postfix-2.3-RC6

postfix/HISTORY

@@ -12430,7 +12430,7 @@ Apologies for any names omitted.
 	header and the rest of the message, violating the draft
 	domainkeys spec.
 
-20070602
+20060702
 
 	Cleanup: more graceful handling of queue file read/write
 	errors while processing milter message modification requests.
@@ -12450,8 +12450,31 @@ Apologies for any names omitted.
 	Bugfix: the Milter client skipped zero-length body lines.
 	File: milter/milter8.c.
 
+	Feature (just this one): RFC 3834 "Auto-Submitted:" message
+	header in DSNs.  File: bounce/bounce_notify_util.c.
+
+20060705
+
+	Portability: LP64 systems required a few ssize_t->int casts
+	in debug logging statements.  Files: milter/test_milter.c,
+	cleanup/cleanup_milter.c.
+
+	Cleanup: comments, error messages, and crumbling interfaces.
+
 Wish list:
 
+	The usage of TLScontext->cache_type is not clear. It specifies
+	a TLS session cache name, but it is sometimes used as an
+	indicator whether or not TLS session caching is available.
+	In reality, that decision is made by the tlsmgr process,
+	and in response to initialization errors in a TLS server
+	or client process.
+
+	Postfix TLS library code should copy any strings that it
+	receives from the application, instead of passing them
+	around as pointers. TLScontext->cache_type is a case in
+	point.
+
 	In the SMTPD policy client (encode or strip) non-printable
 	non-ASCII in (TLS or all) attributes.
 
@@ -12461,9 +12484,6 @@ Wish list:
 	Introduce structured API for tls_server_mumble() just like
 	with smtp(8): this eliminates ever-growing lists of arguments.
 
-	With (non)delivery notifications, prepend an "Auto-Submitted:
-	auto-replied" header, as per RFC 3834.
-
 	Defer delivery when a SASL password exists but the server
 	does not offer SASL authentication, as mail might otherwise
 	be bounced. This may become an issue now that Postfix will
@@ -12480,7 +12500,8 @@ Wish list:
 	Sendmail. Likewise, addresses in add/delete requests should
 	be internalized before updating the queue file.
 
-	Check that UINT32 == in choice is ok (i.e. LP64 UNIX).
+	Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
+	UNIX).
 
 	Fix milter_argv() so it does not forget how much memory it
 	has.
@@ -12489,9 +12510,6 @@ Wish list:
 	while it is configured in an SMTP server that runs before
 	the smtpd_proxy filter.
 
-	Don't send xforward attributes to every site that announces
-	xforward support.
-
 	The sendmail command should not return non-std exit status
 	after fatal error in some internal library routine.
 
@@ -12499,20 +12517,10 @@ Wish list:
 
 	Keep whitespace between label and ":"?
 
-	Make XCLIENT/XFORWARD future proof: send xtext and accept
-	old non-xtext.
-
 	Make the map case folding/locking options configurable, if
 	not at run-time then at least at compile time so we get
 	consistent behavior across applications.
 
-	Investigate if it is feasible to eliminate cleanup(8) from
-	the path of mail that is forwarded or generated internally.
-	Good: we don't want header rewriting or content inspection.
-	Bad: we still need virtual aliasing, even when mail is
-	forwarded internally. This almost seems to imply that we
-	do virtual aliasing earlier?
-
 	Investigate what it would take to eliminate oqmgr, and to
 	make the old behavior configurable in a unified queue
 	manager.  This would shave another 2.7 KLOC from the source
@@ -12525,7 +12533,7 @@ Wish list:
 
 	Softbounce fallback-to-ISP for SOHO users. This requires
 	playing with with the soft_error test in the smtp_trouble.c
-	module, and a way to avoid trying direct-to-MX-backup.
+	module, and a way to avoid trying direct-to-backup-MX.
 
 	select -> kqueue, epoll, /dev/poll, poll() ...
 
@@ -12535,7 +12543,8 @@ Wish list:
 	access rule.
 
 	Centralize main.cf parameter input so that defaults work
-	consistently.
+	consistently. What about parameter names that are prefixed
+	with mail delivery transport names?
 
 	Fix default time unit handling so that we can have a default
 	bounce lifetime of $maximal_queue_lifetime, without causing
@@ -12551,8 +12560,6 @@ Wish list:
 	Remove defer(8) and trace(8) references and man pages. These
 	are services not program names.
 
-	dsb_formal -> dsb_form_all, dsb_status -> dsb_form_status
-
 	Is it safe to cache a connection after it has been used for
 	more than some number of address verification probes?
 
@@ -12569,13 +12576,6 @@ Wish list:
 	Low: replace_sender/replace_recipient actions in access
 	maps?
 
-	Feature: need "soft-bounce before fall-back relay" for SOHO
-	type operations, so they can send direct mail without having
-	to route everything through a provider.
-
-	Med: disable header address rewriting after XCLIENT?
-	Introduce a better concept of original submission?
-
 	Low: configurable order of local(8) delivery methods.
 
 	Med: local and remote source port and IP address for smtpd
@@ -12625,8 +12625,6 @@ Wish list:
 
 	Low: configurable internal/system locking method.
 
-	Low: make sure CCARGS -I options come at the end.
-
 	Low: add INSTALL section for pre-existing Postfix systems.
 
 	Low: add INSTALL section for pre-existing RPM Postfixes.
@@ -12658,7 +12656,7 @@ Wish list:
 	Med: postsuper -r should do something with recipients in
 	bounce logfiles, to make sure the sender will be notified.
 	To be perfectly safe, no process other than the queue manager
-	should move a queue file from the active queue.
+	should move a queue file away from the active queue.
 
 	This could involve tagging a queue file, and use up another
 	permission bit.

postfix/README_FILES/MILTER_README

@@ -451,7 +451,7 @@ Milter applications make assumptions that aren't true in a Postfix environment.
 LLiimmiittaattiioonnss
 
 This section lists limitations of the Postfix Milter implementation. Some
-limitations will be removed disappear as support is extended over time. Of
+limitations will be removed as the implementation is extended over time. Of
 course the usual limitations of before-queue filtering will always apply. See
 the CONTENT_INSPECTION_README document for a discussion.
 

postfix/README_FILES/TLS_README

@@ -1197,10 +1197,9 @@ configuration is repaired, encryption will be used.
 
