Lookup tables with content filter rules for message
-              header  lines:  respectively,  these are applied to
-              the initial message  headers  (not  including  MIME
-              headers),  to the MIME headers anywhere in the mes-
-              sage, and to the initial headers of  attached  mes-
+              header lines: respectively, these  are  applied  to
+              the  initial  message  headers  (not including MIME
+              headers), to the MIME headers anywhere in the  mes-
+              sage,  and  to the initial headers of attached mes-
               sages.
 
-              Note:  these filters see one logical message header
-              at a time, even when a message header spans  multi-
-              ple  lines.  Message  headers  that are longer than
+              Note: these filters see one logical message  header
+              at  a time, even when a message header spans multi-
+              ple lines. Message headers  that  are  longer  than
               $header_size_limit characters are truncated.
 
        disable_mime_input_processing
-              While receiving mail, give no special treatment  to
-              MIME  related  message  headers; all text after the
+              While  receiving mail, give no special treatment to
+              MIME related message headers; all  text  after  the
               initial message headers is considered to be part of
-              the  message body. This means that header_checks is
-              applied to all the  initial  message  headers,  and
+              the message body. This means that header_checks  is
+              applied  to  all  the  initial message headers, and
               that body_checks is applied to the remainder of the
               message.
 
-              Note: when used in this  manner,  body_checks  will
-              process  a  multi-line message header one line at a
+              Note:  when  used  in this manner, body_checks will
+              process a multi-line message header one line  at  a
               time.
 
 EXAMPLES
-       Header pattern to block attachments  with  bad  file  name
+       Header  pattern  to  block  attachments with bad file name
        extensions.
 
        /etc/postfix/main.cf:
@@ -391,7 +396,7 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        BACKSCATTER_README, blocking returned forged mail
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html
index 8342ab8a6..19edaa59f 100644
--- a/postfix/html/ldap_table.5.html
+++ b/postfix/html/ldap_table.5.html
@@ -327,19 +327,18 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
               are not performed. This  can  significantly  reduce
               the query load on the LDAP server.
 
-                  domain = postfix.org, hash:/etc/postfix/search-
-              domains
+                  domain = postfix.org, hash:/etc/postfix/searchdomains
 
-              It is best not to use LDAP  to  store  the  domains
+              It  is  best  not  to use LDAP to store the domains
               eligible for LDAP lookups.
 
-              NOTE:  DO  NOT  define  this parameter for local(8)
+              NOTE: DO NOT define  this  parameter  for  local(8)
               aliases.
 
               This feature is available in Postfix 1.0 and later.
 
        result_attribute (default: maildrop)
-              The  attribute(s) Postfix will read from any direc-
+              The attribute(s) Postfix will read from any  direc-
               tory entries returned by the lookup, to be resolved
               to an email address.
 
@@ -347,57 +346,57 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
 
        special_result_attribute (default: empty)
               The attribute(s) of directory entries that can con-
-              tain DNs or URLs. If found, a recursive  subsequent
+              tain  DNs or URLs. If found, a recursive subsequent
               search is done using their values.
 
                   special_result_attribute = memberdn
 
-              DN  recursion  retrieves the same result_attributes
+              DN recursion retrieves the  same  result_attributes
               as the main query, including the special attributes
-              for  further  recursion.  URI  processing retrieves
-              only those attributes that are included in the  URI
-              definition     and    are    *also*    listed    in
-              "result_attribute". If the URI  lists  any  of  the
-              map's  special  result  attributes,  these are also
+              for further  recursion.  URI  processing  retrieves
+              only  those attributes that are included in the URI
+              definition    and    are    *also*    listed     in
+              "result_attribute".  If  the  URI  lists any of the
+              map's special result  attributes,  these  are  also
               retrieved and used recursively.
 
        terminal_result_attribute (default: empty)
-              When one or more  terminal  result  attributes  are
+              When  one  or  more  terminal result attributes are
               found in an LDAP entry, all other result attributes
               are ignored and only the terminal result attributes
-              are  returned. This is useful for delegating expan-
-              sion of group members  to  a  particular  host,  by
-              using  an optional "maildrop" attribute on selected
+              are returned. This is useful for delegating  expan-
+              sion  of  group  members  to  a particular host, by
+              using an optional "maildrop" attribute on  selected
               groups to route the group to a specific host, where
-              the  group  is  expanded, possibly via mailing-list
+              the group is expanded,  possibly  via  mailing-list
               manager or other special processing.
 
                   terminal_result_attribute = maildrop
 
-              This feature  is  available  with  Postfix  2.4  or
+              This  feature  is  available  with  Postfix  2.4 or
               later.
 
        leaf_result_attribute (default: empty)
-              When  one  or  more  special  result attributes are
-              found in a non-terminal  (see  above)  LDAP  entry,
+              When one or  more  special  result  attributes  are
+              found  in  a  non-terminal  (see above) LDAP entry,
               leaf result attributes are excluded from the expan-
-              sion of that entry. This is useful  when  expanding
+              sion  of  that entry. This is useful when expanding
               groups and the desired mail address attribute(s) of
               the member objects obtained via DN or URI recursion
-              are  also  present  in  the  group  object. To only
-              return the attribute values from the  leaf  objects
-              and  not the containing group, add the attribute to
-              the  leaf_result_attribute  list,   and   not   the
-              result_attribute  list,  which  is always expanded.
-              Note, the default value  of  "result_attribute"  is
-              not  empty, you may want to set it explicitly empty
-              when using "leaf_result_attribute"  to  expand  the
-              group  to  a list of member DN addresses. If groups
-              have both member DN references AND attributes  that
-              hold  multiple string valued rfc822 addresses, then
-              the string  attributes  go  in  "result_attribute".
-              The  attributes  that represent the email addresses
-              of objects referenced via a DN (or LDAP URI) go  in
+              are also present  in  the  group  object.  To  only
+              return  the  attribute values from the leaf objects
+              and not the containing group, add the attribute  to
+              the   leaf_result_attribute   list,   and  not  the
+              result_attribute list, which  is  always  expanded.
+              Note,  the  default  value of "result_attribute" is
+              not empty, you may want to set it explicitly  empty
+              when  using  "leaf_result_attribute"  to expand the
+              group to a list of member DN addresses.  If  groups
+              have  both member DN references AND attributes that
+              hold multiple string valued rfc822 addresses,  then
+              the  string  attributes  go  in "result_attribute".
+              The attributes that represent the  email  addresses
+              of  objects referenced via a DN (or LDAP URI) go in
               "leaf_result_attribute".
 
                   result_attribute = memberaddr
@@ -405,42 +404,42 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
                   terminal_result_attribute = maildrop
                   leaf_result_attribute = mail
 
-              This  feature  is  available  with  Postfix  2.4 or
+              This feature  is  available  with  Postfix  2.4  or
               later.
 
        scope (default: sub)
-              The LDAP search scope: sub, base,  or  one.   These
+              The  LDAP  search  scope: sub, base, or one.  These
               translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
               and LDAP_SCOPE_ONELEVEL.
 
        bind (default: yes)
-              Whether or not to bind to the  LDAP  server.  Newer
+              Whether  or  not  to bind to the LDAP server. Newer
               LDAP implementations don't require clients to bind,
               which saves time. Example:
 
                   bind = no
 
-              If you do need to bind, you might consider  config-
-              uring  Postfix to connect to the local machine on a
-              port that's an SSL tunnel to your LDAP  server.  If
-              your  LDAP server doesn't natively support SSL, put
+              If  you do need to bind, you might consider config-
+              uring Postfix to connect to the local machine on  a
+              port  that's  an SSL tunnel to your LDAP server. If
+              your LDAP server doesn't natively support SSL,  put
               a tunnel (wrapper, proxy, whatever you want to call
-              it)  on  that  system  too. This should prevent the
-              password from traversing the network in the  clear.
+              it) on that system too.  This  should  prevent  the
+              password  from traversing the network in the clear.
 
