postfix-2.6-20090110

2025-08-30 13:48:06 +00:00 · 2009-01-10 00:00:00 -05:00 · 2009-01-10 00:00:00 -05:00 · b9cbb4a6b7
commit b9cbb4a6b7
parent dd689ed048
36 changed files with 861 additions and 367 deletions
--- a/postfix/.indent.pro
+++ b/postfix/.indent.pro
@ -137,11 +137,12 @@
 -TMAI_SERVNAME_STR
 -TMAI_SERVPORT_STR
 -TMAPS
 -TMASTER_INT_WATCH
 -TMASTER_PROC
 -TMASTER_SERV
 -TMASTER_STATUS
-TMASTER_VARS_STR_WATCH
+-TMASTER_STR_WATCH
-TMASTER_VARS_INT_WATCH
+-TMATCH_LIST
 -TMBLOCK
 -TMBOX
 -TMILTER
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -14845,10 +14845,12 @@ Apologies for any names omitted.
 	and type. For example, to turn off the main SMTP listener
 	use "master_service_disable = smtp.inet", and to turn off
 	all TCP/IP listeners use "master_service_disable = inet".
-	This feature does not distinguish services by their privacy
+	This immediately terminates all processes that provide the
-	property; some day, clients will not need to specify that
+	specified services. The master_service_disable feature does
-	anymore.  Files: global/mail_params.h, master/master.c,
+	not distinguish services by their privacy property; some
-	master/master_vars.c, master/master_ent.c.
+	day, clients will not need to specify that anymore.  Files:
 	global/mail_params.h, master/master.c, master/master_vars.c,
 	master/master_ent.c.
 	Bugfix (introduced May 19, 1997): removing a parameter
 	setting from main.cf did not reset the parameter to its
@ -14863,8 +14865,20 @@ Apologies for any names omitted.
 	smtpd/smtpd_check.c, proto/access.
 	Workaround: specify "tcp_windowsize = 65535" (or less) to
-	work around routers with broken TCP window scaling
+	work around broken TCP window scaling implementations.  This
-	implementations.  This is perhaps easier than collecting
+	is perhaps easier than collecting tcpdump output and tuning
-	tcpdump output and tuning kernel parameters. Changing this
+	kernel parameters by hand.  See RELEASE_NOTES for how to
-	parameter requires "postfix stop" and "postfix start".
+	change this setting without stopping Postfix.  Files:
-	Files: util/inet_connect.c, inet_listen.c, global/mail_params.[hc].
+	util/inet_connect.c, inet_listen.c, global/mail_params.[hc].
 20090110
 	Cleanup: create separate code modules for TCP window size
 	handling, master.cf service name matching, and main.cf
 	change monitoring.  Files: util/inet_windowsize.c,
 	global/match_service.c, master/master_watch.c.
 	Feature: TCP window size override for the Postfix SMTP/LMTP
 	client, and for the smtp-source and smtp-sink test programs.
 	Files: smtp/smtp_connect.c, smtpstone/smtp-source.c,
 	smtpstone/smtp-sink.c.
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -20,12 +20,34 @@ type or by service name + type. Specify a list of service types
 "name" is the first field of a master.cf entry and "type" is a
 service type. Examples: to turn off the main SMTP listener port,
 use "master_service_disable = smtp.inet"; to turn off all TCP/IP
-listeners, use "master_service_disable = inet".
+listeners, use "master_service_disable = inet". Changing this
 parameter requires "postfix reload".
 Specify "tcp_windowsize = 65535" (or less) to work around routers
 with broken TCP window scaling implementations.  This is perhaps
-easier than collecting tcpdump output and tuning kernel parameters.
+more convenient than collecting tcpdump output and tuning kernel
-Changing this parameter requires "postfix stop" and "postfix start".
+parameters by hand.  With Postfix TCP servers (smtpd(8), qmqpd(8)),
 this feature is implemented by the Postfix master(8) daemon.
 To change this parameter without stopping Postfix, you need to first
 terminate all Postfix TCP servers:
    # postconf -e master_service_disable=inet
    # postfix reload
 This immediately terminates all processes that accept network
 connections.  Then you enable Postfix TCP servers with the updated
 tcp_windowsize setting:
    # postconf -e tcp_windowsize=65535 master_service_disable=
    # postfix reload
 If you skip these steps with a running Postfix system, then the
 tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
 lmtp(8)).
 Of course you can also do "postfix stop" and "postfix start",
 but that is more disruptive.
 Major changes with snapshot 20081010
 ====================================
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@ -1,12 +1,5 @@
 Wish list:
 	To work around window scaling bugs, find out if we can force
 	< 65535 TCP windows with setsockopt(SO_SNDBUF/SO_RCVBUF)
 	between socket() and connect()/listen(). Instead of screwing
 	up lots of internal APIs with an extra buffer size parameter,
 	use a -o command-line option to override a global variable
 	for use by inet_connect() and inet_listen().
 	Force a panic when the VDA patch reduces the file size limit
 	under the message size.  They break the code that marks a
 	recipient as "done", when that recipient was added late
@ -21,6 +14,9 @@ Wish list:
 	Encapsulate time_t conversions (e.g. REC_TYPE_TIME) so that
 	they can be made system dependent.
 	Plan for time_t larger than long, or wait for LP64 to
 	dominate the world?
 	Make "AUTH=<>" appendage to MAIL FROM configurable, enabled
 	by default.
@ -45,11 +41,11 @@ Wish list:
 	and remote mail; the disadvantage is that it makes local
 	submissions more dependent on networking.  One possibility
 	is to use "pickup -o content_filter=smtp:127.0.0.1:10025";
-	we could also to suppress "mail loop" detection for loopback
+	we could also decide to always suppress "mail loop" detection
-	connections.  Another is to have the pickup or cleanup
+	for loopback connections.  Another option is to have the
-	server drive an SMTP client directly; this would require
+	pickup or cleanup server drive an SMTP client directly;
-	extension of the mail_stream() interface, plus a way to
+	this would require extension of the mail_stream() interface,
-	handle bounced/deferred recipients intelligently.
+	plus a way to handle bounced/deferred recipients intelligently.
 	Consolidate duplicated code in *_server_accept_{pass,inet}().
@ -75,14 +71,6 @@ Wish list:
 	Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
 	Postfix for remote connections with MSS > 8 kbytes.
 	Absent a formal spec, model IPv6 RBL lookups after the IPv6
 	PTR lookups (one zone per hex nibble, nibbles in reversed
 	order). How to specify whether to query an RBL server for
 	status info about an IPv6 address? One could argue that as
 	long as IPv6 traffic is small an unsupported lookup doesn't
 	matter; and once IPv6 takes off, the RBL servers better
 	start supporting IPv6 client status information.
 	Don't log "warning: XXXXX: undeliverable postmaster
 	notification discarded" for spam from outside.
@ -149,9 +137,6 @@ Wish list:
 	into mailer-daemon (current bahavior) or disallow (strict
 	behavior, currently implemented only in the SMTP server).
