postfix-3.1-20150913

2025-08-29 13:18:12 +00:00 · 2015-09-13 00:00:00 -05:00 · 2015-09-13 00:00:00 -05:00 · e23b4ac7fd
commit e23b4ac7fd
parent 7c40345f5a
45 changed files with 363 additions and 138 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -21876,3 +21876,48 @@ Apologies for any names omitted.
 	TLS session tickets are supported as of OpenSSL 0.9.8h (May
 	2008).  Files: mantools/postlink, proto/TLS_README.html,
 	proto/postconf.proto.
 20150831
 	Cleanup: obsolete comments in Makefile.init.
 20150903
 	Workaround: disable DNSSEC support for AIX 7x and earlier.
 	The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
 	defining the "ad" bit.  Viktor Dukhovni.  Files: makedefs,
 	proto/INSTALL.html, dns/dns.h.
 20150912
 	Future-proofing and code cleanup: exploit GCC and Clang
 	"warn_unused_result" feature to flag missing error checks.
 	Files: util/sys_defs.h, util/attr.h, util/edit_file.h,
 	util/listen.h, util/lstat_as.h, util/mac_expand.h,
 	util/mac_parse.h, util/myaddrinfo.h, util/myflock.h,
 	util/sane_fsops.h, util/sane_socketpair.h, util/stat_as.h,
 	util/base32_code.h, util/base64_code.h, util/hex_code.h,
 	util/timed_wait.h, util/vstream.h, src/util/vstring_vstream.h.
 	Cleanup: incomplete error check. Found with WARN_UNUSED_RESULT
 	check. File: util/recv_pass_attr.c.
 	Future-proofing: added type mis-match detection for
 	ATTR_TYPE_FUNC function-pointer arguments. File: util/attr.h.
 	Cleanup: don't ignore seek-to-end-of-file errors.  File:
 	global/record.c.
 	Cleanup: use vstream_fpurge() to purge VSTREAM buffers,
 	instead of calling vstream_fseek() and ignoring ESPIPE
 	errors.  File: smtpstone/qmqp-sink.c.
 20150913
 	Feature: SMTPD policy service "policy_context" attribute
 	and smtpd_policy_service_policy_context main.cf parameter.
 	Originally, to share the same SMTPD service endpoint among
 	multiple check_policy_service clients. Markus Benning.
 	Files: mantools/postlink, proto/SMTPD_POLICY_README.html,
 	proto/postconf.proto, global/mail_params.h, global/mail_proto.h,
 	smtpd/smtpd.c, smtpd/smtpd_check.c.
--- a/postfix/INSTALL
+++ b/postfix/INSTALL
@ -539,6 +539,9 @@ The following is an extensive list of names and values.
 ||			       |probably should also override DEF_DB_TYPE as  |
 ||			       |described in section 4.6.		      |
 ||_____________________________|______________________________________________|
 ||-DNO_DNSSEC		       |Do not build with DNSSEC support, even if the |
 ||			       |resolver library appears to support it.       |
 ||_____________________________|______________________________________________|
 ||			       |Do not build with Solaris /dev/poll support.  |
 ||-DNO_DEVPOLL		       |By default, /dev/poll support is compiled in  |
 ||			       |on Solaris versions that are known to support |
--- a/postfix/Makefile.init
+++ b/postfix/Makefile.init
@ -1,7 +1,8 @@
 # Usage: 
-#	make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags]
+#	make makefiles [name=value]...
 #
-# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples:
+# See makedefs for a descripton of available options.
 # Examples:
 #
 #	make makefiles
 #	make makefiles CC="purify cc"
--- a/postfix/README_FILES/INSTALL
+++ b/postfix/README_FILES/INSTALL
@ -539,6 +539,9 @@ The following is an extensive list of names and values.
 ||                             |probably should also override DEF_DB_TYPE as  |
 ||                             |described in section 4.6.                     |
 |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 ||-DNO_DNSSEC                  |Do not build with DNSSEC support, even if the |
 ||                             |resolver library appears to support it.       |
 |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 ||                             |Do not build with Solaris /dev/poll support.  |
 ||-DNO_DEVPOLL                 |By default, /dev/poll support is compiled in  |
 ||                             |on Solaris versions that are known to support |
--- a/postfix/README_FILES/SMTPD_POLICY_README
+++ b/postfix/README_FILES/SMTPD_POLICY_README
@ -76,6 +76,8 @@ a delegated SMTPD access policy request:
    ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
    PPoossttffiixx vveerrssiioonn 33..00 aanndd llaatteerr::
    client_port=1234
    PPoossttffiixx vveerrssiioonn 33..11 aanndd llaatteerr::
    policy_context=submission
    [empty line]
 Notes:
@ -145,6 +147,9 @@ Notes:
  * The "stress" attribute is either empty or "yes". See the STRESS_README
    document for further information.
  * The "policy_context" attribute provides a way to pass information that is
    not available via other attributes (Postfix version 3.1 and later).
 The following is specific to SMTPD delegated policy requests:
  * Protocol names are ESMTP or SMTP.
@ -276,6 +281,12 @@ protocol:
    to resend a failed SMTPD policy service request. Available with Postfix 3.0
    and later.
  * smtpd_policy_service_policy_context (default: empty): Optional information
    that is passed in the "policy_context" attribute of an SMTPD policy service
    request (originally, to share the same SMTPD service endpoint among
    multiple check_policy_service clients). Available with Postfix 3.1 and
    later.
 Configuration parameters that control the server side of the policy delegation
 protocol:
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@ -13,6 +13,12 @@ Wish list:
 	Postfix 3.0: In the DNS client, save/restore h_errno in the
 	multi-query functions.
 	Specify WARN_UNUSED_RESULT for all library functions that
 	pass, deliver, bounce or defer a delivery request.
 	Specify WARN_UNUSED_RESULT for mac_expand(), after making
 	smtp_reply_footer() undoable.
 	Type-checking wrappers for htable(3), ctable(3) and other
 	modules that take and return a void* pointer.
@ -22,9 +28,6 @@ Wish list:
 	relevant only for fingerprint-based authentication including
 	DANE, and affects logging, SMTPD policy, and Milters.
 	Exploit GCC 3.4+ __attribute__((warn_unused_result)) to
 	warn about unused function result values.
