diff --git a/postfix/HISTORY b/postfix/HISTORY index 7ea927eb6..0291563fd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17919,7 +17919,7 @@ Apologies for any names omitted. 20120824 - Feature: support for "sendmail -R hdrs|full". Jan Kundrát. + Feature: support for "sendmail -R hdrs|full". Jan Kundr?t. File: sendmail/sendmail.c. 20120902 @@ -21631,3 +21631,65 @@ Apologies for any names omitted. before re-evaluating the mail_task() syslog prefix. Files: postalias/postalias.c, postdrop/postdrop.c, postmap/postmap.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c. + +20150218 + + Documentation: header/body_checks additional text about + whether an action stops processing of the input stream. + actions stops further inspection of the input stream. File: + proto/header_checks. + + Robustness: reject installation pathnames with whitespace. + File: postfix-install. + +20150217 + + Cleanup: missing include. File: util/allascii.c. + +20150221 + + Bugfix: don't append '.' to the DNS resource record value, + when converting TXT records to the string form that is used + used by xxx_dns_reply_filter. File: dns/dns_strrecord.c. + +20150313 + + Documentation: incorrect Postfix version number for + postscreen_dnsbl_timeout. Quanah Gibson-Mount. File: + postscreen/postscreen.c. + +20150320 + + Cleanup: better sorting order for the default tls_*_cipherlist + settings. OpenSSL does not order "ALL" quite right: some + MEDIUM ciphers (SEED and IDEA) sneak up above some 128-bit + HIGH ciphers. Also previously, when we prefer "aNULL" we + moved MEDIUM with aNULL above same bit-length HIGH but not + aNULL. Viktor Dukhovni. File: global/mail_params.h. + +20150324 + + Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps + ignored the relayhost setting in the case of a DUNNO lookup + result. It would use the recipient domain instead. Viktor + Dukhovni. Wietse took the pieces of code that enforce the + precedence of a sender-dependent relayhost, the global + relayhost, and the recipient domain, and put that code + together in once place so that it is easier to maintain. + File: trivial-rewrite/resolve.c. + +20150326 + + Feature: lmtp_fallback_relay, limited to TCP destinations + only. Viktor Dukhovni. Wietse updated the postlink, smtp.c, + and smtp-only files, and added a warning when lmtp_fallback_relay + is specified for a non-TCP destination. Files: mantools/postlink, + smtp/smtp.c, smtp/smtp-only, smtp/smtp_connect.c, + smtp/smtp_params.c, global/mail_params.h, proto/postconf.proto. + +20150328 + + Bugfix (introduced: Postfix 1.1.0): post-install expanded + macros in parameter values when trying to detect parameter + overrides. Julian Reich, Viktor Dukhovni, and Wietse. File: + conf/post-install. diff --git a/postfix/README_FILES/COMPATIBILITY_README b/postfix/README_FILES/COMPATIBILITY_README index 44d32a5b6..83d300cf4 100644 --- a/postfix/README_FILES/COMPATIBILITY_README +++ b/postfix/README_FILES/COMPATIBILITY_README @@ -161,10 +161,16 @@ domain names. UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo -The smtputf8_enable default value has changed from "no" to "yes. As long as the -smtputf8_enable parameter is left at its implicit default value, and the -backwards-compatible default setting is turned on, Postfix logs a warning each -time an SMTP command uses a non-ASCII address localpart: +The smtputf8_enable default value has changed from "no" to "yes. With the new +"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients +that don't request SMTPUTF8 support. With the old "no" setting, Postfix will +accept such addresses, even if such addresses are not permitted by traditional +SMTP standards. + +As long as the smtputf8_enable parameter is left at its implicit default value, +and the backwards-compatible default setting is turned on, Postfix logs a +warning each time an SMTP command uses a non-ASCII address localpart without +requesting SMTPUTF8 support: postfix/smtpd[27560]: using backwards-compatible default setting smtputf8_enable=no to accept non-ASCII sender address diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README index 8d6fa3dac..a88ffe560 100644 --- a/postfix/README_FILES/FORWARD_SECRECY_README +++ b/postfix/README_FILES/FORWARD_SECRECY_README @@ -407,8 +407,8 @@ peer certificate with expected public-key or certificate fingerprint) PPoossttffiixx SSMMTTPP sseerrvveerr:: The status is never "Verified", because the Postfix SMTP server never verifies the remote SMTP client name against the names in - the client certificate, and because the Postfix SMTP does not expect a - specific fingerprint in the client public key or certificate. + the client certificate, and because the Postfix SMTP server does not expect + a specific fingerprint in the client public key or certificate. CCrreeddiittss diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README index a8f980bde..68fb6c26f 100644 --- a/postfix/README_FILES/SMTPUTF8_README +++ b/postfix/README_FILES/SMTPUTF8_README @@ -52,8 +52,7 @@ content filters (Amavisd), LMTP servers (Dovecot), and down-stream SMTP servers. Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part -of a backwards-compatibility safety net (see the Postfix 3.0 RELEASE_NOTES -file). +of a backwards-compatibility safety net (see the COMPATIBILITY_README file). SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in main.cf: diff --git a/postfix/README_FILES/STRESS_README b/postfix/README_FILES/STRESS_README index 7f407a064..85b73f521 100644 --- a/postfix/README_FILES/STRESS_README +++ b/postfix/README_FILES/STRESS_README @@ -97,13 +97,16 @@ The "stress" parameter value is the key to making main.cf parameter settings stress adaptive. The following settings are the default with Postfix 2.6 and later. - 1 smtpd_timeout = ${stress?10}${stress:300}s - 2 smtpd_hard_error_limit = ${stress?1}${stress:20} - 3 smtpd_junk_command_limit = ${stress?1}${stress:100} + 1 smtpd_timeout = ${stress?{10}:{300}}s + 2 smtpd_hard_error_limit = ${stress?{1}:{20}} + 3 smtpd_junk_command_limit = ${stress?{1}:{100}} 4 # Parameters added after Postfix 2.6: - 5 smtpd_per_record_deadline = ${stress?yes}${stress:no} - 6 smtpd_starttls_timeout = ${stress?10}${stress:300}s - 7 address_verify_poll_count = ${stress?1}${stress:3} + 5 smtpd_per_record_deadline = ${stress?{yes}:{no}} + 6 smtpd_starttls_timeout = ${stress?{10}:{300}}s + 7 address_verify_poll_count = ${stress?{1}:{3}} + +With Postfix versions before 3.0, replace ${stress?{x}:{y}} with ${stress?x}$ +{stress:y}. Translation: diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 44f87bcd0..52791c9fe 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -10,11 +10,25 @@ Wish list: Things to do after the stable release: + Generalize the daemon '-S' stand-alone mode, so that it can + be used with custom configuration files for request/reply + regression testing. + + replace str*casecmp() calls with _utf8() equivalents + for trivial-rewrite lookups. + Update smtpd command count when rejecting input before command-table lookup. + What is the best place to detect spaces in pathnames during + installation/upgrade/packaging? postfix-install for early + warning, and post-install as a safety net? + Automatically do the equivalent of syslog_name=postfix/mumble when basename(mumble) differs from basename(program file). + This is especially desirable for mail delivery transports + (smtp versus relay) as it identifies what scheduler parameters + are in effect. UTF8 DNS[BW]L domain name. diff --git a/postfix/conf/access b/postfix/conf/access index 20663ee42..3af5697b5 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -355,10 +355,11 @@ # REDIRECT user@domain # After the message is queued, send the message to # the specified address instead of the intended -# recipient(s). +# recipient(s). When multiple REDIRECT actions fire, +# only the last one takes effect. # -# Note: this action overrides the FILTER action, and -# currently affects all recipients of the message. +# Note: this action overrides the FILTER action, and +# currently overrides all recipients of the message. # # This feature is available in Postfix 2.1 and later. # diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 90fd45421..2a70bd174 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -176,10 +176,11 @@ # case for consistency with other Postfix documentation. # # BCC user@domain -# Add the specified address as a BCC recipient. The -# address must have a local part and domain part. The -# number of BCC addresses that can be added is lim- -# ited only by the amount of available storage space. +# Add the specified address as a BCC recipient, and +# inspect the next input line. The address must have +# a local part and domain part. The number of BCC +# addresses that can be added is limited only by the +# amount of available storage space. # # Note 1: the BCC address is added as if it was spec- # ified with NOTIFY=NONE. The sender will not be @@ -197,11 +198,12 @@ # # DISCARD optional text... # Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# message. Do not inspect the remainder of the input +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. To discard only one recip- # ient without discarding the entire message, use the # transport(5) table to direct mail to the discard(8) @@ -212,43 +214,45 @@ # This feature is not supported with smtp header/body # checks. # -# DUNNO Pretend that the input line did not match any pat- -# tern, and inspect the next input line. This action +# DUNNO Pretend that the input line did not match any pat- +# tern, and inspect the next input line. This action # can be used to shorten the table search. # -# For backwards compatibility reasons, Postfix also -# accepts OK but it is (and always has been) treated +# For backwards compatibility reasons, Postfix also +# accepts OK but it is (and always has