postfix-2.0.16-20031226

postfix/HISTORY

@@ -8920,14 +8920,28 @@ Apologies for any names omitted.
 	Cleanup: eliminated binary hashes from anvil server. Anvil
 	client information is now stored on top of its VSTREAM.
 
+20031226
+
+	Feature: bounce_queue_lifetime parameter (default:
+	$maximal_queue_life_time) that bounds the time that
+	MAILER-DAEMON messages spend in the queue before they are
+	considered undeliverable.
+
+	Feature: disable "mail loops back to myself" protection
+	when SMTP mail is sent to a non-standard port. This makes
+	setting up content filters less painful.
+
+	Cleanup: disallow bare x.x.x.x numeric IP addresses in
+	email addresses. The form user@[x.x.x.x] is still allowed.
+
+	Cleanup: cleaned up the naming of internal symbols in the
+	SMTP client.
+
 Open problems:
 
 	Low: in the SMTP client, pass the session, request and
 	state structures as separate arguments.
 
-	Low: in the SMTP client, turn off "mail loops back to
-	myself" detection if a non-default TCP port is specified.
-
 	High: when virtual aliasing is turned off after content
 	filtering, local submissions may escape virtual aliasing.
 

postfix/README_FILES/SMTPD_PROXY_README

@@ -122,7 +122,7 @@ for testing, of course.
     smtp      inet  n       -       n       -       -       smtpd
         -o smtpd_proxy_filter=26
     :26       inet  n       -       n       -       -       smtpd
-	-o smtpd_authorized_xclient_hosts=127.0.0.0/8
+	-o smtpd_authorized_xforward_hosts=127.0.0.0/8
 	-o smtpd_client_restrictions=
 	-o smtpd_helo_restrictions=
 	-o smtpd_sender_restrictions=
@@ -135,7 +135,7 @@ Note: do not specify spaces around the "=" or "," characters.
 The ":26" causes Postfix to listen on the localhost address only.
 DO NOT expose the secondary SMTP server to the Internet :-)
 
-The smtpd_authorized_xclient_hosts parameter allows the before
+The smtpd_authorized_xforward_hosts parameter allows the before
 filter SMTP server to forward remote SMTP client information to
 the after-filter SMTP server, so that the after-filter Postfix
 daemons log the remote SMTP client information instead of logging

postfix/README_FILES/XCLIENT_README

@@ -22,7 +22,7 @@ server's Received:  message header.
 style content filter applications, the filter can be simplified if
 it can delegate decisions concerning mail relay and other access
 control to the MTA. This is especially useful when the filter acts
-as a transparent proxy for SMTP commands. As in the first example,
+as a transparent proxy for SMTP commands. As in the other examples,
 this requires that the filter can override the MTA's idea of the
 SMTP client hostname, network address, and other information.
 
@@ -68,8 +68,8 @@ is not enclosed with [].
 
 The PROTO attribute specifies either SMTP or ESMTP.
 
-The HELO attribute specifies a HELO parameter value, or the value
+The HELO attribute specifies an SMTP HELO parameter value, or the
-[UNAVAILABLE] when the information is unavailable.
+value [UNAVAILABLE] when the information is unavailable.
 
 Note 1: syntactically valid NAME and HELO attributes can be up to
 255 characters long. The client must not send XCLIENT commands that
@@ -81,16 +81,15 @@ upper case, lower case or mixed case.
 Security
 ========
 
-The XCLIENT command changes audit trails and/or client access
+The XCLIENT command changes audit trails and/or SMTP client access
 permissions. Use of this command must be restricted to authorized
-clients.
+SMTP clients. However, the XCLIENT command should not override its
-
+own access control mechanism.
-The XCLIENT should not override its own access control mechanism.
 
 SMTP connection caching
 =======================
 
-SMTP connection caching makes it possible to deliver multiple
+XCLIENT attributes persist until the end of an SMTP session.  If
-messages within the same SMTP session. The XCLIENT attributes are
+one session is used to deliver mail from different SMTP clients,
-persistent across an SMTP session, and need to be reset as appropriate
+the XCLIENT attributes need to be reset as appropriate in between
-in between deliveries.
+deliveries.

postfix/README_FILES/XFORWARD_README

@@ -12,11 +12,12 @@ remote client and/or message identifying information through the
 content filter to MTA2, so that the information could be logged as
 part of mail handling transactions.
 
-This extension is implemented as a separate command, so that it
+This extension is implemented as a separate command, and can be
-can be used to transmit client or message attributes incrementally.
+used to transmit client or message attributes incrementally.  It
-It is not implemented by passing additional parameters via the MAIL
+is not implemented by passing additional parameters via the MAIL
 FROM command, because doing so would require extending the MAIL
-FROM command length limit by another 600 or more characters.
+FROM command length limit by another 600 or more characters beyond
+the space needed by other extensions such as AUTH.
 
 Command syntax
 ==============

postfix/RELEASE_NOTES

@@ -22,6 +22,17 @@ snapshot release).  Patches change the patchlevel and the release
 date. Snapshots change only the release date, unless they include
 the same bugfixes as a patch release.
 
+Incompatible changes with Postfix snapshot 2.0.16-20031226
+==========================================================
+
+Postfix no longer allows mail addresses with bare numeric IP
+addresses (user@1.2.3.4).  The form user@[ipaddress] is still
+allowed.
+
+Bounce messages now have a separate queue life time.  This is
+controlled by the bounce_queue_lifetime parameter. The default is
+$maximal_queue_life_time.
+
 Incompatible changes with Postfix snapshot 2.0.16-20031223
 ==========================================================
 

postfix/conf/sample-rate.cf

@@ -46,6 +46,18 @@ maximal_backoff_time = 4000s
 #
 maximal_queue_lifetime = 5d
 
+# The bounce_queue_lifetime parameter specifies the maximal time
+# a bounce message is queued before it is considered undeliverable.
+# By default, this is the same as the queue life time for regular
+# mail.
+#
+# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+# The default time unit is d (days).
+#
+# Specify 0 when mail delivery should be tried only once.
+#
+bounce_queue_lifetime = $maximal_queue_lifetime
+
 # The minimal_backoff_time parameter specifies the minimal time
 # between attempts to deliver a deferred message.  This parameter
 # also limits the time an unreachable destination is kept in the

postfix/html/nqmgr.8.html

@@ -1,4 +1,4 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 NQMGR(8)                                                 NQMGR(8)
 
 <b>NAME</b>
@@ -111,25 +111,25 @@ NQMGR(8)                                                 NQMGR(8)
        actions (the message is followed by the symbolic  constant
        used internally by the software):
 
-       <b>D (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>DEFERRED)</b>
+       <b>D (QMGR_REQ_SCAN_DEFERRED)</b>
               Start  a  deferred queue scan.  If a deferred queue
               scan is already in  progress,  that  scan  will  be
               restarted as soon as it finishes.
 
-       <b>I (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>INCOMING)</b>
+       <b>I (QMGR_REQ_SCAN_INCOMING)</b>
               Start  an incoming queue scan. If an incoming queue
               scan is already in  progress,  that  scan  will  be
               restarted as soon as it finishes.
 
-       <b>A (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>ALL)</b>
+       <b>A (QMGR_REQ_SCAN_ALL)</b>
               Ignore deferred queue file time stamps. The request
               affects the next deferred queue scan.
 
-       <b>F (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>FLUSH</b><i>_</i><b>DEAD)</b>
+       <b>F (QMGR_REQ_FLUSH_DEAD)</b>
               Purge all information  about  dead  transports  and
               destinations.
 
-       <b>W (TRIGGER</b><i>_</i><b>REQ</b><i>_</i><b>WAKEUP)</b>
+       <b>W (TRIGGER_REQ_WAKEUP)</b>
               Wakeup  call,  This is used by the master server to
               instantiate servers that should not  go  away  for-
               ever.  The  action  is  to  start an incoming queue
@@ -159,7 +159,7 @@ NQMGR(8)                                                 NQMGR(8)
        Corrupted message files are saved to the <b>corrupt</b> queue for
        further inspection.
 
-       Depending  on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+       Depending  on the setting of the <b>notify_classes</b> parameter,
        the postmaster is notified of bounces and of  other  trou-
        ble.
 
@@ -176,54 +176,54 @@ NQMGR(8)                                                 NQMGR(8)
        command after a configuration change.
 
 <b>Miscellaneous</b>
-       <b>allow</b><i>_</i><b>min</b><i>_</i><b>user</b>
+       <b>allow_min_user</b>
               Do  not  bounce recipient addresses that begin with
               '-'.
 
-       <b>queue</b><i>_</i><b>directory</b>
+       <b>queue_directory</b>
               Top-level directory of the Postfix queue.
 
 <b>Active queue controls</b>
        In the text below, <i>transport</i> is the first field in a  <b>mas-</b>
        <b>ter.cf</b> entry.
 
-       <b>qmgr</b><i>_</i><b>clog</b><i>_</i><b>warn</b><i>_</i><b>time</b>
+       <b>qmgr_clog_warn_time</b>
               Minimal delay between warnings that a specific des-
               tination is clogging up the active queue. Specify 0
               to disable.
 
-       <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>active</b><i>_</i><b>limit</b>
+       <b>qmgr_message_active_limit</b>
               Limit the number of messages in the active queue.
 
-       <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>qmgr_message_recipient_limit</b>
               Limit the number of in-memory recipients.
 
               This  parameter  also limits the size of the short-
               term, in-memory destination cache.
 
-       <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>minimum</b>
+       <b>qmgr_message_recipient_minimum</b>
               Per message minimum of in-memory recipients.
 
-       <b>default</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>default_recipient_limit</b>
               Default limit on the number of in-memory recipients
               per transport.
 
-       <i>transport_</i><b>recipient</b><i>_</i><b>limit</b>
+       <i>transport</i><b>_recipient_limit</b>
               Limit  on  the  number of in-memory recipients, for
               the named message <i>transport</i>.
 
-       <b>default</b><i>_</i><b>extra</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>default_extra_recipient_limit</b>
               Default limit on the total number of per  transport
               in-memory  recipients  that the preempting messages
               can have.
 
-       <i>transport_</i><b>extra</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <i>transport</i><b>_extra_recipient_limit</b>
               Limit on the number of in-memory  recipients  which
               all  preempting messages delivered by the transport
               <i>transport</i> can have.
 
 <b>Timing controls</b>
-       <b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+       <b>minimal_backoff_time</b>
               Minimal time in seconds between  delivery  attempts
               of a deferred message.
 
@@ -231,89 +231,93 @@ NQMGR(8)                                                 NQMGR(8)
               destination is kept in  the  short-term,  in-memory
               destination status cache.
 
-       <b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+       <b>maximal_backoff_time</b>
               Maximal  time  in seconds between delivery attempts
               of a deferred message.
 
-       <b>maximal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b>
+       <b>maximal_queue_lifetime</b>
-              Maximal time in days a message is queued before  it
+              Maximal time (default: in days) a  regular  message
-              is sent back as undeliverable.
+              is queued before it is considered undeliverable.
 
-       <b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
+       <b>bounce_queue_lifetime</b>
+              Maximal time (default: in days) a bounce message is
+              queued before it is considered undeliverable.
+
+       <b>queue_run_delay</b>
               Time in seconds between deferred queue scans. Queue
               scans do not overlap.
 
-       <b>transport</b><i>_</i><b>retry</b><i>_</i><b>time</b>
+       <b>transport_retry_time</b>
-              Time in seconds between attempts to contact a  bro-
+              Time  in seconds between attempts to contact a bro-
               ken delivery transport.
 
 <b>Concurrency controls</b>
-       <b>initial</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b>
+       <b>initial_destination_concurrency</b>
-              Initial  per-destination concurrency level for par-
+              Initial per-destination concurrency level for  par-
               allel delivery to the same destination.
 
-       <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+       <b>default_destination_concurrency_limit</b>
-              Default limit on the number of parallel  deliveries
+              Default  limit on the number of parallel deliveries
               to the same destination.
 
-       <i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+       <i>transport</i><b>_destination_concurrency_limit</b>
-              Limit  on  the number of parallel deliveries to the
+              Limit on the number of parallel deliveries  to  the
-              same destination, for delivery via the  named  mes-
+              same  destination,  for delivery via the named mes-
               sage <i>transport</i>.
 
 <b>Recipient controls</b>
-       <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>default_destination_recipient_limit</b>
-              Default  limit on the number of recipients per mes-
+              Default limit on the number of recipients per  mes-
               sage transfer.
 