 The new policy table is specified via the smtp_tls_policy_maps parameter. This
 lists optional lookup tables with the Postfix SMTP client TLS security policy
-by next-hop destination. It supersedes the obsolete smtp_tls_per_site
+by next-hop destination. When $smtp_tls_policy_maps is not empty, the obsolete
-parameter. When $smtp_tls_policy_maps is not empty, the smtp_tls_per_site
+smtp_tls_per_site parameter is ignored (a warning is written to the logs if
-parameter is ignored (a warning is written to the logs if it is also non-
+both parameter values are non-empty).
-empty).
 
 The TLS policy table is indexed by the full next-hop destination, which is
 either the recipient domain, or the verbatim next-hop specified in the

postfix/html/MILTER_README.html

@@ -714,7 +714,7 @@ will dump core when you do this. </p>
 <h2><a name="limitations">Limitations</a></h2>
 
 <p> This section lists limitations of the Postfix Milter implementation.
-Some limitations will be removed disappear as support is extended
+Some limitations will be removed as the implementation is extended
 over time. Of course the usual limitations of before-queue filtering
 will always apply. See the <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> document for
 a discussion. </p>

postfix/html/TLS_README.html

@@ -1636,10 +1636,10 @@ will be used. </p>
 
 <p> The new policy table is specified via the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
 parameter. This lists optional lookup tables with the Postfix SMTP client
-TLS security policy by next-hop destination. It supersedes the obsolete
+TLS security policy by next-hop destination. When $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
-<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. When $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> is not empty,
+is not empty, the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter is ignored
-the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter is ignored (a warning is written to the
+(a warning is written to the logs if both parameter values are
-logs if it is also non-empty). </p>
+non-empty).  </p>
 
 <p> The TLS policy table is indexed by the full next-hop destination,
 which is either the recipient domain, or the verbatim next-hop

postfix/html/bounce.8.html

@@ -43,10 +43,11 @@ BOUNCE(8)                                                            BOUNCE(8)
 
 <b>STANDARDS</b>
        <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+       <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
        <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
        <a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
        <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
-       <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
+       <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
 
 <b>DIAGNOSTICS</b>
        Problems and transactions are logged to <b>syslogd</b>(8).

postfix/man/man8/bounce.8

@@ -41,10 +41,11 @@ themselves, and that depend on retry logic in their own client.
 .na
 .nf
 RFC 822 (ARPA Internet Text Messages)
+RFC 2045 (Format of Internet Message Bodies)
 RFC 2822 (ARPA Internet Text Messages)
 RFC 3462 (Delivery Status Notifications)
 RFC 3464 (Delivery Status Notifications)
-RFC 2045 (Format of Internet Message Bodies)
+RFC 3834 (Auto-Submitted: message header)
 .SH DIAGNOSTICS
 .ad
 .fi

postfix/proto/MILTER_README.html

@@ -714,7 +714,7 @@ will dump core when you do this. </p>
 <h2><a name="limitations">Limitations</a></h2>
 
 <p> This section lists limitations of the Postfix Milter implementation.
-Some limitations will be removed disappear as support is extended
+Some limitations will be removed as the implementation is extended
 over time. Of course the usual limitations of before-queue filtering
 will always apply. See the CONTENT_INSPECTION_README document for
 a discussion. </p>

postfix/proto/TLS_README.html

@@ -1636,10 +1636,10 @@ will be used. </p>
 
 <p> The new policy table is specified via the smtp_tls_policy_maps
 parameter. This lists optional lookup tables with the Postfix SMTP client
-TLS security policy by next-hop destination. It supersedes the obsolete
+TLS security policy by next-hop destination. When $smtp_tls_policy_maps
-smtp_tls_per_site parameter. When $smtp_tls_policy_maps is not empty,
+is not empty, the obsolete smtp_tls_per_site parameter is ignored
-the smtp_tls_per_site parameter is ignored (a warning is written to the
+(a warning is written to the logs if both parameter values are
-logs if it is also non-empty). </p>
+non-empty).  </p>
 
 <p> The TLS policy table is indexed by the full next-hop destination,
 which is either the recipient domain, or the verbatim next-hop

postfix/src/bounce/bounce.c

@@ -33,10 +33,11 @@
 /*	themselves, and that depend on retry logic in their own client.
 /* STANDARDS
 /*	RFC 822 (ARPA Internet Text Messages)
+/*	RFC 2045 (Format of Internet Message Bodies)
 /*	RFC 2822 (ARPA Internet Text Messages)
 /*	RFC 3462 (Delivery Status Notifications)
 /*	RFC 3464 (Delivery Status Notifications)
-/*	RFC 2045 (Format of Internet Message Bodies)
+/*	RFC 3834 (Auto-Submitted: message header)
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
 /* CONFIGURATION PARAMETERS

postfix/src/bounce/bounce_notify_util.c

@@ -453,6 +453,12 @@ int     bounce_header(VSTREAM *bounce, BOUNCE_INFO *bounce_info,
 			    STR(quote_822_local(bounce_info->buf, dest)),
 			    postmaster_copy);
 
+    /*
+     * Auto-Submitted header, as per RFC 3834.
+     */
+    post_mail_fprintf(bounce, "Auto-Submitted: %s", postmaster_copy ?
+		      "auto-generated" : "auto-replied");
+
     /*
      * MIME header. Use 8bit encoding when either the bounced message or the
      * template requires it.

