snapshot-20010124

2025-08-30 13:48:06 +00:00 · 2001-01-24 00:00:00 -05:00
parent 19ca5e1319
commit bcd247acbf
20 changed files with 214 additions and 233 deletions
--- a/postfix/FILTER_README
+++ b/postfix/FILTER_README
@@ -1,6 +1,6 @@
 This is a very first implementation of Postfix content filtering.
 A Postfix content filter receives unfiltered mail from Postfix and
-re-injects filtered mail back into Postfix.
+either bounces the mail or re-injects filtered mail back into Postfix.
 It involves an incompatible change to queue file formats.  Older
 Postfix versions will reject mail that needs to be content filtered,
@@ -24,32 +24,34 @@ The example assumes that only mail arriving via SMTP needs to be
 content filtered.
      ..................................
-      .            Postfix             .
+      :            Postfix             :
-   ------smtpd \                /local-----
+   ----->smtpd \                /local---->
-      .         -cleanup->queue-       .
+      :         -cleanup->queue-       :
-   -----pickup /                \smtp------
+   ---->pickup /                \smtp----->
-   ^  .                        |       .
+   ^  :                        |       :
-   |  .                         \pipe-----+
+   |  :                         \pipe-----+
   |  ..................................  |
   |                                      |
   |                                      |
   +------sendmail<-------filter<---------+
-Create a dedicated local user account called "filter".  The user
+1 - Create a dedicated local user account called "filter".  The
-will never log in, and can be given a "*" password and non-existent
+    user will never log in, and can be given a "*" password and
-shell and home.
+    non-existent shell and home directory. This user handles all
    potentially dangerous mail content - that is why it should be
    a separate account.
-Create a directory /var/spool/filter that is accessible only to
+2 - Create a directory /var/spool/filter that is accessible only
-the "filter" user. This is where the content filtering will store
+    to the "filter" user. This is where the content filtering will
-its temporary files.
+    store its temporary files.
-Define a content filtering entry in the Postfix master file:
+3 - Define a content filtering entry in the Postfix master file:
    /etc/postfix/master.cf:
-	filter	  unix	-	n	n	-	-	pipe
+      filter    unix  -       n       n       -       -       pipe
-	    user=filter argv=/some/where/filter -f ${sender} -- ${recipient}
+        flags=R user=filter argv=/some/where/filter -f ${sender} -- ${recipient}
-The filter program can start out as a simple shell script like this:
+The /some/where/filter program can be a simple shell script like this:
    #!/bin/sh
@@ -85,20 +87,11 @@ content is OK, it is given as input to Postfix sendmail, and the
 exit status of the filter command is whatever exit status Postfix
 sendmail produces.
 The problem with content filters like this is that they are not
 very robust, because the software does not talk a well-defined
 protocol with Postfix. If the filter shell script aborts because
 the shell runs into some memory allocation problem, the script will
 not produce a nice exit status as per /usr/include/sysexits.h and
 mail will probably bounce. The same lack of robustness is possible
 when the content filtering software itself runs into a resource
 problem.
 I suggest that you play with this script for a while until you are
-satisfied with the results. Run it as root or as the filter user,
+satisfied with the results. Run it as the filter user, with a real
-with a real message (headers+body) as input:
+message (headers+body) as input:
-    # /some/where/filter -f sender recipient... <message-file
+    % /some/where/filter -f sender recipient... <message-file
 Turn on content filtering for mail arriving via SMTP only, by
 appending "-o content_filter=filter:dummy" to the master.cf
@@ -111,9 +104,17 @@ entry that defines the Postfix SMTP server:
 The content_filter configuration parameter accepts the same
 syntax as the right-hand side in a Postfix transport table.
-Postfix snapshot-20000529 requires that you specify a dummy
+Simple content filter limitations
-destination as shown in the example.  This is no longer necessary
+=================================
-with later Postfix versions.
