postfix-3.2-20160611

postfix/HISTORY

@@ -22339,3 +22339,31 @@ Apologies for any names omitted.
 	Cleanup: made parsing of '!' operators in regexp and pcre
 	tables consistent with cidr tables. Files: util/dict_regexp.c,
 	util/dict_pcre.c.
+
+20160605
+
+	Cleanup: integer wrap-around detection in the MySQL and
+	PostgreSQL clients. This is totally non-critical because
+	Postfix strings are size-limited by design. Files:
+	global/dict_mysqql.c, global/dict_pgsql.c.
+
+20160607
+
+	Documentation: dnsblog.
+
+20160609
+
+	Documentation: postsuper(1) manpage text for multiple -[dhH]
+	options.  File: postsuper/postsuper.c.
+
+20160611
+
+	Cleanup: Postfix SMTP server local IP address and port
+	attributes in the policy delegation protocol (attribute
+	names: server_address, server_port), in the Milter protocol
+	(macro names: {daemon_addr}, {daemon_port}) and in the
+	XCLIENT protocol (attribute names: DESTADDR, DESTPORT).
+	Files: proto/MILTER_README.html, proto/SMTPD_POLICY_README.html,
+	cleanup/cleanup.h, cleanup/cleanup_milter.c, global/mail_proto.h,
+	milter/milter.h, smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_check.c,
+	smtpd/smtpd_haproxy.c, smtpd/smtpd_milter.c, smtpd/smtpd_peer.c.

postfix/README_FILES/MILTER_README

@@ -375,7 +375,7 @@ Sendmail. See the workarounds section below for solutions.
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |{auth_type}         |MAIL, DATA, EOH, EOM     |SASL login method         |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |{client_addr}       |Always                   |Client IP address         |
+    |{client_addr}       |Always                   |Remote client IP address  |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |                    |                         |Connection concurrency for|
     |                    |                         |this client (zero if the  |
@@ -383,13 +383,13 @@ Sendmail. See the workarounds section below for solutions.
     |                    |                         |all smtpd_client_*        |
     |                    |                         |limits).                  |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |                    |                         |Client hostname           |
+    |                    |                         |Remote client hostname    |
     |                    |                         |When address -> name      |
     |{client_name}       |Always                   |lookup or name -> address |
     |                    |                         |verification fails:       |
     |                    |                         |"unknown"                 |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |{client_port}       |Always (Postfix >=2.5)   |Client TCP port           |
+    |{client_port}       |Always (Postfix >=2.5)   |Remote client TCP port    |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |                    |                         |Client name from address -|
     |{client_ptr}        |CONNECT, HELO, MAIL, DATA|> name lookup             |
@@ -408,9 +408,13 @@ Sendmail. See the workarounds section below for solutions.
     |{cipher}            |HELO, MAIL, DATA, EOH,   |TLS cipher                |
     |                    |EOM                      |                          |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |{daemon_addr}       |Always (Postfix >=3.2)   |Local server IP address   |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |{daemon_name}       |Always                   |value of                  |
     |                    |                         |milter_macro_daemon_name  |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |{daemon_port}       |Always (Postfix >=3.2)   |Local server TCP port     |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |{mail_addr}         |MAIL                     |Sender address            |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |{mail_host}         |MAIL (Postfix >= 2.6,    |Sender next-hop           |
@@ -499,8 +503,8 @@ WWoorrkkaarroouunnddss
             -o smtp_generic_maps=
 
   * Some Milter applications use the "{if_addr}" macro to recognize local mail;
-    this macro does not exist in Postfix. Workaround: use the "{client_addr}"
+    this macro does not exist in Postfix. Workaround: use the "{daemon_addr}"
-    macro instead.
+    (Postfix >= 3.2) or "{client_addr}" macro instead.
 
   * Some Milter applications log a warning that looks like this:
 

postfix/README_FILES/POSTSCREEN_README

@@ -67,11 +67,11 @@ get worse before things improve, if ever. Without a tool like postscreen(8)
 that keeps the zombies away, Postfix would be spending most of its resources
 not receiving email.
 
-The main challenge for postscreen(8) is to make an is-it-a-zombie decision
+The main challenge for postscreen(8) is to make an is-a-zombie decision based
-based on a single measurement. This is necessary because many zombies try to
+on a single measurement. This is necessary because many zombies try to fly
-fly under the radar and avoid spamming the same site repeatedly. Once
+under the radar and avoid spamming the same site repeatedly. Once postscreen(8)
-postscreen(8) decides that a client is not-a-zombie, it whitelists the client
+decides that a client is not-a-zombie, it whitelists the client temporarily to
-temporarily to avoid further delays for legitimate mail.
+avoid further delays for legitimate mail.
 
 Zombies have challenges too: they have only a limited amount of time to deliver
 spam before their IP address becomes blacklisted. To speed up spam deliveries,
@@ -82,14 +82,14 @@ continue sending mail even when the server tells them to go away.
 postscreen(8) uses a variety of measurements to recognize zombies. First,
 postscreen(8) determines if the remote SMTP client IP address is blacklisted.
 Second, postscreen(8) looks for protocol compromises that are made to speed up
-delivery. These are good indicators for making is-it-a-zombie decisions based
+delivery. These are good indicators for making is-a-zombie decisions based on
-on single measurements.
+single measurements.
 
 postscreen(8) does not inspect message content. Message content can vary from
 one delivery to the next, especially with clients that (also) send legitimate
-email. Content is not a good indicator for making is-it-a-zombie decisions
+email. Content is not a good indicator for making is-a-zombie decisions based
-based on single measurements, and that is the problem that postscreen(8) is
+on single measurements, and that is the problem that postscreen(8) is focused
-focused on.
+on.
 
 GGeenneerraall ooppeerraattiioonn
 
@@ -767,7 +767,7 @@ By default, the temporary whitelist is not shared between multiple postscreen
   * A non-persistent memcache: temporary whitelist can be shared between
     postscreen(8) daemons on the same host or different hosts. Disable cache
     cleanup (postscreen_cache_cleanup_interval = 0) in all postscreen(8)
-    daemons because memcache: does not implement this (but see example 4 below
+    daemons because memcache: has no first-next API (but see example 4 below
     for memcache: with persistent backup). This requires Postfix 2.9 or later.
 
         # Example 1: non-persistent memcache: whitelist.

postfix/README_FILES/SMTPD_POLICY_README

@@ -78,6 +78,9 @@ a delegated SMTPD access policy request:
     client_port=1234
     PPoossttffiixx vveerrssiioonn 33..11 aanndd llaatteerr::
     policy_context=submission
+    PPoossttffiixx vveerrssiioonn 33..22 aanndd llaatteerr::
+    server_address=10.3.2.1
+    server_port=54321
     [empty line]
 
 Notes:
@@ -103,8 +106,11 @@ Notes:
     the "DATA" and "END-OF-MESSAGE" stages. It specifies the number of
     recipients that Postfix accepted for the current message.
 
-  * The client address is an IPv4 dotted quad in the form 1.2.3.4 or it is an
+  * The remote client or local server IP address is an IPv4 dotted quad in the
-    IPv6 address in the form 1:2:3::4:5:6.
+    form 1.2.3.4 or it is an IPv6 address in the form 1:2:3::4:5:6.
+
+  * The remote client or local server port is a decimal number in the range 0-
+    65535.
 
