postfix-2.7-20091115

postfix/HISTORY

@@ -15453,11 +15453,11 @@ Apologies for any names omitted.
 
 20091023
 
-	Feature: specify "smtp_command_maps = pcre:/file/name" to
+	Feature: specify "smtp_command_filter = pcre:/file/name"
-	replace incoming SMTP commands before they are executed by
+	to replace remote SMTP client commands before they are
-	the Postfix SMTP server. This a last-resort tool to fix bad
+	executed by the Postfix SMTP server. This a last-resort
-	command syntax that Postfix would otherwise reject.  See
+	tool to fix inter-operability problems.  See examples in
-	examples in the postconf(5) manual page.  File: smtpd/smtpd.c.
+	the postconf(5) manual page.  File: smtpd/smtpd.c.
 
 20091026
 
@@ -15498,3 +15498,26 @@ Apologies for any names omitted.
 	SMTP servers that reply to the malicious commands after
 	negotiating the Postfix SMTP client TLS session. File:
 	smtp/smtp_proto.c.
+
+20091113
+
+	Workaround: skip interfaces without netmask, to avoid
+	segfaults (reported by Dmitry Karasik). Don't supply a dummy
+	null netmask, as that would turn Postfix into an open relay
+	(mynetworks = 0.0.0.0/0). File: util/inet_addr_local.c.
+
+	Bugfix: forgot to flush output to the smtpd_proxy speed-adjust
+	buffer before truncating the file. Reported by Mark Martinec,
+	fix by Victor Duchovni. File: smtpd/smtpd_proxy.c.
+
+20091114
+
+	Feature: specify "smtp_reply_filter = pcre:/file/name" to
+	replace remote SMTP server reply lines before they are
+	parsed by the Postfix SMTP client. This a last-resort tool
+	to fix inter-operability problems.  See examples in the
+	postconf(5) manual page.  File: smtp/smtp_chat.c.
+
+	Safety: don't send postmaster notifications to report
+	problems delivering (possible) postmaster notifications.
+	File: smtp/smtp_connect.c.

postfix/WISHLIST

@@ -2,6 +2,9 @@ Wish list:
 
 	Remove this file from the stable release.
 
+	Move smtpd_command_filter into smtpd_chat_query() and update
+	the session transcript (see smtp_chat_reply() for an example).
+
 	Add smtpd_sender_login_maps to proxy_read_maps.
 
 	SMTP connection caching without storing connections, to

postfix/html/lmtp.8.html

@@ -196,12 +196,16 @@ SMTP(8)                                                                SMTP(8)
               Quote addresses in SMTP MAIL FROM and RCPT TO  com-
               mands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
 
+       <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
+              A  mechanism  to transform replies from remote SMTP
+              servers one line at a time.
+
        <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
               Skip SMTP servers that greet with a 5XX status code
               (go away, do not try again later).
 
        <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
-              Do not wait for the response to the SMTP QUIT  com-
+              Do  not wait for the response to the SMTP QUIT com-
               mand.
 
        Available in Postfix version 2.0 and earlier:
@@ -213,44 +217,44 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
-              Lookup tables, indexed by the  remote  SMTP  server
+              Lookup  tables,  indexed  by the remote SMTP server
-              address,  with  case insensitive lists of EHLO key-
+              address, with case insensitive lists of  EHLO  key-
-              words (pipelining, starttls, auth, etc.)  that  the
+              words  (pipelining,  starttls, auth, etc.) that the
-              Postfix   SMTP  client  will  ignore  in  the  EHLO
+              Postfix  SMTP  client  will  ignore  in  the   EHLO
               response from a remote SMTP server.
 
        <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
-              A case insensitive list of EHLO keywords  (pipelin-
+              A  case insensitive list of EHLO keywords (pipelin-
-              ing,  starttls,  auth,  etc.) that the Postfix SMTP
+              ing, starttls, auth, etc.) that  the  Postfix  SMTP
-              client will ignore in  the  EHLO  response  from  a
+              client  will  ignore  in  the  EHLO response from a
               remote SMTP server.
 
        <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
               Optional lookup tables that perform address rewrit-
-              ing in the SMTP client, typically  to  transform  a
+              ing  in  the  SMTP client, typically to transform a
               locally valid address into a globally valid address
               when sending mail across the Internet.
 
        Available in Postfix version 2.2.9 and later:
 
        <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
-              Allow DNS CNAME records to override the  servername
+              Allow  DNS CNAME records to override the servername
               that the Postfix SMTP client uses for logging, SASL
-              password lookup, TLS policy decisions, or TLS  cer-
+              password  lookup, TLS policy decisions, or TLS cer-
               tificate verification.
 
        Available in Postfix version 2.3 and later:
 
        <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
-              Lookup  tables,  indexed  by the remote LMTP server
+              Lookup tables, indexed by the  remote  LMTP  server
-              address, with case insensitive lists of  LHLO  key-
+              address,  with  case insensitive lists of LHLO key-
-              words  (pipelining,  starttls, auth, etc.) that the
+              words (pipelining, starttls, auth, etc.)  that  the
               LMTP client will ignore in the LHLO response from a
               remote LMTP server.
 