+
 The problem with content filters like the one above is that they
 are not very robust, because the software does not talk a well-defined
 protocol with Postfix. If the filter shell script aborts because
 the shell runs into some memory allocation problem, the script will
 not produce a nice exit status as per /usr/include/sysexits.h and
 mail will probably bounce. The same lack of robustness is possible
 when the content filtering software itself runs into a resource
 problem.
 Advanced content filtering example
 ===================================
@@ -132,20 +133,20 @@ port 10025 that receives mail via the SMTP protocol, and that
 submits mail back into Postfix via localhost port 10026.
      ..................................
-      .            Postfix             .
+      :            Postfix             :
-   ------smtpd \                /local-----
+   ----->smtpd \                /local---->
-      .         -cleanup->queue-       .
+      :         -cleanup->queue-       :
-   -----pickup /    ^       |   \smtp------
+   ---->pickup /    ^       |   \smtp----->
-      .             |       v          .
+      :             |       v          :
-      .           smtpd    smtp        .
+      :           smtpd    smtp        :
-      .           10026     |          .
+      :           10026     |          :
      ......................|...........
                    ^       |
                    |       v
                ....|............
-                .   |     10025 .
+                :   |     10025 :
-                .   filtering   .
+                :   filter      :
-                .               .
+                :               :
                .................
 To enable content filtering in this manner, specify in main.cf a
@@ -174,12 +175,8 @@ up to 10 content filtering processes on demand:
 "filter" is a dedicated local user account.  The user will never
 log in, and can be given a "*" password and non-existent shell and
-home.
+home directory.  This user handles all potentially dangerous mail
-
+content - that is why it should be a separate account.
 The spawn server is part of Postfix but is not installed by default.
 Edit the top-level Makefile.in file, run "make makefiles", "make",
 and "make install". The manual page isn't installed by default,
 either. See the spawn.c source file.
 The /some/where/filter command is most likely a PERL script. PERL
 has modules that make talking SMTP easy. The command-line specifies
@@ -192,7 +189,8 @@ it can be used with other mailers too, which is a nice spin-off.
 The simplest content filter just copies SMTP commands and data
 between its inputs and outputs. If it has a problem, all it has to
 do is to reply to an input of `.' with `550 content rejected', and
-to disconnect its output side instead of sending `.'.
+to disconnect without sending `.' on the connection that injects
 mail back into Postfix.
 The job of the content filter is to either bounce mail with a
 suitable diagnostic, or to feed the mail back into Postfix through
--- a/postfix/INSTALL.sh
+++ b/postfix/INSTALL.sh
@@ -6,6 +6,7 @@
 PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc
 umask 022
 test -t 0 &&
 cat <<EOF
 Warning: this script replaces existing sendmail or Postfix programs.
@@ -124,6 +125,7 @@ fi
 # Find out the location of configuration files.
 test -t 0 &&
 for name in install_root tempdir config_directory
 do
    while :
@@ -168,6 +170,7 @@ test -f $CONFIG_DIRECTORY/install.cf && . $CONFIG_DIRECTORY/install.cf
 # Override default settings.
 test -t 0 &&
 for name in daemon_directory command_directory \
    queue_directory sendmail_path newaliases_path mailq_path mail_owner\
    setgid manpages
--- a/postfix/LMTP_README
+++ b/postfix/LMTP_README
@@ -1,14 +1,12 @@
 [Based on information that was provided by Amous Gouaux]
 Postfix LMTP support
 ====================
 LMTP stands for Local Mail Transfer Protocol, and is detailed in
 RFC2033.  This protocol is used to communicate with the final
-delivery agent, which may be on the local host or a remote host.
+delivery agent, which may run on the local host or a remote host.
 This protocol opens up interesting possibilities: one Postfix front
-end system can drive multiple mailbox back end systems over LMTP.
+end machine can drive multiple mailbox back end machines over LMTP.
 As the mail load increases you add Postfix front end systems and
 LMTP mailbox back end systems.  You can use LDAP or mysql to share
 the user database among the front end and back end systems.
@@ -51,54 +49,68 @@ given in the lmtp(8) manual page.
