From a2da6db108a0f70cb500cc8f655330adaf696a74 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 9 May 2005 00:00:00 -0500
Subject: [PATCH] postfix-2.1.6

---
 postfix/HISTORY                         | 73 +++++++++++++++++++++++++
 postfix/README_FILES/SMTPD_PROXY_README | 12 ++--
 postfix/RELEASE_NOTES                   |  5 ++
 postfix/auxiliary/qshape/qshape.pl      | 13 +++--
 postfix/conf/post-install               |  7 ++-
 postfix/html/SMTPD_PROXY_README.html    |  7 ++-
 postfix/html/cleanup.8.html             |  6 +-
 postfix/html/local.8.html               |  6 +-
 postfix/html/postconf.5.html            |  7 ++-
 postfix/html/qshape.1.html              | 14 ++---
 postfix/man/man1/qshape.1               | 10 ++--
 postfix/man/man5/postconf.5             | 19 ++++---
 postfix/man/man8/cleanup.8              |  2 +-
 postfix/man/man8/local.8                |  2 +-
 postfix/mantools/postconf2man           |  2 +
 postfix/proto/SMTPD_PROXY_README.html   |  7 ++-
 postfix/proto/postconf.proto            |  7 ++-
 postfix/src/bounce/bounce_notify_util.c |  2 +-
 postfix/src/cleanup/cleanup.c           |  6 +-
 postfix/src/global/mail_version.h       |  4 +-
 postfix/src/lmtp/lmtp_chat.c            |  8 ++-
 postfix/src/lmtp/lmtp_sasl_glue.c       |  2 +-
 postfix/src/lmtp/lmtp_trouble.c         |  2 +
 postfix/src/local/local.c               |  4 +-
 postfix/src/postdrop/postdrop.c         | 23 ++++----
 postfix/src/sendmail/sendmail.c         | 21 ++++++-
 postfix/src/smtp/smtp_chat.c            |  8 ++-
 postfix/src/smtp/smtp_sasl_glue.c       |  2 +-
 postfix/src/smtp/smtp_trouble.c         |  3 +
 postfix/src/smtpd/smtpd_sasl_glue.c     |  2 +-
 postfix/src/virtual/virtual.c           |  2 +-
 31 files changed, 204 insertions(+), 84 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 2b87ee8c9..365a412d8 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -9452,3 +9452,76 @@ Apologies for any names omitted.
 	Bugfix (introduced 20020803): sent the wrong bounce message
 	type when a Delivered-To: loop was detected for a mailing
 	list alias.  Nicolas Riendeau. File: bounce_notify_util.c.
+
+20041006
+
+	Bugfix: "sendmail -bv" did not reject the -t option.  File:
+	sendmail/sendmail.c
+
+20041228
+
+	Bugfix: SMTPD_PROXY_README incorrectly claimed that ":port"
+	in master.cf causes a server to listen only on "localhost"
+	without exposing the service to the network.  Instead,
+	":port" causes a client to connect to "localhost".
+
+
+20050131
+
+	Bugfix: when extracting recipients from message headers,
+	the Postfix sendmail command produced output records longer
+	than $line_length_limit, causing postdrop to reject the
+	mail. Diagnosis by Victor Duchovni. File:  sendmail/sendmail.c.
+
+20050208
+
+	Sanity check: don't allow unlimited message size with limited
+	mailbox size. File: local/local.c, virtual/virtual.c.
+
+20050215
+
+	Bugfix: don't chmod queue files while running "postfix
+	set-permissions". This prevents mail from being labeled as
+	"corrupt" when a live Postfix system is upgraded.  Found
+	by Victor Duchovni.  File: conf/post-install.
+
+20050227
+
+	Bugfix (bug introduced 20040331): with SIGHUP ignored, the
+	postdrop signal handler would effectively ignore SIGINT,
+	SIGQUIT and SIGTERM.  Simplified the overly-conservative
+	protection against nested signals in postdrop. File:
+	postdrop/postdrop.c.
+
+20050321
+
+	Robustness: don't look for SMTP status code when there was
+	none. File: smtp/smtp_chat.c, lmtp/lmtp_chat.c.
+
+20050327
+
+	Bugfix: the SMTP and LMTP clients did not ask the queue
+	manager to reduce destination concurrency when "lost
+	connection" or "connection timed out" happened AFTER Postfix
+	received the server greeting. Files: smtp/smtp_trouble.c,
+	lmtp/lmtp-trouble.c.
+
+20050407
+
+	@%^!#& Thanks to inadequate SASL documentation the client
+	could negotiate a security layer where none was desired.
+	Better documentation has become available since Postfix
+	SASL support was implemented, and now Postfix needs to be
+	fixed. Files: */*_sasl_glue.c.
+
+20050412
+
+	Bugfix: while updating the cleanup_flush() infrastructure
+	in the 2.3 development release, eliminated a portability
+	problem that was introduced when "REJECT text" support was
+	added. File: cleanup/cleanup.c.
+
+20050417
+
+	Safety: don't call syslog from a user-triggered signal
+	handler. File: postdrop/postdrop.c.
diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README
index 812569931..aa9bb8d4f 100644
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -111,7 +111,7 @@ This is configured by editing the master.cf file:
         # After-filter SMTP server. Receive mail from the content filter
         # on localhost port 10026.
         #
-        :10026    inet  n       -       n       -        -      smtpd
+        127.0.0.1:10026 inet n  -       n       -        -      smtpd
             -o smtpd_authorized_xforward_hosts=127.0.0.0/8
             -o smtpd_client_restrictions=
             -o smtpd_helo_restrictions=
@@ -145,9 +145,9 @@ master.cf file:
 
