diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 8030c8bcf..622577fbf 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -42,19 +42,19 @@ from the other programs.
 Major changes - DNSBL/DNSWL support
 -----------------------------------
 
-[Feature 20101126] Support for address patterns in DNSBL and DNSWL
-lookup results.
+[Feature 20101126] Support for address patterns in DNS blacklist
+and whitelist lookup results.
 
-For example, "reject_rbl_client example.com=127.0.0.[2,4,6..8]"
+For example, "reject_rbl_client example.com=127.0.0.[2;4;6..8]"
 will reject clients when the lookup result is 127.0.0.2, 127.0.0.4,
 127.0.0.6, 127.0.0.7, or 127.0.0.8.
 
-The setting "postscreen_dnsbl_sites = example.com=127.0.0.[2,4,6..8]"
+The setting "postscreen_dnsbl_sites = example.com=127.0.0.[2;4;6..8]"
 rejects the same clients.
 
 An IPv4 address pattern has four fields separated by ".".  Each
 field is either a decimal number, or a sequence inside "[]" that
-contains one or more comma-separated decimal numbers or number..number
+contains one or more ";"-separated decimal numbers or number..number
 ranges.
 
 Thus, any pattern field can be a sequence inside "[]", but a "[]"
@@ -71,7 +71,7 @@ The syntax for IPv4 patterns is as follows:
 v4pattern = v4field "." v4field "." v4field "." v4field
 v4field = v4octet | "[" v4sequence "]"
 v4octet = any decimal number in the range 0 through 255
-v4sequence = v4seq_member | v4sequence "," v4seq_member
+v4sequence = v4seq_member | v4sequence ";" v4seq_member
 v4seq_member = v4octet | v4octet ".." v4octet
 
 [Feature 20101105] The Postfix SMTP server now supports DNS-based
@@ -91,7 +91,14 @@ silently ignored when they would override reject_unauth_destination.
 Also for safety reasons, the result is DEFER_IF_REJECT when DNS
 whitelist lookup fails (this result will be made configurable).
 
-Major changes - Milter suppport
+Major changes - sqlite support
+------------------------------
+
+[Feature 20100617] Support for read-only sqlite database access,
+with code by Axel Steiner and documentation by Jesus Garcia Crespo.
+See SQLITE_README and sqlite_table(5) for details.
+
+Major changes - Milter support
 -------------------------------
 
 [Incompat 20101103] Postfix now requests default delivery status
diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html
index 00d555c9e..2bdab713e 100644
--- a/postfix/html/ADDRESS_VERIFICATION_README.html
+++ b/postfix/html/ADDRESS_VERIFICATION_README.html
@@ -106,7 +106,7 @@ always discarded.  </p>
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr>
 
@@ -165,7 +165,7 @@ always discarded.  </p>
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr> <td colspan="4"> &nbsp; </td> </tr>
 
diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html
index adc415ee9..0f55aa157 100644
--- a/postfix/html/OVERVIEW.html
+++ b/postfix/html/OVERVIEW.html
@@ -673,7 +673,7 @@ document.  The <a href="verify.8.html">verify(8)</a> service is available with P
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr>
 
@@ -714,7 +714,7 @@ document.  The <a href="verify.8.html">verify(8)</a> service is available with P
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr> <td colspan="4"> &nbsp; </td> </tr>
 
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index d6dd2e696..bd5fac0e4 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -587,13 +587,13 @@ SASL sources provide three authentication plugins. </p>
 
 <tr> <th>Plugin </th> <th>Description </th> </tr>
 
-<tr> <td><a href="#auxprop_sasldb">sasldb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_sasldb">sasldb</a></td> <td> Accounts
 are stored stored in a Cyrus SASL Berkeley DB database </td> </tr>
 
-<tr> <td><a href="#auxprop_sql">sql</a></dt> <td> Accounts are
+<tr> <td><a href="#auxprop_sql">sql</a></td> <td> Accounts are
 stored in a SQL database </td> </tr>
 
