postfix-2.3-RC9

2025-08-29 21:27:57 +00:00 · 2006-07-09 00:00:00 -05:00 · 2006-07-09 00:00:00 -05:00 · bea0e7b32c
commit bea0e7b32c
parent cc94e64f58
27 changed files with 1115 additions and 743 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -12479,6 +12479,20 @@ Apologies for any names omitted.
 	plaintext after an opportunistic TLS handshake fails. Specify
 	"smtp_sasl_auth_enforce = no" to deliver mail anyway.
 20060709
 	Cleanup: the new single smtpd_tls_security_level parameter
 	obsoletes the multiple smtpd_use_tls and smtpd_enforce_tls
 	parameters. This is done for consistency with the Postfix
 	SMTP client. In the Postfix SMTP server, the levels "verify"
 	and "secure" are currently not applicable, and are treated
 	as "encrypt", after logging a warning. Files: smtpd/smtpd.c,
 	tls/tls_level.c, smtp/smtp_session.c.
 	Compatibility: don't send the first body line to Milter
 	applications.  This also broke domain key etc. signatures
 	when verified by non-Postfix MTAs.  File: milter/milter8.c.
 Wish list:
 	The usage of TLScontext->cache_type is unclear. It specifies
--- a/postfix/README_FILES/INSTALL
+++ b/postfix/README_FILES/INSTALL
@ -95,7 +95,7 @@ At some point in time, a version of Postfix was supported on:
    OSF1.V3 - OSF1.V5 (Digital UNIX)
    Reliant UNIX 5.x
    Rhapsody 5.x
-    SunOS 4.1.4 (December 2005)
+    SunOS 4.1.4 (July 2006)
    SunOS 5.4 - 5.9 (Solaris 2.4..9)
    Ultrix 4.x (well, that was long ago)
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@ -146,9 +146,8 @@ clients will not, as a rule, fall back to plain text after a TLS handshake
 failure, the server will be unable to receive email from most TLS enabled
 clients. To avoid accidental configurations with no certificates, Postfix 2.3
 enables certificate-less operation only when the administrator explicitly sets
-"smtpd_tls_cert_file = none". This ensures that new Postfix configurations with
+"smtpd_tls_cert_file = none". This ensures that new Postfix configurations will
-just "smtpd_use_tls = yes" added, will not accidentally run with no
+not accidentally run with no certificates.
 certificates.
 Both RSA and DSA certificates are supported. Typically you will only have RSA
 certificates issued by a commercial CA. In addition, the tools supplied with
@ -282,11 +281,16 @@ Example:
 EEnnaabblliinngg TTLLSS iinn tthhee PPoossttffiixx SSMMTTPP sseerrvveerr
 By default, TLS is disabled in the Postfix SMTP server, so no difference to
-plain Postfix is visible. Explicitly switch it on using "smtpd_use_tls = yes".
+plain Postfix is visible. Explicitly switch it on with
 "smtpd_tls_security_level = may" (Postfix 2.3 and later) or
 "smtpd_use_tls = yes" (obsolete but still supported).
 Example:
    /etc/postfix/main.cf:
        # Postfix 2.3 and later
        smtpd_tls_security_level = may
        # Obsolete, but still supported
        smtpd_use_tls = yes
 With this, Postfix SMTP server announces STARTTLS support to SMTP clients, but
@ -298,13 +302,17 @@ is intended behavior.
 You can ENFORCE the use of TLS, so that the Postfix SMTP server announces
 STARTTLS and accepts no mail without TLS encryption, by setting
-"smtpd_enforce_tls = yes". According to RFC 2487 this MUST NOT be applied in
+"smtpd_tls_security_level = encrypt" (Postfix 2.3 and later) or
-case of a publicly-referenced Postfix SMTP server. This option is off by
+"smtpd_enforce_tls = yes" (obsolete but still supported). According to RFC 2487
-default and should only seldom be used.
+this MUST NOT be applied in case of a publicly-referenced Postfix SMTP server.
 This option is off by default and should only seldom be used.
 Example:
    /etc/postfix/main.cf:
        # Postfix 2.3 and later
        smtpd_tls_security_level = encrypt
        # Obsolete, but still supported
        smtpd_enforce_tls = yes
 TLS is sometimes used in the non-standard "wrapper" mode where a server always
@ -343,8 +351,11 @@ server is configured to ask for client certificates.
 Example:
    /etc/postfix/main.cf:
        smtpd_use_tls = yes
        smtpd_tls_ask_ccert = yes
        # Postfix 2.3 and later
        smtpd_tls_security_level = may
        # Obsolete, but still supported
        smtpd_use_tls = yes
 When TLS is enforced you may also decide to REQUIRE a remote SMTP client
 certificate for all TLS connections, by setting "smtpd_tls_req_ccert = yes".
@ -354,8 +365,11 @@ This feature implies "smtpd_tls_ask_ccert = yes". When TLS is not enforced,
 Example:
    /etc/postfix/main.cf:
        smtpd_enforce_tls = yes
        smtpd_tls_req_ccert = yes
        # Postfix 2.3 and later
        smtpd_tls_security_level = encrypt
        # Obsolete, but still supported
        smtpd_enforce_tls = yes
 A client certificate verification depth of 1 is sufficient if the certificate
 is directly issued by a CA listed in the CA file. The default value (5) should
@ -370,12 +384,14 @@ Example:
 SSuuppppoorrttiinngg AAUUTTHH oovveerr TTLLSS oonnllyy
 Sending AUTH data over an unencrypted channel poses a security risk. When TLS
-layer encryption is required (smtpd_enforce_tls = yes), the Postfix SMTP server
+layer encryption is required ("smtpd_tls_security_level = encrypt" or the
-will announce and accept AUTH only after the TLS layer has been activated with
+obsolete "smtpd_enforce_tls = yes"), the Postfix SMTP server will announce and
-STARTTLS. When TLS layer encryption is optional (smtpd_enforce_tls = no), it
+accept AUTH only after the TLS layer has been activated with STARTTLS. When TLS
-may however still be useful to only offer AUTH when TLS is active. To maintain
+layer encryption is optional ("smtpd_tls_security_level = may" or the obsolete
-compatibility with non-TLS clients, the default is to accept AUTH without
+"smtpd_enforce_tls = no"), it may however still be useful to only offer AUTH
-encryption. In order to change this behavior, set "smtpd_tls_auth_only = yes".
+when TLS is active. To maintain compatibility with non-TLS clients, the default
 is to accept AUTH without encryption. In order to change this behavior, set
 "smtpd_tls_auth_only = yes".
 Example:
@ -489,12 +505,14 @@ specifying an smtpd_tls_dcert_file.
 Example: (MSA that requires TLS with reasonably secure ciphers)
    /etc/postfix/main.cf:
        smtpd_use_tls = yes
        smtpd_enforce_tls = yes
        smtpd_tls_cert_file = /etc/postfix/cert.pem
        smtpd_tls_key_file = /etc/postfix/key.pem
        smtpd_tls_ciphers = medium
        smtpd_tls_exclude_ciphers = aNULL, MD5
        # Postfix 2.3 and later
        smtpd_tls_security_level = encrypt
        # Obsolete, but still supported
        smtpd_enforce_tls = yes
 If you want to take advantage of ciphers with EDH, DH parameters are needed.
 Instead of using the built-in DH parameters for both 1024bit and 512bit, it is
@ -993,13 +1011,13 @@ the new policy table instead.
 MMaannddaattoorryy sseerrvveerr cceerrttiiffiiccaattee vveerriiffiiccaattiioonn
 At the "verify" TLS security level, messages are sent only over TLS encrypted
-sessions for which server certificate verification succeeds. If no suitable
+sessions if the server certificate is valid (not expired or revoked, and signed
-servers are found, the message will be deferred. With Postfix 2.3 and later,
+by a trusted certificate authority) and if the server certificate name matches
-mandatory server certificate verification can be configured by setting
+a known pattern. Mandatory server certificate verification can be configured by
-"smtp_tls_security_level = verify", the smtp_tls_verify_cert_match parameter
+setting "smtp_tls_security_level = verify". The smtp_tls_verify_cert_match
-can override the default "hostname" certificate match strategy. Fine-tuning the
+parameter can override the default "hostname" certificate name matching
-matching strategy is generally only appropriate for secure-channel
+strategy. Fine-tuning the matching strategy is generally only appropriate for
-destinations.
+secure-channel destinations.
 With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
 default (backwards compatible) empty value, the appropriate configuration
@ -1229,27 +1247,39 @@ nnoonnee
 mmaayy
    Opportunistic TLS. No additional attributes are supported at this level.
 eennccrryypptt
-    Mandatory TLS encryption. At this level and higher the optional "ciphers"
+    Mandatory TLS encryption. Mail is delivered only if remote SMTP server
-    attribute overrides the main.cf smtp_tls_mandatory_ciphers parameter and
+    offers STARTTLS and the TLS handshake succeeds. At this level and higher
-    the optional "protocols" keyword overrides the main.cf
+    the optional "ciphers" attribute overrides the main.cf
-    smtp_tls_mandatory_protocols parameter. In the policy table, multiple
+    smtp_tls_mandatory_ciphers parameter and the optional "protocols" keyword
-    protocols must be separated by colons, as attribute values may not contain
+    overrides the main.cf smtp_tls_mandatory_protocols parameter.
    whitespace or commas.
 vveerriiffyy
-    Mandatory server certificate verification. The optional "match" attribute
+    Mandatory server certificate verification. Mail is delivered only if the
-    overrides the main.cf smtp_tls_verify_cert_match parameter. In the policy
+    TLS handshake succeeds, if the server certificate can be validated (not
-    table, multiple match patterns and strategies must be separated by colons.
+    expired or revoked, and signed by a trusted certificate authority), and if
    the server certificate name matches the optional "match" attribute (or the
    main.cf smtp_tls_verify_cert_match parameter value when no optional "match"
    attribute is specified).
 sseeccuurree
-    Secure-channel TLS. The optional "match" attribute overrides the main.cf
+    Secure-channel TLS. Mail is delivered only if the TLS handshake succeeds,
-    smtp_tls_secure_cert_match parameter. In the policy table, multiple match
+    if the server certificate can be validated (not expired or revoked, and
-    patterns and strategies must be separated by colons. The match attribute is
+    signed by a trusted certificate authority), and if the server certificate
-    useful when additional domains are supported by common server, the policy
+    name matches the optional "match" attribute (or the main.cf
-    entries for the additional domains specify matching rules for the primary
+    smtp_tls_secure_cert_match parameter value when no optional "match"
-    domain certificate. While transport table overrides routing secondary
+    attribute is specified).
-    domains to the primary nexthop also allow secure verification, they risk
+Notes:
-    delivery to the wrong destination when domains change hands or are re-
+
-    assigned to new gateways. With the "match" attribute approach, routing is
+  * The "match" attribute is especially useful to verify TLS certificates for
-    not perturbed, and mail is deferred if verification of a new MX host fails.
+    domains that are hosted on a shared server. In that case, specify "match"
    rules for the shared server's name. While secure verification can also be
    achieved with manual routing overrides in Postfix transport(5) tables, that
    approach can deliver mail to the wrong host when domains are assigned to
    new gateway hosts. The "match" attribute approach avoids the problems of
    manual routing overrides; mail is deferred if verification of a new MX host
    fails.
  * When a policy table entry specifies multiple match patterns, multiple match
    strategies, or multiple protocols, these must be separated by colons.
 Example:
    /etc/postfix/main.cf:
@ -1662,18 +1692,22 @@ indicates a super-user shell.
    certificate and key incorrectly, you will be unable to send mail to sites
    that request client certificate, but don't require them from all clients.
-        smtp_tls_CAfile = /etc/postfix/cacert.pem
+        /etc/postfix/main.cf:
-        smtp_tls_session_cache_database =
+            smtp_tls_CAfile = /etc/postfix/cacert.pem
-            btree:/var/spool/postfix/smtp_tls_session_cache
+            smtp_tls_session_cache_database =
-        smtp_use_tls = yes
+        	btree:/var/spool/postfix/smtp_tls_session_cache
-        smtpd_tls_CAfile = /etc/postfix/cacert.pem
+            smtp_use_tls = yes
-        smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
+            smtpd_tls_CAfile = /etc/postfix/cacert.pem
-        smtpd_tls_key_file = /etc/postfix/FOO-key.pem
+            smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
-        smtpd_tls_received_header = yes
+            smtpd_tls_key_file = /etc/postfix/FOO-key.pem
-        smtpd_tls_session_cache_database =
+            smtpd_tls_received_header = yes
-            btree:/var/spool/postfix/smtpd_tls_session_cache
+            smtpd_tls_session_cache_database =
-        smtpd_use_tls = yes
+        	btree:/var/spool/postfix/smtpd_tls_session_cache
-        tls_random_source = dev:/dev/urandom
+            tls_random_source = dev:/dev/urandom
            # Postfix 2.3 and later
            smtpd_tls_security_level = may
            # Obsolete, but still supported
            smtpd_use_tls = yes
 RReeppoorrttiinngg pprroobblleemmss
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -18,12 +18,13 @@ See RELEASE_NOTES_2.2 if you upgrade from Postfix 2.1 or earlier.
 Some Postfix internal protocols have changed.  You need to "postfix
 reload" or restart Postfix, otherwise many servers will log warning
-messages with "unexpected attribute" or "problem talking to service
+messages like "unexpected attribute xxx" or "problem talking to
-rewrite: Unknown error: 0", and mail will not be delivered.
+service yyy", and mail will not be delivered.
 The Sendmail-compatible Milter support introduces three new queue
 file record types. As long as you leave this feature turned off,
-you can still go back to Postfix version 2.2 without losing mail.
+you can still go back to Postfix version 2.2 without losing mail
 that was received by Postfix 2.3.
 Major changes - DNS lookups
 ---------------------------
@ -38,26 +39,27 @@ Major changes - DSN
 [Feature 20050615] DSN support as described in RFC 3461 .. RFC 3464.
 This gives senders control over successful and failed delivery
-notifications.  DSN involves extra parameters to the SMTP MAIL FROM
+notifications.  DSN involves extra parameters to the SMTP "MAIL
-and RCPT TO commands, as well as extra Postfix sendmail command
+FROM" and "RCPT TO" commands, as well as extra Postfix sendmail
-line options for mail submission.
+command line options for mail submission.
-See DSN_README for details. Some implementation notes are in
+See DSN_README for details. Some implementation notes can be found
-implementation-notes/DSN.
+in implementation-notes/DSN.
 [Incompat 20050615] The new DSN support conflicts with VERP support.
 For Sendmail compatibility, Postfix now uses the sendmail -V command
-line option for DSN.  In order to request VERP style delivery, you
+line option for DSN.  To request VERP style delivery, you must now
-must now specify -XV instead of -V.  The Postfix sendmail command
+specify -XV instead of -V.  The Postfix sendmail command will
-will recognize if you try to use -V for VERP-style delivery.  It
+recognize if you try to use -V for VERP-style delivery.  It will
-will do the right thing and will remind you of the new syntax.
+usually do the right thing, and remind you of the new syntax.
-[Incompat 20050828] When the cleanup server rejects the content or
+[Incompat 20050828] Postfix no longer sends DSN SUCCESS notification
-size of mail that was submitted with the Postfix sendmail command,
+after virtual alias expansions when the cleanup server rejects the
-that was forwarded with the local(8) delivery agent, or that was
+content or size of mail that was submitted with the Postfix sendmail
-re-queued with "postsuper -r", Postfix no longer sends DSN SUCCESS
+command, mail that was forwarded with the local(8) delivery agent,
-notification after virtual alias expansions. Since all the recipients
+or mail that was re-queued with "postsuper -r". Since all the
-are reported as failed, the SUCCESS notification seems redundant.
+recipients are reported as failed, the SUCCESS notification seems
 redundant.
 Major changes - LMTP client
 ---------------------------
@ -68,7 +70,8 @@ to SASL authentication and TLS support, respectively.
 [Feature 20051208] The SMTP client now implements the LMTP protocol.
 Most but not all smtp_xxx parameters now have an lmtp_xxx equivalent.
 This means there are lot of new LMTP features, including support
-for TLS and for the shared connection cache.
+for TLS and for the shared connection cache. See the "SMTP client"
 section for details.
 [Incompat 20051208] The LMTP client now reports the server as
 "myhostname[/path/name]".  With the real server hostname in delivery
@ -88,9 +91,10 @@ queue ID.
 See the MILTER_README document for a discussion of how to use Milter
 support with Postfix, and limitations of the current implementation.
-[Incompat 20060515] Milter support introduces three new queue file
+The Sendmail-compatible Milter support introduces three new queue
-record types. As long as you leave this feature turned off, you can
+file record types. As long as you leave this feature turned off,
-still go back to Postfix version 2.2 without losing mail.
+you can still go back to Postfix version 2.2 without losing mail
 that was received by Postfix 2.3.