 	Generalize the daemon '-S' stand-alone mode, so that it can
 	be used with custom configuration files for request/reply
 	regression testing.
--- a/postfix/html/INSTALL.html
+++ b/postfix/html/INSTALL.html
@ -810,6 +810,10 @@ platforms that are known to support this feature. If you override
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.6.  </td> </tr>
 <tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
 support, even if the resolver library appears to support it. </td>
 </tr>
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@ -108,6 +108,8 @@ stress=
 ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 <b>Postfix version 3.0 and later:</b>
 client_port=1234
 <b>Postfix version 3.1 and later:</b>
 policy_context=submission
 [empty line]
 </pre>
 </blockquote>
@ -195,6 +197,10 @@ client_port=1234
    <li> <p> The "stress" attribute is either empty or "yes".  See
    the <a href="STRESS_README.html">STRESS_README</a> document for further information. </p>
    <li> <p> The "policy_context" attribute provides a way to pass
    information that is not available via other attributes (Postfix
    version 3.1 and later). </p>
 </ul>
 <p> The following is specific to SMTPD delegated policy requests:
@ -367,6 +373,12 @@ giving up.  Available with Postfix 3.0 and later.  </p>
 between attempts to resend a failed SMTPD policy service request.
 Available with Postfix 3.0 and later.  </p>
 <li> <p> <a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (default: empty):
 Optional information that is passed in the "policy_context" attribute
 of an SMTPD policy service request (originally, to share the same
 SMTPD service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
 Available with Postfix 3.1 and later.  </p>
 </ul>
 <p> Configuration parameters that control the server side of the
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -2956,6 +2956,10 @@ returns the server response in an application buffer even if the
 requested record does not exist. If this promise is broken, specify
 "yes" to enable a  workaround for DNS reputation lookups. </p>
 <p>
 This feature is available in Postfix 3.1 and later.
 </p>
 </DD>
@ -14633,6 +14637,21 @@ This feature is available in Postfix 2.1 and later.
 </p>
 </DD>
 <DT><b><a name="smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a>
 (default: empty)</b></DT><DD>
 <p> Optional information that the Postfix SMTP server specifies in
 the "policy_context" attribute of a policy service request (originally,
 to share the same service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a>
 clients).  </p>
 <p>
 This feature is available in Postfix 3.1 and later.
 </p>
 </DD>
 <DT><b><a name="smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a>
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@ -910,62 +910,70 @@ SMTPD(8)                                                              SMTPD(8)
              The  delay between attempts to resend a failed SMTPD policy ser-
              vice request.
       Available in Postfix version 3.1 and later:
       <b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b>
              Optional information that the Postfix SMTP server  specifies  in
              the  "policy_context"  attribute  of  a  policy  service request
              (originally, to share the same service endpoint  among  multiple
              <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
 <b>ACCESS CONTROLS</b>
-       The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the  SMTP
+       The  <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
       server access control features.
       <b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
-              Wait    until    the   RCPT   TO   command   before   evaluating
+              Wait   until   the   RCPT   TO   command    before    evaluating
              $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>,     $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>     and
              $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>,  or  wait  until  the  ETRN  command
-              before      evaluating      $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>       and
+              before       evaluating      $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>      and
              $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
       <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
-              A  list of Postfix features where the pattern "example.com" also
+              A list of Postfix features where the pattern "example.com"  also
-              matches subdomains  of  example.com,  instead  of  requiring  an
+              matches  subdomains  of  example.com,  instead  of  requiring an
              explicit ".example.com" pattern.
       <b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
-              Optional  restrictions  that  the Postfix SMTP server applies in
+              Optional restrictions that the Postfix SMTP  server  applies  in
              the context of a client connection request.
       <b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
-              Require that a remote SMTP client  introduces  itself  with  the
+              Require  that  a  remote  SMTP client introduces itself with the
-              HELO  or  EHLO  command before sending the MAIL command or other
+              HELO or EHLO command before sending the MAIL  command  or  other
              commands that require EHLO negotiation.
       <b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
-              Optional restrictions that the Postfix SMTP  server  applies  in
+              Optional  restrictions  that  the Postfix SMTP server applies in
              the context of a client HELO command.
       <b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
-              Optional  restrictions  that  the Postfix SMTP server applies in
+              Optional restrictions that the Postfix SMTP  server  applies  in
              the context of a client MAIL FROM command.
       <b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
-              Optional restrictions that the Postfix SMTP  server  applies  in
+              Optional  restrictions  that  the Postfix SMTP server applies in
-              the    context    of   a   client   RCPT   TO   command,   after
+              the   context   of   a   client   RCPT   TO    command,    after
              <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
       <b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
-              Optional restrictions that the Postfix SMTP  server  applies  in
+              Optional  restrictions  that  the Postfix SMTP server applies in
              the context of a client ETRN command.
       <b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
-              Forward       mail       with      sender-specified      routing
+              Forward      mail      with       sender-specified       routing
-              (user[@%!]remote[@%!]site) from untrusted  clients  to  destina-
+              (user[@%!]remote[@%!]site)  from  untrusted  clients to destina-
              tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
       <b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
              User-defined aliases for groups of access restrictions.
       <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
-              The  lookup  key  to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
+              The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a>  tables  instead  of
              the null sender address.
       <b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
-              Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature  to
+              Restrict  the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
              only domains whose primary MX hosts match the listed networks.
       Available in Postfix version 2.0 and later:
@ -975,19 +983,19 @@ SMTPD(8)                                                              SMTPD(8)
              applies in the context of the SMTP DATA command.
       <b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
-              What characters are allowed in $name  expansions  of  RBL  reply
+              What  characters  are  allowed  in $name expansions of RBL reply
              templates.
       Available in Postfix version 2.1 and later:
       <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
-              Request  that  the Postfix SMTP server rejects mail from unknown
+              Request that the Postfix SMTP server rejects mail  from  unknown
-              sender addresses, even when no  explicit  <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+              sender  addresses,  even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
              access restriction is specified.