postfix/src/cleanup/cleanup_milter.c

@@ -415,7 +415,7 @@ static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index,
     } \
     if (msg_verbose > 1) \
 	msg_info("%s: read: %ld: %.*s", myname, (long) curr_offset, \
-		 LEN(buf) > 30 ? 30 : LEN(buf), STR(buf)); \
+		 LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf)); \
     if (rec_type == REC_TYPE_DTXT) \
 	continue; \
     if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT \
@@ -575,7 +575,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state,
     cleanup_out_header(state, buf);
     if (msg_verbose > 1)
 	msg_info("%s: %ld: write %.*s", myname, (long) new_hdr_offset,
-		 LEN(buf) > 30 ? 30 : LEN(buf), STR(buf));
+		 LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf));
 
     /*
      * Optionally, save the existing text record or pointer record that will
@@ -585,7 +585,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state,
 	CLEANUP_OUT_BUF(state, rec_type, old_rec_buf);
 	if (msg_verbose > 1)
 	    msg_info("%s: write %.*s", myname, LEN(old_rec_buf) > 30 ?
-		     30 : LEN(old_rec_buf), STR(old_rec_buf));
+		     30 : (int) LEN(old_rec_buf), STR(old_rec_buf));
     }
 
     /*
@@ -607,7 +607,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state,
 	}
 	if (msg_verbose > 1)
 	    msg_info("%s: %ld: read %.*s", myname, (long) read_offset,
-		     LEN(buf) > 30 ? 30 : LEN(buf), STR(buf));
+		     LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf));
 	if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT
 	    && rec_type != REC_TYPE_PTR && rec_type != REC_TYPE_DTXT)
 	    msg_panic("%s: non-text/ptr record type %d in header, file %s",
@@ -626,7 +626,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state,
 	CLEANUP_OUT_BUF(state, rec_type, buf);
 	if (msg_verbose > 1)
 	    msg_info("%s: %ld: write %.*s", myname, (long) write_offset,
-		     LEN(buf) > 30 ? 30 : LEN(buf), STR(buf));
+		     LEN(buf) > 30 ? 30 : (int) LEN(buf), STR(buf));
 	/* Update cached location of "append header" pointer record. */
 	if (saved_read_offset == state->append_hdr_pt_offset)
 	    state->append_hdr_pt_offset = write_offset;

postfix/src/global/is_header.c

@@ -87,5 +87,6 @@ ssize_t is_header_buf(const char *str, ssize_t str_len)
 	    return ((state == IN_CHAR || state == IN_CHAR_SPACE) ? len : 0);
 	}
     }
+    /* Redundant return for future proofing. */
     return (0);
 }

postfix/src/global/mail_version.h

@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060704"
+#define MAIL_RELEASE_DATE	"20060705"
-#define MAIL_VERSION_NUMBER	"2.3-RC5"
+#define MAIL_VERSION_NUMBER	"2.3-RC6"
 
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	MAIL_VERSION_NUMBER

postfix/src/milter/milter8.c

@@ -744,7 +744,7 @@ static int vmilter8_write_cmd(MILTER8 *milter, int command, ssize_t data_len,
     VSTRING *buf;
     const char *str;
     const char **cpp;
-    unsigned char ch;
+    char    ch;
 
     /*
      * Deliver the packet.
@@ -1281,9 +1281,9 @@ static const char *milter8_event(MILTER8 *milter, int event,
 	 * Get here when the reply was followed by data bytes that weren't
 	 * supposed to be there.
 	 */
-	msg_warn("milter %s: reply %s was followed by %d data bytes",
+	msg_warn("milter %s: reply %s was followed by %ld data bytes",
 	milter->m.name, (smfir_name = str_name_code(smfir_table, cmd)) != 0 ?
-		 smfir_name : "unknown", data_len);
+		 smfir_name : "unknown", (long) data_len);
 	milter8_comm_error(milter);
 	return (milter->def_reply);
     }

postfix/src/milter/test-milter.c

@@ -207,7 +207,7 @@ static sfsistat test_body(SMFICTX *ctx, unsigned char *data, size_t data_len)
     if (verbose == 0)
 	printf("test_body %ld bytes\n", (long) data_len);
     else
-	printf("%.*s", data_len, data);
+	printf("%.*s", (int) data_len, data);
     return (test_reply(ctx, test_body_reply));
 }
 