   * For a discussion of the differences between reverse and verified
     client_name information, see the reject_unknown_client_hostname discussion

postfix/README_FILES/XCLIENT_README

@@ -56,20 +56,29 @@ are in fact case insensitive.
 
   * Attribute values are xtext encoded as per RFC 1891.
 
-  * The NAME attribute specifies an SMTP client hostname (not an SMTP client
+  * The NAME attribute specifies a remote SMTP client hostname (not an SMTP
-    address), [UNAVAILABLE] when client hostname lookup failed due to a
+    client address), [UNAVAILABLE] when client hostname lookup failed due to a
     permanent error, or [TEMPUNAVAIL] when the lookup error condition was
     transient.
 
-  * The ADDR attribute specifies an SMTP client numerical IPv4 network address,
+  * The ADDR attribute specifies a remote SMTP client numerical IPv4 network
-    an IPv6 address prefixed with IPV6:, or [UNAVAILABLE] when the address
+    address, an IPv6 address prefixed with IPV6:, or [UNAVAILABLE] when the
-    information is unavailable. Address information is not enclosed with [].
+    address information is unavailable. Address information is not enclosed
+    with [].
 
-  * The PORT attribute specifies the SMTP client TCP port number as a decimal
+  * The PORT attribute specifies a remote SMTP client TCP port number as a
-    number, or [UNAVAILABLE] when the information is unavailable.
+    decimal number, or [UNAVAILABLE] when the information is unavailable.
 
   * The PROTO attribute specifies either SMTP or ESMTP.
 
+  * The DESTADDR attribute specifies a local SMTP server numerical IPv4 network
+    address, an IPv6 address prefixed with IPV6:, or [UNAVAILABLE] when the
+    address information is unavailable. Address information is not enclosed
+    with [].
+
+  * The DESTPORT attribute specifies a local SMTP server TCP port number as a
+    decimal number, or [UNAVAILABLE] when the information is unavailable.
+
   * The HELO attribute specifies an SMTP HELO parameter value, or the value
     [UNAVAILABLE] when the information is unavailable.
 

postfix/WISHLIST

@@ -6,10 +6,25 @@ Wish list:
 
 	Disable -DSNAPSHOT and -DNONPROD in makedefs.
 
+	Propagate SMTPD_PEER_CODE_XXX from smtpd(8) to cleanup(8),
+	so that {client_resolve} and {_} produce consistent results.
+
 	Modeline support in config files to enable/disable trailing
 	#comment, and to give hints about how to handle an LHS or
 	RHS.
 
+	The cleanup daemon searches canonical_maps and virtual_alias_maps
+	with quoted address forms. The address local part should
+	be in unquoted form before it is split into name and
+	extension. Note, however, that although quoting is done
+	over the entire localpart, unquoting is not simply a matter
+	of removing the outer quotes. The fix will require careful
+	consideration of the responsibilities of mail_addr_map(),
+	mail_addr_find(), and mail_addr_crunch(), and making sure
+	that the callers can handle quoted results. For example,
+	sender_bcc_maps and recipient_bcc_maps invoke mail_addr_find()
+	with unquoted forms and expects an unquoted result, and so on.
+
 	Maintainability: replace lengthy libmilter-API argument lists
 	with named parameters, as with the libtls API.
 	

postfix/html/MILTER_README.html

@@ -601,19 +601,19 @@ sender </td> </tr>
 <tr> <td> {auth_type} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
 login method </td> </tr>
 
-<tr> <td> {client_addr} </td> <td> Always </td> <td> Client IP
+<tr> <td> {client_addr} </td> <td> Always </td> <td> Remote client
-address </td> </tr>
+IP address </td> </tr>
 
 <tr> <td> {client_connections} </td> <td> CONNECT </td> <td>
 Connection concurrency for this client (zero if the client is
 excluded from all smtpd_client_* limits). </td> </tr>
 
-<tr> <td> {client_name} </td> <td> Always </td> <td> Client hostname
+<tr> <td> {client_name} </td> <td> Always </td> <td> Remote client
-<br> When address &rarr; name lookup or name &rarr; address
+hostname <br> When address &rarr; name lookup or name &rarr; address
 verification fails: "unknown" </td> </tr>
 
 <tr> <td> {client_port} </td> <td> Always (Postfix &ge;2.5) </td>
-<td> Client TCP port </td> </tr>
+<td> Remote client TCP port </td> </tr>
 
 <tr> <td> {client_ptr} </td> <td> CONNECT, HELO, MAIL, DATA </td>
 <td> Client name from address &rarr; name lookup <br> When address
@@ -631,9 +631,15 @@ TLS session key size </td> </tr>
 <tr> <td> {cipher} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td> TLS
 cipher </td> </tr>
 
+<tr> <td> {daemon_addr} </td> <td> Always (Postfix &ge;3.2) </td>
+<td> Local server IP address </td> </tr>
+
 <tr> <td> {daemon_name} </td> <td> Always </td> <td> value of
 <a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> </td> </tr>
 
+<tr> <td> {daemon_port} </td> <td> Always (Postfix &ge;3.2) </td>
+<td> Local server TCP port </td> </tr>
+
 <tr> <td> {mail_addr} </td> <td> MAIL </td> <td> Sender address
 </td> </tr>
 
@@ -748,7 +754,8 @@ example. </p>
 
 <li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
 to recognize local mail; this macro does not exist in Postfix.
-Workaround: use the "<tt>{client_addr}</tt>" macro instead. </p>
+Workaround: use the "<tt>{daemon_addr}</tt>" (Postfix &ge 3.2) or
+"<tt>{client_addr}</tt>" macro instead. </p>
 
 <li> <p> Some Milter applications log a warning that looks like
 this: </p>

postfix/html/POSTSCREEN_README.html

@@ -106,7 +106,7 @@ problem will get worse before things improve, if ever. Without a
 tool like <a href="postscreen.8.html">postscreen(8)</a> that keeps the zombies away, Postfix would be
 spending most of its resources not receiving email. </p>
 
-<p> The main challenge for <a href="postscreen.8.html">postscreen(8)</a> is to make an is-it-a-zombie
+<p> The main challenge for <a href="postscreen.8.html">postscreen(8)</a> is to make an is-a-zombie
 decision based on a single measurement. This is necessary because
 many zombies try to fly under the radar and avoid spamming the same
 site repeatedly.  Once <a href="postscreen.8.html">postscreen(8)</a> decides that a client is
@@ -124,13 +124,13 @@ mail even when the server tells them to go away. </p>
 zombies.  First, <a href="postscreen.8.html">postscreen(8)</a> determines if the remote SMTP client
 IP address is blacklisted.  Second, <a href="postscreen.8.html">postscreen(8)</a> looks for protocol
 compromises that are made to speed up delivery.  These are good
-indicators for making is-it-a-zombie decisions based on single
+indicators for making is-a-zombie decisions based on single
 measurements.  </p>
 
 <p> <a href="postscreen.8.html">postscreen(8)</a> does not inspect message content. Message content
 can vary from one delivery to the next, especially with clients
 that (also) send legitimate email.  Content is not a good indicator
-for making is-it-a-zombie decisions based on single measurements,
+for making is-a-zombie decisions based on single measurements,
 and that is the problem that <a href="postscreen.8.html">postscreen(8)</a> is focused on.  </p>
 