        <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
-              A  case insensitive list of LHLO keywords (pipelin-
+              A case insensitive list of LHLO keywords  (pipelin-
-              ing, starttls, auth, etc.)  that  the  LMTP  client
+              ing,  starttls,  auth,  etc.)  that the LMTP client
               will ignore in the LHLO response from a remote LMTP
               server.
 
@@ -258,14 +262,14 @@ SMTP(8)                                                                SMTP(8)
 
        <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
               When authenticating to a remote SMTP or LMTP server
-              with  the default setting "no", send no SASL autho-
+              with the default setting "no", send no SASL  autho-
               riZation ID (authzid); send only the SASL authenti-
               Cation ID (authcid) plus the authcid's password.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
-              Restricted  <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix
+              Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the  Postfix
               SMTP client.
 
        <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
@@ -273,24 +277,24 @@ SMTP(8)                                                                SMTP(8)
               Postfix SMTP client.
 
        <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
-              Restricted  <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5)  tables for the
+              Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables  for  the
               Postfix SMTP client.
 
        <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
-              Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables  for  the  Postfix
+              Restricted  <a href="header_checks.5.html"><b>body_checks</b>(5)</a>  tables  for the Postfix
               SMTP client.
 
        Available in Postfix version 2.6 and later:
 
        <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
-              An  optional  workaround for routers that break TCP
+              An optional workaround for routers that  break  TCP
               window scaling.
 
 <b>MIME PROCESSING CONTROLS</b>
        Available in Postfix version 2.0 and later:
 
        <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
-              Disable the conversion of 8BITMIME format  to  7BIT
+              Disable  the  conversion of 8BITMIME format to 7BIT
               format.
 
        <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
@@ -305,108 +309,108 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
-              Send  the  non-standard  XFORWARD  command when the
+              Send the non-standard  XFORWARD  command  when  the
-              Postfix SMTP server EHLO response  announces  XFOR-
+              Postfix  SMTP  server EHLO response announces XFOR-
               WARD support.
 
 <b>SASL AUTHENTICATION CONTROLS</b>
        <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
-              Enable  SASL  authentication  in  the  Postfix SMTP
+              Enable SASL  authentication  in  the  Postfix  SMTP
               client.
 
        <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
-              Optional SMTP client lookup tables with  one  user-
+              Optional  SMTP  client lookup tables with one user-
-              name:password  entry per remote hostname or domain,
+              name:password entry per remote hostname or  domain,
               or sender address when sender-dependent authentica-
               tion is enabled.
 
        <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
-              Postfix  SMTP  client  SASL security options; as of
+              Postfix SMTP client SASL security  options;  as  of
-              Postfix 2.3 the list of available features  depends
+              Postfix  2.3 the list of available features depends
-              on  the SASL client implementation that is selected
+              on the SASL client implementation that is  selected
               with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
 
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
-              If non-empty, a Postfix SMTP client filter for  the
+              If  non-empty, a Postfix SMTP client filter for the
-              remote  SMTP  server's  list of offered SASL mecha-
+              remote SMTP server's list of  offered  SASL  mecha-
               nisms.
 
        Available in Postfix version 2.3 and later:
 
        <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
               Enable sender-dependent authentication in the Post-
-              fix  SMTP  client; this is available only with SASL
+              fix SMTP client; this is available only  with  SASL
-              authentication,  and   disables   SMTP   connection
+              authentication,   and   disables   SMTP  connection
-              caching  to ensure that mail from different senders
+              caching to ensure that mail from different  senders
               will use the appropriate credentials.
 
        <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
-              Implementation-specific information that the  Post-
+              Implementation-specific  information that the Post-
-              fix  SMTP client passes through to the SASL plug-in
+              fix SMTP client passes through to the SASL  plug-in
-              implementation    that     is     selected     with
+              implementation     that     is     selected    with
               <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
 
        <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
-              The  SASL plug-in type that the Postfix SMTP client
+              The SASL plug-in type that the Postfix SMTP  client
               should use for authentication.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
-              An optional table to prevent repeated SASL  authen-
+              An  optional table to prevent repeated SASL authen-
-              tication  failures with the same remote SMTP server
+              tication failures with the same remote SMTP  server
               hostname, username and password.
 
        <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
-              The maximal  age  of  an  <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+              The  maximal  age  of  an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
               entry before it is removed.
 
        <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
-              When  a remote SMTP server rejects a SASL authenti-
+              When a remote SMTP server rejects a SASL  authenti-
-              cation request with a 535 reply  code,  defer  mail
+              cation  request  with  a 535 reply code, defer mail
-              delivery  instead  of  returning mail as undeliver-
+              delivery instead of returning  mail  as  undeliver-
               able.
 
 <b>STARTTLS SUPPORT CONTROLS</b>
-       Detailed information about STARTTLS configuration  may  be
+       Detailed  information  about STARTTLS configuration may be
        found in the <a href="TLS_README.html">TLS_README</a> document.
 