 	Plan for time_t larger than long, or wait for LP64 to
 	dominate the world?
 	The type of var_message_limit (and other file size/offset
 	configuration parameters or internal protocol attributes)
 	should be changed from int to off_t.  This also requires
--- a/postfix/conf/access
+++ b/postfix/conf/access
@ -202,6 +202,8 @@
 #               text..."  when the optional text is specified, oth-
 #               erwise reply with a generic error response message.
 # 
 #               This feature is available in Postfix 2.6 and later.
 # 
 #        DEFER_IF_REJECT optional text...
 #               Defer the request if some later  restriction  would
 #               result    in    a   REJECT   action.   Reply   with
@ -209,6 +211,8 @@
 #               when  the  optional  text  is  specified, otherwise
 #               reply with a generic error response message.
 # 
 #               Prior to Postfix 2.6, the SMTP reply code is 450.
 # 
 #               This feature is available in Postfix 2.1 and later.
 # 
 #        DEFER_IF_PERMIT optional text...
@ -218,6 +222,8 @@
 #               text..." when the optional text is specified,  oth-
 #               erwise reply with a generic error response message.
 # 
 #               Prior to Postfix 2.6, the SMTP reply code is 450.
 # 
 #               This feature is available in Postfix 2.1 and later.
 # 
 # OTHER ACTIONS
--- a/postfix/html/NFS_README.html
+++ b/postfix/html/NFS_README.html
@ -56,7 +56,6 @@ methods simultaneously. </p>
    <a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = fcntl, dotlock
 </pre>
 </blockquote>
 </body>
 <h2> Postfix NFS workarounds </h2>
@ -134,4 +133,5 @@ false errors when the server reply is lost, the client retransmits
 the request, and the server does not remember that it already
 completed the request.  </p>
 </body>
 </html>
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@ -208,6 +208,8 @@ ACCESS(5)                                                            ACCESS(5)
              <i>text...</i>"  when the optional text is specified, oth-
              erwise reply with a generic error response message.
              This feature is available in Postfix 2.6 and later.
       <b>DEFER_IF_REJECT</b> <i>optional text...</i>
              Defer the request if some later  restriction  would
              result    in    a   REJECT   action.   Reply   with
@ -215,6 +217,8 @@ ACCESS(5)                                                            ACCESS(5)
              when  the  optional  text  is  specified, otherwise
              reply with a generic error response message.
              Prior to Postfix 2.6, the SMTP reply code is 450.
              This feature is available in Postfix 2.1 and later.
       <b>DEFER_IF_PERMIT</b> <i>optional text...</i>
@ -224,6 +228,8 @@ ACCESS(5)                                                            ACCESS(5)
              <i>text...</i>" when the optional text is specified,  oth-
              erwise reply with a generic error response message.
              Prior to Postfix 2.6, the SMTP reply code is 450.
              This feature is available in Postfix 2.1 and later.
 <b>OTHER ACTIONS</b>
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -5347,6 +5347,10 @@ service type. As with other Postfix matchlists, a search stops at
 the first match.  Specify "!pattern" to exclude a service from the
 list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled.  </p>
 <p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
 patterns, nor does it support wildcards such as "*" or "all". This
 is intentional. </p>
 <p> Examples: </p>
 <pre>
@ -13068,10 +13072,34 @@ while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration
 (default: 0)</b></DT><DD>
 <p> An optional workaround for routers that break TCP window scaling.
-Specify a value > 0 and < 65536 to enable this feature. </p>
+Specify a value &gt; 0 and &lt; 65536 to enable this feature.  With
 Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented
 by the Postfix <a href="master.8.html">master(8)</a> daemon.  </p>
-<p> Note: for Postfix servers, this feature is implemented by the
+<p> To change this parameter without stopping Postfix, you need to
-Postfix <a href="master.8.html">master(8)</a> daemon, not by the servers themselves. </p>
+first terminate all Postfix TCP servers: </p>
 <blockquote>
 <pre>
 # postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet
 # postfix reload
 </pre>
 </blockquote>
 <p> This immediately terminates all processes that accept network
 connections.  Next, you enable Postfix TCP servers with the updated
 <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p>
 <blockquote>
 <pre>
 # postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>=
 # postfix reload
 </pre>
 </blockquote>
 <p> If you skip these steps with a running Postfix system, then the
 <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>,
 <a href="lmtp.8.html">lmtp(8)</a>).  </p>
 <p> This feature is available in Postfix 2.6 and later. </p>
--- a/postfix/html/smtp-sink.1.html
+++ b/postfix/html/smtp-sink.1.html
@ -184,6 +184,11 @@ SMTP-SINK(1)                                                      SMTP-SINK(1)
              Limit the time for receiving a command or sending a
              response.   The time limit is specified in seconds.
       <b>-T</b> <i>windowsize</i>
              Override the  default  TCP  window  size.  To  work
              around  broken  TCP window scaling implementations,
              specify a value &gt; 0 and &lt; 65536.
       <b>-u</b> <i>username</i>
              Switch to the specified user privileges after open-
              ing  the network socket and optionally changing the
--- a/postfix/html/smtp-source.1.html
+++ b/postfix/html/smtp-source.1.html
@ -106,6 +106,11 @@ SMTP-SOURCE(1)                                                  SMTP-SOURCE(1)
       <b>-t</b> <i>to</i>  Use   the  specified  recipient  address  (default:
              &lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
       <b>-T</b> <i>windowsize</i>
              Override the  default  TCP  window  size.  To  work
              around  broken  TCP window scaling implementations,
              specify a value &gt; 0 and &lt; 65536.
       <b>-v</b>     Make the program more verbose, for  debugging  pur-
              poses.
--- a/postfix/man/man1/smtp-sink.1
+++ b/postfix/man/man1/smtp-sink.1
@ -157,6 +157,10 @@ character).
 .IP "\fB-t \fItimeout\fR (default: 100)"
 Limit the time for receiving a command or sending a response.
 The time limit is specified in seconds.
 .IP "\fB-T \fIwindowsize\fR"
 Override the default TCP window size. To work around
 broken TCP window scaling implementations, specify a
 value > 0 and < 65536.
 .IP "\fB-u \fIusername\fR"
 Switch to the specified user privileges after opening the
 network socket and optionally changing the process root
--- a/postfix/man/man1/smtp-source.1
+++ b/postfix/man/man1/smtp-source.1
@ -85,6 +85,10 @@ Run the specified number of SMTP sessions in parallel (default: 1).
 Send mail with the named subject line (default: none).
 .IP "\fB-t \fIto\fR"
 Use the specified recipient address (default: <foo@myhostname>).
 .IP "\fB-T \fIwindowsize\fR"
 Override the default TCP window size. To work around
 broken TCP window scaling implementations, specify a
 value > 0 and < 65536.
 .IP \fB-v\fR
 Make the program more verbose, for debugging purposes.
