From e108e23c02619f7df719b4b45c64230eab320010 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Tue, 6 Mar 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.4.0-RC3 --- postfix/HISTORY | 9 +++- postfix/README_FILES/TLS_LEGACY_README | 2 +- postfix/README_FILES/TLS_README | 2 +- postfix/README_FILES/VIRTUAL_README | 14 +++--- postfix/html/TLS_LEGACY_README.html | 2 +- postfix/html/TLS_README.html | 2 +- postfix/html/VIRTUAL_README.html | 60 ++++++++++++++------------ postfix/html/pipe.8.html | 10 ++--- postfix/html/sendmail.1.html | 6 +-- postfix/man/man1/sendmail.1 | 2 +- postfix/man/man8/pipe.8 | 4 +- postfix/proto/TLS_LEGACY_README.html | 2 +- postfix/proto/TLS_README.html | 2 +- postfix/proto/VIRTUAL_README.html | 10 +++-- postfix/src/global/mail_version.h | 4 +- postfix/src/master/trigger_server.c | 4 +- postfix/src/pipe/pipe.c | 4 +- postfix/src/postdrop/postdrop.c | 10 +++-- postfix/src/sendmail/sendmail.c | 2 +- 19 files changed, 86 insertions(+), 65 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 92ad76d49..b1fa92ed0 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -9851,7 +9851,7 @@ Apologies for any names omitted. Bugfix: the test for "no debugger_command" was wrong. Leandro Santi. File: global/debugger_command.c. -20040117 +20041117 Robustness: the master-child protocol now includes a process generation number besides the child process ID. The process @@ -13315,6 +13315,12 @@ Apologies for any names omitted. for a limited number of times before terminating the process. Files: master/single_server.c, master/multi_server.c. +20070306 + + Bugfix (introduced with Postfix 2.3 Milter support): postdrop + reported "illegal seek" instead of "file too large". File: + postdrop/postdrop.c. + Wish list: Update message content length when adding/removing headers. @@ -13329,6 +13335,7 @@ Wish list: am using now. Update MILTER_README with Martinec info. + http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim Make postcat header/body aware so people can grep headers. diff --git a/postfix/README_FILES/TLS_LEGACY_README b/postfix/README_FILES/TLS_LEGACY_README index c3c9ee177..78d128521 100644 --- a/postfix/README_FILES/TLS_LEGACY_README +++ b/postfix/README_FILES/TLS_LEGACY_README @@ -558,7 +558,7 @@ Their DSA counterparts: /etc/postfix/main.cf: smtp_tls_dcert_file = /etc/postfix/client-dsa.pem - smtp_tls_dkey_file = $smtp_tls_cert_file + smtp_tls_dkey_file = $smtp_tls_dcert_file To verify a remote SMTP server certificate, the Postfix SMTP client needs to trust the certificates of the issuing certification authorities. These diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 33fd9bed0..d8fbc02be 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -673,7 +673,7 @@ Their DSA counterparts: /etc/postfix/main.cf: smtp_tls_dcert_file = /etc/postfix/client-dsa.pem - smtp_tls_dkey_file = $smtp_tls_cert_file + smtp_tls_dkey_file = $smtp_tls_dcert_file To verify a remote SMTP server certificate, the Postfix SMTP client needs to trust the certificates of the issuing certification authorities. These diff --git a/postfix/README_FILES/VIRTUAL_README b/postfix/README_FILES/VIRTUAL_README index 9ee405dbd..5b47482f7 100644 --- a/postfix/README_FILES/VIRTUAL_README +++ b/postfix/README_FILES/VIRTUAL_README @@ -316,12 +316,14 @@ Notes: NEVER list a virtual MAILBOX domain name as a virtual ALIAS domain! * Lines 4, 7-13: The virtual_mailbox_maps parameter specifies the lookup - table with all valid recipient addresses. The lookup result is ignored by - Postfix. In the above example, info@example.com and sales@example.com are - listed as valid addresses, and mail for anything else is rejected with - "User unknown". If you intend to use LDAP, MySQL or PgSQL instead of local - files, be sure to review the "local files versus databases" section at the - top of this document! + table with all valid recipient addresses. The lookup result value is + ignored by Postfix. In the above example, info@example.com and + sales@example.com are listed as valid addresses; other mail for example.com + is rejected with "User unknown" by the Postfix SMTP server. It's left up to + the non-Postfix delivery agent to reject non-existent recipients from local + submission or from local alias expansion. If you intend to use LDAP, MySQL + or PgSQL instead of local files, be sure to review the "local files versus + databases" section at the top of this document! * Line 12: The commented out entry (text after #) shows how one would inform Postfix of the existence of a catch-all address. Again, the lookup result diff --git a/postfix/html/TLS_LEGACY_README.html b/postfix/html/TLS_LEGACY_README.html index 9de6dff90..d9862b104 100644 --- a/postfix/html/TLS_LEGACY_README.html +++ b/postfix/html/TLS_LEGACY_README.html @@ -829,7 +829,7 @@ is correctly configured to supply its intermediate CA certificate). 