 Using main.cf configuration
 ===========================
-This is the simplest LMTP configuration.  The settings
+This is the simplest LMTP configuration.  
 local_transport, mailbox_transport, and fallback_transport can
 support the following connections:
-1.  LMTP over TCP sockets.
+1.  LMTP over UNIX-domain sockets.
-    mailbox_transport = lmtp
+    The UNIX-domain socket is specified as a name in the local file
    system.  This "/path/name" should be the socket created by the
    LMTP server on the local machine. See the specific examples
    later in this document.
-    Instead of delivering local mail to a mail box such as
+    The settings local_transport, mailbox_transport, and
-    /var/mail/$user, a connection will be made over TCP to an LMTP
+    fallback_transport support the following connections:
-    server.  Currently the default port for this connection is 24,
+
-    but this can be customized in the "/etc/services" file.
+	mailbox_transport = lmtp:unix:/path/name
    The Postfix local delivery agent expands aliases and .forward
    files, and delegates mailbox delivery to the LMTP server.
 	local_transport = lmtp:unix:/path/name
    Mail that resolves as local is directly given to the LMTP server.
    The mail is not processed by the Postfix local delivery agent;
    therefore aliases and .forward files are not expanded.
 	fallback_transport = lmtp:unix:/path/name
    The Postfix local delivery agent expands aliases and .forward files,
    and delivers to /var/mail/$user for users that have a UNIX account.
    Mail for other local users is delegated to the LMTP server.
    NOTE:
        With connections over TCP sockets, some Cyrus implementations
        insist on SASL-style authentication, which is not currently
        supported by the Postfix LMTP client.  See the examples below 
        for additional details.
 2.  LMTP over UNIX-domain sockets.
    mailbox_transport = lmtp:unix:/path/name
    In this case the LMTP connection will be made over a UNIX-domain
    socket.  This "/path/name" should be the socket created by the
    LMTP server on the local machine.
    NOTE 1:
        If you configured Cyrus using the "--with-libwrap" option, be 
        sure to allow access to the "lmtpd" service from "0.0.0.0".
        Otherwise LMTP deliveries over UNIX-domain sockets will be
        blocked.  See the examples below for more on using libwrap.
    NOTE 2:
 	If you run the lmtp client chrooted, the interpretation of
 	the /path/name is relative to the Postfix queue directory
 	(typically, /var/spool/postfix).
    NOTE 3:
 	By default, the Postfix LMTP client does not run chrooted.
 	With LMTP delivery to the local machine there is no good
 	reason to run the Postfix LMTP client chrooted.
 2.  LMTP over TCP sockets.
    Currently the default TCP port number for this type of connection
    is 24, but this can be customized in the "/etc/services" file.
    Specific examples are given later in this document.
    The settings local_transport, mailbox_transport, and
    fallback_transport support the following connections:
 	mailbox_transport = lmtp:hostname:port
 	local_transport = lmtp:hostname:port
 	fallback_transport = lmtp:hostname:port
    See the previous section for a discussion of the differences
    between these three delivery methods.
    NOTE:
 	With connections over TCP sockets, later Cyrus implementations
 	insist on SASL-style authentication. This means that Postfix
 	must be built with SASL support (see SASL_README).  The
 	examples below show how to enable this in the Postfix LMTP
 	client.
 Examples:
@@ -120,15 +132,9 @@ Examples:
        mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
-    In this case, mail that is resolved to be local will be delivered
+    In this case, the Postfix local delivery agent expands aliases
-    to the Cyrus lmtpd server via the socket "/var/imap/socket/lmtp".  
+    and .forward files, and delegates mailbox delivery to the Cyrus
-
+    lmtpd server via the socket "/var/imap/socket/lmtp".
    If you configured Cyrus using the "--with-libwrap" option, you
    will need the following:
    /etc/hosts.allow:
        lmtpd : 0.0.0.0
 2.  LMTP over TCP sockets.
@@ -139,104 +145,50 @@ Examples:
        SERVICES { 
            ... 