been) treated # as DUNNO. # # This feature is available in Postfix 2.1 and later. # # FILTER transport:destination -# After the message is queued, send the entire mes- -# sage through the specified external content filter. -# The transport name specifies the first field of a -# mail delivery agent definition in master.cf; the -# syntax of the next-hop destination is described in -# the manual page of the corresponding delivery -# agent. More information about external content -# filters is in the Postfix FILTER_README file. +# Override the content_filter parameter setting, and +# inspect the next input line. After the message is +# queued, send the entire message through the speci- +# fied external content filter. The transport name +# specifies the first field of a mail delivery agent +# definition in master.cf; the syntax of the next-hop +# destination is described in the manual page of the +# corresponding delivery agent. More information +# about external content filters is in the Postfix +# FILTER_README file. # -# Note 1: do not use $number regular expression sub- -# stitutions for transport or destination unless you +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you # know that the information has a trusted origin. # -# Note 2: this action overrides the main.cf con- -# tent_filter setting, and affects all recipients of -# the message. In the case that multiple FILTER +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER # actions fire, only the last one is executed. # -# Note 3: the purpose of the FILTER command is to -# override message routing. To override the recipi- -# ent's transport but not the next-hop destination, -# specify an empty filter destination (Postfix 2.7 +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 # and later), or specify a transport:destination that -# delivers through a different Postfix instance -# (Postfix 2.6 and earlier). Other options are using -# the recipient-dependent transport_maps or the sen- +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- # der-dependent sender_dependent_default_transport- # _maps features. # @@ -258,23 +262,23 @@ # checks. # # HOLD optional text... -# Arrange for the message to be placed on the hold -# queue, and inspect the next input line. The mes- -# sage remains on hold until someone either deletes -# it or releases it for delivery. Log the optional +# Arrange for the message to be placed on the hold +# queue, and inspect the next input line. The mes- +# sage remains on hold until someone either deletes +# it or releases it for delivery. Log the optional # text if specified, otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: use "postsuper -r" to release mail that was -# kept on hold for a significant fraction of $maxi- +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- # mal_queue_lifetime or $bounce_queue_lifetime, or -# longer. Use "postsuper -H" only for mail that will +# longer. Use "postsuper -H" only for mail that will # not expire within a few delivery attempts. # -# Note: this action affects all recipients of the +# Note: this action affects all recipients of the # message. # # This feature is available in Postfix 2.0 and later. @@ -287,33 +291,33 @@ # # INFO optional text... # Log an "info:" record with the optional text... (or -# log a generic text), and inspect the next input -# line. This action is useful for routine logging or +# log a generic text), and inspect the next input +# line. This action is useful for routine logging or # for debugging. # # This feature is available in Postfix 2.8 and later. # # PREPEND text... -# Prepend one line with the specified text, and +# Prepend one line with the specified text, and # inspect the next input line. # # Notes: # -# o The prepended text is output on a separate +# o The prepended text is output on a separate # line, immediately before the input that # triggered the PREPEND action. # # o The prepended text is not considered part of -# the input stream: it is not subject to +# the input stream: it is not subject to # header/body checks or address rewriting, and # it does not affect the way that Postfix adds # missing message headers. # # o When prepending text before a message header -# line, the prepended text must begin with a +# line, the prepended text must begin with a # valid message header label. # -# o This action cannot be used to prepend +# o This action cannot be used to prepend # multi-line text. # # This feature is available in Postfix 2.1 and later. @@ -322,14 +326,14 @@ # ter_header_checks. # # REDIRECT user@domain -# Write a message redirection request to the queue -# file, and inspect the next input line. After the +# Write a message redirection request to the queue +# file, and inspect the next input line. After the # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- +# Note: this action overrides the FILTER action, and +# affects all recipients of the message. If multiple +# REDIRECT actions fire, only the last one is exe- # cuted. # # This feature is available in Postfix 2.1 and later. @@ -338,33 +342,34 @@ # checks. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Reply with optional -# text... when the optional text is specified, other- -# wise reply with a generic error message. +# Reject the entire message. Do not inspect the +# remainder of the input message. Reply with +# optional text... when the optional text is speci- +# fied, otherwise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -376,38 +381,38 @@ # checks. # # WARN optional text... -# Log a "warning:" record with the optional text... +# Log a "warning:" record with the optional text... # (or log a generic text), and inspect the next input -# line. This action is useful for debugging and for -# testing a pattern before applying more drastic +# line. This action is useful for debugging and for +# testing a pattern before applying more drastic # actions. # # BUGS # Empty lines never match, because some map types mis-behave -# when given a zero-length search string. This limitation -# may be removed for regular expression tables in a future +# when given a zero-length search string. This limitation +# may be removed for regular expression tables in a future # release. # -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) +# o If text in the message body is encoded (RFC 2045) # then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # @@ -415,11 +420,11 @@ # body_checks # Lookup tables with content filter rules for message # body lines. These filters see one physical line at -# a time, in chunks of at most $line_length_limit +# a time, in chunks of at most $line_length_limit # bytes. # # body_checks_size_limit -# The amount of content per message body segment +# The amount of content per message body segment # (attachment) that is subjected to $body_checks fil- # tering. # @@ -429,35 +434,35 @@ # # nested_header_checks (default: $header_checks) # Lookup tables with content filter rules for message -# header lines: respectively, these are applied to -# the initial message headers (not including MIME -# headers), to the MIME headers anywhere in the mes- -# sage, and to the initial headers of attached mes- +# header lines: respectively, these are applied to +# the initial message headers (not including MIME +# headers), to the MIME headers anywhere in the mes- +# sage, and to the initial headers of attached mes- # sages. # -# Note: these filters see one logical message header -# at a time, even when a message header spans multi- -# ple lines. Message headers that are longer than +# Note: these filters see one logical message header +# at a time, even when a message header spans multi- +# ple lines. Message headers that are longer than # $header_size_limit characters are truncated. # # disable_mime_input_processing -# While receiving mail, give no special treatment to -# MIME related message headers; all text after the +# While receiving mail, give no special treatment to +# MIME related message headers; all text after the # initial message headers is considered to be part of -# the message body. This means that header_checks is -# applied to all the initial message headers, and +# the message body. This means that header_checks is +# applied to all the initial message headers, and # that body_checks is applied to the remainder of the # message. # -# Note: when used in this manner, body_checks will -# process a multi-line message header one line at a +# Note: when used in this manner, body_checks will +# process a multi-line message header one line at a # time. # # EXAMPLES -# Header pattern to block attachments with bad file name -# extensions. For convenience, the PCRE /x flag is speci- -# fied, so that there is no need to collapse the pattern -# into a single line of text. The purpose of the +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the # [[:xdigit:]] sub-expressions is to recognize Windows CLSID # strings. # @@ -496,7 +501,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -504,7 +509,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/post-install b/postfix/conf/post-install index b66b14778..d5db2600e 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -447,10 +447,14 @@ do esac done +# XXX Maybe update main.cf only with first install, upgrade, set +# permissions, and what else? Should there be a warning otherwise? + override= for name in $MOST_PARAMETERS do - eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || { + eval junk=\"\$$name\" + test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || { override=1 break } diff --git a/postfix/html/COMPATIBILITY_README.html b/postfix/html/COMPATIBILITY_README.html index 18378f14d..5772eb9a8 100644 --- a/postfix/html/COMPATIBILITY_README.html +++ b/postfix/html/COMPATIBILITY_README.html @@ -267,10 +267,15 @@ explicit list of domain names.