        bind_dn (default: empty)
-              If  you  do  have  to bind, do it with this distin-
+              If you do have to bind, do  it  with  this  distin-
               guished name. Example:
 
                   bind_dn = uid=postfix, dc=your, dc=com
 
        bind_pw (default: empty)
-              The password for the distinguished name  above.  If
+              The  password  for the distinguished name above. If
               you have to use this, you probably want to make the
               map configuration file readable only by the Postfix
-              user.  When using the obsolete ldap:ldapsource syn-
+              user. When using the obsolete ldap:ldapsource  syn-
               tax, with map parameters in main.cf, it is not pos-
-              sible  to securely store the bind password. This is
+              sible to securely store the bind password. This  is
               because main.cf needs to be world readable to allow
               local accounts to submit mail via the sendmail com-
               mand. Example:
@@ -452,43 +451,43 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
        cache_expiry (IGNORED with a warning)
 
        cache_size (IGNORED with a warning)
-              The above parameters are  NO  LONGER  SUPPORTED  by
+              The  above  parameters  are  NO LONGER SUPPORTED by
               Postfix.   Cache  support  has  been  dropped  from
               OpenLDAP as of release 2.1.13.
 
        recursion_limit (default: 1000)
-              A limit on the nesting depth of DN and URL  special
-              result  attribute  evaluation.  The limit must be a
+              A  limit on the nesting depth of DN and URL special
+              result attribute evaluation. The limit  must  be  a
               non-zero positive number.
 
        expansion_limit (default: 0)
-              A limit on the  total  number  of  result  elements
-              returned  (as  a  comma separated list) by a lookup
-              against the map.  A setting of  zero  disables  the
-              limit.  Lookups  fail with a temporary error if the
-              limit is exceeded.  Setting the limit to 1  ensures
+              A  limit  on  the  total  number of result elements
+              returned (as a comma separated list)  by  a  lookup
+              against  the  map.   A setting of zero disables the
+              limit. Lookups fail with a temporary error  if  the
+              limit  is exceeded.  Setting the limit to 1 ensures
               that lookups do not return multiple values.
 
        size_limit (default: $expansion_limit)
-              A  limit  on the number of LDAP entries returned by
-              any single LDAP search performed  as  part  of  the
-              lookup.  A setting of 0 disables the limit.  Expan-
-              sion of DN and URL references involves nested  LDAP
-              queries,  each  of which is separately subjected to
+              A limit on the number of LDAP entries  returned  by
+              any  single  LDAP  search  performed as part of the
+              lookup. A setting of 0 disables the limit.   Expan-
+              sion  of DN and URL references involves nested LDAP
+              queries, each of which is separately  subjected  to
               this limit.
 
-              Note: even a single LDAP entry can generate  multi-
-              ple  lookup results, via multiple result attributes
-              and/or multi-valued result attributes.  This  limit
-              caps  the  per  search  resource utilization on the
-              LDAP server, not  the  final  multiplicity  of  the
-              lookup  result.  It is analogous to the "-z" option
+              Note:  even a single LDAP entry can generate multi-
+              ple lookup results, via multiple result  attributes
+              and/or  multi-valued  result attributes. This limit
+              caps the per search  resource  utilization  on  the
+              LDAP  server,  not  the  final  multiplicity of the
+              lookup result. It is analogous to the  "-z"  option
               of "ldapsearch".
 
        dereference (default: 0)
-              When to dereference LDAP aliases. (Note  that  this
+              When  to  dereference LDAP aliases. (Note that this
               has nothing do with Postfix aliases.) The permitted
-              values are those legal  for  the  OpenLDAP/UM  LDAP
+              values  are  those  legal  for the OpenLDAP/UM LDAP
               implementations:
 
               0      never
@@ -500,28 +499,28 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
               3      always
 
               See ldap.h or the ldap_open(3) or ldapsearch(1) man
-              pages  for more information. And if you're using an
+              pages for more information. And if you're using  an
               LDAP package that has other possible values, please
-              bring   it   to   the  attention  of  the  postfix-
+              bring  it  to  the  attention   of   the   postfix-
               users@postfix.org mailing list.
 
        chase_referrals (default: 0)
-              Sets (or clears) LDAP_OPT_REFERRALS (requires  LDAP
+              Sets  (or clears) LDAP_OPT_REFERRALS (requires LDAP
               version 3 support).
 
        version (default: 2)
               Specifies the LDAP protocol version to use.
 
        debuglevel (default: 0)
-              What  level  to  set  for debugging in the OpenLDAP
+              What level to set for  debugging  in  the  OpenLDAP
               libraries.
 
 LDAP SSL AND STARTTLS PARAMETERS
-       If you're using the OpenLDAP libraries compiled  with  SSL
-       support,  Postfix  can connect to LDAP SSL servers and can
+       If  you're  using the OpenLDAP libraries compiled with SSL
+       support, Postfix can connect to LDAP SSL servers  and  can
        issue the STARTTLS command.
 
-       LDAP SSL service can be requested by using a LDAP SSL  URL
+       LDAP  SSL service can be requested by using a LDAP SSL URL
        in the server_host parameter:
 
            server_host = ldaps://ldap.example.com:636
@@ -530,90 +529,90 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
 
            start_tls = yes
 
-       Both  forms  require LDAP protocol version 3, which has to
+       Both forms require LDAP protocol version 3, which  has  to
        be set explicitly with:
 
            version = 3
 
        If any of the Postfix programs querying the map is config-
-       ured  in  master.cf  to run chrooted, all the certificates
+       ured in master.cf to run chrooted,  all  the  certificates
        and keys involved have to be copied to the chroot jail. Of
-       course,  the  private  keys should only be readable by the
+       course, the private keys should only be  readable  by  the
        user "postfix".
 
-       The following parameters are  relevant  to  LDAP  SSL  and
+       The  following  parameters  are  relevant  to LDAP SSL and
        STARTTLS:
 
        start_tls (default: no)
               Whether or not to issue STARTTLS upon connection to
-              the server.  Don't set this with LDAP SSL (the  SSL
+              the  server.  Don't set this with LDAP SSL (the SSL
               session is setup automatically when the TCP connec-
               tion is opened).
 
-       tls_ca_cert_dir  (No   default;   set   either   this   or
+       tls_ca_cert_dir   (No   default;   set   either   this  or
        tls_ca_cert_file)
               Directory  containing  X509  Certificate  Authority
-              certificates  in  PEM format which are to be recog-
-              nized by the client  in  SSL/TLS  connections.  The
-              files  each  contain one CA certificate.  The files
-              are looked up by the CA subject  name  hash  value,
-              which  must hence be available. If more than one CA
-              certificate with the same name  hash  value  exist,
-              the  extension  must be different (e.g. 9d66eef0.0,
-              9d66eef0.1 etc). The search  is  performed  in  the
-              ordering  of  the  extension  number, regardless of
+              certificates in PEM format which are to  be  recog-
+              nized  by  the  client  in SSL/TLS connections. The
+              files each contain one CA certificate.   The  files
+              are  looked  up  by the CA subject name hash value,
+              which must hence be available. If more than one  CA
+              certificate  with  the  same name hash value exist,
+              the extension must be different  (e.g.  9d66eef0.0,
+              9d66eef0.1  etc).  The  search  is performed in the
+              ordering of the  extension  number,  regardless  of
               other  properties  of  the  certificates.  Use  the
               c_rehash utility (from the OpenSSL distribution) to
               create the necessary links.
 