       <b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
-              Request  that  the  Postfix SMTP server rejects mail for unknown
+              Request that the Postfix SMTP server rejects  mail  for  unknown
-              recipient     addresses,     even     when      no      explicit
+              recipient      addresses,      even     when     no     explicit
              <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
       Available in Postfix version 2.2 and later:
@ -1001,17 +1009,17 @@ SMTPD(8)                                                              SMTPD(8)
       <b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
       <b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
              Access restrictions for mail relay control that the Postfix SMTP
-              server  applies  in  the  context of the RCPT TO command, before
+              server applies in the context of the  RCPT  TO  command,  before
              <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
 <b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
-       Postfix version 2.1 introduces sender and recipient  address  verifica-
+       Postfix  version  2.1 introduces sender and recipient address verifica-
       tion.  This feature is implemented by sending probe email messages that
       are  not  actually  delivered.   This  feature  is  requested  via  the
-       <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>    and    <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>   access
+       <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>   and    <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>    access
-       restrictions.  The status of verification probes is maintained  by  the
+       restrictions.   The  status of verification probes is maintained by the
-       <a href="verify.8.html"><b>verify</b>(8)</a>  server.  See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
+       <a href="verify.8.html"><b>verify</b>(8)</a> server.  See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for  infor-
-       mation about how to configure and operate the Postfix  sender/recipient
+       mation  about how to configure and operate the Postfix sender/recipient
       address verification service.
       <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
@ -1023,7 +1031,7 @@ SMTPD(8)                                                              SMTPD(8)
              fication request in progress.
       <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
-              The  sender address to use in address verification probes; prior
+              The sender address to use in address verification probes;  prior
              to Postfix 2.5 the default was "postmaster".
       <b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
@ -1031,18 +1039,18 @@ SMTPD(8)                                                              SMTPD(8)
              address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
       <b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
-              The numerical Postfix SMTP  server  response  when  a  recipient
+              The  numerical  Postfix  SMTP  server  response when a recipient
-              address  is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
+              address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>  restric-
              tion.
       Available in Postfix version 2.6 and later:
       <b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
-              The numerical Postfix SMTP server response code  when  a  sender
+              The  numerical  Postfix  SMTP server response code when a sender
              address probe fails due to a temporary error condition.
       <b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server  response when a recipient
+              The numerical Postfix SMTP  server  response  when  a  recipient
              address probe fails due to a temporary error condition.
       <b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
@ -1054,17 +1062,17 @@ SMTPD(8)                                                              SMTPD(8)
              <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
       <b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
-              The Postfix SMTP server's action  when  <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+              The  Postfix  SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
              fails due to a temporary error condition.
       <b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
-              The  Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+              The Postfix SMTP server's action when  <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
              <a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
       Available with Postfix 2.9 and later:
       <b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
-              The time  between  changes  in  the  time-dependent  portion  of
+              The  time  between  changes  in  the  time-dependent  portion of
              address verification probe sender addresses.
 <b>ACCESS CONTROL RESPONSES</b>
@ -1076,36 +1084,36 @@ SMTPD(8)                                                              SMTPD(8)
              map "reject" action.
       <b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
-              The  numerical  Postfix  SMTP server response code when a remote
+              The numerical Postfix SMTP server response code  when  a  remote
              SMTP client request is rejected by the "defer" restriction.
       <b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
-              The numerical Postfix SMTP server response code when the  client
+              The  numerical Postfix SMTP server response code when the client
-              HELO   or   EHLO   command   parameter   is   rejected   by  the
+              HELO  or   EHLO   command   parameter   is   rejected   by   the
              <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
       <b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
-              The numerical Postfix SMTP server response code  when  a  remote
+              The  numerical  Postfix  SMTP server response code when a remote
-              SMTP   client  request  is  blocked  by  the  <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
+              SMTP  client  request  is  blocked  by  the   <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
              <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,                <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
              <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
       <b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
-              The  numerical  Postfix  SMTP  server  reply  code when a client
+              The numerical Postfix SMTP  server  reply  code  when  a  client
-              request  is  rejected  by   the   <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
+              request   is   rejected  by  the  <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
              <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
       <b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
-              The numerical Postfix SMTP server response code when  a  request
+              The  numerical  Postfix SMTP server response code when a request
              is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
       <b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
-              The  numerical  Postfix  SMTP server response code when a remote
+              The numerical Postfix SMTP server response code  when  a  remote
              SMTP client request is rejected by the "reject" restriction.
       <b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
-              The numerical Postfix SMTP server response code  when  a  client
+              The  numerical  Postfix  SMTP server response code when a client
-              request  is  rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+              request is rejected by the  <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>  recipient
              restriction.
       <b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
@ -1113,24 +1121,24 @@ SMTPD(8)                                                              SMTPD(8)
              a sender or recipient address because its domain is unknown.
       <b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
-              The  numerical  Postfix  SMTP server response code when a client
+              The numerical Postfix SMTP server response code  when  a  client
-              without valid address  &lt;=&gt;  name  mapping  is  rejected  by  the
+              without  valid  address  &lt;=&gt;  name  mapping  is  rejected by the
              <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
       <b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
-              The  numerical  Postfix SMTP server response code when the host-
+              The numerical Postfix SMTP server response code when  the  host-
-              name specified with the HELO or EHLO command is rejected by  the
+              name  specified with the HELO or EHLO command is rejected by the
              <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
       Available in Postfix version 2.0 and later:
       <b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
-              The  default Postfix SMTP server response template for a request
+              The default Postfix SMTP server response template for a  request
              that is rejected by an RBL-based restriction.
       <b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
-              The numerical Postfix SMTP server response code  when  a  remote
+              The  numerical  Postfix  SMTP server response code when a remote
-              SMTP  client  request  is  blocked  by  the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+              SMTP client  request  is  blocked  by  the  <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
              <a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
       <b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
@ -1140,52 +1148,52 @@ SMTPD(8)                                                              SMTPD(8)
       <b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
              The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
-              map    "defer"    action,    including    "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>"   or
+              map   "defer"    action,    including    "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>"    or
              "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
       <b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
-              The Postfix SMTP server's action when a reject-type  restriction
+              The  Postfix SMTP server's action when a reject-type restriction
              fails due to a temporary error condition.
       <b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
-              The  Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+              The Postfix SMTP server's action when  <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
              <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to an temporary error condition.
       <b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
-              The      Postfix      SMTP      server's       action       when
+              The       Postfix       SMTP      server's      action      when
-              <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>  or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+              <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or  <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
              fail due to a temporary error condition.
 <b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of the Postfix <a href="postconf.5.html">main.cf</a> and  <a href="master.5.html">master.cf</a>  con-
+              The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
              figuration files.