-       <i>transport_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <i>transport</i><b>_destination_recipient_limit</b>
-              Limit on  the  number  of  recipients  per  message
+              Limit  on  the  number  of  recipients  per message
               transfer, for the named message <i>transport</i>.
 
 <b>Message scheduling</b>
-       <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>cost</b> (valid range: 0,2,3...)
+       <i>transport</i><b>_delivery_slot_cost</b> (valid range: 0,2,3...)
-              This  parameter basically controls how often a mes-
+              This parameter basically controls how often a  mes-
-              sage delivered by <i>transport</i>  can  be  preempted  by
+              sage  delivered  by  <i>transport</i>  can be preempted by
               another message.  An internal per-message/transport
-              counter is  incremented  by  one  for  each  <i>trans-</i>
+              counter  is  incremented  by  one  for  each <i>trans-</i>
-              <i>port_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>cost</b>   deliveries   handled   by
+              <i>port</i><b>_delivery_slot_cost</b>   deliveries   handled   by
-              <i>transport</i>. This counter represents  the  number  of
+              <i>transport</i>.  This  counter  represents the number of
-              "available  delivery  slots"  for use by other mes-
+              "available delivery slots" for use  by  other  mes-
               sages.  Current message can be preempted by another
-              message  when  that  other message can be delivered
+              message when that other message  can  be  delivered
-              using less <i>transport</i> agents than the value  of  the
+              using  less  <i>transport</i> agents than the value of the
               "available delivery slots" counter.
 
-              Value  equal  to  0 disables the message preemption
+              Value equal to 0 disables  the  message  preemption
               for <i>transport</i>.
 
-       <i>transport_</i><b>minimum</b><i>_</i><b>delivery</b><i>_</i><b>slots</b>
+       <i>transport</i><b>_minimum_delivery_slots</b>
               Message preemption is not attempted at all whenever
-              a  message  that  can't  ever  accumulate  at least
+              a message  that  can't  ever  accumulate  at  least
-              <i>transport_</i><b>minimum</b><i>_</i><b>delivery</b><i>_</i><b>slots</b> available delivery
+              <i>transport</i><b>_minimum_delivery_slots</b> available delivery
               slots is being delivered by <i>transport</i>.
 
-       <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>discount</b> (valid range: 0..100)
+       <i>transport</i><b>_delivery_slot_discount</b> (valid range: 0..100)
 
-       <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>loan</b>
+       <i>transport</i><b>_delivery_slot_loan</b>
               These parameters speed up the moment when a message
-              preemption can happen.  Instead  of  waiting  until
+              preemption  can  happen.   Instead of waiting until
-              the  full  amount  of  delivery  slots  required is
+              the full  amount  of  delivery  slots  required  is
-              available, the preemption can  happen  when  <i>trans-</i>
+              available,  the  preemption  can happen when <i>trans-</i>
-              <i>port_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>discount</b> percent of the required
+              <i>port</i><b>_delivery_slot_discount</b> percent of the required
-              amount  plus   <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>loan</b>   still
+              amount   plus   <i>transport</i><b>_delivery_slot_loan</b>  still
-              remains  to  be  accumulated.  Note  that  the full
+              remains to  be  accumulated.  Note  that  the  full
-              amount will still have  to  be  accumulated  before
+              amount  will  still  have  to be accumulated before
               another preemption can take place later.
 
-       <b>default</b><i>_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>cost</b>
+       <b>default_delivery_slot_cost</b>
 
-       <b>default</b><i>_</i><b>minimum</b><i>_</i><b>delivery</b><i>_</i><b>slots</b>
+       <b>default_minimum_delivery_slots</b>
 
-       <b>default</b><i>_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>discount</b>
+       <b>default_delivery_slot_discount</b>
 
-       <b>default</b><i>_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>loan</b>
+       <b>default_delivery_slot_loan</b>
-              Default  values  for the transport specific parame-
+              Default values for the transport  specific  parame-
               ters described above.
 
 <b>SEE ALSO</b>
@@ -322,7 +326,7 @@ NQMGR(8)                                                 NQMGR(8)
        <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>

postfix/html/postsuper.1.html

@@ -84,75 +84,76 @@ POSTSUPER(1)                                         POSTSUPER(1)
 
               Note: while mail is "on hold" it  will  not  expire
               when  its  time  in  the  queue  exceeds  the <b>maxi-</b>
-              <b>mal_queue_lifetime</b> setting. It becomes  subject  to
+              <b>mal_queue_lifetime</b>  or  <b>bounce_queue_lifetime</b>  set-
-              expiration after it is released from "hold".
+              ting.  It becomes subject to expiration after it is
+              released from "hold".
 
        <b>-H</b> <i>queue</i><b>_</b><i>id</i>
               Release mail that was put "on hold".  Move one mes-
-              sage with the named queue ID from  the  named  mail
+              sage  with  the  named queue ID from the named mail
               queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.  If
-              a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is  specified,  the  program  reads
+              a  <i>queue</i><b>_</b><i>id</i>  of  <b>-</b>  is specified, the program reads
               queue IDs from standard input.
 
-              Specify  <b>-H  ALL</b>  to  release  all mail that is "on
+              Specify <b>-H ALL</b> to release  all  mail  that  is  "on
-              hold".  As a safety measure, the word <b>ALL</b>  must  be
+              hold".   As  a safety measure, the word <b>ALL</b> must be
               specified in upper case.
 
-       <b>-p</b>     Purge  old temporary files that are left over after
+       <b>-p</b>     Purge old temporary files that are left over  after
               system or software crashes.
 
        <b>-r</b> <i>queue</i><b>_</b><i>id</i>
-              Requeue the message with the named  queue  ID  from
+              Requeue  the  message  with the named queue ID from
-              the  named  mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
+              the named mail queue(s) (default:  <b>hold</b>,  <b>incoming</b>,
-              <b>active</b> and <b>deferred</b>).   To  requeue  multiple  mes-
+              <b>active</b>  and  <b>deferred</b>).   To  requeue multiple mes-
-              sages,  specify  multiple  <b>-r</b> command-line options.
+              sages, specify multiple  <b>-r</b>  command-line  options.
               Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the
               program reads queue IDs from standard input.
 
               Specify <b>-r ALL</b> to requeue all messages. As a safety
-              measure, the word <b>ALL</b> must be  specified  in  upper
+              measure,  the  word  <b>ALL</b> must be specified in upper
               case.
 
-              A  requeued message is moved to the <b>maildrop</b> queue,
+              A requeued message is moved to the <b>maildrop</b>  queue,
-              from where it is copied by the pickup daemon  to  a
+              from  where  it is copied by the pickup daemon to a
-              new  file whose name is guaranteed to match the new
+              new file whose name is guaranteed to match the  new
               queue file inode number. The new queue file is sub-
-              jected  again to mail address rewriting and substi-
+              jected again to mail address rewriting and  substi-
               tution. This is useful when rewriting rules or vir-
               tual mappings have changed.
 
-              Postfix  queue  IDs  are  reused.   There is a very
+              Postfix queue IDs are  reused.   There  is  a  very
               small possibility that <b>postsuper</b> requeues the wrong
-              message  file when it is executed while the Postfix
+              message file when it is executed while the  Postfix
               mail system is running, but no harm should be done.
 
        <b>-s</b>     Structure check and structure repair.  It is highly
-              recommended to perform this operation  once  before
+              recommended  to  perform this operation once before
               Postfix startup.
 
-              <b>o</b>      Rename  files  whose name does not match the
+              <b>o</b>      Rename files whose name does not  match  the
                      message file inode number. This operation is
-                     necessary  after restoring a mail queue from
+                     necessary after restoring a mail queue  from
                      a different machine, or from backup media.
 
               <b>o</b>      Move queue files that are in the wrong place
                      in the file system hierarchy and remove sub-
                      directories that are no longer needed.  File
-                     position  rearrangements are necessary after
+                     position rearrangements are necessary  after
                      a  change  in  the  <b>hash_queue_names</b>  and/or
                      <b>hash_queue_depth</b> configuration parameters.
 
        <b>-v</b>     Enable verbose logging for debugging purposes. Mul-
-              tiple <b>-v</b> options  make  the  software  increasingly
+              tiple  <b>-v</b>  options  make  the software increasingly
               verbose.
 
 <b>DIAGNOSTICS</b>
-       Problems  are reported to the standard error stream and to
+       Problems are reported to the standard error stream and  to
        <b>syslogd</b>.
 
-       <b>postsuper</b> reports the number of messages deleted with  <b>-d</b>,
+       <b>postsuper</b>  reports the number of messages deleted with <b>-d</b>,
        the number of messages requeued with <b>-r</b>, and the number of
-       messages whose queue file name  was  fixed  with  <b>-s</b>.  The
+       messages  whose  queue  file  name  was fixed with <b>-s</b>. The
        report is written to the standard error stream and to <b>sys-</b>
        <b>logd</b>.
 
@@ -161,22 +162,22 @@ POSTSUPER(1)                                         POSTSUPER(1)
               Directory with the <b>main.cf</b> file.
 
 <b>BUGS</b>
-       Mail that is not sanitized by Postfix (i.e.  mail  in  the
+       Mail  that  is  not sanitized by Postfix (i.e. mail in the
        <b>maildrop</b> queue) cannot be placed "on hold".
 
 <b>CONFIGURATION PARAMETERS</b>
-       See  the  Postfix  <b>main.cf</b> file for syntax details and for
+       See the Postfix <b>main.cf</b> file for syntax  details  and  for
        default values.
 
        <b>hash_queue_depth</b>
               Number of subdirectory levels for hashed queues.
 
        <b>hash_queue_names</b>
-              The names of queues that are organized into  multi-
+              The  names of queues that are organized into multi-
               ple levels of subdirectories.
 
        <b>queue_directory</b>
-              Top-level  directory  of the Postfix queue. This is
+              Top-level directory of the Postfix queue.  This  is
               also the root directory of Postfix daemons that run
               chrooted.
 
@@ -185,7 +186,7 @@ POSTSUPER(1)                                         POSTSUPER(1)
        <a href="postqueue.1.html">postqueue(1)</a> unprivileged queue operations
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>AUTHOR(S)</b>

postfix/html/qmgr.8.html

@@ -1,4 +1,4 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 QMGR(8)                                                   QMGR(8)
 
 <b>NAME</b>
@@ -105,25 +105,25 @@ QMGR(8)                                                   QMGR(8)
        actions  (the message is followed by the symbolic constant
        used internally by the software):
 
-       <b>D (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>DEFERRED)</b>
+       <b>D (QMGR_REQ_SCAN_DEFERRED)</b>
               Start a deferred queue scan.  If a  deferred  queue
               scan  is  already  in  progress,  that scan will be
               restarted as soon as it finishes.
 
-       <b>I (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>INCOMING)</b>
+       <b>I (QMGR_REQ_SCAN_INCOMING)</b>
               Start an incoming queue scan. If an incoming  queue
               scan  is  already  in  progress,  that scan will be
               restarted as soon as it finishes.
 
-       <b>A (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>ALL)</b>
+       <b>A (QMGR_REQ_SCAN_ALL)</b>
               Ignore deferred queue file time stamps. The request
               affects the next deferred queue scan.
 
-       <b>F (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>FLUSH</b><i>_</i><b>DEAD)</b>
+       <b>F (QMGR_REQ_FLUSH_DEAD)</b>
               Purge  all  information  about  dead transports and
               destinations.
 
-       <b>W (TRIGGER</b><i>_</i><b>REQ</b><i>_</i><b>WAKEUP)</b>
+       <b>W (TRIGGER_REQ_WAKEUP)</b>
               Wakeup call, This is used by the master  server  to
               instantiate  servers  that  should not go away for-
               ever. The action is  to  start  an  incoming  queue
@@ -152,7 +152,7 @@ QMGR(8)                                                   QMGR(8)
        Corrupted message files are saved to the <b>corrupt</b> queue for
        further inspection.
 
-       Depending  on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+       Depending  on the setting of the <b>notify_classes</b> parameter,
        the postmaster is notified of bounces and of  other  trou-
        ble.
 
@@ -169,30 +169,30 @@ QMGR(8)                                                   QMGR(8)
        command after a configuration change.
 
 <b>Miscellaneous</b>
-       <b>allow</b><i>_</i><b>min</b><i>_</i><b>user</b>
+       <b>allow_min_user</b>
               Do  not  bounce recipient addresses that begin with
               '-'.
 