 .IP "\fB-w \fIinterval\fR"
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@ -198,6 +198,8 @@ Reject the address etc. that matches the pattern. Reply with
 "\fB$access_map_defer_code \fIoptional text...\fR" when the
 optional text is
 specified, otherwise reply with a generic error response message.
 .sp
 This feature is available in Postfix 2.6 and later.
 .IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
 Defer the request if some later restriction would result in a
 REJECT action. Reply with "\fB$access_map_defer_code 4.7.1
@ -205,6 +207,8 @@ REJECT action. Reply with "\fB$access_map_defer_code 4.7.1
 optional text is specified, otherwise reply with a generic error
 response message.
 .sp
 Prior to Postfix 2.6, the SMTP reply code is 450.
 .sp
 This feature is available in Postfix 2.1 and later.
 .IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
 Defer the request if some later restriction would result in a
@ -214,6 +218,8 @@ text...\fR" when the
 optional text is specified, otherwise reply with a generic error
 response message.
 .sp
 Prior to Postfix 2.6, the SMTP reply code is 450.
 .sp
 This feature is available in Postfix 2.1 and later.
 .SH "OTHER ACTIONS"
 .na
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -2957,6 +2957,10 @@ service type. As with other Postfix matchlists, a search stops at
 the first match.  Specify "!pattern" to exclude a service from the
 list. By default, all \fBmaster\fR(8) listener ports are enabled.
 .PP
 Note: this feature does not support "/file/name" or "type:table"
 patterns, nor does it support wildcards such as "*" or "all". This
 is intentional.
 .PP
 Examples:
 .PP
 .nf
@ -8180,10 +8184,42 @@ are errors while parsing the command line arguments, and errors
 while accessing the Postfix main.cf configuration file.
 .SH tcp_windowsize (default: 0)
 An optional workaround for routers that break TCP window scaling.
-Specify a value > 0 and < 65536 to enable this feature.
+Specify a value > 0 and < 65536 to enable this feature.  With
 Postfix TCP servers (\fBsmtpd\fR(8), \fBqmqpd\fR(8)), this feature is implemented
 by the Postfix \fBmaster\fR(8) daemon.
 .PP
-Note: for Postfix servers, this feature is implemented by the
+To change this parameter without stopping Postfix, you need to
-Postfix \fBmaster\fR(8) daemon, not by the servers themselves.
+first terminate all Postfix TCP servers:
 .sp
 .in +4
 .nf
 .na
 .ft C
 # postconf -e master_service_disable=inet
 # postfix reload
 .fi
 .ad
 .ft R
 .in -4
 .PP
 This immediately terminates all processes that accept network
 connections.  Next, you enable Postfix TCP servers with the updated
 tcp_windowsize setting:
 .sp
 .in +4
 .nf
 .na
 .ft C
 # postconf -e tcp_windowsize=65535 master_service_disable=
 # postfix reload
 .fi
 .ad
 .ft R
 .in -4
 .PP
 If you skip these steps with a running Postfix system, then the
 tcp_windowsize change will work only for Postfix TCP clients (\fBsmtp\fR(8),
 \fBlmtp\fR(8)).
 .PP
 This feature is available in Postfix 2.6 and later.
 .SH tls_daemon_random_bytes (default: 32)
--- a/postfix/proto/NFS_README.html
+++ b/postfix/proto/NFS_README.html
@ -56,7 +56,6 @@ methods simultaneously. </p>
    mailbox_delivery_lock = fcntl, dotlock
 </pre>
 </blockquote>
 </body>
 <h2> Postfix NFS workarounds </h2>
@ -134,4 +133,5 @@ false errors when the server reply is lost, the client retransmits
 the request, and the server does not remember that it already
 completed the request.  </p>
 </body>
 </html>
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -11971,6 +11971,10 @@ service type. As with other Postfix matchlists, a search stops at
 the first match.  Specify "!pattern" to exclude a service from the
 list. By default, all master(8) listener ports are enabled.  </p>
 <p> Note: this feature does not support "/file/name" or "type:table"
 patterns, nor does it support wildcards such as "*" or "all". This
 is intentional. </p>
 <p> Examples: </p>
 <pre>
@ -11989,10 +11993,33 @@ master_service_disable = !foo.inet, inet
 %PARAM tcp_windowsize 0
 <p> An optional workaround for routers that break TCP window scaling.
-Specify a value > 0 and < 65536 to enable this feature. </p>
+Specify a value &gt; 0 and &lt; 65536 to enable this feature.  With
 Postfix TCP servers (smtpd(8), qmqpd(8)), this feature is implemented
 by the Postfix master(8) daemon.  </p>
-<p> Note: for Postfix servers, this feature is implemented by the
+<p> To change this parameter without stopping Postfix, you need to
-Postfix master(8) daemon, not by the servers themselves. The Postfix
+first terminate all Postfix TCP servers: </p>
-master must be restarted for a parameter change to take effect. </p>
+
 <blockquote>
 <pre>
 # postconf -e master_service_disable=inet
 # postfix reload
 </pre>
 </blockquote>
 <p> This immediately terminates all processes that accept network
 connections.  Next, you enable Postfix TCP servers with the updated
 tcp_windowsize setting: </p>
 <blockquote>
 <pre>
 # postconf -e tcp_windowsize=65535 master_service_disable=
 # postfix reload
 </pre>
 </blockquote>
 <p> If you skip these steps with a running Postfix system, then the
 tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
 lmtp(8)).  </p>
 <p> This feature is available in Postfix 2.6 and later. </p>
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@ -28,7 +28,8 @@ SRCS	= abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
 	tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
 	user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
 	verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c \
-	fold_addr.c header_body_checks.c mkmap_proxy.c data_redirect.c
+	fold_addr.c header_body_checks.c mkmap_proxy.c data_redirect.c \
 	match_service.c
 OBJS	= abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
 	canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
 	clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
@ -58,7 +59,8 @@ OBJS	= abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
 	tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
 	user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
 	verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o \
-	fold_addr.o header_body_checks.o mkmap_proxy.o data_redirect.o
+	fold_addr.o header_body_checks.o mkmap_proxy.o data_redirect.o \
 	match_service.o
 HDRS	= abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
 	canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
 	conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
@ -82,7 +84,7 @@ HDRS	= abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
 	string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
 	trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
 	verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \
-	fold_addr.h header_body_checks.h data_redirect.h
+	fold_addr.h header_body_checks.h data_redirect.h match_service.h
 TESTSRC	= rec2stream.c stream2rec.c recdump.c
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
 CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
@ -1384,6 +1386,15 @@ match_parent_style.o: mail_params.h
 match_parent_style.o: match_parent_style.c
 match_parent_style.o: match_parent_style.h
 match_parent_style.o: string_list.h
 match_service.o: ../../include/argv.h
 match_service.o: ../../include/msg.h
 match_service.o: ../../include/mymalloc.h
 match_service.o: ../../include/stringops.h
 match_service.o: ../../include/sys_defs.h
 match_service.o: ../../include/vbuf.h
 match_service.o: ../../include/vstring.h
 match_service.o: match_service.c
 match_service.o: match_service.h
 mbox_conf.o: ../../include/argv.h
 mbox_conf.o: ../../include/name_mask.h
 mbox_conf.o: ../../include/sys_defs.h
--- a/postfix/src/global/mail_params.c
+++ b/postfix/src/global/mail_params.c
@ -170,8 +170,7 @@
 #endif
 #include <inet_proto.h>
 #include <vstring_vstream.h>
-#include <connect.h>
+#include <iostuff.h>
 #include <listen.h>
 /* Global library. */
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20090109"
+#define MAIL_RELEASE_DATE	"20090110"
 #define MAIL_VERSION_NUMBER	"2.6"
 #ifdef SNAPSHOT
--- a/postfix/src/global/match_service.c
+++ b/postfix/src/global/match_service.c
@ -0,0 +1,139 @@
 /*++
 /* NAME
 /*	match_service 3
 /* SUMMARY
 /*	simple master.cf service name.type pattern matcher
 /* SYNOPSIS
 /*	#include <match_service.h>
 /*
 /*	ARGV	*match_service_init(pattern_list)
 /*	const char *pattern_list;
 /*
 /*	int	match_service_match(list, name_type)
 /*	ARGV	*list;
 /*	const char *name_type;
 /*
 /*	void match_service_free(list)
 /*	ARGV	*list;
 /* DESCRIPTION
 /*	This module implements pattern matching for Postfix master.cf
 /*	services.  This is more precise than using domain_list(3),
 /*	because match_service(3) won't treat a dotted service name
 /*	as a domain hierarchy. Moreover, this module has the advantage
 /*	that it does not drag in all the LDAP, SQL and other map
 /*	lookup client code into programs that don't need it.