       <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How  much  time  a  Postfix  daemon process may take to handle a
+              How much time a Postfix daemon process  may  take  to  handle  a
              request before it is terminated by a built-in watchdog timer.
       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
              The location of all postfix administrative commands.
       <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
-              The sender address of postmaster notifications that  are  gener-
+              The  sender  address of postmaster notifications that are gener-
              ated by the mail system.
       <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
-              The  time  limit  for  sending  or receiving information over an
+              The time limit for sending  or  receiving  information  over  an
              internal communication channel.
       <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
-              The mail system name that is displayed in Received: headers,  in
+              The  mail system name that is displayed in Received: headers, in
              the SMTP greeting banner, and in bounced mail.
       <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
-              The  UNIX  system  account  that owns the Postfix queue and most
+              The UNIX system account that owns the  Postfix  queue  and  most
              Postfix daemon processes.
       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time that an idle Postfix  daemon  process
+              The  maximum  amount of time that an idle Postfix daemon process
              waits for an incoming connection before terminating voluntarily.
       <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
@ -1196,11 +1204,11 @@ SMTPD(8)                                                              SMTPD(8)
              The internet hostname of this mail system.
       <b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
-              The  list of "trusted" remote SMTP clients that have more privi-
+              The list of "trusted" remote SMTP clients that have more  privi-
              leges than "strangers".
       <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
-              The domain name that locally-posted mail appears to  come  from,
+              The  domain  name that locally-posted mail appears to come from,
              and that locally posted mail is delivered to.
       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
@ -1213,26 +1221,26 @@ SMTPD(8)                                                              SMTPD(8)
              The location of the Postfix top-level queue directory.
       <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
-              The  set  of  characters  that can separate a user name from its
+              The set of characters that can separate a  user  name  from  its
-              extension (example: user+foo), or a .forward file name from  its
+              extension  (example: user+foo), or a .forward file name from its
              extension (example: .forward+foo).
       <b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
-              The  text  that follows the 220 status code in the SMTP greeting
+              The text that follows the 220 status code in the  SMTP  greeting
              banner.
       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The mail system name that is prepended to the  process  name  in
+              The  mail  system  name that is prepended to the process name in
-              syslog  records,  so  that  "smtpd" becomes, for example, "post-
+              syslog records, so that "smtpd"  becomes,  for  example,  "post-
              fix/smtpd".
       Available in Postfix version 2.2 and later:
       <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
-              List of commands that cause the Postfix SMTP server  to  immedi-
+              List  of  commands that cause the Postfix SMTP server to immedi-
              ately terminate the session with a 221 code.
       Available in Postfix version 2.5 and later:
--- a/postfix/makedefs
+++ b/postfix/makedefs
@ -45,6 +45,9 @@
 #	Do not build with Solaris /dev/poll support.
 #	By default, /dev/poll support is compiled in on platforms that
 #	are known to support it.
 # .IP \fB-DNO_DNSSEC\fR
 #	Do not build with DNSSEC support, even if the resolver
 #	library appears to support it.
 # .IP \fB-DNO_EPOLL\fR
 #	Do not build with Linux EPOLL support.
 #	By default, EPOLL support is compiled in on platforms that
@ -387,18 +390,21 @@ case "$SYSTEM.$RELEASE" in
 		;;
       AIX.*)	case "`uname -v`" in
 		6)	SYSTYPE=AIX6
 			CCARGS="$CCARGS -DNO_DNSSEC"
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
 			esac
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		5)	SYSTYPE=AIX5
 			CCARGS="$CCARGS -DNO_DNSSEC"
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
 			esac
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		4)	SYSTYPE=AIX4
 			CCARGS="$CCARGS -DNO_DNSSEC"
 			# How embarrassing...
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
@ -406,6 +412,7 @@ case "$SYSTEM.$RELEASE" in
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		3)	SYSTYPE=AIX3
 			CCARGS="$CCARGS -DNO_DNSSEC"
 			# How embarrassing...
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w";;
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -1851,6 +1851,8 @@ promise that res_query() and res_search() invoke res_send(), which
 returns the server response in an application buffer even if the
 requested record does not exist. If this promise is broken, specify
 "yes" to enable a  workaround for DNS reputation lookups.
 .PP
 This feature is available in Postfix 3.1 and later.
 .SH dnsblog_reply_delay (default: 0s)
 A debugging aid to artificially delay DNS responses.
 .PP
@ -9808,6 +9810,13 @@ The time after which an active SMTPD policy service connection is
 closed.
 .PP
 This feature is available in Postfix 2.1 and later.
 .SH smtpd_policy_service_policy_context (default: empty)
 Optional information that the Postfix SMTP server specifies in
 the "policy_context" attribute of a policy service request (originally,
 to share the same service endpoint among multiple check_policy_service
 clients).
 .PP
 This feature is available in Postfix 3.1 and later.
 .SH smtpd_policy_service_request_limit (default: 0)
 The maximal number of requests per SMTPD policy service connection,
 or zero (no limit). Once a connection reaches this limit, the
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@ -807,6 +807,13 @@ request before giving up.
 .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
 The delay between attempts to resend a failed SMTPD policy
 service request.
 .PP
 Available in Postfix version 3.1 and later:
 .IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
 Optional information that the Postfix SMTP server specifies in
 the "policy_context" attribute of a policy service request (originally,
 to share the same service endpoint among multiple check_policy_service
 clients).