-            lmtp cmd="lmtpd -a" listen="127.0.0.1:lmtp" prefork=0 
+            lmtp cmd="lmtpd" listen="127.0.0.1:lmtp" prefork=0 
            ... 
        } 
 XXX does this mean that connections will be accepted only on 127.0.0.1?
    /etc/services:
-        lmtp 2003/tcp
+        lmtp 24/tcp
    /etc/postfix/main.cf:
-        mailbox_transport = lmtp
+        mailbox_transport = lmtp:localhost
 	lmtp_sasl_auth_enable = yes
 	lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
    /etc/postfix/master.cf:
        lmtp      unix  -       -       n       -       -       lmtp
-    Mail that Postfix resolves to be local will be delivered via TCP
+    /etc/postfix/lmtp_sasl_pass:
-    to the Cyrus LMTP server.  Postfix will make a connection to port
+	localhost.my.domain	username:password
    2003 on the local host, subsequently transmitting the message to
    the lmtpd server managed by the Cyrus master process.  Since
    Postfix does not currently support LMTP-AUTH, the "-a" lmtpd
    option is required.
-    CAUTION:
+    Instead of "hash", use the map type of your choice.  Some
    systems use "dbm" instead.  Use "postconf -m" to find out what
    map types are supported.
-        If you run lmtpd with the "-a" option, be certain that you
+    With the above settings, the Postfix local delivery agent
-        restrict what systems can connect to this service.  This can
+    expands aliases and .forward files, and delegates mailbox
-        be done in either one of two ways:
+    delivery to the the Cyrus LMTP server.  Postfix makes a
-
+    connection to port 24 on the local host, subsequently
-        a.  Compile Cyrus with libwrap support, configuring
+    transmitting the message to the lmtpd server managed by the
-            "/etc/hosts.allow" to restrict access to this service to
+    Cyrus master process.
            only your mail server.
        b.  In the cyrus.conf file, for the "listen" argument to the
            "lmtp" service, specify the address (in this case
            localhost), that the service should bind to.  This can
            also be convenient if you have a private network between
            your Postfix server and your Cyrus server.
        If neither of these actions are taken, anybody will be able
        to drop junk into your Cyrus message store!  
 3.  LMTP over TCP sockets, using hosts.allow.
    While similar to the previous example, this one varies in how the
    lmtpd service is protected from unauthorized use.  Instead of
    binding the lmtpd service to a specific Internet address, access
    will be controlled using the "/etc/hosts.allow" tcp_wrappers
    configuration file.  The tcp_wrappers package is available from:
        ftp://ftp.porcupine.org/pub/security/index.html
    To take advantage of tcp_wrappers, Cyrus will need to be
    configured using the "--with-libwrap" option.  See the Cyrus
    documentation for more details.
    Here are excerpts of the pertinent files:
    /etc/hosts.allow:
        lmtpd : localhost : ALLOW
        lmtpd : ALL@ALL : DENY
    /etc/cyrus.conf:
        SERVICES { 
            ... 
            lmtp cmd="lmtpd -a" listen="lmtp" prefork=0 
            ... 
        } 
    /etc/services:
        lmtp 2003/tcp
    /etc/postfix/main.cf:
        mailbox_transport = lmtp
    The syntax shown in the hosts.allow excerpt above is valid if
    tcp_wrappers is compiled using a "make" argument of:
        STYLE=-DPROCESS_OPTIONS
    See the tcp_wrappers hosts_options(5) man page for more details.
 Using transport map configuration
 =================================
-This approach is quite similar to specifying the LMTP service in the
+This approach is quite similar to specifying the LMTP service in
-Postfix main.cf configuration file.  However, now we will use a
+the Postfix main.cf configuration file.  However, now we will use
-transport map to route mail to the appropriate LMTP server.  Why
+a transport map to route mail to the appropriate LMTP server,
-might this approach be useful?  This could be handy if you wish to
+instead of depending on delegation by the Postfix local delivery
-route mail for multiple domains to their respective mail retrieval
+agent.