 /etc/postfix/main.cf:
     smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
-    smtp_tls_dkey_file = $smtp_tls_cert_file
+    smtp_tls_dkey_file = $smtp_tls_dcert_file
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 338d553e2..aea6c7c42 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -969,7 +969,7 @@ is correctly configured to supply its intermediate CA certificate). 

 /etc/postfix/main.cf:
     smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
-    smtp_tls_dkey_file = $smtp_tls_cert_file
+    smtp_tls_dkey_file = $smtp_tls_dcert_file
diff --git a/postfix/html/VIRTUAL_README.html b/postfix/html/VIRTUAL_README.html index 81bf4d90a..6b0d3abc0 100644 --- a/postfix/html/VIRTUAL_README.html +++ b/postfix/html/VIRTUAL_README.html @@ -129,7 +129,7 @@ being hosted on the local Postfix machine. 

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mydestination = $myhostname localhost.$mydomain ... example.com
@@ -163,11 +163,11 @@ below shows how to use this mechanism for the example.com domain. 
- 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     virtual_alias_domains = example.com ...other hosted domains...
  3     virtual_alias_maps = hash:/etc/postfix/virtual
  4 
- 5 /etc/postfix/virtual:
+ 5 /etc/postfix/virtual:
  6     postmaster@example.com postmaster
  7     info@example.com       joe
  8     sales@example.com      jane
@@ -210,7 +210,7 @@ for spam messages that were sent in the name of anything@example.com.
 
 
Execute the command "postmap /etc/postfix/virtual" after
 changing the virtual file, and execute the command "postfix
-reload" after changing the main.cf file. 

+reload" after changing the main.cf file. 

 
 
 Note: virtual aliases can resolve to a local address or to a
 remote address, or both.  They don't have to resolve to UNIX system
@@ -255,7 +255,7 @@ section at the top of this document.

 
 

 
- 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     virtual_mailbox_domains = example.com ...more domains...
  3     virtual_mailbox_base = /var/mail/vhosts
  4     virtual_mailbox_maps = hash:/etc/postfix/vmailbox
@@ -271,7 +271,7 @@ section at the top of this document.

 14     # @example.com      example.com/catchall
 15     ...virtual mailboxes for more domains...
 16 
-17 /etc/postfix/virtual:
+17 /etc/postfix/virtual:
 18     postmaster@example.com postmaster
 

 

@@ -329,7 +329,7 @@ mail for example.com's postmaster address to the local postmaster.
 You can use the same mechanism to redirect an address to a remote
 address.  

 
-
  •  
     Line 18: This example assumes that in main.cf, $myorigin
+
  •  
     Line 18: This example assumes that in main.cf, $myorigin
 is listed under the mydestination parameter setting.  If that is
 not the case, specify an explicit domain name on the right-hand
 side of the virtual alias table entries or else mail will go to
@@ -340,7 +340,7 @@ the wrong domain. 
    
 
     Execute the command "postmap /etc/postfix/virtual" after
 changing the virtual file, execute "postmap /etc/postfix/vmailbox"
 after changing the vmailbox file, and execute the command "postfix
-reload" after changing the main.cf file. 
    
+reload" after changing the main.cf file. 
    
 
 
     Note: mail delivery happens with the recipient's UID/GID
 privileges specified with virtual_uid_maps and virtual_gid_maps.
@@ -375,7 +375,7 @@ to a non-Postfix delivery agent: 
    
 
 
    
 
    - 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     virtual_transport = ...see below...
  3     virtual_mailbox_domains = example.com ...more domains...
  4     virtual_mailbox_maps = hash:/etc/postfix/vmailbox
@@ -389,7 +389,7 @@ to a non-Postfix delivery agent: 
    
 12     # @example.com      whatever
 13     ...virtual mailboxes for more domains...
 14 
-15 /etc/postfix/virtual:
+15 /etc/postfix/virtual:
 16     postmaster@example.com postmaster
 
    
 
    
@@ -400,7 +400,7 @@ to a non-Postfix delivery agent: 
    