 [Incompat 20060515] Milter support introduces new logfile event
 types: milter-reject, milter-discard and milter-hold, that identify
@ -100,13 +104,6 @@ software.
 Major changes - SASL authentication
 -----------------------------------
 [Incompat 20060707] The SMTP/LMTP client now defers delivery when
 a SASL password exists but the server does not offer SASL authentication.
 Otherwise, the server could reject the mail. This may become an
 issue now that Postfix retries delivery in plaintext after an
 opportunistic TLS handshake fails. Specify "smtp_sasl_auth_enforce
 = no" to deliver mail anyway.
 [Feature 20051220] Plug-in support for SASL authentication in the
 SMTP server and in the SMTP/LMTP client. With this, Postfix can
 support multiple SASL implementations without source code patches.
@ -164,6 +161,14 @@ ISP accounts.
 	smtp_sender_dependent_authentication = yes
 	smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
 [Incompat 20060707] The SMTP/LMTP client now defers delivery when
 a SASL password exists but the server does not announce support for
 SASL authentication.  This can happen with servers that announce
 SASL support only when TLS is turned on.  When an opportunistic TLS
 handshake fails, Postfix >= 2.3 retries delivery in plaintext, and
 the remote server rejects mail from the unauthenticated client.
 Specify "smtp_sasl_auth_enforce = no" to deliver mail anyway.
 Major changes - SMTP client
 ---------------------------
@ -192,30 +197,6 @@ smtp_fallback_relay, to make clear that the combined SMTP/LMTP
 client uses this setting only for SMTP deliveries. The old name
 still works.
 [Feature 20051125] This snapshot adds support for sender-dependent
 ISP accounts.
 - Sender-dependent smarthost lookup tables.  The maps are searched
  with the sender address and with the sender @domain.  The result
  overrides the global relayhost setting, but otherwise has identical
  behavior. See the postconf(5) manual page for more details.
  Example:
    /etc/postfix/main.cf:
 	sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
 - Sender-dependent SASL authentication support. This disables SMTP
  connection caching to ensure that mail from different senders
  will use the correct authentication credentials. The SMTP SASL
  password file is first searched by sender address, and then by
  the remote domain and hostname as usual.
  Example:
    /etc/postfix/main.cf:
 	smtp_sasl_auth_enable = yes
 	smtp_sender_dependent_authentication = yes
 	smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
 [Incompat 20051106] The relay=... logging has changed and now
 includes the remote SMTP server port number as hostname[hostaddr]:port.
@ -282,9 +263,9 @@ Major changes - SMTP server
 See the "SASL authentication" and "TLS" sections for changes related
 to SASL authentication and TLS support, respectively.
-[Feature 20051222] You can now use "resolve_numeric_domain = yes"
+[Feature 20051222] To accept the non-compliant user@ipaddress form,
-to stop Postfix from rejecting user@ipaddress as an invalid
+specify "resolve_numeric_domain = yes".  Postfix will deliver the
-destination. It will deliver the mail to user@[ipaddress] instead.
+mail to user@[ipaddress] instead.
 [Incompat 20051202] The Postfix SMTP server now refuses to receive
 mail from the network if it isn't running with postfix mail_owner
@ -294,16 +275,9 @@ privileges.  This prevents surprises when, for example, "sendmail
 [Incompat 20051121] Although the permit_mx_backup feature still
 accepts mail for authorized destinations (see permit_mx_backup for
 definition), with all other destinations it now requires that the
-local MTA is listed as non-primary MX. This prevents mail loop
+local MTA is listed as non-primary MX server. This prevents mail
-problems when someone points the primary MX record at a Postfix
+loop problems when someone points their primary MX record at a
-system.
+Postfix system.
 [Feature 20051011] Optional protection against SMTP clients that
 hammer the server with too many new (i.e. uncached) SMTP-over-TLS
 sessions. Cached sessions are much less expensive in terms of CPU
 cycles. Use the smtpd_client_new_tls_session_rate_limit parameter
 to specify a limit that is at least the inbound client concurrency
 limit, or else you may deny legitimate service requests.
 [Feature 20051011] Optional suppression of remote SMTP client
 hostname lookup and hostname verification. Specify "smtpd_peername_lookup
@ -327,73 +301,75 @@ The old names are still recognized and documented.
 Major changes - TLS
 -------------------
-[Feature 20060123] Postfix 2.3 provides a new per-site TLS policy
+Major revisions were made to Postfix TLS support; see TLS_README
-mechanism that is more flexible and that eliminates DNS spoofing
+for the details. For backwards compatibility, the old TLS policy
-attacks more effectively. The legacy smtp_tls_per_site feature will
+user interface will be kept intact for a few releases so that sites
-be kept intact for a few releases so that sites can upgrade Postfix
+can upgrade Postfix without being forced to use a different TLS
-without being forced to use a different TLS policy mechanism.
+policy mechanism.
-[Feature 20060614] New smtp_tls_security_level parameter obsoletes
+[Feature 20060614] New concept: TLS security levels ("none", "may",
-the smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
+"encrypt", "verify" or "secure") in the Postfix SMTP client.  You
-parameters.  The old parameters are still supported but will be
+can specify the TLS security level via the smtp_tls_security_level
-removed in a future Postfix release.
+parameter.  This is more convenient than controlling TLS with the
 multiple smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername,
 parameters.
-[Feature 20060614] New smtpd_tls_protocols parameter complements
+[Feature 20060709] TLS security levels ("none", "may", "encrypt")
-the smtp_tls_mandatory_protocols parameter. This recommended for
+in the Postfix SMTP server. You specify the security level with the
-MSA configurations, not for MX for hosts that face the Internet.
+smtpd_tls_security_level parameter. This overrides the multiple
 smtpd_use_tls and smtpd_enforce_tls parameters.  When a value of
 "verify" or "secure" is specified, the Postfix SMTP server logs a
 warning and uses "encrypt" instead.
-[Feature 20060626] Both the SMTP client and server can be configured
+[Feature 20060123] A new per-site TLS policy mechanism for the
-without a client or server certificate. An SMTP server without
+Postfix SMTP client that supports the new TLS security levels,
-certificate can use only anonymous ciphers, and will not inter-operate
+and that eliminates DNS spoofing attacks more effectively.
 with most clients.
-The SMTP server supports anonymous ciphers when client certificates
+[Feature 20060626] Both the Postfix SMTP client and server can be
-are not requested or required, and the administrator has not excluded
+configured without a client or server certificate. An SMTP server
-the "aNULL" OpenSSL cipher type with smtpd_tls_exclude_ciphers.
+without certificate can use only anonymous ciphers, and will not
 inter-operate with most clients.
-The SMTP client supports anonymous ciphers when no server certificate
+The Postfix SMTP server supports anonymous ciphers when 1) no client
-is required (notably Postfix 2.3 in "opportunistic" mode) and the
+certificates are requested or required, and 2) the administrator
-administrator has not excluded the "aNULL" OpenSSL cipher type with
+has not excluded the "aNULL" OpenSSL cipher type with the
-smtp_tls_exclude_ciphers.
+smtpd_tls_exclude_ciphers parameter.
-[Feature 20060626] You can specify cipher grades (instead of cipher
+The Postfix SMTP client supports anonymous ciphers when 1) no server
-names) with the smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers
+certificate is required and 2) the administrator has not excluded
-and smtpd_tls_ciphers parameters. Specify one of "high", "medium",
+the "aNULL" OpenSSL cipher type with the smtp_tls_exclude_ciphers
-"low", "export" or "null". See TLS_README for details.
+parameter.
 [Incompat 20060707] The SMTPD policy client now encodes the
 ccert_subject and ccert_issuer attributes as xtext. Some characters
 are represented by +XX, where XX is the two-digit hexadecimal
 representation of the character value.
-[Incompat 20060614] The smtp_sasl_tls_verified_security_options
+[Feature 20060614] The smtpd_tls_protocols parameter restricts the
-feature is not yet complete, and will therefore not appear in the
+list of TLS protocols supported by the SMTP server.  This is
-stable Postfix 2.3 release.
+recommended for use with MSA configurations only.  It should not
-
+be used with MX hosts that receive mail from the Internet, as it
-[Incompat 20060614] New smtp_tls_mandatory_protocols feature used
+reduces inter-operability.
 for mandatory TLS destinations.  The default value is "SSLv3, TLSv1".
 SSLv2 is by default no longer used with mandatory TLS.
 [Incompat 20060614] The smtp_tls_cipherlist parameter only applies
 when TLS is mandatory.  It is ignored with opportunistic TLS sessions.
 [Incompat 20060614] At (lmtp|smtp|smtpd)_tls_loglevel >= 2, Postfix
 now also logs TLS session cache activity. Use level 2 and higher
-for debugging only, use levels 0 or 1 as production settings.
+for debugging only; use levels 0 or 1 as production settings.
 [Incompat 20060207] The Postfix SMTP server no longer complains
 when TLS support is not compiled in while permit_tls_clientcerts,
 permit_tls_all_clientcerts, or check_ccert_access are specified in
 main.cf. These features now are effectively ignored.  However, the
 reject_plaintext_session feature is not ignored and will reject
-mail.
+plain-text mail.
 [Feature 20060123] Some obscure behavior was eliminated from the
 smtp_tls_per_site feature, without changes to the user interface.
-Some Postfix internals had to be re-structured in preparation for
+Some Postfix internals had to be re-structured for the new TLS
-a more general TLS policy mechanism; this required that smtp_tls_per_site
+policy mechanism; for this, smtp_tls_per_site had to be re-implemented.
-be re-implemented from scratch. The obscure behavior was found
+The obscure behavior was found during compatibility testing.
 during compatibility testing.
 [Feature 20051011] Optional protection against SMTP clients that
 hammer the server with too many new (i.e. uncached) SMTP-over-TLS
@ -420,14 +396,14 @@ changed. The SMTP server now resets state to the initial server
 greeting stage, immediately before the EHLO/HELO greeting.  This
 was needed to correctly simulate the effect of connection-level
 access restrictions.  Without this change, XCLIENT would not work
-with Milter applications.
+at all with Milter applications.
 [Incompat 20060611] The SMTP server XCLIENT and XFORWARD commands
 now expect that attributes are xtext encoded (RFC 1891). For backwards
 compatibility they will also accept unencoded attribute values. The
 XFORWARD client code in the SMTP client and in the SMTPD_PROXY
-client will always encode attribute values. This change will have
+client now always encode attribute values. This change will have a
-effect only for malformed hostname and helo parameter values.
+visible effect only for malformed hostname and helo parameter values.
 For more details, see the XCLIENT_README and XFORWARD_README
 documents.
@ -461,9 +437,8 @@ Major changes - bounce message templates
 that was developed by Nicolas Riendeau. The file with templates is
 specified with the bounce_template_file parameter. Details are in
 the bounce(5) manual page, and examples of the built-in templates
-can be found in a file bounce.cf.default in the Postfix configuration
+can be found in $config_directory/bounce.cf.default. The template
-directory. The template for the default bounce message looks like
+for the default bounce message looks like this:
 this:
    failure_template = <<EOF
    Charset: us-ascii
@ -493,11 +468,12 @@ message_strip_characters parameters understand the usual C-like
 escape sequences: \a \b \f \n \r \t \v \ddd (up to three octal
 digits) and \\.
-[Incompat 20050828] When a header/body_checks or message_reject_characters
+[Incompat 20050828] When a header/body_checks rule or when
-rule rejects mail that was submitted with the Postfix sendmail
+message_reject_characters rejects mail that was submitted with the
-command (or re-queued with "postsuper -r"), the returned message
+Postfix sendmail command (or re-queued with "postsuper -r"), the
-is now limited to just the message headers, to avoid the risk of
+returned message is now limited to just the message headers, to
-exposure to harmful content in the message body or attachments.
+avoid the risk of exposure to harmful content in the message body
 or attachments.
 Major changes - database support
 --------------------------------
@ -640,9 +616,18 @@ maillog has changed so that they are easier to sort:
 agents now log the RFC 3463 enhanced status code as "dsn=x.y.z"
 where y and z can be up to three digits each.
 [Incompat 20051208] The LMTP client now reports the server as
 "myhostname[/path/name]".  With the real server hostname in delivery
 status reports, the information will be more useful.
 Major changes - performance
 ---------------------------
 [Incompat 20051105] All delay logging now has sub-second resolution,
 including the over-all "delay=nnn" logging.  A patch is available
 for pflogsumm (pflogsumm-conn-delays-dsn-patch). The qshape script
 has been updated (auxiliary/qshape/qshape.pl).
 [Incompat 20050622] The Postfix SMTP client by default limits the
 number of MX server addresses to smtp_mx_address_limit=5. Previously
 this limit was disabled by default. The new limit prevents Postfix
@ -726,10 +711,9 @@ when the patch passes the wrong integer argument type in contexts
 that disable automatic argument type conversions.  Examples of such
 contexts are formatting with printf-like arguments, and invoking
 functions that write Postfix request or reply attributes across
-inter-process communication channels.  Unfortunately, gcc does not
+inter-process communication channels.  Unfortunately, gcc reports
-report "(unsigned) int" versus "(s)size_t" format string argument
+"(unsigned) int" versus "(s)size_t" format string argument mis-matches
-mis-matches on 32-bit systems; it reports them only on 64-bit
+only on LP64 systems.
 systems.
 Major changes - safety
 ----------------------
@ -754,11 +738,12 @@ multiple times in a hierarchy of nested aliases. For this to work,
 only the top-level alias should have an owner- alias, and none of
 the subordinate aliases.
-[Incompat 20050828] When a header/body_checks or message_reject_characters
+[Incompat 20050828] When a header/body_checks rule or when
-rule rejects mail that was submitted with the Postfix sendmail
+message_reject_characters rejects mail that was submitted with the
-command (or re-queued with "postsuper -r"), the returned message
+Postfix sendmail command (or re-queued with "postsuper -r"), the
-is now limited to just the message headers, to avoid the risk of
+returned message is now limited to just the message headers, to
-exposure to harmful content in the message body or attachments.
+avoid the risk of exposure to harmful content in the message body
 or attachments.
 [Incompat 20051202] The Postfix SMTP server now refuses to receive
 mail from the network if it isn't running with postfix mail_owner
--- a/postfix/html/INSTALL.html
+++ b/postfix/html/INSTALL.html
@ -156,7 +156,7 @@ OPENSTEP 4.x <br>
 OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
 Reliant UNIX 5.x <br>
 Rhapsody 5.x <br>
-SunOS 4.1.4 (December 2005) <br>
+SunOS 4.1.4 (July 2006) <br>
 SunOS 5.4 - 5.9 (Solaris 2.4..9) <br>
 Ultrix 4.x (well, that was long ago) <br>
 </p>
@ -478,13 +478,13 @@ one of the following commands as the super-user:</p>
 <ul>
 <li> <p> The non-interactive version ("make upgrade") needs the
-/etc/postfix/main.cf file from a previous installation. If the file
+/etc/postfix/<a href="postconf.5.html">main.cf</a> file from a previous installation. If the file
 does not exist, use interactive installation ("make install")
 instead. </p>
 <li> <p> The interactive version offers suggestions for pathnames
 that you can override interactively, and stores your preferences
-in /etc/postfix/main.cf for convenient future upgrades. </p>
+in /etc/postfix/<a href="postconf.5.html">main.cf</a> for convenient future upgrades. </p>
 </ul>
@ -520,13 +520,13 @@ configuration file edits</a>" in section 10, and review the "<a
 href="#hamlet">To chroot or not to chroot</a>" text in section
 11. </p>
-<p> You MUST comment out the "smtp inet" entry in /etc/postfix/master.cf,
+<p> You MUST comment out the "smtp inet" entry in /etc/postfix/<a href="master.5.html">master.cf</a>,
 in order to avoid conflicts with the real sendmail. Put a "#"
 character in front of the line that defines the smtpd service: </p>
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
    #smtp      inet  n       -       n       -       -       smtpd
 </pre>
 </blockquote>
@ -585,11 +585,11 @@ receive mail while leaving your Sendmail setup intact, by running
 Postfix on a virtual interface address.  Simply configure your mail
 user agent to directly invoke the Postfix sendmail program.  </p>
-<p> In the /etc/postfix/main.cf file, I would specify </p>
+<p> In the /etc/postfix/<a href="postconf.5.html">main.cf</a> file, I would specify </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#myhostname">myhostname</a> = virtual.host.tld
    <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
    <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
@ -722,12 +722,12 @@ presented below is targeted at experienced system administrators.
 <h3>10.1 - Postfix configuration files</h3>
 <p> By default, Postfix configuration files are in /etc/postfix.