 <h2> <a name="general"> General operation </a> </h2>
@@ -1072,8 +1072,8 @@ of the following options: </p>
 <li> <p> A non-persistent <a href="memcache_table.5.html">memcache</a>: temporary whitelist can be shared
     between <a href="postscreen.8.html">postscreen(8)</a> daemons on the same host or different
     hosts.  Disable cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
-    = 0) in all <a href="postscreen.8.html">postscreen(8)</a> daemons because <a href="memcache_table.5.html">memcache</a>: does not
+    = 0) in all <a href="postscreen.8.html">postscreen(8)</a> daemons because <a href="memcache_table.5.html">memcache</a>: has no
-    implement this (but see example 4 below for <a href="memcache_table.5.html">memcache</a>: with
+    first-next API (but see example 4 below for <a href="memcache_table.5.html">memcache</a>: with
     persistent backup). This requires Postfix 2.9 or later. </p>
 
     <pre>

postfix/html/SMTPD_POLICY_README.html

@@ -110,6 +110,9 @@ ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 client_port=1234
 <b>Postfix version 3.1 and later:</b>
 policy_context=submission
+<b>Postfix version 3.2 and later:</b>
+server_address=10.3.2.1
+server_port=54321
 [empty line]
 </pre>
 </blockquote>
@@ -144,9 +147,12 @@ policy_context=submission
     specifies the number of recipients that Postfix accepted for
     the current message.  </p>
 
-    <li> <p> The client address is an IPv4 dotted quad in the form
+    <li> <p> The remote client or local server IP address is an
-    1.2.3.4 or it is an IPv6 address in the form 1:2:3::4:5:6.
+    IPv4 dotted quad in the form 1.2.3.4 or it is an IPv6 address
-    </p>
+    in the form 1:2:3::4:5:6.  </p>
+
+    <li> <p> The remote client or local server port is a decimal
+    number in the range 0-65535.  </p>
 
     <li> <p> For a discussion of the differences between reverse
     and verified client_name information, see the

postfix/html/XCLIENT_README.html

@@ -92,23 +92,32 @@ names are shown in upper case, they are in fact case insensitive.
     <li> <p> Attribute values are xtext encoded as per <a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>.
     </p>
 
-    <li> <p> The NAME attribute specifies an SMTP client hostname
+    <li> <p> The NAME attribute specifies a remote SMTP client
-    (not an SMTP client address), [UNAVAILABLE] when client hostname
+    hostname (not an SMTP client address), [UNAVAILABLE] when client
-    lookup failed due to a permanent error, or [TEMPUNAVAIL] when
+    hostname lookup failed due to a permanent error, or [TEMPUNAVAIL]
-    the lookup error condition was transient. </p>
+    when the lookup error condition was transient. </p>
 
-    <li> <p> The ADDR attribute specifies an SMTP client numerical
+    <li> <p> The ADDR attribute specifies a remote SMTP client
-    IPv4 network address, an IPv6 address prefixed with IPV6:, or
+    numerical IPv4 network address, an IPv6 address prefixed with
-    [UNAVAILABLE] when the address information is unavailable.
+    IPV6:, or [UNAVAILABLE] when the address information is
-    Address information is not enclosed with []. </p>
+    unavailable.  Address information is not enclosed with []. </p>
 
-    <li> <p> The PORT attribute specifies the SMTP client TCP port
+    <li> <p> The PORT attribute specifies a remote SMTP client TCP
-    number as a decimal number, or [UNAVAILABLE] when the information
+    port number as a decimal number, or [UNAVAILABLE] when the
-    is unavailable.  </p>
+    information is unavailable.  </p>
 
     <li> <p> The PROTO attribute specifies either SMTP or ESMTP.
     </p>
 
+    <li> <p> The DESTADDR attribute specifies a local SMTP server
+    numerical IPv4 network address, an IPv6 address prefixed with
+    IPV6:, or [UNAVAILABLE] when the address information is
+    unavailable.  Address information is not enclosed with []. </p>
+
+    <li> <p> The DESTPORT attribute specifies a local SMTP server
+    TCP port number as a decimal number, or [UNAVAILABLE] when the
+    information is unavailable.  </p>
+
     <li> <p> The HELO attribute specifies an SMTP HELO parameter
     value, or the value [UNAVAILABLE] when the information is
     unavailable.  </p>

postfix/html/dnsblog.8.html

@@ -24,8 +24,9 @@ DNSBLOG(8)                                                          DNSBLOG(8)
        match and replies with the query arguments plus an  address  list  with
        the resulting IP addresses, separated by whitespace, and the reply TTL.
        Otherwise it replies with the query arguments  plus  an  empty  address
-       list  and  the  reply TTL (-1 if unavailable).  Finally, The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a>
+       list and the reply TTL; the reply TTL is -1 if no reply is received, or
-       server closes the connection.
+       a negative reply without SOA record.  Finally,  The  <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a>  server
+       closes the connection.
 
 <b>DIAGNOSTICS</b>
        Problems and transactions are logged to <b>syslogd</b>(8).

postfix/html/postsuper.1.html

@@ -36,9 +36,10 @@ POSTSUPER(1)                                                      POSTSUPER(1)
               Delete  one  message with the named queue ID from the named mail
               queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b>).
 
-              If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the  program  reads  queue  IDs
+              To delete multiple files, specify the <b>-d</b> option multiple  times,
-              from  standard  input.  For  example,  to  delete  all mail with
+              or  specify  a  <i>queue</i><b>_</b><i>id</i>  of  <b>-</b>  to read queue IDs from standard
-              exactly one recipient <b>user@example.com</b>:
+              input. For example, to delete all mail with exactly one  recipi-
+              ent <b>user@example.com</b>:
 
               mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" }
                   # $7=sender, $8=recipient1, $9=recipient2
@@ -79,8 +80,8 @@ POSTSUPER(1)                                                      POSTSUPER(1)
               queue(s)  (default:  <b>incoming</b>,  <b>active</b> and <b>deferred</b>) to the <b>hold</b>
               queue.
 
-              If  a  <i>queue</i><b>_</b><i>id</i>  of  <b>-</b> is specified, the program reads queue IDs
+              To hold multiple files, specify the <b>-h</b> option multiple times, or
-              from standard input.
+              specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b> to read queue IDs from standard input.
 
               Specify  "<b>-h ALL</b>" to hold all messages; for example, specify "<b>-h</b>
               <b>ALL deferred</b>" to hold all mail in  the  <b>deferred</b>  queue.   As  a
@@ -98,8 +99,9 @@ POSTSUPER(1)                                                      POSTSUPER(1)
               named  queue  ID from the named mail queue(s) (default: <b>hold</b>) to
               the <b>deferred</b> queue.
 
-              If  a  <i>queue</i><b>_</b><i>id</i>  of  <b>-</b> is specified, the program reads queue IDs
+              To release multiple files, specify the <b>-H</b> option multiple times,
-              from standard input.
+              or  specify  a  <i>queue</i><b>_</b><i>id</i>  of  <b>-</b>  to read queue IDs from standard
+              input.
 