 .SH "ACCESS CONTROLS"
 .na
 .nf
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@ -557,6 +557,7 @@ while (<>) {
    s;\bsmtpd_policy_service_default_action\b;<a href="postconf.5.html#smtpd_policy_service_default_action">$&</a>;g;
    s;\bsmtpd_policy_service_try_limit\b;<a href="postconf.5.html#smtpd_policy_service_try_limit">$&</a>;g;
    s;\bsmtpd_policy_service_retry_delay\b;<a href="postconf.5.html#smtpd_policy_service_retry_delay">$&</a>;g;
    s;\bsmtpd_policy_service_policy_context\b;<a href="postconf.5.html#smtpd_policy_service_policy_context">$&</a>;g;
    s;\bsmtpd_proxy_ehlo\b;<a href="postconf.5.html#smtpd_proxy_ehlo">$&</a>;g;
    s;\bsmtpd_proxy_filter\b;<a href="postconf.5.html#smtpd_proxy_filter">$&</a>;g;
    s;\bsmtpd_proxy_timeout\b;<a href="postconf.5.html#smtpd_proxy_timeout">$&</a>;g;
--- a/postfix/proto/INSTALL.html
+++ b/postfix/proto/INSTALL.html
@ -810,6 +810,10 @@ platforms that are known to support this feature. If you override
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.6.  </td> </tr>
 <tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
 support, even if the resolver library appears to support it. </td>
 </tr>
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@ -108,6 +108,8 @@ stress=
 ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 <b>Postfix version 3.0 and later:</b>
 client_port=1234
 <b>Postfix version 3.1 and later:</b>
 policy_context=submission
 [empty line]
 </pre>
 </blockquote>
@ -195,6 +197,10 @@ client_port=1234
    <li> <p> The "stress" attribute is either empty or "yes".  See
    the STRESS_README document for further information. </p>
    <li> <p> The "policy_context" attribute provides a way to pass
    information that is not available via other attributes (Postfix
    version 3.1 and later). </p>
 </ul>
 <p> The following is specific to SMTPD delegated policy requests:
@ -367,6 +373,12 @@ giving up.  Available with Postfix 3.0 and later.  </p>
 between attempts to resend a failed SMTPD policy service request.
 Available with Postfix 3.0 and later.  </p>
 <li> <p> smtpd_policy_service_policy_context (default: empty):
 Optional information that is passed in the "policy_context" attribute
 of an SMTPD policy service request (originally, to share the same
 SMTPD service endpoint among multiple check_policy_service clients).
 Available with Postfix 3.1 and later.  </p>
 </ul>
 <p> Configuration parameters that control the server side of the
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -16550,3 +16550,18 @@ promise that res_query() and res_search() invoke res_send(), which
 returns the server response in an application buffer even if the
 requested record does not exist. If this promise is broken, specify
 "yes" to enable a  workaround for DNS reputation lookups. </p>
 <p>
 This feature is available in Postfix 3.1 and later.
 </p>
 %PARAM smtpd_policy_service_policy_context
 <p> Optional information that the Postfix SMTP server specifies in
 the "policy_context" attribute of a policy service request (originally,
 to share the same service endpoint among multiple check_policy_service
 clients).  </p>
 <p>
 This feature is available in Postfix 3.1 and later.
 </p>
--- a/postfix/src/dns/dns.h
+++ b/postfix/src/dns/dns.h
@ -52,6 +52,13 @@
 	(cp) += 4; \
 }
 #endif
 /*
 * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
 */
 #ifdef DISABLE_DNSSEC
 #undef RES_USE_DNSSEC
 #endif
 /*
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@ -2967,6 +2967,10 @@ extern int var_smtpd_policy_try_delay;
 #define DEF_SMTPD_POLICY_DEF_ACTION	"451 4.3.5 Server configuration problem"
 extern char *var_smtpd_policy_def_action;
 #define VAR_SMTPD_POLICY_CONTEXT	"smtpd_policy_service_policy_context"
 #define DEF_SMTPD_POLICY_CONTEXT	""
 extern char *var_smtpd_policy_context;
 #define CHECK_POLICY_SERVICE		"check_policy_service"
 /*
--- a/postfix/src/global/mail_proto.h
+++ b/postfix/src/global/mail_proto.h
@ -161,6 +161,7 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_STRESS	"stress"
 #define MAIL_ATTR_LOG_IDENT	"log_ident"
 #define MAIL_ATTR_RWR_CONTEXT	"rewrite_context"
 #define MAIL_ATTR_POL_CONTEXT	"policy_context"
 #define MAIL_ATTR_RWR_LOCAL	"local"
 #define MAIL_ATTR_RWR_REMOTE	"remote"
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20150829"
+#define MAIL_RELEASE_DATE	"20150913"
 #define MAIL_VERSION_NUMBER	"3.1"
 #ifdef SNAPSHOT
--- a/postfix/src/global/record.c
+++ b/postfix/src/global/record.c
@ -177,6 +177,7 @@ int     rec_put_type(VSTREAM *stream, int type, off_t offset)
    if (vstream_fseek(stream, offset, SEEK_SET) < 0
 	|| VSTREAM_PUTC(type, stream) != type) {
 	msg_warn("%s: seek or write error", VSTREAM_PATH(stream));
 	return (REC_TYPE_ERROR);
    } else {
 	return (type);
@ -304,8 +305,12 @@ int     rec_get_raw(VSTREAM *stream, VSTRING *buf, ssize_t maxsize, int flags)
 	    continue;
 	if (type == REC_TYPE_DTXT && (flags & REC_FLAG_SKIP_DTXT) != 0)
 	    continue;
-	if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0)
+	if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0
-	    (void) vstream_fseek(stream, (off_t) 0, SEEK_END);
+	    && vstream_fseek(stream, (off_t) 0, SEEK_END) < 0) {
 	    msg_warn("%s: seek error after reading END record: %m",
 		     VSTREAM_PATH(stream));
 	    return (REC_TYPE_ERROR);
 	}
 	break;
    }
    return (type);
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@ -757,6 +757,13 @@
 /* .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
 /*	The delay between attempts to resend a failed SMTPD policy
 /*	service request.
 /* .PP
 /*	Available in Postfix version 3.1 and later:
 /* .IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
 /*	Optional information that the Postfix SMTP server specifies in
 /*	the "policy_context" attribute of a policy service request (originally,
 /*	to share the same service endpoint among multiple check_policy_service
 /*	clients).