setting smtputf8_enable=no

The smtputf8_enable default value has changed from "no" to "yes. -As long as the smtputf8_enable parameter is left at its implicit +With the new "yes" setting, the Postfix SMTP server rejects non-ASCII +addresses from clients that don't request SMTPUTF8 support. With +the old "no" setting, Postfix will accept such addresses, even if +such addresses are not permitted by traditional SMTP standards.

+ +

As long as the smtputf8_enable parameter is left at its implicit default value, and the backwards-compatible default setting is turned on, Postfix logs a warning each time an SMTP command uses a -non-ASCII address localpart:

+non-ASCII address localpart without requesting SMTPUTF8 support: 

diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html
index 1e0adc0e1..dcf1027e9 100644
--- a/postfix/html/FORWARD_SECRECY_README.html
+++ b/postfix/html/FORWARD_SECRECY_README.html
@@ -551,8 +551,8 @@ signature.  

 
  Postfix SMTP server: The status is never "Verified",
 because the Postfix SMTP server never verifies the remote SMTP
 client name against the names in the client certificate, and because
-the Postfix SMTP does not expect a specific fingerprint in the
-client public key or certificate.  

+the Postfix SMTP server does not expect a specific fingerprint in
+the client public key or certificate.  

 
 
 
diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html
index bd2eba2ab..a40cf36b5 100644
--- a/postfix/html/SMTPUTF8_README.html
+++ b/postfix/html/SMTPUTF8_README.html
@@ -92,7 +92,7 @@ servers (Dovecot), and down-stream SMTP servers. 

 
 
 Postfix SMTPUTF8 support is enabled by default, but it may be
 disabled as part of a backwards-compatibility safety net (see the
-Postfix 3.0 RELEASE_NOTES file). 

+COMPATIBILITY_README file). 

 
 
 SMTPUTF8 support is enabled by setting the smtputf8_enable
 parameter in main.cf:

diff --git a/postfix/html/STRESS_README.html b/postfix/html/STRESS_README.html
index bb8377d08..3c0d0f622 100644
--- a/postfix/html/STRESS_README.html
+++ b/postfix/html/STRESS_README.html
@@ -158,16 +158,19 @@ default with Postfix 2.6 and later. 

 
 

 
-1 smtpd_timeout = ${stress?10}${stress:300}s
-2 smtpd_hard_error_limit = ${stress?1}${stress:20}
-3 smtpd_junk_command_limit = ${stress?1}${stress:100}
+1 smtpd_timeout = ${stress?{10}:{300}}s
+2 smtpd_hard_error_limit = ${stress?{1}:{20}}
+3 smtpd_junk_command_limit = ${stress?{1}:{100}}
 4 # Parameters added after Postfix 2.6:
-5 smtpd_per_record_deadline = ${stress?yes}${stress:no}
-6 smtpd_starttls_timeout = ${stress?10}${stress:300}s
-7 address_verify_poll_count = ${stress?1}${stress:3}
+5 smtpd_per_record_deadline = ${stress?{yes}:{no}}
+6 smtpd_starttls_timeout = ${stress?{10}:{300}}s
+7 address_verify_poll_count = ${stress?{1}:{3}}
 

 

 
+
 With Postfix versions before 3.0, replace ${stress?{x}:{y}}
+with ${stress?x}${stress:y}. 

+
 
 Translation: 

 
 
    
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html
index d2f13498f..29cb77e37 100644
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -326,83 +326,84 @@ ACCESS(5)                                                            ACCESS(5)
 
        REDIRECT user@domain
               After the message is queued, send the message to  the  specified
-              address instead of the intended recipient(s).
+              address instead of the intended recipient(s).  When multiple RE-
+              DIRECT actions fire, only the last one takes effect.
 
-              Note:  this  action  overrides  the FILTER action, and currently
-              affects all recipients of the message.
+              Note: this action overrides the  FILTER  action,  and  currently
+              overrides all recipients of the message.
 
               This feature is available in Postfix 2.1 and later.
 
        INFO optional text...
-              Log an informational record with  the  optional  text,  together
-              with  client  information  and  if available, with helo, sender,
+              Log  an  informational  record  with the optional text, together
+              with client information and if  available,  with  helo,  sender,
               recipient and protocol information.
 
               This feature is available in Postfix 3.0 and later.
 
        WARN optional text...
-              Log a warning with  the  optional  text,  together  with  client
-              information  and  if available, with helo, sender, recipient and
+              Log  a  warning  with  the  optional  text, together with client
+              information and if available, with helo, sender,  recipient  and
               protocol information.
 
               This feature is available in Postfix 2.1 and later.
 
 ENHANCED STATUS CODES
-       Postfix version 2.3 and later support enhanced status codes as  defined
-       in  RFC  3463.   When an enhanced status code is specified in an access
+       Postfix  version 2.3 and later support enhanced status codes as defined
+       in RFC 3463.  When an enhanced status code is specified  in  an  access
        table, it is subject to modification. The following transformations are
-       needed  when the same access table is used for client, helo, sender, or
-       recipient access restrictions; they happen regardless of whether  Post-
+       needed when the same access table is used for client, helo, sender,  or
+       recipient  access restrictions; they happen regardless of whether Post-
        fix replies to a MAIL FROM, RCPT TO or other SMTP command.
 
-       o      When  a sender address matches a REJECT action, the Postfix SMTP
+       o      When a sender address matches a REJECT action, the Postfix  SMTP
               server will transform a recipient DSN status (e.g., 4.1.1-4.1.6)
               into the corresponding sender DSN status, and vice versa.
 
-       o      When  non-address  information  matches a REJECT action (such as
-              the HELO command argument or the client  hostname/address),  the
-              Postfix  SMTP  server  will  transform a sender or recipient DSN
+       o      When non-address information matches a REJECT  action  (such  as
+              the  HELO  command argument or the client hostname/address), the
+              Postfix SMTP server will transform a  sender  or  recipient  DSN
               status into a generic non-address DSN status (e.g., 4.0.0).
 
 REGULAR EXPRESSION TABLES
-       This section describes how the table lookups change when the  table  is
-       given  in the form of regular expressions. For a description of regular
+       This  section  describes how the table lookups change when the table is
+       given in the form of regular expressions. For a description of  regular
        expression lookup table syntax, see regexp_table(5) or pcre_table(5).
 
-       Each pattern is a regular expression that  is  applied  to  the  entire
+       Each  pattern  is  a  regular  expression that is applied to the entire
        string being looked up. Depending on the application, that string is an
-       entire client hostname, an entire client IP address, or an entire  mail
-       address.  Thus,  no  parent  domain  or  parent network search is done,
-       user@domain mail addresses are not  broken  up  into  their  user@  and
-       domain  constituent parts, nor is user+foo broken up into user and foo.
+       entire  client hostname, an entire client IP address, or an entire mail
+       address. Thus, no parent domain  or  parent  network  search  is  done,
+       user@domain  mail  addresses  are  not  broken  up into their user@ and
+       domain constituent parts, nor is user+foo broken up into user and  foo.
 
-       Patterns are applied in the order as specified in the  table,  until  a
+       Patterns  are  applied  in the order as specified in the table, until a
        pattern is found that matches the search string.
 
-       Actions  are the same as with indexed file lookups, with the additional
-       feature that parenthesized substrings from the pattern can be  interpo-
+       Actions are the same as with indexed file lookups, with the  additional
+       feature  that parenthesized substrings from the pattern can be interpo-
        lated as $1, $2 and so on.
 
 TCP-BASED TABLES
-       This  section  describes  how the table lookups change when lookups are
-       directed  to  a  TCP-based  server.  For  a  description  of  the   TCP
-       client/server  lookup  protocol, see tcp_table(5).  This feature is not
+       This section describes how the table lookups change  when  lookups  are
+       directed   to  a  TCP-based  server.  For  a  description  of  the  TCP
+       client/server lookup protocol, see tcp_table(5).  This feature  is  not
        available up to and including Postfix version 2.4.
 
-       Each lookup operation uses the entire query string once.  Depending  on
-       the  application,  that  string is an entire client hostname, an entire
-       client IP address, or an entire mail address.  Thus, no  parent  domain
-       or  parent  network  search is done, user@domain mail addresses are not
-       broken up into  their  user@  and  domain  constituent  parts,  nor  is
+       Each  lookup operation uses the entire query string once.  Depending on
+       the application, that string is an entire client  hostname,  an  entire
+       client  IP  address, or an entire mail address.  Thus, no parent domain
+       or parent network search is done, user@domain mail  addresses  are  not
+       broken  up  into  their  user@  and  domain  constituent  parts, nor is
        user+foo broken up into user and foo.
 
        Actions are the same as with indexed file lookups.
 
 EXAMPLE
-       The  following example uses an indexed file, so that the order of table
-       entries does not matter. The example permits access by  the  client  at
+       The following example uses an indexed file, so that the order of  table
+       entries  does  not  matter. The example permits access by the client at
        address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of
-       hash lookup tables, some systems use dbm.  Use  the  command  "postconf
+       hash  lookup  tables,  some systems use dbm.  Use the command "postconf
        -m" to find out what lookup tables Postfix supports on your system.
 