        <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
               The default SMTP TLS security level for the Postfix
-              SMTP client; when a non-empty value  is  specified,
+              SMTP  client;  when a non-empty value is specified,
-              this     overrides    the    obsolete    parameters
+              this    overrides    the    obsolete     parameters
               <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,         <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,         and
               <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
 
        <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>           ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
        <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
-              The  SASL  authentication security options that the
+              The SASL authentication security options  that  the
-              Postfix SMTP client uses  for  TLS  encrypted  SMTP
+              Postfix  SMTP  client  uses  for TLS encrypted SMTP
               sessions.
 
        <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
-              Time  limit  for Postfix SMTP client write and read
+              Time limit for Postfix SMTP client write  and  read
-              operations during TLS startup  and  shutdown  hand-
+              operations  during  TLS  startup and shutdown hand-
               shake procedures.
 
        <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
-              A  file  containing  CA  certificates  of  root CAs
+              A file  containing  CA  certificates  of  root  CAs
-              trusted to sign either remote SMTP server  certifi-
+              trusted  to sign either remote SMTP server certifi-
               cates or intermediate CA certificates.
 
        <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
-              Directory  with  PEM  format  certificate authority
+              Directory with  PEM  format  certificate  authority
-              certificates that the Postfix SMTP client  uses  to
+              certificates  that  the Postfix SMTP client uses to
               verify a remote SMTP server certificate.
 
        <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
-              File  with  the Postfix SMTP client RSA certificate
+              File with the Postfix SMTP client  RSA  certificate
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
-              The minimum TLS cipher grade that the Postfix  SMTP
+              The  minimum TLS cipher grade that the Postfix SMTP
               client will use with mandatory TLS encryption.
 
        <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@@ -415,43 +419,43 @@ SMTP(8)                                                                SMTP(8)
               levels.
 
        <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
-              Additional  list  of  ciphers  or  cipher  types to
+              Additional list  of  ciphers  or  cipher  types  to
-              exclude from the SMTP client cipher list at  manda-
+              exclude  from the SMTP client cipher list at manda-
               tory TLS security levels.
 
        <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
-              File  with  the Postfix SMTP client DSA certificate
+              File with the Postfix SMTP client  DSA  certificate
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
-              File with the Postfix SMTP client DSA  private  key
+              File  with  the Postfix SMTP client DSA private key
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
-              File  with  the Postfix SMTP client RSA private key
+              File with the Postfix SMTP client RSA  private  key
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
-              Enable additional Postfix SMTP  client  logging  of
+              Enable  additional  Postfix  SMTP client logging of
               TLS activity.
 
        <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
-              Log  the  hostname  of  a  remote  SMTP server that
+              Log the hostname  of  a  remote  SMTP  server  that
-              offers STARTTLS, when TLS is  not  already  enabled
+              offers  STARTTLS,  when  TLS is not already enabled
               for that server.
 
        <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
               Optional lookup tables with the Postfix SMTP client
               TLS security policy by next-hop destination; when a
-              non-empty  value  is  specified, this overrides the
+              non-empty value is specified,  this  overrides  the
               obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
 
        <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
-              List of SSL/TLS protocols  that  the  Postfix  SMTP
+              List  of  SSL/TLS  protocols  that the Postfix SMTP
               client will use with mandatory TLS encryption.
 
        <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
-              The  verification depth for remote SMTP server cer-
+              The verification depth for remote SMTP server  cer-
               tificates.
 
        <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@@ -459,7 +463,7 @@ SMTP(8)                                                                SMTP(8)
               for the "secure" TLS security level.
 
        <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
-              Name  of  the  file containing the optional Postfix
+              Name of the file containing  the  optional  Postfix
               SMTP client TLS session cache.
 
        <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@@ -471,9 +475,9 @@ SMTP(8)                                                                SMTP(8)
               for the "verify" TLS security level.
 
        <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server in order to seed its internal pseudo  random
+              server  in order to seed its internal pseudo random
               number generator (PRNG).
 
        <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@@ -485,7 +489,7 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
-              The OpenSSL cipherlist for "LOW"  or  higher  grade
+              The  OpenSSL  cipherlist  for "LOW" or higher grade
               ciphers.
 
        <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@@ -493,38 +497,38 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
-              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
+              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
               that provide authentication without encryption.
 
        Available in Postfix version 2.4 and later:
 
        <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
        <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
-              The  SASL  authentication security options that the
+              The SASL authentication security options  that  the
-              Postfix SMTP client uses  for  TLS  encrypted  SMTP
+              Postfix  SMTP  client  uses  for TLS encrypted SMTP
               sessions with a verified server certificate.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
-              List  of  acceptable remote SMTP server certificate
+              List of acceptable remote SMTP  server  certificate
-              fingerprints for  the  "fingerprint"  TLS  security
+              fingerprints  for  the  "fingerprint"  TLS security
               level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).
 
        <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
-              The  message  digest  algorithm  used  to construct
+              The message  digest  algorithm  used  to  construct
               remote SMTP server certificate fingerprints.
 
        Available in Postfix version 2.6 and later:
 
        <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2)</b>
-              List of TLS protocols that the Postfix SMTP  client
+              List  of TLS protocols that the Postfix SMTP client
-              will  exclude  or  include  with  opportunistic TLS
+              will exclude  or  include  with  opportunistic  TLS
               encryption.
 
