postfix-2.2-20040723

postfix/COMPATIBILITY

@@ -58,6 +58,7 @@ sendmail -qSxxx	no
 sendmail -qtime	ignored
 sendmail -v	yes (sends delivery report via email)
 sendmail.cf	no (uses table-driven address rewriting)
+session caching	yes (SMTP shared multi-session; LMTP non-shared single-session)
 size option	yes, server and client
 smarthost	yes (specify relayhost in main.cf)
 spf		yes (delegated policy script)

postfix/HISTORY

@@ -9574,6 +9574,31 @@ Apologies for any names omitted.
 	seconds (default: 600s), as well as upon process exit.
 	File:  scache/scache.c.
 
+20040722
+
+	Workaround: LINUX 2.4 has trouble with mixed data and file
+	descriptor traffic on UNIX-domain stream sockets.
+	Specifically, it cannot handle data write (read) followed
+	by file descriptor send (receive): the receiver hangs in
+	recvmsg(). Workaround is to insert an intervening read
+	(write) operation.  Presumably, LINUX 2.4 is confusing the
+	data and file descriptor.  Lucky Ralf Hildebrandt.  Files:
+	util/sys_defs.h, global/scache_clnt,c, scache/scache.c.
+
+20040723
+
+	Bug? Safety? spawn(8) did not reject a user with the -1
+	UID value, so the command was running as root.  Files:
+	util/spawn_command.c, src/util/spawn.c.
+
+	User interface: parameter smtp_connection_cache_domains
+	renamed to smtp_connection_cache_destinations. Destinations
+	listed here must be specified without [] or :port.  File:
+	smtp/smtp_connect.c.
+
+	Bugfix: "421 Timeout exceeded" wasn't guarded by setjmp().
+	Victor Duchovni, Morgan Stanley. File: smtpd/smtpd.c.
+
 Open problems:
 
 	Low: update events.c so that 1-second timer requests do

postfix/RELEASE_NOTES

@@ -7,6 +7,15 @@ snapshot release).  Patches are issued for the official release
 and change the patchlevel and the release date. Patches are never
 issued for snapshot releases.
 
+Incompatible changes with snapshot Postfix-2.2-20040723
+=======================================================
+
+Session caching is enabled with smtp_session_cache_destinations,
+and requires "bare" domain names without "[]" or TCP port.  This
+eliminates a syntax conflict between host:port and maptype:mapname,
+and simplifies the user interface, at the cost of a minor loss of
+control over what sessions are cached.
+
 Major changes with snapshot Postfix-2.2-20040721
 ================================================
 
@@ -15,6 +24,12 @@ every $session_cache_status_update_time seconds (default: 600s).
 It reports the hit and miss rates for lookups by domain, as well
 as for lookups by network address. 
 
+Hit rates for cache lookups by domain will tell you how useful
+session caching is.
+
+Cache lookups by network address will always fail, unless you're
+sending mail to different domains that share the same MX host.
+
 Incompatible changes with snapshot Postfix-2.2-20040720
 =======================================================
 
@@ -37,13 +52,15 @@ is added to your master.cf file when you upgrade Postfix.
 *** You need to execute "postfix stop" when upgrading from Postfix
 *** version 2.0 or earlier. Execute "postfix start" when done.
 
-Session caching is enabled with the new smtp_connection_cache_domains
+Session caching is enabled with the new smtp_connection_cache_destinations
 parameter. Specify a list of destinations or lookup tables:
 
-- a domain name (the right-hand side of an email address),
+- if mail is sent without relay host: a domain (the right-hand side
+of an email address),
 
-- a relay host (including optional [] and/or non-default TCP port),
+- if mail is sent via a relay host, the relay host (without [],
-using the exact same spelling as in main.cf or in the transport map,
+and without non-default TCP port) that is specified in main.cf or
+in the transport map,
 
 - a /file/name with domains and/or relay hosts,
 
@@ -53,11 +70,11 @@ side; the right-hand side result from type:table lookups is ignored.
 The following optimizes deliveries to hosts that your machine relays
 mail to:
 
-    smtp_connection_cache_domains = $relay_domains $relayhost
+    smtp_connection_cache_destinations = $relay_domains $relayhost
 
 A setting that tries to optimize deliveries to problem sites:
 
-    smtp_connection_cache_domains = hotmail.com...
+    smtp_connection_cache_destinations = hotmail.com...
 