-       <b>queue</b><i>_</i><b>directory</b>
+       <b>queue_directory</b>
               Top-level directory of the Postfix queue.
 
 <b>Active queue controls</b>
-       <b>qmgr</b><i>_</i><b>clog</b><i>_</i><b>warn</b><i>_</i><b>time</b>
+       <b>qmgr_clog_warn_time</b>
               Minimal delay between warnings that a specific des-
               tination is clogging up the active queue. Specify 0
               to disable.
 
-       <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>active</b><i>_</i><b>limit</b>
+       <b>qmgr_message_active_limit</b>
               Limit the number of messages in the active queue.
 
-       <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>qmgr_message_recipient_limit</b>
               Limit the number of in-memory recipients.
 
               This parameter also limits the size of  the  short-
               term, in-memory destination cache.
 
 <b>Timing controls</b>
-       <b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+       <b>minimal_backoff_time</b>
               Minimal  time  in seconds between delivery attempts
               of a deferred message.
 
@@ -200,62 +200,66 @@ QMGR(8)                                                   QMGR(8)
               destination  is  kept  in the short-term, in-memory
               destination status cache.
 
-       <b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+       <b>maximal_backoff_time</b>
               Maximal time in seconds between  delivery  attempts
               of a deferred message.
 
-       <b>maximal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b>
+       <b>maximal_queue_lifetime</b>
-              Maximal  time in days a message is queued before it
+              Maximal  time  (default: in days) a regular message
-              is sent back as undeliverable.
+              is queued before it is considered undeliverable.
 
-       <b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
+       <b>bounce_queue_lifetime</b>
+              Maximal time (default: in days) a bounce message is
+              queued before it is considered undeliverable.
+
+       <b>queue_run_delay</b>
               Time in seconds between deferred queue scans. Queue
               scans do not overlap.
 
-       <b>transport</b><i>_</i><b>retry</b><i>_</i><b>time</b>
+       <b>transport_retry_time</b>
-              Time  in seconds between attempts to contact a bro-
+              Time in seconds between attempts to contact a  bro-
               ken delivery transport.
 
 <b>Concurrency controls</b>
-       In the text below, <i>transport</i> is the first field in a  <b>mas-</b>
+       In  the text below, <i>transport</i> is the first field in a <b>mas-</b>
        <b>ter.cf</b> entry.
 
-       <b>qmgr</b><i>_</i><b>fudge</b><i>_</i><b>factor</b> (valid range: 10..100)
+       <b>qmgr_fudge_factor</b> (valid range: 10..100)
-              The  percentage  of  delivery resources that a busy
+              The percentage of delivery resources  that  a  busy
-              mail system will use up for  delivery  of  a  large
+              mail  system  will  use  up for delivery of a large
-              mailing  list  message.  With 100%, delivery of one
+              mailing list message.  With 100%, delivery  of  one
-              message does not begin before the previous  message
+              message  does not begin before the previous message
-              has  been  delivered.  This results in good perfor-
+              has been delivered. This results  in  good  perfor-
-              mance for large mailing lists, but results in  poor
+              mance  for large mailing lists, but results in poor
-              response  time for one-to-one mail.  With less than
+              response time for one-to-one mail.  With less  than
-              100%, response time for one-to-one  mail  improves,
+              100%,  response  time for one-to-one mail improves,
-              but  large  mailing  list delivery performance suf-
+              but large mailing list  delivery  performance  suf-
               fers. In the worst case, recipients near the begin-
-              ning  of  a  large list receive a burst of messages
+              ning of a large list receive a  burst  of  messages
-              immediately, while recipients near the end of  that
+              immediately,  while recipients near the end of that
-              list  receive  that  same burst of messages a whole
+              list receive that same burst of  messages  a  whole
               day later.
 
-       <b>initial</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b>
+       <b>initial_destination_concurrency</b>
-              Initial per-destination concurrency level for  par-
+              Initial  per-destination concurrency level for par-
               allel delivery to the same destination.
 
-       <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+       <b>default_destination_concurrency_limit</b>
-              Default  limit on the number of parallel deliveries
+              Default limit on the number of parallel  deliveries
               to the same destination.
 
-       <i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+       <i>transport</i><b>_destination_concurrency_limit</b>
-              Limit on the number of parallel deliveries  to  the
+              Limit  on  the number of parallel deliveries to the
-              same  destination,  for delivery via the named mes-
+              same destination, for delivery via the  named  mes-
               sage <i>transport</i>.
 
 <b>Recipient controls</b>
-       <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <b>default_destination_recipient_limit</b>
-              Default limit on the number of recipients per  mes-
+              Default  limit on the number of recipients per mes-
               sage transfer.
 
-       <i>transport_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+       <i>transport</i><b>_destination_recipient_limit</b>
-              Limit  on  the  number  of  recipients  per message
+              Limit on  the  number  of  recipients  per  message
               transfer, for the named message <i>transport</i>.
 
 <b>SEE ALSO</b>
@@ -264,7 +268,7 @@ QMGR(8)                                                   QMGR(8)
        <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>

postfix/html/rate.html

@@ -307,6 +307,13 @@ immediately after the first unsuccessful delivery attempt.
 
 <p>
 
+<dt> <b>bounce_queue_lifetime</b> (default: 2 days) <dd> How
+long a bounce message stays in the queue before it is considered
+undeliverable. Specify 0 for mail that should be returned
+immediately after the first unsuccessful delivery attempt.
+
+<p>
+
 <dt> <b>minimal_backoff_time</b> (default: 1000 seconds) <dd> The
 minimal amount of time a message won't be looked at, and the minimal
 amount of time to stay away from a "dead" destination.

postfix/html/smtpd.8.html

@@ -80,61 +80,61 @@ SMTPD(8)                                                 SMTPD(8)
               checking  and  without any state change.  This list
               overrides built-in command definitions.
 
-<b>Content inspection controls</b>
+<b>Content inspection after mail is queued</b>
-       Optionally, Postfix can be configured to send new mail  to
+       Postfix can be configured to send new mail to an  external
-       external content filter software AFTER the mail is queued.
+       content filter AFTER the mail is queued.
 
        <b>content_filter</b>
-              The name of a mail delivery transport that  filters
+              The  name of a mail delivery transport that filters
               mail and that either bounces mail or re-injects the
-              result back into Postfix.  This parameter uses  the
+              result  back into Postfix.  This parameter uses the
-              same  syntax  as  the  right-hand side of a Postfix
+              same syntax as the right-hand  side  of  a  Postfix
               transport table.
 
        <b>receive_override_options</b>
-              The following options  override  <b>main.cf</b>  settings.
+              The  following  options  override <b>main.cf</b> settings.
-              The  options  are  either  implemented  by the SMTP
+              The options are  either  implemented  by  the  SMTP
-              server or are passed on to the  downstream  cleanup
+              server  or  are passed on to the downstream cleanup
               server.
 
               <b>no_unknown_recipient_checks</b>
-                     Do  not  try  to  reject unknown recipients.
+                     Do not try  to  reject  unknown  recipients.
-                     This is typically specified  with  the  SMTP
+                     This  is  typically  specified with the SMTP
                      server <b>after</b> an external content filter.
 
               <b>no_address_mappings</b>
-                     Disable  canonical  address mapping, virtual
+                     Disable canonical address  mapping,  virtual
-                     alias map expansion,  address  masquerading,
+                     alias  map  expansion, address masquerading,
-                     and  automatic BCC recipients. This is typi-
+                     and automatic BCC recipients. This is  typi-
-                     cally specified with the SMTP server  <b>before</b>
+                     cally  specified with the SMTP server <b>before</b>
                      an external content filter.
 
               <b>no_header_body_checks</b>
-                     Disable  header/body_checks.  This  is typi-
+                     Disable header/body_checks.  This  is  typi-
-                     cally specified with the SMTP  server  <b>after</b>
+                     cally  specified  with the SMTP server <b>after</b>
                      an external content filter.
 
-<b>Pass-through proxy</b>
+<b>Content inspection before mail is queued</b>
-       Optionally,  the  Postfix SMTP server can be configured to
+       The Postfix SMTP server can be configured to  forward  all
-       forward all mail to a proxy server, for  example  a  real-
+       mail  to a real-time SMTP-based content filter BEFORE mail
-       time content filter, BEFORE mail is queued.
+       is queued.
 
        <b>smtpd_proxy_filter</b>
-              The <i>host:port</i> of the SMTP proxy server. The <i>host</i> or
+              The <i>host:port</i> of the real-time  SMTP-based  content
-              <i>host:</i> portion is optional.
+              filter.  The <i>host</i> or <i>host:</i> portion is optional.
 
        <b>smtpd_proxy_timeout</b>
               Timeout for connecting to, sending to and receiving
-              from the SMTP proxy server.
+              from the real-time SMTP-based content filter.
 
        <b>smtpd_proxy_ehlo</b>
               The hostname to use when sending an EHLO command to
-              the SMTP proxy server.
+              the real-time SMTP-based content filter.
 
 <b>Authentication controls</b>
        <b>smtpd_sasl_auth_enable</b>
-              Enable per-session authentication as per  <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC  2554</a>
+              Enable  per-session  authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
-              (SASL).   This functionality is available only when
+              (SASL).  This functionality is available only  when
               explicitly  selected  at  program  build  time  and
               explicitly enabled at runtime.
 
@@ -160,15 +160,15 @@ SMTPD(8)                                                 SMTPD(8)
                      Disallow anonymous logins.
 
        <b>smtpd_sender_login_maps</b>
-              Maps  that  specify the SASL login names that own a
+              Maps that specify the SASL login names that  own  a
-              MAIL   FROM   sender   address.   Used    by    the
+              MAIL    FROM    sender   address.   Used   by   the
               <b>reject_sender_login_mismatch</b>  sender  anti-spoofing
-              restriction, as well as by its  component  restric-
+              restriction,  as  well as by its component restric-
               tions    <b>reject_authenticated_sender_login_mismatch</b>
-              (an authenticated client  can't  use  a  MAIL  FROM
+              (an  authenticated  client  can't  use  a MAIL FROM
-              sender  address  that is owned by someone else) and
+              sender address that is owned by someone  else)  and
               <b>reject_unauthenticated_sender_login_mismatch</b>     (a
-              client  must  be  authenticated in order to use the
+              client must be authenticated in order  to  use  the
               MAIL FROM sender address).
 
 <b>Miscellaneous</b>
@@ -178,36 +178,36 @@ SMTPD(8)                                                 SMTPD(8)
 
        <b>smtpd_authorized_xclient_hosts</b>
               Hostnames, domain names and/or addresses of clients
-              that are authorized to  use  the  XCLIENT  command.
+              that  are  authorized  to  use the XCLIENT command.
-              This   command  overrides  client  information  for
+              This  command  overrides  client  information   for
               access  control  and  logging  purposes,  with  the
-              exception   of  the  <b>smtpd_authorized_xclient_hosts</b>
+              exception  of  the   <b>smtpd_authorized_xclient_hosts</b>
               access control itself.
 
        <b>smtpd_authorized_xforward_hosts</b>
               Hostnames, domain names and/or addresses of clients
-              that  are  authorized  to use the XFORWARD command.
+              that are authorized to use  the  XFORWARD  command.
               This command accepts client and message identofying
               information for logging purposes.
 
        <b>debug_peer_level</b>
-              Increment  in  verbose  logging level when a remote
+              Increment in verbose logging level  when  a  remote
               host  matches  a  pattern  in  the  <b>debug_peer_list</b>
               parameter.
 
        <b>debug_peer_list</b>
-              List  of  domain or network patterns. When a remote
+              List of domain or network patterns. When  a  remote
-              host matches a pattern, increase the  verbose  log-
+              host  matches  a pattern, increase the verbose log-
-              ging   level   by   the  amount  specified  in  the
+              ging  level  by  the  amount   specified   in   the
               <b>debug_peer_level</b> parameter.
 
        <b>default_verp_delimiters</b>
               The default VERP delimiter characters that are used
-              when   the   XVERP  command  is  specified  without
+              when  the  XVERP  command  is   specified   without
               explicit delimiters.
 
        <b>error_notice_recipient</b>
-              Recipient   of    protocol/policy/resource/software
+              Recipient    of   protocol/policy/resource/software
               error notices.
 
        <b>hopcount_limit</b>
@@ -216,18 +216,18 @@ SMTPD(8)                                                 SMTPD(8)
        <b>notify_classes</b>
               List of error classes. Of special interest are:
 
-              <b>policy</b> When  a  client  violates any policy, mail a
+              <b>policy</b> When a client violates any  policy,  mail  a
                      transcript of the entire SMTP session to the
                      postmaster.
 