        /etc/postfix/main.cf:
@@ -413,7 +414,7 @@ ACCESS(5)                                                            ACCESS(5)
            1.2.3   REJECT
            1.2.3.4 OK
 
-       Execute  the  command  "postmap  /etc/postfix/access" after editing the
+       Execute the command "postmap  /etc/postfix/access"  after  editing  the
        file.
 
 BUGS
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index b47c60fb8..7ce0a465e 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -165,10 +165,10 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        consistency with other Postfix documentation.
 
        BCC user@domain
-              Add the specified address as a BCC recipient. The  address  must
-              have  a  local part and domain part. The number of BCC addresses
-              that can be added is limited only by  the  amount  of  available
-              storage space.
+              Add the specified address as a BCC recipient,  and  inspect  the
+              next  input  line. The address must have a local part and domain
+              part. The number of BCC addresses that can be added  is  limited
+              only by the amount of available storage space.
 
               Note  1:  the  BCC  address is added as if it was specified with
               NOTIFY=NONE. The sender  will  not  be  notified  when  the  BCC
@@ -183,8 +183,9 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is not supported with smtp header/body checks.
 
        DISCARD optional text...
-              Claim successful delivery and silently discard the message.  Log
-              the optional text if specified, otherwise log a generic message.
+              Claim  successful delivery and silently discard the message.  Do
+              not inspect  the  remainder  of  the  input  message.   Log  the
+              optional text if specified, otherwise log a generic message.
 
               Note: this action disables further header or body_checks inspec-
               tion of the current message and affects all recipients.  To dis-
@@ -206,30 +207,31 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is available in Postfix 2.1 and later.
 
        FILTER transport:destination
-              After the message is queued, send the entire message through the
-              specified  external content filter. The transport name specifies
-              the first field of a mail  delivery  agent  definition  in  mas-
-              ter.cf;  the  syntax of the next-hop destination is described in
-              the manual page  of  the  corresponding  delivery  agent.   More
-              information  about  external  content  filters is in the Postfix
-              FILTER_README file.
+              Override the content_filter parameter setting, and  inspect  the
+              next  input  line.  After the message is queued, send the entire
+              message through  the  specified  external  content  filter.  The
+              transport  name  specifies  the  first  field of a mail delivery
+              agent definition in master.cf; the syntax of the next-hop desti-
+              nation  is  described  in  the  manual page of the corresponding
+              delivery agent.  More information about external content filters
+              is in the Postfix FILTER_README file.
 
-              Note 1: do not use $number regular expression substitutions  for
-              transport  or  destination  unless you know that the information
+              Note  1: do not use $number regular expression substitutions for
+              transport or destination unless you know  that  the  information
               has a trusted origin.
 
-              Note 2: this action overrides the  main.cf  content_filter  set-
-              ting,  and  affects  all  recipients of the message. In the case
-              that multiple FILTER actions fire, only the  last  one  is  exe-
+              Note  2:  this  action overrides the main.cf content_filter set-
+              ting, and affects all recipients of the  message.  In  the  case
+              that  multiple  FILTER  actions  fire, only the last one is exe-
               cuted.
 
               Note 3: the purpose of the FILTER command is to override message
-              routing.  To override the  recipient's  transport  but  not  the
+              routing.   To  override  the  recipient's  transport but not the
               next-hop destination, specify an empty filter destination (Post-
-              fix 2.7 and later),  or  specify  a  transport:destination  that
-              delivers  through  a different Postfix instance (Postfix 2.6 and
+              fix  2.7  and  later),  or  specify a transport:destination that
+              delivers through a different Postfix instance (Postfix  2.6  and
               earlier). Other options are using the recipient-dependent trans-
-              port_maps   or  the  sender-dependent  sender_dependent_default-
+              port_maps  or  the  sender-dependent   sender_dependent_default-
               _transport_maps features.
 
               This feature is available in Postfix 2.0 and later.
@@ -237,18 +239,18 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is not supported with smtp header/body checks.
 
        HOLD optional text...
-              Arrange for the message to be placed  on  the  hold  queue,  and
-              inspect  the next input line.  The message remains on hold until
-              someone either deletes it or releases it for delivery.  Log  the
+              Arrange  for  the  message  to  be placed on the hold queue, and
+              inspect the next input line.  The message remains on hold  until
+              someone  either deletes it or releases it for delivery.  Log the
               optional text if specified, otherwise log a generic message.
 
-              Mail  that is placed on hold can be examined with the postcat(1)
-              command, and can be destroyed or released with the  postsuper(1)
+              Mail that is placed on hold can be examined with the  postcat(1)
+              command,  and can be destroyed or released with the postsuper(1)
               command.
 
-              Note:  use  "postsuper -r" to release mail that was kept on hold
-              for  a  significant  fraction  of   $maximal_queue_lifetime   or
-              $bounce_queue_lifetime,  or  longer. Use "postsuper -H" only for
+              Note: use "postsuper -r" to release mail that was kept  on  hold
+              for   a   significant  fraction  of  $maximal_queue_lifetime  or
+              $bounce_queue_lifetime, or longer. Use "postsuper -H"  only  for
               mail that will not expire within a few delivery attempts.
 
               Note: this action affects all recipients of the message.
@@ -257,32 +259,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
               This feature is not supported with smtp header/body checks.
 
-       IGNORE Delete the current line from the input,  and  inspect  the  next
+       IGNORE Delete  the  current  line  from the input, and inspect the next
               input line.
 
        INFO optional text...
-              Log  an  "info:"  record  with  the  optional  text... (or log a
-              generic text), and inspect the next input line. This  action  is
+              Log an "info:" record  with  the  optional  text...  (or  log  a
+              generic  text),  and inspect the next input line. This action is
               useful for routine logging or for debugging.
 
               This feature is available in Postfix 2.8 and later.
 
        PREPEND text...
-              Prepend  one  line with the specified text, and inspect the next
+              Prepend one line with the specified text, and inspect  the  next
               input line.
 
               Notes:
 
-              o      The prepended text is output on a separate line,  immedi-
+              o      The  prepended text is output on a separate line, immedi-
                      ately before the input that triggered the PREPEND action.
 
-              o      The prepended text is not considered part  of  the  input
-                     stream:  it  is  not  subject  to  header/body  checks or
-                     address rewriting, and it does not affect  the  way  that
+              o      The  prepended  text  is not considered part of the input
+                     stream: it  is  not  subject  to  header/body  checks  or
+                     address  rewriting,  and  it does not affect the way that
                      Postfix adds missing message headers.
 
-              o      When  prepending  text  before a message header line, the
-                     prepended text must begin with  a  valid  message  header
+              o      When prepending text before a message  header  line,  the
+                     prepended  text  must  begin  with a valid message header
                      label.
 
               o      This action cannot be used to prepend multi-line text.
@@ -292,13 +294,13 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is not supported with milter_header_checks.
 
        REDIRECT user@domain
-              Write  a  message  redirection  request  to  the queue file, and
-              inspect the next input line. After the  message  is  queued,  it
-              will  be  sent  to the specified address instead of the intended
+              Write a message redirection  request  to  the  queue  file,  and
+              inspect  the  next  input  line. After the message is queued, it
+              will be sent to the specified address instead  of  the  intended
               recipient(s).
 
-              Note: this action overrides the FILTER action, and  affects  all
-              recipients  of  the  message. If multiple REDIRECT actions fire,
+              Note:  this  action overrides the FILTER action, and affects all
+              recipients of the message. If multiple  REDIRECT  actions  fire,
               only the last one is executed.
 
               This feature is available in Postfix 2.1 and later.
@@ -306,7 +308,7 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is not supported with smtp header/body checks.
 
        REPLACE text...
-              Replace the current line with the specified  text,  and  inspect
+              Replace  the  current  line with the specified text, and inspect
               the next input line.
 
               This feature is available in Postfix 2.2 and later. The descrip-
@@ -314,19 +316,19 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
               Notes:
 
-              o      When replacing a message  header  line,  the  replacement
+              o      When  replacing  a  message  header line, the replacement
                      text must begin with a valid header label.
 
-              o      The  replaced  text  remains  part  of  the input stream.
-                     Unlike the result from the  PREPEND  action,  a  replaced
-                     message  header  may  be subject to address rewriting and
-                     may affect the way  that  Postfix  adds  missing  message
+              o      The replaced text  remains  part  of  the  input  stream.
+                     Unlike  the  result  from  the PREPEND action, a replaced
+                     message header may be subject to  address  rewriting  and
+                     may  affect  the  way  that  Postfix adds missing message
                      headers.
 
        REJECT optional text...
-              Reject  the entire message. Reply with optional text... when the
-              optional text is specified, otherwise reply with a generic error
-              message.
+              Reject the entire message. Do not inspect the remainder  of  the
+              input  message.   Reply  with optional text... when the optional
+              text is specified, otherwise reply with a generic error message.
 