        <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
-              The minimum TLS cipher grade that the Postfix  SMTP
+              The  minimum TLS cipher grade that the Postfix SMTP
-              client  will use with opportunistic TLS encryption.
+              client will use with opportunistic TLS  encryption.
 
        <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
               File with the Postfix SMTP client ECDSA certificate
@@ -537,10 +541,10 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.7 and later:
 
        <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
-              Try to detect a mail hijacking attack  based  on  a
+              Try  to  detect  a mail hijacking attack based on a
-              TLS  protocol  vulnerability (CVE-2009-3555), where
+              TLS protocol vulnerability  (CVE-2009-3555),  where
-              an attacker prepends malicious  HELO/MAIL/RCPT/DATA
+              an  attacker  prepends  malicious HELO, MAIL, RCPT,
-              commands to a Postfix client TLS session.
+              DATA commands to a Postfix SMTP client TLS session.
 
 <b>OBSOLETE STARTTLS CONTROLS</b>
        The  following configuration parameters exist for compati-

postfix/html/postconf.5.html

@@ -3999,6 +3999,17 @@ The default time unit is s (seconds).
 </p>
 
 
+</DD>
+
+<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a>
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
 </DD>
 
 <DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a>
@@ -4268,6 +4279,17 @@ configuration parameter.  See there for details. </p>
 <p> This feature is available in Postfix 2.3 and later. </p>
 
 
+</DD>
+
+<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a>
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
 </DD>
 
 <DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a>
@@ -8817,6 +8839,57 @@ The default time unit is s (seconds).
 </p>
 
 
+</DD>
+
+<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> A mechanism to transform replies from remote SMTP servers one
+line at a time.  This is a last-resort tool to work around server
+replies that break inter-operability with the Postfix SMTP client.
+Other uses involve fault injection to test Postfix's handling of
+invalid responses. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> In the case of a multi-line reply, the Postfix SMTP client
+uses the last reply line's numerical SMTP reply code and enhanced
+status code.  </p>
+
+<li> <p> The numerical SMTP reply code (XYZ) takes precedence over
+the enhanced status code (X.Y.Z).  When the enhanced status code
+initial digit differs from the SMTP reply code initial digit, or
+when no enhanced status code is present, the Postfix SMTP client
+uses a generic enhanced status code (X.0.0) instead. </p>
+
+</ul>
+
+<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search
+string is a single SMTP reply line as received from the remote SMTP
+server, except that the trailing &lt;CR&gt;&lt;LF&gt; are removed.  </p>
+
+<p> Examples: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter
+</pre>
+
+<pre>
+/etc/postfix/reply_filter:
+    # Transform garbage into part of a multi-line reply. Note
+    # that the Postfix SMTP client uses only the last numerical
+    # SMTP reply code and enhanced status code from a multi-line
+    # reply, so it does not matter what we substitute here as
+    # long as it has the right syntax.
+    !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
+</pre>
+
+<p> This feature is available in Postfix 2.7. </p>
+
+
 </DD>
 
 <DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a>
@@ -9243,10 +9316,10 @@ must be inside the chroot jail. </p>
 
 <p> Try to detect a mail hijacking attack based on a TLS protocol
 vulnerability (CVE-2009-3555), where an attacker prepends malicious
-HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.  The
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
-attack would succeed with non-Postfix SMTP servers that reply to
+The attack would succeed with non-Postfix SMTP servers that reply
-the malicious HELO/MAIL/RCPT/DATA commands after negotiating the
+to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
-Postfix SMTP client TLS session.  </p>
+the Postfix SMTP client TLS session.  </p>
 
 <p> This feature is available in Postfix 2.7. </p>
 
@@ -11091,15 +11164,17 @@ Example:
 <DT><b><a name="smtpd_command_filter">smtpd_command_filter</a>
 (default: empty)</b></DT><DD>
 
-<p> A mechanism to substitute incoming SMTP commands.  This is a
+<p> A mechanism to transform commands from remote SMTP clients.
-last-resort tool to work around problems with clients that send
+This is a last-resort tool to work around client commands that break
-invalid command syntax that would otherwise be rejected by Postfix.
+inter-operability with the Postfix SMTP server.  Other uses involve
+fault injection to test Postfix's handling of invalid commands.
 </p>
 
 <p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search
-string is the SMTP command as received from the SMTP client, except
+string is the SMTP command as received from the remote SMTP client,
-that initial whitespace and the trailing <CR><LF> are removed. The
+except that initial whitespace and the trailing &lt;CR&gt;&lt;LF&gt;
-result value is executed by the Postfix SMTP server.  </p>
+are removed.  The result value is executed by the Postfix SMTP
+server.  </p>
 
 <p> Examples: </p>
 
@@ -11120,9 +11195,9 @@ result value is executed by the Postfix SMTP server.  </p>
 </pre>
 
 <pre>
-    # Work around clients that send RCPT TO:<'user@domain'>.
+    # Work around clients that send RCPT TO:&lt;'user@domain'&gt;.
     # WARNING: do not lose the parameters that follow the address.
-    /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/     RCPT TO:<$1>$2
+    /^RCPT\s+TO:\s*&lt;'([^[:space:]]+)'&gt;(.*)/     RCPT TO:&lt;$1&gt;$2
 </pre>
 
 <p> This feature is available in Postfix 2.7. </p>

postfix/html/smtp.8.html

@@ -196,12 +196,16 @@ SMTP(8)                                                                SMTP(8)
               Quote addresses in SMTP MAIL FROM and RCPT TO  com-
               mands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
 
+       <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
+              A  mechanism  to transform replies from remote SMTP
+              servers one line at a time.
+
        <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
               Skip SMTP servers that greet with a 5XX status code
               (go away, do not try again later).
 