-The two most important files are main.cf and master.cf; these files
+The two most important files are <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>; these files
 must be owned by root.  Giving someone else write permission to
-main.cf or master.cf (or to their parent directories) means giving
+<a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> (or to their parent directories) means giving
 root privileges to that person. </p>
-<p> In /etc/postfix/main.cf, you will have to set up a minimal number
+<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a>, you will have to set up a minimal number
 of configuration parameters.  Postfix configuration parameters  
 resemble shell variables, with two important differences: the first  
 one is that Postfix does not know about quotes like the UNIX shell
@ -737,7 +737,7 @@ does.</p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    parameter = value
 </pre>
 </blockquote>
@ -746,7 +746,7 @@ does.</p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    other_parameter = $parameter
 </pre>
 </blockquote>
@ -756,7 +756,7 @@ second main difference with UNIX shell variables). The Postfix
 configuration language uses lazy evaluation, and does not look at
 a parameter value until it is needed at runtime.  </p>
-<p> Whenever you make a change to the main.cf or master.cf file,
+<p> Whenever you make a change to the <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> file,
 execute the following command in order to refresh a running mail
 system: </p>
@ -777,7 +777,7 @@ probably OK only for very small sites.  </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#myhostname">myhostname</a>    (send mail as "user@$<a href="postconf.5.html#myhostname">myhostname</a>")
    <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>      (send mail as "user@$<a href="postconf.5.html#mydomain">mydomain</a>")
 </pre>
@ -792,7 +792,7 @@ locally. </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost
    <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost, $<a href="postconf.5.html#mydomain">mydomain</a>
    <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
@ -819,7 +819,7 @@ mail delivery loops will happen when the primary MX host is down.
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 (the proxy/NAT external network address)
 </pre>
 </blockquote>
@ -834,7 +834,7 @@ permission to too many clients.  My own settings are: </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#mynetworks">mynetworks</a> = 168.100.189.0/28, 127.0.0.0/8
 </pre>
 </blockquote>
@ -849,7 +849,7 @@ too many destinations.  Recommended settings (use only one): </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#relay_domains">relay_domains</a> =            (do not forward mail from strangers)
    <a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a>  (my domain and subdomains)
    <a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a>, other.domain.tld, ...
@ -868,7 +868,7 @@ a hard-coded hostname.  </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
    <a href="postconf.5.html#relayhost">relayhost</a> = [mail.$<a href="postconf.5.html#mydomain">mydomain</a>]
 </pre>
@ -882,7 +882,7 @@ turn off SMTP client DNS lookups like this: </p>
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> = yes
 </pre>
 </blockquote>
@ -928,7 +928,7 @@ following commands: </p>
 <h2><a name="hamlet">11 - To chroot or not to chroot</a></h2>
-<p> Postfix daemon processes can be configured (via master.cf) to
+<p> Postfix daemon processes can be configured (via <a href="master.5.html">master.cf</a>) to
 run in a chroot jail.  The processes run at a fixed low privilege
 and with access only to the Postfix queue directories (/var/spool/postfix).
 This provides a significant barrier against intrusion. The barrier
@ -944,9 +944,9 @@ processes, and perhaps also the <a href="lmtp.8.html">lmtp(8)</a> client. The au
 porcupine.org mail server runs all daemons chrooted that can be
 chrooted. </p>
-<p> The default /etc/postfix/master.cf file specifies that no
+<p> The default /etc/postfix/<a href="master.5.html">master.cf</a> file specifies that no
 Postfix daemon runs chrooted.  In order to enable chroot operation,
-edit the file /etc/postfix/master.cf. Instructions are in the file.
+edit the file /etc/postfix/<a href="master.5.html">master.cf</a>. Instructions are in the file.
 </p>
 <p> Note that a chrooted daemon resolves all filenames relative to
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@ -248,8 +248,7 @@ be unable to receive email from most TLS enabled clients. To avoid
 accidental configurations with no certificates, Postfix 2.3 enables
 certificate-less operation only when the administrator explicitly sets
 "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>&nbsp;=&nbsp;none". This ensures that new Postfix
-configurations with just "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes" added, will
+configurations will not accidentally run with no certificates. </p>
 not accidentally run with no certificates. </p>
 <p> Both RSA and DSA certificates are supported. Typically you will
 only have RSA certificates issued by a commercial CA. In addition,
@ -437,13 +436,18 @@ since the headers may be changed by intermediate servers. </p>
 <p> By default, TLS is disabled in the Postfix SMTP server, so no
 difference to plain Postfix is visible.  Explicitly switch it on
-using "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes". </p>
+with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;may" (Postfix 2.3 and
 later) or "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes" (obsolete but still
 supported). </p>
 <p> Example: </p>
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
    # Postfix 2.3 and later
    <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
    # Obsolete, but still supported
    <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
 </pre>
 </blockquote>
@ -456,18 +460,23 @@ SMTP clients, but does not require that clients use TLS encryption.
 is never offered due to insufficient privileges to access the server
 private key. This is intended behavior. </p>
-<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>, so that
+<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
-the Postfix SMTP server announces STARTTLS and accepts no mail without
+so that the Postfix SMTP server announces STARTTLS and accepts no
-TLS encryption, by setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes". According
+mail without TLS encryption, by setting
-to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case of a publicly-referenced
+"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;encrypt" (Postfix 2.3 and
-Postfix SMTP server.  This option is off by default and should only
+later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes" (obsolete but still
-seldom be used. </p>
+supported). According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
 of a publicly-referenced Postfix SMTP server.  This option is off
 by default and should only seldom be used. </p>
 <p> Example: </p>
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
    # Postfix 2.3 and later
    <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
    # Obsolete, but still supported
    <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
 </pre>
 </blockquote>
@ -517,8 +526,11 @@ when the server is configured to ask for client certificates. </p>
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
    <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes
    # Postfix 2.3 and later
    <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
    # Obsolete, but still supported
    <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
 </pre>
 </blockquote>
@ -534,8 +546,11 @@ logged. </p>
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
    <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes
    # Postfix 2.3 and later
    <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
    # Obsolete, but still supported
    <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
 </pre>
 </blockquote>
@ -556,15 +571,18 @@ CA issues special CA which then issues the actual certificate...)
 <h3><a name="server_tls_auth">Supporting AUTH over TLS only</a></h3>
-<p> Sending AUTH data over an unencrypted channel poses a security risk.
+<p> Sending AUTH data over an unencrypted channel poses a security
-When TLS layer encryption is required (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes),
+risk.  When TLS layer encryption is required
-the Postfix SMTP server will announce and accept AUTH only
+("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;encrypt" or the obsolete
-after the TLS layer has been activated with STARTTLS. When TLS
+"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes"), the Postfix SMTP server will
-layer encryption is optional (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;no), it may
+announce and accept AUTH only after the TLS layer has been activated
-however still be useful to only offer AUTH when TLS is active. To
+with STARTTLS. When TLS layer encryption is optional
-maintain compatibility with non-TLS clients, the default is to
+("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;may" or the obsolete
-accept AUTH without encryption. In order to change this behavior,
+"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;no"), it may however still be useful
-set "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a>&nbsp;=&nbsp;yes". </p>
+to only offer AUTH when TLS is active. To maintain compatibility
 with non-TLS clients, the default is to accept AUTH without encryption.
 In order to change this behavior, set
 "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a>&nbsp;=&nbsp;yes". </p>
 <p> Example: </p>
@ -715,12 +733,14 @@ and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_d
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
    <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
    <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
    <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/cert.pem
    <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/key.pem
    <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = medium
    <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL, MD5
    # Postfix 2.3 and later
    <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
    # Obsolete, but still supported
    <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
 </pre>
 </blockquote>
@ -1257,12 +1277,12 @@ on TLS <a href="#client_tls_limits">limitations</a> above. </p>
 <p> At the "encrypt" TLS security level, messages are sent only
 over TLS encrypted sessions. The SMTP transaction is aborted unless
-the STARTTLS ESMTP feature is supported by the server. If no
+the STARTTLS ESMTP feature is supported by the server. If no suitable
-suitable servers are found, the message will be deferred. With Postfix
+servers are found, the message will be deferred. With Postfix 2.3
-2.3 and later, mandatory TLS encryption can be configured by setting
+and later, mandatory TLS encryption can be configured by setting
-"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;encrypt". Even though TLS encryption
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;encrypt". Even though TLS
-is always used, mail delivery continues if the server certificate is
+encryption is always used, mail delivery continues if the server
-untrusted or bears the wrong name. </p>
+certificate is untrusted or bears the wrong name. </p>
 <p> At this security level and higher, the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
 and <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameters determine
@ -1382,15 +1402,15 @@ use the new <a href="#client_tls_policy">policy table</a> instead. </p>
 <h3><a name="client_tls_verify"> Mandatory server certificate verification </a>
 </h3>
-<p> At the "verify" TLS security level, messages are sent only
+<p> At the "verify" TLS security level, messages are sent only over
-over TLS encrypted sessions for which server certificate verification
+TLS encrypted sessions if the server certificate is valid (not
-succeeds. If no suitable servers are found, the message will be
+expired or revoked, and signed by a trusted certificate authority)
-deferred. With Postfix 2.3 and later, mandatory server certificate
+and if the server certificate name matches a known pattern.  Mandatory
-verification can be configured by setting
+server certificate verification can be configured by setting
-"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;verify", the
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;verify".  The
 <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter can override the default
-"hostname" certificate match strategy. Fine-tuning the matching
+"hostname" certificate name matching strategy. Fine-tuning the
-strategy is generally only appropriate for <a
+matching strategy is generally only appropriate for <a
 href="#client_tls_secure">secure-channel</a> destinations. </p>
 <p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
@ -1676,33 +1696,51 @@ describe the corresponding table syntax: </p>
 <dd>Opportunistic TLS. No additional attributes are supported at this
 level. </dd>
-<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level and
+<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Mail is
-higher the optional "ciphers" attribute overrides the <a href="postconf.5.html">main.cf</a>
+delivered only if remote SMTP server offers STARTTLS and the TLS
-<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter and the optional "protocols"
+handshake succeeds.  At this level and higher the optional "ciphers"
-keyword overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter.
+attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter
-In the policy table, multiple protocols must be separated by colons,
+and the optional "protocols" keyword overrides the <a href="postconf.5.html">main.cf</a>
-as attribute values may not contain whitespace or commas.</dd>
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter. </dd>
-<dt><b>verify</b></dt>
+<dt><b>verify</b></dt> <dd>Mandatory server certificate verification.
-<dd>Mandatory server certificate verification. The optional "match"
+Mail is delivered only if the TLS handshake succeeds, if the server
-attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter.
+certificate can be validated (not expired or revoked, and signed
-In the policy table, multiple match patterns and strategies must
+by a trusted certificate authority), and if the server certificate
-be separated by colons. </dd>
+name matches the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a>
 <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter value when no optional "match"
 attribute is specified).  </dd>
-<dt><b>secure</b></dt> <dd>Secure-channel TLS. The optional "match"
+<dt><b>secure</b></dt> <dd>Secure-channel TLS. Mail is delivered
-attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In
+only if the TLS handshake succeeds, if the server certificate can
-the policy table, multiple match patterns and strategies must be separated
+be validated (not expired or revoked, and signed by a trusted
-by colons. The match attribute is useful when additional domains are
+certificate authority), and if the server certificate name matches
-supported by common server, the policy entries for the additional domains
+the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
-specify matching rules for the primary domain certificate. While transport
+parameter value when no optional "match" attribute is specified).
-table overrides routing secondary domains to the primary nexthop also
+</dd>
 allow secure verification, they risk delivery to the wrong destination
 when domains change hands or are re-assigned to new gateways. With the
 "match" attribute approach, routing is not perturbed, and mail is deferred
 if verification of a new MX host fails. </dd>
 </dl>
 <p> Notes: </p>
 <ul>
 <li> <p> The "match" attribute is especially useful to verify TLS
 certificates for domains that are hosted on a shared server.  In
 that case, specify "match" rules for the shared server's name.
 While secure verification can also be achieved with manual routing
 overrides in Postfix <a href="transport.5.html">transport(5)</a> tables, that approach can deliver
 mail to the wrong host when domains are assigned to new gateway
 hosts.  The "match" attribute approach avoids the problems of manual
 routing overrides; mail is deferred if verification of a new MX
 host fails.  </p>
 <li> <p> When a policy table entry specifies multiple match patterns,
 multiple match strategies, or multiple protocols, these must be
 separated by colons.  </p>
 </ul>
 <p>
 Example:
 </p>
@ -2238,18 +2276,22 @@ but don't require them from all clients. </p>
 <blockquote>
 <pre>
-<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
-<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
+    <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
-    btree:/var/spool/postfix/smtp_tls_session_cache
+    <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
-<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
+	btree:/var/spool/postfix/smtp_tls_session_cache
-<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
+    <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
-<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
+    <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
-<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/FOO-key.pem
+    <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
-<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
+    <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/FOO-key.pem
-<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
+    <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
-    btree:/var/spool/postfix/smtpd_tls_session_cache
+    <a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
-<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
+	btree:/var/spool/postfix/smtpd_tls_session_cache
-<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
+    <a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
    # Postfix 2.3 and later
    <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
    # Obsolete, but still supported
    <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
 </pre>
 </blockquote>
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -8457,9 +8457,10 @@ example.net     secure match=example.com:.example.com
 <DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a>
 (default: empty)</b></DT><DD>
-<p> The default SMTP TLS security level for all destinations; when
+<p> The default SMTP TLS security level for the Postfix SMTP client;
-a non-empty value is specified, this overrides the obsolete parameters
+when a non-empty value is specified, this overrides the obsolete
-<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.  </p>
+parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
 </p>
 <p> Specify one of the following security levels: </p>
@ -9457,19 +9458,20 @@ applies in the context of the SMTP END-OF-DATA command. </p>
 <DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a>
 (default: no)</b></DT><DD>
-<p> Enforcement mode: announce STARTTLS support to SMTP clients,
+<p> Mandatory TLS: announce STARTTLS support to SMTP clients,
 and require that clients use TLS encryption.  According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a>
 this MUST NOT be applied in case of a publicly-referenced SMTP
 server.  This option is off by default and should be used only on
 dedicated servers. </p>
-<p> Note 1: this mode implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
+<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
 <p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
 STARTTLS due to insufficient privileges to access the server private
 key. This is intended behavior. </p>
-<p> This feature is available in Postfix 2.2 and later.  </p>
+<p> This feature is available in Postfix 2.2 and later. With
 Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
 </DD>
@ -10805,15 +10807,15 @@ able to authenticate the server, but unless it is running Postfix 2.3 or
 similar software, it will still insist on a server certificate. </p>
 <p> For servers that are <b>not</b> public Internet MX hosts, Postfix
-2.3 supports configurations with no certificates. This entails the use
+2.3 supports configurations with no certificates. This entails the
-of just the anonymous TLS ciphers, which are not supported by typical
+use of just the anonymous TLS ciphers, which are not supported by
-SMTP clients. Since such clients will not, as a rule, fall back to plain
+typical SMTP clients. Since such clients will not, as a rule, fall
-text after a TLS handshake failure, the server will be unable to receive
+back to plain text after a TLS handshake failure, the server will
-email from TLS enabled clients. To avoid accidental configurations with
+be unable to receive email from TLS enabled clients. To avoid
-no certificates, Postfix 2.3 enables certificate-less operation only
+accidental configurations with no certificates, Postfix 2.3 enables
-when the administrator explicitly sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This
+certificate-less operation only when the administrator explicitly
-ensures that new Postfix configurations with just "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes"
+sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
-added, will not accidentally run with no certificates. </p>
+configurations will not accidentally run with no certificates. </p>
 <p> Both RSA and DSA certificates are supported.  When both types
 are present, the cipher used determines which certificate will be
@ -11108,17 +11110,15 @@ loglevel 4 is strongly discouraged. </p>
 <DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
 (default: empty)</b></DT><DD>
-<p> The list of TLS protocols supported by the server. If empty the
+<p> The list of TLS protocols supported by the Postfix SMTP server.
-default list of protocols is used (i.e. all TLS protocol versions are
+If the list is empty, the server supports all available TLS protocol
-supported). Any non-empty value is interpreted as a list of protocol
+versions.  A non-empty value is a list of protocol names separated
-names separated by whitespace, commas or colons. The supported protocol
+by whitespace, commas or colons. The supported protocol names are
-names are "SSLv2", "SSLv3" and "TLSv1", and are not
+"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
 case-sensitive. </p>
-<p> DO NOT set this to a non-default value on an MX-host,
+<p> DO NOT set this to a non-default value on an Internet MX host,
-as some clients may not support any of the narrower set of protocols,
+as this may cause inter-operability problems.  If you restrict the
-and may be unable to fallback to plaintext sessions. If you restrict
+protocol list on an Internet MX host, you may lose mail. </p>
 the protocol list on an MX host, you may lose mail. </p>
 <p> Example: </p>
@ -11159,6 +11159,48 @@ a warning written to the mail log. </p>
 <p> This feature is available in Postfix 2.2 and later.  </p>
 </DD>
 <DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a>
 (default: empty)</b></DT><DD>
 <p> The SMTP TLS security level for the Postfix SMTP server; when
 a non-empty value is specified, this overrides the obsolete parameters
 <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with
 "<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes".  </p>
 <p> Specify one of the following security levels: </p>
 <dl>
 <dt><b>none</b></dt> <dd> TLS will not be used. </dd>
 <dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
 to SMTP clients, but do not require that clients use TLS encryption.