               Note: specify "<b>postsuper -r</b>" to release mail that  was  kept  on
               hold  for  a  significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
@@ -115,12 +117,11 @@ POSTSUPER(1)                                                      POSTSUPER(1)
 
        <b>-r</b> <i>queue</i><b>_</b><i>id</i>
               Requeue the message with the named queue ID from the named  mail
-              queue(s)  (default:  <b>hold</b>,  <b>incoming</b>,  <b>active</b> and <b>deferred</b>).  To
+              queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b>).
-              requeue multiple  messages,  specify  multiple  <b>-r</b>  command-line
-              options.
 
-              Alternatively,  if  a  <i>queue</i><b>_</b><i>id</i>  of  <b>-</b> is specified, the program
+              To requeue multiple files, specify the <b>-r</b> option multiple times,
-              reads queue IDs from standard input.
+              or specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b>  to  read  queue  IDs  from  standard
+              input.
 
               Specify  "<b>-r  ALL</b>" to requeue all messages. As a safety measure,
               the word <b>ALL</b> must be specified in upper case.

postfix/man/man1/postsuper.1

@@ -38,8 +38,9 @@ Delete one message with the named queue ID from the named
 mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
 \fBdeferred\fR).
 
-If a \fIqueue_id\fR of \fB\-\fR is specified, the program reads
+To delete multiple files, specify the \fB\-d\fR option multiple
-queue IDs from standard input. For example, to delete all mail
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input. For example, to delete all mail
 with exactly one recipient \fBuser@example.com\fR:
 .sp
 .nf
@@ -83,8 +84,9 @@ Move one message with the named queue ID from the named
 mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
 \fBdeferred\fR) to the \fBhold\fR queue.
 
-If a \fIqueue_id\fR of \fB\-\fR is specified, the program reads
+To hold multiple files, specify the \fB\-h\fR option multiple
-queue IDs from standard input.
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input.
 .sp
 Specify "\fB\-h ALL\fR" to hold all messages; for example, specify
 "\fB\-h ALL deferred\fR" to hold all mail in the \fBdeferred\fR queue.
@@ -102,8 +104,9 @@ Release mail that was put "on hold".
 Move one message with the named queue ID from the named
 mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue.
 
-If a \fIqueue_id\fR of \fB\-\fR is specified, the program reads
+To release multiple files, specify the \fB\-H\fR option multiple
-queue IDs from standard input.
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input.
 .sp
 Note: specify "\fBpostsuper \-r\fR" to release mail that was kept on
 hold for a significant fraction of \fB$maximal_queue_lifetime\fR
@@ -121,11 +124,10 @@ software crashes.
 Requeue the message with the named queue ID from the named
 mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
 \fBdeferred\fR).
-To requeue multiple messages, specify multiple \fB\-r\fR
-command\-line options.
 
-Alternatively, if a \fIqueue_id\fR of \fB\-\fR is specified,
+To requeue multiple files, specify the \fB\-r\fR option multiple
-the program reads queue IDs from standard input.
+times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs
+from standard input.
 .sp
 Specify "\fB\-r ALL\fR" to requeue all messages. As a safety
 measure, the word \fBALL\fR must be specified in upper case.

postfix/man/man8/dnsblog.8

@@ -28,8 +28,9 @@ If the IP address is listed under the DNS white/blacklist, the
 query arguments plus an address list with the resulting IP
 addresses, separated by whitespace, and the reply TTL.
 Otherwise it replies with the query arguments plus an empty
-address list and the reply TTL (\-1 if unavailable).  Finally,
+address list and the reply TTL; the reply TTL is \-1 if no
-The \fBdnsblog\fR(8) server closes the connection.
+reply is received, or a negative reply without SOA record.
+Finally, The \fBdnsblog\fR(8) server closes the connection.
 .SH DIAGNOSTICS
 .ad
 .fi
@@ -81,9 +82,9 @@ syslogd(5), system logging
 .ad
 .fi
 The Secure Mailer license must be distributed with this software.
-.SH "HISTORY"
+.SH HISTORY
-.na
+.ad
-.nf
+.fi
 .ad
 .fi
 This service was introduced with Postfix version 2.8.

postfix/proto/MILTER_README.html

@@ -601,19 +601,19 @@ sender </td> </tr>
 <tr> <td> {auth_type} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
 login method </td> </tr>
 
-<tr> <td> {client_addr} </td> <td> Always </td> <td> Client IP
+<tr> <td> {client_addr} </td> <td> Always </td> <td> Remote client
-address </td> </tr>
+IP address </td> </tr>
 
 <tr> <td> {client_connections} </td> <td> CONNECT </td> <td>
 Connection concurrency for this client (zero if the client is
 excluded from all smtpd_client_* limits). </td> </tr>
 
-<tr> <td> {client_name} </td> <td> Always </td> <td> Client hostname
+<tr> <td> {client_name} </td> <td> Always </td> <td> Remote client
-<br> When address &rarr; name lookup or name &rarr; address
+hostname <br> When address &rarr; name lookup or name &rarr; address
 verification fails: "unknown" </td> </tr>
 
 <tr> <td> {client_port} </td> <td> Always (Postfix &ge;2.5) </td>
-<td> Client TCP port </td> </tr>
+<td> Remote client TCP port </td> </tr>
 
 <tr> <td> {client_ptr} </td> <td> CONNECT, HELO, MAIL, DATA </td>
 <td> Client name from address &rarr; name lookup <br> When address
@@ -631,9 +631,15 @@ TLS session key size </td> </tr>
 <tr> <td> {cipher} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td> TLS
 cipher </td> </tr>
 
+<tr> <td> {daemon_addr} </td> <td> Always (Postfix &ge;3.2) </td>
+<td> Local server IP address </td> </tr>
+
 <tr> <td> {daemon_name} </td> <td> Always </td> <td> value of
 milter_macro_daemon_name </td> </tr>
 
+<tr> <td> {daemon_port} </td> <td> Always (Postfix &ge;3.2) </td>
+<td> Local server TCP port </td> </tr>
+
 <tr> <td> {mail_addr} </td> <td> MAIL </td> <td> Sender address
 </td> </tr>
 
@@ -748,7 +754,8 @@ example. </p>
 
 <li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
 to recognize local mail; this macro does not exist in Postfix.
-Workaround: use the "<tt>{client_addr}</tt>" macro instead. </p>
+Workaround: use the "<tt>{daemon_addr}</tt>" (Postfix &ge 3.2) or
+"<tt>{client_addr}</tt>" macro instead. </p>
 
 <li> <p> Some Milter applications log a warning that looks like
 this: </p>

postfix/proto/POSTSCREEN_README.html

@@ -106,7 +106,7 @@ problem will get worse before things improve, if ever. Without a
 tool like postscreen(8) that keeps the zombies away, Postfix would be
 spending most of its resources not receiving email. </p>
 
-<p> The main challenge for postscreen(8) is to make an is-it-a-zombie
+<p> The main challenge for postscreen(8) is to make an is-a-zombie
 decision based on a single measurement. This is necessary because
 many zombies try to fly under the radar and avoid spamming the same
 site repeatedly.  Once postscreen(8) decides that a client is
@@ -124,13 +124,13 @@ mail even when the server tells them to go away. </p>
 zombies.  First, postscreen(8) determines if the remote SMTP client
 IP address is blacklisted.  Second, postscreen(8) looks for protocol
 compromises that are made to speed up delivery.  These are good
-indicators for making is-it-a-zombie decisions based on single
+indicators for making is-a-zombie decisions based on single
 measurements.  </p>
 