 The after-filter SMTP server is a new master.cf entry:
 
-  * The ":10026" makes the after-filter SMTP server listen on the localhost
-    address only, without exposing it to the network. NEVER expose the after-
-    filter SMTP server to the Internet :-)
+  * The "127.0.0.1:10026" makes the after-filter SMTP server listen on the
+    localhost address only, without exposing it to the network. NEVER expose
+    the after-filter SMTP server to the Internet :-)
 
   * The "-o smtpd_authorized_xforward_hosts=127.0.0.0/8" allows the after-
     filter SMTP server to receive remote SMTP client information from the
@@ -168,8 +168,8 @@ CCoonnffiigguurraattiioonn ppaarraammeetteerrss
 Parameters that control proxying:
 
   * smtpd_proxy_filter (syntax: host:port): The host and TCP port of the
-    before-queue content filter. When no host or host: is specified, localhost
-    is assumed.
+    before-queue content filter. When no host or host: is specified in client
+    context, localhost is assumed.
 
   * smtpd_proxy_timeout (default: 100s): Timeout for connecting to the before-
     queue content filter and for sending and receiving commands and data. All
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index d88b93e04..7226f4bee 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -67,6 +67,11 @@ The form user@[ipaddress] is still allowed.
 [Incompat 20031226] Bounce messages now have a separate queue life
 time.  This is controlled by the bounce_queue_lifetime parameter.
 
+[Incompat 20031019] The authorized_verp_clients parameter was
+renamed to smtpd_authorized_verp_clients, and the default value
+was changed to disable this feature. You now have to turn it on
+explicitly.
+
 Major changes - build environment
 ---------------------------------
 
diff --git a/postfix/auxiliary/qshape/qshape.pl b/postfix/auxiliary/qshape/qshape.pl
index 1f3e7552b..fc273dd64 100644
--- a/postfix/auxiliary/qshape/qshape.pl
+++ b/postfix/auxiliary/qshape/qshape.pl
@@ -28,7 +28,7 @@
 #	domain distribution.  By default the recipient distribution is
 #	displayed. There can be more recipients than messages, but as
 #	each message has only one sender, the sender distribution is a
-#	a message distribution.
+#	message distribution.
 # .IP \fB-p\fR
 #	Generate aggregate statistics for parent domains. Top level domains
 #	are not shown, nor are domains with fewer than \fImin_subdomains\fR
@@ -43,7 +43,7 @@
 #	or "buckets". Each bucket has a maximum queue age that is twice
 #	as large as that of the previous bucket. The last bucket has no
 #	age limit.
-# .IP "\fB-b \fIbucket_time\fR"
+# .IP "\fB-t \fIbucket_time\fR"
 #	The age limit in minutes for the first time bucket. The default
 #	value is 5, meaning that the first bucket counts messages between
 #	0 and 5 minutes old.
@@ -51,7 +51,7 @@
 #	The output is right justified, with the counts for the last
 #	bucket shown on the 80th column, the \fIterminal_width\fR can be
 #	adjusted for wider screens allowing more buckets to be displayed
-#	with truncating the domain names on the left. When a row for a
+#	without truncating the domain names on the left. When a row for a
 #	full domain name and its counters does not fit in the specified
 #	number of columns, only the last 17 bytes of the domain name
 #	are shown with the prefix replaced by a '+' character. Truncated
@@ -76,8 +76,8 @@
 #	absolute path for each queue subdirectory even if you want the
 #	default incoming and active queue distribution.
 # SEE ALSO
-#	mailq(1) List all messages in the queue.
-#	QSHAPE_README Examples and background material.
+#	mailq(1), List all messages in the queue.
+#	QSHAPE_README, Examples and background material.
 # FILES
 #	$config_directory/main.cf, Postfix installation parameters.
 #	$queue_directory/maildrop/, local submission directory.
@@ -258,8 +258,9 @@ sub wanted {
 	    ++$q{"TOTAL"}->[0];
 	    ++$q{"TOTAL"}->[$b];
 	    $a = "MAILER-DAEMON" if ($a eq "");
-	    $a =~ s/.*\@\.*(.*[^.])?\.*$/$1/;
+	    $a =~ s/.*\@//;
 	    $a =~ s/\.\././g;
+	    $a =~ s/\.?(.+?)\.?$/$1/;
 	    my $new = 0;
 	    do {
 		my $old = (++$q{$a}->[0] > 1);
diff --git a/postfix/conf/post-install b/postfix/conf/post-install
index bedcdeac0..95310c0bf 100644
--- a/postfix/conf/post-install
+++ b/postfix/conf/post-install
@@ -473,7 +473,12 @@ test -n "$create" && {
 	test -n "$set_permission" && {
 	    chown $recursive $owner $path || exit 1
 	    test -z "$group" || chgrp $recursive $group $path || exit 1
-	    chmod $recursive $mode $path || exit 1
+	    if [ "$type" = "d" -a -n "$recursive" ]
+	    then
+		find $path -type d -exec chmod $mode "{}" ";"
+	    else
+		chmod $mode $path
+	    fi || exit 1
 	}
     done
     IFS="$BACKUP_IFS"
diff --git a/postfix/html/SMTPD_PROXY_README.html b/postfix/html/SMTPD_PROXY_README.html
index 3004232ee..8ee2c186f 100644
--- a/postfix/html/SMTPD_PROXY_README.html
+++ b/postfix/html/SMTPD_PROXY_README.html
@@ -240,7 +240,7 @@ PERL/SMTP content filtering framework. See:
     # After-filter SMTP server. Receive mail from the content filter
     # on localhost port 10026.
     #
-    :10026    inet  n       -       n       -        -      smtpd
+    127.0.0.1:10026 inet n  -       n       -        -      smtpd
         -o <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>=127.0.0.0/8
         -o <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>=
         -o <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>=
@@ -283,7 +283,8 @@ the top of the master.cf file: </p>
 