postfix/src/smtp/Makefile.in

@@ -111,6 +111,7 @@ levels.o: ../../include/match_list.h
 levels.o: ../../include/match_ops.h
 levels.o: ../../include/msg.h
 levels.o: ../../include/msg_stats.h
+levels.o: ../../include/name_code.h
 levels.o: ../../include/name_mask.h
 levels.o: ../../include/recipient_list.h
 levels.o: ../../include/resolve_clnt.h
@@ -182,6 +183,7 @@ smtp_addr.o: ../../include/msg.h
 smtp_addr.o: ../../include/msg_stats.h
 smtp_addr.o: ../../include/myaddrinfo.h
 smtp_addr.o: ../../include/mymalloc.h
+smtp_addr.o: ../../include/name_code.h
 smtp_addr.o: ../../include/name_mask.h
 smtp_addr.o: ../../include/own_inet_addr.h
 smtp_addr.o: ../../include/recipient_list.h
@@ -218,6 +220,7 @@ smtp_chat.o: ../../include/match_ops.h
 smtp_chat.o: ../../include/msg.h
 smtp_chat.o: ../../include/msg_stats.h
 smtp_chat.o: ../../include/mymalloc.h
+smtp_chat.o: ../../include/name_code.h
 smtp_chat.o: ../../include/name_mask.h
 smtp_chat.o: ../../include/post_mail.h
 smtp_chat.o: ../../include/recipient_list.h
@@ -256,6 +259,7 @@ smtp_connect.o: ../../include/msg.h
 smtp_connect.o: ../../include/msg_stats.h
 smtp_connect.o: ../../include/myaddrinfo.h
 smtp_connect.o: ../../include/mymalloc.h
+smtp_connect.o: ../../include/name_code.h
 smtp_connect.o: ../../include/name_mask.h
 smtp_connect.o: ../../include/own_inet_addr.h
 smtp_connect.o: ../../include/recipient_list.h
@@ -290,6 +294,7 @@ smtp_map11.o: ../../include/match_list.h
 smtp_map11.o: ../../include/match_ops.h
 smtp_map11.o: ../../include/msg.h
 smtp_map11.o: ../../include/msg_stats.h
+smtp_map11.o: ../../include/name_code.h
 smtp_map11.o: ../../include/name_mask.h
 smtp_map11.o: ../../include/quote_822_local.h
 smtp_map11.o: ../../include/quote_flags.h
@@ -376,6 +381,7 @@ smtp_rcpt.o: ../../include/match_ops.h
 smtp_rcpt.o: ../../include/msg.h
 smtp_rcpt.o: ../../include/msg_stats.h
 smtp_rcpt.o: ../../include/mymalloc.h
+smtp_rcpt.o: ../../include/name_code.h
 smtp_rcpt.o: ../../include/name_mask.h
 smtp_rcpt.o: ../../include/recipient_list.h
 smtp_rcpt.o: ../../include/resolve_clnt.h
@@ -405,6 +411,7 @@ smtp_reuse.o: ../../include/match_ops.h
 smtp_reuse.o: ../../include/msg.h
 smtp_reuse.o: ../../include/msg_stats.h
 smtp_reuse.o: ../../include/mymalloc.h
+smtp_reuse.o: ../../include/name_code.h
 smtp_reuse.o: ../../include/name_mask.h
 smtp_reuse.o: ../../include/recipient_list.h
 smtp_reuse.o: ../../include/resolve_clnt.h
@@ -435,6 +442,7 @@ smtp_sasl_glue.o: ../../include/match_ops.h
 smtp_sasl_glue.o: ../../include/msg.h
 smtp_sasl_glue.o: ../../include/msg_stats.h
 smtp_sasl_glue.o: ../../include/mymalloc.h
+smtp_sasl_glue.o: ../../include/name_code.h
 smtp_sasl_glue.o: ../../include/name_mask.h
 smtp_sasl_glue.o: ../../include/recipient_list.h
 smtp_sasl_glue.o: ../../include/resolve_clnt.h
@@ -466,6 +474,7 @@ smtp_sasl_proto.o: ../../include/match_ops.h
 smtp_sasl_proto.o: ../../include/msg.h
 smtp_sasl_proto.o: ../../include/msg_stats.h
 smtp_sasl_proto.o: ../../include/mymalloc.h
+smtp_sasl_proto.o: ../../include/name_code.h
 smtp_sasl_proto.o: ../../include/name_mask.h
 smtp_sasl_proto.o: ../../include/recipient_list.h
 smtp_sasl_proto.o: ../../include/resolve_clnt.h
@@ -529,6 +538,7 @@ smtp_state.o: ../../include/match_ops.h
 smtp_state.o: ../../include/msg.h
 smtp_state.o: ../../include/msg_stats.h
 smtp_state.o: ../../include/mymalloc.h
+smtp_state.o: ../../include/name_code.h
 smtp_state.o: ../../include/name_mask.h
 smtp_state.o: ../../include/recipient_list.h
 smtp_state.o: ../../include/resolve_clnt.h
@@ -559,6 +569,7 @@ smtp_trouble.o: ../../include/match_list.h
 smtp_trouble.o: ../../include/match_ops.h
 smtp_trouble.o: ../../include/msg.h
 smtp_trouble.o: ../../include/msg_stats.h
+smtp_trouble.o: ../../include/name_code.h
 smtp_trouble.o: ../../include/name_mask.h
 smtp_trouble.o: ../../include/recipient_list.h
 smtp_trouble.o: ../../include/resolve_clnt.h
@@ -588,6 +599,7 @@ smtp_unalias.o: ../../include/match_ops.h
 smtp_unalias.o: ../../include/msg.h
 smtp_unalias.o: ../../include/msg_stats.h
 smtp_unalias.o: ../../include/myaddrinfo.h
+smtp_unalias.o: ../../include/name_code.h
 smtp_unalias.o: ../../include/name_mask.h
 smtp_unalias.o: ../../include/recipient_list.h
 smtp_unalias.o: ../../include/resolve_clnt.h

postfix/src/smtp/smtp.h

@@ -330,6 +330,15 @@ extern int smtp_quit(SMTP_STATE *);
 #define CACHE_THIS_SESSION_UNTIL(when) \
 	(session->expire_time = (when))
 
+ /*
+  * Encapsulate the following so that we don't expose details of of
+  * connection management and error handling to the SMTP protocol engine.
+  */
+#define RETRY_AS_PLAINTEXT do { \
+	session->tls_retry_plain = 1; \
+	state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; \
+    } while (0)
+
  /*
   * smtp_chat.c
   */

postfix/src/smtp/smtp_connect.c

@@ -856,7 +856,8 @@ static void smtp_connect_remote(SMTP_STATE *state, const char *nexthop,
 
 		    /*
 		     * When an opportunistic TLS handshake fails, try the
-		     * same address again, with TLS disabled.
+		     * same address again, with TLS disabled. See also the
+		     * RETRY_AS_PLAINTEXT macro.
 		     */
 		    if ((retry_plain = session->tls_retry_plain) != 0) {
 			--addr_count;

postfix/src/smtp/smtp_proto.c

@@ -679,22 +679,22 @@ static int smtp_start_tls(SMTP_STATE *state)
      * 
      * - Expiration code would need to selectively delete sessions from a list -
      * Re-use code would need to decode many sessions and choose the best -
-     * Store code would needs to choose between replace and append.
+     * Store code would need to choose between replace and append.
      * 
      * Note: checking the compatibility of re-activated sessions against the
      * cipher requirements of the session under construction requires us to
      * store the cipher name in the session cache with the passivated session
-     * object, the name is not available when the session is revived until
+     * object. But the name is not available when the session is revived
-     * the handshake is complete, which is too late.
+     * until the handshake is complete, which is too late.
      * 
-     * XXX: When cached ciphers are reloaded, their cipher is not available via
+     * XXX: When a cached session is reloaded, its cipher is not available via
      * documented APIs until the handshake completes. We need to filter out
      * sessions that use the wrong ciphers, but may not peek at the
      * undocumented session->cipher_id and cipher->id structure members.
      * 
      * Since cipherlists are typically shared by many domains, we include the
      * cipherlist in the session cache lookup key. This avoids false
-     * positives results from the session cache.
+     * positives from the TLS session cache.
      * 
      * To support mutually incompatible protocol/cipher combinations, our
      * session key must include both the protocol and the cipherlist.
@@ -738,10 +738,8 @@ static int smtp_start_tls(SMTP_STATE *state)
 	 * Specifically, this session is not final, don't defer any
 	 * recipients yet.
 	 */
-	if (session->tls_level == TLS_LEV_MAY) {
+	if (session->tls_level == TLS_LEV_MAY)
-	    session->tls_retry_plain = 1;
+	    RETRY_AS_PLAINTEXT;
-	    state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER;
-	}
 	return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
 			       SMTP_RESP_FAKE(&fake, "4.7.5"),
 			       "Cannot start TLS: handshake failure"));