               <b>protocol</b>
-                     When  a client violates the SMTP protocol or
+                     When a client violates the SMTP protocol  or
                      issues  an  unimplemented  command,  mail  a
                      transcript of the entire SMTP session to the
                      postmaster.
 
        <b>smtpd_banner</b>
-              Text that follows the <b>220</b> status code in  the  SMTP
+              Text  that  follows the <b>220</b> status code in the SMTP
               greeting banner.
 
        <b>smtpd_expansion_filter</b>
@@ -235,57 +235,57 @@ SMTPD(8)                                                 SMTPD(8)
               expansion of rbl template responses and other text.
 
        <b>smtpd_recipient_limit</b>
-              Restrict  the  number  of  recipients that the SMTP
+              Restrict the number of  recipients  that  the  SMTP
               server accepts per message delivery.
 
        <b>smtpd_timeout</b>
-              Limit the time to send a  server  response  and  to
+              Limit  the  time  to  send a server response and to
               receive a client request.
 
        <b>soft_bounce</b>
-              Change  hard (5xx) reject responses into soft (4xx)
+              Change hard (5xx) reject responses into soft  (4xx)
-              reject responses.  This can be useful  for  testing
+              reject  responses.   This can be useful for testing
               purposes.
 
        <b>verp_delimiter_filter</b>
-              The  characters that Postfix accepts as VERP delim-
+              The characters that Postfix accepts as VERP  delim-
               iter characters.
 
 <b>Known versus unknown recipients</b>
        <b>show_user_unknown_table_name</b>
-              Whether or not to reveal  the  table  name  in  the
+              Whether  or  not  to  reveal  the table name in the
-              "User  unknown"  responses.  The extra detail makes
+              "User unknown" responses. The  extra  detail  makes
-              trouble shooting easier but also  reveals  informa-
+              trouble  shooting  easier but also reveals informa-
               tion that is nobody elses business.
 
        <b>unknown_local_recipient_reject_code</b>
               The response code when a client specifies a recipi-
-              ent  whose   domain   matches   <b>$mydestination</b>   or
+              ent   whose   domain   matches   <b>$mydestination</b>  or
               <b>$inet_interfaces</b>,  while  <b>$local_recipient_maps</b>  is
-              non-empty and does not list the  recipient  address
+              non-empty  and  does not list the recipient address
               or address local-part.
 
        <b>unknown_relay_recipient_reject_code</b>
               The response code when a client specifies a recipi-
               ent  whose  domain  matches  <b>$relay_domains</b>,  while
-              <b>$relay_recipient_maps</b>  is  non-empty  and  does not
+              <b>$relay_recipient_maps</b> is  non-empty  and  does  not
               list the recipient address.
 
        <b>unknown_virtual_alias_reject_code</b>
               The response code when a client specifies a recipi-
-              ent  whose  domain  matches <b>$virtual_alias_domains</b>,
+              ent whose  domain  matches  <b>$virtual_alias_domains</b>,
-              while  the  recipient  is  not  listed   in   <b>$vir-</b>
+              while   the   recipient  is  not  listed  in  <b>$vir-</b>
               <b>tual_alias_maps</b>.
 
        <b>unknown_virtual_mailbox_reject_code</b>
               The response code when a client specifies a recipi-
-              ent whose domain matches  <b>$virtual_mailbox_domains</b>,
+              ent  whose domain matches <b>$virtual_mailbox_domains</b>,
               while the recipient is not listed in <b>$virtual_mail-</b>
               <b>box_maps</b>.
 
 <b>Resource controls</b>
        <b>line_length_limit</b>
-              Limit the amount of memory in bytes  used  for  the
+              Limit  the  amount  of memory in bytes used for the
               handling of partial input lines.
 
        <b>message_size_limit</b>
@@ -293,9 +293,9 @@ SMTPD(8)                                                 SMTPD(8)
               ing on-disk storage for envelope information.
 
        <b>queue_minfree</b>
-              Minimal amount of free space in bytes in the  queue
+              Minimal  amount of free space in bytes in the queue
-              file  system for the SMTP server to accept any mail
+              file system for the SMTP server to accept any  mail
-              at  all  (default:  twice  the   <b>message_size_limit</b>
+              at   all  (default:  twice  the  <b>message_size_limit</b>
               value).
 
        <b>smtpd_history_flush_threshold</b>
@@ -305,21 +305,21 @@ SMTPD(8)                                                 SMTPD(8)
 
        <b>smtpd_client_connection_count_limit</b>
               The maximal number of simultaneous connections that
-              any client is allowed  to  make  to  this  service.
+              any  client  is  allowed  to  make to this service.
-              When  a  client  exceeds the limit, the SMTP server
+              When a client exceeds the limit,  the  SMTP  server
               logs a warning with the client name/address and the
               service name as configured in master.cf.
 
        <b>smtpd_client_connection_rate_limit</b>
-              The  maximal  number  of  connections per unit time
+              The maximal number of  connections  per  unit  time
               (specified with <b>connection_rate_time_unit</b>) that any
-              client  is  allowed to make to this service. When a
+              client is allowed to make to this service.  When  a
-              client exceeds the limit, the SMTP  server  logs  a
+              client  exceeds  the  limit, the SMTP server logs a
-              warning  with  the client name/address and the ser-
+              warning with the client name/address and  the  ser-
               vice name as configured in master.cf.
 
        <b>smtpd_client_connection_limit_exceptions</b>
-              Hostnames, .domain  names  and/or  network  address
+              Hostnames,  .domain  names  and/or  network address
               blocks of clients that are excluded from connection
               count or rate limits.
 
@@ -330,17 +330,17 @@ SMTPD(8)                                                 SMTPD(8)
 
        <b>smtpd_soft_error_limit</b>
               When an SMTP client has made this number of errors,
-              wait <i>error</i><b>_</b><i>count</i> seconds before responding  to  any
+              wait  <i>error</i><b>_</b><i>count</i>  seconds before responding to any
               client request.
 
        <b>smtpd_hard_error_limit</b>
-              Disconnect  after  a client has made this number of
+              Disconnect after a client has made this  number  of
               errors.
 
        <b>smtpd_junk_command_limit</b>
               Limit the number of times a client can issue a junk
-              command  such  as  NOOP,  VRFY, ETRN or RSET in one
+              command such as NOOP, VRFY, ETRN  or  RSET  in  one
-              SMTP session before it  is  penalized  with  tarpit
+              SMTP  session  before  it  is penalized with tarpit
               delays.
 
 <b>Delegated policy</b>
@@ -349,17 +349,17 @@ SMTPD(8)                                                 SMTPD(8)
               receiving from a delegated SMTPD policy server.
 
        <b>smtpd_policy_service_max_idle</b>
-              Time after which an  unused  SMTPD  policy  service
+              Time  after  which  an  unused SMTPD policy service
               connection is closed.
 
        <b>smtpd_policy_service_timeout</b>
-              Time  after  which  an  active SMTPD policy service
+              Time after which an  active  SMTPD  policy  service
               connection is closed.
 
 <b>UCE control restrictions</b>
        <b>parent_domain_matches_subdomains</b>
-              List of Postfix features that use  <i>domain.tld</i>  pat-
+              List  of  Postfix features that use <i>domain.tld</i> pat-
-              terns   to  match  <i>sub.domain.tld</i>  (as  opposed  to
+              terns  to  match  <i>sub.domain.tld</i>  (as  opposed   to
               requiring <i>.domain.tld</i> patterns).
 
        <b>smtpd_client_restrictions</b>
@@ -367,19 +367,19 @@ SMTPD(8)                                                 SMTPD(8)
               tem.
 
        <b>smtpd_helo_required</b>
-              Require  that  clients  introduce themselves at the
+              Require that clients introduce  themselves  at  the
               beginning of an SMTP session.
 
        <b>smtpd_helo_restrictions</b>
-              Restrict what client hostnames are allowed in  <b>HELO</b>
+              Restrict  what client hostnames are allowed in <b>HELO</b>
               and <b>EHLO</b> commands.
 
        <b>smtpd_sender_restrictions</b>
-              Restrict  what sender addresses are allowed in <b>MAIL</b>
+              Restrict what sender addresses are allowed in  <b>MAIL</b>
               <b>FROM</b> commands.
 
        <b>smtpd_recipient_restrictions</b>
-              Restrict what recipient addresses  are  allowed  in
+              Restrict  what  recipient  addresses are allowed in
               <b>RCPT TO</b> commands.
 
        <b>smtpd_etrn_restrictions</b>
@@ -387,96 +387,96 @@ SMTPD(8)                                                 SMTPD(8)
               mands, and what clients may issue <b>ETRN</b> commands.
 
        <b>smtpd_data_restrictions</b>
-              Restrictions on the <b>DATA</b>  command.  Currently,  the
+              Restrictions  on  the  <b>DATA</b> command. Currently, the
-              only   restriction   that   makes   sense  here  is
+              only  restriction  that   makes   sense   here   is
               <b>reject_unauth_pipelining</b>.
 
        <b>allow_untrusted_routing</b>
-              Allow untrusted clients to specify  addresses  with
+              Allow  untrusted  clients to specify addresses with
-              sender-specified  routing.   Enabling this opens up
+              sender-specified routing.  Enabling this  opens  up
-              nasty relay loopholes involving trusted  backup  MX
+              nasty  relay  loopholes involving trusted backup MX
               hosts.
 
        <b>smtpd_restriction_classes</b>
-              Declares  the  name of zero or more parameters that
+              Declares the name of zero or more  parameters  that
-              contain a list of UCE restrictions.  The  names  of
+              contain  a  list  of UCE restrictions. The names of
-              these  parameters  can  then be used instead of the
+              these parameters can then be used  instead  of  the
               restriction lists that they represent.
 
        <b>smtpd_null_access_lookup_key</b>
-              The lookup key to be used in  SMTPD  access  tables
+              The  lookup  key  to be used in SMTPD access tables
-              instead  of  the null sender address. A null sender
+              instead of the null sender address. A  null  sender
               address cannot be looked up.
 
        <b>maps_rbl_domains</b> (deprecated)
-              List of DNS domains that publish the  addresses  of
+              List  of  DNS domains that publish the addresses of
               blacklisted hosts. This is used with the deprecated
               <b>reject_maps_rbl</b> restriction.
 
        <b>permit_mx_backup_networks</b>
-              Only domains  whose  primary  MX  hosts  match  the
+              Only  domains  whose  primary  MX  hosts  match the
-              listed   networks   are   eligible   for  the  <b>per-</b>
+              listed  networks  are   eligible   for   the   <b>per-</b>
               <b>mit_mx_backup</b> feature.
 
        <b>relay_domains</b>
-              Restrict what domains this mail system  will  relay
+              Restrict  what  domains this mail system will relay
-              mail  to.  The  domains  are routed to the delivery
+              mail to. The domains are  routed  to  the  delivery
               agent specified with the <b>relay_transport</b> setting.
 
 <b>Sender/recipient address verification</b>
        Address verification is implemented by sending probe email
-       messages  that  are not actually delivered, and is enabled
+       messages that are not actually delivered, and  is  enabled
-       via   the   reject_unverified_{sender,recipient}    access
+       via    the   reject_unverified_{sender,recipient}   access
-       restriction.   The  status of verification probes is main-
+       restriction.  The status of verification probes  is  main-
        tained by the address verification service.
 
        <b>address_verify_poll_count</b>
-              How many times to query  the  address  verification
+              How  many  times  to query the address verification
-              service  for  completion of an address verification
+              service for completion of an  address  verification
-              request.  Specify 1 to implement a simple  form  of
+              request.   Specify  1 to implement a simple form of
-              greylisting,  that is, always defer the request for
+              greylisting, that is, always defer the request  for
               a new sender or recipient address.
 
        <b>address_verify_poll_delay</b>
-              Time to wait after querying the  address  verifica-
+              Time  to  wait after querying the address verifica-
               tion service for completion of an address verifica-
               tion request.
 
 <b>UCE control responses</b>
        <b>access_map_reject_code</b>
-              Response code when  a  client  violates  an  access
+              Response  code  when  a  client  violates an access
               database restriction.
 