        <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
-              Do not wait for the response to the SMTP QUIT  com-
+              Do  not wait for the response to the SMTP QUIT com-
               mand.
 
        Available in Postfix version 2.0 and earlier:
@@ -213,44 +217,44 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
-              Lookup tables, indexed by the  remote  SMTP  server
+              Lookup  tables,  indexed  by the remote SMTP server
-              address,  with  case insensitive lists of EHLO key-
+              address, with case insensitive lists of  EHLO  key-
-              words (pipelining, starttls, auth, etc.)  that  the
+              words  (pipelining,  starttls, auth, etc.) that the
-              Postfix   SMTP  client  will  ignore  in  the  EHLO
+              Postfix  SMTP  client  will  ignore  in  the   EHLO
               response from a remote SMTP server.
 
        <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
-              A case insensitive list of EHLO keywords  (pipelin-
+              A  case insensitive list of EHLO keywords (pipelin-
-              ing,  starttls,  auth,  etc.) that the Postfix SMTP
+              ing, starttls, auth, etc.) that  the  Postfix  SMTP
-              client will ignore in  the  EHLO  response  from  a
+              client  will  ignore  in  the  EHLO response from a
               remote SMTP server.
 
        <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
               Optional lookup tables that perform address rewrit-
-              ing in the SMTP client, typically  to  transform  a
+              ing  in  the  SMTP client, typically to transform a
               locally valid address into a globally valid address
               when sending mail across the Internet.
 
        Available in Postfix version 2.2.9 and later:
 
        <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
-              Allow DNS CNAME records to override the  servername
+              Allow  DNS CNAME records to override the servername
               that the Postfix SMTP client uses for logging, SASL
-              password lookup, TLS policy decisions, or TLS  cer-
+              password  lookup, TLS policy decisions, or TLS cer-
               tificate verification.
 
        Available in Postfix version 2.3 and later:
 
        <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
-              Lookup  tables,  indexed  by the remote LMTP server
+              Lookup tables, indexed by the  remote  LMTP  server
-              address, with case insensitive lists of  LHLO  key-
+              address,  with  case insensitive lists of LHLO key-
-              words  (pipelining,  starttls, auth, etc.) that the
+              words (pipelining, starttls, auth, etc.)  that  the
               LMTP client will ignore in the LHLO response from a
               remote LMTP server.
 
        <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
-              A  case insensitive list of LHLO keywords (pipelin-
+              A case insensitive list of LHLO keywords  (pipelin-
-              ing, starttls, auth, etc.)  that  the  LMTP  client
+              ing,  starttls,  auth,  etc.)  that the LMTP client
               will ignore in the LHLO response from a remote LMTP
               server.
 
@@ -258,14 +262,14 @@ SMTP(8)                                                                SMTP(8)
 
        <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
               When authenticating to a remote SMTP or LMTP server
-              with  the default setting "no", send no SASL autho-
+              with the default setting "no", send no SASL  autho-
               riZation ID (authzid); send only the SASL authenti-
               Cation ID (authcid) plus the authcid's password.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
-              Restricted  <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix
+              Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the  Postfix
               SMTP client.
 
        <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
@@ -273,24 +277,24 @@ SMTP(8)                                                                SMTP(8)
               Postfix SMTP client.
 
        <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
-              Restricted  <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5)  tables for the
+              Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables  for  the
               Postfix SMTP client.
 
        <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
-              Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables  for  the  Postfix
+              Restricted  <a href="header_checks.5.html"><b>body_checks</b>(5)</a>  tables  for the Postfix
               SMTP client.
 
        Available in Postfix version 2.6 and later:
 
        <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
-              An  optional  workaround for routers that break TCP
+              An optional workaround for routers that  break  TCP
               window scaling.
 
 <b>MIME PROCESSING CONTROLS</b>
        Available in Postfix version 2.0 and later:
 
        <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
-              Disable the conversion of 8BITMIME format  to  7BIT
+              Disable  the  conversion of 8BITMIME format to 7BIT
               format.
 
        <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
@@ -305,108 +309,108 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
-              Send  the  non-standard  XFORWARD  command when the
+              Send the non-standard  XFORWARD  command  when  the
-              Postfix SMTP server EHLO response  announces  XFOR-
+              Postfix  SMTP  server EHLO response announces XFOR-
               WARD support.
 
 <b>SASL AUTHENTICATION CONTROLS</b>
        <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
-              Enable  SASL  authentication  in  the  Postfix SMTP
+              Enable SASL  authentication  in  the  Postfix  SMTP
               client.
 