 </dd>
 <dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
 STARTTLS support to SMTP clients, and require that clients use TLS
 encryption. According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
 of a publicly-referenced SMTP server. Instead, this option should
 be used only on dedicated servers. </dd>
 </dl>
 <p> Note 1: the "verify" and "secure" levels are not supported.
 The Postfix SMTP server logs a warning and uses "encrypt" instead.
 To verify SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion
 of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
 features.  </p>
 <p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> =
 encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p>
 <p> Note 3: when invoked via "sendmail -bs", Postfix will never
 offer STARTTLS due to insufficient privileges to access the server
 private key. This is intended behavior.</p>
 </DD>
 <DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>
@ -11225,14 +11267,15 @@ purpose. </p>
 <DT><b><a name="smtpd_use_tls">smtpd_use_tls</a>
 (default: no)</b></DT><DD>
-<p> Opportunistic mode: announce STARTTLS support to SMTP clients,
+<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
 but do not require that clients use TLS encryption. </p>
 <p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
 STARTTLS due to insufficient privileges to access the server private
 key. This is intended behavior. </p>
-<p> This feature is available in Postfix 2.2 and later.  </p>
+<p> This feature is available in Postfix 2.2 and later. With
 Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
 </DD>
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@ -320,39 +320,40 @@ SMTP(8)                                                                SMTP(8)
       found in the <a href="TLS_README.html">TLS_README</a> document.
       <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
-              The  default SMTP TLS security level for all desti-
+              The default SMTP TLS security level for the Postfix
-              nations; when a non-empty value is specified,  this
+              SMTP client; when a non-empty value  is  specified,
-              overrides  the  obsolete  parameters  <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
+              this     overrides    the    obsolete    parameters
-              <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
+              <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,         <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,         and
              <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
       <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>           ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
       <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
-              The SASL authentication security options  that  the
+              The  SASL  authentication security options that the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
              sessions.
       <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
-              Time limit for Postfix SMTP client write  and  read
+              Time  limit  for Postfix SMTP client write and read
-              operations  during  TLS  startup and shutdown hand-
+              operations during TLS startup  and  shutdown  hand-
              shake procedures.
       <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
-              The file with the certificate of the  certification
+              The  file with the certificate of the certification
-              authority  (CA) that issued the Postfix SMTP client
+              authority (CA) that issued the Postfix SMTP  client
              certificate.
       <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
-              Directory with  PEM  format  certificate  authority
+              Directory  with  PEM  format  certificate authority
-              certificates  that  the Postfix SMTP client uses to
+              certificates that the Postfix SMTP client  uses  to
              verify a remote SMTP server certificate.
       <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
-              File with the Postfix SMTP client  RSA  certificate
+              File  with  the Postfix SMTP client RSA certificate
              in PEM format.
       <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
-              The  minimum  SMTP  client TLS cipher grade that is
+              The minimum SMTP client TLS cipher  grade  that  is
-              strong enough to be used with the  "encrypt"  secu-
+              strong  enough  to be used with the "encrypt" secu-
              rity level and higher.
       <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -361,43 +362,43 @@ SMTP(8)                                                                SMTP(8)
       <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
              List of ciphers or cipher types to exclude from the
-              SMTP  client cipher list at the mandatory TLS secu-
+              SMTP client cipher list at the mandatory TLS  secu-
              rity levels: "encrypt", "verify" and "secure".
       <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
-              File with the Postfix SMTP client  DSA  certificate
+              File  with  the Postfix SMTP client DSA certificate
              in PEM format.
       <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
-              File  with  the Postfix SMTP client DSA private key
+              File with the Postfix SMTP client DSA  private  key
              in PEM format.
       <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
-              File with the Postfix SMTP client RSA  private  key
+              File  with  the Postfix SMTP client RSA private key
              in PEM format.
       <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
-              Enable  additional  Postfix  SMTP client logging of
+              Enable additional Postfix SMTP  client  logging  of
              TLS activity.
       <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
-              Log the hostname  of  a  remote  SMTP  server  that
+              Log  the  hostname  of  a  remote  SMTP server that
-              offers  STARTTLS,  when  TLS is not already enabled
+              offers STARTTLS, when TLS is  not  already  enabled
              for that server.
       <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
              Optional lookup tables with the Postfix SMTP client
              TLS security policy by next-hop destination; when a
-              non-empty value is specified,  this  overrides  the
+              non-empty  value  is  specified, this overrides the
              obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
       <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
-              List  of  TLS  protocol  versions  that  are secure
+              List of  TLS  protocol  versions  that  are  secure
              enough to be used with the "encrypt" security level
              and higher.
       <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
-              The  verification depth for remote SMTP server cer-
+              The verification depth for remote SMTP server  cer-
              tificates.
       <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -405,7 +406,7 @@ SMTP(8)                                                                SMTP(8)
              for the "secure" TLS security level.
       <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
-              Name  of  the  file containing the optional Postfix
+              Name of the file containing  the  optional  Postfix
              SMTP client TLS session cache.
       <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -417,9 +418,9 @@ SMTP(8)                                                                SMTP(8)
              for the "verify" TLS security level.
       <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server in order to seed its internal pseudo  random
+              server  in order to seed its internal pseudo random
              number generator (PRNG).
       <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -431,7 +432,7 @@ SMTP(8)                                                                SMTP(8)
              ciphers.
       <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
-              The OpenSSL cipherlist for "LOW"  or  higher  grade
+              The  OpenSSL  cipherlist  for "LOW" or higher grade
              ciphers.
       <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -439,66 +440,66 @@ SMTP(8)                                                                SMTP(8)
              ciphers.
       <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
-              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
+              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
              that provide authentication without encryption.
       Available in Postfix version 2.4 and later:
       <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
       <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
-              The  SASL  authentication security options that the
+              The SASL authentication security options  that  the
-              Postfix SMTP client uses  for  TLS  encrypted  SMTP
+              Postfix  SMTP  client  uses  for TLS encrypted SMTP
              sessions with a verified server certificate.
 <b>OBSOLETE STARTTLS CONTROLS</b>
-       The  following configuration parameters exist for compati-
+       The following configuration parameters exist for  compati-
       bility with Postfix versions before 2.3. Support for these
       will be removed in a future release.
       <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
-              Opportunistic  mode:  use  TLS  when  a remote SMTP
+              Opportunistic mode: use  TLS  when  a  remote  SMTP
-              server announces STARTTLS support,  otherwise  send
+              server  announces  STARTTLS support, otherwise send
              the mail in the clear.
       <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
-              Enforcement  mode: require that remote SMTP servers
+              Enforcement mode: require that remote SMTP  servers
-              use TLS encryption, and  never  send  mail  in  the
+              use  TLS  encryption,  and  never  send mail in the
              clear.
       <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
-              When  TLS  encryption is enforced, require that the
+              When TLS encryption is enforced, require  that  the
              remote SMTP server hostname matches the information
              in the remote SMTP server certificate.
       <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
              Optional lookup tables with the Postfix SMTP client
-              TLS usage policy by  next-hop  destination  and  by
+              TLS  usage  policy  by  next-hop destination and by
              remote SMTP server hostname.
 <b>RESOURCE AND RATE CONTROLS</b>
       <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a>      ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
-              The  maximal  number  of parallel deliveries to the
+              The maximal number of parallel  deliveries  to  the
-              same destination  via  the  smtp  message  delivery
+              same  destination  via  the  smtp  message delivery
              transport.
       <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a>        ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
-              The  maximal  number of recipients per delivery via
+              The maximal number of recipients per  delivery  via
              the smtp message delivery transport.
       <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
-              The SMTP client time limit  for  completing  a  TCP
+              The  SMTP  client  time  limit for completing a TCP
              connection,  or  zero  (use  the  operating  system
              built-in time limit).
       <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
-              The SMTP client time limit for sending the HELO  or
+              The  SMTP client time limit for sending the HELO or
-              EHLO  command, and for receiving the initial server
+              EHLO command, and for receiving the initial  server
              response.
       <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
-              The LMTP client time limit  for  sending  the  LHLO
+              The  LMTP  client  time  limit for sending the LHLO
              command,  and  for  receiving  the  initial  server
              response.
@ -507,30 +508,30 @@ SMTP(8)                                                                SMTP(8)
              command, and for receiving the server response.
       <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the MAIL
+              The SMTP client time limit  for  sending  the  MAIL
-              FROM  command,  and  for   receiving   the   server
+              FROM   command,   and   for  receiving  the  server
              response.
       <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
-              RCPT TO  command,  and  for  receiving  the  server
+              RCPT  TO  command,  and  for  receiving  the server
              response.
       <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
-              DATA  command,  and  for   receiving   the   server
+              DATA   command,   and   for  receiving  the  server
              response.
       <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
              message content.
       <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
-              The SMTP client time limit  for  sending  the  SMTP
+              The  SMTP  client  time  limit for sending the SMTP
              ".", and for receiving the server response.
       <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the QUIT
+              The SMTP client time limit  for  sending  the  QUIT
              command, and for receiving the server response.
       Available in Postfix version 2.1 and later:
@ -541,12 +542,12 @@ SMTP(8)                                                                SMTP(8)
              lookups, or zero (no limit).
       <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
-              The maximal number of SMTP  sessions  per  delivery
+              The  maximal  number  of SMTP sessions per delivery
-              request  before  giving up or delivering to a fall-
+              request before giving up or delivering to  a  fall-
              back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
       <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
-              The SMTP client time limit  for  sending  the  RSET
+              The  SMTP  client  time  limit for sending the RSET
              command, and for receiving the server response.
       Available in Postfix version 2.2 and earlier:
@ -558,11 +559,11 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.2 and later:
       <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
-              Permanently enable SMTP connection caching for  the
+              Permanently  enable SMTP connection caching for the
              specified destinations.
       <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
-              Temporarily  enable SMTP connection caching while a
+              Temporarily enable SMTP connection caching while  a
              destination has a high volume of mail in the active
              queue.
@ -572,57 +573,57 @@ SMTP(8)                                                                SMTP(8)
       <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
              When SMTP connection caching is enabled, the amount
-              of  time  that an unused SMTP client socket is kept
+              of time that an unused SMTP client socket  is  kept
              open before it is closed.
       Available in Postfix version 2.3 and later:
       <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
-              Time limit for connection cache  connect,  send  or
+              Time  limit  for  connection cache connect, send or
              receive operations.
 <b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The  increment  in  verbose  logging  level  when a
+              The increment  in  verbose  logging  level  when  a
-              remote client or server matches a  pattern  in  the
+              remote  client  or  server matches a pattern in the
              <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
       <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional  list  of remote client or server hostname
+              Optional list of remote client or  server  hostname
-              or network address patterns that cause the  verbose
+              or  network address patterns that cause the verbose
-              logging  level  to increase by the amount specified
+              logging level to increase by the  amount  specified
              in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
       <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
-              The recipient  of  postmaster  notifications  about
+              The  recipient  of  postmaster  notifications about
-              mail  delivery  problems that are caused by policy,
+              mail delivery problems that are caused  by  policy,
              resource, software or protocol errors.
       <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
-              The list of error classes that are reported to  the
+              The  list of error classes that are reported to the
              postmaster.
 <b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
-              Where  the  Postfix SMTP client should deliver mail
+              Where the Postfix SMTP client should  deliver  mail
              when it detects a "mail loops back to myself" error
              condition.
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
+              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
              <a href="master.5.html">master.cf</a> configuration files.
       <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How much time a Postfix daemon process may take  to
+              How  much time a Postfix daemon process may take to
-              handle  a  request  before  it  is  terminated by a
+              handle a request  before  it  is  terminated  by  a
              built-in watchdog timer.
       <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
              point when logging sub-second delay values.
       <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
-              Disable  DNS  lookups  in the Postfix SMTP and LMTP
+              Disable DNS lookups in the Postfix  SMTP  and  LMTP
              clients.
       <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -630,7 +631,7 @@ SMTP(8)                                                                SMTP(8)
              tem receives mail on.
       <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
-              The  Internet protocols Postfix will attempt to use
+              The Internet protocols Postfix will attempt to  use
              when making or accepting connections.
       <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -638,74 +639,74 @@ SMTP(8)                                                                SMTP(8)
              over an internal communication channel.
       <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
-              The  default  TCP port that the Postfix LMTP client
+              The default TCP port that the Postfix  LMTP  client
              connects to.
       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time  that  an  idle  Postfix
+              The  maximum  amount  of  time that an idle Postfix
-              daemon  process  waits for the next service request
+              daemon process waits for the next  service  request
              before exiting.
       <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
-              The maximal number of connection requests before  a
+              The  maximal number of connection requests before a
              Postfix daemon process terminates.
       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
              process.
       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
              process.
       <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
              The network interface addresses that this mail sys-
-              tem receives mail on by way of a proxy  or  network
+              tem  receives  mail on by way of a proxy or network
              address translation unit.
       <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
              An optional numerical network address that the SMTP
-              client should bind to when making an  IPv4  connec-
+              client  should  bind to when making an IPv4 connec-
              tion.
       <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
              An optional numerical network address that the SMTP
-              client should bind to when making an  IPv6  connec-
+              client  should  bind to when making an IPv6 connec-
              tion.
       <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
-              The  hostname to send in the SMTP EHLO or HELO com-
+              The hostname to send in the SMTP EHLO or HELO  com-
              mand.
       <b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
              The hostname to send in the LMTP LHLO command.
       <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
-              What mechanisms when the SMTP client uses  to  look
+              What  mechanisms  when the SMTP client uses to look
              up a host's IP address.
       <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
-              Randomize  the  order  of  equal-preference MX host
+              Randomize the order  of  equal-preference  MX  host
              addresses.
       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
-              The mail system  name  that  is  prepended  to  the
+              The  mail  system  name  that  is  prepended to the
-              process  name  in  syslog  records, so that "smtpd"
+              process name in syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".
       Available with Postfix 2.2 and earlier:
       <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
-              Optional list of relay hosts for SMTP  destinations
+              Optional  list of relay hosts for SMTP destinations
              that can't be found or that are unreachable.
       Available with Postfix 2.3 and later:
       <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
-              Optional  list of relay hosts for SMTP destinations
+              Optional list of relay hosts for SMTP  destinations
              that can't be found or that are unreachable.
 <b>SEE ALSO</b>
@ -723,7 +724,7 @@ SMTP(8)                                                                SMTP(8)
       <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
       software.
 <b>AUTHOR(S)</b>
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@ -329,12 +329,12 @@ SMTPD(8)                                                              SMTPD(8)
       found in the <a href="TLS_README.html">TLS_README</a> document.
       <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
-              Opportunistic mode: announce  STARTTLS  support  to
+              Opportunistic TLS:  announce  STARTTLS  support  to
              SMTP  clients,  but do not require that clients use
              TLS encryption.
       <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
-              Enforcement mode: announce STARTTLS support to SMTP
+              Mandatory TLS: announce STARTTLS  support  to  SMTP
              clients,  and  require that clients use TLS encryp-
              tion.
@ -408,7 +408,8 @@ SMTPD(8)                                                              SMTPD(8)
              TLS activity.
       <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
-              The  list of TLS protocols supported by the server.
+              The  list of TLS protocols supported by the Postfix
              SMTP server.
       <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
              Request  that  the  Postfix  SMTP  server  produces
@ -441,6 +442,14 @@ SMTPD(8)                                                              SMTPD(8)
              server in order to seed its internal pseudo  random
              number generator (PRNG).
       Available in Postfix version 2.3 and later:
       <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
              The  SMTP  TLS  security level for the Postfix SMTP
              server; when a non-empty value is  specified,  this
              overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
              <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
       <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
       <b>(!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)</b>
              The OpenSSL cipherlist for "HIGH" grade ciphers.
@ -450,7 +459,7 @@ SMTPD(8)                                                              SMTPD(8)
              ciphers.
       <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
-              The OpenSSL cipherlist for "LOW"  or  higher  grade
+              The  OpenSSL  cipherlist  for "LOW" or higher grade
              ciphers.
       <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -458,63 +467,63 @@ SMTPD(8)                                                              SMTPD(8)
              ciphers.
       <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
-              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
+              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
              that provide authentication without encryption.
 <b>VERP SUPPORT CONTROLS</b>
-       With  VERP  style  delivery,  each  recipient of a message
+       With VERP style delivery,  each  recipient  of  a  message
       receives a customized copy of the message with his/her own
-       recipient  address encoded in the envelope sender address.
+       recipient address encoded in the envelope sender  address.