 <p> postscreen(8) does not inspect message content. Message content
 can vary from one delivery to the next, especially with clients
 that (also) send legitimate email.  Content is not a good indicator
-for making is-it-a-zombie decisions based on single measurements,
+for making is-a-zombie decisions based on single measurements,
 and that is the problem that postscreen(8) is focused on.  </p>
 
 <h2> <a name="general"> General operation </a> </h2>
@@ -1072,8 +1072,8 @@ of the following options: </p>
 <li> <p> A non-persistent memcache: temporary whitelist can be shared
     between postscreen(8) daemons on the same host or different
     hosts.  Disable cache cleanup (postscreen_cache_cleanup_interval
-    = 0) in all postscreen(8) daemons because memcache: does not
+    = 0) in all postscreen(8) daemons because memcache: has no
-    implement this (but see example 4 below for memcache: with
+    first-next API (but see example 4 below for memcache: with
     persistent backup). This requires Postfix 2.9 or later. </p>
 
     <pre>

postfix/proto/SMTPD_POLICY_README.html

@@ -110,6 +110,9 @@ ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 client_port=1234
 <b>Postfix version 3.1 and later:</b>
 policy_context=submission
+<b>Postfix version 3.2 and later:</b>
+server_address=10.3.2.1
+server_port=54321
 [empty line]
 </pre>
 </blockquote>
@@ -144,9 +147,12 @@ policy_context=submission
     specifies the number of recipients that Postfix accepted for
     the current message.  </p>
 
-    <li> <p> The client address is an IPv4 dotted quad in the form
+    <li> <p> The remote client or local server IP address is an
-    1.2.3.4 or it is an IPv6 address in the form 1:2:3::4:5:6.
+    IPv4 dotted quad in the form 1.2.3.4 or it is an IPv6 address
-    </p>
+    in the form 1:2:3::4:5:6.  </p>
+
+    <li> <p> The remote client or local server port is a decimal
+    number in the range 0-65535.  </p>
 
     <li> <p> For a discussion of the differences between reverse
     and verified client_name information, see the

postfix/proto/XCLIENT_README.html

@@ -92,23 +92,32 @@ names are shown in upper case, they are in fact case insensitive.
     <li> <p> Attribute values are xtext encoded as per RFC 1891.
     </p>
 
-    <li> <p> The NAME attribute specifies an SMTP client hostname
+    <li> <p> The NAME attribute specifies a remote SMTP client
-    (not an SMTP client address), [UNAVAILABLE] when client hostname
+    hostname (not an SMTP client address), [UNAVAILABLE] when client
-    lookup failed due to a permanent error, or [TEMPUNAVAIL] when
+    hostname lookup failed due to a permanent error, or [TEMPUNAVAIL]
-    the lookup error condition was transient. </p>
+    when the lookup error condition was transient. </p>
 
-    <li> <p> The ADDR attribute specifies an SMTP client numerical
+    <li> <p> The ADDR attribute specifies a remote SMTP client
-    IPv4 network address, an IPv6 address prefixed with IPV6:, or
+    numerical IPv4 network address, an IPv6 address prefixed with
-    [UNAVAILABLE] when the address information is unavailable.
+    IPV6:, or [UNAVAILABLE] when the address information is
-    Address information is not enclosed with []. </p>
+    unavailable.  Address information is not enclosed with []. </p>
 
-    <li> <p> The PORT attribute specifies the SMTP client TCP port
+    <li> <p> The PORT attribute specifies a remote SMTP client TCP
-    number as a decimal number, or [UNAVAILABLE] when the information
+    port number as a decimal number, or [UNAVAILABLE] when the
-    is unavailable.  </p>
+    information is unavailable.  </p>
 
     <li> <p> The PROTO attribute specifies either SMTP or ESMTP.
     </p>
 
+    <li> <p> The DESTADDR attribute specifies a local SMTP server
+    numerical IPv4 network address, an IPv6 address prefixed with
+    IPV6:, or [UNAVAILABLE] when the address information is
+    unavailable.  Address information is not enclosed with []. </p>
+
+    <li> <p> The DESTPORT attribute specifies a local SMTP server
+    TCP port number as a decimal number, or [UNAVAILABLE] when the
+    information is unavailable.  </p>
+
     <li> <p> The HELO attribute specifies an SMTP HELO parameter
     value, or the value [UNAVAILABLE] when the information is
     unavailable.  </p>

postfix/src/cleanup/Makefile.in

@@ -1087,6 +1087,7 @@ cleanup_milter.o: ../../include/dsn_util.h
 cleanup_milter.o: ../../include/header_body_checks.h
 cleanup_milter.o: ../../include/header_opts.h
 cleanup_milter.o: ../../include/htable.h
+cleanup_milter.o: ../../include/inet_proto.h
 cleanup_milter.o: ../../include/iostuff.h
 cleanup_milter.o: ../../include/is_header.h
 cleanup_milter.o: ../../include/lex_822.h

postfix/src/cleanup/cleanup.h

@@ -112,6 +112,8 @@ typedef struct CLEANUP_STATE {
     const char *client_addr;		/* real or ersatz client */
     int     client_af;			/* real or ersatz client */
     const char *client_port;		/* real or ersatz client */
+    const char *server_addr;		/* real or ersatz server */
+    const char *server_port;		/* real or ersatz server */
     VSTRING *milter_ext_from;		/* externalized sender */
     VSTRING *milter_ext_rcpt;		/* externalized recipient */
     VSTRING *milter_err_text;		/* milter call-back reply */
@@ -355,4 +357,9 @@ extern void cleanup_body_edit_free(CLEANUP_STATE *);
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/

postfix/src/cleanup/cleanup_milter.c

@@ -96,6 +96,7 @@
 #include <vstream.h>
 #include <vstring.h>
 #include <stringops.h>
+#include <inet_proto.h>
 
 /* Global library. */
 
@@ -1821,6 +1822,7 @@ static const char *cleanup_milter_eval(const char *name, void *ptr)
      */
 #ifndef CLIENT_ATTR_UNKNOWN
 #define CLIENT_ATTR_UNKNOWN "unknown"
+#define SERVER_ATTR_UNKNOWN "unknown"
 #endif
 
     if (strcmp(name, S8_MAC__) == 0) {
@@ -1842,6 +1844,13 @@ static const char *cleanup_milter_eval(const char *name, void *ptr)
 		state->client_port : "0");
     if (strcmp(name, S8_MAC_CLIENT_PTR) == 0)
 	return (state->reverse_name);
+    /* XXX S8_MAC_CLIENT_RES needs SMTPD_PEER_CODE_XXX from smtpd. */
+    if (strcmp(name, S8_MAC_DAEMON_ADDR) == 0)
+	return (state->server_addr);
+    if (strcmp(name, S8_MAC_DAEMON_PORT) == 0)
+	return (state->server_port
+		&& strcmp(state->server_port, SERVER_ATTR_UNKNOWN) ?
+		state->server_port : "0");
 