-       tls_ca_cert_file  (No  default;   set   either   this   or
+       tls_ca_cert_file   (No   default;   set   either  this  or
        tls_ca_cert_dir)
               File containing the X509 Certificate Authority cer-
-              tificates  in PEM format which are to be recognized
-              by the client in SSL/TLS connections. This  setting
+              tificates in PEM format which are to be  recognized
+              by  the client in SSL/TLS connections. This setting
               takes precedence over tls_ca_cert_dir.
 
        tls_cert (No default; you must set this)
-              File  containing  client's  X509  certificate to be
+              File containing client's  X509  certificate  to  be
               used by the client in SSL/ TLS connections.
 
        tls_key (No default; you must set this)
-              File containing the private  key  corresponding  to
+              File  containing  the  private key corresponding to
               the above tls_cert.
 
        tls_require_cert (default: no)
               Whether or not to request server's X509 certificate
-              and check its validity  when  establishing  SSL/TLS
+              and  check  its  validity when establishing SSL/TLS
               connections.
 
        tls_random_file (No default)
-              Path  of  a  file  to  obtain random bits from when
-              /dev/[u]random is not available, to be used by  the
+              Path of a file to  obtain  random  bits  from  when
+              /dev/[u]random  is not available, to be used by the
               client in SSL/TLS connections.
 
        tls_cipher_suite (No default)
               Cipher suite to use in SSL/TLS negotiations.
 
 EXAMPLE
-       Here's  a basic example for using LDAP to look up local(8)
+       Here's a basic example for using LDAP to look up  local(8)
        aliases.  Assume that in main.cf, you have:
 
            alias_maps = hash:/etc/aliases,
-               ldap:/etc/postfix/ldap-aliases.cf
+                   ldap:/etc/postfix/ldap-aliases.cf
 
        and in ldap:/etc/postfix/ldap-aliases.cf you have:
 
            server_host = ldap.example.com
            search_base = dc=example, dc=com
 
-       Upon receiving mail for a local  address  "ldapuser"  that
-       isn't  found  in  the  /etc/aliases database, Postfix will
+       Upon  receiving  mail  for a local address "ldapuser" that
+       isn't found in the  /etc/aliases  database,  Postfix  will
        search the LDAP server listening at port 389 on ldap.exam-
-       ple.com.   It will bind anonymously, search for any direc-
-       tory entries  whose  mailacceptinggeneralid  attribute  is
+       ple.com.  It will bind anonymously, search for any  direc-
+       tory  entries  whose  mailacceptinggeneralid  attribute is
        "ldapuser", read the "maildrop" attributes of those found,
        and build a list of their maildrops, which will be treated
-       as  RFC822  addresses  to which the message will be deliv-
+       as RFC822 addresses to which the message  will  be  deliv-
        ered.
 
 SEE ALSO
@@ -627,13 +626,13 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
        LDAP_README, Postfix LDAP client guide
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
-       Carsten Hoeger, Hery  Rakotoarisoa,  John  Hensley,  Keith
-       Stevenson,  LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
-       Mattice, Prabhat K Singh, Sami Haahtinen, Samuel  Tardieu,
+       Carsten  Hoeger,  Hery  Rakotoarisoa,  John Hensley, Keith
+       Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon,  Mike
+       Mattice,  Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
        Victor Duchovni, and many others.
 
                                                                  LDAP_TABLE(5)
diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html
index f6668cb92..f1f78ac89 100644
--- a/postfix/html/mysql_table.5.html
+++ b/postfix/html/mysql_table.5.html
@@ -21,26 +21,26 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
 
        Alternatively,  lookup  tables  can  be specified as MySQL
        databases.  In order to use MySQL lookups, define a  MySQL
-       source as a lookup table in main.cf, for example:
+       source as a lookup table in main.cf, for example:
            alias_maps = mysql:/etc/mysql-aliases.cf
 
        The file /etc/postfix/mysql-aliases.cf has the same format
-       as the Postfix main.cf file, and can specify  the  parame-
+       as the Postfix main.cf file, and can specify  the  parame-
        ters described below.
 
 BACKWARDS COMPATIBILITY
        For  compatibility with other Postfix lookup tables, MySQL
-       parameters can also be defined in main.cf.  In order to do
+       parameters can also be defined in main.cf.  In order to do
        that,  specify  as  MySQL source a name that doesn't begin
        with a slash or a dot.  The MySQL parameters will then  be
        accessible as the name you've given the source in its def-
        inition, an underscore, and the  name  of  the  parameter.
        For example, if the map is specified as "mysql:mysqlname",
-       the parameter "hosts" below would be defined in main.cf as
+       the parameter "hosts" below would be defined in main.cf as
        "mysqlname_hosts".
 
        Note:  with this form, the passwords for the MySQL sources
-       are written in main.cf, which is normally  world-readable.
+       are written in main.cf, which is normally  world-readable.
        Support  for this form will be removed in a future Postfix
        version.
 
@@ -115,58 +115,57 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
        query  The SQL query template used to search the database,
               where %s is a substitute for the address Postfix is
               trying to resolve, e.g.
-                  query  =  SELECT replacement FROM aliases WHERE
-              mailbox = '%s'
+                  query = SELECT replacement FROM aliases WHERE mailbox = '%s'
 
-              This parameter supports the  following  '%'  expan-
+              This  parameter  supports  the following '%' expan-
               sions:
 
               %%     This is replaced by a literal '%' character.
 
-              %s     This is replaced  by  the  input  key.   SQL
-                     quoting  is used to make sure that the input
-                     key does not add unexpected  metacharacters.
+              %s     This  is  replaced  by  the  input key.  SQL
+                     quoting is used to make sure that the  input
+                     key  does not add unexpected metacharacters.
 
               %u     When the input key is an address of the form
                      user@domain,  %u  is  replaced  by  the  SQL
-                     quoted  local  part  of the address.  Other-
-                     wise, %u is replaced by  the  entire  search
-                     string.   If  the  localpart  is  empty, the
-                     query is suppressed and returns no  results.
+                     quoted local part of  the  address.   Other-
+                     wise,  %u  is  replaced by the entire search
+                     string.  If  the  localpart  is  empty,  the
+                     query  is suppressed and returns no results.
 
               %d     When the input key is an address of the form
                      user@domain,  %d  is  replaced  by  the  SQL
-                     quoted  domain  part of the address.  Other-
+                     quoted domain part of the  address.   Other-
                      wise, the query is suppressed and returns no
                      results.
 
               %[SUD] The  upper-case  equivalents  of  the  above
-                     expansions behave  in  the  query  parameter
+                     expansions  behave  in  the  query parameter
                      identically  to  their  lower-case  counter-
                      parts.   With  the  result_format  parameter
                      (see  below),  they  expand  the  input  key
                      rather than the result value.
 
-              %[1-9] The patterns %1, %2, ... %9 are replaced  by
+              %[1-9] The  patterns %1, %2, ... %9 are replaced by
                      the corresponding most significant component
-                     of the input key's domain. If the input  key
+                     of  the input key's domain. If the input key
                      is user@mail.example.com, then %1 is com, %2
-                     is example and %3 is mail. If the input  key
+                     is  example and %3 is mail. If the input key
                      is  unqualified  or  does  not  have  enough
-                     domain components to satisfy all the  speci-
-                     fied  patterns,  the query is suppressed and
+                     domain  components to satisfy all the speci-
+                     fied patterns, the query is  suppressed  and
                      returns no results.
 