        <b>default_rbl_reply</b>
               Default template reply when a request is RBL black-
-              listed.  This template is used by the  <b>reject_rbl_*</b>
+              listed.   This template is used by the <b>reject_rbl_*</b>
-              and    <b>reject_rhsbl_*</b>   restrictions.   See   also:
+              and   <b>reject_rhsbl_*</b>   restrictions.   See    also:
               <b>rbl_reply_maps</b> and <b>smtpd_expansion_filter</b>.
 
        <b>defer_code</b>
-              Response code when a client request is rejected  by
+              Response  code when a client request is rejected by
               the <b>defer</b> restriction.
 
        <b>invalid_hostname_reject_code</b>
-              Response   code   when   a   client   violates  the
+              Response  code   when   a   client   violates   the
               <b>reject_invalid_hostname</b> restriction.
 
        <b>maps_rbl_reject_code</b>
               Response code when a request is RBL blacklisted.
 
        <b>multi_recipient_bounce_reject_code</b>
-              Response code  when  a  multi-recipient  bounce  is
+              Response  code  when  a  multi-recipient  bounce is
               blocked.
 
        <b>rbl_reply_maps</b>
-              Table  with  template responses for RBL blacklisted
+              Table with template responses for  RBL  blacklisted
-              requests, indexed by RBL domain  name.  These  tem-
+              requests,  indexed  by  RBL domain name. These tem-
               plates   are   used   by   the   <b>reject_rbl_*</b>   and
-              <b>reject_rhsbl_*</b>     restrictions.     See      also:
+              <b>reject_rhsbl_*</b>      restrictions.     See     also:
               <b>default_rbl_reply</b> and <b>smtpd_expansion_filter</b>.
 
        <b>reject_code</b>
-              Response  code  when  the  client  matches a <b>reject</b>
+              Response code when  the  client  matches  a  <b>reject</b>
               restriction.
 
        <b>relay_domains_reject_code</b>
@@ -484,7 +484,7 @@ SMTPD(8)                                                 SMTPD(8)
               mail relay policy.
 
        <b>unknown_address_reject_code</b>
-              Response   code   when   a   client   violates  the
+              Response  code   when   a   client   violates   the
               <b>reject_unknown_address</b> restriction.
 
        <b>unknown_client_reject_code</b>
@@ -493,15 +493,15 @@ SMTPD(8)                                                 SMTPD(8)
               tion.
 
        <b>unknown_hostname_reject_code</b>
-              Response  code   when   a   client   violates   the
+              Response   code   when   a   client   violates  the
               <b>reject_unknown_hostname</b> restriction.
 
        <b>unverified_sender_reject_code</b>
-              Response  code when a sender address is known to be
+              Response code when a sender address is known to  be
               undeliverable.
 
        <b>unverified_recipient_reject_code</b>
-              Response code when a recipient address is known  to
+              Response  code when a recipient address is known to
               be undeliverable.
 
 <b>SEE ALSO</b>
@@ -512,7 +512,7 @@ SMTPD(8)                                                 SMTPD(8)
        <a href="verify.8.html">verify(8)</a> address verification service
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>AUTHOR(S)</b>

postfix/man/man1/postsuper.1

@@ -89,8 +89,8 @@ case.
 .sp
 Note: while mail is "on hold" it will not expire when its
 time in the queue exceeds the \fBmaximal_queue_lifetime\fR
-setting. It becomes subject to expiration after it is
+or \fBbounce_queue_lifetime\fR setting. It becomes subject to
-released from "hold".
+expiration after it is released from "hold".
 .IP "\fB-H \fIqueue_id\fR"
 Release mail that was put "on hold".
 Move one message with the named queue ID from the named

postfix/man/man8/nqmgr.8

@@ -217,8 +217,11 @@ is kept in the short-term, in-memory destination status cache.
 Maximal time in seconds between delivery attempts
 of a deferred message.
 .IP \fBmaximal_queue_lifetime\fR
-Maximal time in days a message is queued
+Maximal time (default: in days) a regular message is queued
-before it is sent back as undeliverable.
+before it is considered undeliverable.
+.IP \fBbounce_queue_lifetime\fR
+Maximal time (default: in days) a bounce message is queued
+before it is considered undeliverable.
 .IP \fBqueue_run_delay\fR
 Time in seconds between deferred queue scans. Queue scans do
 not overlap.

postfix/man/man8/qmgr.8

@@ -198,8 +198,11 @@ is kept in the short-term, in-memory destination status cache.
 Maximal time in seconds between delivery attempts
 of a deferred message.
 .IP \fBmaximal_queue_lifetime\fR
-Maximal time in days a message is queued
+Maximal time (default: in days) a regular message is queued
-before it is sent back as undeliverable.
+before it is considered undeliverable.
+.IP \fBbounce_queue_lifetime\fR
+Maximal time (default: in days) a bounce message is queued
+before it is considered undeliverable.
 .IP \fBqueue_run_delay\fR
 Time in seconds between deferred queue scans. Queue scans do
 not overlap.

postfix/man/man8/smtpd.8

@@ -85,9 +85,11 @@ offered by an SMTP server.
 List of commands that are treated as NOOP (no operation) commands,
 without any parameter syntax checking and without any state change.
 This list overrides built-in command definitions.
-.SH "Content inspection controls"
+.SH "Content inspection after mail is queued"
-Optionally, Postfix can be configured to send new mail to
+.ad
-external content filter software AFTER the mail is queued.
+.fi
+Postfix can be configured to send new mail to an external
+content filter AFTER the mail is queued.
 .IP \fBcontent_filter\fR
 The name of a mail delivery transport that filters mail and that
 either bounces mail or re-injects the result back into Postfix.
@@ -110,22 +112,20 @@ content filter.
 Disable header/body_checks. This is typically specified with the
 SMTP server \fBafter\fR an external content filter.
 .RE
-.SH "Pass-through proxy"
+.SH "Content inspection before mail is queued"
 .ad
 .fi
-.ad
+The Postfix SMTP server can be configured to forward all mail
-Optionally, the Postfix SMTP server can be configured to
+to a real-time SMTP-based content filter BEFORE mail is queued.
-forward all mail to a proxy server, for example a real-time
-content filter, BEFORE mail is queued.
 .IP \fBsmtpd_proxy_filter\fR
-The \fIhost:port\fR of the SMTP proxy server. The \fIhost\fR
+The \fIhost:port\fR of the real-time SMTP-based content filter.
-or \fIhost:\fR portion is optional.
+The \fIhost\fR or \fIhost:\fR portion is optional.
 .IP \fBsmtpd_proxy_timeout\fR
 Timeout for connecting to, sending to and receiving from
-the SMTP proxy server.
+the real-time SMTP-based content filter.
 .IP \fBsmtpd_proxy_ehlo\fR
 The hostname to use when sending an EHLO command to the
-SMTP proxy server.
+real-time SMTP-based content filter.
 .SH "Authentication controls"
 .IP \fBsmtpd_sasl_auth_enable\fR
 Enable per-session authentication as per RFC 2554 (SASL).

postfix/src/global/mail_params.h

@@ -548,6 +548,10 @@ extern int var_max_backoff_time;
 #define DEF_MAX_QUEUE_TIME	"5d"
 extern int var_max_queue_time;
 
+#define VAR_DSN_QUEUE_TIME	"bounce_queue_lifetime"
+#define DEF_DSN_QUEUE_TIME	"$" VAR_MAX_QUEUE_TIME
+extern int var_dsn_queue_time;
+
 #define VAR_DELAY_WARN_TIME	"delay_warning_time"
 #define DEF_DELAY_WARN_TIME	"0h"
 extern int var_delay_warn_time;
@@ -1760,7 +1764,7 @@ extern int var_verify_pos_try;
 extern int var_verify_neg_exp;
 
 #define VAR_VERIFY_NEG_TRY		"address_verify_negative_refresh_time"
-#define DEF_VERIFY_NEG_TRY		"2h"
+#define DEF_VERIFY_NEG_TRY		"3h"
 extern int var_verify_neg_try;
 
 #define VAR_VERIFY_NEG_CACHE		"address_verify_negative_cache"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only, unless they include the same bugfix as a patch release.
   */
-#define MAIL_RELEASE_DATE	"20031224"
+#define MAIL_RELEASE_DATE	"20031226"
 
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	"2.0.16-" MAIL_RELEASE_DATE

postfix/src/global/resolve_clnt.c

@@ -166,15 +166,26 @@ void    resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply)
     /*
      * Peek at the cache.
      */
+#define IFSET(flag, text) ((reply->flags & (flag)) ? (text) : "")
+
     if (*addr && strcmp(addr, STR(last_addr)) == 0) {
 	vstring_strcpy(reply->transport, STR(last_reply.transport));
 	vstring_strcpy(reply->nexthop, STR(last_reply.nexthop));
 	vstring_strcpy(reply->recipient, STR(last_reply.recipient));
 	reply->flags = last_reply.flags;
 	if (msg_verbose)
-	    msg_info("%s: cached: `%s' -> t=`%s' h=`%s' r=`%s'",
+	    msg_info("%s: cached: `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s",
 		     myname, addr, STR(reply->transport),
-		     STR(reply->nexthop), STR(reply->recipient));
+		     STR(reply->nexthop), STR(reply->recipient),
+		     IFSET(RESOLVE_FLAG_FINAL, "final"),
+		     IFSET(RESOLVE_FLAG_ROUTED, "routed"),
+		     IFSET(RESOLVE_FLAG_ERROR, "error"),
+		     IFSET(RESOLVE_FLAG_FAIL, "fail"),
+		     IFSET(RESOLVE_CLASS_LOCAL, "local"),
+		     IFSET(RESOLVE_CLASS_ALIAS, "alias"),
+		     IFSET(RESOLVE_CLASS_VIRTUAL, "virtual"),
+		     IFSET(RESOLVE_CLASS_RELAY, "relay"),
+		     IFSET(RESOLVE_CLASS_DEFAULT, "default"));
 	return;
     }
 
@@ -208,9 +219,18 @@ void    resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply)
 			 var_rewrite_service);
 	} else {
 	    if (msg_verbose)
-		msg_info("%s: `%s' -> t=`%s' h=`%s' r=`%s'",
+		msg_info("%s: `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s",
 			 myname, addr, STR(reply->transport),
-			 STR(reply->nexthop), STR(reply->recipient));
+			 STR(reply->nexthop), STR(reply->recipient),
+			 IFSET(RESOLVE_FLAG_FINAL, "final"),
+			 IFSET(RESOLVE_FLAG_ROUTED, "routed"),
+			 IFSET(RESOLVE_FLAG_ERROR, "error"),
+			 IFSET(RESOLVE_FLAG_FAIL, "fail"),
+			 IFSET(RESOLVE_CLASS_LOCAL, "local"),
+			 IFSET(RESOLVE_CLASS_ALIAS, "alias"),
+			 IFSET(RESOLVE_CLASS_VIRTUAL, "virtual"),
+			 IFSET(RESOLVE_CLASS_RELAY, "relay"),
+			 IFSET(RESOLVE_CLASS_DEFAULT, "default"));
 	    if (STR(reply->transport)[0] == 0)
 		msg_warn("%s: null transport result for: <%s>", myname, addr);
 	    else if (STR(reply->recipient)[0] == 0 && *addr != 0)

postfix/src/master/Makefile.in

@@ -1,6 +1,6 @@
 SHELL	= /bin/sh
 SRCS	= master.c master_conf.c master_ent.c master_sig.c master_avail.c \
-	master_spawn.c master_service.c master_status.o master_listen.c \
+	master_spawn.c master_service.c master_status.c master_listen.c \
 	master_proto.c single_server.c multi_server.c master_vars.c \
 	master_wakeup.c master_flow.c mail_flow.c
 OBJS	= master.o master_conf.o master_ent.o master_sig.o master_avail.o \

postfix/src/master/master.h

@@ -106,10 +106,6 @@ extern void master_refresh(void);
  /*
   * master_vars.c
   */
-extern char *var_program_dir;
-extern int var_proc_limit;
-extern int var_use_limit;
-extern int var_idle_limit;
 extern void master_vars_init(void);
 