        <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
-              Optional SMTP client lookup tables with  one  user-
+              Optional  SMTP  client lookup tables with one user-
-              name:password  entry per remote hostname or domain,
+              name:password entry per remote hostname or  domain,
               or sender address when sender-dependent authentica-
               tion is enabled.
 
        <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
-              Postfix  SMTP  client  SASL security options; as of
+              Postfix SMTP client SASL security  options;  as  of
-              Postfix 2.3 the list of available features  depends
+              Postfix  2.3 the list of available features depends
-              on  the SASL client implementation that is selected
+              on the SASL client implementation that is  selected
               with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
 
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
-              If non-empty, a Postfix SMTP client filter for  the
+              If  non-empty, a Postfix SMTP client filter for the
-              remote  SMTP  server's  list of offered SASL mecha-
+              remote SMTP server's list of  offered  SASL  mecha-
               nisms.
 
        Available in Postfix version 2.3 and later:
 
        <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
               Enable sender-dependent authentication in the Post-
-              fix  SMTP  client; this is available only with SASL
+              fix SMTP client; this is available only  with  SASL
-              authentication,  and   disables   SMTP   connection
+              authentication,   and   disables   SMTP  connection
-              caching  to ensure that mail from different senders
+              caching to ensure that mail from different  senders
               will use the appropriate credentials.
 
        <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
-              Implementation-specific information that the  Post-
+              Implementation-specific  information that the Post-
-              fix  SMTP client passes through to the SASL plug-in
+              fix SMTP client passes through to the SASL  plug-in
-              implementation    that     is     selected     with
+              implementation     that     is     selected    with
               <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
 
        <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
-              The  SASL plug-in type that the Postfix SMTP client
+              The SASL plug-in type that the Postfix SMTP  client
               should use for authentication.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
-              An optional table to prevent repeated SASL  authen-
+              An  optional table to prevent repeated SASL authen-
-              tication  failures with the same remote SMTP server
+              tication failures with the same remote SMTP  server
               hostname, username and password.
 
        <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
-              The maximal  age  of  an  <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+              The  maximal  age  of  an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
               entry before it is removed.
 
        <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
-              When  a remote SMTP server rejects a SASL authenti-
+              When a remote SMTP server rejects a SASL  authenti-
-              cation request with a 535 reply  code,  defer  mail
+              cation  request  with  a 535 reply code, defer mail
-              delivery  instead  of  returning mail as undeliver-
+              delivery instead of returning  mail  as  undeliver-
               able.
 
 <b>STARTTLS SUPPORT CONTROLS</b>
-       Detailed information about STARTTLS configuration  may  be
+       Detailed  information  about STARTTLS configuration may be
        found in the <a href="TLS_README.html">TLS_README</a> document.
 
        <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
               The default SMTP TLS security level for the Postfix
-              SMTP client; when a non-empty value  is  specified,
+              SMTP  client;  when a non-empty value is specified,
-              this     overrides    the    obsolete    parameters
+              this    overrides    the    obsolete     parameters
               <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,         <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,         and
               <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
 
        <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>           ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
        <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
-              The  SASL  authentication security options that the
+              The SASL authentication security options  that  the
-              Postfix SMTP client uses  for  TLS  encrypted  SMTP
+              Postfix  SMTP  client  uses  for TLS encrypted SMTP
               sessions.
 
        <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
-              Time  limit  for Postfix SMTP client write and read
+              Time limit for Postfix SMTP client write  and  read
-              operations during TLS startup  and  shutdown  hand-
+              operations  during  TLS  startup and shutdown hand-
               shake procedures.
 
        <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
-              A  file  containing  CA  certificates  of  root CAs
+              A file  containing  CA  certificates  of  root  CAs
-              trusted to sign either remote SMTP server  certifi-
+              trusted  to sign either remote SMTP server certifi-
               cates or intermediate CA certificates.
 
        <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
-              Directory  with  PEM  format  certificate authority
+              Directory with  PEM  format  certificate  authority
-              certificates that the Postfix SMTP client  uses  to
+              certificates  that  the Postfix SMTP client uses to
               verify a remote SMTP server certificate.
 
        <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
-              File  with  the Postfix SMTP client RSA certificate
+              File with the Postfix SMTP client  RSA  certificate
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
-              The minimum TLS cipher grade that the Postfix  SMTP
+              The  minimum TLS cipher grade that the Postfix SMTP
               client will use with mandatory TLS encryption.
 
        <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@@ -415,43 +419,43 @@ SMTP(8)                                                                SMTP(8)
               levels.
 
        <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
-              Additional  list  of  ciphers  or  cipher  types to
+              Additional list  of  ciphers  or  cipher  types  to
-              exclude from the SMTP client cipher list at  manda-
+              exclude  from the SMTP client cipher list at manda-
               tory TLS security levels.
 
        <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
-              File  with  the Postfix SMTP client DSA certificate
+              File with the Postfix SMTP client  DSA  certificate
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
-              File with the Postfix SMTP client DSA  private  key
+              File  with  the Postfix SMTP client DSA private key
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
-              File  with  the Postfix SMTP client RSA private key
+              File with the Postfix SMTP client RSA  private  key
               in PEM format.
 