-              The domain parameter  described  below  limits  the
-              input  keys  to addresses in matching domains. When
-              the domain parameter is non-empty, SQL queries  for
-              unqualified  addresses or addresses in non-matching
+              The  domain  parameter  described  below limits the
+              input keys to addresses in matching  domains.  When
+              the  domain parameter is non-empty, SQL queries for
+              unqualified addresses or addresses in  non-matching
               domains are suppressed and return no results.
 
-              This parameter is available with  Postfix  2.2.  In
-              prior  releases  the  SQL  query was built from the
-              separate    parameters:    select_field,     table,
-              where_field  and additional_conditions. The mapping
+              This  parameter  is  available with Postfix 2.2. In
+              prior releases the SQL query  was  built  from  the
+              separate     parameters:    select_field,    table,
+              where_field and additional_conditions. The  mapping
               from the old parameters to the equivalent query is:
 
                   SELECT [select_field]
@@ -176,72 +175,71 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
 
               The '%s' in the WHERE clause expands to the escaped
               search  string.   With  Postfix  2.2  these  legacy
-              parameters  are  used if the query parameter is not
+              parameters are used if the query parameter  is  not
               specified.
 
               NOTE: DO NOT put quotes around the query parameter.
 
        result_format (default: %s)
-              Format  template applied to result attributes. Most
-              commonly used to append (or prepend)  text  to  the
-              result.  This  parameter supports the following '%'
+              Format template applied to result attributes.  Most
+              commonly  used  to  append (or prepend) text to the
+              result. This parameter supports the  following  '%'
               expansions:
 
               %%     This is replaced by a literal '%' character.
 
-              %s     This  is replaced by the value of the result
-                     attribute.  When  result  is  empty  it   is
+              %s     This is replaced by the value of the  result
+                     attribute.   When  result  is  empty  it  is
                      skipped.
 
-              %u     When   the  result  attribute  value  is  an
+              %u     When  the  result  attribute  value  is   an
                      address  of  the  form  user@domain,  %u  is
-                     replaced  by  the local part of the address.
+                     replaced by the local part of  the  address.
                      When the result has an empty localpart it is
                      skipped.
 
-              %d     When  a result attribute value is an address
-                     of the form user@domain, %d is  replaced  by
+              %d     When a result attribute value is an  address
+                     of  the  form user@domain, %d is replaced by
                      the domain part of the attribute value. When
                      the result is unqualified it is skipped.
 
               %[SUD1-9]
-                     The upper-case and decimal digit  expansions
+                     The  upper-case and decimal digit expansions
                      interpolate  the  parts  of  the  input  key
-                     rather than the result.  Their  behavior  is
-                     identical  to that described with query, and
-                     in fact because the input key  is  known  in
-                     advance,  queries whose key does not contain
-                     all the information specified in the  result
-                     template   are   suppressed  and  return  no
+                     rather  than  the  result. Their behavior is
+                     identical to that described with query,  and
+                     in  fact  because  the input key is known in
+                     advance, queries whose key does not  contain
+                     all  the information specified in the result
+                     template  are  suppressed  and   return   no
                      results.
 
               For  example,  using  "result_format  =  smtp:[%s]"
               allows one to use a mailHost attribute as the basis
-              of a transport(5) table. After applying the  result
-              format,  multiple  values are concatenated as comma
-              separated strings. The expansion_limit and  parame-
+              of  a transport(5) table. After applying the result
+              format, multiple values are concatenated  as  comma
+              separated  strings. The expansion_limit and parame-
               ter explained below allows one to restrict the num-
-              ber of values in the result,  which  is  especially
+              ber  of  values  in the result, which is especially
               useful for maps that must return at most one value.
 
-              The default value %s  specifies  that  each  result
+              The  default  value  %s  specifies that each result
               value should be used as is.
 
-              This  parameter  is  available with Postfix 2.2 and
+              This parameter is available with  Postfix  2.2  and
               later.
 
               NOTE: DO NOT put quotes around the result format!
 
        domain (default: no domain list)
-              This is a list of domain names, paths to files,  or
-              dictionaries.  When specified, only fully qualified
-              search keys with  a  *non-empty*  localpart  and  a
-              matching  domain  are  eligible  for lookup: 'user'
-              lookups, bare domain lookups and "@domain"  lookups
-              are  not  performed.  This can significantly reduce
+              This  is a list of domain names, paths to files, or
+              dictionaries. When specified, only fully  qualified
+              search  keys  with  a  *non-empty*  localpart and a
+              matching domain are  eligible  for  lookup:  'user'
+              lookups,  bare domain lookups and "@domain" lookups
+              are not performed. This  can  significantly  reduce
               the query load on the MySQL server.
-                  domain = postfix.org, hash:/etc/postfix/search-
-              domains
+                  domain = postfix.org, hash:/etc/postfix/searchdomains
 
               It is best not to use SQL to store the domains eli-
               gible for SQL lookups.
diff --git a/postfix/html/nisplus_table.5.html b/postfix/html/nisplus_table.5.html
index 8ccd9e4d1..8bb3e406a 100644
--- a/postfix/html/nisplus_table.5.html
+++ b/postfix/html/nisplus_table.5.html
@@ -55,7 +55,7 @@ NISPLUS_TABLE(5)                                              NISPLUS_TABLE(5)
        A NIS+ aliases map might be queried as follows:
 
            alias_maps = dbm:/etc/mail/aliases,
-                 nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1
+               nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1
 
        This  queries the local aliases file before the NIS+ file.
 
diff --git a/postfix/html/pcre_table.5.html b/postfix/html/pcre_table.5.html
index 7cf9d614c..7a68ce8a5 100644
--- a/postfix/html/pcre_table.5.html
+++ b/postfix/html/pcre_table.5.html
@@ -16,8 +16,8 @@ PCRE_TABLE(5)                                                    PCRE_TABLE(5)
 
 DESCRIPTION
        The  Postfix  mail system uses optional tables for address
-       rewriting or mail routing. These tables are usually in dbm
-       or db format.
+       rewriting, mail routing, or access control.  These  tables
+       are usually in dbm or db format.
 
        Alternatively, lookup tables can be specified in Perl Com-
        patible Regular Expression form. In this case, each  input
diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html
index 13152c9a5..39904c4ab 100644
--- a/postfix/html/pgsql_table.5.html
+++ b/postfix/html/pgsql_table.5.html
@@ -21,27 +21,27 @@ PGSQL_TABLE(5)                                                  PGSQL_TABLE(5)
 
        Alternatively,  lookup  tables  can  be specified as Post-
        greSQL databases.  In order  to  use  PostgreSQL  lookups,
-       define  a  PostgreSQL source as a lookup table in main.cf,
+       define  a  PostgreSQL source as a lookup table in main.cf,
        for example:
            alias_maps = pgsql:/etc/pgsql-aliases.cf
 
        The file /etc/postfix/pgsql-aliases.cf has the same format
-       as  the  Postfix main.cf file, and can specify the parame-
+       as  the  Postfix main.cf file, and can specify the parame-
        ters described below.
 
 BACKWARDS COMPATIBILITY
        For compatibility with other Postfix lookup tables,  Post-
-       greSQL  parameters  can  also  be  defined in main.cf.  In
+       greSQL  parameters  can  also  be  defined in main.cf.  In
        order to do that, specify as PostgreSQL source a name that
        doesn't  begin  with  a  slash  or  a dot.  The PostgreSQL
        parameters will then be  accessible  as  the  name  you've
        given the source in its definition, an underscore, and the
        name of the parameter.  For example, if the map is  speci-
        fied  as  "pgsql:pgsqlname",  the  parameter "hosts" below
-       would be defined in main.cf as "pgsqlname_hosts".
+       would be defined in main.cf as "pgsqlname_hosts".
 
