diff --git a/postfix/HISTORY b/postfix/HISTORY
index 04f6a3209..cd7b6ac66 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -19684,3 +19684,47 @@ Apologies for any names omitted.
 	SSLv2 or SSLv3.  See the RELEASE_NOTES file for how to get
 	the old settings back. Files: global/mail_params.h,
 	proto/postconf.proto, and files derived from those.
+
+20150903
+
+	Workaround: disable DNSSEC support for AIX 7x and earlier.
+	The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
+	defining the "ad" bit.  Viktor Dukhovni.  Files: makedefs,
+	proto/INSTALL.html, dns/dns.h.
+
+20150923
+
+	Bugfix (introduced: 20120531-617): the Postfix SMTP server
+	used a larger-than-1 VSTREAM buffer to read the HAProxy
+	connection hand-off information. This broke TLS wrappermode,
+	as the TLS helo packet would end up in the plaintext VSTREAM
+	buffer. Reported by Lukas Erlacher.  File: smtpd/smtpd_haproxy.c.
+
+20150924
+
+	Bugfix (introduced: 20090216-24): incorrect postmulti error
+	message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
+	File: postmulti/postmulti.c.
+
+	Workaround: don't create a new instance when the template
+	main.cf and master.cf files are missing, as happens on
+	Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
+
+20150925
+
+	Bugfix (introduced: 19970309, fixed 20150421 in development
+	release): reset errno before calling readdir(), in order
+	to distinguish between an end-of-directory and an error
+	condition. File: scandir.c.
+
+20150930
+
+	Bugfix (introduced: 20040124): Milter client panic while
+	adding a header, because the PREPEND action used the same
+	output function for header_checks and body_checks.  Viktor
+	Dukhovni and Wietse. File: cleanup/cleanup_message.c.
+
+	Bugfix (introduced: 20031128): xtext_unquote() did not
+	propagate error reports from xtext_unquote_append(), causing
+	the decoder to return partial ouput, instead of rejecting
+	malformed input. Fix by Krzysztof Wojta.  File: global/xtext.c.
diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL
index 3a473abb1..3d854cf41 100644
--- a/postfix/README_FILES/INSTALL
+++ b/postfix/README_FILES/INSTALL
@@ -255,6 +255,9 @@ The following is an extensive list of names and values.
 ||                             |probably should also override DEF_DB_TYPE as  |
 ||                             |described in section 4.4.                     |
 |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+||-DNO_DNSSEC                  |Do not build with DNSSEC support, even if the |
+||                             |resolver library appears to support it.       |
+|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 ||                             |Do not build with Solaris /dev/poll support.  |
 ||-DNO_DEVPOLL                 |By default, /dev/poll support is compiled in  |
 ||                             |on Solaris versions that are known to support |
diff --git a/postfix/conf/postmulti-script b/postfix/conf/postmulti-script
index 417a8718a..c68bd0ce8 100644
--- a/postfix/conf/postmulti-script
+++ b/postfix/conf/postmulti-script
@@ -127,6 +127,11 @@ create|import)
 		fatal "'$config_directory' lacks a master.cf file"
 	}
 
+	test -f $daemon_directory/main.cf ||
+	    fatal "Missing main.cf prototype: $daemon_directory/main.cf"
+	test -f $daemon_directory/master.cf ||
+	    fatal "Missing master.cf prototype: $daemon_directory/master.cf"
+
 	# Create instance-specific directories
 	#
 	test -d $config_directory ||
diff --git a/postfix/html/INSTALL.html b/postfix/html/INSTALL.html
index 7eb29a05d..7c12f1106 100644
--- a/postfix/html/INSTALL.html
+++ b/postfix/html/INSTALL.html
@@ -383,6 +383,10 @@ platforms that are known to support this feature. If you override
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.4.  </td> </tr>
 
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support
diff --git a/postfix/makedefs b/postfix/makedefs
index 3551ff035..de600f5c2 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -31,6 +31,9 @@
 #	Do not build with Solaris /dev/poll support.
 #	By default, /dev/poll support is compiled in on platforms that
 #	are known to support it.
+# .IP \fB-DNO_DNSSEC\fR
+#	Do not build with DNSSEC support, even if the resolver
+#	library appears to support it.
 # .IP \fB-DNO_EPOLL\fR
 #	Do not build with Linux EPOLL support.
 #	By default, EPOLL support is compiled in on platforms that
@@ -259,18 +262,21 @@ case "$SYSTEM.$RELEASE" in
 		;;
        AIX.*)	case "`uname -v`" in
 		6)	SYSTYPE=AIX6
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
 			esac
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		5)	SYSTYPE=AIX5
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
 			esac
 			CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
 			;;
 		4)	SYSTYPE=AIX4
+			CCARGS="$CCARGS -DNO_DNSSEC"
 			# How embarrassing...
 			case "$CC" in
 			cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
diff --git a/postfix/proto/INSTALL.html b/postfix/proto/INSTALL.html
index 383e9faec..1b37a235e 100644
--- a/postfix/proto/INSTALL.html
+++ b/postfix/proto/INSTALL.html
@@ -383,6 +383,10 @@ platforms that are known to support this feature. If you override
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.4.  </td> </tr>
 