 <ul>
 
-    <li> <p> The ":10026" makes the after-filter SMTP server listen
+    <li> <p> The "127.0.0.1:10026" makes the after-filter SMTP
+    server listen
     on the localhost address only, without exposing it to the
     network.  NEVER expose the after-filter SMTP server to the
     Internet :-) </p>
@@ -314,7 +315,7 @@ can't control when the remote SMTP client times out. </p>
 
 <li> <p> <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (syntax: host:port): The host and TCP
 port of the before-queue content filter.  When no host or host:
-is specified, localhost is assumed. </p>
+is specified in client context, localhost is assumed. </p>
 
 <li> <p> <a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (default: 100s): Timeout for connecting
 to the before-queue content filter and for sending and receiving
diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html
index 859bdf32e..cfc6ce6e7 100644
--- a/postfix/html/cleanup.8.html
+++ b/postfix/html/cleanup.8.html
@@ -306,9 +306,9 @@ CLEANUP(8)                                             CLEANUP(8)
               The internet hostname of this mail system.
 
        <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
-              The  default  domain  name that locally-posted mail
-              appears to come from, and that locally posted  mail
-              is delivered to.
+              The domain name that locally-posted mail appears to
+              come from, and that locally posted mail  is  deliv-
+              ered to.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
               The  process ID of a Postfix command or daemon pro-
diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html
index 372100c39..2ad500ee0 100644
--- a/postfix/html/local.8.html
+++ b/postfix/html/local.8.html
@@ -288,9 +288,9 @@ LOCAL(8)                                                 LOCAL(8)
 
        <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
               Give special treatment to owner-listname and  list-
-              name-request  address localparts: don't don't split
-              such addresses when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is  set
-              to "-".
+              name-request  address  localparts: don't split such
+              addresses when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>  is  set  to
+              "-".
 
        <b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
               Obsolete SUN mailtool compatibility feature.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index a024125a1..162aae0b6 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -1843,7 +1843,8 @@ time keeping on System-V-ish systems.
 
 <p>
 Specify a list of names and/or name=value pairs, separated by
-whitespace or comma.
+whitespace or comma. The name=value form is supported with
+Postfix 2.1 and later.
 </p>
 
 <p>
@@ -3916,7 +3917,7 @@ Examples:
 
 <p>
 Give special treatment to owner-listname and listname-request
-address localparts: don't don't split such addresses when the
+address localparts: don't split such addresses when the
 <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to "-".  This feature is useful for
 mailing lists.
 </p>
@@ -7936,7 +7937,7 @@ open a security hole.
 <p> Optional lookup tables with a) names of domains for which all
 addresses are aliased to addresses in other local or remote domains,
 and b) addresses that are aliased to addresses in other local or
-remote domains.  Available before Postfix version 2.0. With Postfix 2.1
+remote domains.  Available before Postfix version 2.0. With Postfix 2.0
 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
 and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
 
diff --git a/postfix/html/qshape.1.html b/postfix/html/qshape.1.html
index 506a503b9..2e034c132 100644
--- a/postfix/html/qshape.1.html
+++ b/postfix/html/qshape.1.html
@@ -29,7 +29,7 @@ QSHAPE(1)                                               QSHAPE(1)
               the  recipient domain distribution.  By default the
               recipient distribution is displayed. There  can  be
               more  recipients than messages, but as each message
-              has only one sender, the sender distribution is a a
+              has only one sender, the sender distribution  is  a
               message distribution.
 
        <b>-p</b>     Generate  aggregate  statistics for parent domains.
@@ -51,7 +51,7 @@ QSHAPE(1)                                               QSHAPE(1)
               large  as  that  of  the  previous bucket. The last
               bucket has no age limit.
 
-       <b>-b</b> <i>bucket</i><b>_</b><i>time</i>
+       <b>-t</b> <i>bucket</i><b>_</b><i>time</i>
               The age limit in minutes for the first time bucket.
               The  default  value  is  5,  meaning that the first
               bucket counts messages between 0 and 5 minutes old.
@@ -60,9 +60,9 @@ QSHAPE(1)                                               QSHAPE(1)
               The  output is right justified, with the counts for
               the last bucket shown on the 80th column, the  <i>ter-</i>
               <i>minal</i><b>_</b><i>width</i>  can  be  adjusted  for  wider  screens
-              allowing more buckets to be displayed with truncat-
-              ing  the domain names on the left. When a row for a
-              full domain name and its counters does not  fit  in
+              allowing more buckets to be displayed without trun-
+              cating the domain names on the left. When a row for
+              a full domain name and its counters does not fit in
               the  specified  number of columns, only the last 17
               bytes of the domain name are shown with the  prefix
               replaced  by  a  '+'  character.  Truncated  parent
@@ -94,8 +94,8 @@ QSHAPE(1)                                               QSHAPE(1)
               <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queue</a> distribution.
 