               Note: this action disables further header or body_checks inspec-
               tion of the current message and affects all recipients.
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html
index 236b03ba3..0498b92d9 100644
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -327,8 +327,8 @@ SMTP(8)                                                                SMTP(8)
 
        smtp_sasl_password_maps (empty)
               Optional Postfix  SMTP  client  lookup  tables  with  one  user-
-              name:password  entry  per  remote  hostname or domain, or sender
-              address when sender-dependent authentication is enabled.
+              name:password  entry  per  sender,  remote  hostname or next-hop
+              domain.
 
        smtp_sasl_security_options (noplaintext, noanonymous)
               Postfix SMTP client SASL security options; as of Postfix 2.3 the
@@ -845,6 +845,12 @@ SMTP(8)                                                                SMTP(8)
               In the context of email address verification, the SMTP  protocol
               stage that determines whether an email address is deliverable.
 
+       Available with Postfix 3.1 and later:
+
+       lmtp_fallback_relay (empty)
+              Optional list of relay hosts for LMTP destinations that can't be
+              found or that are unreachable.
+
 SEE ALSO
        generic(5), output address rewriting
        header_checks(5), message header content inspection
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 9eddb4889..5895cd82a 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -4401,6 +4401,29 @@ parameter.  See there for details. 
    
 
     This feature is available in Postfix 2.3 and later. 
    
 
 
+
+
+
    lmtp_fallback_relay
+(default: empty)
    
+
+
     Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable.  In main.cf elements are separated by
+whitespace or commas.  
    
+
+
     By default, mail is returned to the sender when a destination is not
+found, and delivery is deferred when a destination is unreachable.  
    
+
+
     The fallback relays must be TCP destinations, specified without
+a leading "inet:" prefix.  Specify a host or host:port.  Since MX
+lookups do not apply with LMTP, there is no need to use the "[host]" or
+"[host]:port" forms.  If you specify multiple LMTP destinations, Postfix
+will try them in the specified order.  
    
+
+
    
+This feature is available in Postfix 3.1 and later.
+
    
+
+
 
    
 
 
    lmtp_generic_maps
@@ -11226,11 +11249,10 @@ Examples:
 
 
    
 Optional Postfix SMTP client lookup tables with one username:password
-entry
-per remote hostname or domain, or sender address when sender-dependent
-authentication is enabled.  If no username:password entry is found,
-then the Postfix SMTP client will not
-attempt to authenticate to the remote host.
+entry per sender, remote hostname or next-hop domain. Per-sender
+lookup is done only when sender-dependent authentication is enabled.
+If no username:password entry is found, then the Postfix SMTP client
+will not attempt to authenticate to the remote host.
 
    
 
 
    
diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html
index 18ac222e8..85761ea45 100644
--- a/postfix/html/postscreen.8.html
+++ b/postfix/html/postscreen.8.html
@@ -34,11 +34,11 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
        Postfix SMTP server process. This minimizes the overhead for legitimate
        mail.
 
-       By default, postscreen(8) logs statistics and hands off  every  connec-
-       tion  to  a  Postfix  SMTP  server  process, while excluding clients in
-       mynetworks from all tests (primarily, to avoid problems with  non-stan-
-       dard  SMTP implementations in network appliances).  This mode is useful
-       for non-destructive testing.
+       By default, postscreen(8) logs statistics and hands off each connection
+       to a Postfix SMTP server process, while excluding clients in mynetworks
+       from all tests (primarily, to avoid  problems  with  non-standard  SMTP
+       implementations  in  network  appliances).  This default mode blocks no
+       clients, and is useful for non-destructive testing.
 
        In a typical production setting, postscreen(8) is configured to  reject
        mail  from  clients  that  fail  one  or more tests. postscreen(8) logs
@@ -228,7 +228,7 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
               greeting" protocol tests, based on its combined DNSBL  score  as
               defined with the postscreen_dnsbl_sites parameter.
 
-       Available in Postfix version 2.11 and later:
+       Available in Postfix version 3.0 and later:
 
        postscreen_dnsbl_timeout (10s)
               The time limit for DNSBL or DNSWL lookups.
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index 236b03ba3..0498b92d9 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -327,8 +327,8 @@ SMTP(8)                                                                SMTP(8)
 
        smtp_sasl_password_maps (empty)
               Optional Postfix  SMTP  client  lookup  tables  with  one  user-
-              name:password  entry  per  remote  hostname or domain, or sender
-              address when sender-dependent authentication is enabled.
+              name:password  entry  per  sender,  remote  hostname or next-hop
+              domain.
 
        smtp_sasl_security_options (noplaintext, noanonymous)
               Postfix SMTP client SASL security options; as of Postfix 2.3 the
@@ -845,6 +845,12 @@ SMTP(8)                                                                SMTP(8)
               In the context of email address verification, the SMTP  protocol
               stage that determines whether an email address is deliverable.
 
+       Available with Postfix 3.1 and later:
+
+       lmtp_fallback_relay (empty)
+              Optional list of relay hosts for LMTP destinations that can't be
+              found or that are unreachable.
+
 SEE ALSO
        generic(5), output address rewriting
        header_checks(5), message header content inspection
diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5
index 09c88f474..125ac9480 100644
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@@ -335,10 +335,11 @@ is received; it cannot execute in the context of
 This feature is available in Postfix 2.1 and later.
 .IP "\fBREDIRECT \fIuser@domain\fR"
 After the message is queued, send the message to the specified
-address instead of the intended recipient(s).
+address instead of the intended recipient(s).  When multiple
+\fBREDIRECT\fR actions fire, only the last one takes effect.
 .sp
-Note: this action overrides the FILTER action, and currently affects
-all recipients of the message.
+Note: this action overrides the FILTER action, and currently
+overrides all recipients of the message.
 .sp
 This feature is available in Postfix 2.1 and later.
 .IP "\fBINFO \fIoptional text...\fR
diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5
index 6549b7304..135ca9a06 100644
--- a/postfix/man/man5/header_checks.5
+++ b/postfix/man/man5/header_checks.5
@@ -185,7 +185,8 @@ available for negated patterns.
 Action names are case insensitive. They are shown in upper case
 for consistency with other Postfix documentation.
 .IP "\fBBCC \fIuser@domain\fR"
-Add the specified address as a BCC recipient. The address
+Add the specified address as a BCC recipient, and inspect
+the next input line. The address
 must have a local part and domain part. The number of BCC
 addresses that can be added is limited only by the amount
 of available storage space.
@@ -203,6 +204,7 @@ This feature is available in Postfix 3.0 and later.
 This feature is not supported with smtp header/body checks.
 .IP "\fBDISCARD \fIoptional text...\fR"
 Claim successful delivery and silently discard the message.
+Do not inspect the remainder of the input message.
 Log the optional text if specified, otherwise log a generic
 message.
 .sp
@@ -223,6 +225,8 @@ For backwards compatibility reasons, Postfix also accepts
 .sp
 This feature is available in Postfix 2.1 and later.
 .IP "\fBFILTER \fItransport:destination\fR"
+Override the content_filter parameter setting, and inspect
+the next input line.
 After the message is queued, send the entire message through
 the specified external content filter. The \fItransport\fR
 name specifies the first field of a mail delivery agent
@@ -341,9 +345,10 @@ header may be subject to address rewriting and may affect
 the way that Postfix adds missing message headers.
 .RE
 .IP "\fBREJECT \fIoptional text...\fR
-Reject the entire message. Reply with \fIoptional text...\fR when
-the optional text is specified, otherwise reply with a generic error
-message.
+Reject the entire message. Do not inspect the remainder of
+the input message.  Reply with \fIoptional text...\fR when
+the optional text is specified, otherwise reply with a
+generic error message.
 .sp
 Note: this action disables further header or body_checks inspection
 of the current message and affects all recipients.
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 2daaf4e9f..18f2eb083 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2673,6 +2673,21 @@ The LMTP\-specific version of the smtp_enforce_tls configuration
 parameter.  See there for details.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH lmtp_fallback_relay (default: empty)
+Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable.  In main.cf elements are separated by
+whitespace or commas.
+.PP
+By default, mail is returned to the sender when a destination is not
+found, and delivery is deferred when a destination is unreachable.
+.PP
+The fallback relays must be TCP destinations, specified without
+a leading "inet:" prefix.  Specify a host or host:port.  Since MX
+lookups do not apply with LMTP, there is no need to use the "[host]" or
+"[host]:port" forms.  If you specify multiple LMTP destinations, Postfix
+will try them in the specified order.
+.PP
+This feature is available in Postfix 3.1 and later.
 .SH lmtp_generic_maps (default: empty)
 The LMTP\-specific version of the smtp_generic_maps configuration
 parameter.  See there for details.
@@ -7035,11 +7050,10 @@ smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
 .ft R
 .SH smtp_sasl_password_maps (default: empty)
 Optional Postfix SMTP client lookup tables with one username:password
-entry
-per remote hostname or domain, or sender address when sender\-dependent
-authentication is enabled.  If no username:password entry is found,
-then the Postfix SMTP client will not
-attempt to authenticate to the remote host.
+entry per sender, remote hostname or next\-hop domain. Per\-sender
+lookup is done only when sender\-dependent authentication is enabled.
+If no username:password entry is found, then the Postfix SMTP client
+will not attempt to authenticate to the remote host.
 .PP
 The Postfix SMTP client opens the lookup table before going to
 chroot jail, so you can leave the password file in /etc/postfix.
diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8
index c71f1f777..bf92fbe00 100644
--- a/postfix/man/man8/postscreen.8
+++ b/postfix/man/man8/postscreen.8
@@ -36,11 +36,11 @@ off the connection immediately to a Postfix SMTP server
 process. This minimizes the overhead for legitimate mail.
 