        <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
-              Enable additional Postfix SMTP  client  logging  of
+              Enable  additional  Postfix  SMTP client logging of
               TLS activity.
 
        <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
-              Log  the  hostname  of  a  remote  SMTP server that
+              Log the hostname  of  a  remote  SMTP  server  that
-              offers STARTTLS, when TLS is  not  already  enabled
+              offers  STARTTLS,  when  TLS is not already enabled
               for that server.
 
        <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
               Optional lookup tables with the Postfix SMTP client
               TLS security policy by next-hop destination; when a
-              non-empty  value  is  specified, this overrides the
+              non-empty value is specified,  this  overrides  the
               obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
 
        <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
-              List of SSL/TLS protocols  that  the  Postfix  SMTP
+              List  of  SSL/TLS  protocols  that the Postfix SMTP
               client will use with mandatory TLS encryption.
 
        <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
-              The  verification depth for remote SMTP server cer-
+              The verification depth for remote SMTP server  cer-
               tificates.
 
        <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@@ -459,7 +463,7 @@ SMTP(8)                                                                SMTP(8)
               for the "secure" TLS security level.
 
        <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
-              Name  of  the  file containing the optional Postfix
+              Name of the file containing  the  optional  Postfix
               SMTP client TLS session cache.
 
        <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@@ -471,9 +475,9 @@ SMTP(8)                                                                SMTP(8)
               for the "verify" TLS security level.
 
        <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server in order to seed its internal pseudo  random
+              server  in order to seed its internal pseudo random
               number generator (PRNG).
 
        <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@@ -485,7 +489,7 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
-              The OpenSSL cipherlist for "LOW"  or  higher  grade
+              The  OpenSSL  cipherlist  for "LOW" or higher grade
               ciphers.
 
        <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@@ -493,38 +497,38 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
-              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
+              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
               that provide authentication without encryption.
 
        Available in Postfix version 2.4 and later:
 
        <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
        <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
-              The  SASL  authentication security options that the
+              The SASL authentication security options  that  the
-              Postfix SMTP client uses  for  TLS  encrypted  SMTP
+              Postfix  SMTP  client  uses  for TLS encrypted SMTP
               sessions with a verified server certificate.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
-              List  of  acceptable remote SMTP server certificate
+              List of acceptable remote SMTP  server  certificate
-              fingerprints for  the  "fingerprint"  TLS  security
+              fingerprints  for  the  "fingerprint"  TLS security
               level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).
 
        <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
-              The  message  digest  algorithm  used  to construct
+              The message  digest  algorithm  used  to  construct
               remote SMTP server certificate fingerprints.
 
        Available in Postfix version 2.6 and later:
 
        <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2)</b>
-              List of TLS protocols that the Postfix SMTP  client
+              List  of TLS protocols that the Postfix SMTP client
-              will  exclude  or  include  with  opportunistic TLS
+              will exclude  or  include  with  opportunistic  TLS
               encryption.
 
        <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
-              The minimum TLS cipher grade that the Postfix  SMTP
+              The  minimum TLS cipher grade that the Postfix SMTP
-              client  will use with opportunistic TLS encryption.
+              client will use with opportunistic TLS  encryption.
 
        <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
               File with the Postfix SMTP client ECDSA certificate
@@ -537,10 +541,10 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.7 and later:
 
        <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
-              Try to detect a mail hijacking attack  based  on  a
+              Try  to  detect  a mail hijacking attack based on a
-              TLS  protocol  vulnerability (CVE-2009-3555), where
+              TLS protocol vulnerability  (CVE-2009-3555),  where
-              an attacker prepends malicious  HELO/MAIL/RCPT/DATA
+              an  attacker  prepends  malicious HELO, MAIL, RCPT,
-              commands to a Postfix client TLS session.
+              DATA commands to a Postfix SMTP client TLS session.
 
 <b>OBSOLETE STARTTLS CONTROLS</b>
        The  following configuration parameters exist for compati-