  /*

postfix/src/nqmgr/qmgr.c

@@ -193,8 +193,11 @@
 /*	Maximal time in seconds between delivery attempts
 /*	of a deferred message.
 /* .IP \fBmaximal_queue_lifetime\fR
-/*	Maximal time in days a message is queued
+/*	Maximal time (default: in days) a regular message is queued
-/*	before it is sent back as undeliverable.
+/*	before it is considered undeliverable.
+/* .IP \fBbounce_queue_lifetime\fR
+/*	Maximal time (default: in days) a bounce message is queued
+/*	before it is considered undeliverable.
 /* .IP \fBqueue_run_delay\fR
 /*	Time in seconds between deferred queue scans. Queue scans do
 /*	not overlap.
@@ -314,6 +317,7 @@ int     var_queue_run_delay;
 int     var_min_backoff_time;
 int     var_max_backoff_time;
 int     var_max_queue_time;
+int     var_dsn_queue_time;
 int     var_qmgr_active_limit;
 int     var_qmgr_rcpt_limit;
 int     var_qmgr_msg_rcpt_limit;
@@ -529,6 +533,7 @@ int     main(int argc, char **argv)
 	VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
 	VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0,
 	VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000,
+	VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000,
 	VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0,
 	VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0,
 	0,

postfix/src/nqmgr/qmgr_active.c

@@ -378,7 +378,8 @@ static void qmgr_active_done_2_generic(QMGR_MESSAGE *message)
      * daemon waits for the qmgr to accept the "new mail" trigger.
      */
     if (message->flags) {
-	if (event_time() >= message->arrival_time + var_max_queue_time) {
+	if (event_time() >= message->arrival_time +
+	    (*message->sender ? var_max_queue_time : var_dsn_queue_time)) {
 	    msg_info("%s: from=<%s>, status=expired, returned to sender",
 		     message->queue_id, message->sender);
 	    if (message->verp_delims == 0 || var_verp_bounce_off)

postfix/src/postsuper/postsuper.c

@@ -83,8 +83,8 @@
 /* .sp
 /*	Note: while mail is "on hold" it will not expire when its
 /*	time in the queue exceeds the \fBmaximal_queue_lifetime\fR
-/*	setting. It becomes subject to expiration after it is
+/*	or \fBbounce_queue_lifetime\fR setting. It becomes subject to 
-/*	released from "hold".
+/*	expiration after it is released from "hold".
 /* .IP "\fB-H \fIqueue_id\fR"
 /*	Release mail that was put "on hold".
 /*	Move one message with the named queue ID from the named

postfix/src/qmgr/qmgr.c

@@ -174,8 +174,11 @@
 /*	Maximal time in seconds between delivery attempts
 /*	of a deferred message.
 /* .IP \fBmaximal_queue_lifetime\fR
-/*	Maximal time in days a message is queued
+/*	Maximal time (default: in days) a regular message is queued
-/*	before it is sent back as undeliverable.
+/*	before it is considered undeliverable.
+/* .IP \fBbounce_queue_lifetime\fR
+/*	Maximal time (default: in days) a bounce message is queued
+/*	before it is considered undeliverable.
 /* .IP \fBqueue_run_delay\fR
 /*	Time in seconds between deferred queue scans. Queue scans do
 /*	not overlap.
@@ -269,6 +272,7 @@ int     var_queue_run_delay;
 int     var_min_backoff_time;
 int     var_max_backoff_time;
 int     var_max_queue_time;
+int     var_dsn_queue_time;
 int     var_qmgr_active_limit;
 int     var_qmgr_rcpt_limit;
 int     var_init_dest_concurrency;
@@ -481,6 +485,7 @@ int     main(int argc, char **argv)
 	VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
 	VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0,
 	VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000,
+	VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000,
 	VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0,
 	VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0,
 	0,

postfix/src/qmgr/qmgr_active.c

@@ -378,7 +378,8 @@ static void qmgr_active_done_2_generic(QMGR_MESSAGE *message)
      * daemon waits for the qmgr to accept the "new mail" trigger.
      */
     if (message->flags) {
-	if (event_time() >= message->arrival_time + var_max_queue_time) {
+	if (event_time() >= message->arrival_time +
+	    (*message->sender ? var_max_queue_time : var_dsn_queue_time)) {
 	    msg_info("%s: from=<%s>, status=expired, returned to sender",
 		     message->queue_id, message->sender);
 	    if (message->verp_delims == 0 || var_verp_bounce_off)

postfix/src/smtp/smtp.c

@@ -419,8 +419,8 @@ static void smtp_service(VSTREAM *client_stream, char *unused_service, char **ar
 static void pre_init(char *unused_name, char **unused_argv)
 {
     static NAME_MASK lookup_masks[] = {
-	SMTP_HOST_LOOKUP_DNS, SMTP_MASK_DNS,
+	SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS,
-	SMTP_HOST_LOOKUP_NATIVE, SMTP_MASK_NATIVE,
+	SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
 	0,
     };
 
@@ -433,7 +433,7 @@ static void pre_init(char *unused_name, char **unused_argv)
      * Select hostname lookup mechanisms.
      */
     if (var_disable_dns)
-	smtp_host_lookup_mask = SMTP_MASK_NATIVE;
+	smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
     else
 	smtp_host_lookup_mask = name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks,
 					  var_smtp_host_lookup);

postfix/src/smtp/smtp.h

@@ -82,20 +82,27 @@ typedef struct SMTP_STATE {
 #define SMTP_FEATURE_XFORWARD_PROTO	(1<<9)
 #define SMTP_FEATURE_XFORWARD_HELO	(1<<10)
 
+ /*
+  * Misc flags.
+  */
+#define SMTP_MISC_FLAG_LOOP_DETECT	(1<<0)
+
+#define SMTP_MISC_FLAG_DEFAULT		SMTP_MISC_FLAG_LOOP_DETECT
+
  /*
   * smtp.c
   */
 extern int smtp_errno;			/* XXX can we get rid of this? */
 
-#define SMTP_NONE	0		/* no error */
+#define SMTP_ERR_NONE	0		/* no error */
-#define SMTP_FAIL	1		/* permanent error */
+#define SMTP_ERR_FAIL	1		/* permanent error */
-#define SMTP_RETRY	2		/* temporary error */
+#define SMTP_ERR_RETRY	2		/* temporary error */
-#define SMTP_LOOP	3		/* MX loop */
+#define SMTP_ERR_LOOP	3		/* mailer loop */
 
 extern int smtp_host_lookup_mask;	/* host lookup methods to use */
 
-#define SMTP_MASK_DNS		(1<<0)
+#define SMTP_HOST_FLAG_DNS	(1<<0)
-#define SMTP_MASK_NATIVE	(1<<1)
+#define SMTP_HOST_FLAG_NATIVE	(1<<1)
 
  /*
   * smtp_session.c
@@ -119,7 +126,7 @@ extern int smtp_connect(SMTP_STATE *);
  /*
   * smtp_proto.c
   */
-extern int smtp_helo(SMTP_STATE *);
+extern int smtp_helo(SMTP_STATE *, int);
 extern int smtp_xfer(SMTP_STATE *);
 extern void smtp_quit(SMTP_STATE *);
 

postfix/src/smtp/smtp_addr.c

@@ -6,12 +6,14 @@
 /* SYNOPSIS
 /*	#include "smtp_addr.h"
 /*
-/*	DNS_RR *smtp_domain_addr(name, why)
+/*	DNS_RR *smtp_domain_addr(name, misc_flags, why)
 /*	char	*name;
+/*	int	misc_flags;
 /*	VSTRING	*why;
 /*
-/*	DNS_RR *smtp_host_addr(name, why)
+/*	DNS_RR *smtp_host_addr(name, misc_flags, why)
 /*	char	*name;
+/*	int	misc_flags;
 /*	VSTRING	*why;
 /* DESCRIPTION
 /*	This module implements Internet address lookups. By default,
@@ -173,7 +175,7 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref, VSTRI
     /*
      * Use DNS lookup, but keep the option open to use native name service.
      */
-    if (smtp_host_lookup_mask & SMTP_MASK_DNS) {
+    if (smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) {
 	switch (dns_lookup(host, T_A, RES_DEFNAMES, &addr, (VSTRING *) 0, why)) {
 	case DNS_OK:
 	    for (rr = addr; rr; rr = rr->next)
@@ -181,15 +183,15 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref, VSTRI
 	    addr_list = dns_rr_append(addr_list, addr);
 	    return (addr_list);
 	default:
-	    smtp_errno = SMTP_RETRY;
+	    smtp_errno = SMTP_ERR_RETRY;
 	    return (addr_list);
 	case DNS_FAIL:
-	    if (smtp_errno != SMTP_RETRY)
+	    if (smtp_errno != SMTP_ERR_RETRY)
-		smtp_errno = SMTP_FAIL;
+		smtp_errno = SMTP_ERR_FAIL;
 	    return (addr_list);
 	case DNS_NOTFOUND:
-	    if (smtp_errno != SMTP_RETRY)
+	    if (smtp_errno != SMTP_ERR_RETRY)
-		smtp_errno = SMTP_FAIL;
+		smtp_errno = SMTP_ERR_FAIL;
 	    /* maybe gethostbyname() will succeed */
 	    break;
 	}
@@ -198,18 +200,19 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref, VSTRI
     /*
      * Use the native name service which also looks in /etc/hosts.
      */
-    if (smtp_host_lookup_mask & SMTP_MASK_NATIVE) {
+    if (smtp_host_lookup_mask & SMTP_HOST_FLAG_NATIVE) {
 	memset((char *) &fixed, 0, sizeof(fixed));
 	if ((hp = gethostbyname(host)) == 0) {
 	    vstring_sprintf(why, "%s: %s", host, HSTRERROR(h_errno));
-	    if (smtp_errno != SMTP_RETRY)
+	    if (smtp_errno != SMTP_ERR_RETRY)
-		smtp_errno = (h_errno == TRY_AGAIN ? SMTP_RETRY : SMTP_FAIL);
+		smtp_errno =
+		    (h_errno == TRY_AGAIN ? SMTP_ERR_RETRY : SMTP_ERR_FAIL);
 	} else if (hp->h_addrtype != AF_INET) {
 	    vstring_sprintf(why, "%s: host not found", host);
 	    msg_warn("%s: unknown address family %d for %s",
 		     myname, hp->h_addrtype, host);
-	    if (smtp_errno != SMTP_RETRY)
+	    if (smtp_errno != SMTP_ERR_RETRY)
-		smtp_errno = SMTP_FAIL;
+		smtp_errno = SMTP_ERR_FAIL;
 	} else {
 	    while (hp->h_addr_list[0]) {
 		addr_list = dns_rr_append(addr_list,
@@ -331,7 +334,7 @@ static int smtp_compare_pref(DNS_RR *a, DNS_RR *b)
 
 /* smtp_domain_addr - mail exchanger address lookup */
 
-DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
+DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why)
 {
     DNS_RR *mx_names;
     DNS_RR *addr_list = 0;
@@ -339,7 +342,7 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
     unsigned best_pref;
     unsigned best_found;
 
-    smtp_errno = SMTP_NONE;			/* Paranoia */
+    smtp_errno = SMTP_ERR_NONE;			/* Paranoia */
 
     /*
      * Preferences from DNS use 0..32767, fall-backs use 32768+.
@@ -396,14 +399,14 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
      */
     switch (dns_lookup(name, T_MX, 0, &mx_names, (VSTRING *) 0, why)) {
     default:
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	if (var_ign_mx_lookup_err)
-	    addr_list = smtp_host_addr(name, why);
+	    addr_list = smtp_host_addr(name, misc_flags, why);
 	break;
     case DNS_FAIL:
-	smtp_errno = SMTP_FAIL;
+	smtp_errno = SMTP_ERR_FAIL;
 	if (var_ign_mx_lookup_err)
-	    addr_list = smtp_host_addr(name, why);
+	    addr_list = smtp_host_addr(name, misc_flags, why);
 	break;
     case DNS_OK:
 	mx_names = dns_rr_sort(mx_names, smtp_compare_pref);
@@ -412,24 +415,25 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
 	dns_rr_free(mx_names);
 	if (addr_list == 0) {
 	    if (var_smtp_defer_mxaddr)
-		smtp_errno = SMTP_RETRY;
+		smtp_errno = SMTP_ERR_RETRY;
 	    msg_warn("no MX host for %s has a valid A record", name);
 	    break;
 	}
 	best_found = (addr_list ? addr_list->pref : IMPOSSIBLE_PREFERENCE);
 	if (msg_verbose)
 	    smtp_print_addr(name, addr_list);
-	if ((self = smtp_find_self(addr_list)) != 0) {
+	if ((misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
+	    && (self = smtp_find_self(addr_list)) != 0) {
 	    addr_list = smtp_truncate_self(addr_list, self->pref);
 	    if (addr_list == 0) {
 		if (best_pref != best_found) {
 		    vstring_sprintf(why, "unable to find primary relay for %s",
 				    name);
-		    smtp_errno = SMTP_RETRY;
+		    smtp_errno = SMTP_ERR_RETRY;
 		} else {
 		    vstring_sprintf(why, "mail for %s loops back to myself",
 				    name);
-		    smtp_errno = SMTP_LOOP;
+		    smtp_errno = SMTP_ERR_LOOP;
 		}
 	    }
 	}
@@ -439,7 +443,7 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
 	}
 	break;
     case DNS_NOTFOUND:
-	addr_list = smtp_host_addr(name, why);
+	addr_list = smtp_host_addr(name, misc_flags, why);
 	break;
     }
 