 /* ACCESS CONTROLS
 /* .ad
 /* .fi
@ -1272,6 +1279,7 @@ int     var_smtpd_policy_req_limit;
 int     var_smtpd_policy_try_limit;
 int     var_smtpd_policy_try_delay;
 char   *var_smtpd_policy_def_action;
 char   *var_smtpd_policy_context;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 char   *var_xclient_hosts;
@ -5774,6 +5782,7 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, 0,
 	VAR_SMTPD_UPROXY_PROTO, DEF_SMTPD_UPROXY_PROTO, &var_smtpd_uproxy_proto, 0, 0,
 	VAR_SMTPD_POLICY_DEF_ACTION, DEF_SMTPD_POLICY_DEF_ACTION, &var_smtpd_policy_def_action, 1, 0,
 	VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0,
 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
 	0,
    };
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@ -462,6 +462,7 @@ double  smtpd_space_multf = 1.5;
 typedef struct {
    ATTR_CLNT *client;			/* client handle */
    char   *def_action;			/* default action */
    char   *policy_context;		/* context of policy request */
 } SMTPD_POLICY_CLNT;
 /*
@ -483,6 +484,7 @@ static ATTR_OVER_INT int_table[] = {
 };
 static ATTR_OVER_STR str_table[] = {
    21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
    21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
    0,
 };
@ -498,6 +500,7 @@ static ATTR_OVER_STR str_table[] = {
 #define smtpd_policy_try_limit_offset	1
 #define smtpd_policy_def_action_offset	0
 #define smtpd_policy_context_offset	1
 /* policy_client_register - register policy service endpoint */
@ -527,6 +530,7 @@ static void policy_client_register(const char *name)
 	int     smtpd_policy_req_limit = var_smtpd_policy_req_limit;
 	int     smtpd_policy_try_limit = var_smtpd_policy_try_limit;
 	const char *smtpd_policy_def_action = var_smtpd_policy_def_action;
 	const char *smtpd_policy_context = var_smtpd_policy_context;
 	link_override_table_to_variable(time_table, smtpd_policy_tmout);
 	link_override_table_to_variable(time_table, smtpd_policy_idle);
@ -535,6 +539,7 @@ static void policy_client_register(const char *name)
 	link_override_table_to_variable(int_table, smtpd_policy_req_limit);
 	link_override_table_to_variable(int_table, smtpd_policy_try_limit);
 	link_override_table_to_variable(str_table, smtpd_policy_def_action);
 	link_override_table_to_variable(str_table, smtpd_policy_context);
 	if (*name == parens[0]) {
 	    cp = saved_name = mystrdup(name);
@ -553,11 +558,12 @@ static void policy_client_register(const char *name)
 	if (msg_verbose)
 	    msg_info("%s: name=\"%s\" default_action=\"%s\" max_idle=%d "
 		     "max_ttl=%d request_limit=%d retry_delay=%d "
-		     "timeout=%d try_limit=%d",
+		     "timeout=%d try_limit=%d policy_context=\"%s\"",
 		     myname, policy_name, smtpd_policy_def_action,
 		     smtpd_policy_idle, smtpd_policy_ttl,
 		     smtpd_policy_req_limit, smtpd_policy_try_delay,
-		     smtpd_policy_tmout, smtpd_policy_try_limit);
+		     smtpd_policy_tmout, smtpd_policy_try_limit,
 		     smtpd_policy_context);
 	/*
 	 * Create the client.
@ -574,6 +580,7 @@ static void policy_client_register(const char *name)
 			  ATTR_CLNT_CTL_TRY_DELAY, smtpd_policy_try_delay,
 			  ATTR_CLNT_CTL_END);
 	policy_client->def_action = mystrdup(smtpd_policy_def_action);
 	policy_client->policy_context = mystrdup(smtpd_policy_context);
 	htable_enter(policy_clnt_table, name, (void *) policy_client);
 	if (saved_name)
 	    myfree(saved_name);
@ -3950,6 +3957,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 			  SEND_ATTR_INT(MAIL_ATTR_CRYPTO_KEYSIZE,
 		       IF_ENCRYPTED(state->tls_context->cipher_usebits, 0)),
 #endif
 			  SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT,
 					policy_clnt->policy_context),
 			  ATTR_TYPE_END,
 			  ATTR_FLAG_MISSING,	/* Reply attributes. */
 			  RECV_ATTR_STR(MAIL_ATTR_ACTION, action),
@ -5447,6 +5456,7 @@ char   *var_relay_ccerts = "";
 char   *var_mynetworks = "";
 char   *var_notify_classes = "";
 char   *var_smtpd_policy_def_action = "";
 char   *var_smtpd_policy_context = "";
 /*
  * String-valued configuration parameters.
--- a/postfix/src/smtpstone/qmqp-sink.c
+++ b/postfix/src/smtpstone/qmqp-sink.c
@ -135,7 +135,7 @@ static void read_data(int unused_event, void *context)
 	    send_reply(state);
 	    return;
 	}
-	vstream_fseek(state->stream, 0L, 0);
+	vstream_fpurge(state->stream, VSTREAM_PURGE_BOTH);
    }
    /*
--- a/postfix/src/util/attr.h
+++ b/postfix/src/util/attr.h
@ -25,6 +25,14 @@
 #include <nvtable.h>
 #include <check_arg.h>
 /*
  * Delegation for better data abstraction.
  */
 typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
 typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
 typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
 typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
 /*
  * Attribute types. See attr_scan(3) for documentation.
  */
@ -58,7 +66,7 @@
 #define SEND_ATTR_NV(val)		ATTR_TYPE_NV, CHECK_CPTR(ATTR, NVTABLE, (val))
 #define SEND_ATTR_LONG(name, val)	ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, long, (val))
 #define SEND_ATTR_DATA(name, len, val)	ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, ssize_t, (len)), CHECK_CPTR(ATTR, void, (val))
-#define SEND_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, (func), CHECK_CPTR(ATTR, void, (val))
+#define SEND_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_PRINT_SLAVE_FN, (func)), CHECK_CPTR(ATTR, void, (val))
 #define RECV_ATTR_INT(name, val)	ATTR_TYPE_INT, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, int, (val))
 #define RECV_ATTR_STR(name, val)	ATTR_TYPE_STR, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
@ -66,7 +74,7 @@
 #define RECV_ATTR_NV(val)		ATTR_TYPE_NV, CHECK_PTR(ATTR, NVTABLE, (val))
 #define RECV_ATTR_LONG(name, val)	ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, long, (val))
 #define RECV_ATTR_DATA(name, val)	ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
-#define RECV_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, (func), CHECK_PTR(ATTR, void, (val))
+#define RECV_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_SCAN_SLAVE_FN, (func)), CHECK_PTR(ATTR, void, (val))
 CHECK_VAL_HELPER_DCL(ATTR, ssize_t);
 CHECK_VAL_HELPER_DCL(ATTR, long);
@ -81,6 +89,8 @@ CHECK_CPTR_HELPER_DCL(ATTR, void);
 CHECK_CPTR_HELPER_DCL(ATTR, char);
 CHECK_CPTR_HELPER_DCL(ATTR, NVTABLE);
 CHECK_CPTR_HELPER_DCL(ATTR, HTABLE);
 CHECK_VAL_HELPER_DCL(ATTR, ATTR_PRINT_SLAVE_FN);
 CHECK_VAL_HELPER_DCL(ATTR, ATTR_SCAN_SLAVE_FN);
 /*
  * Flags that control processing. See attr_scan(3) for documentation.