 Cached SMTP sessions are allowed to remain unused for only a limited
 amount of time (smtp_connection_cache_time_limit, default:  2

postfix/html/postconf.5.html

@@ -5166,7 +5166,7 @@ The default time unit is s (seconds).
 
 </DD>
 
-<DT><b><a name="smtp_connection_cache_domains">smtp_connection_cache_domains</a>
+<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>
 (default: empty)</b></DT><DD>
 
 <p> The SMTP destinations for which SMTP connection caching is
@@ -5182,11 +5182,12 @@ or pseudo-destinations:
 
 <ul>
 
-<li> a domain name (the right-hand side of an email address),
+<li> if mail is sent without a relay host: a domain name (the
+right-hand side of an email address, without the optional []),
 
-<li> a relay host (including optional [] and/or non-default TCP
+<li> if mail is sent via a relay host: a relay host (without the
-port), using the exact same spelling as in main.cf or in the
+optional [] or non-default TCP port), as specified in main.cf or
-transport map,
+in the transport map,
 
 <li> a /file/name with domains and/or relay hosts,
 

postfix/html/scache.8.html

@@ -13,9 +13,9 @@ SCACHE(8)                                               SCACHE(8)
        <b>scache</b> [generic Postfix daemon options]
 
 <b>DESCRIPTION</b>
-       The  scache  server  maintains  the Postfix session cache.
+       The  <b>scache</b> server maintains a shared multi-session cache.
-       This information can be used by, for example, the  Postfix
+       This information can be used by, for example, Postfix SMTP
-       SMTP client.
+       clients or other Postfix delivery agents.
 
        The  session  cache  is organized into logical destination
        names, physical endpoint names, and sessions.
@@ -47,8 +47,7 @@ SCACHE(8)                                               SCACHE(8)
               Save the  specified  file  descriptor  and  session
               property  data  under  the specified endpoint name.
               The endpoint properties are used by the  client  to
-              re-activate  a passivated session object.  queue ID
+              re-activate a passivated session object.
-              is queued for the specified destination.
 
        <b>find_endp</b> <i>endpoint</i>
               Look   up  cached  properties  and  a  cached  file

postfix/html/smtp.8.html

@@ -236,7 +236,7 @@ SMTP(8)                                                   SMTP(8)
 
        Available in Postfix version 2.2 and later:
 
-       <b><a href="postconf.5.html#smtp_connection_cache_domains">smtp_connection_cache_domains</a> (empty)</b>
+       <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
               The SMTP destinations  for  which  SMTP  connection
               caching is enabled.
 

postfix/man/man5/postconf.5

@@ -2697,7 +2697,7 @@ the operating system).
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
-.SH smtp_connection_cache_domains (default: empty)
+.SH smtp_connection_cache_destinations (default: empty)
 The SMTP destinations for which SMTP connection caching is
 enabled.  With SMTP connection caching, a connection is not closed
 immediately after completion of a mail transaction.  Instead, the
@@ -2708,11 +2708,12 @@ and can improve mail delivery performance.
 Specify a comma or white space separated list of destinations
 or pseudo-destinations:
 .IP \(bu
-a domain name (the right-hand side of an email address),
+if mail is sent without a relay host: a domain name (the
+right-hand side of an email address, without the optional []),
 .IP \(bu
-a relay host (including optional [] and/or non-default TCP
+if mail is sent via a relay host: a relay host (without the
-port), using the exact same spelling as in main.cf or in the
+optional [] or non-default TCP port), as specified in main.cf or
-transport map,
+in the transport map,
 .IP \(bu
 a /file/name with domains and/or relay hosts,
 .IP \(bu