 /*
 /*	Each pattern is of the form "name.type" or "type", where
 /*	"name" and "type" are the first two fields of a master.cf
 /*	entry. Patterns are separated by whitespace and/or commas.
 /*	Matches are case insensitive. Patterns are matched in the
 /*	specified order, and the matching process stops at the first
 /*	match.  In order to reverse the result of a pattern match,
 /*	precede a pattern with an exclamation point (!).
 /*
 /*	match_service_init() parses the pattern list. The result
 /*	must be passed to match_service_match() or match_service_free().
 /*
 /*	match_service_match() matches one service name.type string
 /*	against the specified pattern list.
 /*
 /*	match_service_free() releases storage allocated by
 /*	match_service_init().
 /* DIAGNOSTICS
 /*	Fatal error: out of memory, malformed pattern.
 /*	Panic: malformed search string.
 /* SEE ALSO
 /*	domain_list(3) match domain names.
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 /* System library. */
 #include <sys_defs.h>
 #include <string.h>
 #ifdef STRCASECMP_IN_STRINGS_H
 #include <strings.h>
 #endif
 /* Utility library. */
 #include <msg.h>
 #include <argv.h>
 #include <mymalloc.h>
 #include <stringops.h>
 #include <match_service.h>
 /* match_service_init - initialize pattern list */
 ARGV   *match_service_init(const char *patterns)
 {
    const char *delim = " ,\t\r\n";
    ARGV   *list = argv_alloc(1);
    char   *saved_patterns = mystrdup(patterns);
    char   *bp = saved_patterns;
    const char *item;
    while ((item = mystrtok(&bp, delim)) != 0)
        argv_add(list, item, (char *) 0);
    argv_terminate(list);
    myfree(saved_patterns);
    return (list);
 }
 /* match_service_match - match service name.type against pattern list */
 int     match_service_match(ARGV *list, const char *name_type)
 {
    const char *myname = "match_service_match";
    const char *type;
    char  **cpp;
    char   *pattern;
    int     match;
    /*
     * Quick check for empty list.
     */
    if (list->argv[0] == 0)
 	return (0);
    /*
     * Sanity check.
     */
    if ((type = strrchr(name_type, '.')) == 0 || *++type == 0)
 	msg_panic("%s: malformed service: \"%s\"; need \"name.type\" format",
 		  myname, name_type);
    /*
     * Iterate over all patterns in the list, stop at the first match.
     */
    for (cpp = list->argv; (pattern = *cpp) != 0; cpp++) {
 	if (msg_verbose)
 	    msg_info("%s: %s ~? %s", myname, name_type, pattern);
 	for (match = 1; *pattern == '!'; pattern++)
 	    match = !match;
 	if (strcasecmp(strchr(pattern, '.') ? name_type : type, pattern) == 0) {
 	    if (msg_verbose)
 		msg_info("%s: %s: found match", myname, name_type);
 	    return (match);
 	}
    }
    if (msg_verbose)
 	msg_info("%s: %s: no match", myname, name_type);
    return (0);
 }
 /* match_service_free - release storage */
 void    match_service_free(ARGV *list)
 {
    argv_free(list);
 }
--- a/postfix/src/global/match_service.h
+++ b/postfix/src/global/match_service.h
@ -0,0 +1,31 @@
 #ifndef _MATCH_SERVICE_H_INCLUDED_
 #define _MATCH_SERVICE_H_INCLUDED_
 /*++
 /* NAME
 /*	match_service 3h
 /* SUMMARY
 /*	simple master.cf service name.type pattern matcher
 /* SYNOPSIS
 /*	#include <match_service.h>
 /* DESCRIPTION
 /* .nf
 /* External interface. */
 extern ARGV *match_service_init(const char *);
 extern int match_service_match(ARGV *, const char *);
 extern void match_service_free(ARGV *);
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 #endif
--- a/postfix/src/master/Makefile.in
+++ b/postfix/src/master/Makefile.in
@ -2,10 +2,10 @@ SHELL	= /bin/sh
 SRCS	= master.c master_conf.c master_ent.c master_sig.c master_avail.c \
 	master_spawn.c master_service.c master_status.c master_listen.c \
 	master_proto.c single_server.c multi_server.c master_vars.c \
-	master_wakeup.c master_flow.c mail_flow.c
+	master_wakeup.c master_flow.c master_watch.c mail_flow.c
 OBJS	= master.o master_conf.o master_ent.o master_sig.o master_avail.o \
 	master_spawn.o master_service.o master_status.o master_listen.o \
-	master_vars.o master_wakeup.o master_flow.o
+	master_vars.o master_wakeup.o master_watch.o master_flow.o
 LIB_OBJ	= single_server.o multi_server.o trigger_server.o master_proto.o \
 	mail_flow.o
 HDRS	= mail_server.h master_proto.h mail_flow.h
@ -128,7 +128,6 @@ master_conf.o: master.h
 master_conf.o: master_conf.c
 master_ent.o: ../../include/argv.h
 master_ent.o: ../../include/attr.h
 master_ent.o: ../../include/domain_list.h
 master_ent.o: ../../include/host_port.h
 master_ent.o: ../../include/inet_addr_host.h
 master_ent.o: ../../include/inet_addr_list.h
@ -136,8 +135,7 @@ master_ent.o: ../../include/iostuff.h
 master_ent.o: ../../include/mail_conf.h
 master_ent.o: ../../include/mail_params.h
 master_ent.o: ../../include/mail_proto.h
-master_ent.o: ../../include/match_list.h
+master_ent.o: ../../include/match_service.h
 master_ent.o: ../../include/match_ops.h
 master_ent.o: ../../include/msg.h
 master_ent.o: ../../include/myaddrinfo.h
 master_ent.o: ../../include/mymalloc.h
@ -237,6 +235,11 @@ master_wakeup.o: ../../include/vstream.h
 master_wakeup.o: mail_server.h
 master_wakeup.o: master.h
 master_wakeup.o: master_wakeup.c
 master_watch.o: ../../include/msg.h
 master_watch.o: ../../include/mymalloc.h
 master_watch.o: ../../include/sys_defs.h
 master_watch.o: master.h
 master_watch.o: master_watch.c
 multi_server.o: ../../include/chroot_uid.h
 multi_server.o: ../../include/debug_process.h
 multi_server.o: ../../include/events.h
--- a/postfix/src/master/master.h
+++ b/postfix/src/master/master.h
@ -184,6 +184,35 @@ extern void master_delete_children(MASTER_SERV *);
 extern void master_flow_init(void);
 extern int master_flow_pipe[2];
 /*
  * master_watch.c
  * 
  * Support to warn about main.cf parameters that can only be initialized but
  * not updated, and to initialize or update data structures that derive
  * values from main.cf parameters.