@@ -451,11 +455,11 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
 
 /* smtp_host_addr - direct host lookup */
 
-DNS_RR *smtp_host_addr(char *host, VSTRING *why)
+DNS_RR *smtp_host_addr(char *host, int misc_flags, VSTRING *why)
 {
     DNS_RR *addr_list;
 
-    smtp_errno = SMTP_NONE;			/* Paranoia */
+    smtp_errno = SMTP_ERR_NONE;			/* Paranoia */
 
     /*
      * If the host is specified by numerical address, just convert the
@@ -463,14 +467,14 @@ DNS_RR *smtp_host_addr(char *host, VSTRING *why)
      */
 #define PREF0	0
     addr_list = smtp_addr_one((DNS_RR *) 0, host, PREF0, why);
-#if 0
+    if (addr_list
-    if (addr_list && smtp_find_self(addr_list) != 0) {
+	&& (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
+	&& smtp_find_self(addr_list) != 0) {
 	dns_rr_free(addr_list);
 	vstring_sprintf(why, "mail for %s loops back to myself", host);
-	smtp_errno = SMTP_LOOP;
+	smtp_errno = SMTP_ERR_LOOP;
 	return (0);
     }
-#endif
     if (addr_list && addr_list->next && var_smtp_rand_addr)
 	addr_list = dns_rr_shuffle(addr_list);
     if (msg_verbose)

postfix/src/smtp/smtp_addr.h

@@ -16,8 +16,8 @@
  /*
   * Internal interfaces.
   */
-extern DNS_RR *smtp_host_addr(char *, VSTRING *);
+extern DNS_RR *smtp_host_addr(char *, int, VSTRING *);
-extern DNS_RR *smtp_domain_addr(char *, VSTRING *);
+extern DNS_RR *smtp_domain_addr(char *, int, VSTRING *);
 
 /* LICENSE
 /* .ad

postfix/src/smtp/smtp_connect.c

@@ -9,8 +9,8 @@
 /*	int	smtp_connect(state)
 /*	SMTP_STATE *state;
 /* DESCRIPTION
-/*	This module implements SMTP connection management and mail
+/*	This module implements SMTP connection management and controls
-/*	delivery.
+/*	mail delivery.
 /*
 /*	smtp_connect() attempts to establish an SMTP session with a host
 /*	that represents the destination domain, or with an optional fallback
@@ -62,7 +62,7 @@
 #endif
 
 #ifndef INADDR_NONE
-#define INADDR_NONE 0xffffff
+#define INADDR_NONE 0xffffffff
 #endif
 
 /* Utility library. */
@@ -111,14 +111,14 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     int     ch;
     unsigned long inaddr;
 
-    smtp_errno = SMTP_NONE;			/* Paranoia */
+    smtp_errno = SMTP_ERR_NONE;			/* Paranoia */
 
     /*
      * Sanity checks.
      */
     if (addr->data_len > sizeof(sin.sin_addr)) {
 	msg_warn("%s: skip address with length %d", myname, addr->data_len);
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	return (0);
     }
 
@@ -184,7 +184,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     if (conn_stat < 0) {
 	vstring_sprintf(why, "connect to %s[%s]: %m",
 			addr->name, inet_ntoa(sin.sin_addr));
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	close(sock);
 	return (0);
     }
@@ -195,7 +195,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     if (read_wait(sock, var_smtp_helo_tmout) < 0) {
 	vstring_sprintf(why, "connect to %s[%s]: read timeout",
 			addr->name, inet_ntoa(sin.sin_addr));
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	close(sock);
 	return (0);
     }
@@ -207,7 +207,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) {
 	vstring_sprintf(why, "connect to %s[%s]: server dropped connection without sending the initial SMTP greeting",
 			addr->name, inet_ntoa(sin.sin_addr));
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	vstream_fclose(stream);
 	return (0);
     }
@@ -219,7 +219,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     if (ch == '4' && var_smtp_skip_4xx_greeting) {
 	vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
 			addr->name, inet_ntoa(sin.sin_addr));
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	vstream_fclose(stream);
 	return (0);
     }
@@ -230,7 +230,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     if (ch == '5' && var_smtp_skip_5xx_greeting) {
 	vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
 			addr->name, inet_ntoa(sin.sin_addr));
-	smtp_errno = SMTP_RETRY;
+	smtp_errno = SMTP_ERR_RETRY;
 	vstream_fclose(stream);
 	return (0);
     }
@@ -290,6 +290,7 @@ int     smtp_connect(SMTP_STATE *state)
     DNS_RR *next;
     int     addr_count;
     int     sess_count;
+    int     misc_flags = SMTP_MISC_FLAG_DEFAULT;
 
     /*
      * First try to deliver to the indicated destination, then try to deliver
@@ -336,10 +337,14 @@ int     smtp_connect(SMTP_STATE *state)
 	 */
 	if (msg_verbose)
 	    msg_info("connecting to %s port %d", host, ntohs(port));
+	if (ntohs(port) != 25)
+	    misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT;
+	else
+	    misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT;
 	if (var_disable_dns || *dest == '[') {
-	    addr_list = smtp_host_addr(host, why);
+	    addr_list = smtp_host_addr(host, misc_flags, why);
 	} else {
-	    addr_list = smtp_domain_addr(host, why);
+	    addr_list = smtp_domain_addr(host, misc_flags, why);
 	}
 	myfree(dest_buf);
 
@@ -347,20 +352,18 @@ int     smtp_connect(SMTP_STATE *state)
 	 * Don't try any backup host if mail loops to myself. That would just
 	 * make the problem worse.
 	 */
-	if (addr_list == 0 && smtp_errno == SMTP_LOOP)
+	if (addr_list == 0 && smtp_errno == SMTP_ERR_LOOP)
 	    break;
 
 	/*
-	 * Connect to an SMTP server. XXX Limit the number of addresses that
+	 * Connect to an SMTP server.
-	 * we're willing to try for a non-fallback destination.
 	 * 
 	 * At the start of an SMTP session, all recipients are unmarked. In the
 	 * course of an SMTP session, recipients are marked as KEEP (deliver
-	 * to backup mail server) or DROP (remove from recipient list). The
+	 * to alternate mail server) or DROP (remove from recipient list). At
-	 * marking policy is configurable with the smtp_backup_on_soft_error
+	 * the end of an SMTP session, weed out the recipient list. Unmark
-	 * parameter. At the end of an SMTP session, weed out the recipient
+	 * any left-over recipients and try to deliver them to a backup mail
-	 * list. Unmark any left-over recipients and try to deliver them to a
+	 * server.
-	 * backup mail server.
 	 */
 	sess_count = addr_count = 0;
 	for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
@@ -373,7 +376,7 @@ int     smtp_connect(SMTP_STATE *state)
 		state->final_server = (cpp[1] == 0 && next == 0);
 		state->session->best = (addr->pref == addr_list->pref);
 		debug_peer_check(state->session->host, state->session->addr);
-		if (smtp_helo(state) == 0)
+		if (smtp_helo(state, misc_flags) == 0)
 		    smtp_xfer(state);
 		if (state->history != 0
 		    && (state->error_mask & name_mask(VAR_NOTIFY_CLASSES,
@@ -404,8 +407,8 @@ int     smtp_connect(SMTP_STATE *state)
 	default:
 	    msg_panic("smtp_connect: bad error indication %d", smtp_errno);
 
-	case SMTP_LOOP:
+	case SMTP_ERR_LOOP:
-	case SMTP_FAIL:
+	case SMTP_ERR_FAIL:
 
 	    /*
 	     * The fall-back destination did not resolve as expected, or it
@@ -413,7 +416,7 @@ int     smtp_connect(SMTP_STATE *state)
 	     */
 	    if (sites->argc > 1 && cpp > sites->argv) {
 		msg_warn("%s configuration problem", VAR_FALLBACK_RELAY);
-		smtp_errno = SMTP_RETRY;
+		smtp_errno = SMTP_ERR_RETRY;
 	    }
 
 	    /*
@@ -422,14 +425,14 @@ int     smtp_connect(SMTP_STATE *state)
 	     */
 	    else if (strcmp(sites->argv[0], var_relayhost) == 0) {
 		msg_warn("%s configuration problem", VAR_RELAYHOST);
-		smtp_errno = SMTP_RETRY;
+		smtp_errno = SMTP_ERR_RETRY;
 	    }
 
 	    /*
 	     * Mail for the next-hop destination loops back to myself. Pass
 	     * the mail to the best_mx_transport or bounce it.
 	     */
-	    else if (smtp_errno == SMTP_LOOP && *var_bestmx_transp) {
+	    else if (smtp_errno == SMTP_ERR_LOOP && *var_bestmx_transp) {
 		state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
 						 var_bestmx_transp,
 						 request);
@@ -438,14 +441,14 @@ int     smtp_connect(SMTP_STATE *state)
 	    }
 	    /* FALLTHROUGH */
 
-	case SMTP_RETRY:
+	case SMTP_ERR_RETRY:
 
 	    /*
 	     * We still need to bounce or defer some left-over recipients:
 	     * either mail loops or some backup mail server was unavailable.
 	     */
 	    state->final_server = 1;		/* XXX */
-	    smtp_site_fail(state, smtp_errno == SMTP_RETRY ? 450 : 550,
+	    smtp_site_fail(state, smtp_errno == SMTP_ERR_RETRY ? 450 : 550,
 			   "%s", vstring_str(why));
 
 	    /*

postfix/src/smtp/smtp_proto.c

@@ -167,7 +167,7 @@ char   *xfer_request[SMTP_STATE_LAST] = {
 
 /* smtp_helo - perform initial handshake with SMTP server */
 
-int     smtp_helo(SMTP_STATE *state)
+int     smtp_helo(SMTP_STATE *state, int misc_flags)
 {
     SMTP_SESSION *session = state->session;
     DELIVER_REQUEST *request = state->request;
@@ -218,8 +218,9 @@ int     smtp_helo(SMTP_STATE *state)
     (void) mystrtok(&words, "- \t\n");
     for (n = 0; (word = mystrtok(&words, " \t\n")) != 0; n++) {
 	if (n == 0 && strcasecmp(word, var_myhostname) == 0) {
-	    msg_warn("host %s greeted me with my own hostname %s",
+	    if (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
-		     session->namaddr, var_myhostname);
+		msg_warn("host %s greeted me with my own hostname %s",
+			 session->namaddr, var_myhostname);
 	} else if (strcasecmp(word, "ESMTP") == 0)
 	    state->features |= SMTP_FEATURE_ESMTP;
     }
@@ -283,11 +284,13 @@ int     smtp_helo(SMTP_STATE *state)
 		smtp_sasl_helo_auth(state, words);
 #endif
 	    else if (strcasecmp(word, var_myhostname) == 0) {
-		msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
+		if (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT) {
-			 session->namaddr, var_myhostname);
+		    msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
-		return (smtp_site_fail(state, session->best ? 550 : 450,
+			     session->namaddr, var_myhostname);
-				       "mail for %s loops back to myself",
+		    return (smtp_site_fail(state, session->best ? 550 : 450,
-				       request->nexthop));
+					 "mail for %s loops back to myself",
+					   request->nexthop));
+		}
 	    }
 	}
     }

postfix/src/smtp/smtp_rcpt.c

@@ -36,7 +36,7 @@
 /* .IP \(bu
 /*	In the course of a delivery attempt each recipient is
 /*	marked either as DROP (remove from recipient list) or KEEP
-/*	(deliver to backup mail server). 
+/*	(deliver to alternate mail server). 
 /* .IP \(bu
 /*	After a delivery attempt any recipients marked DROP are deleted 
 /*	from the request, and the left-over recipients are unmarked.