     /*
      * MAIL FROM macros.
@@ -2005,6 +2014,7 @@ static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *event,
 
 static void cleanup_milter_client_init(CLEANUP_STATE *state)
 {
+    static INET_PROTO_INFO *proto_info;
     const char *proto_attr;
 
     /*
@@ -2019,19 +2029,34 @@ static void cleanup_milter_client_init(CLEANUP_STATE *state)
     state->client_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_ADDR);
     state->client_port = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_PORT);
     proto_attr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_AF);
+    state->server_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_SERVER_ADDR);
+    state->server_port = nvtable_find(state->attr, MAIL_ATTR_ACT_SERVER_PORT);
 
     if (state->client_name == 0 || state->client_addr == 0 || proto_attr == 0
 	|| !alldig(proto_attr)) {
 	state->client_name = "localhost";
+#ifdef AF_INET6
+	if (proto_info == 0)
+	    proto_info = inet_proto_info();
+	if (proto_info->sa_family_list[0] == PF_INET6) {
+	    state->client_addr = "::1";
+	    state->client_af = AF_INET6;
+	} else
+#endif
+	{
 	    state->client_addr = "127.0.0.1";
 	    state->client_af = AF_INET;
+	}
+	state->server_addr = state->client_addr;
     } else
 	state->client_af = atoi(proto_attr);
     if (state->reverse_name == 0)
 	state->reverse_name = state->client_name;
     /* Compatibility with pre-2.5 queue files. */
-    if (state->client_port == 0)
+    if (state->client_port == 0) {
 	state->client_port = NO_CLIENT_PORT;
+	state->server_port = state->client_port;
+    }
 }
 
 /* cleanup_milter_inspect - run message through mail filter */

postfix/src/cleanup/cleanup_state.c

@@ -125,6 +125,8 @@ CLEANUP_STATE *cleanup_state_alloc(VSTREAM *src)
     state->client_addr = 0;
     state->client_af = 0;
     state->client_port = 0;
+    state->server_addr = 0;
+    state->server_port = 0;
     state->milter_ext_from = 0;
     state->milter_ext_rcpt = 0;
     state->milter_err_text = 0;

postfix/src/dnsblog/dnsblog.c

@@ -20,8 +20,9 @@
 /*	query arguments plus an address list with the resulting IP
 /*	addresses, separated by whitespace, and the reply TTL.
 /*	Otherwise it replies with the query arguments plus an empty
-/*	address list and the reply TTL (-1 if unavailable).  Finally,
+/*	address list and the reply TTL; the reply TTL is -1 if no
-/*	The \fBdnsblog\fR(8) server closes the connection.
+/*	reply is received, or a negative reply without SOA record.
+/*	Finally, The \fBdnsblog\fR(8) server closes the connection.
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
 /* CONFIGURATION PARAMETERS

postfix/src/global/dict_mysql.c

@@ -186,6 +186,7 @@
 #include <syslog.h>
 #include <time.h>
 #include <mysql.h>
+#include <limits.h>
 
 #ifdef STRCASECMP_IN_STRINGS_H
 #include <strings.h>
@@ -288,14 +289,15 @@ static void dict_mysql_quote(DICT *dict, const char *name, VSTRING *result)
 {
     DICT_MYSQL *dict_mysql = (DICT_MYSQL *) dict;
     int     len = strlen(name);
-    int     buflen = 2 * len + 1;
+    int     buflen;
 
     /*
      * We won't get integer overflows in 2*len + 1, because Postfix input
      * keys have reasonable size limits, better safe than sorry.
      */
-    if (buflen < len)
+    if (len > (INT_MAX - 1) / 2)
 	msg_panic("dict_mysql_quote: integer overflow in 2*%d+1", len);
+    buflen = 2 * len + 1;
     VSTRING_SPACE(result, buflen);
 
 #if defined(MYSQL_VERSION_ID) && MYSQL_VERSION_ID >= 40000

postfix/src/global/dict_pgsql.c

@@ -241,7 +241,7 @@ static void dict_pgsql_quote(DICT *dict, const char *name, VSTRING *result)
     HOST   *active_host = dict_pgsql->active_host;
     char   *myname = "dict_pgsql_quote";
     size_t  len = strlen(name);
-    size_t  buflen = 2 * len + 1;
+    size_t  buflen;
     int     err = 1;
 
     if (active_host == 0)
@@ -251,9 +251,11 @@ static void dict_pgsql_quote(DICT *dict, const char *name, VSTRING *result)
      * We won't get arithmetic overflows in 2*len + 1, because Postfix input
      * keys have reasonable size limits, better safe than sorry.
      */
-    if (buflen <= len)
+    if (len > (SSIZE_T_MAX - VSTRING_LEN(result) - 1) / 2)
-	msg_panic("%s: arithmetic overflow in 2*%lu+1",
+	msg_panic("%s: arithmetic overflow in %lu+2*%lu+1",
-		  myname, (unsigned long) len);
+		  myname, (unsigned long) VSTRING_LEN(result),
+		  (unsigned long) len);
+    buflen = 2 * len + 1;
 
     /*
      * XXX Workaround: stop further processing when PQescapeStringConn()

postfix/src/global/mail_params.h

@@ -3255,7 +3255,7 @@ extern char *var_cleanup_milters;
 extern char *var_milt_def_action;
 
 #define VAR_MILT_CONN_MACROS		"milter_connect_macros"
-#define DEF_MILT_CONN_MACROS		"j {daemon_name} v"
+#define DEF_MILT_CONN_MACROS		"j {daemon_name} {daemon_addr} v"
 extern char *var_milt_conn_macros;
 
 #define VAR_MILT_HELO_MACROS		"milter_helo_macros"

postfix/src/global/mail_proto.h

@@ -242,6 +242,8 @@ extern char *mail_pathname(const char *, const char *);
 #define XCLIENT_PROTO		"PROTO"	/* client protocol */
 #define XCLIENT_HELO		"HELO"	/* client helo */
 #define XCLIENT_LOGIN		"LOGIN"	/* SASL login name */
+#define XCLIENT_DESTADDR	"DESTADDR"	/* server address */
+#define XCLIENT_DESTPORT	"DESTPORT"	/* server port */
 
 #define XCLIENT_UNAVAILABLE	"[UNAVAILABLE]"	/* permanently unavailable */
 #define XCLIENT_TEMPORARY	"[TEMPUNAVAIL]"	/* temporarily unavailable */
@@ -307,6 +309,11 @@ extern char *mail_pathname(const char *, const char *);
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 #endif

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20160604"
+#define MAIL_RELEASE_DATE	"20160611"
 #define MAIL_VERSION_NUMBER	"3.2"
 
 #ifdef SNAPSHOT

postfix/src/milter/milter.h

@@ -164,7 +164,7 @@ extern void milter_free(MILTERS *);
  /*
   * Sendmail 8 macro names. We support forms with and without the {}.
   */
-#define S8_MAC__		"{_}"	/* sender resolve */
+#define S8_MAC__		"{_}"	/* sender host, see client_resolve */
 #define S8_MAC_J		"{j}"	/* myhostname */
 #define S8_MAC_V		"{v}"	/* mail_name + mail_version */
 