  */
 typedef struct {
    const char *name;			/* parameter name */
    char  **value;			/* current main.cf value */
    char  **backup;			/* actual value that is being used */
    int     flags;			/* see below */
    void    (*notify) (void);		/* init or update data structure */
 } MASTER_STR_WATCH;
 typedef struct {
    const char *name;			/* parameter name */
    int    *value;			/* current main.cf value */
    int     backup;			/* actual value that is being used */
    int     flags;			/* see below */
    void    (*notify) (void);		/* init or update data structure */
 } MASTER_INT_WATCH;
 #define MASTER_WATCH_FLAG_UPDATABLE (1<<0)	/* support update after init */
 #define MASTER_WATCH_FLAG_ISSET    (1<<1)	/* backup is initialized */
 extern void master_str_watch(const MASTER_STR_WATCH *);
 extern void master_int_watch(MASTER_INT_WATCH *);
 /* DIAGNOSTICS
 /* BUGS
 /* SEE ALSO
--- a/postfix/src/master/master_ent.c
+++ b/postfix/src/master/master_ent.c
@ -90,7 +90,7 @@
 /* Global library. */
-#include <domain_list.h>
+#include <match_service.h>
 #include <mail_proto.h>
 #include <mail_params.h>
 #include <own_inet_addr.h>
@ -105,7 +105,7 @@
 static char *master_path;		/* config file name */
 static VSTREAM *master_fp;		/* config file pointer */
 static int master_line;			/* config file line number */
-static DOMAIN_LIST *master_disable;	/* disabled services */
+static ARGV *master_disable;		/* disabled service patterns */
 static char master_blanks[] = " \t\r\n";/* field delimiters */
@ -136,7 +136,7 @@ void    set_master_ent()
    master_line = 0;
    if (master_disable != 0)
 	msg_panic("%s: service disable list still exists", myname);
-    master_disable = domain_list_init(MATCH_FLAG_PARENT, var_master_disable);
+    master_disable = match_service_init(var_master_disable);
 }
 /* end_master_ent - close configuration file */
@ -152,7 +152,7 @@ void    end_master_ent()
    master_fp = 0;
    if (master_disable == 0)
 	msg_panic("%s: no service disable list", myname);
-    domain_list_free(master_disable);
+    match_service_free(master_disable);
    master_disable = 0;
 }
@ -284,7 +284,7 @@ MASTER_SERV *get_master_ent()
 	name = cp;
 	transport = get_str_ent(&bufp, "transport type", (char *) 0);
 	vstring_sprintf(junk, "%s.%s", name, transport);
-    } while (domain_list_match(master_disable, vstring_str(junk)) != 0);
+    } while (match_service_match(master_disable, vstring_str(junk)) != 0);
    /*
     * Parse one logical line from the configuration file. Initialize service
--- a/postfix/src/master/master_vars.c
+++ b/postfix/src/master/master_vars.c
@ -51,109 +51,6 @@ int     var_proc_limit;
 int     var_throttle_time;
 char   *var_master_disable;
 /*
  * Support to warn about main.cf parameters that can only be initialized but
  * not updated, and to initialize or update data structures that derive
  * values from main.cf parameters. Add similar code if we also need to
  * monitor non-string parameters.
  */
 typedef struct MASTER_VARS_STR_WATCH {
    const char *name;			/* parameter name */
    char  **value;			/* current main.cf value */
    char  **backup;			/* actual value that is being used */
    int     flags;			/* see below */
    void    (*assign) (void);		/* init or update data structure */
 } MASTER_VARS_STR_WATCH;
 typedef struct MASTER_VARS_INT_WATCH {
    const char *name;			/* parameter name */
    int    *value;			/* current main.cf value */
    int    *backup;			/* actual value that is being used */
    int     flags;			/* see below */
    void    (*assign) (void);		/* init or update data structure */
 } MASTER_VARS_INT_WATCH;
 #define MASTER_VARS_WATCH_FLAG_UPDATE	(1<<0)	/* support update after init */
 #define MASTER_VARS_WATCH_FLAG_ISSET	(1<<1)	/* backup is initialized */
 /* master_vars_str_watch - watch string-valued parameters for change */
 static void master_vars_str_watch(MASTER_VARS_STR_WATCH *str_watch_table)
 {
    MASTER_VARS_STR_WATCH *wp;
    for (wp = str_watch_table; wp->name != 0; wp++) {
 	/*
 	 * Detect changes to monitored parameter values. If a change is
 	 * supported, we discard the backed up value and update it to the
 	 * current value later. Otherwise we complain.
 	 */
 	if (wp->backup[0] != 0
 	    && strcmp(wp->backup[0], wp->value[0]) != 0) {
 	    if ((wp->flags & MASTER_VARS_WATCH_FLAG_UPDATE) == 0) {
 		msg_warn("ignoring %s parameter value change", wp->name);
 		msg_warn("old value: \"%s\", new value: \"%s\"",
 			 wp->backup[0], wp->value[0]);
 		msg_warn("to change %s, stop and start Postfix", wp->name);
 	    } else {
 		myfree(wp->backup[0]);
 		wp->backup[0] = 0;
 	    }
 	}
 	/*
 	 * Initialize the backed up parameter value, or update if it this
 	 * parameter supports updates after initialization. Optionally assign
 	 * the parameter value to an application-specific data structure.