postfix/man/man8/scache.8

@@ -12,8 +12,9 @@ Postfix session cache server
 .SH DESCRIPTION
 .ad
 .fi
-The scache server maintains the Postfix session cache. This
+The \fBscache\fR server maintains a shared multi-session
-information can be used by, for example, the Postfix SMTP client.
+cache. This information can be used by, for example, Postfix
+SMTP clients or other Postfix delivery agents.
 
 The session cache is organized into logical destination
 names, physical endpoint names, and sessions.
@@ -46,7 +47,6 @@ Save the specified file descriptor and session property data
 under the specified endpoint name. The endpoint properties
 are used by the client to re-activate a passivated session
 object.
-queue ID is queued for the specified destination.
 .IP "\fBfind_endp\fI endpoint\fR"
 Look up cached properties and a cached file descriptor for the
 specified endpoint.

postfix/man/man8/smtp.8

@@ -209,7 +209,7 @@ The SMTP client time limit for sending the RSET command, and
 for receiving the server response.
 .PP
 Available in Postfix version 2.2 and later:
-.IP "\fBsmtp_connection_cache_domains (empty)\fR"
+.IP "\fBsmtp_connection_cache_destinations (empty)\fR"
 The SMTP destinations for which SMTP connection caching is
 enabled.
 .IP "\fBsmtp_connection_cache_reuse_limit (10)\fR"

postfix/mantools/postlink

@@ -305,7 +305,7 @@ while (<>) {
 
     s;\bsmtp_connection_cache_reuse_limit\b;<a href="postconf.5.html#smtp_connection_cache_reuse_limit">$&</a>;g;
     s;\bsmtp_connection_cache_time_limit\b;<a href="postconf.5.html#smtp_connection_cache_time_limit">$&</a>;g;
-    s;\bsmtp_connection_cache_domains\b;<a href="postconf.5.html#smtp_connection_cache_domains">$&</a>;g;
+    s;\bsmtp_connection_cache_destinations\b;<a href="postconf.5.html#smtp_connection_cache_destinations">$&</a>;g;
 
     s;\bsmtp_data_done_timeout\b;<a href="postconf.5.html#smtp_data_done_timeout">$&</a>;g;
     s;\bsmtp_data_init_timeout\b;<a href="postconf.5.html#smtp_data_init_timeout">$&</a>;g;

postfix/proto/postconf.proto

@@ -3185,7 +3185,7 @@ not specify larger values without permission from the remote sites.
 an SMTP session is reused before it is closed. 
 </p>
 
-%PARAM smtp_connection_cache_domains
+%PARAM smtp_connection_cache_destinations
 
 <p> The SMTP destinations for which SMTP connection caching is
 enabled.  With SMTP connection caching, a connection is not closed
@@ -3200,11 +3200,12 @@ or pseudo-destinations:
 
 <ul>
 
-<li> a domain name (the right-hand side of an email address),
+<li> if mail is sent without a relay host: a domain name (the
+right-hand side of an email address, without the optional []),
 
-<li> a relay host (including optional [] and/or non-default TCP
+<li> if mail is sent via a relay host: a relay host (without the
-port), using the exact same spelling as in main.cf or in the
+optional [] or non-default TCP port), as specified in main.cf or
-transport map,
+in the transport map,
 
 <li> a /file/name with domains and/or relay hosts,
 

postfix/src/global/mail_params.h

@@ -777,7 +777,7 @@ extern int var_smtp_cache_conn;
 #define DEF_SMTP_REUSE_LIMIT	10
 extern int var_smtp_reuse_limit;
 