 <b>SEE ALSO</b>
-       <a href="mailq.1.html">mailq(1)</a> List all messages in the queue.
-       <a href="QSHAPE_README.html">QSHAPE_README</a> Examples and background material.
+       <a href="mailq.1.html">mailq(1)</a>, List all messages in the queue.
+       <a href="QSHAPE_README.html">QSHAPE_README</a>, Examples and background material.
 
 <b>FILES</b>
        $<a href="postconf.5.html#config_directory">config_directory</a>/main.cf, Postfix installation parameters.
diff --git a/postfix/man/man1/qshape.1 b/postfix/man/man1/qshape.1
index 41505feb7..2d83191fa 100644
--- a/postfix/man/man1/qshape.1
+++ b/postfix/man/man1/qshape.1
@@ -29,7 +29,7 @@ Display the sender domain distribution instead of the recipient
 domain distribution.  By default the recipient distribution is
 displayed. There can be more recipients than messages, but as
 each message has only one sender, the sender distribution is a
-a message distribution.
+message distribution.
 .IP \fB-p\fR
 Generate aggregate statistics for parent domains. Top level domains
 are not shown, nor are domains with fewer than \fImin_subdomains\fR
@@ -44,7 +44,7 @@ increasing intervals. This option sets the number of intervals
 or "buckets". Each bucket has a maximum queue age that is twice
 as large as that of the previous bucket. The last bucket has no
 age limit.
-.IP "\fB-b \fIbucket_time\fR"
+.IP "\fB-t \fIbucket_time\fR"
 The age limit in minutes for the first time bucket. The default
 value is 5, meaning that the first bucket counts messages between
 0 and 5 minutes old.
@@ -52,7 +52,7 @@ value is 5, meaning that the first bucket counts messages between
 The output is right justified, with the counts for the last
 bucket shown on the 80th column, the \fIterminal_width\fR can be
 adjusted for wider screens allowing more buckets to be displayed
-with truncating the domain names on the left. When a row for a
+without truncating the domain names on the left. When a row for a
 full domain name and its counters does not fit in the specified
 number of columns, only the last 17 bytes of the domain name
 are shown with the prefix replaced by a '+' character. Truncated
@@ -79,8 +79,8 @@ default incoming and active queue distribution.
 .SH "SEE ALSO"
 .na
 .nf
-mailq(1) List all messages in the queue.
-QSHAPE_README Examples and background material.
+mailq(1), List all messages in the queue.
+QSHAPE_README, Examples and background material.
 .SH "FILES"
 .na
 .nf
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index e52a10813..d1a29d761 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -383,7 +383,7 @@ and changed the default to none.
 Specify a list of network/netmask patterns, separated by commas
 and/or whitespace. The mask specifies the number of bits in the
 network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
 below it),  "/file/name" or "type:table" patterns.  A "/file/name"
 pattern is replaced by its contents; a "type:table" lookup table
 is matched when a table entry matches a lookup string (the lookup
@@ -579,7 +579,7 @@ debug_peer_list = some.domain
 The external command to execute when a Postfix daemon program is
 invoked with the -D option.
 .PP
-Use "command .. &amp; sleep 5" so that the debugger can attach before
+Use "command .. & sleep 5" so that the debugger can attach before
 the process marches on. If you use an X-based debugger, be sure to
 set up your XAUTHORITY environment variable before starting Postfix.
 .PP
@@ -590,7 +590,7 @@ Example:
 .ft C
 debugger_command =
     PATH=/usr/bin:/usr/X11R6/bin
-    xxgdb $daemon_directory/$process_name $process_id &amp; sleep 5
+    xxgdb $daemon_directory/$process_name $process_id & sleep 5
 .fi
 .ad
 .ft R
@@ -931,7 +931,8 @@ to non-Postfix processes. The TZ variable is needed for sane
 time keeping on System-V-ish systems.
 .PP
 Specify a list of names and/or name=value pairs, separated by
-whitespace or comma.
+whitespace or comma. The name=value form is supported with
+Postfix 2.1 and later.
 .PP
 Example:
 .PP
@@ -2012,7 +2013,7 @@ notify_classes = 2bounce, resource, software
 .ft R
 .SH owner_request_special (default: yes)
 Give special treatment to owner-listname and listname-request
-address localparts: don't don't split such addresses when the
+address localparts: don't split such addresses when the
 recipient_delimiter is set to "-".  This feature is useful for
 mailing lists.
 .SH parent_domain_matches_subdomains (default: see "postconf -d" output)
@@ -2903,7 +2904,7 @@ is backwards compatible with Postfix 2.0.
 Specify a list of network/netmask patterns, separated by commas
 and/or whitespace. The mask specifies the number of bits in the
 network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
 below it),  "/file/name" or "type:table" patterns.  A "/file/name"
 pattern is replaced by its contents; a "type:table" lookup table
 is matched when a table entry matches a lookup string (the lookup
@@ -2923,7 +2924,7 @@ By default, no clients are allowed to specify XCLIENT.
 Specify a list of network/netmask patterns, separated by commas
 and/or whitespace. The mask specifies the number of bits in the
 network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
 below it),  "/file/name" or "type:table" patterns.  A "/file/name"
 pattern is replaced by its contents; a "type:table" lookup table
 is matched when a table entry matches a lookup string (the lookup
@@ -2942,7 +2943,7 @@ By default, no clients are allowed to specify XFORWARD.
 Specify a list of network/netmask patterns, separated by commas
 and/or whitespace. The mask specifies the number of bits in the
 network part of a host address. You can also specify hostnames or
-.domain names (the initial dot causes the domain to match any name
+\&.domain names (the initial dot causes the domain to match any name
 below it),  "/file/name" or "type:table" patterns.  A "/file/name"
 pattern is replaced by its contents; a "type:table" lookup table
 is matched when a table entry matches a lookup string (the lookup
@@ -4263,7 +4264,7 @@ open a security hole.
 Optional lookup tables with a) names of domains for which all
 addresses are aliased to addresses in other local or remote domains,
 and b) addresses that are aliased to addresses in other local or
-remote domains.  Available before Postfix version 2.0. With Postfix 2.1
+remote domains.  Available before Postfix version 2.0. With Postfix 2.0
 and later, this is replaced by separate controls: virtual_alias_domains
 and virtual_alias_maps.
 .SH virtual_minimum_uid (default: 100)
diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8
index dcbe38d16..22c64cf30 100644
--- a/postfix/man/man8/cleanup.8
+++ b/postfix/man/man8/cleanup.8
@@ -260,7 +260,7 @@ process terminates.
 .IP "\fBmyhostname (see 'postconf -d' output)\fR"
 The internet hostname of this mail system.
 .IP "\fBmyorigin ($myhostname)\fR"
-The default domain name that locally-posted mail appears to come
+The domain name that locally-posted mail appears to come
 from, and that locally posted mail is delivered to.
 .IP "\fBprocess_id (read-only)\fR"
 The process ID of a Postfix command or daemon process.
diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8
index 5e7c4c284..366c20d65 100644
--- a/postfix/man/man8/local.8
+++ b/postfix/man/man8/local.8
@@ -315,7 +315,7 @@ companion alias, set the envelope sender address to the expansion
 of the "owner-aliasname" alias.
 .IP "\fBowner_request_special (yes)\fR"
 Give special treatment to owner-listname and listname-request
-address localparts: don't don't split such addresses when the
+address localparts: don't split such addresses when the
 recipient_delimiter is set to "-".
 .IP "\fBsun_mailtool_compatibility (no)\fR"
 Obsolete SUN mailtool compatibility feature.
diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man
index 9d94c07d1..bd4fe7aae 100755
--- a/postfix/mantools/postconf2man
+++ b/postfix/mantools/postconf2man
@@ -31,6 +31,7 @@ while(<>) {
 	$block .= $_;
     } while(($_ = <>) && /\S/);
 