 	 */
 	if (wp->backup[0] == 0) {
 	    if (wp->assign != 0)
 		wp->assign();
 	    wp->backup[0] = mystrdup(wp->value[0]);
 	}
    }
 }
 /* master_vars_int_watch - watch integer-valued parameters for change */
 static void master_vars_int_watch(MASTER_VARS_INT_WATCH *str_watch_table)
 {
    MASTER_VARS_INT_WATCH *wp;
    for (wp = str_watch_table; wp->name != 0; wp++) {
 	/*
 	 * Detect changes to monitored parameter values. If a change is
 	 * supported, we discard the backed up value and update it to the
 	 * current value later. Otherwise we complain.
 	 */
 	if ((wp->flags & MASTER_VARS_WATCH_FLAG_ISSET) != 0
 	    && wp->backup[0] != wp->value[0]) {
 	    if ((wp->flags & MASTER_VARS_WATCH_FLAG_UPDATE) == 0) {
 		msg_warn("ignoring %s parameter value change", wp->name);
 		msg_warn("old value: \"%d\", new value: \"%d\"",
 			 wp->backup[0], wp->value[0]);
 		msg_warn("to change %s, stop and start Postfix", wp->name);
 	    } else {
 		wp->flags &= ~MASTER_VARS_WATCH_FLAG_ISSET;
 	    }
 	}
 	/*
 	 * Initialize the backed up parameter value, or update if it this
 	 * parameter supports updates after initialization. Optionally assign
 	 * the parameter value to an application-specific data structure.
 	 */
 	if ((wp->flags & MASTER_VARS_WATCH_FLAG_ISSET) == 0) {
 	    if (wp->assign != 0)
 		wp->assign();
 	    wp->flags |= MASTER_VARS_WATCH_FLAG_ISSET;
 	    wp->backup[0] = wp->value[0];
 	}
    }
 }
 /* master_vars_init - initialize from global Postfix configuration file */
 void    master_vars_init(void)
@ -175,18 +72,13 @@ void    master_vars_init(void)
    static char *saved_inet_protocols;
    static char *saved_queue_dir;
    static char *saved_config_dir;
-    static MASTER_VARS_STR_WATCH str_watch_table[] = {
+    static const MASTER_STR_WATCH str_watch_table[] = {
 	VAR_CONFIG_DIR, &var_config_dir, &saved_config_dir, 0, 0,
 	VAR_QUEUE_DIR, &var_queue_dir, &saved_queue_dir, 0, 0,
 	VAR_INET_PROTOCOLS, &var_inet_protocols, &saved_inet_protocols, 0, 0,
 	/* XXX Add inet_interfaces here after this code is burned in. */
 	0,
    };
    static int saved_inet_windowsize;
    static MASTER_VARS_INT_WATCH int_watch_table[] = {
 	VAR_INET_WINDOW, &var_inet_windowsize, &saved_inet_windowsize, 0, 0,
 	0,
    };
    /*
     * Flush existing main.cf settings, so that we handle deleted main.cf
@ -205,6 +97,5 @@ void    master_vars_init(void)
    /*
     * Look for parameter changes that require special attention.
     */
-    master_vars_str_watch(str_watch_table);
+    master_str_watch(str_watch_table);
    master_vars_int_watch(int_watch_table);
 }
--- a/postfix/src/master/master_watch.c
+++ b/postfix/src/master/master_watch.c
@ -0,0 +1,151 @@
 /*++
 /* NAME
 /*	master_watch 3
 /* SUMMARY
 /*	Postfix master - monitor main.cf changes
 /* SYNOPSIS
 /*	#include "master.h"
 /*
 /*	void	master_str_watch(str_watch_table)
 /*	const MASTER_STR_WATCH *str_watch_table;
 /*
 /*	void	master_int_watch(int_watch_table)
 /*	MASTER_INT_WATCH *int_watch_table;
 /* DESCRIPTION
 /*	The Postfix master daemon is a long-running process. After
 /*	main.cf is changed, some parameter changes may require that
 /*	master data structures be recomputed.
 /*
 /*	Unfortunately, some main.cf changes cannot be applied
 /*	on-the-fly, either because they require killing off existing
 /*	child processes and thus disrupt service, or because the
 /*	necessary support for on-the-fly data structure update has
 /*	not yet been implemented.  Such main.cf changes trigger a
 /*	warning that they require that Postfix be stopped and
 /*	restarted.
 /*
 /*	This module provides functions that monitor selected main.cf
 /*	parameters for change. The operation of these functions is
 /*	controlled by tables that specify the parameter name, the
 /*	current parameter value, a historical parameter value,
 /*	optional flags, and an optional notify call-back function.
 /*
 /*	master_str_watch() monitors string-valued parameters for
 /*	change, and master_int_watch() does the same for integer-valued
 /*	parameters. Note that master_int_watch() needs read-write
 /*	access to its argument table, while master_str_watch() needs
 /*	read-only access only.
 /*
 /*	The functions log a warning when a parameter value has
 /*	changed after re-reading main.cf, but the parameter is not
 /*	flagged in the MASTER_*_WATCH table as "updatable" with
 /*	MASTER_WATCH_FLAG_UPDATABLE.
 /*
 /*	If the parameter has a notify call-back function, then the
 /*	function is called after main.cf is read for the first time.
 /*	If the parameter is flagged as "updatable", then the function
 /*	is also called when the parameter value changes after
 /*	re-reading main.cf.
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 /* System library. */
 #include <sys_defs.h>
 #include <string.h>
 #include <unistd.h>
 /* Utility library. */
 #include <msg.h>
 #include <mymalloc.h>
 /* Application-specific. */
 #include "master.h"
 /* master_str_watch - watch string-valued parameters for change */
 void    master_str_watch(const MASTER_STR_WATCH *str_watch_table)
 {
    const MASTER_STR_WATCH *wp;
    for (wp = str_watch_table; wp->name != 0; wp++) {
 	/*
 	 * Detect changes to monitored parameter values. If a change is
 	 * supported, we discard the backed up value and update it to the
 	 * current value later. Otherwise we complain.
 	 */
 	if (wp->backup[0] != 0
 	    && strcmp(wp->backup[0], wp->value[0]) != 0) {
 	    if ((wp->flags & MASTER_WATCH_FLAG_UPDATABLE) == 0) {
 		msg_warn("ignoring %s parameter value change", wp->name);
 		msg_warn("old value: \"%s\", new value: \"%s\"",
 			 wp->backup[0], wp->value[0]);
 		msg_warn("to change %s, stop and start Postfix", wp->name);
 	    } else {
 		myfree(wp->backup[0]);
 		wp->backup[0] = 0;
 	    }
 	}
 	/*
 	 * Initialize the backed up parameter value, or update it if this
 	 * parameter supports updates after initialization. Optionally 
 	 * notify the application that this parameter has changed.
 	 */
 	if (wp->backup[0] == 0) {
 	    if (wp->notify != 0)
 		wp->notify();
 	    wp->backup[0] = mystrdup(wp->value[0]);
 	}
    }
 }
 /* master_int_watch - watch integer-valued parameters for change */
 void    master_int_watch(MASTER_INT_WATCH *int_watch_table)
 {
    MASTER_INT_WATCH *wp;
    for (wp = int_watch_table; wp->name != 0; wp++) {
 	/*
 	 * Detect changes to monitored parameter values. If a change is
 	 * supported, we discard the backed up value and update it to the
 	 * current value later. Otherwise we complain.