 Why might this approach be useful?  This could be handy if you wish
 to route mail for multiple domains to their respective mail retrieval
 (IMAP/POP) server.  Example:
    /etc/postfix/transport:
@@ -399,7 +351,7 @@ configure inetd.  This involves the following file edits:
    /etc/services:
-        lmtp 2003/tcp
+        lmtp 24/tcp
    /etc/inetd.conf:
--- a/postfix/SASL_README
+++ b/postfix/SASL_README
@@ -62,11 +62,14 @@ Reportedly, Microsoft Internet Explorer version 5 requires the
 non-standard SASL LOGIN authentication method. To enable this
 authentication method, specify ``./configure --enable-login''.
-Reportedly, older Microsoft software mis-implements the AUTH
+Older Microsoft SMTP client software implements a non-standard 
-protocol, and requires that the server replies to EHLO with
+version of the AUTH protocol syntax, and expects that the SMTP
-"250-AUTH=stuff..." instead of "250-AUTH stuff...". To accomodate
+server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-such clients, set "allow_broken_auth_clients = yes" in the main.cf
+stuff".  To accomodate such clients in addition to conformant
-file.
+clients, set "broken_sasl_auth_clients = yes" in the main.cf file.
 The Postfix SMTP client is backwards compatible with SMTP servers
 that use the non-standard AUTH protocol syntax.
 Building Postfix with SASL authentication support
 =================================================
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -83,35 +83,36 @@
 #        REJECT Reject the address etc. that matches the pattern. A
 #               generic error response message is generated.
 # 
-#        OK
+#        OK     Accept the address etc. that matches the pattern.
 # 
-#        Any other text
+#        restriction...
-#               Accept the address etc. that matches the pattern.
+#               Apply the named UCE  restriction  (permit,  reject,
 #               reject_unauth_destination, and so on).
 # 
 # REGULAR EXPRESSION TABLES
-#        This section describes how the table lookups  change  when
+#        This  section  describes how the table lookups change when
 #        the table is given in the form of regular expressions. For
-#        a description of regular expression lookup  table  syntax,
+#        a  description  of regular expression lookup table syntax,
 #        see regexp_table(5) or pcre_table(5).
 # 
-#        Each  pattern  is  a regular expression that is applied to
+#        Each pattern is a regular expression that  is  applied  to
 #        the entire string being looked up. Depending on the appli-
-#        cation,  that  string  is  an  entire  client hostname, an
+#        cation, that string  is  an  entire  client  hostname,  an
 #        entire client IP address, or an entire mail address. Thus,
-#        no  parent  domain  or  parent network search is done, and
+#        no parent domain or parent network  search  is  done,  and
-#        user@domain mail addresses are not broken  up  into  their
+#        user@domain  mail  addresses  are not broken up into their
 #        user@ and domain constituent parts.
 # 
-#        Patterns  are  applied  in  the  order as specified in the
+#        Patterns are applied in the  order  as  specified  in  the
-#        table, until a pattern is found that  matches  the  search
+#        table,  until  a  pattern is found that matches the search
 #        string.
 # 
-#        Actions  are the same as with normal indexed file lookups,
+#        Actions are the same as with normal indexed file  lookups,
-#        with the additional feature that parenthesized  substrings
+#        with  the additional feature that parenthesized substrings
-#        from  the pattern can be interpolated as $1, $2 and so on.
+#        from the pattern can be interpolated as $1, $2 and so  on.
 # 
 # BUGS
-#        The table format does not understand quoting  conventions.
+#        The  table format does not understand quoting conventions.
 # 
 #                                                                 2
 # 
@@ -124,7 +125,7 @@
 #        regexp_table(5) format of POSIX regular expression tables
 # 
 # LICENSE
-#        The  Secure  Mailer  license must be distributed with this
+#        The Secure Mailer license must be  distributed  with  this
 #        software.
 # 
 # AUTHOR(S)
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -94,36 +94,36 @@ ACCESS(5)                                               ACCESS(5)
       <b>REJECT</b> Reject the address etc. that matches the pattern. A
              generic error response message is generated.