+    $block =~ s/\n\./\n\\\&./g;
     if ($block =~ /<H2>/) {
 	$block =~ s/<H2><a[^>]+>([^<]+)<\/a><\/H2>/\n.SH \1\n/g;
 	$block =~ tr/a-z/A-Z/;
@@ -68,6 +69,7 @@ while(<>) {
     $block =~ s/<br>\s*/\n.br\n/g;
     $block =~ s/&lt;/</g;
     $block =~ s/&gt;/>/g;
+    $block =~ s/&amp;/\&/g;
     $block =~ s/\s+\n/\n/g;
     $block =~ s/^\n//g;
     print $block;
diff --git a/postfix/proto/SMTPD_PROXY_README.html b/postfix/proto/SMTPD_PROXY_README.html
index a9b21ddea..7a39abe3e 100644
--- a/postfix/proto/SMTPD_PROXY_README.html
+++ b/postfix/proto/SMTPD_PROXY_README.html
@@ -240,7 +240,7 @@ http://bent.latency.net/smtpprox/. </p>
     # After-filter SMTP server. Receive mail from the content filter
     # on localhost port 10026.
     #
-    :10026    inet  n       -       n       -        -      smtpd
+    127.0.0.1:10026 inet n  -       n       -        -      smtpd
         -o smtpd_authorized_xforward_hosts=127.0.0.0/8
         -o smtpd_client_restrictions=
         -o smtpd_helo_restrictions=
@@ -283,7 +283,8 @@ the top of the master.cf file: </p>
 
 <ul>
 
-    <li> <p> The ":10026" makes the after-filter SMTP server listen
+    <li> <p> The "127.0.0.1:10026" makes the after-filter SMTP
+    server listen
     on the localhost address only, without exposing it to the
     network.  NEVER expose the after-filter SMTP server to the
     Internet :-) </p>
@@ -314,7 +315,7 @@ can't control when the remote SMTP client times out. </p>
 
 <li> <p> smtpd_proxy_filter (syntax: host:port): The host and TCP
 port of the before-queue content filter.  When no host or host:
-is specified, localhost is assumed. </p>
+is specified in client context, localhost is assumed. </p>
 
 <li> <p> smtpd_proxy_timeout (default: 100s): Timeout for connecting
 to the before-queue content filter and for sending and receiving
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index a5f542598..fa116fd69 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1096,7 +1096,8 @@ time keeping on System-V-ish systems.
 
 <p>
 Specify a list of names and/or name=value pairs, separated by
-whitespace or comma.
+whitespace or comma. The name=value form is supported with
+Postfix 2.1 and later.
 </p>
 
 <p>
@@ -5938,7 +5939,7 @@ or reject_non_fqdn_recipient restriction.
 