-#define VAR_SMTP_CACHE_DEST	"smtp_connection_cache_domains"
+#define VAR_SMTP_CACHE_DEST	"smtp_connection_cache_destinations"
 #define DEF_SMTP_CACHE_DEST	""
 extern char *var_smtp_cache_dest;
 

postfix/src/global/mail_proto.h

@@ -121,6 +121,7 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_SASL_METHOD	"sasl_method"
 #define MAIL_ATTR_SASL_USERNAME	"sasl_username"
 #define MAIL_ATTR_SASL_SENDER	"sasl_sender"
+#define MAIL_ATTR_DUMMY		"dummy"
 
 #define MAIL_ATTR_TTL		"ttl"
 #define MAIL_ATTR_LABEL		"label"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only.
   */
-#define MAIL_RELEASE_DATE	"20040721"
+#define MAIL_RELEASE_DATE	"20040723"
 #define MAIL_VERSION_NUMBER	"2.2"
 
 #define VAR_MAIL_VERSION	"mail_version"

postfix/src/global/scache_clnt.c

@@ -66,6 +66,9 @@
 typedef struct {
     SCACHE  scache[1];			/* super-class */
     CLNT_STREAM *clnt_stream;		/* client endpoint */
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+    VSTRING *dummy;			/* dummy buffer */
+#endif
 } SCACHE_CLNT;
 
 #define STR(x) vstring_str(x)
@@ -106,6 +109,11 @@ static void scache_clnt_save_endp(SCACHE *scache, int endp_ttl,
 		       ATTR_TYPE_STR, MAIL_ATTR_PROP, endp_prop,
 		       ATTR_TYPE_END) != 0
 	    || vstream_fflush(stream)
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+	    || attr_scan(stream, ATTR_FLAG_STRICT,
+			 ATTR_TYPE_STR, MAIL_ATTR_DUMMY, sp->dummy,
+			 ATTR_TYPE_END) != 1
+#endif
 	    || LOCAL_SEND_FD(vstream_fileno(stream), fd) < 0
 	    || attr_scan(stream, ATTR_FLAG_STRICT,
 			 ATTR_TYPE_NUM, MAIL_ATTR_STATUS, &status,
@@ -152,7 +160,16 @@ static int scache_clnt_find_endp(SCACHE *scache, const char *endp_label,
 			 ATTR_TYPE_STR, MAIL_ATTR_PROP, endp_prop,
 			 ATTR_TYPE_END) != 2
 	    || (status == 0
-		&& (fd = LOCAL_RECV_FD(vstream_fileno(stream))) < 0)) {
+		&& (
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+		    attr_print(stream, ATTR_FLAG_NONE,
+			       ATTR_TYPE_STR, MAIL_ATTR_DUMMY, "",
+			       ATTR_TYPE_END) != 0
+		    || vstream_fflush(stream) != 0
+		    || read_wait(vstream_fileno(stream),
+				 stream->timeout) < 0 ||	/* XXX */
+#endif
+		    (fd = LOCAL_RECV_FD(vstream_fileno(stream))) < 0))) {
 	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
 		msg_warn("problem talking to service %s: %m",
 			 VSTREAM_PATH(stream));
@@ -257,7 +274,16 @@ static int scache_clnt_find_dest(SCACHE *scache, const char *dest_label,
 			 ATTR_TYPE_STR, MAIL_ATTR_PROP, endp_prop,
 			 ATTR_TYPE_END) != 3
 	    || (status == 0
-		&& (fd = LOCAL_RECV_FD(vstream_fileno(stream))) < 0)) {
+		&& (
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+		    attr_print(stream, ATTR_FLAG_NONE,
+			       ATTR_TYPE_STR, MAIL_ATTR_DUMMY, "",
+			       ATTR_TYPE_END) != 0
+		    || vstream_fflush(stream) != 0
+		    || read_wait(vstream_fileno(stream),
+				 stream->timeout) < 0 ||	/* XXX */
+#endif
+		    (fd = LOCAL_RECV_FD(vstream_fileno(stream))) < 0))) {
 	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
 		msg_warn("problem talking to service %s: %m",
 			 VSTREAM_PATH(stream));
@@ -287,6 +313,9 @@ static void scache_clnt_free(SCACHE *scache)
     SCACHE_CLNT *sp = (SCACHE_CLNT *) scache;
 
     clnt_stream_free(sp->clnt_stream);
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+    vstring_free(sp->dummy);
+#endif
     myfree((char *) sp);
 }
 