-<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></td> <td> Accounts
 are stored stored in an LDAP database </td> </tr>
 
 </table>
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 293a3b45c..a6a0397f5 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -11881,7 +11881,7 @@ This feature is available in Postfix 2.0 and later; with Postfix
 version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually
 produce better results.  </dd>
 
-</dd> <dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
+<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
 
 <dd>Accept the request when the client hostname is listed with the
 A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>.  Each "<i>d</i>"
@@ -12106,8 +12106,8 @@ cases: </p>
 to translate these into domain names if necessary.  </p>
 
 <li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:&lt;<i>User
-Name &lt;user@example.com&gt;&gt;</i>". Postfix will ignore the "User
-Name" part and deliver to the &lt;user@example.com&gt;</i> address.
+Name &lt;user@example.com&gt;&gt;</i>". Postfix will ignore the "<i>User
+Name</i>" part and deliver to the <i>&lt;user@example.com&gt;</i> address.
 </p>
 
 </ul>
@@ -12187,7 +12187,7 @@ in any SMTP command context, described under <a href="postconf.5.html#smtpd_clie
 multi-recipient mail. Acting on only one recipient would be misleading,
 because any decision will affect all recipients equally. Acting on
 all recipients would require a possibly very large amount of memory,
-and would also be misleading for the reasons mentioned before.  </p>
+and would also be misleading for the reasons mentioned before.
 
 </ul>
 
@@ -13112,7 +13112,7 @@ Postfix logfile records for a failed SMTP session. The text itself
 is not logged to the Postfix SMTP server's maillog file. </p>
 
 <p> Be sure to keep the text as short as possible. Long text may
-be truncated before it is logged in the Postfix SMTP server's maillog
+be truncated before it is logged to the remote SMTP client's maillog
 file, or before it is returned to the sender in a delivery status
 notification.  </p>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index cbd42a3d0..e1dae684a 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -7515,8 +7515,8 @@ Postfix already accepts the correct form
 to translate these into domain names if necessary.
 .IP \(bu
 Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<\fIUser
-Name <user@example.com>>\fR". Postfix will ignore the "User
-Name" part and deliver to the <user@example.com>\fR address.
+Name <user@example.com>>\fR". Postfix will ignore the "\fIUser
+Name\fR" part and deliver to the \fI<user@example.com>\fR address.
 .PP
 Examples of problems that can be solved with the smtpd_command_filter
 feature:
@@ -8201,7 +8201,7 @@ Postfix logfile records for a failed SMTP session. The text itself
 is not logged to the Postfix SMTP server's maillog file.
 .PP
 Be sure to keep the text as short as possible. Long text may
-be truncated before it is logged in the Postfix SMTP server's maillog
+be truncated before it is logged to the remote SMTP client's maillog
 file, or before it is returned to the sender in a delivery status
 notification.
 .PP
diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html
index 07f15f426..e00173717 100644
--- a/postfix/proto/ADDRESS_VERIFICATION_README.html
+++ b/postfix/proto/ADDRESS_VERIFICATION_README.html
@@ -106,7 +106,7 @@ always discarded.  </p>
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr>
 
@@ -165,7 +165,7 @@ always discarded.  </p>
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr> <td colspan="4"> &nbsp; </td> </tr>
 
diff --git a/postfix/proto/OVERVIEW.html b/postfix/proto/OVERVIEW.html
index a199c493e..7b34b4d69 100644
--- a/postfix/proto/OVERVIEW.html
+++ b/postfix/proto/OVERVIEW.html
@@ -673,7 +673,7 @@ document.  The verify(8) service is available with Postfix version
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr>
 
@@ -714,7 +714,7 @@ document.  The verify(8) service is available with Postfix version
 