 <p>
 Give special treatment to owner-listname and listname-request
-address localparts: don't don't split such addresses when the
+address localparts: don't split such addresses when the
 recipient_delimiter is set to "-".  This feature is useful for
 mailing lists.
 </p>
@@ -6784,6 +6785,6 @@ parameter in the default main.cf file.  </p>
 <p> Optional lookup tables with a) names of domains for which all
 addresses are aliased to addresses in other local or remote domains,
 and b) addresses that are aliased to addresses in other local or
-remote domains.  Available before Postfix version 2.0. With Postfix 2.1
+remote domains.  Available before Postfix version 2.0. With Postfix 2.0
 and later, this is replaced by separate controls: virtual_alias_domains
 and virtual_alias_maps. </p>
diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c
index 205d2e453..c4138a388 100644
--- a/postfix/src/bounce/bounce_notify_util.c
+++ b/postfix/src/bounce/bounce_notify_util.c
@@ -460,7 +460,7 @@ int     bounce_boilerplate(VSTREAM *bounce, BOUNCE_INFO *bounce_info)
     post_mail_fputs(bounce, "");
     if (bounce_info->flush == BOUNCE_MSG_FAIL) {
 	post_mail_fputs(bounce,
-	       "I'm sorry to have to inform you that your message could not be");
+	       "I'm sorry to have to inform you that your message could not");
 	post_mail_fputs(bounce,
 	       "be delivered to one or more recipients. It's attached below.");
     } else if (bounce_info->flush == BOUNCE_MSG_WARN) {
diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c
index 2f6395a3d..720eb08cc 100644
--- a/postfix/src/cleanup/cleanup.c
+++ b/postfix/src/cleanup/cleanup.c
@@ -232,7 +232,7 @@
 /* .IP "\fBmyhostname (see 'postconf -d' output)\fR"
 /*	The internet hostname of this mail system.
 /* .IP "\fBmyorigin ($myhostname)\fR"
-/*	The default domain name that locally-posted mail appears to come
+/*	The domain name that locally-posted mail appears to come
 /*	from, and that locally posted mail is delivered to.
 /* .IP "\fBprocess_id (read-only)\fR"
 /*	The process ID of a Postfix command or daemon process.
@@ -322,6 +322,7 @@ static void cleanup_service(VSTREAM *src, char *unused_service, char **argv)
     CLEANUP_STATE *state;
     int     flags;
     int     type = 0;
+    int     status;
 
     /*
      * Sanity check. This service takes no command-line arguments.
@@ -387,8 +388,9 @@ static void cleanup_service(VSTREAM *src, char *unused_service, char **argv)
     /*
      * Finish this message, and report the result status to the client.
      */
+    status = cleanup_flush(state);		/* in case state is modified */
     attr_print(src, ATTR_FLAG_NONE,
-	       ATTR_TYPE_NUM, MAIL_ATTR_STATUS, cleanup_flush(state),
+	       ATTR_TYPE_NUM, MAIL_ATTR_STATUS, status,
 	       ATTR_TYPE_STR, MAIL_ATTR_WHY, state->reason ?
 	       state->reason : "",
 	       ATTR_TYPE_END);
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b0dae40d2..faaee24b7 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only.
   */
-#define MAIL_RELEASE_DATE	"20040915"
-#define MAIL_VERSION_NUMBER	"2.1.5"
+#define MAIL_RELEASE_DATE	"20050509"
+#define MAIL_VERSION_NUMBER	"2.1.6"
 
 #define VAR_MAIL_VERSION	"mail_version"
 #ifdef SNAPSHOT
diff --git a/postfix/src/lmtp/lmtp_chat.c b/postfix/src/lmtp/lmtp_chat.c
index 43379a753..b06377138 100644
--- a/postfix/src/lmtp/lmtp_chat.c
+++ b/postfix/src/lmtp/lmtp_chat.c
@@ -175,6 +175,7 @@ LMTP_RESP *lmtp_chat_resp(LMTP_STATE *state)
     static LMTP_RESP rdata;
     char   *cp;
     int     last_char;
+    int     three_digs = 0;
 
     /*
      * Initialize the response data buffer.
@@ -215,7 +216,7 @@ LMTP_RESP *lmtp_chat_resp(LMTP_STATE *state)
 	 */
 	for (cp = STR(state->buffer); *cp && ISDIGIT(*cp); cp++)
 	     /* void */ ;
-	if (cp - STR(state->buffer) == 3) {
+	if ((three_digs = (cp - STR(state->buffer) == 3)) != 0) {
 	    if (*cp == '-')
 		continue;
 	    if (*cp == ' ' || *cp == 0)
@@ -223,7 +224,10 @@ LMTP_RESP *lmtp_chat_resp(LMTP_STATE *state)
 	}
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
     }
-    rdata.code = atoi(STR(state->buffer));
+    if (three_digs != 0)
+	rdata.code = atoi(STR(state->buffer));
+    else
+	rdata.code = 0;
     VSTRING_TERMINATE(rdata.buf);
     rdata.str = STR(rdata.buf);
     return (&rdata);
diff --git a/postfix/src/lmtp/lmtp_sasl_glue.c b/postfix/src/lmtp/lmtp_sasl_glue.c
index 05bcc7d92..db11b12ad 100644
--- a/postfix/src/lmtp/lmtp_sasl_glue.c
+++ b/postfix/src/lmtp/lmtp_sasl_glue.c
@@ -377,7 +377,7 @@ void    lmtp_sasl_start(LMTP_STATE *state, const char *sasl_opts_name,
      */
     memset(&sec_props, 0L, sizeof(sec_props));
     sec_props.min_ssf = 0;
-    sec_props.max_ssf = 1;			/* don't allow real SASL
+    sec_props.max_ssf = 0;			/* don't allow real SASL
 						 * security layer */
     sec_props.security_flags = name_mask(sasl_opts_name, lmtp_sasl_sec_mask,
 					 sasl_opts_val);
diff --git a/postfix/src/lmtp/lmtp_trouble.c b/postfix/src/lmtp/lmtp_trouble.c
index 84ce001e1..b9d1ce500 100644
--- a/postfix/src/lmtp/lmtp_trouble.c
+++ b/postfix/src/lmtp/lmtp_trouble.c
@@ -313,6 +313,8 @@ int     lmtp_stream_except(LMTP_STATE *state, int code, char *description)
 				      request->arrival_time,
 				      "%s", vstring_str(why));
     }
+    if (request->hop_status == 0)
+	request->hop_status = mystrdup(vstring_str(why));
 