 
 
  •  
     Line 2: With delivery to a non-Postfix mailbox store for
 hosted domains, the virtual_transport parameter usually specifies
-the Postfix LMTP client, or the name of a master.cf entry that
+the Postfix LMTP client, or the name of a master.cf entry that
 executes non-Postfix software via the pipe delivery agent.  Typical
 examples (use only one): 
    
 
@@ -414,7 +414,7 @@ examples (use only one): 
    
 
 
     Postfix comes ready with support for LMTP.  And an example
 maildrop delivery method is already defined in the default Postfix
-master.cf file. See the MAILDROP_README document for more details.
+master.cf file. See the MAILDROP_README document for more details.
 
    
 
 
  •  
     Line 3: The virtual_mailbox_domains setting tells Postfix
@@ -432,9 +432,13 @@ domain!  
    
 
 
  •  
     Lines 4, 7-13: The virtual_mailbox_maps parameter specifies
 the lookup table with all valid recipient addresses. The lookup
-result is ignored by Postfix.  In the above example, info@example.com
-and sales@example.com are listed as valid addresses, and mail for
-anything else is rejected with "User unknown". If you intend to
+result value is ignored by Postfix.  In the above example,
+info@example.com
+and sales@example.com are listed as valid addresses; other mail for
+example.com is rejected with "User unknown" by the Postfix SMTP
+server. It's left up to the non-Postfix delivery agent to reject
+non-existent recipients from local submission or from local alias
+expansion.  If you intend to
 use LDAP, MySQL or PgSQL instead of local files, be sure to review
 the  "local files versus databases"
 section at the top of this document! 
    
@@ -456,7 +460,7 @@ redirect mail for example.com's postmaster address to the local
 postmaster. You can use the same mechanism to redirect any addresses
 to a local or remote address.  
    
 
-
  •  
     Line 16: This example assumes that in main.cf, $myorigin
+
  •  
     Line 16: This example assumes that in main.cf, $myorigin
 is listed under the mydestination parameter setting.  If that is
 not the case, specify an explicit domain name on the right-hand
 side of the virtual alias table entries or else mail will go to
@@ -467,7 +471,7 @@ the wrong domain. 
    
 
     Execute the command "postmap /etc/postfix/virtual" after
 changing the virtual file, execute "postmap /etc/postfix/vmailbox"
 after changing the vmailbox file, and execute the command "postfix
-reload" after changing the main.cf file. 
    
+reload" after changing the main.cf file. 
    
 
 
    Mail forwarding domains
    
 
@@ -478,11 +482,11 @@ as a mail forwarding domain: 
    
 
 
    
 
    - 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     virtual_alias_domains = example.com ...other hosted domains...
  3     virtual_alias_maps = hash:/etc/postfix/virtual
  4 
- 5 /etc/postfix/virtual:
+ 5 /etc/postfix/virtual:
  6     postmaster@example.com postmaster
  7     joe@example.com        joe@somewhere
  8     jane@example.com       jane@somewhere-else
@@ -526,7 +530,7 @@ for spam messages that were sent in the name of anything@example.com.
 
 
     Execute the command "postmap /etc/postfix/virtual" after
 changing the virtual file, and execute the command "postfix
-reload" after changing the main.cf file. 
    
+reload" after changing the main.cf file. 
    
 
 
     More details about the virtual alias file are given in the
 virtual(5) manual page, including multiple addresses on the right-hand
@@ -546,10 +550,10 @@ virtual addresses to the local delivery agent: 
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     virtual_alias_maps = hash:/etc/postfix/virtual
 
-/etc/postfix/virtual:
+/etc/postfix/virtual:
     listname-request@example.com listname-request
     listname@example.com         listname
     owner-listname@example.com   owner-listname
@@ -561,7 +565,7 @@ virtual addresses to the local delivery agent: 
    
 
    
 
    
 
-
     This example assumes that in main.cf, $myorigin is listed under
+
     This example assumes that in main.cf, $myorigin is listed under
 the mydestination parameter setting.  If that is not the case,
 specify an explicit domain name on the right-hand side of the
 virtual alias table entries or else mail will go to the wrong
@@ -594,10 +598,10 @@ table: 
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     virtual_alias_maps = hash:/etc/postfix/virtual
 
-/etc/postfix/virtual:
+/etc/postfix/virtual:
     user@domain.tld user@domain.tld, user@domain.tld@autoreply.mydomain.tld
 
    
 
    
@@ -613,13 +617,13 @@ reply back to the sender. 
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     transport_maps = hash:/etc/postfix/transport
 
 /etc/postfix/transport:
     autoreply.mydomain.tld  autoreply:
 
-/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     # =============================================================
     # service type  private unpriv  chroot  wakeup  maxproc command
     #               (yes)   (yes)   (yes)   (never) (100)
@@ -633,7 +637,7 @@ reply back to the sender. 
    
 the user@domain.tld recipient address on the command line. 
    