postfix/src/smtpd/smtpd.c

@@ -71,9 +71,11 @@
 /*	List of commands that are treated as NOOP (no operation) commands,
 /*	without any parameter syntax checking and without any state change.
 /*	This list overrides built-in command definitions.
-/* .SH "Content inspection controls"
+/* .SH "Content inspection after mail is queued"
-/*	Optionally, Postfix can be configured to send new mail to
+/* .ad
-/*	external content filter software AFTER the mail is queued.
+/* .fi
+/*	Postfix can be configured to send new mail to an external
+/*	content filter AFTER the mail is queued.
 /* .IP \fBcontent_filter\fR
 /*	The name of a mail delivery transport that filters mail and that
 /*	either bounces mail or re-injects the result back into Postfix.
@@ -96,22 +98,20 @@
 /*	Disable header/body_checks. This is typically specified with the
 /*	SMTP server \fBafter\fR an external content filter.
 /* .RE
-/* .SH "Pass-through proxy"
+/* .SH "Content inspection before mail is queued"
 /* .ad
 /* .fi
-/* .ad
+/*	The Postfix SMTP server can be configured to forward all mail
-/*	Optionally, the Postfix SMTP server can be configured to
+/*	to a real-time SMTP-based content filter BEFORE mail is queued.
-/*	forward all mail to a proxy server, for example a real-time
-/*	content filter, BEFORE mail is queued.
 /* .IP \fBsmtpd_proxy_filter\fR
-/*	The \fIhost:port\fR of the SMTP proxy server. The \fIhost\fR
+/*	The \fIhost:port\fR of the real-time SMTP-based content filter.
-/*	or \fIhost:\fR portion is optional.
+/*	The \fIhost\fR or \fIhost:\fR portion is optional.
 /* .IP \fBsmtpd_proxy_timeout\fR
 /*	Timeout for connecting to, sending to and receiving from
-/*	the SMTP proxy server.
+/*	the real-time SMTP-based content filter.
 /* .IP \fBsmtpd_proxy_ehlo\fR
 /*	The hostname to use when sending an EHLO command to the
-/*	SMTP proxy server.
+/*	real-time SMTP-based content filter.
 /* .SH "Authentication controls"
 /* .IP \fBsmtpd_sasl_auth_enable\fR
 /*	Enable per-session authentication as per RFC 2554 (SASL).
@@ -966,12 +966,14 @@ static char *extract_addr(SMTPD_STATE *state, SMTPD_TOKEN *arg,
      * Report trouble. Log a warning only if we are going to sleep+reject so
      * that attackers can't flood our logfiles.
      */
-    if ((arg->strval[0] == 0 && !allow_empty_addr)
+    if (err == 0)
-	|| (strict_rfc821 && arg->strval[0] == '@')) {
+	if ((arg->strval[0] == 0 && !allow_empty_addr)
-	msg_warn("Illegal address syntax from %s in %s command: %s",
+	    || (strict_rfc821 && arg->strval[0] == '@')
-		 state->namaddr, state->where, STR(arg->vstrval));
+	    || smtpd_check_addr(STR(arg->vstrval)) != 0) {
-	err = "501 Bad address syntax";
+	    msg_warn("Illegal address syntax from %s in %s command: %s",
-    }
+		     state->namaddr, state->where, STR(arg->vstrval));
+	    err = "501 Bad address syntax";
+	}
 
     /*
      * Cleanup.
@@ -1243,6 +1245,12 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
     } else if (state->cleanup == 0) {
 	mail_open_stream(state);
     }
+
+    /*
+     * Proxy the recipient. OK, so we lied. If the real-time proxy rejects
+     * the recipient then we can have a proxy connection without having
+     * accepted a recipient.
+     */
     if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK,
 					"%s", STR(state->buffer)) != 0) {
 	smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
@@ -1343,9 +1351,6 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
      * Terminate the message envelope segment. Start the message content
      * segment, and prepend our own Received: header. If there is only one
      * recipient, list the recipient address.
-     * 
-     * Suppress our own Received: header in the unlikely case that we are an
-     * intermediate proxy.
      */
     if (state->cleanup) {
 	if (state->saved_filter)
@@ -1356,6 +1361,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 	    rec_fprintf(state->cleanup, REC_TYPE_FLGS, "%d", state->saved_flags);
 	rec_fputs(state->cleanup, REC_TYPE_MESG, "");
     }
+
+    /*
+     * Suppress our own Received: header in the unlikely case that we are an
+     * intermediate proxy.
+     */
     if (!state->proxy || state->xforward.flags == 0) {
 	out_fprintf(out_stream, REC_TYPE_NORM,
 		    "Received: from %s (%s [%s])",
@@ -1389,7 +1399,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 
     /*
      * Copy the message content. If the cleanup process has a problem, keep
-     * reading until the remote stops sending, then complain. Read typed
+     * reading until the remote stops sending, then complain. Produce typed
      * records from the SMTP stream so we can handle data that spans buffers.
      * 
      * XXX Force an empty record when the queue file content begins with

postfix/src/smtpd/smtpd.h

@@ -56,35 +56,39 @@ typedef struct {
 } SMTPD_XFORWARD_ATTR;
 
 typedef struct SMTPD_STATE {
-    int     err;
+    int     err;			/* cleanup server/queue file errors */
-    VSTREAM *client;
+    VSTREAM *client;			/* SMTP client handle */
-    VSTRING *buffer;
+    VSTRING *buffer;			/* SMTP client buffer */
-    time_t  time;
+    time_t  time;			/* start of MAIL FROM transaction */
-    char   *name;
+    char   *name;			/* client hostname */
-    char   *addr;
+    char   *addr;			/* client host address string */
-    char   *namaddr;
+    char   *namaddr;			/* combined name and address */
     int     peer_code;			/* 2=ok, 4=soft, 5=hard */
-    int     error_count;
+    int     error_count;		/* reset after DOT */
-    int     error_mask;
+    int     error_mask;			/* client errors */
-    int     notify_mask;
+    int     notify_mask;		/* what to report to postmaster */
-    char   *helo_name;
+    char   *helo_name;			/* client HELO/EHLO argument */
-    char   *queue_id;
+    char   *queue_id;			/* from cleanup server/queue file */
-    VSTREAM *cleanup;
+    VSTREAM *cleanup;			/* cleanup server/queue file handle */
-    MAIL_STREAM *dest;
+    MAIL_STREAM *dest;			/* another server/file handle */
-    int     rcpt_count;
+    int     rcpt_count;			/* number of accepted recipients */
-    char   *access_denied;
+    char   *access_denied;		/* fixme */
-    ARGV   *history;
+    ARGV   *history;			/* protocol transcript */
-    char   *reason;
+    char   *reason;			/* cause of connection loss */
-    char   *sender;
+    char   *sender;			/* sender address */
     char   *encoding;			/* owned by mail_cmd() */
     char   *verp_delims;		/* owned by mail_cmd() */
-    char   *recipient;
+    char   *recipient;			/* recipient address */
-    char   *etrn_name;
+    char   *etrn_name;			/* client ETRN argument */
-    char   *protocol;
+    char   *protocol;			/* SMTP or ESMTP */
-    char   *where;
+    char   *where;			/* protocol stage */
-    int     recursion;
+    int     recursion;			/* Kellerspeicherpegelanzeiger */
-    off_t   msg_size;
+    off_t   msg_size;			/* MAIL FROM message size */
-    int     junk_cmds;
+    int     junk_cmds;			/* counter */
+
+    /*
+     * SASL specific.
+     */
 #ifdef USE_SASL_AUTH
 #if SASL_VERSION_MAJOR >= 2
     const char *sasl_mechanism_list;
@@ -98,6 +102,10 @@ typedef struct SMTPD_STATE {
     VSTRING *sasl_encoded;
     VSTRING *sasl_decoded;
 #endif
+
+    /*
+     * Specific to smtpd access checks.
+     */
     int     rcptmap_checked;
     int     warn_if_reject;		/* force reject into warning */
     SMTPD_DEFER defer_if_reject;	/* force reject into deferral */
@@ -111,13 +119,17 @@ typedef struct SMTPD_STATE {
     int     saved_flags;		/* postponed hold/discard */
     VSTRING *expand_buf;		/* scratch space for $name expansion */
 
-    /* Pass-through proxy client.  */
+    /*
+     * Pass-through proxy client.
+     */
     VSTREAM *proxy;			/* proxy handle */
     VSTRING *proxy_buffer;		/* proxy query/reply buffer */
     char   *proxy_mail;			/* owned by mail_cmd() */
     int     proxy_xforward_features;	/* XFORWARD proxy state */
 
-    /* XFORWARD server state. */
+    /*
+     * XFORWARD server state.
+     */
     SMTPD_XFORWARD_ATTR xforward;	/* up-stream logging info */
 } SMTPD_STATE;
 
@@ -221,9 +233,9 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
 #define FORWARD_HELO(s)		FORWARD_CLIENT_ATTR((s), helo_name)
 #define FORWARD_IDENT(s)	FORWARD_IDENT_ATTR(s)
 
-extern void smtpd_xforward_init(SMTPD_STATE *state);
+extern void smtpd_xforward_init(SMTPD_STATE *);
-extern void smtpd_xforward_preset(SMTPD_STATE *state);
+extern void smtpd_xforward_preset(SMTPD_STATE *);
-extern void smtpd_xforward_reset(SMTPD_STATE *state);
+extern void smtpd_xforward_reset(SMTPD_STATE *);
 
  /*
   * Transparency: before mail is queued, do we check for unknown recipients,

postfix/src/smtpd/smtpd_check.c

@@ -9,6 +9,9 @@
 /*
 /*	void	smtpd_check_init()
 /*
+/*	int	smtpd_check_addr(address)
+/*	const char *address;
+/*
 /*	char	*smtpd_check_client(state)
 /*	SMTPD_STATE *state;
 /*
@@ -39,6 +42,9 @@
 /*	smtpd_check_init() initializes. This function should be called
 /*	once during the process life time.
 /*
+/*	smtpd_check_addr() sanity checks an email address and returns
+/*	non-zero in case of badness.
+/*
 /*	Each of the following routines scrutinizes the argument passed to
 /*	an SMTP command such as HELO, MAIL FROM, RCPT TO, or scrutinizes
 /*	the initial client connection request.  The administrator can
@@ -3404,6 +3410,31 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
     return (status);
 }
 
+/* smtpd_check_addr - address sanity check */
+
+int     smtpd_check_addr(const char *addr)
+{
+    const RESOLVE_REPLY *resolve_reply;
+    char   *myname = "smtpd_check_addr";
+    int     status;
+
+    if (msg_verbose)
+	msg_info("%s: addr=%s", myname, addr);
+
+    /*
+     * Catch syntax errors early on if we can, but be prepared to re-compute
+     * the result later when the cache fills up with lots of recipients, at
+     * which time errors can still happen.
+     */
+    if (addr == 0 || *addr == 0)
+	return (0);
+    resolve_reply = (const RESOLVE_REPLY *)
+	ctable_locate(smtpd_resolve_cache, addr);
+    if (resolve_reply->flags & RESOLVE_FLAG_ERROR)
+	return (-1);
+    return (0);
+}
+
 /* smtpd_check_client - validate client name or address */
 
 char   *smtpd_check_client(SMTPD_STATE *state)

postfix/src/smtpd/smtpd_check.h

@@ -13,6 +13,7 @@
   * External interface.
   */
 extern void smtpd_check_init(void);
+extern int smtpd_check_addr(const char *);
 extern char *smtpd_check_client(SMTPD_STATE *);
 extern char *smtpd_check_helo(SMTPD_STATE *, char *);
 extern char *smtpd_check_mail(SMTPD_STATE *, char *);

postfix/src/trivial-rewrite/resolve.c

@@ -357,7 +357,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr,
     tok822_internalize(nextrcpt, tree, TOK822_STR_DEFL);
     rcpt_domain = strrchr(STR(nextrcpt), '@') + 1;
     if (*rcpt_domain == '[' ? !valid_hostliteral(rcpt_domain, DONT_GRIPE) :
-	!valid_hostname(rcpt_domain, DONT_GRIPE))
+	(!valid_hostname(rcpt_domain, DONT_GRIPE)
+	 || valid_hostaddr(rcpt_domain, DONT_GRIPE)))
 	*flags |= RESOLVE_FLAG_ERROR;
     tok822_free_tree(tree);
     tree = 0;
@@ -412,7 +413,7 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr,
 #if 0
 		if (strcasecmp(rcpt_domain, var_myorigin) == 0)
 		    msg_warn("do not list $%s (%s) in %s",
-			     VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS);
+			   VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS);
 #endif
 	    }
 	    vstring_strcpy(channel, MAIL_SERVICE_ERROR);