     /*
      * Cleanup.
diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c
index 445eb697a..6ba8427ec 100644
--- a/postfix/src/local/local.c
+++ b/postfix/src/local/local.c
@@ -285,7 +285,7 @@
 /*	of the "owner-aliasname" alias.
 /* .IP "\fBowner_request_special (yes)\fR"
 /*	Give special treatment to owner-listname and listname-request
-/*	address localparts: don't don't split such addresses when the
+/*	address localparts: don't split such addresses when the
 /*	recipient_delimiter is set to "-".
 /* .IP "\fBsun_mailtool_compatibility (no)\fR"
 /*	Obsolete SUN mailtool compatibility feature.
@@ -713,7 +713,7 @@ static void pre_init(char *unused_name, char **unused_argv)
      * file.
      */
     if (var_mailbox_limit) {
-	if (var_mailbox_limit < var_message_limit)
+	if (var_mailbox_limit < var_message_limit || var_message_limit == 0)
 	    msg_fatal("main.cf configuration error: %s is smaller than %s",
 		      VAR_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT);
 	set_file_limit(var_mailbox_limit);
diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c
index e5860102c..1567b384c 100644
--- a/postfix/src/postdrop/postdrop.c
+++ b/postfix/src/postdrop/postdrop.c
@@ -158,10 +158,7 @@ static void postdrop_cleanup(void)
      * This is the fatal error handler. Don't try to do anything fancy.
      */
     if (postdrop_path) {
-	if (remove(postdrop_path))
-	    msg_warn("uid=%ld: remove %s: %m", (long) getuid(), postdrop_path);
-	else if (msg_verbose)
-	    msg_info("remove %s", postdrop_path);
+	(void) remove(postdrop_path);
 	postdrop_path = 0;
     }
 }
@@ -174,12 +171,12 @@ static void postdrop_sig(int sig)
     /*
      * Assume atomic signal() updates, even when emulated with sigaction().
      */
-    if (signal(SIGHUP, SIG_IGN) != SIG_IGN
-	&& signal(SIGINT, SIG_IGN) != SIG_IGN
-	&& signal(SIGQUIT, SIG_IGN) != SIG_IGN
-	&& signal(SIGTERM, SIG_IGN) != SIG_IGN) {
+    if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
+	(void) signal(SIGQUIT, SIG_IGN);
+	(void) signal(SIGTERM, SIG_IGN);
+	(void) signal(SIGHUP, SIG_IGN);
 	postdrop_cleanup();
-	exit(sig);
+	_exit(sig);
     }
 }
 
@@ -203,6 +200,7 @@ int     main(int argc, char **argv)
     const char *error_text;
     char   *attr_name;
     char   *attr_value;
+    char   *junk;
 
     /*
      * Be consistent with file permissions.
@@ -286,11 +284,11 @@ int     main(int argc, char **argv)
     signal(SIGPIPE, SIG_IGN);
     signal(SIGXFSZ, SIG_IGN);
 
-    if (signal(SIGHUP, SIG_IGN) == SIG_DFL)
-	signal(SIGHUP, postdrop_sig);
     signal(SIGINT, postdrop_sig);
     signal(SIGQUIT, postdrop_sig);
     signal(SIGTERM, postdrop_sig);
+    if (signal(SIGHUP, SIG_IGN) == SIG_DFL)
+	signal(SIGHUP, postdrop_sig);
     msg_cleanup(postdrop_cleanup);
 
     /* End of initializations. */
@@ -389,8 +387,9 @@ int     main(int argc, char **argv)
      * will not be deleted after we have taken responsibility for delivery.
      */
     if (postdrop_path) {
-	myfree(postdrop_path);
+	junk = postdrop_path;
 	postdrop_path = 0;
+	myfree(junk);
     }
 
     /*
diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c
index 7d371fd33..37e00fe94 100644
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -455,6 +455,7 @@ static void output_header(void *context, int header_class,
     char   *start;
     char   *line;
     char   *next_line;
+    int     len;
 
     /*
      * Parse the header line, and save copies of recipient addresses in the
@@ -483,12 +484,24 @@ static void output_header(void *context, int header_class,
 