 
 
     For more information, see the pipe(8) manual page, and the
-comments in the Postfix master.cf file. 
    
+comments in the Postfix master.cf file. 
    
 
 
 
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html
index 26de9e7ed..e47a2f54f 100644
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@@ -139,11 +139,11 @@ PIPE(8)                                                                PIPE(8)
                      ware.
 
        null_sender=replacement (default: MAILER-DAEMON)
-              Replace the null sender address, which is typically
-              used for delivery status  notifications,  with  the
-              specified  text when expanding the $sender command-
-              line macro, and when generating a From_ or  Return-
-              Path: message header.
+              Replace the null sender address (typically used for
+              delivery status notifications) with  the  specified
+              text when expanding the $sender command-line macro,
+              and when generating a From_ or Return-Path: message
+              header.
 
               If  the null sender replacement text is a non-empty
               string then it  is  affected  by  the  q  flag  for
diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html
index 0390a1dc9..52a9a8645 100644
--- a/postfix/html/sendmail.1.html
+++ b/postfix/html/sendmail.1.html
@@ -282,9 +282,9 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
 SECURITY
        By  design,  this  program  is not set-user (or group) id.
-       However, it must  handle  data  from  untrusted  users  or
-       untrusted  machines.   Thus, the usual precautions need to
-       be taken against malicious inputs.
+       However, it must  handle  data  from  untrusted,  possibly
+       remote,  users.   Thus,  the  usual precautions need to be
+       taken against malicious inputs.
 
 DIAGNOSTICS
        Problems are logged to  syslogd(8)  and  to  the  standard
diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1
index 0b88eca36..04ba044f9 100644
--- a/postfix/man/man1/sendmail.1
+++ b/postfix/man/man1/sendmail.1
@@ -230,7 +230,7 @@ Log mailer traffic. Use the \fBdebug_peer_list\fR and
 .ad
 .fi
 By design, this program is not set-user (or group) id. However,
-it must handle data from untrusted users or untrusted machines.
+it must handle data from untrusted, possibly remote, users.
 Thus, the usual precautions need to be taken against malicious
 inputs.
 .SH DIAGNOSTICS
diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8
index d2ccd3175..766b37447 100644
--- a/postfix/man/man8/pipe.8
+++ b/postfix/man/man8/pipe.8
@@ -128,8 +128,8 @@ Prepend "\fB>\fR" to lines starting with "\fBFrom \fR". This is expected
 by, for example, \fBUUCP\fR software.
 .RE
 .IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER-DAEMON)"
-Replace the null sender address, which is typically used
-for delivery status notifications, with the specified text
+Replace the null sender address (typically used for delivery
+status notifications) with the specified text
 when expanding the \fB$sender\fR command-line macro, and
 when generating a From_ or Return-Path: message header.
 
diff --git a/postfix/proto/TLS_LEGACY_README.html b/postfix/proto/TLS_LEGACY_README.html
index 5a0566956..a46f99c58 100644
--- a/postfix/proto/TLS_LEGACY_README.html
+++ b/postfix/proto/TLS_LEGACY_README.html
@@ -829,7 +829,7 @@ is correctly configured to supply its intermediate CA certificate). 
    
 
     /etc/postfix/main.cf:
     smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
-    smtp_tls_dkey_file = $smtp_tls_cert_file
+    smtp_tls_dkey_file = $smtp_tls_dcert_file
 
      
 
    
 
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 976082ac0..289829f0a 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -969,7 +969,7 @@ is correctly configured to supply its intermediate CA certificate). 
    
 
     /etc/postfix/main.cf:
     smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
-    smtp_tls_dkey_file = $smtp_tls_cert_file
+    smtp_tls_dkey_file = $smtp_tls_dcert_file
 
      
 
    
 
diff --git a/postfix/proto/VIRTUAL_README.html b/postfix/proto/VIRTUAL_README.html
index eea8bafd3..7139d0934 100644
--- a/postfix/proto/VIRTUAL_README.html
+++ b/postfix/proto/VIRTUAL_README.html
@@ -432,9 +432,13 @@ domain!  
    