       The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
-       details  of  Postfix  support for variable envelope return
+       details of Postfix support for  variable  envelope  return
       path addresses.  VERP style delivery is requested with the
-       SMTP  XVERP command or with the "sendmail -V" command-line
+       SMTP XVERP command or with the "sendmail -V"  command-line
-       option and is available in Postfix version 1.1 and  later.
+       option  and is available in Postfix version 1.1 and later.
       <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
              The two default VERP delimiter characters.
       <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The  characters  Postfix  accepts as VERP delimiter
+              The characters Postfix accepts  as  VERP  delimiter
-              characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command  line
+              characters  on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
              and in SMTP commands.
       Available in Postfix version 1.1 and 2.0:
       <b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
-              What  SMTP clients are allowed to specify the XVERP
+              What SMTP clients are allowed to specify the  XVERP
              command.
       Available in Postfix version 2.1 and later:
       <b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
-              What SMTP clients are allowed to specify the  XVERP
+              What  SMTP clients are allowed to specify the XVERP
              command.
 <b>TROUBLE SHOOTING CONTROLS</b>
-       The  <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
+       The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts  of
-       the Postfix mail system. The methods vary from making  the
+       the  Postfix mail system. The methods vary from making the
-       software  log a lot of detail, to running some daemon pro-
+       software log a lot of detail, to running some daemon  pro-
       cesses under control of a call tracer or debugger.
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment  in  verbose  logging  level  when  a
+              The  increment  in  verbose  logging  level  when a
-              remote  client  or  server matches a pattern in the
+              remote client or server matches a  pattern  in  the
              <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
       <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of remote client or  server  hostname
+              Optional  list  of remote client or server hostname
-              or  network address patterns that cause the verbose
+              or network address patterns that cause the  verbose
-              logging level to increase by the  amount  specified
+              logging  level  to increase by the amount specified
              in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
       <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
-              The  recipient  of  postmaster  notifications about
+              The recipient  of  postmaster  notifications  about
-              mail delivery problems that are caused  by  policy,
+              mail  delivery  problems that are caused by policy,
              resource, software or protocol errors.
       <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
-              The  list of error classes that are reported to the
+              The list of error classes that are reported to  the
              postmaster.
       <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
@ -524,22 +533,22 @@ SMTPD(8)                                                              SMTPD(8)
       Available in Postfix version 2.1 and later:
       <b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
-              What  SMTP  clients  are allowed to use the XCLIENT
+              What SMTP clients are allowed to  use  the  XCLIENT
              feature.
 <b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
-       As of Postfix version 2.0, the SMTP  server  rejects  mail
+       As  of  Postfix  version 2.0, the SMTP server rejects mail
-       for  unknown recipients. This prevents the mail queue from
+       for unknown recipients. This prevents the mail queue  from
-       clogging up  with  undeliverable  MAILER-DAEMON  messages.
+       clogging  up  with  undeliverable  MAILER-DAEMON messages.
-       Additional   information   on   this   topic   is  in  the
+       Additional  information  on   this   topic   is   in   the
       <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
       <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
-              Display  the  name  of  the  recipient table in the
+              Display the name of  the  recipient  table  in  the
              "User unknown" responses.
       <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
-              Optional address mapping lookup tables for  message
+              Optional  address mapping lookup tables for message
              headers and envelopes.
       <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
@ -550,7 +559,7 @@ SMTPD(8)                                                              SMTPD(8)
       <b><a href="postconf.5.html#mydestination">mydestination</a>  ($<a href="postconf.5.html#myhostname">myhostname</a>,  localhost.$<a href="postconf.5.html#mydomain">mydomain</a>,  local-</b>
       <b>host)</b>
-              The list of domains  that  are  delivered  via  the
+              The  list  of  domains  that  are delivered via the
              $<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
       <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -559,145 +568,145 @@ SMTPD(8)                                                              SMTPD(8)
       <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
              The network interface addresses that this mail sys-
-              tem  receives  mail on by way of a proxy or network
+              tem receives mail on by way of a proxy  or  network
              address translation unit.
       <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
-              The Internet protocols Postfix will attempt to  use
+              The  Internet protocols Postfix will attempt to use
              when making or accepting connections.
       <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>             (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
       <b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
-              Lookup  tables with all names or addresses of local
+              Lookup tables with all names or addresses of  local
-              recipients: a recipient address is local  when  its
+              recipients:  a  recipient address is local when its
-              domain  matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+              domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>  or
              $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
       <b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when    a   recipient   address   is   local,   and
+              when   a   recipient   address   is   local,    and
-              $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a  list  of  lookup
+              $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>  specifies  a  list of lookup
              tables that does not match the recipient.
-       Parameters  concerning  known/unknown  recipients of relay
+       Parameters concerning known/unknown  recipients  of  relay
       destinations:
       <b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
-              What destination domains (and  subdomains  thereof)
+              What  destination  domains (and subdomains thereof)
              this system will relay mail to.
       <b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
-              Optional  lookup tables with all valid addresses in
+              Optional lookup tables with all valid addresses  in
              the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
       <b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
              The numerical Postfix SMTP server reply code when a
-              recipient   address   matches  $<a href="postconf.5.html#relay_domains">relay_domains</a>,  and
+              recipient  address  matches   $<a href="postconf.5.html#relay_domains">relay_domains</a>,   and
-              <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies  a  list  of  lookup
+              <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>  specifies  a  list  of lookup
              tables that does not match the recipient address.
-       Parameters  concerning known/unknown recipients in virtual
+       Parameters concerning known/unknown recipients in  virtual
       alias domains:
       <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
              Postfix is final destination for the specified list
-              of  virtual  alias  domains,  that  is, domains for
+              of virtual alias  domains,  that  is,  domains  for
-              which all addresses are  aliased  to  addresses  in
+              which  all  addresses  are  aliased to addresses in
              other local or remote domains.
       <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
-              Optional  lookup  tables  that  alias specific mail
+              Optional lookup tables  that  alias  specific  mail
-              addresses or  domains  to  other  local  or  remote
+              addresses  or  domains  to  other  local  or remote
              address.
       <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
              The SMTP server reply code when a recipient address
-              matches    $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,    and     $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
+              matches     $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,    and    $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
-              <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a>  specifies  a list of lookup tables
+              <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of  lookup  tables
              that does not match the recipient address.
-       Parameters concerning known/unknown recipients in  virtual
+       Parameters  concerning known/unknown recipients in virtual
       mailbox domains:
       <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
              Postfix is final destination for the specified list
-              of  domains;  mail  is  delivered  via  the   $<a href="postconf.5.html#virtual_transport">vir</a>-
+              of   domains;  mail  is  delivered  via  the  $<a href="postconf.5.html#virtual_transport">vir</a>-
              <a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
       <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
-              Optional  lookup tables with all valid addresses in
+              Optional lookup tables with all valid addresses  in
              the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
       <b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
              The SMTP server reply code when a recipient address
-              matches    $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,    and   $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
+              matches   $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,    and    $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
              <a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
              that does not match the recipient address.
 <b>RESOURCE AND RATE CONTROLS</b>
-       The  following parameters limit resource usage by the SMTP
+       The following parameters limit resource usage by the  SMTP
       server and/or control client request rates.
       <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
-              Upon input, long lines are chopped up  into  pieces
+              Upon  input,  long lines are chopped up into pieces
-              of  at  most this length; upon delivery, long lines
+              of at most this length; upon delivery,  long  lines
              are reconstructed.
       <b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
-              The minimal amount of free space in  bytes  in  the
+              The  minimal  amount  of free space in bytes in the
              queue file system that is needed to receive mail.
       <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
-              The  maximal  size in bytes of a message, including
+              The maximal size in bytes of a  message,  including
              envelope information.
       <b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
-              The maximal number of recipients that  the  Postfix
+              The  maximal  number of recipients that the Postfix
              SMTP server accepts per message delivery request.
       <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
-              The  time  limit  for sending a Postfix SMTP server
+              The time limit for sending a  Postfix  SMTP  server
-              response and for receiving  a  remote  SMTP  client
+              response  and  for  receiving  a remote SMTP client
              request.
       <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
-              The  maximal  number  of  lines in the Postfix SMTP
+              The maximal number of lines  in  the  Postfix  SMTP
-              server command history before it  is  flushed  upon
+              server  command  history  before it is flushed upon
              receipt of EHLO, RSET, or end of DATA.
       Available in Postfix version 2.3 and later:
       <b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
-              Attempt  to  look  up the SMTP client hostname, and
+              Attempt to look up the SMTP  client  hostname,  and
              verify that the name matches the client IP address.
       The per SMTP client connection count and request rate lim-
       its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
-       vice,  and are available in Postfix version 2.2 and later.
+       vice, and are available in Postfix version 2.2 and  later.
       <b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
-              How many simultaneous  connections  any  client  is
+              How  many  simultaneous  connections  any client is
              allowed to make to this service.
       <b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
              The  maximal  number  of  connection  attempts  any
-              client is allowed to make to this service per  time
+              client  is allowed to make to this service per time
              unit.
       <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
-              The  maximal  number  of  message delivery requests
+              The maximal number  of  message  delivery  requests
-              that any client is allowed to make to this  service
+              that  any client is allowed to make to this service
              per time unit, regardless of whether or not Postfix
              actually accepts those messages.
       <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
-              The maximal number of recipient addresses that  any
+              The  maximal number of recipient addresses that any
-              client  is allowed to send to this service per time
+              client is allowed to send to this service per  time
              unit, regardless of whether or not Postfix actually
              accepts those recipients.
       <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
-              Clients  that  are  excluded from connection count,
+              Clients that are excluded  from  connection  count,
              connection rate, or SMTP request rate restrictions.
       Available in Postfix version 2.3 and later:
@ -708,52 +717,52 @@ SMTPD(8)                                                              SMTPD(8)
              tiate with this service per time unit.
 <b>TARPIT CONTROLS</b>
-       When  a  remote SMTP client makes errors, the Postfix SMTP
+       When a remote SMTP client makes errors, the  Postfix  SMTP
-       server can insert delays before responding. This can  help
+       server  can insert delays before responding. This can help
-       to  slow  down  run-away  software.   The behavior is con-
+       to slow down run-away  software.   The  behavior  is  con-
-       trolled by an error counter  that  counts  the  number  of
+       trolled  by  an  error  counter  that counts the number of
-       errors  within an SMTP session that a client makes without
+       errors within an SMTP session that a client makes  without
       delivering mail.
       <b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
              With Postfix version 2.1 and later: the SMTP server
-              response  delay  after  a client has made more than
+              response delay after a client has  made  more  than
-              $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>  errors,  and  fewer   than
+              $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>   errors,  and  fewer  than
-              $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>  errors, without delivering
+              $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without  delivering
              mail.
       <b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
-              The number  of  errors  a  remote  SMTP  client  is
+              The  number  of  errors  a  remote  SMTP  client is
-              allowed  to make without delivering mail before the
+              allowed to make without delivering mail before  the
              Postfix SMTP server slows down all its responses.
       <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
-              The maximal number of errors a remote  SMTP  client
+              The  maximal  number of errors a remote SMTP client
              is allowed to make without delivering mail.
       <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
-              The  number  of  junk commands (NOOP, VRFY, ETRN or
+              The number of junk commands (NOOP,  VRFY,  ETRN  or
              RSET) that a remote SMTP client can send before the
-              Postfix  SMTP  server starts to increment the error
+              Postfix SMTP server starts to increment  the  error
              counter with each junk command.
       Available in Postfix version 2.1 and later:
       <b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
-              The number of recipients that a remote SMTP  client
+              The  number of recipients that a remote SMTP client
-              can  send  in  excess  of  the limit specified with
+              can send in excess  of  the  limit  specified  with
              $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,  before  the  Postfix  SMTP
-              server  increments  the per-session error count for
+              server increments the per-session error  count  for
              each excess recipient.
 <b>ACCESS POLICY DELEGATION CONTROLS</b>
-       As of version 2.1, Postfix can be configured  to  delegate
+       As  of  version 2.1, Postfix can be configured to delegate
-       access  policy  decisions  to an external server that runs
+       access policy decisions to an external  server  that  runs
-       outside Postfix.  See  the  file  <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>  for
+       outside  Postfix.   See  the  file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
       more information.
       <b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
-              The  time  after which an idle SMTPD policy service
+              The time after which an idle SMTPD  policy  service
              connection is closed.
       <b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
@ -761,161 +770,161 @@ SMTPD(8)                                                              SMTPD(8)
              connection is closed.
       <b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
-              The  time  limit  for  connecting to, writing to or
+              The time limit for connecting  to,  writing  to  or
              receiving from a delegated SMTPD policy server.
 <b>ACCESS CONTROLS</b>
-       The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction  to
+       The  <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
       all the SMTP server access control features.
       <b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
-              Wait  until  the  RCPT TO command before evaluating
+              Wait until the RCPT TO  command  before  evaluating
              $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>,    $smtpd_helo_restric-
              tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
-              the     ETRN     command     before      evaluating
+              the      ETRN     command     before     evaluating
              $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
              tions.
-       <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf  -d'  out-</b>
+       <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>  (see  'postconf -d' out-</b>
       <b>put)</b>
              What   Postfix   features   match   subdomains   of
              "domain.tld" automatically, instead of requiring an
              explicit ".domain.tld" pattern.
       <b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
-              Optional SMTP server  access  restrictions  in  the
+              Optional  SMTP  server  access  restrictions in the
              context of a client SMTP connection request.
       <b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
              Require that a remote SMTP client introduces itself
-              at the beginning of an SMTP session with  the  HELO
+              at  the  beginning of an SMTP session with the HELO
              or EHLO command.
       <b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
-              Optional  restrictions that the Postfix SMTP server
+              Optional restrictions that the Postfix SMTP  server
              applies in the context of the SMTP HELO command.
       <b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
-              Optional restrictions that the Postfix SMTP  server
+              Optional  restrictions that the Postfix SMTP server
              applies in the context of the MAIL FROM command.
       <b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>           (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
       <b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
              The  access  restrictions  that  the  Postfix  SMTP
-              server applies in the context of the RCPT  TO  com-
+              server  applies  in the context of the RCPT TO com-
              mand.
       <b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
-              Optional  SMTP  server  access  restrictions in the
+              Optional SMTP server  access  restrictions  in  the
              context of a client ETRN request.
       <b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
-              Forward   mail   with   sender-specified    routing
+              Forward    mail   with   sender-specified   routing
-              (user[@%!]remote[@%!]site)  from  untrusted clients
+              (user[@%!]remote[@%!]site) from  untrusted  clients
              to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
       <b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
-              User-defined aliases for groups of access  restric-
+              User-defined  aliases for groups of access restric-
              tions.
       <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
-              The  lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
+              The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a>  tables
              instead of the null sender address.
       <b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
              Restrict  the  use  of  the  <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a>  SMTP
-              access  feature  to  only  domains whose primary MX
+              access feature to only  domains  whose  primary  MX
              hosts match the listed networks.
       Available in Postfix version 2.0 and later:
       <b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
-              Optional access restrictions that the Postfix  SMTP
+              Optional  access restrictions that the Postfix SMTP
              server applies in the context of the SMTP DATA com-
              mand.
       <b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
-              What characters are allowed in $name expansions  of
+              What  characters are allowed in $name expansions of
              RBL reply templates.
       Available in Postfix version 2.1 and later:
       <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
-              Request  that  the Postfix SMTP server rejects mail
+              Request that the Postfix SMTP server  rejects  mail
-              from  unknown  sender  addresses,  even   when   no
+              from   unknown   sender  addresses,  even  when  no
-              explicit  <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
+              explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access  restriction
              is specified.
       <b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
-              Request that the Postfix SMTP server  rejects  mail
+              Request  that  the Postfix SMTP server rejects mail
              for  unknown  recipient  addresses,  even  when  no
-              explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access  restric-
+              explicit  <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
              tion is specified.
       Available in Postfix version 2.2 and later:
       <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
-              Optional  access restrictions that the Postfix SMTP
+              Optional access restrictions that the Postfix  SMTP
-              server applies in the context of the  SMTP  END-OF-
+              server  applies  in the context of the SMTP END-OF-
              DATA command.
 <b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
-       Postfix   version  2.1  introduces  sender  and  recipient
+       Postfix  version  2.1  introduces  sender  and   recipient
-       address verification.   This  feature  is  implemented  by
+       address  verification.   This  feature  is  implemented by
-       sending  probe email messages that are not actually deliv-
+       sending probe email messages that are not actually  deliv-
-       ered.  This feature is requested  via  the  <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
+       ered.   This  feature  is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
-       <a href="postconf.5.html#reject_unverified_sender">fied_sender</a>    and    <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>   access
+       <a href="postconf.5.html#reject_unverified_sender">fied_sender</a>   and    <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>    access
-       restrictions.  The status of verification probes is  main-
+       restrictions.   The status of verification probes is main-
       tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server.  See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>-
-       <a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about  how  to  configure
+       <a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a>  for  information  about how to configure
       and operate the Postfix sender/recipient address verifica-
       tion service.