 </tr>
 
-<tr> </tr>
+<tr> <td> </td> </tr>
 
 <tr> <td colspan="4"> &nbsp; </td> </tr>
 
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 13117bd5e..5ab745480 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -587,13 +587,13 @@ SASL sources provide three authentication plugins. </p>
 
 <tr> <th>Plugin </th> <th>Description </th> </tr>
 
-<tr> <td><a href="#auxprop_sasldb">sasldb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_sasldb">sasldb</a></td> <td> Accounts
 are stored stored in a Cyrus SASL Berkeley DB database </td> </tr>
 
-<tr> <td><a href="#auxprop_sql">sql</a></dt> <td> Accounts are
+<tr> <td><a href="#auxprop_sql">sql</a></td> <td> Accounts are
 stored in a SQL database </td> </tr>
 
-<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></td> <td> Accounts
 are stored stored in an LDAP database </td> </tr>
 
 </table>
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 4fac6825c..d583da7fc 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -4919,7 +4919,7 @@ This feature is available in Postfix 2.0 and later; with Postfix
 version 2.8 and later, reject_rhsbl_reverse_client will usually
 produce better results.  </dd>
 
-</dd> <dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
+<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
 
 <dd>Accept the request when the client hostname is listed with the
 A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>.  Each "<i>d</i>"
@@ -7866,7 +7866,7 @@ smtpd_sender_restrictions or smtpd_recipient_restrictions.
 multi-recipient mail. Acting on only one recipient would be misleading,
 because any decision will affect all recipients equally. Acting on
 all recipients would require a possibly very large amount of memory,
-and would also be misleading for the reasons mentioned before.  </p>
+and would also be misleading for the reasons mentioned before.
 
 </ul>
 
@@ -12956,8 +12956,8 @@ cases: </p>
 to translate these into domain names if necessary.  </p>
 
 <li> <p> Use "strict_rfc821_envelopes = no" to accept "RCPT TO:&lt;<i>User
-Name &lt;user@example.com&gt;&gt;</i>". Postfix will ignore the "User
-Name" part and deliver to the &lt;user@example.com&gt;</i> address.
+Name &lt;user@example.com&gt;&gt;</i>". Postfix will ignore the "<i>User
+Name</i>" part and deliver to the <i>&lt;user@example.com&gt;</i> address.
 </p>
 
 </ul>
@@ -13929,7 +13929,7 @@ Postfix logfile records for a failed SMTP session. The text itself
 is not logged to the Postfix SMTP server's maillog file. </p>
 
 <p> Be sure to keep the text as short as possible. Long text may
-be truncated before it is logged in the Postfix SMTP server's maillog
+be truncated before it is logged to the remote SMTP client's maillog
 file, or before it is returned to the sender in a delivery status
 notification.  </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 67860cb9e..8b73cef61 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110118"
-#define MAIL_VERSION_NUMBER	"2.8.0-RC3"
+#define MAIL_RELEASE_DATE	"20110120"
+#define MAIL_VERSION_NUMBER	"2.8.0"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index 8df426924..7b3332b61 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -416,7 +416,7 @@ int     var_psc_post_queue_limit;
 int     var_psc_pre_queue_limit;
 int     var_psc_watchdog;
 
-#define MIGRATION_WARNING
+#undef MIGRATION_WARNING
 
 #ifdef MIGRATION_WARNING
 char   *var_psc_wlist_nets;
diff --git a/postfix/src/postscreen/postscreen_dict.c b/postfix/src/postscreen/postscreen_dict.c
index ce7efd056..131ff8164 100644
--- a/postfix/src/postscreen/postscreen_dict.c
+++ b/postfix/src/postscreen/postscreen_dict.c
@@ -68,23 +68,15 @@
 