postfix/src/smtpd/Makefile.in

@@ -211,6 +211,7 @@ smtpd_chat.o: ../../include/milter.h
 smtpd_chat.o: ../../include/msg.h
 smtpd_chat.o: ../../include/myaddrinfo.h
 smtpd_chat.o: ../../include/mymalloc.h
+smtpd_chat.o: ../../include/name_code.h
 smtpd_chat.o: ../../include/name_mask.h
 smtpd_chat.o: ../../include/post_mail.h
 smtpd_chat.o: ../../include/rec_type.h
@@ -263,6 +264,7 @@ smtpd_check.o: ../../include/msg_stats.h
 smtpd_check.o: ../../include/myaddrinfo.h
 smtpd_check.o: ../../include/mymalloc.h
 smtpd_check.o: ../../include/namadr_list.h
+smtpd_check.o: ../../include/name_code.h
 smtpd_check.o: ../../include/name_mask.h
 smtpd_check.o: ../../include/own_inet_addr.h
 smtpd_check.o: ../../include/rec_type.h
@@ -298,6 +300,7 @@ smtpd_milter.o: ../../include/mail_params.h
 smtpd_milter.o: ../../include/mail_stream.h
 smtpd_milter.o: ../../include/milter.h
 smtpd_milter.o: ../../include/myaddrinfo.h
+smtpd_milter.o: ../../include/name_code.h
 smtpd_milter.o: ../../include/name_mask.h
 smtpd_milter.o: ../../include/sys_defs.h
 smtpd_milter.o: ../../include/tls.h
@@ -318,6 +321,7 @@ smtpd_peer.o: ../../include/milter.h
 smtpd_peer.o: ../../include/msg.h
 smtpd_peer.o: ../../include/myaddrinfo.h
 smtpd_peer.o: ../../include/mymalloc.h
+smtpd_peer.o: ../../include/name_code.h
 smtpd_peer.o: ../../include/name_mask.h
 smtpd_peer.o: ../../include/sock_addr.h
 smtpd_peer.o: ../../include/stringops.h
@@ -363,6 +367,7 @@ smtpd_sasl_glue.o: ../../include/milter.h
 smtpd_sasl_glue.o: ../../include/msg.h
 smtpd_sasl_glue.o: ../../include/myaddrinfo.h
 smtpd_sasl_glue.o: ../../include/mymalloc.h
+smtpd_sasl_glue.o: ../../include/name_code.h
 smtpd_sasl_glue.o: ../../include/name_mask.h
 smtpd_sasl_glue.o: ../../include/stringops.h
 smtpd_sasl_glue.o: ../../include/sys_defs.h
@@ -387,6 +392,7 @@ smtpd_sasl_proto.o: ../../include/milter.h
 smtpd_sasl_proto.o: ../../include/msg.h
 smtpd_sasl_proto.o: ../../include/myaddrinfo.h
 smtpd_sasl_proto.o: ../../include/mymalloc.h
+smtpd_sasl_proto.o: ../../include/name_code.h
 smtpd_sasl_proto.o: ../../include/name_mask.h
 smtpd_sasl_proto.o: ../../include/stringops.h
 smtpd_sasl_proto.o: ../../include/sys_defs.h
@@ -413,6 +419,7 @@ smtpd_state.o: ../../include/milter.h
 smtpd_state.o: ../../include/msg.h
 smtpd_state.o: ../../include/myaddrinfo.h
 smtpd_state.o: ../../include/mymalloc.h
+smtpd_state.o: ../../include/name_code.h
 smtpd_state.o: ../../include/name_mask.h
 smtpd_state.o: ../../include/sys_defs.h
 smtpd_state.o: ../../include/tls.h
@@ -439,6 +446,7 @@ smtpd_xforward.o: ../../include/milter.h
 smtpd_xforward.o: ../../include/msg.h
 smtpd_xforward.o: ../../include/myaddrinfo.h
 smtpd_xforward.o: ../../include/mymalloc.h
+smtpd_xforward.o: ../../include/name_code.h
 smtpd_xforward.o: ../../include/name_mask.h
 smtpd_xforward.o: ../../include/sys_defs.h
 smtpd_xforward.o: ../../include/tls.h