-       <b>OK</b>
+       <b>OK</b>     Accept the address etc. that matches the pattern.
-       <i>Any</i> <i>other</i> <i>text</i>
+       <i>restriction...</i>
-              Accept the address etc. that matches the pattern.
+              Apply the named UCE  restriction  (<b>permit</b>,  reject,
              <b>reject</b><i>_</i><b>unauth</b><i>_</i><b>destination</b>, and so on).
 <b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
-       This section describes how the table lookups  change  when
+       This  section  describes how the table lookups change when
       the table is given in the form of regular expressions. For
-       a description of regular expression lookup  table  syntax,
+       a  description  of regular expression lookup table syntax,
       see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
-       Each  pattern  is  a regular expression that is applied to
+       Each pattern is a regular expression that  is  applied  to
       the entire string being looked up. Depending on the appli-
-       cation,  that  string  is  an  entire  client hostname, an
+       cation, that string  is  an  entire  client  hostname,  an
       entire client IP address, or an entire mail address. Thus,
-       no  parent  domain  or  parent network search is done, and
+       no parent domain or parent network  search  is  done,  and
-       <i>user@domain</i> mail addresses are not broken  up  into  their
+       <i>user@domain</i>  mail  addresses  are not broken up into their
       <i>user@</i> and <i>domain</i> constituent parts.
-       Patterns  are  applied  in  the  order as specified in the
+       Patterns are applied in the  order  as  specified  in  the
-       table, until a pattern is found that  matches  the  search
+       table,  until  a  pattern is found that matches the search
       string.
-       Actions  are the same as with normal indexed file lookups,
+       Actions are the same as with normal indexed file  lookups,
-       with the additional feature that parenthesized  substrings
+       with  the additional feature that parenthesized substrings
-       from  the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+       from the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so  on.
 <b>BUGS</b>
-       The table format does not understand quoting  conventions.
+       The  table format does not understand quoting conventions.
@@ -144,7 +144,7 @@ ACCESS(5)                                               ACCESS(5)
       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
       software.
 <b>AUTHOR(S)</b>
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -77,7 +77,7 @@ SMTPD(8)                                                 SMTPD(8)
              For  example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
              comments, like Sendmail does.
-       <b>allow</b><i>_</i><b>broken</b><i>_</i><b>auth</b><i>_</i><b>clients</b>
+       <b>broken</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>clients</b>
              Support older Microsoft clients that  mis-implement
              the AUTH protocol, and that expect an EHLO response
              of "250 AUTH=list" instead of "250 AUTH list".
@@ -90,7 +90,7 @@ SMTPD(8)                                                 SMTPD(8)
              same  syntax  as  the  right-hand side of a Postfix
              transport table.
-<b>Authenication</b> <b>controls</b>
+<b>Authentication</b> <b>controls</b>
       <b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
              Enable per-session authentication as per  <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC  2554</a>
              (SASL).   This functionality is available only when
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@@ -76,8 +76,10 @@ the numerical code and text.
 Reject the address etc. that matches the pattern. A generic
 error response message is generated.
 .IP \fBOK\fR
 .IP "\fIAny other text\fR"
 Accept the address etc. that matches the pattern.
 .IP \fIrestriction...\fR
 Apply the named UCE restriction (\fBpermit\fR, \fRreject\fR,
 \fBreject_unauth_destination\fR, and so on).
 .SH REGULAR EXPRESSION TABLES
 .na
 .nf
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -71,7 +71,7 @@ a configuration change.
 .IP \fBstrict_rfc821_envelopes\fR
 Disallow non-RFC 821 style addresses in envelopes. For example,
 allow RFC822-style address forms with comments, like Sendmail does.
-.IP \fBallow_broken_auth_clients\fR
+.IP \fBbroken_sasl_auth_clients\fR
 Support older Microsoft clients that mis-implement the AUTH
 protocol, and that expect an EHLO response of "250 AUTH=list"
 instead of "250 AUTH list".