 #include <postscreen.h>
 
-/* psc_average - moving average */
-
-static double psc_average(double new, double old)
-{
-    return (0.1 * new + 0.9 * old);
-}
-
  /*
   * Monitor time-critical operations.
   * 
   * XXX Averaging support was added during a stable release candidate, so it
   * provides only the absolute minimum necessary. A complete implementation
   * should maintain separate statistics for each table, and it should not
-  * complain when the average time between table access is larger than the
-  * average table access latency.
+  * complain when the access latency is less than the time between accesses.
   */
-#define PSC_GET_TIME_BEFORE_LOOKUP \
+#define PSC_GET_TIME_BEFORE_LOOKUP { \
     struct timeval _before, _after; \
     DELTA_TIME _delta; \
     double _new_delta_ms; \
@@ -92,6 +84,8 @@ static double psc_average(double new, double old)
 
 #define PSC_DELTA_MS(d) ((d).dt_sec * 1000.0 + (d).dt_usec / 1000.0)
 
+#define PSC_AVERAGE(new, old)	(0.1 * (new) + 0.9 * (old))
+
 #ifndef PSC_THRESHOLD_MS
 #define PSC_THRESHOLD_MS	100	/* nag if latency > 100ms */
 #endif
@@ -100,18 +94,23 @@ static double psc_average(double new, double old)
 #define PSC_WARN_LOCKOUT_S	60	/* don't nag for 60s */
 #endif
 
+ /*
+  * Shared warning lock, so that we don't spam the logfile when the system
+  * becomes slow.
+  */
 static time_t psc_last_warn = 0;
 
 #define PSC_CHECK_TIME_AFTER_LOOKUP(table, action, average) \
     GETTIMEOFDAY(&_after); \
     PSC_CALC_DELTA(_delta, _after, _before); \
     _new_delta_ms = PSC_DELTA_MS(_delta); \
-    if ((average = psc_average(_new_delta_ms, average)) > PSC_THRESHOLD_MS \
-	&& psc_last_warn < event_time() - PSC_WARN_LOCKOUT_S) { \
+    if ((average = PSC_AVERAGE(_new_delta_ms, average)) > PSC_THRESHOLD_MS \
+	&& psc_last_warn < _after.tv_sec - PSC_WARN_LOCKOUT_S) { \
         msg_warn("%s: %s %s average delay is %.0f ms", \
                  myname, (table), (action), average); \
-	psc_last_warn = event_time(); \
-    }
+	psc_last_warn = _after.tv_sec; \
+    } \
+}
 
 /* psc_addr_match_list_match - time-critical address list lookup */
 
diff --git a/postfix/src/postscreen/postscreen_smtpd.c b/postfix/src/postscreen/postscreen_smtpd.c
index 8e9ec6885..f42855c53 100644
--- a/postfix/src/postscreen/postscreen_smtpd.c
+++ b/postfix/src/postscreen/postscreen_smtpd.c
@@ -728,6 +728,10 @@ static void psc_smtpd_read_event(int event, char *context)
      * Drain all input in the VSTREAM buffer, otherwise this socket will not
      * receive further read event notification until the client disconnects!
      * 
+     * To suspend this loop temporarily before the buffer is drained, use the
+     * PSC_SUSPEND_SMTP_CMD_EVENTS() and PSC_RESUME_SMTP_CMD_EVENTS() macros,
+     * and set the PSC_SMTPD_CMD_FLAG_SUSPEND flag in the command table.
+     * 
      * Don't try to read input before it has arrived, otherwise we would starve
      * the pseudo threads of other sessions. Get out of here as soon as the
      * VSTREAM read buffer dries up. Do not look for more input in kernel
@@ -737,8 +741,9 @@ static void psc_smtpd_read_event(int event, char *context)
      */
 
     /*
-     * Note: on entry into this function the VSTREAM buffer may be non-empty,
-     * so we test the "no more input" condition at the bottom of the loops.
+     * Note: on entry into this function the VSTREAM buffer may or may not be
+     * empty, so we test the "no more input" condition at the bottom of the
+     * loops.
      */
     for (;;) {