@ -93,14 +103,6 @@ CHECK_CPTR_HELPER_DCL(ATTR, HTABLE);
 #define ATTR_FLAG_STRICT	(ATTR_FLAG_MISSING | ATTR_FLAG_EXTRA)
 #define ATTR_FLAG_ALL		(07)
 /*
  * Delegation for better data abstraction.
  */
 typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
 typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
 typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
 typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
 /*
  * Default to null-terminated, as opposed to base64-encoded.
  */
@ -118,8 +120,8 @@ extern int attr_vprint64(VSTREAM *, int, va_list);
 /*
  * attr_scan64.c.
  */
-extern int attr_scan64(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_scan64(VSTREAM *, int,...);
-extern int attr_vscan64(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_vscan64(VSTREAM *, int, va_list);
 /*
  * attr_print0.c.
@ -130,8 +132,8 @@ extern int attr_vprint0(VSTREAM *, int, va_list);
 /*
  * attr_scan0.c.
  */
-extern int attr_scan0(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_scan0(VSTREAM *, int,...);
-extern int attr_vscan0(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_vscan0(VSTREAM *, int, va_list);
 /*
  * attr_scan_plain.c.
@ -142,8 +144,8 @@ extern int attr_vprint_plain(VSTREAM *, int, va_list);
 /*
  * attr_print_plain.c.
  */
-extern int attr_scan_plain(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_scan_plain(VSTREAM *, int,...);
-extern int attr_vscan_plain(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_vscan_plain(VSTREAM *, int, va_list);
 /*
--- a/postfix/src/util/base32_code.h
+++ b/postfix/src/util/base32_code.h
@ -20,7 +20,7 @@
  * External interface.
  */
 extern VSTRING *base32_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *base32_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT base32_decode(VSTRING *, const char *, ssize_t);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/base64_code.h
+++ b/postfix/src/util/base64_code.h
@ -20,7 +20,7 @@
  * External interface.
  */
 extern VSTRING *base64_encode_opt(VSTRING *, const char *, ssize_t, int);
-extern VSTRING *base64_decode_opt(VSTRING *, const char *, ssize_t, int);
+extern VSTRING *WARN_UNUSED_RESULT base64_decode_opt(VSTRING *, const char *, ssize_t, int);
 #define BASE64_FLAG_NONE	0
 #define BASE64_FLAG_APPEND	(1<<0)
--- a/postfix/src/util/edit_file.h
+++ b/postfix/src/util/edit_file.h
@ -31,7 +31,7 @@ typedef struct {
 #define EDIT_FILE_SUFFIX ".tmp"
 extern EDIT_FILE *edit_file_open(const char *, int, mode_t);
-extern int edit_file_close(EDIT_FILE *);
+extern int WARN_UNUSED_RESULT edit_file_close(EDIT_FILE *);
 extern void edit_file_cleanup(EDIT_FILE *);
 /* LICENSE
--- a/postfix/src/util/hex_code.h
+++ b/postfix/src/util/hex_code.h
@ -20,7 +20,7 @@
  * External interface.
  */
 extern VSTRING *hex_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *hex_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT hex_decode(VSTRING *, const char *, ssize_t);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/host_port.h
+++ b/postfix/src/util/host_port.h
@ -13,7 +13,8 @@
 /* External interface. */
-extern const char *host_port(char *, char **, char *, char **, char *);
+extern const char *WARN_UNUSED_RESULT host_port(char *, char **, char *,
 						        char **, char *);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/listen.h
+++ b/postfix/src/util/listen.h
@ -29,7 +29,7 @@ extern int inet_accept(int);
 extern int unix_accept(int);
 extern int stream_accept(int);
-extern int recv_pass_attr(int, HTABLE **, int, ssize_t);
+extern int WARN_UNUSED_RESULT recv_pass_attr(int, HTABLE **, int, ssize_t);
 extern int pass_accept(int);
 extern int pass_accept_attr(int, HTABLE **);
--- a/postfix/src/util/lstat_as.h
+++ b/postfix/src/util/lstat_as.h
@ -14,7 +14,7 @@
 /* External interface. */
-extern int lstat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT lstat_as(const char *, struct stat *, uid_t, gid_t);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/mac_parse.h
+++ b/postfix/src/util/mac_parse.h
@ -30,7 +30,7 @@
 typedef int (*MAC_PARSE_FN) (int, VSTRING *, void *);
-extern int mac_parse(const char *, MAC_PARSE_FN, void *);
+extern int WARN_UNUSED_RESULT mac_parse(const char *, MAC_PARSE_FN, void *);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/myaddrinfo.h
+++ b/postfix/src/util/myaddrinfo.h
@ -154,14 +154,14 @@ typedef struct {
    char    buf[MAI_SERVPORT_STRSIZE];
 } MAI_SERVPORT_STR;
-extern int hostname_to_sockaddr_pf(const char *, int, const char *, int,
+extern int WARN_UNUSED_RESULT hostname_to_sockaddr_pf(const char *,
-				           struct addrinfo **);
+			        int, const char *, int, struct addrinfo **);
-extern int hostaddr_to_sockaddr(const char *, const char *, int,
+extern int WARN_UNUSED_RESULT hostaddr_to_sockaddr(const char *,
-				        struct addrinfo **);
+			             const char *, int, struct addrinfo **);
-extern int sockaddr_to_hostaddr(const struct sockaddr *, SOCKADDR_SIZE,
+extern int WARN_UNUSED_RESULT sockaddr_to_hostaddr(const struct sockaddr *,
-		               MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
+	        SOCKADDR_SIZE, MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
-extern int sockaddr_to_hostname(const struct sockaddr *, SOCKADDR_SIZE,
+extern int WARN_UNUSED_RESULT sockaddr_to_hostname(const struct sockaddr *,
-		               MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
+	        SOCKADDR_SIZE, MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
 extern void myaddrinfo_control(int,...);
 #define MAI_CTL_END	0		/* list terminator */
--- a/postfix/src/util/myflock.h
+++ b/postfix/src/util/myflock.h
@ -14,7 +14,7 @@
 /*
  * External interface.