@@ -304,6 +333,9 @@ SCACHE *scache_clnt_create(const char *server, int idle_limit, int ttl_limit)
 
     sp->clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE, server,
 					 idle_limit, ttl_limit);
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+    sp->dummy = vstring_alloc(1);
+#endif
 
     return (sp->scache);
 }

postfix/src/scache/Makefile.in

@@ -58,6 +58,7 @@ scache.o: ../../include/msg.h
 scache.o: ../../include/iostuff.h
 scache.o: ../../include/htable.h
 scache.o: ../../include/ring.h
+scache.o: ../../include/events.h
 scache.o: ../../include/mail_params.h
 scache.o: ../../include/mail_proto.h
 scache.o: ../../include/vstream.h

postfix/src/scache/scache.c

@@ -6,8 +6,9 @@
 /* SYNOPSIS
 /*	\fBscache\fR [generic Postfix daemon options]
 /* DESCRIPTION
-/*	The scache server maintains the Postfix session cache. This
+/*	The \fBscache\fR server maintains a shared multi-session
-/*	information can be used by, for example, the Postfix SMTP client.
+/*	cache. This information can be used by, for example, Postfix
+/*	SMTP clients or other Postfix delivery agents.
 /*
 /*	The session cache is organized into logical destination
 /*	names, physical endpoint names, and sessions.
@@ -40,7 +41,6 @@
 /*	under the specified endpoint name. The endpoint properties
 /*	are used by the client to re-activate a passivated session
 /*	object.
-/*	queue ID is queued for the specified destination.
 /* .IP "\fBfind_endp\fI endpoint\fR"
 /*	Look up cached properties and a cached file descriptor for the
 /*	specified endpoint.
@@ -171,6 +171,11 @@ static VSTRING *scache_dest_prop;
 static VSTRING *scache_endp_label;
 static VSTRING *scache_endp_prop;
 
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+static VSTRING *scache_dummy;
+
+#endif
+
  /*
   * Session cache instance.
   */
@@ -211,7 +216,17 @@ static void scache_save_endp_service(VSTREAM *client_stream)
 		   ATTR_TYPE_NUM, MAIL_ATTR_STATUS, SCACHE_STAT_BAD,
 		   ATTR_TYPE_END);
 	return;
-    } else if ((fd = LOCAL_RECV_FD(vstream_fileno(client_stream))) < 0) {
+    } else if (
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+	       attr_print(client_stream, ATTR_FLAG_NONE,
+			  ATTR_TYPE_STR, MAIL_ATTR_DUMMY, "",
+			  ATTR_TYPE_END) != 0
+	       || vstream_fflush(client_stream) != 0
+	       || read_wait(vstream_fileno(client_stream),
+			    client_stream->timeout) < 0	/* XXX */
+	       ||
+#endif
+	       (fd = LOCAL_RECV_FD(vstream_fileno(client_stream))) < 0) {
 	msg_warn("%s: unable to receive file descriptor", myname);
 	attr_print(client_stream, ATTR_FLAG_NONE,
 		   ATTR_TYPE_NUM, MAIL_ATTR_STATUS, SCACHE_STAT_FAIL,
@@ -259,6 +274,11 @@ static void scache_find_endp_service(VSTREAM *client_stream)
 		   ATTR_TYPE_STR, MAIL_ATTR_PROP, STR(scache_endp_prop),
 		   ATTR_TYPE_END);
 	if (vstream_fflush(client_stream) != 0
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+	    || attr_scan(client_stream, ATTR_FLAG_STRICT,
+			 ATTR_TYPE_STR, MAIL_ATTR_DUMMY, scache_dummy,
+			 ATTR_TYPE_END) != 1
+#endif
 	    || LOCAL_SEND_FD(vstream_fileno(client_stream), fd) < 0)
 	    msg_warn("%s: cannot send file descriptor: %m", myname);
 	if (close(fd) < 0)
@@ -335,6 +355,11 @@ static void scache_find_dest_service(VSTREAM *client_stream)
 		   ATTR_TYPE_STR, MAIL_ATTR_PROP, STR(scache_endp_prop),
 		   ATTR_TYPE_END);
 	if (vstream_fflush(client_stream) != 0
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+	    || attr_scan(client_stream, ATTR_FLAG_STRICT,
+			 ATTR_TYPE_STR, MAIL_ATTR_DUMMY, scache_dummy,
+			 ATTR_TYPE_END) != 1
+#endif
 	    || LOCAL_SEND_FD(vstream_fileno(client_stream), fd) < 0)
 	    msg_warn("%s: cannot send file descriptor: %m", myname);
 	if (close(fd) < 0)
@@ -436,6 +461,9 @@ static void post_jail_init(char *unused_name, char **unused_argv)
     scache_dest_prop = vstring_alloc(10);
     scache_endp_label = vstring_alloc(10);
     scache_endp_prop = vstring_alloc(10);
+#ifdef CANT_WRITE_BEFORE_SENDING_FD
+    scache_dummy = vstring_alloc(10);
+#endif
 