postfix/src/tls/Makefile.in

@@ -89,6 +89,7 @@ depend: $(MAKES)
 # do not edit below this line - it is generated by 'make depend'
 tls_bio_ops.o: ../../include/iostuff.h
 tls_bio_ops.o: ../../include/msg.h
+tls_bio_ops.o: ../../include/name_code.h
 tls_bio_ops.o: ../../include/name_mask.h
 tls_bio_ops.o: ../../include/sys_defs.h
 tls_bio_ops.o: ../../include/vbuf.h
@@ -97,6 +98,7 @@ tls_bio_ops.o: ../../include/vstring.h
 tls_bio_ops.o: tls.h
 tls_bio_ops.o: tls_bio_ops.c
 tls_certkey.o: ../../include/msg.h
+tls_certkey.o: ../../include/name_code.h
 tls_certkey.o: ../../include/name_mask.h
 tls_certkey.o: ../../include/sys_defs.h
 tls_certkey.o: ../../include/vbuf.h
@@ -108,6 +110,7 @@ tls_client.o: ../../include/argv.h
 tls_client.o: ../../include/mail_params.h
 tls_client.o: ../../include/msg.h
 tls_client.o: ../../include/mymalloc.h
+tls_client.o: ../../include/name_code.h
 tls_client.o: ../../include/name_mask.h
 tls_client.o: ../../include/stringops.h
 tls_client.o: ../../include/sys_defs.h
@@ -118,6 +121,7 @@ tls_client.o: tls.h
 tls_client.o: tls_client.c
 tls_client.o: tls_mgr.h
 tls_dh.o: ../../include/msg.h
+tls_dh.o: ../../include/name_code.h
 tls_dh.o: ../../include/name_mask.h
 tls_dh.o: ../../include/sys_defs.h
 tls_dh.o: ../../include/vbuf.h
@@ -139,6 +143,7 @@ tls_mgr.o: tls_mgr.c
 tls_mgr.o: tls_mgr.h
 tls_misc.o: ../../include/msg.h
 tls_misc.o: ../../include/mymalloc.h
+tls_misc.o: ../../include/name_code.h
 tls_misc.o: ../../include/name_mask.h
 tls_misc.o: ../../include/stringops.h
 tls_misc.o: ../../include/sys_defs.h
@@ -175,6 +180,7 @@ tls_prng_file.o: ../../include/mymalloc.h
 tls_prng_file.o: ../../include/sys_defs.h
 tls_prng_file.o: tls_prng.h
 tls_prng_file.o: tls_prng_file.c
+tls_rsa.o: ../../include/name_code.h
 tls_rsa.o: ../../include/name_mask.h
 tls_rsa.o: ../../include/sys_defs.h
 tls_rsa.o: ../../include/vbuf.h
@@ -196,6 +202,7 @@ tls_scache.o: ../../include/vstring.h
 tls_scache.o: tls_scache.c
 tls_scache.o: tls_scache.h
 tls_seed.o: ../../include/msg.h
+tls_seed.o: ../../include/name_code.h
 tls_seed.o: ../../include/name_mask.h
 tls_seed.o: ../../include/sys_defs.h
 tls_seed.o: ../../include/vbuf.h
@@ -210,6 +217,7 @@ tls_server.o: ../../include/hex_code.h
 tls_server.o: ../../include/mail_params.h
 tls_server.o: ../../include/msg.h
 tls_server.o: ../../include/mymalloc.h
+tls_server.o: ../../include/name_code.h
 tls_server.o: ../../include/name_mask.h
 tls_server.o: ../../include/stringops.h
 tls_server.o: ../../include/sys_defs.h
@@ -221,6 +229,7 @@ tls_server.o: tls_mgr.h
 tls_server.o: tls_server.c
 tls_session.o: ../../include/msg.h
 tls_session.o: ../../include/mymalloc.h
+tls_session.o: ../../include/name_code.h
 tls_session.o: ../../include/name_mask.h
 tls_session.o: ../../include/sys_defs.h
 tls_session.o: ../../include/vbuf.h
@@ -230,6 +239,7 @@ tls_session.o: tls.h
 tls_session.o: tls_session.c
 tls_stream.o: ../../include/iostuff.h
 tls_stream.o: ../../include/msg.h
+tls_stream.o: ../../include/name_code.h
 tls_stream.o: ../../include/name_mask.h
 tls_stream.o: ../../include/sys_defs.h
 tls_stream.o: ../../include/vbuf.h
@@ -239,6 +249,7 @@ tls_stream.o: tls.h
 tls_stream.o: tls_stream.c
 tls_verify.o: ../../include/msg.h
 tls_verify.o: ../../include/mymalloc.h
+tls_verify.o: ../../include/name_code.h
 tls_verify.o: ../../include/name_mask.h
 tls_verify.o: ../../include/sys_defs.h
 tls_verify.o: ../../include/vbuf.h

postfix/src/tls/tls.h

@@ -119,7 +119,7 @@ extern NAME_CODE tls_cipher_level_table[];
     name_code(tls_cipher_level_table, NAME_CODE_FLAG_NONE, (str))
 
 #define TLS_END_EXCLUDE ((char *)0)
-extern char *tls_cipher_list(int,...);
+extern const char *tls_cipher_list(int,...);
 
  /*
   * tls_client.c

postfix/src/tls/tls_client.c

@@ -6,11 +6,11 @@
 /* SYNOPSIS
 /*	#include <tls.h>
 /*
-/*	SSL_CTX	*tls_client_init(props)
+/*	SSL_CTX	*tls_client_init(init_props)
-/*	const tls_client_init_props *props;
+/*	const tls_client_init_props *init_props;
 /*
-/*	TLScontext_t *tls_client_start(props)
+/*	TLScontext_t *tls_client_start(start_props)
-/*	const tls_client_start_props *props;
+/*	const tls_client_start_props *start_props;
 /*
 /*	void	tls_client_stop(client_ctx, stream, failure, TLScontext)
 /*	SSL_CTX	*client_ctx;
@@ -151,6 +151,7 @@
 
 static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext)
 {
+    const char *myname = "load_clnt_session";
     SSL_SESSION *session = 0;
     VSTRING *session_data = vstring_alloc(2048);
 
@@ -167,7 +168,8 @@ static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext)
      * server SSL context.
      */
     if (TLScontext->cache_type == 0)
-	msg_panic("null client session cache type in session lookup");
+	msg_panic("%s: null client session cache type in session lookup",
+		  myname);
 
     /*
      * Look up and activate the SSL_SESSION object. Errors are non-fatal,
@@ -195,6 +197,7 @@ static SSL_SESSION *load_clnt_session(TLScontext_t *TLScontext)
 
 static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
 {
+    const char *myname = "new_client_session_cb";
     TLScontext_t *TLScontext;
     VSTRING *session_data;
 
@@ -204,7 +207,7 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
      * null at this point.
      */
     if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
-	msg_panic("null TLScontext in new session callback");
+	msg_panic("%s: null TLScontext in new session callback", myname);
 