@@ -179,6 +179,9 @@ extern void milter_free(MILTERS *);
 #define S8_MAC_CLIENT_PTR	"{client_ptr}"
 #define S8_MAC_CLIENT_RES	"{client_resolve}"
 
+#define S8_MAC_DAEMON_ADDR	"{daemon_addr}"
+#define S8_MAC_DAEMON_PORT	"{daemon_port}"
+
 #define S8_MAC_TLS_VERSION	"{tls_version}"
 #define S8_MAC_CIPHER		"{cipher}"
 #define S8_MAC_CIPHER_BITS	"{cipher_bits}"

postfix/src/milter/test-milter.c

@@ -185,7 +185,9 @@ static const char *macro_names[] = {
     "{client_port}",
     "{client_ptr}",
     "{client_resolve}",
+    "{daemon_addr}",
     "{daemon_name}",
+    "{daemon_port}",
     "{if_addr}",
     "{if_name}",
     "{mail_addr}",

postfix/src/postsuper/postsuper.c

@@ -32,8 +32,9 @@
 /*	mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
 /*	\fBdeferred\fR).
 /*
-/*	If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
+/*	To delete multiple files, specify the \fB-d\fR option multiple
-/*	queue IDs from standard input. For example, to delete all mail
+/*	times, or specify a \fIqueue_id\fR of \fB-\fR to read queue IDs
+/*	from standard input. For example, to delete all mail
 /*	with exactly one recipient \fBuser@example.com\fR:
 /* .sp
 /* .nf
@@ -77,8 +78,9 @@
 /*	mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
 /*	\fBdeferred\fR) to the \fBhold\fR queue.
 /*
-/*	If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
+/*	To hold multiple files, specify the \fB-h\fR option multiple
-/*	queue IDs from standard input.
+/*	times, or specify a \fIqueue_id\fR of \fB-\fR to read queue IDs
+/*	from standard input.
 /* .sp
 /*	Specify "\fB-h ALL\fR" to hold all messages; for example, specify
 /*	"\fB-h ALL deferred\fR" to hold all mail in the \fBdeferred\fR queue.
@@ -96,8 +98,9 @@
 /*	Move one message with the named queue ID from the named
 /*	mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue.
 /*
-/*	If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
+/*	To release multiple files, specify the \fB-H\fR option multiple
-/*	queue IDs from standard input.
+/*	times, or specify a \fIqueue_id\fR of \fB-\fR to read queue IDs
+/*	from standard input.
 /* .sp
 /*	Note: specify "\fBpostsuper -r\fR" to release mail that was kept on
 /*	hold for a significant fraction of \fB$maximal_queue_lifetime\fR
@@ -115,11 +118,10 @@
 /*	Requeue the message with the named queue ID from the named
 /*	mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
 /*	\fBdeferred\fR).
-/*	To requeue multiple messages, specify multiple \fB-r\fR
-/*	command-line options.
 /*
-/*	Alternatively, if a \fIqueue_id\fR of \fB-\fR is specified,
+/*	To requeue multiple files, specify the \fB-r\fR option multiple
-/*	the program reads queue IDs from standard input.
+/*	times, or specify a \fIqueue_id\fR of \fB-\fR to read queue IDs
+/*	from standard input.
 /* .sp
 /*	Specify "\fB-r ALL\fR" to requeue all messages. As a safety
 /*	measure, the word \fBALL\fR must be specified in upper case.

postfix/src/smtpd/smtpd.c

@@ -1850,7 +1850,9 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 			" " XCLIENT_NAME " " XCLIENT_ADDR
 			" " XCLIENT_PROTO " " XCLIENT_HELO
 			" " XCLIENT_REVERSE_NAME " " XCLIENT_PORT
-			XCLIENT_LOGIN_KLUDGE);
+			XCLIENT_LOGIN_KLUDGE
+			" " XCLIENT_DESTADDR
+			" " XCLIENT_DESTPORT);
 	else if (xclient_hosts && xclient_hosts->error)
 	    cant_announce_feature(state, XCLIENT_CMD);
     }
@@ -2131,6 +2133,10 @@ static int mail_open_stream(SMTPD_STATE *state)
 			MAIL_ATTR_ACT_CLIENT_ADDR, state->addr);
 	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 			MAIL_ATTR_ACT_CLIENT_PORT, state->port);
+	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			MAIL_ATTR_ACT_SERVER_ADDR, state->dest_addr);
+	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			MAIL_ATTR_ACT_SERVER_PORT, state->dest_port);
 	    if (state->helo_name)
 		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 			    MAIL_ATTR_ACT_HELO_NAME, state->helo_name);
@@ -4032,6 +4038,43 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	}
 #endif
 
+	/*
+	 * DESTADDR=substitute SMTP server network address.
+	 */
+	else if (STREQ(attr_name, XCLIENT_DESTADDR)) {
+	    if (STREQ(attr_value, XCLIENT_UNAVAILABLE)) {
+		attr_value = SERVER_ADDR_UNKNOWN;
+		bare_value = attr_value;
+	    } else {
+		if ((bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0) {
+		    state->error_mask |= MAIL_ERROR_PROTOCOL;
+		    smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
+				     XCLIENT_DESTADDR, attr_value);
+		    return (-1);
+		}
+	    }
+	    UPDATE_STR(state->dest_addr, bare_value);
+	    /* XXX Require same address family as client address. */
+	}
+
+	/*
+	 * DESTPORT=substitute SMTP server port number.
+	 */
+	else if (STREQ(attr_name, XCLIENT_DESTPORT)) {
+	    if (STREQ(attr_value, XCLIENT_UNAVAILABLE)) {
+		attr_value = SERVER_PORT_UNKNOWN;
+	    } else {
+		if (!alldig(attr_value)
+		    || strlen(attr_value) > sizeof("65535") - 1) {
+		    state->error_mask |= MAIL_ERROR_PROTOCOL;
+		    smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
+				     XCLIENT_DESTPORT, attr_value);
+		    return (-1);
+		}
+	    }
+	    UPDATE_STR(state->dest_port, attr_value);
+	}
+
 	/*
 	 * Unknown attribute name. Complain.
 	 */

postfix/src/smtpd/smtpd.h

@@ -79,7 +79,8 @@ typedef struct {
     char   *namaddr;			/* name[address]:port */
     char   *rfc_addr;			/* address for RFC 2821 */
     int     addr_family;		/* address family */
-    char   *dest_addr;			/* for Dovecot AUTH */
+    char   *dest_addr;			/* Dovecot AUTH, Milter {daemon_addr} */
+    char   *dest_port;			/* Milter {daemon_port} */
     struct sockaddr_storage sockaddr;	/* binary client endpoint */
     SOCKADDR_SIZE sockaddr_len;		/* binary client endpoint */
     int     name_status;		/* 2=ok 4=soft 5=hard 6=forged */
@@ -279,6 +280,11 @@ extern void smtpd_state_reset(SMTPD_STATE *);
 #define CLIENT_DOMAIN_UNKNOWN	0
 #define CLIENT_LOGIN_UNKNOWN	0
 