 	 */
 	if ((wp->flags & MASTER_WATCH_FLAG_ISSET) != 0
 	    && wp->backup != wp->value[0]) {
 	    if ((wp->flags & MASTER_WATCH_FLAG_UPDATABLE) == 0) {
 		msg_warn("ignoring %s parameter value change", wp->name);
 		msg_warn("old value: \"%d\", new value: \"%d\"",
 			 wp->backup, wp->value[0]);
 		msg_warn("to change %s, stop and start Postfix", wp->name);
 	    } else {
 		wp->flags &= ~MASTER_WATCH_FLAG_ISSET;
 	    }
 	}
 	/*
 	 * Initialize the backed up parameter value, or update if it this
 	 * parameter supports updates after initialization. Optionally 
 	 * notify the application that this parameter has changed.
 	 */
 	if ((wp->flags & MASTER_WATCH_FLAG_ISSET) == 0) {
 	    if (wp->notify != 0)
 		wp->notify();
 	    wp->flags |= MASTER_WATCH_FLAG_ISSET;
 	    wp->backup = wp->value[0];
 	}
    }
 }
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@ -197,6 +197,9 @@ static SMTP_SESSION *smtp_connect_addr(const char *destination, DNS_RR *addr,
    if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0)
 	msg_fatal("%s: socket: %m", myname);
    if (inet_windowsize > 0)
 	set_inet_windowsize(sock, inet_windowsize);
    /*
     * Allow the sysadmin to specify the source address, for example, as "-o
     * smtp_bind_address=x.x.x.x" in the master.cf file.
--- a/postfix/src/smtpstone/smtp-sink.c
+++ b/postfix/src/smtpstone/smtp-sink.c
@ -151,6 +151,10 @@
 /* .IP "\fB-t \fItimeout\fR (default: 100)"
 /*	Limit the time for receiving a command or sending a response.
 /*	The time limit is specified in seconds.
 /* .IP "\fB-T \fIwindowsize\fR"
 /*	Override the default TCP window size. To work around
 /*	broken TCP window scaling implementations, specify a
 /*	value > 0 and < 65536.
 /* .IP "\fB-u \fIusername\fR"
 /*	Switch to the specified user privileges after opening the
 /*	network socket and optionally changing the process root
@ -1395,7 +1399,7 @@ int     main(int argc, char **argv)
    /*
     * Parse JCL.
     */
-    while ((ch = GETOPT(argc, argv, "468aA:cCd:D:eEf:Fh:Ln:m:M:pPq:Q:r:R:s:S:t:u:vw:W:")) > 0) {
+    while ((ch = GETOPT(argc, argv, "468aA:cCd:D:eEf:Fh:Ln:m:M:pPq:Q:r:R:s:S:t:T:u:vw:W:")) > 0) {
 	switch (ch) {
 	case '4':
 	    protocols = INET_PROTO_NAME_IPV4;
@ -1490,6 +1494,10 @@ int     main(int argc, char **argv)
 	    if ((var_tmout = atoi(optarg)) <= 0)
 		msg_fatal("bad timeout: %s", optarg);
 	    break;
 	case 'T':
 	    if ((inet_windowsize = atoi(optarg)) <= 0)
 		msg_fatal("bad TCP window size: %s", optarg);
 	    break;
 	case 'u':
 	    user_privs = optarg;
 	    break;
--- a/postfix/src/smtpstone/smtp-source.c
+++ b/postfix/src/smtpstone/smtp-source.c
@ -79,6 +79,10 @@
 /*	Send mail with the named subject line (default: none).
 /* .IP "\fB-t \fIto\fR"
 /*	Use the specified recipient address (default: <foo@myhostname>).
 /* .IP "\fB-T \fIwindowsize\fR"
 /*	Override the default TCP window size. To work around
 /*	broken TCP window scaling implementations, specify a
 /*	value > 0 and < 65536.
 /* .IP \fB-v\fR
 /*	Make the program more verbose, for debugging purposes.
 /* .IP "\fB-w \fIinterval\fR"
@ -460,6 +464,8 @@ static void start_connect(SESSION *session)
    session->stream = vstream_fdopen(fd, O_RDWR);
    event_enable_write(fd, connect_done, (char *) session);
    smtp_timeout_setup(session->stream, var_timeout);
    if (inet_windowsize > 0)
 	set_inet_windowsize(fd, inet_windowsize);
    if (sane_connect(fd, sa, sa_length) < 0 && errno != EINPROGRESS)
 	fail_connect(session);
 }
@ -922,7 +928,7 @@ int     main(int argc, char **argv)
    /*
     * Parse JCL.
     */
-    while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:vw:")) > 0) {
+    while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:T:vw:")) > 0) {
 	switch (ch) {
 	case '4':
 	    protocols = INET_PROTO_NAME_IPV4;
@ -1001,6 +1007,10 @@ int     main(int argc, char **argv)
 	case 't':
 	    recipient = optarg;
 	    break;
 	case 'T':
 	    if ((inet_windowsize = atoi(optarg)) <= 0)
 		msg_fatal("bad TCP window size: %s", optarg);
 	    break;
 	case 'v':
 	    msg_verbose++;
 	    break;
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@ -31,7 +31,7 @@ SRCS	= alldig.c allprint.c argv.c argv_split.c attr_clnt.c attr_print0.c \
 	vstream_popen.c vstring.c vstring_vstream.c watchdog.c writable.c \
 	write_buf.c write_wait.c sane_basename.c format_tv.c allspace.c \
 	allascii.c load_file.c killme_after.c vstream_tweak.c upass_connect.c \
-	upass_listen.c upass_trigger.c edit_file.c
+	upass_listen.c upass_trigger.c edit_file.c inet_windowsize.c
 OBJS	= alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
 	attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
 	attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
@ -64,7 +64,7 @@ OBJS	= alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
 	vstream_popen.o vstring.o vstring_vstream.o watchdog.o writable.o \
 	write_buf.o write_wait.o sane_basename.o format_tv.o allspace.o \
 	allascii.o load_file.o killme_after.o vstream_tweak.o upass_connect.o \
-	upass_listen.o upass_trigger.o edit_file.o
+	upass_listen.o upass_trigger.o edit_file.o inet_windowsize.o
 HDRS	= argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \
 	chroot_uid.h cidr_match.h clean_env.h connect.h ctable.h dict.h \
 	dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h dict_env.h dict_ht.h \
@ -1137,6 +1137,10 @@ inet_trigger.o: msg.h
 inet_trigger.o: mymalloc.h
 inet_trigger.o: sys_defs.h
 inet_trigger.o: trigger.h
 inet_windowsize.o: inet_windowsize.c
 inet_windowsize.o: iostuff.h
 inet_windowsize.o: msg.h
 inet_windowsize.o: sys_defs.h
 killme_after.o: killme_after.c
 killme_after.o: killme_after.h
 killme_after.o: sys_defs.h
--- a/postfix/src/util/connect.h
+++ b/postfix/src/util/connect.h
@ -24,8 +24,6 @@ extern int inet_connect(const char *, int, int);
 extern int stream_connect(const char *, int, int);
 extern int upass_connect(const char *, int, int);
 extern int inet_windowsize;
 /* LICENSE
 /* .ad
 /* .fi
--- a/postfix/src/util/inet_connect.c
+++ b/postfix/src/util/inet_connect.c
@ -16,7 +16,7 @@
 /*	inet_connect connects to a TCP listener at
 /*	the specified address, and returns the resulting file descriptor.