        Note: with this form, the  passwords  for  the  PostgreSQL
-       sources  are  written in main.cf, which is normally world-
+       sources  are  written in main.cf, which is normally world-
        readable.  Support for this form  will  be  removed  in  a
        future Postfix version.
 
@@ -121,132 +121,130 @@ PGSQL_TABLE(5)                                                  PGSQL_TABLE(5)
        query  The SQL query template used to search the database,
               where %s is a substitute for the address Postfix is
               trying to resolve, e.g.
-                  query = SELECT replacement FROM  aliases  WHERE
-              mailbox = '%s'
+                  query = SELECT replacement FROM aliases WHERE mailbox = '%s'
 
-              This  parameter  supports  the following '%' expan-
+              This parameter supports the  following  '%'  expan-
               sions:
 
               %%     This is replaced by a literal '%' character.
                      (Postfix 2.2 and later)
 
-              %s     This  is  replaced  by  the  input key.  SQL
-                     quoting is used to make sure that the  input
-                     key  does not add unexpected metacharacters.
+              %s     This is replaced  by  the  input  key.   SQL
+                     quoting  is used to make sure that the input
+                     key does not add unexpected  metacharacters.
 
               %u     When the input key is an address of the form
                      user@domain,  %u  is  replaced  by  the  SQL
-                     quoted local part of  the  address.   Other-
-                     wise,  %u  is  replaced by the entire search
-                     string.  If  the  localpart  is  empty,  the
-                     query  is suppressed and returns no results.
+                     quoted  local  part  of the address.  Other-
+                     wise, %u is replaced by  the  entire  search
+                     string.   If  the  localpart  is  empty, the
+                     query is suppressed and returns no  results.
 
               %d     When the input key is an address of the form
                      user@domain,  %d  is  replaced  by  the  SQL
-                     quoted domain part of the  address.   Other-
+                     quoted  domain  part of the address.  Other-
                      wise, the query is suppressed and returns no
                      results.
 
               %[SUD] The  upper-case  equivalents  of  the  above
-                     expansions  behave  in  the  query parameter
+                     expansions behave  in  the  query  parameter
                      identically  to  their  lower-case  counter-
                      parts.   With  the  result_format  parameter
                      (see  below),  they  expand  the  input  key
                      rather than the result value.
 
-                     The  above  %S,  %U  and  %D  expansions are
+                     The above  %S,  %U  and  %D  expansions  are
                      available with Postfix 2.2 and later
 
-              %[1-9] The patterns %1, %2, ... %9 are replaced  by
+              %[1-9] The  patterns %1, %2, ... %9 are replaced by
                      the corresponding most significant component
-                     of the input key's domain. If the input  key
+                     of  the input key's domain. If the input key
                      is user@mail.example.com, then %1 is com, %2
-                     is example and %3 is mail. If the input  key
+                     is  example and %3 is mail. If the input key
                      is  unqualified  or  does  not  have  enough
-                     domain components to satisfy all the  speci-
-                     fied  patterns,  the query is suppressed and
+                     domain  components to satisfy all the speci-
+                     fied patterns, the query is  suppressed  and
                      returns no results.
 
-                     The above %1, ... %9 expansions  are  avail-
+                     The  above  %1, ... %9 expansions are avail-
                      able with Postfix 2.2 and later
 
-              The  domain  parameter  described  below limits the
-              input keys to addresses in matching  domains.  When
-              the  domain parameter is non-empty, SQL queries for
-              unqualified addresses or addresses in  non-matching
+              The domain parameter  described  below  limits  the
+              input  keys  to addresses in matching domains. When
+              the domain parameter is non-empty, SQL queries  for
+              unqualified  addresses or addresses in non-matching
               domains are suppressed and return no results.
 
-              The  precedence  of this parameter has changed with
-              Postfix 2.2, in prior releases the precedence  was,
-              from  highest  to  lowest,  select_function, query,
+              The precedence of this parameter has  changed  with
+              Postfix  2.2, in prior releases the precedence was,
+              from highest  to  lowest,  select_function,  query,
               select_field, ...
 
-              With Postfix 2.2 the query  parameter  has  highest
+              With  Postfix  2.2  the query parameter has highest
               precedence, see COMPATIBILITY above.
 
               NOTE: DO NOT put quotes around the query parameter.
 
        result_format (default: %s)
-              Format template applied to result attributes.  Most
-              commonly  used  to  append (or prepend) text to the
-              result. This parameter supports the  following  '%'
+              Format  template applied to result attributes. Most
+              commonly used to append (or prepend)  text  to  the
+              result.  This  parameter supports the following '%'
               expansions:
 
               %%     This is replaced by a literal '%' character.
 
-              %s     This is replaced by the value of the  result
-                     attribute.   When  result  is  empty  it  is
+              %s     This  is replaced by the value of the result
+                     attribute.  When  result  is  empty  it   is
                      skipped.
 
-              %u     When  the  result  attribute  value  is   an
+              %u     When   the  result  attribute  value  is  an
                      address  of  the  form  user@domain,  %u  is
-                     replaced by the local part of  the  address.
+                     replaced  by  the local part of the address.
                      When the result has an empty localpart it is
                      skipped.
 
-              %d     When a result attribute value is an  address
-                     of  the  form user@domain, %d is replaced by
+              %d     When  a result attribute value is an address
+                     of the form user@domain, %d is  replaced  by
                      the domain part of the attribute value. When
                      the result is unqualified it is skipped.
 
               %[SUD1-9]
-                     The  upper-case and decimal digit expansions
+                     The upper-case and decimal digit  expansions
                      interpolate  the  parts  of  the  input  key
-                     rather  than  the  result. Their behavior is
-                     identical to that described with query,  and
-                     in  fact  because  the input key is known in
-                     advance, queries whose key does not  contain
-                     all  the information specified in the result
-                     template  are  suppressed  and   return   no
+                     rather than the result.  Their  behavior  is
+                     identical  to that described with query, and
+                     in fact because the input key  is  known  in
+                     advance,  queries whose key does not contain
+                     all the information specified in the  result
+                     template   are   suppressed  and  return  no
                      results.
 
               For  example,  using  "result_format  =  smtp:[%s]"
               allows one to use a mailHost attribute as the basis
-              of  a transport(5) table. After applying the result
-              format, multiple values are concatenated  as  comma
-              separated  strings. The expansion_limit and parame-
+              of a transport(5) table. After applying the  result
+              format,  multiple  values are concatenated as comma
+              separated strings. The expansion_limit and  parame-
               ter explained below allows one to restrict the num-
-              ber  of  values  in the result, which is especially
+              ber of values in the result,  which  is  especially
               useful for maps that must return at most one value.
 
-              The  default  value  %s  specifies that each result
+              The default value %s  specifies  that  each  result
               value should be used as is.
 
-              This parameter is available with  Postfix  2.2  and
+              This  parameter  is  available with Postfix 2.2 and
               later.
 