 By default, \fBpostscreen\fR(8) logs statistics and hands
-off every connection to a Postfix SMTP server process, while
+off each connection to a Postfix SMTP server process, while
 excluding clients in mynetworks from all tests (primarily,
 to avoid problems with non\-standard SMTP implementations
-in network appliances).  This mode is useful for non\-destructive
-testing.
+in network appliances).  This default mode blocks no clients,
+and is useful for non\-destructive testing.
 
 In a typical production setting, \fBpostscreen\fR(8) is
 configured to reject mail from clients that fail one or
@@ -249,7 +249,7 @@ Allow a remote SMTP client to skip "before" and "after 220
 greeting" protocol tests, based on its combined DNSBL score as
 defined with the postscreen_dnsbl_sites parameter.
 .PP
-Available in Postfix version 2.11 and later:
+Available in Postfix version 3.0 and later:
 .IP "\fBpostscreen_dnsbl_timeout (10s)\fR"
 The time limit for DNSBL or DNSWL lookups.
 .SH "AFTER 220 GREETING TESTS"
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 4ec66d8a2..f823010f5 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -314,9 +314,7 @@ EHLO response announces XFORWARD support.
 Enable SASL authentication in the Postfix SMTP client.
 .IP "\fBsmtp_sasl_password_maps (empty)\fR"
 Optional Postfix SMTP client lookup tables with one username:password
-entry
-per remote hostname or domain, or sender address when sender\-dependent
-authentication is enabled.
+entry per sender, remote hostname or next\-hop domain.
 .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
 Postfix SMTP client SASL security options; as of Postfix 2.3
 the list of available
@@ -735,6 +733,11 @@ Available with Postfix 3.0 and later:
 .IP "\fBsmtp_address_verify_target (rcpt)\fR"
 In the context of email address verification, the SMTP protocol
 stage that determines whether an email address is deliverable.
+.PP
+Available with Postfix 3.1 and later:
+.IP "\fBlmtp_fallback_relay (empty)\fR"
+Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable.
 .SH "SEE ALSO"
 .na
 .nf
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index df47611d0..049c6f938 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -633,6 +633,7 @@ while (<>) {
 
     s;\bsmtp_enforce_tls\b;$&;g;
     s;\bsmtp_fallback_relay\b;$&;g;
+    s;\blmtp_fallback_relay\b;$&;g;
     s;\bsmtp_[-]*\n* *[]*sasl_[-]*\n* *[]*tls_[-]*\n* *[]*secu[-]*\n* *[]*rity_options\b;$&;g;
     s;\bsmtp_sasl_tls_verified_secu[-]*\n* *[]*rity_options\b;$&;g;
     s;\bsmtp_sasl_type\b;$&;g;
diff --git a/postfix/postfix-install b/postfix/postfix-install
index 1662c3dca..d5db0bbf3 100644
--- a/postfix/postfix-install
+++ b/postfix/postfix-install
@@ -592,6 +592,17 @@ do
    esac
 done
 
+# Don't allow whitespace in parameter settings.
+
+for name in $CONFIG_PARAMS sample_directory
+do
+    eval junk=\$$name
+    case "$junk" in
+*"	"*|*" "*) echo $0: Error: $name value contains whitespace: "'$junk'" 1>&2
+		  exit 1;;
+    esac
+done
+
 test -d $tempdir || mkdir -p $tempdir || exit 1
 
 trap "rm -f $tempdir/junk" 0 1 2 3 15
diff --git a/postfix/proto/COMPATIBILITY_README.html b/postfix/proto/COMPATIBILITY_README.html
index 557ca04b6..e8a3a60da 100644
--- a/postfix/proto/COMPATIBILITY_README.html
+++ b/postfix/proto/COMPATIBILITY_README.html
@@ -267,10 +267,15 @@ explicit list of domain names. 
    
 setting smtputf8_enable=no 
 
 
     The smtputf8_enable default value has changed from "no" to "yes.
-As long as the smtputf8_enable parameter is left at its implicit
+With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
+addresses from clients that don't request SMTPUTF8 support. With
+the old "no" setting, Postfix will accept such addresses, even if
+such addresses are not permitted by traditional SMTP standards. 
    
+
+
     As long as the smtputf8_enable parameter is left at its implicit
 default value, and the backwards-compatible default setting is
 turned on, Postfix logs a warning each time an SMTP command uses a
-non-ASCII address localpart: 
    
+non-ASCII address localpart without requesting SMTPUTF8 support: 
    
 
 
    
 
    diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html
index 99f303361..c15341072 100644
--- a/postfix/proto/FORWARD_SECRECY_README.html
+++ b/postfix/proto/FORWARD_SECRECY_README.html
@@ -551,8 +551,8 @@ signature.  
    
 
      Postfix SMTP server: The status is never "Verified",
 because the Postfix SMTP server never verifies the remote SMTP
 client name against the names in the client certificate, and because
-the Postfix SMTP does not expect a specific fingerprint in the
-client public key or certificate.  
    
+the Postfix SMTP server does not expect a specific fingerprint in
+the client public key or certificate.  
    
 
 
 
diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html
index 823c9b3a2..9f6e1c042 100644
--- a/postfix/proto/SMTPUTF8_README.html
+++ b/postfix/proto/SMTPUTF8_README.html
@@ -92,7 +92,7 @@ servers (Dovecot), and down-stream SMTP servers. 
    
 
 
     Postfix SMTPUTF8 support is enabled by default, but it may be
 disabled as part of a backwards-compatibility safety net (see the
-Postfix 3.0 RELEASE_NOTES file). 
    
+COMPATIBILITY_README file). 
    
 
 
     SMTPUTF8 support is enabled by setting the smtputf8_enable
 parameter in main.cf:
    
diff --git a/postfix/proto/STRESS_README.html b/postfix/proto/STRESS_README.html
index 77caf4886..526bccef2 100644
--- a/postfix/proto/STRESS_README.html
+++ b/postfix/proto/STRESS_README.html
@@ -158,16 +158,19 @@ default with Postfix 2.6 and later. 
    
 
 
    
 
    -1 smtpd_timeout = ${stress?10}${stress:300}s
-2 smtpd_hard_error_limit = ${stress?1}${stress:20}
-3 smtpd_junk_command_limit = ${stress?1}${stress:100}
+1 smtpd_timeout = ${stress?{10}:{300}}s
+2 smtpd_hard_error_limit = ${stress?{1}:{20}}
+3 smtpd_junk_command_limit = ${stress?{1}:{100}}
 4 # Parameters added after Postfix 2.6:
-5 smtpd_per_record_deadline = ${stress?yes}${stress:no}
-6 smtpd_starttls_timeout = ${stress?10}${stress:300}s
-7 address_verify_poll_count = ${stress?1}${stress:3}
+5 smtpd_per_record_deadline = ${stress?{yes}:{no}}
+6 smtpd_starttls_timeout = ${stress?{10}:{300}}s
+7 address_verify_poll_count = ${stress?{1}:{3}}
 
    
 
    
 
+
     With Postfix versions before 3.0, replace ${stress?{x}:{y}}
+with ${stress?x}${stress:y}. 
    