       <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
-              How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a>  service  for
+              How  many  times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
-              the  completion  of an address verification request
+              the completion of an address  verification  request
              in progress.
       <b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
-              The delay between queries for the completion of  an
+              The  delay between queries for the completion of an
              address verification request in progress.
       <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
-              The  sender  address to use in address verification
+              The sender address to use in  address  verification
              probes.
       <b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when   a  recipient  address  is  rejected  by  the
+              when  a  recipient  address  is  rejected  by   the
              <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
       <b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
-              The numerical Postfix SMTP server response  when  a
+              The  numerical  Postfix SMTP server response when a
              recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
              <a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
 <b>ACCESS CONTROL RESPONSES</b>
-       The following  parameters  control  numerical  SMTP  reply
+       The  following  parameters  control  numerical  SMTP reply
       codes and/or text responses.
       <b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
-              when a client  is  rejected  by  an  <a href="access.5.html"><b>access</b>(5)</a>  map
+              when  a  client  is  rejected  by  an <a href="access.5.html"><b>access</b>(5)</a> map
              restriction.
       <b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
-              when a remote SMTP client request  is  rejected  by
+              when  a  remote  SMTP client request is rejected by
              the "defer" restriction.
       <b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
-              when the client HELO or EHLO command  parameter  is
+              when  the  client HELO or EHLO command parameter is
-              rejected    by   the   <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
+              rejected   by   the    <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
              restriction.
       <b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
              when a remote SMTP client request is blocked by the
              <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,             <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
              <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a>    or    <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
@ -923,53 +932,53 @@ SMTPD(8)                                                              SMTPD(8)
       <b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
              The numerical Postfix SMTP server reply code when a
-              client     request     is     rejected    by    the
+              client    request    is     rejected     by     the
              <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
              <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
              restriction.
       <b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when  a  request  is  rejected by the <b>reject_plain-</b>
+              when a request is  rejected  by  the  <b>reject_plain-</b>
              <b>text_session</b> restriction.
       <b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when  a  remote  SMTP client request is rejected by
+              when a remote SMTP client request  is  rejected  by
              the "reject" restriction.
       <b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when   a   client   request   is  rejected  by  the
+              when  a  client  request   is   rejected   by   the
              <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
       <b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when  a  sender or recipient address is rejected by
+              when a sender or recipient address is  rejected  by
              the         <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>         or
              <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
       <b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
-              when a client without valid address &lt;=&gt;  name  map-
+              when  a  client without valid address &lt;=&gt; name map-
              ping is rejected by the reject_unknown_client_host-
              name restriction.
       <b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
-              when  the  hostname specified with the HELO or EHLO
+              when the hostname specified with the HELO  or  EHLO
-              command       is       rejected       by        the
+              command        is       rejected       by       the
              <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
       Available in Postfix version 2.0 and later:
       <b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
-              The  default  SMTP  server  response template for a
+              The default SMTP server  response  template  for  a
-              request that is rejected by an  RBL-based  restric-
+              request  that  is rejected by an RBL-based restric-
              tion.
       <b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
              when a remote SMTP client request is blocked by the
              <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
@ -978,16 +987,16 @@ SMTPD(8)                                                              SMTPD(8)
 <b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
              <a href="master.5.html">master.cf</a> configuration files.
       <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How  much time a Postfix daemon process may take to
+              How much time a Postfix daemon process may take  to
-              handle a request  before  it  is  terminated  by  a
+              handle  a  request  before  it  is  terminated by a
              built-in watchdog timer.
       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The  location  of  all  postfix administrative com-
+              The location of  all  postfix  administrative  com-
              mands.
       <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@ -1008,36 +1017,36 @@ SMTPD(8)                                                              SMTPD(8)
              and most Postfix daemon processes.
       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The  maximum  amount  of  time that an idle Postfix
+              The maximum amount of time  that  an  idle  Postfix
-              daemon process waits for the next  service  request
+              daemon  process  waits for the next service request
              before exiting.
       <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
-              The  maximal number of connection requests before a
+              The maximal number of connection requests before  a
              Postfix daemon process terminates.
       <b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
              The internet hostname of this mail system.
       <b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
-              The list of "trusted" SMTP clients that  have  more
+              The  list  of "trusted" SMTP clients that have more
              privileges than "strangers".
       <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
              The domain name that locally-posted mail appears to
-              come from, and that locally posted mail  is  deliv-
+              come  from,  and that locally posted mail is deliv-
              ered to.
       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
              process.
       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
              process.
       <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
              tory.
       <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -1045,22 +1054,22 @@ SMTPD(8)                                                              SMTPD(8)
              sions (user+foo).
       <b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
-              The  text  that  follows the 220 status code in the
+              The text that follows the 220 status  code  in  the
              SMTP greeting banner.
       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
-              The mail system  name  that  is  prepended  to  the
+              The  mail  system  name  that  is  prepended to the
-              process  name  in  syslog  records, so that "smtpd"
+              process name in syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".
       Available in Postfix version 2.2 and later:
       <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
-              List of  commands  that  causes  the  Postfix  SMTP
+              List  of  commands  that  causes  the  Postfix SMTP
-              server  to immediately terminate the session with a
+              server to immediately terminate the session with  a
              221 code.
 <b>SEE ALSO</b>
@ -1090,7 +1099,7 @@ SMTPD(8)                                                              SMTPD(8)
       <a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
       software.
 <b>AUTHOR(S)</b>
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -4884,9 +4884,9 @@ example.net     secure match=example.com:.example.com
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtp_tls_security_level (default: empty)
-The default SMTP TLS security level for all destinations; when
+The default SMTP TLS security level for the Postfix SMTP client;
-a non-empty value is specified, this overrides the obsolete parameters
+when a non-empty value is specified, this overrides the obsolete
-smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
+parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
 .PP
 Specify one of the following security levels:
 .IP "\fBnone\fR"
@ -5621,19 +5621,20 @@ This feature is available in Postfix 2.2 and later.
 .PP
 See smtpd_data_restrictions for syntax details.
 .SH smtpd_enforce_tls (default: no)
-Enforcement mode: announce STARTTLS support to SMTP clients,
+Mandatory TLS: announce STARTTLS support to SMTP clients,
 and require that clients use TLS encryption.  According to RFC 2487
 this MUST NOT be applied in case of a publicly-referenced SMTP
 server.  This option is off by default and should be used only on
 dedicated servers.
 .PP
-Note 1: this mode implies "smtpd_tls_auth_only = yes".
+Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".
 .PP
 Note 2: when invoked via "\fBsendmail -bs\fR", Postfix will never offer
 STARTTLS due to insufficient privileges to access the server private
 key. This is intended behavior.
 .PP
-This feature is available in Postfix 2.2 and later.
+This feature is available in Postfix 2.2 and later. With
 Postfix 2.3 and later use smtpd_tls_security_level instead.
 .SH smtpd_error_sleep_time (default: 1s)
 With Postfix version 2.1 and later: the SMTP server response delay after
 a client has made more than $smtpd_soft_error_limit errors, and
@ -6470,15 +6471,15 @@ able to authenticate the server, but unless it is running Postfix 2.3 or
 similar software, it will still insist on a server certificate.
 .PP
 For servers that are \fBnot\fR public Internet MX hosts, Postfix
-2.3 supports configurations with no certificates. This entails the use
+2.3 supports configurations with no certificates. This entails the
-of just the anonymous TLS ciphers, which are not supported by typical
+use of just the anonymous TLS ciphers, which are not supported by
-SMTP clients. Since such clients will not, as a rule, fall back to plain
+typical SMTP clients. Since such clients will not, as a rule, fall
-text after a TLS handshake failure, the server will be unable to receive
+back to plain text after a TLS handshake failure, the server will
-email from TLS enabled clients. To avoid accidental configurations with
+be unable to receive email from TLS enabled clients. To avoid
-no certificates, Postfix 2.3 enables certificate-less operation only
+accidental configurations with no certificates, Postfix 2.3 enables
-when the administrator explicitly sets "smtpd_tls_cert_file = none". This
+certificate-less operation only when the administrator explicitly
-ensures that new Postfix configurations with just "smtpd_use_tls = yes"
+sets "smtpd_tls_cert_file = none". This ensures that new Postfix
-added, will not accidentally run with no certificates.
+configurations will not accidentally run with no certificates.
 .PP
 Both RSA and DSA certificates are supported.  When both types
 are present, the cipher used determines which certificate will be
@ -6723,17 +6724,15 @@ loglevel 4 is strongly discouraged.
 .PP
 This feature is available in Postfix 2.2 and later.
 .SH smtpd_tls_protocols (default: empty)
-The list of TLS protocols supported by the server. If empty the
+The list of TLS protocols supported by the Postfix SMTP server.
-default list of protocols is used (i.e. all TLS protocol versions are
+If the list is empty, the server supports all available TLS protocol
-supported). Any non-empty value is interpreted as a list of protocol
+versions.  A non-empty value is a list of protocol names separated
-names separated by whitespace, commas or colons. The supported protocol
+by whitespace, commas or colons. The supported protocol names are
-names are "SSLv2", "SSLv3" and "TLSv1", and are not
+"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive.
 case-sensitive.
 .PP
-DO NOT set this to a non-default value on an MX-host,
+DO NOT set this to a non-default value on an Internet MX host,
-as some clients may not support any of the narrower set of protocols,
+as this may cause inter-operability problems.  If you restrict the
-and may be unable to fallback to plaintext sessions. If you restrict
+protocol list on an Internet MX host, you may lose mail.
 the protocol list on an MX host, you may lose mail.
 .PP
 Example:
 .PP
@ -6764,6 +6763,37 @@ When TLS encryption is optional, this setting is ignored with
 a warning written to the mail log.
 .PP
 This feature is available in Postfix 2.2 and later.
 .SH smtpd_tls_security_level (default: empty)
 The SMTP TLS security level for the Postfix SMTP server; when
 a non-empty value is specified, this overrides the obsolete parameters
 smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
 "smtpd_tls_wrappermode = yes".
 .PP
 Specify one of the following security levels:
 .IP "\fBnone\fR"
 TLS will not be used.
 .IP "\fBmay\fR"
 Opportunistic TLS: announce STARTTLS support
 to SMTP clients, but do not require that clients use TLS encryption.
 .IP "\fBencrypt\fR"
 Mandatory TLS encryption: announce
 STARTTLS support to SMTP clients, and require that clients use TLS
 encryption. According to RFC 2487 this MUST NOT be applied in case
 of a publicly-referenced SMTP server. Instead, this option should
 be used only on dedicated servers.
 .PP
 Note 1: the "verify" and "secure" levels are not supported.
 The Postfix SMTP server logs a warning and uses "encrypt" instead.
 To verify SMTP client certificates, see TLS_README for a discussion
 of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
 features.
 .PP
 Note 2: The parameter setting "smtpd_tls_security_level =
 encrypt" implies "smtpd_tls_auth_only = yes".
 .PP
 Note 3: when invoked via "sendmail -bs", Postfix will never
 offer STARTTLS due to insufficient privileges to access the server
 private key. This is intended behavior.
 .SH smtpd_tls_session_cache_database (default: empty)
 Name of the file containing the optional Postfix SMTP server
 TLS session cache. Specify a database type that supports enumeration,
@ -6812,14 +6842,15 @@ purpose.
 .PP
 This feature is available in Postfix 2.2 and later.
 .SH smtpd_use_tls (default: no)
-Opportunistic mode: announce STARTTLS support to SMTP clients,
+Opportunistic TLS: announce STARTTLS support to SMTP clients,
 but do not require that clients use TLS encryption.
 .PP
 Note: when invoked via "\fBsendmail -bs\fR", Postfix will never offer
 STARTTLS due to insufficient privileges to access the server private
 key. This is intended behavior.
 .PP
-This feature is available in Postfix 2.2 and later.
+This feature is available in Postfix 2.2 and later. With
 Postfix 2.3 and later use smtpd_tls_security_level instead.
 .SH soft_bounce (default: no)
 Safety net to keep mail queued that would otherwise be returned to
 the sender.  This parameter disables locally-generated bounces,
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@ -286,9 +286,9 @@ for authentication.
 Detailed information about STARTTLS configuration may be found
 in the TLS_README document.
 .IP "\fBsmtp_tls_security_level (empty)\fR"
-The default SMTP TLS security level for all destinations; when
+The default SMTP TLS security level for the Postfix SMTP client;
-a non-empty value is specified, this overrides the obsolete parameters
+when a non-empty value is specified, this overrides the obsolete
-smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
+parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
 .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
 The SASL authentication security options that the Postfix SMTP
 client uses for TLS encrypted SMTP sessions.
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@ -295,10 +295,10 @@ for authentication.
 Detailed information about STARTTLS configuration may be
 found in the TLS_README document.
 .IP "\fBsmtpd_use_tls (no)\fR"
-Opportunistic mode: announce STARTTLS support to SMTP clients,
+Opportunistic TLS: announce STARTTLS support to SMTP clients,
 but do not require that clients use TLS encryption.
 .IP "\fBsmtpd_enforce_tls (no)\fR"
-Enforcement mode: announce STARTTLS support to SMTP clients,
+Mandatory TLS: announce STARTTLS support to SMTP clients,
 and require that clients use TLS encryption.
 .IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
 The SASL authentication security options that the Postfix SMTP
@ -342,7 +342,7 @@ File with the Postfix SMTP server RSA private key in PEM format.
 .IP "\fBsmtpd_tls_loglevel (0)\fR"
 Enable additional Postfix SMTP server logging of TLS activity.
 .IP "\fBsmtpd_tls_protocols (empty)\fR"
-The list of TLS protocols supported by the server.
+The list of TLS protocols supported by the Postfix SMTP server.
 .IP "\fBsmtpd_tls_received_header (no)\fR"
 Request that the Postfix SMTP server produces Received:  message
 headers that include information about the protocol and cipher used,
@ -364,6 +364,12 @@ instead of using the STARTTLS command.
 The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
 process requests from the \fBtlsmgr\fR(8) server in order to seed its
 internal pseudo random number generator (PRNG).
 .PP
 Available in Postfix version 2.3 and later:
 .IP "\fBsmtpd_tls_security_level (empty)\fR"
 The SMTP TLS security level for the Postfix SMTP server; when
 a non-empty value is specified, this overrides the obsolete parameters
 smtpd_use_tls and smtpd_enforce_tls.
 .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
 The OpenSSL cipherlist for "HIGH" grade ciphers.