     /*
      * We only get here if the cache_type is not empty. This callback is not
@@ -212,7 +215,8 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
      * server SSL context.
      */
     if (TLScontext->cache_type == 0)
-	msg_panic("null session cache type in new session callback");
+	msg_panic("%s: null session cache type in new session callback",
+		  myname);
 
     if (TLScontext->log_level >= 2)
 	msg_info("save session %s to %s cache",
@@ -465,6 +469,9 @@ static int match_hostname(const char *peerid, ARGV *cmatch_argv,
     int     idlen;
     int     patlen;
 
+    /*
+     * Match the peerid against each pattern until we find a match.
+     */
     for (i = 0; i < cmatch_argv->argc; ++i) {
 	sub = 0;
 	if (!strcasecmp(cmatch_argv->argv[i], "nexthop"))
@@ -483,19 +490,21 @@ static int match_hostname(const char *peerid, ARGV *cmatch_argv,
 	}
 
 	/*
-	 * Sub-domain match, peerid is any sub-domain of pattern.
+	 * Sub-domain match: peerid is any sub-domain of pattern.
 	 */
-	if (sub)
+	if (sub) {
 	    if ((idlen = strlen(peerid)) > (patlen = strlen(pattern)) + 1
 		&& peerid[idlen - patlen - 1] == '.'
 		&& !strcasecmp(peerid + (idlen - patlen), pattern))
 		return (1);
 	    else
 		continue;
+	}
 
 	/*
-	 * NOT sub-domain match, but "*.domain.tld" in peerid matches any
+	 * Exact match and initial "*" match. The initial "*" in a peerid
-	 * host.domain.tld in the pattern.
+	 * matches exactly one hostname component, under the condition that
+	 * the peerid contains multiple hostname components.
 	 */
 	if (!strcasecmp(peerid, pattern)
 	    || (peerid[0] == '*' && peerid[1] == '.' && peerid[2] != 0
@@ -509,7 +518,7 @@ static int match_hostname(const char *peerid, ARGV *cmatch_argv,
 /* verify_extract_peer - verify peer name and extract peer information */
 
 static void verify_extract_peer(const char *nexthop, const char *hname,
-				        char *certmatch, X509 *peercert,
+			              const char *certmatch, X509 *peercert,
 				        TLScontext_t *TLScontext)
 {
     int     i;
@@ -666,7 +675,7 @@ TLScontext_t *tls_client_start(const tls_client_start_props *props)
      */
     if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE,
 			  &TLScontext->network_bio, TLS_BIO_BUFSIZE)) {
-	msg_info("Could not obtain BIO_pair");
+	msg_warn("Could not obtain BIO_pair");
 	tls_print_errors();
 	tls_free_context(TLScontext);
 	return (0);

postfix/src/tls/tls_mgr.c

@@ -327,8 +327,10 @@ int     main(int unused_ac, char **av)
 
     while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) {
 	argv = argv_split(STR(inbuf), " \t\r\n");
-	if (argv->argc == 0)
+	if (argv->argc == 0) {
+	    argv_free(argv);
 	    continue;
+	}
 
 #define COMMAND(argv, str, len) \
     (strcasecmp(argv->argv[0], str) == 0 && argv->argc == len)
@@ -336,7 +338,7 @@ int     main(int unused_ac, char **av)
 	if (COMMAND(argv, "policy", 2)) {
 	    int     cachable;
 
-	    status = tls_mgr_policy(argv[2], &cachable);
+	    status = tls_mgr_policy(argv->argv[1], &cachable);
 	    vstream_printf("status=%d cachable=%d\n", status, cachable);
 	} else if (COMMAND(argv, "seed", 2)) {
 	    VSTRING *buf = vstring_alloc(10);
@@ -351,15 +353,16 @@ int     main(int unused_ac, char **av)
 	} else if (COMMAND(argv, "lookup", 3)) {
 	    VSTRING *buf = vstring_alloc(10);
 
-	    status = tls_mgr_lookup(argv[1], argv->argv[2], buf);
+	    status = tls_mgr_lookup(argv->argv[1], argv->argv[2], buf);
 	    vstream_printf("status=%d session=%.*s\n",
 			   status, LEN(buf), STR(buf));
+	    vstring_free(buf);
 	} else if (COMMAND(argv, "update", 4)) {
-	    status = tls_mgr_update(argv[1], argv->argv[2],
+	    status = tls_mgr_update(argv->argv[1], argv->argv[2],
 				    argv->argv[3], strlen(argv->argv[3]));
 	    vstream_printf("status=%d\n", status);
 	} else if (COMMAND(argv, "delete", 3)) {
-	    status = tls_mgr_delete(argv[1], argv->argv[2]);
+	    status = tls_mgr_delete(argv->argv[1], argv->argv[2]);
 	    vstream_printf("status=%d\n", status);
 	} else {
 	    vstream_printf("usage:\n"
@@ -370,9 +373,8 @@ int     main(int unused_ac, char **av)
 			   "delete smtpd|smtp|lmtp cache_id\n");
 	}
 	vstream_fflush(VSTREAM_OUT);
-    }
-    if (argv)
 	argv_free(argv);
+    }
 
     vstring_free(inbuf);
     return (0);

postfix/src/tls/tls_misc.c

@@ -18,6 +18,9 @@
 /*
 /*	long	tls_bug_bits()
 /*
+/*	const char *tls_cipher_list(grade, ...)
+/*	int	grade;
+/*
 /*	void	tls_print_errors()
 /*
 /*	void    tls_info_callback(ssl, where, ret)
@@ -50,6 +53,11 @@
 /*	for the run-time library. Some of the bug work-arounds are
 /*	not appropriate for some library versions.
 /*
+/*	tls_cipher_list() generates a cipher list from the specified
+/*	grade, minus any ciphers specified via a null-terminated
+/*	list of string-valued exclusions. The result is overwritten
+/*	upon each call.
+/*
 /*	tls_print_errors() queries the OpenSSL error stack,
 /*	logs the error messages, and clears the error stack.
 /*
@@ -156,7 +164,7 @@ typedef struct {
 