+
 
     Translation: 
    
 
 
      
diff --git a/postfix/proto/access b/postfix/proto/access
index d66ab8aae..386721051 100644
--- a/postfix/proto/access
+++ b/postfix/proto/access
@@ -340,10 +340,11 @@
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBREDIRECT \fIuser@domain\fR"
 #	After the message is queued, send the message to the specified
-#	address instead of the intended recipient(s).
+#	address instead of the intended recipient(s).  When multiple
+#	\fBREDIRECT\fR actions fire, only the last one takes effect.
 # .sp
-#	Note: this action overrides the FILTER action, and currently affects
-#	all recipients of the message.
+#	Note: this action overrides the FILTER action, and currently
+#	overrides all recipients of the message.
 # .sp
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBINFO \fIoptional text...\fR
diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks
index b51e182f9..bec930f25 100644
--- a/postfix/proto/header_checks
+++ b/postfix/proto/header_checks
@@ -163,7 +163,8 @@
 #	Action names are case insensitive. They are shown in upper case
 #	for consistency with other Postfix documentation.
 # .IP "\fBBCC \fIuser@domain\fR"
-#	Add the specified address as a BCC recipient. The address
+#	Add the specified address as a BCC recipient, and inspect
+#	the next input line. The address
 #	must have a local part and domain part. The number of BCC
 #	addresses that can be added is limited only by the amount
 #	of available storage space.
@@ -208,6 +209,7 @@
 # \"	This feature is available in Postfix 2.3 and later.
 # .IP "\fBDISCARD \fIoptional text...\fR"
 #	Claim successful delivery and silently discard the message.
+#	Do not inspect the remainder of the input message.
 #	Log the optional text if specified, otherwise log a generic
 #	message.
 # .sp
@@ -228,6 +230,8 @@
 # .sp
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBFILTER \fItransport:destination\fR"
+#	Override the content_filter parameter setting, and inspect
+#	the next input line.
 #	After the message is queued, send the entire message through
 #	the specified external content filter. The \fItransport\fR
 #	name specifies the first field of a mail delivery agent
@@ -346,9 +350,10 @@
 #	the way that Postfix adds missing message headers.
 # .RE
 # .IP "\fBREJECT \fIoptional text...\fR
-#	Reject the entire message. Reply with \fIoptional text...\fR when
-#	the optional text is specified, otherwise reply with a generic error
-#	message.
+#	Reject the entire message. Do not inspect the remainder of
+#	the input message.  Reply with \fIoptional text...\fR when
+#	the optional text is specified, otherwise reply with a
+#	generic error message.
 # .sp
 #	Note: this action disables further header or body_checks inspection
 #	of the current message and affects all recipients.
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index dc45d8a7c..c9de2433f 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1509,6 +1509,25 @@ as the right-hand side for backup or primary MX domain entries.
 for destinations that it is MX host for.
 
      
 
+%PARAM lmtp_fallback_relay
+
+
       Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable.  In main.cf elements are separated by
+whitespace or commas.  
      
+
+
       By default, mail is returned to the sender when a destination is not
+found, and delivery is deferred when a destination is unreachable.  
      
+
+
       The fallback relays must be TCP destinations, specified without
+a leading "inet:" prefix.  Specify a host or host:port.  Since MX
+lookups do not apply with LMTP, there is no need to use the "[host]" or
+"[host]:port" forms.  If you specify multiple LMTP destinations, Postfix
+will try them in the specified order.  
      
+
+
      
+This feature is available in Postfix 3.1 and later.
+
      
+
 %PARAM fast_flush_domains $relay_domains
 
 
      
@@ -4493,11 +4512,10 @@ smtp_sasl_auth_enable = yes
 
 
      
 Optional Postfix SMTP client lookup tables with one username:password
-entry
-per remote hostname or domain, or sender address when sender-dependent
-authentication is enabled.  If no username:password entry is found,
-then the Postfix SMTP client will not
-attempt to authenticate to the remote host.
+entry per sender, remote hostname or next-hop domain. Per-sender
+lookup is done only when sender-dependent authentication is enabled.
+If no username:password entry is found, then the Postfix SMTP client
+will not attempt to authenticate to the remote host.
 
      
 
 
      
diff --git a/postfix/src/dns/dns_strrecord.c b/postfix/src/dns/dns_strrecord.c
index 9912b7cf1..318cdb90b 100644
--- a/postfix/src/dns/dns_strrecord.c
+++ b/postfix/src/dns/dns_strrecord.c
@@ -1,6 +1,6 @@
 /*++
 /* NAME
-/*	dns_strtype 3
+/*	dns_strrecord 3
 /* SUMMARY
 /*	name service resource record printable forms
 /* SYNOPSIS
@@ -65,9 +65,11 @@ char   *dns_strrecord(VSTRING *buf, DNS_RR *rr)
     case T_MR:
     case T_NS:
     case T_PTR:
-    case T_TXT:
 	vstring_sprintf_append(buf, "%s.", rr->data);
 	break;
+    case T_TXT:
+	vstring_sprintf_append(buf, "%s", rr->data);
+	break;
     case T_MX:
 	vstring_sprintf_append(buf, "%u %s.", rr->pref, rr->data);
 	break;
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 8d419e0fc..54a70e25f 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -216,7 +216,8 @@ extern char *var_null_relay_maps_key;
 
 #define VAR_SMTP_FALLBACK	"smtp_fallback_relay"
 #define DEF_SMTP_FALLBACK	"$fallback_relay"
-#define VAR_LMTP_FALLBACK	"smtp_fallback_relay"
+#define VAR_LMTP_FALLBACK	"lmtp_fallback_relay"
+#define DEF_LMTP_FALLBACK	""
 #define DEF_FALLBACK_RELAY	""
 extern char *var_fallback_relay;
 
@@ -3127,19 +3128,19 @@ extern bool var_smtp_cname_overr;
 #endif
 
 #define VAR_TLS_HIGH_CLIST	"tls_high_cipherlist"
-#define DEF_TLS_HIGH_CLIST	PREFER_aNULL "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
+#define DEF_TLS_HIGH_CLIST	PREFER_aNULL "HIGH:@STRENGTH"
 extern char *var_tls_high_clist;
 
 #define VAR_TLS_MEDIUM_CLIST	"tls_medium_cipherlist"
-#define DEF_TLS_MEDIUM_CLIST	PREFER_aNULL "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
+#define DEF_TLS_MEDIUM_CLIST	PREFER_aNULL "HIGH:MEDIUM:+RC4:@STRENGTH"
 extern char *var_tls_medium_clist;
 
 #define VAR_TLS_LOW_CLIST	"tls_low_cipherlist"
-#define DEF_TLS_LOW_CLIST	PREFER_aNULL "ALL:!EXPORT:+RC4:@STRENGTH"
+#define DEF_TLS_LOW_CLIST	PREFER_aNULL "HIGH:MEDIUM:LOW:+RC4:@STRENGTH"
 extern char *var_tls_low_clist;
 
 #define VAR_TLS_EXPORT_CLIST	"tls_export_cipherlist"
-#define DEF_TLS_EXPORT_CLIST	PREFER_aNULL "ALL:+RC4:@STRENGTH"
+#define DEF_TLS_EXPORT_CLIST	PREFER_aNULL "HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH"
 extern char *var_tls_export_clist;
 