               NOTE: DO NOT put quotes around the result format!
 
        domain (default: no domain list)
-              This  is a list of domain names, paths to files, or
-              dictionaries. When specified, only fully  qualified
-              search  keys  with  a  *non-empty*  localpart and a
-              matching domain are  eligible  for  lookup:  'user'
-              lookups,  bare domain lookups and "@domain" lookups
-              are not performed. This  can  significantly  reduce
+              This is a list of domain names, paths to files,  or
+              dictionaries.  When specified, only fully qualified
+              search keys with  a  *non-empty*  localpart  and  a
+              matching  domain  are  eligible  for lookup: 'user'
+              lookups, bare domain lookups and "@domain"  lookups
+              are  not  performed.  This can significantly reduce
               the query load on the PostgreSQL server.
-                  domain = postfix.org, hash:/etc/postfix/search-
-              domains
+                  domain = postfix.org, hash:/etc/postfix/searchdomains
 
               It is best not to use SQL to store the domains eli-
               gible for SQL lookups.
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html
index 6eff2edd0..a6abe8188 100644
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@@ -278,8 +278,8 @@ PIPE(8)                                                                PIPE(8)
 
               ${sasl_sender}
                      This macro expands to the SASL  sender  name
-                     (i.e.  the  original  submitter  as  per RFC
-                     2554) used during the reception of the  mes-
+                     (i.e.  the  original  submitter  as  per RFC
+                     2554) used during the reception of the  mes-
                      sage.
 
                      This  is available in Postfix 2.2 and later.
diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html
index 8f43bb49d..44c6e6e46 100644
--- a/postfix/html/postsuper.1.html
+++ b/postfix/html/postsuper.1.html
@@ -45,157 +45,156 @@ POSTSUPER(1)                                                      POSTSUPER(1)
               delete  all  mail  with   exactly   one   recipient
               user@example.com:
 
-              mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS
-              = "" }
+              mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" }
                   # $7=sender, $8=recipient1, $9=recipient2
                   { if ($8 == "user@example.com" && $9 == "")
                         print $1 }
               ' | tr -d '*!' | postsuper -d -
 
-              Specify "-d ALL" to remove all messages; for  exam-
-              ple,  specify  "-d ALL deferred" to delete all mail
-              in the deferred queue.  As a  safety  measure,  the
+              Specify  "-d ALL" to remove all messages; for exam-
+              ple, specify "-d ALL deferred" to delete  all  mail
+              in  the  deferred  queue.  As a safety measure, the
               word ALL must be specified in upper case.
 
-              Warning:  Postfix queue IDs are reused.  There is a
-              very small possibility that postsuper  deletes  the
-              wrong  message  file  when it is executed while the
+              Warning: Postfix queue IDs are reused.  There is  a
+              very  small  possibility that postsuper deletes the
+              wrong message file when it is  executed  while  the
               Postfix mail system is delivering mail.
 
               The scenario is as follows:
 
-              1)     The Postfix queue manager deletes  the  mes-
-                     sage  that  postsuper(1) is asked to delete,
+              1)     The  Postfix  queue manager deletes the mes-
+                     sage that postsuper(1) is asked  to  delete,
                      because Postfix is finished with the message
-                     (it  is  delivered, or it is returned to the
+                     (it is delivered, or it is returned  to  the
                      sender).
 
-              2)     New mail arrives, and  the  new  message  is
-                     given  the same queue ID as the message that
-                     postsuper(1) is  supposed  to  delete.   The
-                     probability  for  reusing a deleted queue ID
+              2)     New  mail  arrives,  and  the new message is
+                     given the same queue ID as the message  that
+                     postsuper(1)  is  supposed  to  delete.  The
+                     probability for reusing a deleted  queue  ID
                      is about 1 in 2**15 (the number of different
                      microsecond values that the system clock can
                      distinguish within a second).
 
-              3)     postsuper(1)  deletes   the   new   message,
-                     instead  of  the  old message that it should
+              3)     postsuper(1)   deletes   the   new  message,
+                     instead of the old message  that  it  should
                      have deleted.
 
        -h queue_id
-              Put mail "on hold" so that no attempt  is  made  to
-              deliver  it.  Move one message with the named queue
+              Put  mail  "on  hold" so that no attempt is made to
+              deliver it.  Move one message with the named  queue
               ID from the named mail queue(s) (default: incoming,
               active and deferred) to the hold queue.
 
-              If  a queue_id of - is specified, the program reads
+              If a queue_id of - is specified, the program  reads
               queue IDs from standard input.
 
               Specify "-h ALL" to hold all messages; for example,
-              specify  "-h  ALL deferred" to hold all mail in the
-              deferred queue.  As a safety measure, the word  ALL
+              specify "-h ALL deferred" to hold all mail  in  the
+              deferred  queue.  As a safety measure, the word ALL
               must be specified in upper case.
 
-              Note:  while  mail  is "on hold" it will not expire
-              when its  time  in  the  queue  exceeds  the  maxi-
+              Note: while mail is "on hold" it  will  not  expire
+              when  its  time  in  the  queue  exceeds  the maxi-
               mal_queue_lifetime  or  bounce_queue_lifetime  set-
-              ting. It becomes subject to expiration after it  is
+              ting.  It becomes subject to expiration after it is
               released from "hold".
 
        -H queue_id
               Release mail that was put "on hold".  Move one mes-
-              sage with the named queue ID from  the  named  mail
+              sage  with  the  named queue ID from the named mail
               queue(s) (default: hold) to the deferred queue.
 
-              If  a queue_id of - is specified, the program reads
+              If a queue_id of - is specified, the program  reads
               queue IDs from standard input.
 
-              Note: specify "postsuper -r" to release  mail  that
-              was  kept  on  hold  for  a significant fraction of
-              $maximal_queue_lifetime or  $bounce_queue_lifetime,
+              Note:  specify  "postsuper -r" to release mail that
+              was kept on hold  for  a  significant  fraction  of
+              $maximal_queue_lifetime  or $bounce_queue_lifetime,
               or longer.
 
-              Specify  "-H  ALL"  to release all mail that is "on
-              hold".  As a safety measure, the word ALL  must  be
+              Specify "-H ALL" to release all mail  that  is  "on
+              hold".   As  a safety measure, the word ALL must be
               specified in upper case.
 
-       -p     Purge  old temporary files that are left over after
+       -p     Purge old temporary files that are left over  after
               system or software crashes.
 
        -r queue_id
-              Requeue the message with the named  queue  ID  from
-              the  named  mail queue(s) (default: hold, incoming,
-              active and deferred).   To  requeue  multiple  mes-
+              Requeue  the  message  with the named queue ID from
+              the named mail queue(s) (default:  hold,  incoming,
+              active  and  deferred).   To  requeue multiple mes-
               sages, specify multiple -r command-line options.
 
               Alternatively, if a queue_id of - is specified, the
               program reads queue IDs from standard input.
 
-              Specify "-r ALL" to  requeue  all  messages.  As  a
-              safety  measure,  the word ALL must be specified in
+              Specify  "-r  ALL"  to  requeue  all messages. As a
+              safety measure, the word ALL must be  specified  in
               upper case.
 
-              A requeued message is moved to the maildrop  queue,
-              from  where  it  is  copied  by  the  pickup(8) and
-              cleanup(8) daemons to a new  queue  file.  In  many
-              respects  its  handling  differs from that of a new
+              A  requeued message is moved to the maildrop queue,
+              from where  it  is  copied  by  the  pickup(8)  and
+              cleanup(8)  daemons  to  a  new queue file. In many
+              respects its handling differs from that  of  a  new
               local submission.
 