  */
-extern int myflock(int, int, int);
+extern int WARN_UNUSED_RESULT myflock(int, int, int);
 /*
  * Lock styles.
--- a/postfix/src/util/recv_pass_attr.c
+++ b/postfix/src/util/recv_pass_attr.c
@ -13,7 +13,7 @@
 /*	ssize_t	bufsize;
 /* DESCRIPTION
 /*	recv_pass_attr() receives named attributes over the specified
-/*	The result value is zero for success, -1 for error.
+/*	descriptor. The result value is zero for success, -1 for error.
 /*
 /*	Arguments:
 /* .IP fd
@ -21,7 +21,7 @@
 /* .IP attr
 /*	Pointer to attribute list pointer. The target is set to
 /*	zero on error or when the received attribute list is empty,
-/*	ohterwise it is assigned a pointer to non-empty attribute
+/*	otherwise it is assigned a pointer to non-empty attribute
 /*	list.
 /* .IP timeout
 /*	The deadline for receiving all attributes.
@ -70,10 +70,10 @@ int     recv_pass_attr(int fd, HTABLE **attr, int timeout, ssize_t bufsize)
 		    CA_VSTREAM_CTL_TIMEOUT(timeout),
 		    CA_VSTREAM_CTL_START_DEADLINE,
 		    CA_VSTREAM_CTL_END);
-    (void) attr_scan(fp, ATTR_FLAG_NONE,
+    stream_err = (attr_scan(fp, ATTR_FLAG_NONE,
-		     ATTR_TYPE_HASH, *attr = htable_create(1),
+			    ATTR_TYPE_HASH, *attr = htable_create(1),
-		     ATTR_TYPE_END);
+			    ATTR_TYPE_END) < 0
-    stream_err = (vstream_feof(fp) || vstream_ferror(fp));
+		  || vstream_feof(fp) || vstream_ferror(fp));
    vstream_fdclose(fp);
    /*
--- a/postfix/src/util/sane_fsops.h
+++ b/postfix/src/util/sane_fsops.h
@ -13,8 +13,8 @@
 /* External interface. */
-extern int sane_rename(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_rename(const char *, const char *);
-extern int sane_link(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_link(const char *, const char *);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/sane_socketpair.h
+++ b/postfix/src/util/sane_socketpair.h
@ -13,7 +13,7 @@
 /* External interface. */
-extern int sane_socketpair(int, int, int, int *);
+extern int WARN_UNUSED_RESULT sane_socketpair(int, int, int, int *);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/stat_as.h
+++ b/postfix/src/util/stat_as.h
@ -14,7 +14,7 @@
 /* External interface. */
-extern int stat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT stat_as(const char *, struct stat *, uid_t, gid_t);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/stringops.h
+++ b/postfix/src/util/stringops.h
@ -45,10 +45,10 @@ extern int alldig(const char *);
 extern int allprint(const char *);
 extern int allspace(const char *);
 extern int allascii_len(const char *, ssize_t);
-extern const char *split_nameval(char *, char **, char **);
+extern const char *WARN_UNUSED_RESULT split_nameval(char *, char **, char **);
 extern int valid_utf8_string(const char *, ssize_t);
 extern size_t balpar(const char *, const char *);
-extern char *extpar(char **, const char *, int);
+extern char *WARN_UNUSED_RESULT extpar(char **, const char *, int);
 extern int strcasecmp_utf8x(int, const char *, const char *);
 extern int strncasecmp_utf8x(int, const char *, const char *, ssize_t);
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@ -1645,6 +1645,28 @@ typedef int pid_t;
 #define EXPECTED(x)	(x)
 #define UNEXPECTED(x)	(x)
 #endif
 #endif
 /*
  * Warn about ignored function result values that must never be ignored.
  * Typically, this is for error results from "read" functions that normally
  * write to output parameters (for example, stat- or scanf-like functions)
  * or from functions that have other useful side effects (for example,
  * fseek- or rename-like functions).
  * 
  * DO NOT use this for functions that write to a stream; it is entirely
  * legitimate to detect write errors with fflush() or fclose() only. On the
  * other hand most (but not all) functions that read from a stream must
  * never ignore result values.
  * 
  * XXX Prepending "(void)" won't shut up GCC. Clang behaves as expected.
  */
 #if ((__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || __GNUC__ > 3)
 #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
 #elif defined(__clang__) && __has_attribute(warn_unused_result)
 #define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
 #else
 #define WARN_UNUSED_RESULT
 #endif
 /*
--- a/postfix/src/util/timed_wait.h
+++ b/postfix/src/util/timed_wait.h
@ -14,7 +14,7 @@
 /*
  * External interface.
  */
-extern int timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
+extern int WARN_UNUSED_RESULT timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
 /* LICENSE
 /* .ad
--- a/postfix/src/util/vstream.h
+++ b/postfix/src/util/vstream.h
@ -93,7 +93,7 @@ extern VSTREAM vstream_fstd[];		/* pre-defined streams */
 extern VSTREAM *vstream_fopen(const char *, int, mode_t);
 extern int vstream_fclose(VSTREAM *);
-extern off_t vstream_fseek(VSTREAM *, off_t, int);
+extern off_t WARN_UNUSED_RESULT vstream_fseek(VSTREAM *, off_t, int);
 extern off_t vstream_ftell(VSTREAM *);
 extern int vstream_fpurge(VSTREAM *, int);
 extern int vstream_fflush(VSTREAM *);
--- a/postfix/src/util/vstring_vstream.h
+++ b/postfix/src/util/vstring_vstream.h
@ -19,12 +19,12 @@
 /*
  * External interface.
  */
-extern int vstring_get(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get(VSTRING *, VSTREAM *);
-extern int vstring_get_nonl(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_nonl(VSTRING *, VSTREAM *);
-extern int vstring_get_null(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_null(VSTRING *, VSTREAM *);
-extern int vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
 /*
  * Backwards compatibility for code that still uses the vstring_fgets()