@@ -81,7 +81,7 @@ The name of a mail delivery transport that filters mail and that
 either bounces mail or re-injects the result back into Postfix.
 This parameter uses the same syntax as the right-hand side of
 a Postfix transport table.
-.SH "Authenication controls"
+.SH "Authentication controls"
 .IP \fBenable_sasl_authentication\fR
 Enable per-session authentication as per RFC 2554 (SASL).
 This functionality is available only when explicitly selected
--- a/postfix/proto/access
+++ b/postfix/proto/access
@@ -64,8 +64,10 @@
 #	Reject the address etc. that matches the pattern. A generic
 #	error response message is generated.
 # .IP \fBOK\fR
 # .IP "\fIAny other text\fR"
 #	Accept the address etc. that matches the pattern.
 # .IP \fIrestriction...\fR
 #	Apply the named UCE restriction (\fBpermit\fR, \fRreject\fR,
 #	\fBreject_unauth_destination\fR, and so on).
 # REGULAR EXPRESSION TABLES
 # .ad
 # .fi
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -241,7 +241,7 @@ extern bool var_strict_rfc821_env;
  * Standards violation: send "250 AUTH=list" in order to accomodate broken
  * Microsoft clients.
  */
-#define VAR_BROKEN_AUTH_CLNTS	"allow_broken_auth_clients"
+#define VAR_BROKEN_AUTH_CLNTS	"broken_sasl_auth_clients"
 #define DEF_BROKEN_AUTH_CLNTS	0
 extern bool var_broken_auth_clients;
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -15,7 +15,7 @@
  * Version of this program.
  */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-20010122"
+#define DEF_MAIL_VERSION	"Snapshot-20010124"
 extern char *var_mail_version;
 /* LICENSE
--- a/postfix/src/lmtp/lmtp.c
+++ b/postfix/src/lmtp/lmtp.c
@@ -458,9 +458,12 @@ static void post_init(char *unused_name, char **unused_argv)
 static void pre_init(char *unused_name, char **unused_argv)
 {
    debug_peer_init();
 #ifdef USE_SASL_AUTH
    if (var_lmtp_sasl_enable)
 #ifdef USE_SASL_AUTH
 	lmtp_sasl_initialize();
 #else
 	msg_warn("%s is true, but SASL support is not compiled in",
 		 VAR_LMTP_SASL_ENABLE);
 #endif
 }
@@ -525,6 +528,7 @@ int     main(int argc, char **argv)
    static CONFIG_BOOL_TABLE bool_table[] = {
 	VAR_LMTP_CACHE_CONN, DEF_LMTP_CACHE_CONN, &var_lmtp_cache_conn,
 	VAR_LMTP_SKIP_QUIT_RESP, DEF_LMTP_SKIP_QUIT_RESP, &var_lmtp_skip_quit_resp,
 	VAR_LMTP_SASL_ENABLE, DEF_LMTP_SASL_ENABLE, &var_lmtp_sasl_enable,
 	0,
    };
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -658,9 +658,7 @@ static void print_parameter(int mode, char *ptr)
 #define INSIDE(p,t) (ptr >= (char *) t && ptr < ((char *) t) + sizeof(t))
    /*
-     * This is gross, but the best we can do on short notice. Instead of
+     * This is gross, but the best we can do on short notice.
     * guessing we should use a tagged union. This is what code looks like
     * when written under the pressure of a first public release.
     */
    if (INSIDE(ptr, time_table))
 	print_time(mode, (CONFIG_TIME_TABLE *) ptr);
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -735,7 +735,8 @@ int     main(int argc, char **argv)
     * reset the saved set-userid, which would be a security vulnerability.