-              o      The  message  is  not   subjected   to   the
+              o      The   message   is   not  subjected  to  the
                      smtpd_milters or non_smtpd_milters settings.
-                     When mail has  passed  through  an  external
+                     When  mail  has  passed  through an external
                      content filter, this would produce incorrect
                      results with Milter applications that depend
-                     on  original  SMTP connection state informa-
+                     on original SMTP connection  state  informa-
                      tion.
 
               o      The  message  is  subjected  again  to  mail
                      address rewriting and substitution.  This is
-                     useful when rewriting rules or virtual  map-
+                     useful  when rewriting rules or virtual map-
                      pings have changed.
 
                      The  address  rewriting  context  (local  or
-                     remote) is the same as when the message  was
+                     remote)  is the same as when the message was
                      received.
 
-              o      The  message  is  subjected to the same con-
-                     tent_filter settings (if any)  as  used  for
-                     new  local mail submissions.  This is useful
+              o      The message is subjected to  the  same  con-
+                     tent_filter  settings  (if  any) as used for
+                     new local mail submissions.  This is  useful
                      when content_filter settings have changed.
 
-              Warning: Postfix queue IDs are reused.  There is  a
-              very  small  possibility that postsuper(1) requeues
-              the wrong message file when it  is  executed  while
-              the  Postfix  mail  system  is running, but no harm
+              Warning:  Postfix queue IDs are reused.  There is a
+              very small possibility that  postsuper(1)  requeues
+              the  wrong  message  file when it is executed while
+              the Postfix mail system is  running,  but  no  harm
               should be done.
 
-       -s     Structure check and structure repair.  This  should
+       -s     Structure  check and structure repair.  This should
               be done once before Postfix startup.
 
-              o      Rename  files  whose name does not match the
+              o      Rename files whose name does not  match  the
                      message file inode number. This operation is
-                     necessary  after restoring a mail queue from
+                     necessary after restoring a mail queue  from
                      a different machine, or from backup media.
 
               o      Move queue files that are in the wrong place
                      in the file system hierarchy and remove sub-
                      directories that are no longer needed.  File
-                     position  rearrangements are necessary after
+                     position rearrangements are necessary  after
                      a  change  in  the  hash_queue_names  and/or
                      hash_queue_depth configuration parameters.
 
        -v     Enable verbose logging for debugging purposes. Mul-
-              tiple -v options  make  the  software  increasingly
+              tiple  -v  options  make  the software increasingly
               verbose.
 
 DIAGNOSTICS
-       Problems  are reported to the standard error stream and to
+       Problems are reported to the standard error stream and  to
        syslogd(8).
 
-       postsuper(1) reports the number of messages  deleted  with
-       -d,  the number of messages requeued with -r, and the num-
-       ber of messages whose queue file name was fixed  with  -s.
-       The  report is written to the standard error stream and to
+       postsuper(1)  reports  the number of messages deleted with
+       -d, the number of messages requeued with -r, and the  num-
+       ber  of  messages whose queue file name was fixed with -s.
+       The report is written to the standard error stream and  to
        syslogd(8).
 
 ENVIRONMENT
@@ -203,37 +202,37 @@ POSTSUPER(1)                                                      POSTSUPER(1)
               Directory with the main.cf file.
 
 BUGS
-       Mail that is not sanitized by Postfix (i.e.  mail  in  the
+       Mail  that  is  not sanitized by Postfix (i.e. mail in the
        maildrop queue) cannot be placed "on hold".
 
 CONFIGURATION PARAMETERS
-       The  following  main.cf parameters are especially relevant
+       The following main.cf parameters are  especially  relevant
        to this program.  The text below provides only a parameter
-       summary.  See postconf(5) for more details including exam-
+       summary. See postconf(5) for more details including  exam-
        ples.
 
        config_directory (see 'postconf -d' output)
-              The default location of  the  Postfix  main.cf  and
+              The  default  location  of  the Postfix main.cf and
               master.cf configuration files.
 
        hash_queue_depth (1)
-              The  number of subdirectory levels for queue direc-
-              tories listed with the hash_queue_names  parameter.
+              The number of subdirectory levels for queue  direc-
+              tories  listed with the hash_queue_names parameter.
 
        hash_queue_names (deferred, defer)
-              The  names  of  queue  directories  that  are split
+              The names  of  queue  directories  that  are  split
               across multiple subdirectory levels.
 
        queue_directory (see 'postconf -d' output)
-              The location of the Postfix top-level queue  direc-
+              The  location of the Postfix top-level queue direc-
               tory.
 
        syslog_facility (mail)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 SEE ALSO
@@ -241,7 +240,7 @@ POSTSUPER(1)                                                      POSTSUPER(1)
        postqueue(1), unprivileged queue operations
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/regexp_table.5.html b/postfix/html/regexp_table.5.html
index 53eb26746..ac0646f7a 100644
--- a/postfix/html/regexp_table.5.html
+++ b/postfix/html/regexp_table.5.html
@@ -16,8 +16,8 @@ REGEXP_TABLE(5)                                                REGEXP_TABLE(5)
 
 DESCRIPTION
        The Postfix mail system uses optional tables  for  address
-       rewriting or mail routing. These tables are usually in dbm
-       or db format.
+       rewriting,  mail  routing, or access control. These tables
+       are usually in dbm or db format.
 
        Alternatively, lookup tables can  be  specified  in  POSIX
        regular  expression form. In this case, each input is com-
diff --git a/postfix/html/relocated.5.html b/postfix/html/relocated.5.html
index d31e1628c..b8d60e802 100644
--- a/postfix/html/relocated.5.html
+++ b/postfix/html/relocated.5.html
@@ -47,7 +47,9 @@ RELOCATED(5)                                                      RELOCATED(5)
        The input format for the postmap(1) command is as follows:
 
        o      An entry has one of the following form:
+
                    pattern      new_location
+
               Where  new_location  specifies  contact information
               such as an  email  address,  or  perhaps  a  street
               address or telephone number.
diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html
index a2a225f3b..eaba04653 100644
--- a/postfix/html/transport.5.html
+++ b/postfix/html/transport.5.html
@@ -19,8 +19,10 @@ TRANSPORT(5)                                                      TRANSPORT(5)
 DESCRIPTION
        The  optional  transport(5) table specifies a mapping from
        email addresses to message delivery transports  and  next-
-       hop hosts. The table is searched by the trivial-rewrite(8)
-       daemon.
+       hop  destinations.   Message  delivery  transports such as
+       local or smtp are defined in the master.cf file, and next-
+       hop  destinations are typically hosts or domain names. The
+       table is searched by the trivial-rewrite(8) daemon.
 
        This  mapping  overrides  the  default   transport:nexthop
        selection that is built into Postfix:
@@ -172,7 +174,7 @@ TRANSPORT(5)                                                      TRANSPORT(5)
 
             my.domain    :
             .my.domain   :
-            *         smtp:outbound-relay.my.domain
+            *            smtp:outbound-relay.my.domain
 
        In  order  to send mail for example.com and its subdomains
        via the uucp transport to the UUCP host named example:
@@ -213,30 +215,30 @@ TRANSPORT(5)                                                      TRANSPORT(5)
 
        The error mailer can be used to bounce mail:
 
-            .example.com     error:mail for *.example.com is  not
-       deliverable
+            .example.com     error:mail for *.example.com is not deliverable
 
-       This  causes  all mail for user@anything.example.com to be
+       This causes all mail for user@anything.example.com  to  be
        bounced.
 
 REGULAR EXPRESSION TABLES
-       This section describes how the table lookups  change  when
+       This  section  describes how the table lookups change when
        the table is given in the form of regular expressions. For
-       a description of regular expression lookup  table  syntax,
+       a  description  of regular expression lookup table syntax,
        see regexp_table(5) or pcre_table(5).
 