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index cde3b7c93..c624abeb0 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -385,11 +385,20 @@ static const char *cleanup_act(CLEANUP_STATE *state, char *context,
     if (STREQUAL(value, "PREPEND", command_len)) {
 	if (*optional_text == 0) {
 	    msg_warn("PREPEND action without text in %s map", map_class);
-	} else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0
-		   && !is_header(optional_text)) {
-	    msg_warn("bad PREPEND header text \"%s\" in %s map -- "
-		     "need \"headername: headervalue\"",
-		     optional_text, map_class);
+	} else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) {
+	    if (!is_header(optional_text)) {
+		msg_warn("bad PREPEND header text \"%s\" in %s map -- "
+			 "need \"headername: headervalue\"",
+			 optional_text, map_class);
+	    } else {
+		VSTRING *temp;
+
+		cleanup_act_log(state, "prepend", context, buf, optional_text);
+		temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
+                                                    optional_text);
+		cleanup_out_header(state, temp);
+		vstring_free(temp);
+	    }
 	} else {
 	    cleanup_act_log(state, "prepend", context, buf, optional_text);
 	    cleanup_out_string(state, REC_TYPE_NORM, optional_text);
diff --git a/postfix/src/dns/dns.h b/postfix/src/dns/dns.h
index 0d11e35ed..6336801d1 100644
--- a/postfix/src/dns/dns.h
+++ b/postfix/src/dns/dns.h
@@ -52,6 +52,13 @@
 	(cp) += 4; \
 }
 
+#endif
+
+/*
+ * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
+ */
+#ifdef NO_DNSSEC
+#undef RES_USE_DNSSEC
 #endif
 
  /*
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 91d9cebc7..8e7e51101 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20150720"
-#define MAIL_VERSION_NUMBER	"2.11.6"
+#define MAIL_RELEASE_DATE	"20151010"
+#define MAIL_VERSION_NUMBER	"2.11.7"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/global/xtext.c b/postfix/src/global/xtext.c
index 4e7373344..412e7a5c6 100644
--- a/postfix/src/global/xtext.c
+++ b/postfix/src/global/xtext.c
@@ -134,8 +134,7 @@ VSTRING *xtext_unquote_append(VSTRING *unquoted, const char *quoted)
 VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted)
 {
     VSTRING_RESET(unquoted);
-    xtext_unquote_append(unquoted, quoted);
-    return (unquoted);
+    return (xtext_unquote_append(unquoted, quoted) ? unquoted : 0);
 }
 
 #ifdef TEST
diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c
index 14cd1933f..95aae172d 100644
--- a/postfix/src/postmulti/postmulti.c
+++ b/postfix/src/postmulti/postmulti.c
@@ -1689,7 +1689,7 @@ int     main(int argc, char **argv)
 	case 'e':
 	    if ((code = EDIT_CMD_CODE(optarg)) < 0)
 		msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', "
-			  "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
+			  "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
 			  optarg,
 			  EDIT_CMD_STR(EDIT_CMD_CREATE),
 			  EDIT_CMD_STR(EDIT_CMD_DESTROY),
@@ -1698,8 +1698,7 @@ int     main(int argc, char **argv)
 			  EDIT_CMD_STR(EDIT_CMD_ENABLE),
 			  EDIT_CMD_STR(EDIT_CMD_DISABLE),
 			  EDIT_CMD_STR(EDIT_CMD_ASSIGN),
-			  EDIT_CMD_STR(EDIT_CMD_INIT),
-			  optarg);
+			  EDIT_CMD_STR(EDIT_CMD_INIT));
 	    if (cmd_mode != code)
 		command_mode_count++;
 	    cmd_mode = code;
diff --git a/postfix/src/smtpd/smtpd_haproxy.c b/postfix/src/smtpd/smtpd_haproxy.c
index 599e3ed42..a4c527ce3 100644
--- a/postfix/src/smtpd/smtpd_haproxy.c
+++ b/postfix/src/smtpd/smtpd_haproxy.c
@@ -95,6 +95,14 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
     int     io_err;
     VSTRING *escape_buf;
 
+    /*
+     * While reading HAProxy handshake information, don't buffer input beyond
+     * the end-of-line. That would break the TLS wrappermode handshake.
+     */
+    vstream_control(state->client,
+		    VSTREAM_CTL_BUFSIZE, 1,
+		    VSTREAM_CTL_END);
+
     /*
      * Note: the haproxy_srvr_parse() routine performs address protocol
      * checks, address and port syntax checks, and converts IPv4-in-IPv6
@@ -142,6 +150,13 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
 	 * Avoid surprises in the Dovecot authentication server.
 	 */
 	state->dest_addr = mystrdup(smtp_server_addr.buf);
+
+	/*
+	 * Enable normal buffering.
+	 */
+	vstream_control(state->client,
+			VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
+			VSTREAM_CTL_END);
 	return (0);
     }
 }
diff --git a/postfix/src/util/scan_dir.c b/postfix/src/util/scan_dir.c
index de124df55..c2d47bbb3 100644
--- a/postfix/src/util/scan_dir.c
+++ b/postfix/src/util/scan_dir.c
@@ -78,6 +78,7 @@
 #endif
 #endif
 #include <string.h>
+#include <errno.h>
 
 /* Utility library. */
 
@@ -177,6 +178,13 @@ char   *scan_dir_next(SCAN_DIR *scan)
 #define STREQ(x,y)	(strcmp((x),(y)) == 0)
 
     if (info) {
+
+	/*
+	 * Fix 20150421: readdir() does not reset errno after reaching the
+	 * end-of-directory. This dates back all the way to the initial
+	 * implementation of 19970309.
+	 */
+	errno = 0;
 	while ((dp = readdir(info->dir)) != 0) {
 	    if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) {
 		if (msg_verbose > 1)