     /*
      * Disable the max_use limit. We still terminate when no client is

postfix/src/smtp/smtp.c

@@ -183,7 +183,7 @@
 /*	for receiving the server response.
 /* .PP
 /*	Available in Postfix version 2.2 and later:
-/* .IP "\fBsmtp_connection_cache_domains (empty)\fR"
+/* .IP "\fBsmtp_connection_cache_destinations (empty)\fR"
 /*	The SMTP destinations for which SMTP connection caching is
 /*	enabled.
 /* .IP "\fBsmtp_connection_cache_reuse_limit (10)\fR"

postfix/src/smtp/smtp_connect.c

@@ -449,7 +449,7 @@ int     smtp_connect(SMTP_STATE *state)
     SMTP_SESSION *session;
     int     lookup_mx;
     unsigned domain_best_pref;
-    int     sess_flags;
+    int     sess_flags = SMTP_SESS_FLAG_NONE;
 
     /*
      * First try to deliver to the indicated destination, then try to deliver
@@ -464,16 +464,6 @@ int     smtp_connect(SMTP_STATE *state)
 	msg_panic("null destination: \"%s\"", request->nexthop);
     argv_split_append(sites, var_fallback_relay, ", \t\r\n");
 
-    /*
-     * Enable session caching by next-hop destination.
-     */
-    if (sites->argv[0]
-	&& smtp_cache_dest
-	&& string_list_match(smtp_cache_dest, sites->argv[0]))
-	sess_flags = SMTP_SESS_FLAG_CACHE;
-    else
-	sess_flags = SMTP_SESS_FLAG_NONE;
-
     /*
      * Don't give up after a hard host lookup error until we have tried the
      * fallback relay servers.
@@ -526,9 +516,18 @@ int     smtp_connect(SMTP_STATE *state)
 	 * XXX Replace sites->argv by (lookup_mx, domain, port) triples so we
 	 * don't have to make clumsy ad-hoc copies and keep track of who
 	 * free()s the memory.
+	 * 
+	 * XXX smtp_session_cache_destinations specifies domain names without
+	 * :port, because : is already used for maptype:mapname. Because of
+	 * this limitation we use the bare domain without the optional [] or
+	 * non-default TCP port.
 	 */
-	if (cpp == sites->argv && (sess_flags & SMTP_SESS_FLAG_CACHE) != 0)
+	if (cpp == sites->argv
+	    && smtp_cache_dest
+	    && string_list_match(smtp_cache_dest, domain)) {
+	    sess_flags |= SMTP_SESS_FLAG_CACHE;
 	    SET_NEXTHOP_STATE(state, lookup_mx, domain, port);
+	}
 