+#define SERVER_ATTR_UNKNOWN	"unknown"
+
+#define SERVER_ADDR_UNKNOWN	SERVER_ATTR_UNKNOWN
+#define SERVER_PORT_UNKNOWN	SERVER_ATTR_UNKNOWN
+
 #define IS_AVAIL_CLIENT_ATTR(v)	((v) && strcmp((v), CLIENT_ATTR_UNKNOWN))
 
 #define IS_AVAIL_CLIENT_NAME(v)	IS_AVAIL_CLIENT_ATTR(v)
@@ -397,6 +403,11 @@ extern double smtpd_space_multf;
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	TLS support originally by:
 /*	Lutz Jaenicke
 /*	BTU Cottbus

postfix/src/smtpd/smtpd_check.c

@@ -160,6 +160,11 @@
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	TLS support originally by:
 /*	Lutz Jaenicke
 /*	BTU Cottbus
@@ -3919,6 +3924,10 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 		      SEND_ATTR_STR(MAIL_ATTR_ACT_CLIENT_PORT, state->port),
 			  SEND_ATTR_STR(MAIL_ATTR_ACT_REVERSE_CLIENT_NAME,
 					state->reverse_name),
+			  SEND_ATTR_STR(MAIL_ATTR_ACT_SERVER_ADDR,
+					state->dest_addr),
+			  SEND_ATTR_STR(MAIL_ATTR_ACT_SERVER_PORT,
+					state->dest_port),
 			  SEND_ATTR_STR(MAIL_ATTR_ACT_HELO_NAME,
 				  state->helo_name ? state->helo_name : ""),
 			  SEND_ATTR_STR(MAIL_ATTR_SENDER,

postfix/src/smtpd/smtpd_haproxy.c

@@ -23,8 +23,8 @@
 /*	both IPv6 and IPv4 support are enabled with main.cf:inet_protocols.
 /* .IP \(bu
 /*	Update the following session context fields: addr, port,
-/*	rfc_addr, addr_family, dest_addr. The addr_family field
+/*	rfc_addr, addr_family, dest_addr, dest_port. The addr_family
-/*	applies to the client address.
+/*	field applies to the client address.
 /* .IP \(bu
 /*	Dynamically allocate storage for string information with
 /*	mystrdup(). In case of error, leave unassigned string fields
@@ -52,6 +52,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -147,9 +152,10 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
 	state->port = mystrdup(smtp_client_port.buf);
 
 	/*
-	 * Avoid surprises in the Dovecot authentication server.
+	 * The Dovecot authentication server needs the server IP address.
 	 */
 	state->dest_addr = mystrdup(smtp_server_addr.buf);
+	state->dest_port = mystrdup(smtp_server_port.buf);
 
 	/*
 	 * Enable normal buffering.

postfix/src/smtpd/smtpd_milter.c

@@ -113,6 +113,11 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
 		state->name_status == SMTPD_PEER_CODE_FORGED ? "FORGED" :
 	      state->name_status == SMTPD_PEER_CODE_TEMP ? "TEMP" : "FAIL");
 
+    if (strcmp(name, S8_MAC_DAEMON_ADDR) == 0)
+	return (state->dest_addr);
+    if (strcmp(name, S8_MAC_DAEMON_PORT) == 0)
+	return (state->dest_port);
+
     /*
      * HELO macros.
      */

postfix/src/smtpd/smtpd_peer.c

@@ -49,7 +49,12 @@
 /*	String of the form "ipv4addr" or "ipv6:ipv6addr" for use
 /*	in Received: message headers.
 /* .IP dest_addr
-/*	Server address, used by the Dovecot authentication server.
+/*	Server address, used by the Dovecot authentication server,
+/*	available as Milter {daemon_addr} macro, and as server_address
+/*	policy delegation attribute.
+/* .IP dest_port
+/*	Server port, available as Milter {daemon_port} macro, and
+/*	as server_port policy delegation attribute.
 /* .IP name_status
 /*	The name_status result field specifies how the name
 /*	information should be interpreted:
@@ -97,6 +102,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -135,14 +145,6 @@
 static INET_PROTO_INFO *proto_info;
 
  /*
-  * XXX If we make local endpoint (getsockname) information available to
-  * Milter applications as {if_name} and {if_addr}, then we also must be able
-  * to provide this via the XCLIENT command for Milter testing.
-  * 
-  * XXX If we make local port information available to policy servers or Milter
-  * applications, then we must also make this testable with the XCLIENT
-  * command, otherwise there will be confusion.
-  * 
   * XXX If we make local port information available via logging, then we must
   * also support these attributes with the XFORWARD command.
   * 
@@ -412,6 +414,9 @@ static void smtpd_peer_not_inet(SMTPD_STATE *state)
     state->name_status = SMTPD_PEER_CODE_OK;
     state->reverse_name_status = SMTPD_PEER_CODE_OK;
     state->port = mystrdup("0");		/* XXX bogus. */
+
+    state->dest_addr = mystrdup(state->addr);	/* XXX bogus. */
+    state->dest_port = mystrdup(state->port);	/* XXX bogus. */
 }
 
 /* smtpd_peer_no_client - peer went away, or peer info unavailable */
@@ -427,6 +432,9 @@ static void smtpd_peer_no_client(SMTPD_STATE *state)
     state->name_status = SMTPD_PEER_CODE_PERM;
     state->reverse_name_status = SMTPD_PEER_CODE_PERM;
     state->port = mystrdup(CLIENT_PORT_UNKNOWN);
+
+    state->dest_addr = mystrdup(SERVER_ADDR_UNKNOWN);
+    state->dest_port = mystrdup(SERVER_PORT_UNKNOWN);
 }
 
 /* smtpd_peer_from_pass_attr - initialize from attribute hash */
@@ -461,14 +469,20 @@ static void smtpd_peer_from_pass_attr(SMTPD_STATE *state)
     state->port = mystrdup(cp);
 
     /*
-     * Avoid surprises in the Dovecot authentication server.
+     * The Dovecot authentication server needs the server IP address.
      */
     if ((cp = htable_find(attr, MAIL_ATTR_ACT_SERVER_ADDR)) == 0)
 	msg_fatal("missing server address from proxy");
     if (valid_hostaddr(cp, DO_GRIPE) == 0)
-	msg_fatal("bad IPv6 client address syntax from proxy: %s", cp);
+	msg_fatal("bad IPv6 server address syntax from proxy: %s", cp);
     state->dest_addr = mystrdup(cp);
 
+    if ((cp = htable_find(attr, MAIL_ATTR_ACT_SERVER_PORT)) == 0)
+	msg_fatal("missing server port from proxy");
+    if (valid_hostport(cp, DO_GRIPE) == 0)
+	msg_fatal("bad TCP server port number syntax from proxy: %s", cp);
+    state->dest_port = mystrdup(cp);
+
     /*
      * Convert the client address from string to binary form.
      */
@@ -556,6 +570,7 @@ void    smtpd_peer_init(SMTPD_STATE *state)
     state->rfc_addr = 0;
     state->port = 0;
     state->dest_addr = 0;
+    state->dest_port = 0;
 
     /*
      * Determine the remote SMTP client address and port.
@@ -608,4 +623,6 @@ void    smtpd_peer_reset(SMTPD_STATE *state)
 	myfree(state->port);
     if (state->dest_addr)
 	myfree(state->dest_addr);
+    if (state->dest_port)
+	myfree(state->dest_port);
 }