 /* tls_cipher_list - Cipherlist for given grade, less exclusions */
 
-char   *tls_cipher_list(int level,...)
+const char *tls_cipher_list(int grade,...)
 {
     const char *myname = "tls_cipher_list";
     static VSTRING *buf;
@@ -169,7 +177,7 @@ char   *tls_cipher_list(int level,...)
     buf = buf ? buf : vstring_alloc(10);
     VSTRING_RESET(buf);
 
-    switch (level) {
+    switch (grade) {
     case TLS_CIPHER_HIGH:
 	vstring_strcpy(buf, var_tls_high_clist);
 	break;
@@ -188,13 +196,13 @@ char   *tls_cipher_list(int level,...)
     case TLS_CIPHER_NONE:
 	return 0;
     default:
-	msg_panic("%s: invalid cipher level: %d", myname, level);
+	msg_panic("%s: invalid cipher grade: %d", myname, grade);
     }
 
     if (VSTRING_LEN(buf) == 0)
 	msg_panic("%s: empty cipherlist", myname);
 
-    va_start(ap, level);
+    va_start(ap, grade);
     while ((exclude = va_arg(ap, char *)) != 0) {
 	if (*exclude == '\0')
 	    continue;

postfix/src/tls/tls_server.c

@@ -145,13 +145,14 @@ static SSL_SESSION *get_server_session_cb(SSL *ssl, unsigned char *session_id,
 					          int session_id_length,
 					          int *unused_copy)
 {
+    const char *myname = "get_server_session_cb";
     TLScontext_t *TLScontext;
     VSTRING *cache_id;
     VSTRING *session_data = vstring_alloc(2048);
     SSL_SESSION *session = 0;
 
     if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
-	msg_panic("null TLScontext in session lookup callback");
+	msg_panic("%s: null TLScontext in session lookup callback", myname);
 
 #define HEX_CACHE_ID(id, len) \
     hex_encode(vstring_alloc(2 * (len) + 1), (char *) (id), (len))
@@ -207,12 +208,13 @@ static void uncache_session(SSL_CTX *ctx, TLScontext_t *TLScontext)
 
 static int new_server_session_cb(SSL *ssl, SSL_SESSION *session)
 {
+    const char *myname = "new_server_session_cb";
     VSTRING *cache_id;
     TLScontext_t *TLScontext;
     VSTRING *session_data;
 
     if ((TLScontext = SSL_get_ex_data(ssl, TLScontext_index)) == 0)
-	msg_panic("null TLScontext in new session callback");
+	msg_panic("%s: null TLScontext in new session callback", myname);
 
     cache_id = HEX_CACHE_ID(session->session_id, session->session_id_length);
 
@@ -476,16 +478,16 @@ SSL_CTX *tls_server_init(const tls_server_props *props)
 	SSL_CTX_sess_set_new_cb(server_ctx, new_server_session_cb);
 
 	/*
-	 * OpenSSL ignores timed-out sessions, we need to set the internal
+	 * OpenSSL ignores timed-out sessions. We need to set the internal
-	 * cache timeut at least as high as the external cache timeout. This
+	 * cache timeout at least as high as the external cache timeout. This
 	 * applies even if no internal cache is used.
 	 */
 	SSL_CTX_set_timeout(server_ctx, props->scache_timeout);
     } else {
 
 	/*
-	 * If we have no external cache, disable all caching, no use wasting
+	 * If we have no external cache, disable all caching. No use wasting
-	 * client memory resources with sessions they are unlikely to be able
+	 * server memory resources with sessions they are unlikely to be able
 	 * to reuse.
 	 */
 	SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
@@ -535,13 +537,13 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
     TLScontext->cache_type = SSL_CTX_get_ex_data(server_ctx, TLSscache_index);
 
     if ((TLScontext->con = (SSL *) SSL_new(server_ctx)) == NULL) {
-	msg_info("Could not allocate 'TLScontext->con' with SSL_new()");
+	msg_warn("Could not allocate 'TLScontext->con' with SSL_new()");
 	tls_print_errors();
 	tls_free_context(TLScontext);
 	return (0);
     }
     if (!SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)) {
-	msg_info("Could not set application data for 'TLScontext->con'");
+	msg_warn("Could not set application data for 'TLScontext->con'");
 	tls_print_errors();
 	tls_free_context(TLScontext);
 	return (0);
@@ -572,7 +574,7 @@ TLScontext_t *tls_server_start(SSL_CTX *server_ctx, VSTREAM *stream,
      */
     if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE,
 			  &TLScontext->network_bio, TLS_BIO_BUFSIZE)) {
-	msg_info("Could not obtain BIO_pair");
+	msg_warn("Could not obtain BIO_pair");
 	tls_print_errors();
 	tls_free_context(TLScontext);
 	return (0);

postfix/src/tlsmgr/Makefile.in

@@ -71,6 +71,7 @@ tlsmgr.o: ../../include/mail_server.h
 tlsmgr.o: ../../include/master_proto.h
 tlsmgr.o: ../../include/msg.h
 tlsmgr.o: ../../include/mymalloc.h
+tlsmgr.o: ../../include/name_code.h
 tlsmgr.o: ../../include/name_mask.h
 tlsmgr.o: ../../include/stringops.h
 tlsmgr.o: ../../include/sys_defs.h

postfix/src/tlsmgr/tlsmgr.c

@@ -739,12 +739,15 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv)
     /*
      * If nothing else works then at least this will get us a few bits of
      * entropy.
+     * 
+     * XXX This is our first call into the OpenSSL library. We should find out
+     * if this can be moved to the post-jail initialization phase, without
+     * breaking compatibility with existing installations.
      */
     GETTIMEOFDAY(&tv);
     tv.tv_sec ^= getpid();
     RAND_seed(&tv, sizeof(struct timeval));
 
-
     /*
      * Open the external entropy source. We will not be able to open it again
      * after we are sent to chroot jail, so we keep it open. Errors are not