 	/*
 	 * Don't try any backup host if mail loops to myself. That would just
@@ -576,6 +575,10 @@ int     smtp_connect(SMTP_STATE *state)
 	 * 
 	 * Cache the first good session under the next-hop destination name.
 	 * Cache all good sessions under their physical endpoint.
+	 * 
+	 * Don't query the session cache for primary MX hosts. We already did
+	 * that in smtp_reuse_session(), and if any were found in the cache,
+	 * they were already deleted from the address list.
 	 */
 	for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
 	    next = addr->next;

postfix/src/smtpd/smtpd.c

@@ -2393,6 +2393,7 @@ static void smtpd_proto(SMTPD_STATE *state, const char *service)
 
     case SMTP_ERR_TIME:
 	state->reason = "timeout";
+	if (vstream_setjmp(state->client) == 0)
 	    smtpd_chat_reply(state, "421 %s Error: timeout exceeded",
 			     var_myhostname);
 	break;

postfix/src/spawn/spawn.c

@@ -247,6 +247,10 @@ static void get_service_attr(SPAWN_ATTR *attr, char *service, char **argv)
 	msg_fatal("request to use privileged group id %ld", (long) attr->gid);
     if (attr->gid == var_owner_gid)
 	msg_fatal("request to use mail system owner group id %ld", (long) attr->gid);
+    if (attr->uid == (uid_t) (-1))
+	msg_fatal("user must not have user ID -1");
+    if (attr->gid == (gid_t) (-1))
+	msg_fatal("user must not have group ID -1");
 
     /*
      * Give the poor tester a clue of what is going on.

postfix/src/util/spawn_command.c

@@ -43,9 +43,11 @@
 /*	Each of these specifies I/O redirection of one of the standard file
 /*	descriptors for the command.
 /* .IP "SPAWN_CMD_UID (int)"
-/*	The user ID to execute the command as.
+/*	The user ID to execute the command as. The value -1 is reserved
+/*	and cannot be specified.
 /* .IP "SPAWN_CMD_GID (int)"
-/*	The group ID to execute the command as.
+/*	The group ID to execute the command as. The value -1 is reserved
+/*	and cannot be specified.
 /* .IP "SPAWN_CMD_TIME_LIMIT (int)"
 /*	The amount of time in seconds the command is allowed to run before
 /*	it is terminated with SIGKILL. The default is no time limit.
@@ -162,10 +164,14 @@ static void get_spawn_args(struct spawn_args * args, int init_key, va_list ap)
 	    args->stderr_fd = va_arg(ap, int);
 	    break;
 	case SPAWN_CMD_UID:
-	    args->uid = va_arg(ap, int);	/* in case uid_t is short */
+	    args->uid = va_arg(ap, uid_t);
+	    if (args->uid == (uid_t) (-1))
+		msg_panic("spawn_command: request with reserved user ID: -1");
 	    break;
 	case SPAWN_CMD_GID:
-	    args->gid = va_arg(ap, int);	/* in case gid_t is short */
+	    args->gid = va_arg(ap, gid_t);
+	    if (args->gid == (gid_t) (-1))
+		msg_panic("spawn_command: request with reserved group ID: -1");
 	    break;
 	case SPAWN_CMD_TIME_LIMIT:
 	    args->time_limit = va_arg(ap, int);

postfix/src/util/sys_defs.h

@@ -560,6 +560,7 @@ extern int initgroups(const char *, int);
 #define SOCKADDR_SIZE	socklen_t
 #define SOCKOPT_SIZE	socklen_t
 #endif
+#define CANT_WRITE_BEFORE_SENDING_FD
 #endif
 
 #ifdef LINUX1