-       Each  pattern  is  a regular expression that is applied to
-       the   entire    address    being    looked    up.    Thus,
-       some.domain.hierarchy  is  not  looked  up  via its parent
-       domains, nor is user+foo@domain looked up as  user@domain.
+       Each pattern is a regular expression that  is  applied  to
+       the    entire    address    being    looked    up.   Thus,
+       some.domain.hierarchy is not  looked  up  via  its  parent
+       domains,  nor is user+foo@domain looked up as user@domain.
 
-       Patterns  are applied in the order as specified in the ta-
-       ble, until a pattern is  found  that  matches  the  search
+       Patterns are applied in the order as specified in the  ta-
+       ble,  until  a  pattern  is  found that matches the search
        string.
 
-       Results  are  the  same as with indexed file lookups, with
-       the additional feature that parenthesized substrings  from
-       the pattern can be interpolated as $1, $2 and so on.
+       The trivial-rewrite(8) server disallows regular expression
+       substitution  of  $1  etc.  in  regular  expression lookup
+       tables, because that could open a security  hole  (Postfix
+       version 2.3 and later).
 
 TCP-BASED TABLES
        This  section  describes how the table lookups change when
diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html
index 06450986b..c92826c65 100644
--- a/postfix/html/virtual.5.html
+++ b/postfix/html/virtual.5.html
@@ -113,8 +113,10 @@ VIRTUAL(5)                                                          VIRTUAL(5)
               Postfix SMTP server accepts mail for any  recipient
               in  domain,  regardless  of  whether that recipient
               exists.  This may turn  your  mail  system  into  a
-              backscatter  source that returns undeliverable spam
-              to innocent people.
+              backscatter  source: Postfix first accepts mail for
+              non-existent recipients and then  tries  to  return
+              that  mail  as  "undeliverable" to the often forged
+              sender address.
 
 RESULT ADDRESS REWRITING
        The lookup result is subject to address rewriting:
@@ -162,15 +164,15 @@ VIRTUAL(5)                                                          VIRTUAL(5)
        /etc/postfix/main.cf:
            virtual_alias_maps = hash:/etc/postfix/virtual
 
-           Note:  some systems use dbm databases instead of hash.
-           See the output from "postconf -m" for available  data-
-           base types.
+       Note: some systems use dbm databases instead of hash.  See
+       the output  from  "postconf  -m"  for  available  database
+       types.
 
        /etc/postfix/virtual:
-           virtual-alias.domain anything (right-hand content does not matter)
-           postmaster@virtual-alias.domain      postmaster
-           user1@virtual-alias.domain   address1
-           user2@virtual-alias.domain   address2, address3
+           virtual-alias.domain     anything (right-hand content does not matter)
+           postmaster@virtual-alias.domain  postmaster
+           user1@virtual-alias.domain       address1
+           user2@virtual-alias.domain       address2, address3
 
        The  virtual-alias.domain anything entry is required for a
        virtual alias domain. Without this entry, mail is rejected
diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1
index c5ef94de9..cdc323138 100644
--- a/postfix/man/man1/postmap.1
+++ b/postfix/man/man1/postmap.1
@@ -19,8 +19,9 @@ The \fBpostmap\fR(1) command creates or queries one or more Postfix
 lookup tables, or updates an existing one. The input and output
 file formats are expected to be compatible with:
 
-.ti +4
-\fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
+.nf
+    \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
+.fi
 
 If the result files do not exist they will be created with the
 same group and other read permissions as their source file.
@@ -38,8 +39,9 @@ The format of a lookup table input file is as follows:
 .IP \(bu
 A table entry has the form
 .sp
-.ti +5
-\fIkey\fR whitespace \fIvalue\fR
+.nf
+     \fIkey\fR whitespace \fIvalue\fR
+.fi
 .IP \(bu
 Empty lines and whitespace-only lines are ignored, as
 are lines whose first non-whitespace character is a `#'.
diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1
index a6800a474..2564d60d8 100644
--- a/postfix/man/man1/postsuper.1
+++ b/postfix/man/man1/postsuper.1
@@ -42,15 +42,13 @@ If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
 queue IDs from standard input. For example, to delete all mail
 with exactly one recipient \fBuser@example.com\fR:
 .sp
+.nf
 mailq | tail +2 | grep -v '^ *(' | awk  \'BEGIN { RS = "" }
-.ti +4
-# $7=sender, $8=recipient1, $9=recipient2
-.ti +4
-{ if ($8 == "user@example.com" && $9 == "")
-.ti +10
-print $1 }
-.br
+    # $7=sender, $8=recipient1, $9=recipient2
+    { if ($8 == "user@example.com" && $9 == "")
+          print $1 }
 \' | tr -d '*!' | postsuper -d -
+.fi
 .sp
 Specify "\fB-d ALL\fR" to remove all messages; for example, specify
 "\fB-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue.
diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5
index 6db6bf701..63485b9f5 100644
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@@ -365,20 +365,17 @@ tables, some systems use \fBdbm\fR.  Use the command
 "\fBpostconf -m\fR" to find out what lookup tables Postfix
 supports on your system.
 
-.na
 .nf
+.na
 /etc/postfix/main.cf:
-.in +4
-smtpd_client_restrictions =
-.in +4
-check_client_access hash:/etc/postfix/access
+    smtpd_client_restrictions =
+        check_client_access hash:/etc/postfix/access
 
-.in -8
 /etc/postfix/access:
-.in +4
-1.2.3   REJECT
-1.2.3.4 OK
-.in -4
+    1.2.3   REJECT
+    1.2.3.4 OK
+.fi
+.ad
 
 Execute the command "\fBpostmap /etc/postfix/access\fR" after
 editing the file.
diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5
index 05ca24b90..5ad9928f4 100644
--- a/postfix/man/man5/aliases.5
+++ b/postfix/man/man5/aliases.5
@@ -37,8 +37,9 @@ The format of the alias database input file is as follows:
 .IP \(bu
 An alias definition has the form
 .sp
-.ti +5
-\fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR
+.nf
+     \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR
+.fi
 .IP \(bu
 Empty lines and whitespace-only lines are ignored, as
 are lines whose first non-whitespace character is a `#'.
diff --git a/postfix/man/man5/bounce.5 b/postfix/man/man5/bounce.5
index 25bbfda41..a2a2a9dd9 100644
--- a/postfix/man/man5/bounce.5
+++ b/postfix/man/man5/bounce.5
@@ -40,8 +40,9 @@ edit the temporary file.
 To preview the results of $\fIname\fR expansions in the
 template text, use the command
 
-.ti +4
-\fBpostconf -b\fR \fItemporary_file\fR
+.nf
+    \fBpostconf -b\fR \fItemporary_file\fR
+.fi
 
 Errors in the template will be reported to the standard
 error stream and to the syslog daemon.
@@ -54,9 +55,10 @@ Once the result is satisfactory, copy the template to the
 Postfix configuration directory and specify in main.cf
 something like:
 
+.nf
 /etc/postfix/main.cf:
-.ti +4
     bounce_template_file = /etc/postfix/bounce.cf
+.fi
 .SH "TEMPLATE FILE FORMAT"
 .na
 .nf
@@ -76,32 +78,27 @@ only. You can change the word EOF, but you can't enclose
 it in quotes as with the shell or with Perl (\fItemplate_name\fB
 = <<'EOF'\fR). Here is an example:
 
-.in +4
 .nf
-.na
-# The failure template is used for undeliverable mail.
+    # The failure template is used for undeliverable mail.
 
-failure_template = <$/
-.ti +8
-REJECT IFRAME vulnerability exploit
+    /^