 
 
  •  
     Lines 4, 7-13: The virtual_mailbox_maps parameter specifies
 the lookup table with all valid recipient addresses. The lookup
-result is ignored by Postfix.  In the above example, info@example.com
-and sales@example.com are listed as valid addresses, and mail for
-anything else is rejected with "User unknown". If you intend to
+result value is ignored by Postfix.  In the above example,
+info@example.com
+and sales@example.com are listed as valid addresses; other mail for
+example.com is rejected with "User unknown" by the Postfix SMTP
+server. It's left up to the non-Postfix delivery agent to reject
+non-existent recipients from local submission or from local alias
+expansion.  If you intend to
 use LDAP, MySQL or PgSQL instead of local files, be sure to review
 the  "local files versus databases"
 section at the top of this document! 
    
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f62b93089..667158819 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20070301"
-#define MAIL_VERSION_NUMBER	"2.4.0-RC2"
+#define MAIL_RELEASE_DATE	"20070306"
+#define MAIL_VERSION_NUMBER	"2.4.0-RC3"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/master/trigger_server.c b/postfix/src/master/trigger_server.c
index 1e0846207..5db0fb8ee 100644
--- a/postfix/src/master/trigger_server.c
+++ b/postfix/src/master/trigger_server.c
@@ -315,7 +315,7 @@ static void trigger_server_accept_local(int unused_event, char *context)
 	msg_fatal("select unlock: %m");
     if (fd < 0) {
 	if (errno != EAGAIN)
-	    msg_fatal("accept connection: %m");
+	    msg_error("accept connection: %m");
 	if (time_left >= 0)
 	    event_request_timer(trigger_server_timeout, (char *) 0, time_left);
 	return;
@@ -361,7 +361,7 @@ static void trigger_server_accept_pass(int unused_event, char *context)
 	msg_fatal("select unlock: %m");
     if (fd < 0) {
 	if (errno != EAGAIN)
-	    msg_fatal("accept connection: %m");
+	    msg_error("accept connection: %m");
 	if (time_left >= 0)
 	    event_request_timer(trigger_server_timeout, (char *) 0, time_left);
 	return;
diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c
index 839b93108..b6ecb75e3 100644
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -118,8 +118,8 @@
 /*	by, for example, \fBUUCP\fR software.
 /* .RE
 /* .IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER-DAEMON)"
-/*	Replace the null sender address, which is typically used
-/*	for delivery status notifications, with the specified text
+/*	Replace the null sender address (typically used for delivery
+/*	status notifications) with the specified text
 /*	when expanding the \fB$sender\fR command-line macro, and
 /*	when generating a From_ or Return-Path: message header.
 /*
diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c
index 3bd19c8a4..537cdb260 100644
--- a/postfix/src/postdrop/postdrop.c
+++ b/postfix/src/postdrop/postdrop.c
@@ -229,6 +229,7 @@ int     main(int argc, char **argv)
     const char *errstr;
     char   *junk;
     struct timeval start;
+    int     saved_errno;
 
     /*
      * Be consistent with file permissions.
@@ -427,9 +428,12 @@ int     main(int argc, char **argv)
 	    continue;
 	}
 	if (REC_PUT_BUF(dst->stream, rec_type, buf) < 0) {
-	    while ((rec_type = rec_get(VSTREAM_IN, buf, var_line_limit)) > 0
-		   && rec_type != REC_TYPE_END)
+	    /* rec_get() errors must not clobber errno. */
+	    saved_errno = errno;
+	    while (rec_get_raw(VSTREAM_IN, buf, var_line_limit,
+			       REC_FLAG_NONE) > 0)
 		 /* void */ ;
+	    errno = saved_errno;
 	    break;
 	}
 	if (rec_type == REC_TYPE_END)
@@ -441,8 +445,8 @@ int     main(int argc, char **argv)
      * Finish the file.
      */
     if ((status = mail_stream_finish(dst, (VSTRING *) 0)) != 0) {
-	postdrop_cleanup();
 	msg_warn("uid=%ld: %m", (long) uid);
+	postdrop_cleanup();
     }
 
     /*
diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c
index 242896e24..08cf0209c 100644
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -222,7 +222,7 @@
 /* .ad
 /* .fi
 /*	By design, this program is not set-user (or group) id. However,
-/*	it must handle data from untrusted users or untrusted machines.
+/*	it must handle data from untrusted, possibly remote, users.
 /*	Thus, the usual precautions need to be taken against malicious
 /*	inputs.
 /* DIAGNOSTICS