 .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@ -566,6 +566,7 @@ while (<>) {
    s;\bsmtpd_tls_dh512_param_file\b;<a href="postconf.5.html#smtpd_tls_dh512_param_file">$&</a>;g;
    s;\bsmtpd_tls_dkey_file\b;<a href="postconf.5.html#smtpd_tls_dkey_file">$&</a>;g;
    s;\bsmtpd_tls_key_file\b;<a href="postconf.5.html#smtpd_tls_key_file">$&</a>;g;
    s;\bsmtpd_tls_security_level\b;<a href="postconf.5.html#smtpd_tls_security_level">$&</a>;g;
    s;\bsmtpd_tls_loglevel\b;<a href="postconf.5.html#smtpd_tls_loglevel">$&</a>;g;
    s;\bsmtpd_tls_protocols\b;<a href="postconf.5.html#smtpd_tls_protocols">$&</a>;g;
    s;\bsmtpd_tls_received_header\b;<a href="postconf.5.html#smtpd_tls_received_header">$&</a>;g;
--- a/postfix/proto/INSTALL.html
+++ b/postfix/proto/INSTALL.html
@ -156,7 +156,7 @@ OPENSTEP 4.x <br>
 OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
 Reliant UNIX 5.x <br>
 Rhapsody 5.x <br>
-SunOS 4.1.4 (December 2005) <br>
+SunOS 4.1.4 (July 2006) <br>
 SunOS 5.4 - 5.9 (Solaris 2.4..9) <br>
 Ultrix 4.x (well, that was long ago) <br>
 </p>
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@ -248,8 +248,7 @@ be unable to receive email from most TLS enabled clients. To avoid
 accidental configurations with no certificates, Postfix 2.3 enables
 certificate-less operation only when the administrator explicitly sets
 "smtpd_tls_cert_file&nbsp;=&nbsp;none". This ensures that new Postfix
-configurations with just "smtpd_use_tls&nbsp;=&nbsp;yes" added, will
+configurations will not accidentally run with no certificates. </p>
 not accidentally run with no certificates. </p>
 <p> Both RSA and DSA certificates are supported. Typically you will
 only have RSA certificates issued by a commercial CA. In addition,
@ -437,13 +436,18 @@ since the headers may be changed by intermediate servers. </p>
 <p> By default, TLS is disabled in the Postfix SMTP server, so no
 difference to plain Postfix is visible.  Explicitly switch it on
-using "smtpd_use_tls&nbsp;=&nbsp;yes". </p>
+with "smtpd_tls_security_level&nbsp;=&nbsp;may" (Postfix 2.3 and
 later) or "smtpd_use_tls&nbsp;=&nbsp;yes" (obsolete but still
 supported). </p>
 <p> Example: </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
    # Postfix 2.3 and later
    smtpd_tls_security_level = may
    # Obsolete, but still supported
    smtpd_use_tls = yes
 </pre>
 </blockquote>
@ -456,18 +460,23 @@ SMTP clients, but does not require that clients use TLS encryption.
 is never offered due to insufficient privileges to access the server
 private key. This is intended behavior. </p>
-<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>, so that
+<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
-the Postfix SMTP server announces STARTTLS and accepts no mail without
+so that the Postfix SMTP server announces STARTTLS and accepts no
-TLS encryption, by setting "smtpd_enforce_tls&nbsp;=&nbsp;yes". According
+mail without TLS encryption, by setting
-to RFC 2487 this MUST NOT be applied in case of a publicly-referenced
+"smtpd_tls_security_level&nbsp;=&nbsp;encrypt" (Postfix 2.3 and
-Postfix SMTP server.  This option is off by default and should only
+later) or "smtpd_enforce_tls&nbsp;=&nbsp;yes" (obsolete but still
-seldom be used. </p>
+supported). According to RFC 2487 this MUST NOT be applied in case
 of a publicly-referenced Postfix SMTP server.  This option is off
 by default and should only seldom be used. </p>
 <p> Example: </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
    # Postfix 2.3 and later
    smtpd_tls_security_level = encrypt
    # Obsolete, but still supported
    smtpd_enforce_tls = yes
 </pre>
 </blockquote>
@ -517,8 +526,11 @@ when the server is configured to ask for client certificates. </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
    smtpd_use_tls = yes
    smtpd_tls_ask_ccert = yes
    # Postfix 2.3 and later
    smtpd_tls_security_level = may
    # Obsolete, but still supported
    smtpd_use_tls = yes
 </pre>
 </blockquote>
@ -534,8 +546,11 @@ logged. </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
    smtpd_enforce_tls = yes
    smtpd_tls_req_ccert = yes
    # Postfix 2.3 and later
    smtpd_tls_security_level = encrypt
    # Obsolete, but still supported
    smtpd_enforce_tls = yes
 </pre>
 </blockquote>
@ -556,15 +571,18 @@ CA issues special CA which then issues the actual certificate...)
 <h3><a name="server_tls_auth">Supporting AUTH over TLS only</a></h3>
-<p> Sending AUTH data over an unencrypted channel poses a security risk.
+<p> Sending AUTH data over an unencrypted channel poses a security
-When TLS layer encryption is required (smtpd_enforce_tls&nbsp;=&nbsp;yes),
+risk.  When TLS layer encryption is required
-the Postfix SMTP server will announce and accept AUTH only
+("smtpd_tls_security_level&nbsp;=&nbsp;encrypt" or the obsolete
-after the TLS layer has been activated with STARTTLS. When TLS
+"smtpd_enforce_tls&nbsp;=&nbsp;yes"), the Postfix SMTP server will
-layer encryption is optional (smtpd_enforce_tls&nbsp;=&nbsp;no), it may
+announce and accept AUTH only after the TLS layer has been activated
-however still be useful to only offer AUTH when TLS is active. To
+with STARTTLS. When TLS layer encryption is optional
-maintain compatibility with non-TLS clients, the default is to
+("smtpd_tls_security_level&nbsp;=&nbsp;may" or the obsolete
-accept AUTH without encryption. In order to change this behavior,
+"smtpd_enforce_tls&nbsp;=&nbsp;no"), it may however still be useful
-set "smtpd_tls_auth_only&nbsp;=&nbsp;yes". </p>
+to only offer AUTH when TLS is active. To maintain compatibility
 with non-TLS clients, the default is to accept AUTH without encryption.
 In order to change this behavior, set
 "smtpd_tls_auth_only&nbsp;=&nbsp;yes". </p>
 <p> Example: </p>
@ -715,12 +733,14 @@ and not specifying an smtpd_tls_dcert_file. </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
    smtpd_use_tls = yes
    smtpd_enforce_tls = yes
    smtpd_tls_cert_file = /etc/postfix/cert.pem
    smtpd_tls_key_file = /etc/postfix/key.pem
    smtpd_tls_ciphers = medium
    smtpd_tls_exclude_ciphers = aNULL, MD5
    # Postfix 2.3 and later
    smtpd_tls_security_level = encrypt
    # Obsolete, but still supported
    smtpd_enforce_tls = yes
 </pre>
 </blockquote>
@ -1257,12 +1277,12 @@ on TLS <a href="#client_tls_limits">limitations</a> above. </p>
 <p> At the "encrypt" TLS security level, messages are sent only
 over TLS encrypted sessions. The SMTP transaction is aborted unless
-the STARTTLS ESMTP feature is supported by the server. If no
+the STARTTLS ESMTP feature is supported by the server. If no suitable
-suitable servers are found, the message will be deferred. With Postfix
+servers are found, the message will be deferred. With Postfix 2.3
-2.3 and later, mandatory TLS encryption can be configured by setting
+and later, mandatory TLS encryption can be configured by setting
-"smtp_tls_security_level&nbsp;=&nbsp;encrypt". Even though TLS encryption
+"smtp_tls_security_level&nbsp;=&nbsp;encrypt". Even though TLS
-is always used, mail delivery continues if the server certificate is
+encryption is always used, mail delivery continues if the server
-untrusted or bears the wrong name. </p>
+certificate is untrusted or bears the wrong name. </p>
 <p> At this security level and higher, the smtp_tls_mandatory_protocols
 and smtp_tls_mandatory_ciphers configuration parameters determine
@ -1382,15 +1402,15 @@ use the new <a href="#client_tls_policy">policy table</a> instead. </p>
 <h3><a name="client_tls_verify"> Mandatory server certificate verification </a>
 </h3>
-<p> At the "verify" TLS security level, messages are sent only
+<p> At the "verify" TLS security level, messages are sent only over
-over TLS encrypted sessions for which server certificate verification
+TLS encrypted sessions if the server certificate is valid (not
-succeeds. If no suitable servers are found, the message will be
+expired or revoked, and signed by a trusted certificate authority)
-deferred. With Postfix 2.3 and later, mandatory server certificate
+and if the server certificate name matches a known pattern.  Mandatory
-verification can be configured by setting
+server certificate verification can be configured by setting
-"smtp_tls_security_level&nbsp;=&nbsp;verify", the
+"smtp_tls_security_level&nbsp;=&nbsp;verify".  The
 smtp_tls_verify_cert_match parameter can override the default
-"hostname" certificate match strategy. Fine-tuning the matching
+"hostname" certificate name matching strategy. Fine-tuning the
-strategy is generally only appropriate for <a
+matching strategy is generally only appropriate for <a
 href="#client_tls_secure">secure-channel</a> destinations. </p>
 <p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
@ -1676,33 +1696,51 @@ describe the corresponding table syntax: </p>
 <dd>Opportunistic TLS. No additional attributes are supported at this
 level. </dd>
-<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level and
+<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Mail is
-higher the optional "ciphers" attribute overrides the main.cf
+delivered only if remote SMTP server offers STARTTLS and the TLS
-smtp_tls_mandatory_ciphers parameter and the optional "protocols"
+handshake succeeds.  At this level and higher the optional "ciphers"
-keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
+attribute overrides the main.cf smtp_tls_mandatory_ciphers parameter
-In the policy table, multiple protocols must be separated by colons,
+and the optional "protocols" keyword overrides the main.cf
-as attribute values may not contain whitespace or commas.</dd>
+smtp_tls_mandatory_protocols parameter. </dd>
-<dt><b>verify</b></dt>
+<dt><b>verify</b></dt> <dd>Mandatory server certificate verification.
-<dd>Mandatory server certificate verification. The optional "match"
+Mail is delivered only if the TLS handshake succeeds, if the server
-attribute overrides the main.cf smtp_tls_verify_cert_match parameter.
+certificate can be validated (not expired or revoked, and signed
-In the policy table, multiple match patterns and strategies must
+by a trusted certificate authority), and if the server certificate
-be separated by colons. </dd>
+name matches the optional "match" attribute (or the main.cf
 smtp_tls_verify_cert_match parameter value when no optional "match"
 attribute is specified).  </dd>
-<dt><b>secure</b></dt> <dd>Secure-channel TLS. The optional "match"
+<dt><b>secure</b></dt> <dd>Secure-channel TLS. Mail is delivered
-attribute overrides the main.cf smtp_tls_secure_cert_match parameter. In
+only if the TLS handshake succeeds, if the server certificate can
-the policy table, multiple match patterns and strategies must be separated
+be validated (not expired or revoked, and signed by a trusted
-by colons. The match attribute is useful when additional domains are
+certificate authority), and if the server certificate name matches
-supported by common server, the policy entries for the additional domains
+the optional "match" attribute (or the main.cf smtp_tls_secure_cert_match
-specify matching rules for the primary domain certificate. While transport
+parameter value when no optional "match" attribute is specified).
-table overrides routing secondary domains to the primary nexthop also
+</dd>
 allow secure verification, they risk delivery to the wrong destination
 when domains change hands or are re-assigned to new gateways. With the
 "match" attribute approach, routing is not perturbed, and mail is deferred
 if verification of a new MX host fails. </dd>
 </dl>
 <p> Notes: </p>
 <ul>
 <li> <p> The "match" attribute is especially useful to verify TLS
 certificates for domains that are hosted on a shared server.  In
 that case, specify "match" rules for the shared server's name.
 While secure verification can also be achieved with manual routing
 overrides in Postfix transport(5) tables, that approach can deliver
 mail to the wrong host when domains are assigned to new gateway
 hosts.  The "match" attribute approach avoids the problems of manual
 routing overrides; mail is deferred if verification of a new MX
 host fails.  </p>
 <li> <p> When a policy table entry specifies multiple match patterns,
 multiple match strategies, or multiple protocols, these must be
 separated by colons.  </p>
 </ul>
 <p>
 Example:
 </p>
@ -2238,18 +2276,22 @@ but don't require them from all clients. </p>
 <blockquote>
 <pre>
-smtp_tls_CAfile = /etc/postfix/cacert.pem
+/etc/postfix/main.cf:
-smtp_tls_session_cache_database =
+    smtp_tls_CAfile = /etc/postfix/cacert.pem
-    btree:/var/spool/postfix/smtp_tls_session_cache
+    smtp_tls_session_cache_database =
-smtp_use_tls = yes
+	btree:/var/spool/postfix/smtp_tls_session_cache
-smtpd_tls_CAfile = /etc/postfix/cacert.pem
+    smtp_use_tls = yes
-smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
+    smtpd_tls_CAfile = /etc/postfix/cacert.pem
-smtpd_tls_key_file = /etc/postfix/FOO-key.pem
+    smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
-smtpd_tls_received_header = yes
+    smtpd_tls_key_file = /etc/postfix/FOO-key.pem
-smtpd_tls_session_cache_database =
+    smtpd_tls_received_header = yes
-    btree:/var/spool/postfix/smtpd_tls_session_cache
+    smtpd_tls_session_cache_database =
-smtpd_use_tls = yes
+	btree:/var/spool/postfix/smtpd_tls_session_cache
-tls_random_source = dev:/dev/urandom
+    tls_random_source = dev:/dev/urandom
    # Postfix 2.3 and later
    smtpd_tls_security_level = may
    # Obsolete, but still supported
    smtpd_use_tls = yes
 </pre>
 </blockquote>
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -8068,15 +8068,15 @@ able to authenticate the server, but unless it is running Postfix 2.3 or
 similar software, it will still insist on a server certificate. </p>
 <p> For servers that are <b>not</b> public Internet MX hosts, Postfix
-2.3 supports configurations with no certificates. This entails the use
+2.3 supports configurations with no certificates. This entails the
-of just the anonymous TLS ciphers, which are not supported by typical
+use of just the anonymous TLS ciphers, which are not supported by
-SMTP clients. Since such clients will not, as a rule, fall back to plain
+typical SMTP clients. Since such clients will not, as a rule, fall
-text after a TLS handshake failure, the server will be unable to receive
+back to plain text after a TLS handshake failure, the server will
-email from TLS enabled clients. To avoid accidental configurations with
+be unable to receive email from TLS enabled clients. To avoid
-no certificates, Postfix 2.3 enables certificate-less operation only
+accidental configurations with no certificates, Postfix 2.3 enables
-when the administrator explicitly sets "smtpd_tls_cert_file = none". This
+certificate-less operation only when the administrator explicitly
-ensures that new Postfix configurations with just "smtpd_use_tls = yes"
+sets "smtpd_tls_cert_file = none". This ensures that new Postfix
-added, will not accidentally run with no certificates. </p>
+configurations will not accidentally run with no certificates. </p>
 <p> Both RSA and DSA certificates are supported.  When both types
 are present, the cipher used determines which certificate will be
@ -8225,30 +8225,32 @@ that was recorded by the final destination can be trusted. </p>
 %PARAM smtpd_use_tls no
-<p> Opportunistic mode: announce STARTTLS support to SMTP clients,
+<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
 but do not require that clients use TLS encryption. </p>
 <p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
 STARTTLS due to insufficient privileges to access the server private
 key. This is intended behavior. </p>
-<p> This feature is available in Postfix 2.2 and later.  </p>
+<p> This feature is available in Postfix 2.2 and later. With
 Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
 %PARAM smtpd_enforce_tls no
-<p> Enforcement mode: announce STARTTLS support to SMTP clients,
+<p> Mandatory TLS: announce STARTTLS support to SMTP clients,
 and require that clients use TLS encryption.  According to RFC 2487
 this MUST NOT be applied in case of a publicly-referenced SMTP
 server.  This option is off by default and should be used only on
 dedicated servers. </p>
-<p> Note 1: this mode implies "smtpd_tls_auth_only = yes". </p>
+<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p>
 <p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
 STARTTLS due to insufficient privileges to access the server private  
 key. This is intended behavior. </p>
-<p> This feature is available in Postfix 2.2 and later.  </p>
+<p> This feature is available in Postfix 2.2 and later. With
 Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
 %PARAM smtpd_tls_wrappermode no
@ -9772,17 +9774,15 @@ configuration parameter. See there for details. </p>
 %PARAM smtpd_tls_protocols
-<p> The list of TLS protocols supported by the server. If empty the
+<p> The list of TLS protocols supported by the Postfix SMTP server.
-default list of protocols is used (i.e. all TLS protocol versions are
+If the list is empty, the server supports all available TLS protocol
-supported). Any non-empty value is interpreted as a list of protocol
+versions.  A non-empty value is a list of protocol names separated
-names separated by whitespace, commas or colons. The supported protocol
+by whitespace, commas or colons. The supported protocol names are
-names are "SSLv2", "SSLv3" and "TLSv1", and are not
+"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
 case-sensitive. </p>
-<p> DO NOT set this to a non-default value on an MX-host,
+<p> DO NOT set this to a non-default value on an Internet MX host,
-as some clients may not support any of the narrower set of protocols,
+as this may cause inter-operability problems.  If you restrict the
-and may be unable to fallback to plaintext sessions. If you restrict
+protocol list on an Internet MX host, you may lose mail. </p>
 the protocol list on an MX host, you may lose mail. </p>
 <p> Example: </p>
@ -9794,9 +9794,10 @@ smtpd_tls_protocols = SSLv3, TLSv1
 %PARAM smtp_tls_security_level
-<p> The default SMTP TLS security level for all destinations; when
+<p> The default SMTP TLS security level for the Postfix SMTP client;
-a non-empty value is specified, this overrides the obsolete parameters
+when a non-empty value is specified, this overrides the obsolete
-smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.  </p>
+parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
 </p>
 <p> Specify one of the following security levels: </p>
@ -10360,3 +10361,41 @@ login/password information for that server. </p>
 configuration parameter.  See there for details. </p>
 <p> This feature is available in Postfix 2.3 and later. </p>
 %PARAM smtpd_tls_security_level
 <p> The SMTP TLS security level for the Postfix SMTP server; when
 a non-empty value is specified, this overrides the obsolete parameters
 smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
 "smtpd_tls_wrappermode = yes".  </p>
 <p> Specify one of the following security levels: </p>
 <dl>
 <dt><b>none</b></dt> <dd> TLS will not be used. </dd>
 <dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
 to SMTP clients, but do not require that clients use TLS encryption.
 </dd>
 <dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
 STARTTLS support to SMTP clients, and require that clients use TLS
 encryption. According to RFC 2487 this MUST NOT be applied in case
 of a publicly-referenced SMTP server. Instead, this option should
 be used only on dedicated servers. </dd>
 </dl>
 <p> Note 1: the "verify" and "secure" levels are not supported.