 /*
-/*	Specify an inet_windowsize value > 0 to override the default
+/*	Specify an inet_windowsize value > 0 to override the TCP
 /*	window size that the client advertises to the server.
 /*
 /*	Arguments:
@ -149,14 +149,8 @@ static int inet_connect_one(struct addrinfo * res, int block_mode, int timeout)
    /*
     * Window scaling workaround.
     */
-    if (inet_windowsize > 0) {
+    if (inet_windowsize > 0)
-	if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *) &inet_windowsize,
+	set_inet_windowsize(sock, inet_windowsize);
 		       sizeof(inet_windowsize)) < 0)
 	    msg_warn("setsockopt SO_SNDBUF %d: %m", inet_windowsize);
 	if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *) &inet_windowsize,
 		       sizeof(inet_windowsize)) < 0)
 	    msg_warn("setsockopt SO_RCVBUF %d: %m", inet_windowsize);
    }
    /*
     * Timed connect.
--- a/postfix/src/util/inet_listen.c
+++ b/postfix/src/util/inet_listen.c
@ -22,8 +22,8 @@
 /*
 /*	inet_accept() accepts a connection and sanitizes error results.
 /*
-/*	Specify an inet_windowsize value > 0 to override the default
+/*	Specify an inet_windowsize value > 0 to override the TCP
-/*	TCP window size that the server advertises to the server.
+/*	window size that the server advertises to the client.
 /*
 /*	Arguments:
 /* .IP addr
@ -145,12 +145,12 @@ int     inet_listen(const char *addr, int backlog, int block_mode)
    if ((sock = socket(res->ai_family, res->ai_socktype, 0)) < 0)
 	msg_fatal("socket: %m");
 #ifdef HAS_IPV6
-#if defined(IPV6_V6ONLY) && !defined(BROKEN_AI_PASSIVE_NULL_HOST)
+# if defined(IPV6_V6ONLY) && !defined(BROKEN_AI_PASSIVE_NULL_HOST)
    if (res->ai_family == AF_INET6
 	&& setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
 		      (char *) &on, sizeof(on)) < 0)
 	msg_fatal("setsockopt(IPV6_V6ONLY): %m");
-#endif
+# endif
 #endif
    if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
 		   (char *) &on, sizeof(on)) < 0)
@ -160,16 +160,10 @@ int     inet_listen(const char *addr, int backlog, int block_mode)
 			     &hostaddr, &portnum, 0);
 	msg_fatal("bind %s port %s: %m", hostaddr.buf, portnum.buf);
    }
    if (inet_windowsize > 0) {
 	if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *) &inet_windowsize,
 		       sizeof(inet_windowsize)) < 0)
 	    msg_warn("setsockopt SO_SNDBUF %d: %m", inet_windowsize);
 	if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *) &inet_windowsize,
 		       sizeof(inet_windowsize)) < 0)
 	    msg_warn("setsockopt SO_RCVBUF %d: %m", inet_windowsize);
    }
    freeaddrinfo(res0);
    non_blocking(sock, block_mode);
    if (inet_windowsize > 0)
 	set_inet_windowsize(sock, inet_windowsize);
    if (listen(sock, backlog) < 0)
 	msg_fatal("listen: %m");
    return (sock);
--- a/postfix/src/util/inet_windowsize.c
+++ b/postfix/src/util/inet_windowsize.c
@ -0,0 +1,79 @@
 /*++
 /* NAME
 /*	inet_windowsize 3
 /* SUMMARY
 /*	TCP window scaling control
 /* SYNOPSIS
 /*	#include <iostuff.h>
 /*
 /*	int	inet_windowsize;
 /*
 /*	void	set_inet_windowsize(sock, windowsize)
 /*	int	sock;
 /*	int	windowsize;
 /* DESCRIPTION
 /*	set_inet_windowsize() overrides the default TCP window size
 /*	with the specified value. When called before listen() or
 /*	accept(), this works around broken infrastructure that
 /*	mis-handles TCP window scaling options.
 /*
 /*	The global inet_windowsize variable is available for other
 /*	routines to remember that they wish to override the default
 /*	TCP window size. The variable is not accessed by the
 /*	set_inet_windowsize() function itself.
 /*
 /*	Arguments:
 /* .IP sock
 /*	TCP communication endpoint, before the connect(2) or listen(2) call.
 /* .IP windowsize
 /*	The preferred TCP window size. This must be > 0.
 /* DIAGNOSTICS
 /*	Panic: interface violation.
 /*	Warnings: some error return from setsockopt().
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 /* System libraries. */
 #include <sys_defs.h>
 #include <sys/socket.h>
 /* Utility library. */
 #include <msg.h>
 #include <iostuff.h>
 /* Application storage. */
 int     inet_windowsize;
 /* set_inet_windowsize - set TCP send/receive window size */
 void    set_inet_windowsize(int sock, int windowsize)
 {
    /*
     * Sanity check.
     */
    if (windowsize <= 0)
 	msg_panic("inet_windowsize: bad window size %d", windowsize);
    /*
     * Generic implementation: set the send and receive buffer size before
     * listen() or connect().
     */
    if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *) &windowsize,
 		   sizeof(windowsize)) < 0)
 	msg_warn("setsockopt SO_SNDBUF %d: %m", windowsize);
    if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *) &windowsize,
 		   sizeof(windowsize)) < 0)
 	msg_warn("setsockopt SO_RCVBUF %d: %m", windowsize);
 }
--- a/postfix/src/util/iostuff.h
+++ b/postfix/src/util/iostuff.h
@ -36,6 +36,9 @@ extern int unix_send_fd(int, int);
 extern ssize_t dummy_read(int, void *, size_t, int, void *);
 extern ssize_t dummy_write(int, void *, size_t, int, void *);
 extern int inet_windowsize;
 extern void set_inet_windowsize(int, int);
 #define BLOCKING	0
 #define NON_BLOCKING	1
--- a/postfix/src/util/listen.h
+++ b/postfix/src/util/listen.h
@ -31,8 +31,6 @@ extern int unix_accept(int);
 extern int stream_accept(int);
 extern int upass_accept(int);
 extern int inet_windowsize;
 /* LICENSE
 /* .ad
 /* .fi