     /*
      * Pipe the unmodified message header through the header line folding
-     * routine.
+     * routine, and ensure that long lines are chopped appropriately.
      */
     for (line = start = STR(buf); line; line = next_line) {
 	next_line = split_at(line, '\n');
-	output_text(context, REC_TYPE_NORM, line, next_line ?
-		    next_line - line - 1 : strlen(line), offset);
+	len = next_line ? next_line - line - 1 : strlen(line);
+	do {
+	    if (len > var_line_limit) {
+		output_text(context, REC_TYPE_CONT, line, var_line_limit, offset);
+		line += var_line_limit;
+		len -= var_line_limit;
+		offset += var_line_limit;
+	    } else {
+		output_text(context, REC_TYPE_NORM, line, len, offset);
+		offset += len;
+		break;
+	    }
+	} while (len > 0);
+	offset += 1;
     }
 }
 
@@ -621,6 +634,8 @@ static void enqueue(const int flags, const char *encoding, const char *sender,
      */
     rec_fputs(dst, REC_TYPE_MESG, "");
     if (DEL_REQ_TRACE_ONLY(flags) != 0) {
+	if (flags & SM_FLAG_XRCPT)
+	    msg_fatal_status(EX_USAGE, "-t option cannot be used with -bv");
 	rec_fprintf(dst, REC_TYPE_NORM, "Subject: probe");
 	if (recipients) {
 	    rec_fprintf(dst, REC_TYPE_NORM, "To:");
diff --git a/postfix/src/smtp/smtp_chat.c b/postfix/src/smtp/smtp_chat.c
index 7269ccf0c..5fd703013 100644
--- a/postfix/src/smtp/smtp_chat.c
+++ b/postfix/src/smtp/smtp_chat.c
@@ -181,6 +181,7 @@ SMTP_RESP *smtp_chat_resp(SMTP_STATE *state)
     static SMTP_RESP rdata;
     char   *cp;
     int     last_char;
+    int     three_digs = 0;
 
     /*
      * Initialize the response data buffer.
@@ -221,7 +222,7 @@ SMTP_RESP *smtp_chat_resp(SMTP_STATE *state)
 	 */
 	for (cp = STR(state->buffer); *cp && ISDIGIT(*cp); cp++)
 	     /* void */ ;
-	if (cp - STR(state->buffer) == 3) {
+	if ((three_digs = (cp - STR(state->buffer) == 3)) != 0) {
 	    if (*cp == '-')
 		continue;
 	    if (*cp == ' ' || *cp == 0)
@@ -229,7 +230,10 @@ SMTP_RESP *smtp_chat_resp(SMTP_STATE *state)
 	}
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
     }
-    rdata.code = atoi(STR(state->buffer));
+    if (three_digs != 0)
+	rdata.code = atoi(STR(state->buffer));
+    else
+	rdata.code = 0;
     VSTRING_TERMINATE(rdata.buf);
     rdata.str = STR(rdata.buf);
     return (&rdata);
diff --git a/postfix/src/smtp/smtp_sasl_glue.c b/postfix/src/smtp/smtp_sasl_glue.c
index 211a30a4e..bc5d77190 100644
--- a/postfix/src/smtp/smtp_sasl_glue.c
+++ b/postfix/src/smtp/smtp_sasl_glue.c
@@ -377,7 +377,7 @@ void    smtp_sasl_start(SMTP_STATE *state, const char *sasl_opts_name,
      */
     memset(&sec_props, 0L, sizeof(sec_props));
     sec_props.min_ssf = 0;
-    sec_props.max_ssf = 1;			/* don't allow real SASL
+    sec_props.max_ssf = 0;			/* don't allow real SASL
 						 * security layer */
     sec_props.security_flags = name_mask(sasl_opts_name, smtp_sasl_sec_mask,
 					 sasl_opts_val);
diff --git a/postfix/src/smtp/smtp_trouble.c b/postfix/src/smtp/smtp_trouble.c
index ea98fb54f..dbada263c 100644
--- a/postfix/src/smtp/smtp_trouble.c
+++ b/postfix/src/smtp/smtp_trouble.c
@@ -402,6 +402,9 @@ int     smtp_stream_except(SMTP_STATE *state, int code, char *description)
 					  "%s", vstring_str(why));
 	    SMTP_RCPT_DROP(state, rcpt);
 	}
+	/* XXX This assumes no fall-back relay. */
+	if (request->hop_status == 0)
+	    request->hop_status = mystrdup(vstring_str(why));
     }
 
     /*
diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c
index b3c3587cc..1f3f947cf 100644
--- a/postfix/src/smtpd/smtpd_sasl_glue.c
+++ b/postfix/src/smtpd/smtpd_sasl_glue.c
@@ -288,7 +288,7 @@ void    smtpd_sasl_connect(SMTPD_STATE *state, const char *sasl_opts_name,
      */
     memset(&sec_props, 0, sizeof(sec_props));
     sec_props.min_ssf = 0;
-    sec_props.max_ssf = 1;			/* don't allow real SASL
+    sec_props.max_ssf = 0;			/* don't allow real SASL
 						 * security layer */
     sec_props.security_flags = name_mask(sasl_opts_name, smtpd_sasl_mask,
 					 sasl_opts_val);
diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c
index 57ab942b8..0663f95b9 100644
--- a/postfix/src/virtual/virtual.c
+++ b/postfix/src/virtual/virtual.c
@@ -446,7 +446,7 @@ static void pre_init(char *unused_name, char **unused_argv)
      * file.
      */
     if (var_virt_mailbox_limit) {
-	if (var_virt_mailbox_limit < var_message_limit)
+	if (var_virt_mailbox_limit < var_message_limit || var_message_limit == 0)
 	    msg_fatal("main.cf configuration error: %s is smaller than %s",
 		      VAR_VIRT_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT);
 	set_file_limit(var_virt_mailbox_limit);