 #define VAR_TLS_NULL_CLIST	"tls_null_cipherlist"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f012fcd9d..a3d090ebc 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20150216"
+#define MAIL_RELEASE_DATE	"20150329"
 #define MAIL_VERSION_NUMBER	"3.1"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index e4bf8e486..95c70b44e 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -30,11 +30,11 @@
 /*	process. This minimizes the overhead for legitimate mail.
 /*
 /*	By default, \fBpostscreen\fR(8) logs statistics and hands
-/*	off every connection to a Postfix SMTP server process, while
+/*	off each connection to a Postfix SMTP server process, while
 /*	excluding clients in mynetworks from all tests (primarily,
 /*	to avoid problems with non-standard SMTP implementations
-/*	in network appliances).  This mode is useful for non-destructive
-/*	testing.
+/*	in network appliances).  This default mode blocks no clients,
+/*	and is useful for non-destructive testing.
 /*
 /*	In a typical production setting, \fBpostscreen\fR(8) is
 /*	configured to reject mail from clients that fail one or
@@ -221,7 +221,7 @@
 /*	greeting" protocol tests, based on its combined DNSBL score as
 /*	defined with the postscreen_dnsbl_sites parameter.
 /* .PP
-/*	Available in Postfix version 2.11 and later:
+/*	Available in Postfix version 3.0 and later:
 /* .IP "\fBpostscreen_dnsbl_timeout (10s)\fR"
 /*	The time limit for DNSBL or DNSWL lookups.
 /* AFTER 220 GREETING TESTS
diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c
index 5f47a2a9b..39f5e1368 100644
--- a/postfix/src/smtp/lmtp_params.c
+++ b/postfix/src/smtp/lmtp_params.c
@@ -1,5 +1,6 @@
     static const CONFIG_STR_TABLE lmtp_str_table[] = {
 	VAR_NOTIFY_CLASSES, DEF_NOTIFY_CLASSES, &var_notify_classes, 0, 0,
+	VAR_LMTP_FALLBACK, DEF_LMTP_FALLBACK, &var_fallback_relay, 0, 0,
 	VAR_BESTMX_TRANSP, DEF_BESTMX_TRANSP, &var_bestmx_transp, 0, 0,
 	VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
 	VAR_LMTP_SASL_PASSWD, DEF_LMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0,
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 29450e1a9..e1a8d2c2e 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -286,9 +286,7 @@
 /*	Enable SASL authentication in the Postfix SMTP client.
 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
 /*	Optional Postfix SMTP client lookup tables with one username:password
-/*	entry
-/*	per remote hostname or domain, or sender address when sender-dependent
-/*	authentication is enabled.
+/*	entry per sender, remote hostname or next-hop domain.
 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
 /*	Postfix SMTP client SASL security options; as of Postfix 2.3
 /*	the list of available
@@ -695,6 +693,11 @@
 /* .IP "\fBsmtp_address_verify_target (rcpt)\fR"
 /*	In the context of email address verification, the SMTP protocol
 /*	stage that determines whether an email address is deliverable.
+/* .PP
+/*	Available with Postfix 3.1 and later:
+/* .IP "\fBlmtp_fallback_relay (empty)\fR"
+/*	Optional list of relay hosts for LMTP destinations that can't be
+/*	found or that are unreachable.
 /* SEE ALSO
 /*	generic(5), output address rewriting
 /*	header_checks(5), message header content inspection
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index b81ead92a..1f5b1c1a3 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -472,6 +472,13 @@ static void smtp_connect_local(SMTP_STATE *state, const char *path)
     SMTP_SESSION *session;
     DSN_BUF *why = state->why;
 
+    /*
+     * Do not silently ignore an unused setting.
+     */
+    if (*var_fallback_relay)
+	msg_warn("ignoring \"%s = %s\" setting for non-TCP connections",
+		 VAR_LMTP_FALLBACK, var_fallback_relay);
+
     /*
      * It's too painful to weave this code into the SMTP connection
      * management routine.
@@ -761,20 +768,15 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
     }
 
     /*
-     * First try to deliver to the indicated destination, then try to deliver
-     * to the optional fall-back relays.
-     * 
-     * Future proofing: do a null destination sanity check in case we allow the
-     * primary destination to be a list (it could be just separators).
+     * Future proofing: do a null destination sanity check in case we allow
+     * the primary destination to be a list (it could be just separators).
      */
     sites = argv_alloc(1);
     argv_add(sites, nexthop, (char *) 0);
     if (sites->argc == 0)
 	msg_panic("null destination: \"%s\"", nexthop);
     non_fallback_sites = sites->argc;
-    /* When we are lmtp(8) var_fallback_relay is null */
-    if (smtp_mode)
-	argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP);
+    argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP);
 
     /*
      * Don't give up after a hard host lookup error until we have tried the
@@ -815,9 +817,8 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 	    state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
 
 	/*
-	 * Parse the destination. Default is to use the SMTP port. Look up
-	 * the address instead of the mail exchanger when a quoted host is
-	 * specified, or when DNS lookups are disabled.
+	 * Parse the destination. If no TCP port is specified, use the port
+	 * that is reserved for the protocol (SMTP or LMTP).
 	 */
 	dest_buf = smtp_parse_destination(dest, def_service, &domain, &port);
 	if (var_helpful_warnings && var_smtp_tls_wrappermode == 0
@@ -832,8 +833,9 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 	SMTP_ITER_INIT(iter, dest, NO_HOST, NO_ADDR, port, state);
 
 	/*
-	 * Resolve an SMTP server. Skip mail exchanger lookups when a quoted
-	 * host is specified, or when DNS lookups are disabled.
+	 * Resolve an SMTP or LMTP server. In the case of SMTP, skip mail
+	 * exchanger lookups when a quoted host is specified or when DNS
+	 * lookups are disabled.
 	 */
 	if (msg_verbose)
 	    msg_info("connecting to %s port %d", domain, ntohs(port));
@@ -1072,7 +1074,7 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 	 * Pay attention to what could be configuration problems, and pretend
 	 * that these are recoverable rather than bouncing the mail.
 	 */
-	else if (!SMTP_HAS_SOFT_DSN(why) && smtp_mode) {
+	else if (!SMTP_HAS_SOFT_DSN(why)) {
 
 	    /*
 	     * The fall-back destination did not resolve as expected, or it
@@ -1087,8 +1089,13 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 	    /*
 	     * The next-hop relayhost did not resolve as expected, or it is
 	     * refusing to talk to us, or mail for it loops back to us.
+	     * 
+	     * XXX There is no equivalent safety net for mis-configured
+	     * sender-dependent relay hosts. The trivial-rewrite resolver
+	     * would have to flag the result, and the queue manager would
+	     * have to provide that information to delivery agents.
 	     */
-	    else if (strcmp(sites->argv[0], var_relayhost) == 0) {
+	    else if (smtp_mode && strcmp(sites->argv[0], var_relayhost) == 0) {
 		msg_warn("%s configuration problem", VAR_RELAYHOST);
 		vstring_strcpy(why->status, "4.3.5");
 		/* XXX Keep the diagnostic code and MTA. */
@@ -1098,7 +1105,7 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 	     * Mail for the next-hop destination loops back to myself. Pass
 	     * the mail to the best_mx_transport or bounce it.
 	     */
-	    else if (SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
+	    else if (smtp_mode && SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
 		dsb_reset(why);			/* XXX */
 		state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
 						 var_bestmx_transp,
@@ -1151,9 +1158,6 @@ int     smtp_connect(SMTP_STATE *state)
     }
 
     /*
-     * With SMTP we can have indirection via MX host lookup, as well as an
-     * optional fall-back relayhost that we must avoid when we are MX host.
-     * 
      * XXX We don't add support for "unix:" or "inet:" prefixes in SMTP
      * destinations, because that would break compatibility with existing
      * Postfix configurations that have a host with such a name.
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index abc00d9e3..4208795fb 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -4341,7 +4341,7 @@ static void smtpd_start_tls(SMTPD_STATE *state)
      * VSTREAMS, so that we don't lose all the user-configurable
      * state->client attributes (such as longjump buffers or timeouts).
      * 
-     * As we implement tlsproy support in the Postfix SMTP client we should
+     * As we implement tlsproxy support in the Postfix SMTP client we should
      * develop a usable abstraction that encapsulates this stream plumbing in
      * a library module.
      */
diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c
index 0f8e6bbd0..2c65c2caf 100644
--- a/postfix/src/trivial-rewrite/resolve.c
+++ b/postfix/src/trivial-rewrite/resolve.c
@@ -591,15 +591,20 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr,
 		if (*relay == 0) {
 		    msg_warn("%s: ignoring null lookup result for %s",
 			     rp->snd_relay_maps_name, sender_key);
-		    relay = "DUNNO";
-		}
-		vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ?
-			       rcpt_domain : relay);
+		    relay = 0;
+		} else if (strcasecmp_utf8(relay, "DUNNO") == 0)
+		    relay = 0;
 	    } else if (rp->snd_relay_info
 		       && rp->snd_relay_info->error != 0) {
 		msg_warn("%s lookup failure", rp->snd_relay_maps_name);
 		*flags |= RESOLVE_FLAG_FAIL;
 		FREE_MEMORY_AND_RETURN;
+	    } else {
+		relay = 0;
+	    }
+	    /* Enforce all the relayhost precedences in one place. */
+	    if (relay != 0) {
+		vstring_strcpy(nexthop, relay);
 	    } else if (*RES_PARAM_VALUE(rp->relayhost))
 		vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost));
 	    else
diff --git a/postfix/src/util/allascii.c b/postfix/src/util/allascii.c
index e2be6b95a..6c8ff5f0f 100644
--- a/postfix/src/util/allascii.c
+++ b/postfix/src/util/allascii.c
@@ -9,7 +9,7 @@
 /*	int	allascii(buffer)
 /*	const char *buffer;
 /*
-/*	int	allascii_len(buffer len)
+/*	int	allascii_len(buffer, len)
 /*	const char *buffer;
 /*	ssize_t	len;
 /* DESCRIPTION
@@ -35,6 +35,7 @@
 
 #include 
 #include 
+#include 
 
 /* Utility library. */