     */
    if (geteuid() == 0 && getuid() != 0) {
-	msg_warn("sendmail has set-uid root file permissions, or is run from a set-uid root process");
+	msg_warn("the Postfix sendmail command has set-uid root file permissions");
 	msg_warn("or the command is run from a set-uid root process");
 	msg_warn("the Postfix sendmail command must be installed without set-uid root file permissions");
 	set_ugid(getuid(), getgid());
    }
@@ -903,7 +904,7 @@ int     main(int argc, char **argv)
 	msg_fatal("-t can be used only in delivery mode");
    if (site_to_flush && mode != SM_MODE_ENQUEUE)
-	msg_fatal("-t can be used only in delivery mode");
+	msg_fatal("-qR can be used only in delivery mode");
    if (extract_recipients && argv[OPTIND])
 	msg_fatal("cannot handle command-line recipients with -t");
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -360,9 +360,12 @@ static void pre_init(char *unused_name, char **unused_argv)
 {
    debug_peer_init();
 #ifdef USE_SASL_AUTH
    if (var_smtp_sasl_enable)
 #ifdef USE_SASL_AUTH
 	smtp_sasl_initialize();
 #else
 	msg_warn("%s is true, but SASL support is not compiled in",
 		 VAR_SMTP_SASL_ENABLE);
 #endif
 }
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -57,7 +57,7 @@
 /* .IP \fBstrict_rfc821_envelopes\fR
 /*	Disallow non-RFC 821 style addresses in envelopes. For example,
 /*	allow RFC822-style address forms with comments, like Sendmail does.
-/* .IP \fBallow_broken_auth_clients\fR
+/* .IP \fBbroken_sasl_auth_clients\fR
 /*	Support older Microsoft clients that mis-implement the AUTH
 /*	protocol, and that expect an EHLO response of "250 AUTH=list"
 /*	instead of "250 AUTH list".
@@ -67,7 +67,7 @@
 /*	either bounces mail or re-injects the result back into Postfix.
 /*	This parameter uses the same syntax as the right-hand side of
 /*	a Postfix transport table.
-/* .SH "Authenication controls"
+/* .SH "Authentication controls"
 /* .IP \fBenable_sasl_authentication\fR
 /*	Enable per-session authentication as per RFC 2554 (SASL).
 /*	This functionality is available only when explicitly selected
@@ -1415,9 +1415,12 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
    debug_peer_init();
    msg_cleanup(smtpd_cleanup);
 #ifdef USE_SASL_AUTH
    if (var_smtpd_sasl_enable)
 #ifdef USE_SASL_AUTH
 	smtpd_sasl_initialize();
 #else
 	msg_warn("%s is true, but SASL support is not compiled in",
 		 VAR_SMTPD_SASL_ENABLE);
 #endif
 }
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@@ -8,6 +8,11 @@
 /* DESCRIPTION
 /* .nf
 /*
  * System library.
  */
 #include <unistd.h>
 /*
  * SASL library.
  */
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -281,6 +281,7 @@
 /* Application-specific. */
 #include "smtpd.h"
 #include "smtpd_sasl_glue.h"
 #include "smtpd_check.h"
 /*
--- a/postfix/src/smtpstone/smtp-sink.c
+++ b/postfix/src/smtpstone/smtp-sink.c
@@ -336,11 +336,16 @@ static void connect_event(int unused_event, char *context)
    if ((fd = accept(sock, &sa, &len)) >= 0) {
 	if (msg_verbose)
-	    msg_info("connect (%s)", sa.sa_family == AF_LOCAL ? "AF_LOCAL" :
+	    msg_info("connect (%s)",
 #ifdef AF_LOCAL
 		     sa.sa_family == AF_LOCAL ? "AF_LOCAL" :
 #else
 		     sa.sa_family == AF_UNIX ? "AF_UNIX" :
 #endif
 		     sa.sa_family == AF_INET ? "AF_INET" :
 #ifdef AF_INET6
 		     sa.sa_family == AF_INET6 ? "AF_INET6" :
 #endif
 		     sa.sa_family == AF_INET ? "AF_INET" :
 		     "unknown protocol family");
 	non_blocking(fd, NON_BLOCKING);
 	state = (SINK_STATE *) mymalloc(sizeof(*state));