 The Postfix SMTP server logs a warning and uses "encrypt" instead.
 To verify SMTP client certificates, see TLS_README for a discussion
 of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
 features.  </p>
 <p> Note 2: The parameter setting "smtpd_tls_security_level =
 encrypt" implies "smtpd_tls_auth_only = yes".</p>
 <p> Note 3: when invoked via "sendmail -bs", Postfix will never
 offer STARTTLS due to insufficient privileges to access the server
 private key. This is intended behavior.</p>
--- a/postfix/src/cleanup/cleanup_milter.c
+++ b/postfix/src/cleanup/cleanup_milter.c
@ -1178,6 +1178,10 @@ static const char *cleanup_repl_body(void *context, VSTRING *body)
 {
    const char *myname = "cleanup_repl_body";
    /*
     * XXX Sendmail compatibility: milters don't see the first body line, so
     * don't expect they will send one.
     */
    msg_panic("%s: message body replace operation is not implemented", myname);
 }
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@ -1091,6 +1091,10 @@ extern char *var_smtpd_forbid_cmds;
 #define DEF_SMTPD_TLS_WRAPPER	0
 extern bool var_smtpd_tls_wrappermode;
 #define VAR_SMTPD_TLS_LEVEL	"smtpd_tls_security_level"
 #define DEF_SMTPD_TLS_LEVEL	""
 extern char *var_smtpd_tls_level;
 #define VAR_SMTPD_USE_TLS	"smtpd_use_tls"
 #define DEF_SMTPD_USE_TLS	0
 extern bool var_smtpd_use_tls;
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,8 +20,8 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20060707"
+#define MAIL_RELEASE_DATE	"20060709"
-#define MAIL_VERSION_NUMBER	"2.3-RC8"
+#define MAIL_VERSION_NUMBER	"2.3-RC9"
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	MAIL_VERSION_NUMBER
--- a/postfix/src/milter/milter8.c
+++ b/postfix/src/milter/milter8.c
@ -1886,7 +1886,8 @@ static void milter8_disc_event(MILTER *m)
 typedef struct {
    MILTER8 *milter;			/* milter client */
    ARGV   *macros;			/* end-of-body macros */
-    int     hdr_count;			/* header counter */
+    int     first_header;		/* first header */
    int     first_body;			/* first body line */
    const char *resp;			/* milter application response */
 } MILTER_MSG_CONTEXT;
@ -1916,8 +1917,10 @@ static void milter8_header(void *ptr, int unused_header_class,
     * dk-filter signature will be inserted at the wrong position. It should
     * precede the headers that it signs.
     */
-    if (msg_ctx->hdr_count++ == 0)
+    if (msg_ctx->first_header) {
 	msg_ctx->first_header = 0;
 	return;
    }
    /*
     * Sendmail 8 sends multi-line headers as text separated by newline.
@ -1982,6 +1985,14 @@ static void milter8_body(void *ptr, int rec_type,
    ssize_t space;
    ssize_t count;
    /*
     * XXX Sendmail compatibility: don't expose our first body line.
     */
    if (msg_ctx->first_body) {
 	msg_ctx->first_body = 0;
 	return;
    }
    /*
     * XXX I thought I was going to delegate all the on-the-wire formatting
     * to a common lower layer, but unfortunately it's not practical. If we
@ -2082,7 +2093,8 @@ static const char *milter8_message(MILTER *m, VSTREAM *qfile,
 	}
 	msg_ctx.milter = milter;
 	msg_ctx.macros = macros;
-	msg_ctx.hdr_count = 0;
+	msg_ctx.first_header = 1;
 	msg_ctx.first_body = 1;
 	msg_ctx.resp = 0;
 	mime_state =
 	    mime_state_alloc(MIME_OPT_DISABLE_MIME,
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@ -256,9 +256,9 @@
 /*	Detailed information about STARTTLS configuration may be found
 /*	in the TLS_README document.
 /* .IP "\fBsmtp_tls_security_level (empty)\fR"
-/*	The default SMTP TLS security level for all destinations; when
+/*	The default SMTP TLS security level for the Postfix SMTP client;
-/*	a non-empty value is specified, this overrides the obsolete parameters
+/*	when a non-empty value is specified, this overrides the obsolete
-/*	smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
+/*	parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
 /*	The SASL authentication security options that the Postfix SMTP
 /*	client uses for TLS encrypted SMTP sessions.
@ -716,8 +716,6 @@ SSL_CTX *smtp_tls_ctx;
 #endif
 extern NAME_CODE smtp_tls_levels[];	/* smtp_session.c name_code table */
 /* deliver_message - deliver message with extreme prejudice */
 static int deliver_message(const char *service, DELIVER_REQUEST *request)
@ -853,8 +851,7 @@ static void pre_init(char *unused_name, char **unused_argv)
    /*
     * Initialize the TLS data before entering the chroot jail
     */
-    if (name_code(smtp_tls_levels, NAME_CODE_FLAG_NONE,
+    if (tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE ||
 		  var_smtp_tls_level) > TLS_LEV_NONE ||
 	var_smtp_use_tls || var_smtp_enforce_tls ||
 	var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
 #ifdef USE_TLS
--- a/postfix/src/smtp/smtp_session.c
+++ b/postfix/src/smtp/smtp_session.c
@ -126,15 +126,6 @@
 #include "smtp.h"
 #include "smtp_sasl.h"
 NAME_CODE smtp_tls_levels[] = {
    "none", TLS_LEV_NONE,
    "may", TLS_LEV_MAY,
    "encrypt", TLS_LEV_ENCRYPT,
    "verify", TLS_LEV_VERIFY,
    "secure", TLS_LEV_SECURE,
    0, TLS_LEV_NOTFOUND,
 };
 #ifdef USE_TLS
 static MAPS *tls_policy;		/* lookup table(s) */
@ -162,7 +153,7 @@ void    smtp_tls_list_init(void)
 static const char *policy_name(int tls_level)
 {
-    const char *name = str_name_code(smtp_tls_levels, tls_level);
+    const char *name = str_tls_level(tls_level);
    if (name == 0)
 	name = "unknown";
@ -241,7 +232,7 @@ static int tls_policy_lookup_one(SMTP_SESSION *session,
 	msg_warn("ignoring empty tls policy for %s", site_name);
 	FREE_RETURN(1);				/* No further lookups */
    }
-    *site_level = name_code(smtp_tls_levels, NAME_CODE_FLAG_NONE, tok);
+    *site_level = tls_level_lookup(tok);
    if (*site_level == TLS_LEV_NOTFOUND) {
 	msg_warn("%s: unknown security level '%s' ignored",
 		 str_context(cbuf, site_class, site_name), tok);
@ -418,8 +409,7 @@ static void session_tls_init(SMTP_SESSION *session, const char *dest,
     * per-site policy.
     */
    if (*var_smtp_tls_level) {
-	global_level = name_code(smtp_tls_levels, NAME_CODE_FLAG_NONE,
+	global_level = tls_level_lookup(var_smtp_tls_level);
 				 var_smtp_tls_level);
 	if (global_level == TLS_LEV_NOTFOUND) {
 	    msg_fatal("%s: unknown TLS security level '%s'",
 		      lmtp ? VAR_LMTP_TLS_LEVEL : VAR_SMTP_TLS_LEVEL,
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@ -263,10 +263,10 @@
 /*	Detailed information about STARTTLS configuration may be
 /*	found in the TLS_README document.
 /* .IP "\fBsmtpd_use_tls (no)\fR"
-/*	Opportunistic mode: announce STARTTLS support to SMTP clients,
+/*	Opportunistic TLS: announce STARTTLS support to SMTP clients,
 /*	but do not require that clients use TLS encryption.
 /* .IP "\fBsmtpd_enforce_tls (no)\fR"
-/*	Enforcement mode: announce STARTTLS support to SMTP clients,
+/*	Mandatory TLS: announce STARTTLS support to SMTP clients,
 /*	and require that clients use TLS encryption.
 /* .IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
 /*	The SASL authentication security options that the Postfix SMTP
@ -310,7 +310,7 @@
 /* .IP "\fBsmtpd_tls_loglevel (0)\fR"
 /*	Enable additional Postfix SMTP server logging of TLS activity.
 /* .IP "\fBsmtpd_tls_protocols (empty)\fR"
-/*	The list of TLS protocols supported by the server.
+/*	The list of TLS protocols supported by the Postfix SMTP server.
 /* .IP "\fBsmtpd_tls_received_header (no)\fR"
 /*	Request that the Postfix SMTP server produces Received:  message
 /*	headers that include information about the protocol and cipher used,
@ -332,6 +332,12 @@
 /*	The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
 /*	process requests from the \fBtlsmgr\fR(8) server in order to seed its
 /*	internal pseudo random number generator (PRNG).
 /* .PP
 /*	Available in Postfix version 2.3 and later:
 /* .IP "\fBsmtpd_tls_security_level (empty)\fR"
 /*	The SMTP TLS security level for the Postfix SMTP server; when
 /*	a non-empty value is specified, this overrides the obsolete parameters
 /*	smtpd_use_tls and smtpd_enforce_tls.
 /* .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
 /*	The OpenSSL cipherlist for "HIGH" grade ciphers.
 /* .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
@ -1019,6 +1025,7 @@ char   *var_local_rwr_clients;
 char   *var_smtpd_ehlo_dis_words;
 char   *var_smtpd_ehlo_dis_maps;
 char   *var_smtpd_tls_level;
 bool    var_smtpd_use_tls;
 bool    var_smtpd_enforce_tls;
 bool    var_smtpd_tls_wrappermode;
@ -4109,8 +4116,8 @@ static void pre_accept(char *unused_name, char **unused_argv)
 static void pre_jail_init(char *unused_name, char **unused_argv)
 {
-    int     enforce_tls = var_smtpd_tls_wrappermode || var_smtpd_enforce_tls;
+    int     enforce_tls;
-    int     use_tls = var_smtpd_use_tls || enforce_tls;
+    int     use_tls;
    /*
     * Initialize blacklist/etc. patterns before entering the chroot jail, in
@ -4139,10 +4146,42 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
 		 VAR_SMTPD_SASL_ENABLE);
 #endif
    /*
     * XXX Temporary fix to pretend that we consistently implement TLS
     * security levels. We implement only a subset for now. If we implement
     * more levels, wrappermode should override only weaker TLS security
     * levels.
     */
    if (!var_smtpd_tls_wrappermode && *var_smtpd_tls_level) {
 	switch (tls_level_lookup(var_smtpd_tls_level)) {
 	default:
 	    msg_warn("%s: ignoring unknown TLS level \"%s\"",
 		     VAR_SMTPD_TLS_LEVEL, var_smtpd_tls_level);
 	    break;
 	case TLS_LEV_SECURE:
 	case TLS_LEV_VERIFY:
 	    msg_warn("%s: unsupported TLS level \"%s\", using \"encrypt\"",
 		     VAR_SMTPD_TLS_LEVEL, var_smtpd_tls_level);
 	    /* FALLTHROUGH */
 	case TLS_LEV_ENCRYPT:
 	    var_smtpd_enforce_tls = var_smtpd_use_tls = 1;
 	    break;
 	case TLS_LEV_MAY:
 	    var_smtpd_enforce_tls = 0;
 	    var_smtpd_use_tls = 1;
 	    break;
 	case TLS_LEV_NONE:
 	    var_smtpd_enforce_tls = var_smtpd_use_tls = 0;
 	    break;
 	}
    }
    enforce_tls = var_smtpd_tls_wrappermode || var_smtpd_enforce_tls;
    use_tls = var_smtpd_use_tls || enforce_tls;
    /*
     * Keys can only be loaded when running with suitable permissions. When
-     * called from "sendmail -bs" this is not the case, but STARTTLS is not
+     * called from "sendmail -bs" this is not the case, so we must not
-     * used in this scenario anyhow.
+     * announce STARTTLS support.
     */
    if (getuid() == 0 || getuid() == var_owner_uid) {
 	if (use_tls) {
@ -4442,6 +4481,7 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0,
 	VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0,
 #endif
 	VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0,
 	VAR_SMTPD_SASL_TYPE, DEF_SMTPD_SASL_TYPE, &var_smtpd_sasl_type, 1, 0,
 	VAR_SMTPD_MILTERS, DEF_SMTPD_MILTERS, &var_smtpd_milters, 0, 0,
 	VAR_MILT_CONN_MACROS, DEF_MILT_CONN_MACROS, &var_milt_conn_macros, 0, 0,
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@ -30,9 +30,7 @@
 /*
  * Postfix TLS library.
  */
 #ifdef USE_TLS
 #include <tls.h>
 #endif
 /*
  * Milter library.
--- a/postfix/src/tls/Makefile.in
+++ b/postfix/src/tls/Makefile.in
@ -2,11 +2,13 @@ SHELL	= /bin/sh
 SRCS	= tls_prng_dev.c tls_prng_egd.c tls_prng_file.c \
 	tls_prng_exch.c tls_stream.c tls_bio_ops.c tls_misc.c tls_dh.c \
 	tls_rsa.c tls_verify.c tls_certkey.c tls_session.c \
-	tls_client.c tls_server.c tls_scache.c tls_mgr.c tls_seed.c
+	tls_client.c tls_server.c tls_scache.c tls_mgr.c tls_seed.c \
 	tls_level.c
 OBJS	= tls_prng_dev.o tls_prng_egd.o tls_prng_file.o \
 	tls_prng_exch.o tls_stream.o tls_bio_ops.o tls_misc.o tls_dh.o \
 	tls_rsa.o tls_verify.o tls_certkey.o tls_session.o \
-	tls_client.o tls_server.o tls_scache.o tls_mgr.o tls_seed.o
+	tls_client.o tls_server.o tls_scache.o tls_mgr.o tls_seed.o \
 	tls_level.o
 HDRS	= tls.h tls_prng.h tls_scache.h tls_mgr.h
 TESTSRC	= 
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
@ -129,6 +131,14 @@ tls_dh.o: ../../include/vstream.h
 tls_dh.o: ../../include/vstring.h
 tls_dh.o: tls.h
 tls_dh.o: tls_dh.c
 tls_level.o: ../../include/name_code.h
 tls_level.o: ../../include/name_mask.h
 tls_level.o: ../../include/sys_defs.h
 tls_level.o: ../../include/vbuf.h
 tls_level.o: ../../include/vstream.h
 tls_level.o: ../../include/vstring.h
 tls_level.o: tls.h
 tls_level.o: tls_level.c
 tls_mgr.o: ../../include/attr.h
 tls_mgr.o: ../../include/attr_clnt.h
 tls_mgr.o: ../../include/iostuff.h
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@ -11,6 +11,11 @@
 /* DESCRIPTION
 /* .nf
 /*
  * Utility library.
  */
 #include <name_code.h>
 /*
  * TLS enforcement levels. Non-sentinel values also be used to indicate
  * the actual security level of a session.
@ -22,6 +27,11 @@
 #define TLS_LEV_VERIFY		3	/* certificate verified */
 #define TLS_LEV_SECURE		4	/* "secure" verification */
 extern NAME_CODE tls_level_table[];
 #define tls_level_lookup(s) name_code(tls_level_table, NAME_CODE_FLAG_NONE, (s))
 #define str_tls_level(l) str_name_code(tls_level_table, (l))
 #ifdef USE_TLS
 /*
--- a/postfix/src/tls/tls_level.c
+++ b/postfix/src/tls/tls_level.c
@ -0,0 +1,60 @@
 /*++
 /* NAME
 /*	tls_level 3
 /* SUMMARY
 /*	TLS security level conversion
 /* SYNOPSIS
 /*	#include <tls.h>
 /*
 /*	int	tls_level_lookup(name)
 /*	const char *name;
 /*
 /*	const char *str_tls_level(level)
 /*	int	level;
 /* DESCRIPTION
 /*	The macros in this module convert TLS levels from symbolic
 /*	name to internal form and vice versa. The macros are safe
 /*	because they evaluate their arguments only once.
 /*
 /*	tls_level_lookup() converts a TLS level from symbolic name
 /*	to internal form. The result is TLS_NOTFOUND for an unknown
 /*	level.
 /*
 /*	str_tls_level() converts a TLS level from internal form to
 /*	symbolic name. The result is a null pointer for an unknown
 /*	level.
 /* SEE ALSO
 /*	name_code(3) name to number mapping
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 /* System library. */
 #include <sys_defs.h>
 /* Utility library. */
 #include <name_code.h>
 /* TLS library. */
 #include <tls.h>
 /* Application-specific. */
 NAME_CODE tls_level_table[] = {
    "none", TLS_LEV_NONE,
    "may", TLS_LEV_MAY,
    "encrypt", TLS_LEV_ENCRYPT,
    "verify", TLS_LEV_VERIFY,
    "secure", TLS_LEV_SECURE,
    0, TLS_LEV_NOTFOUND,
 };