postfix/man/man5/postconf.5

@@ -2192,6 +2192,11 @@ for receiving the server response.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
+.SH lmtp_reply_filter (default: empty)
+The LMTP-specific version of the smtp_reply_filter
+configuration parameter.  See there for details.
+.PP
+This feature is available in Postfix 2.7 and later.
 .SH lmtp_rset_timeout (default: 20s)
 The LMTP client time limit for sending the RSET command, and
 for receiving the server response. The LMTP client sends RSET in
@@ -2317,6 +2322,11 @@ The LMTP-specific version of the smtp_tls_CApath
 configuration parameter.  See there for details.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_block_early_mail_reply (default: empty)
+The LMTP-specific version of the smtp_tls_block_early_mail_reply
+configuration parameter.  See there for details.
+.PP
+This feature is available in Postfix 2.7 and later.
 .SH lmtp_tls_cert_file (default: empty)
 The LMTP-specific version of the smtp_tls_cert_file
 configuration parameter.  See there for details.
@@ -4977,6 +4987,55 @@ for receiving the server response.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
+.SH smtp_reply_filter (default: empty)
+A mechanism to transform replies from remote SMTP servers one
+line at a time.  This is a last-resort tool to work around server
+replies that break inter-operability with the Postfix SMTP client.
+Other uses involve fault injection to test Postfix's handling of
+invalid responses.
+.PP
+Notes:
+.IP \(bu
+In the case of a multi-line reply, the Postfix SMTP client
+uses the last reply line's numerical SMTP reply code and enhanced
+status code.
+.IP \(bu
+The numerical SMTP reply code (XYZ) takes precedence over
+the enhanced status code (X.Y.Z).  When the enhanced status code
+initial digit differs from the SMTP reply code initial digit, or
+when no enhanced status code is present, the Postfix SMTP client
+uses a generic enhanced status code (X.0.0) instead.
+.PP
+Specify the name of a "type:table" lookup table. The search
+string is a single SMTP reply line as received from the remote SMTP
+server, except that the trailing <CR><LF> are removed.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+    smtp_reply_filter = pcre:/etc/postfix/command_filter
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+/etc/postfix/reply_filter:
+    # Transform garbage into part of a multi-line reply. Note
+    # that the Postfix SMTP client uses only the last numerical
+    # SMTP reply code and enhanced status code from a multi-line
+    # reply, so it does not matter what we substitute here as
+    # long as it has the right syntax.
+    !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.7.
 .SH smtp_rset_timeout (default: 20s)
 The SMTP client time limit for sending the RSET command, and
 for receiving the server response. The SMTP client sends RSET in
@@ -5257,10 +5316,10 @@ This feature is available in Postfix 2.2 and later.
 .SH smtp_tls_block_early_mail_reply (default: no)
 Try to detect a mail hijacking attack based on a TLS protocol
 vulnerability (CVE-2009-3555), where an attacker prepends malicious
-HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.  The
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
-attack would succeed with non-Postfix SMTP servers that reply to
+The attack would succeed with non-Postfix SMTP servers that reply
-the malicious HELO/MAIL/RCPT/DATA commands after negotiating the
+to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
-Postfix SMTP client TLS session.
+the Postfix SMTP client TLS session.
 .PP
 This feature is available in Postfix 2.7.
 .SH smtp_tls_cert_file (default: empty)
@@ -6789,14 +6848,16 @@ smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname
 .ad
 .ft R
 .SH smtpd_command_filter (default: empty)
-A mechanism to substitute incoming SMTP commands.  This is a
+A mechanism to transform commands from remote SMTP clients.
-last-resort tool to work around problems with clients that send
+This is a last-resort tool to work around client commands that break
-invalid command syntax that would otherwise be rejected by Postfix.
+inter-operability with the Postfix SMTP server.  Other uses involve
+fault injection to test Postfix's handling of invalid commands.
 .PP
 Specify the name of a "type:table" lookup table. The search
-string is the SMTP command as received from the SMTP client, except
+string is the SMTP command as received from the remote SMTP client,
-that initial whitespace and the trailing <CR><LF> are removed. The
+except that initial whitespace and the trailing <CR><LF>
-result value is executed by the Postfix SMTP server.
+are removed.  The result value is executed by the Postfix SMTP
+server.
 .PP
 Examples:
 .PP

postfix/man/man8/smtp.8

@@ -185,6 +185,9 @@ per-destination workarounds for CISCO PIX firewall bugs.
 .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
 Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
 by RFC 2821.
+.IP "\fBsmtp_reply_filter (empty)\fR"
+A mechanism to transform replies from remote SMTP servers one
+line at a time.
 .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
 Skip SMTP servers that greet with a 5XX status code (go away, do
 not try again later).
@@ -435,7 +438,7 @@ Available in Postfix version 2.7 and later:
 .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
 Try to detect a mail hijacking attack based on a TLS protocol
 vulnerability (CVE-2009-3555), where an attacker prepends malicious
-HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
 .SH "OBSOLETE STARTTLS CONTROLS"
 .na
 .nf

postfix/man/man8/smtpd.8

@@ -109,7 +109,7 @@ Resolve an address that ends in the "@" null domain as if the
 local hostname were specified, instead of rejecting the address as
 invalid.
 .IP "\fBsmtpd_command_filter (empty)\fR"
-A mechanism to substitute incoming SMTP commands.
+A mechanism to transform commands from remote SMTP clients.
 .IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
 Request that the Postfix SMTP server rejects mail from unknown
 sender addresses, even when no explicit reject_unlisted_sender

postfix/mantools/postlink

@@ -620,6 +620,7 @@ while (<>) {
     s;\bsmtp_mime_header_checks\b;<a href="postconf.5.html#smtp_mime_header_checks">$&</a>;g;
     s;\bsmtp_nested_header_checks\b;<a href="postconf.5.html#smtp_nested_header_checks">$&</a>;g;
     s;\bsmtp_body_checks\b;<a href="postconf.5.html#smtp_body_checks">$&</a>;g;
+    s;\bsmtp_reply_filter\b;<a href="postconf.5.html#smtp_reply_filter">$&</a>;g;
     s;\bsmtpd_enforce_tls\b;<a href="postconf.5.html#smtpd_enforce_tls">$&</a>;g;
     s;\bsmtpd_sasl_tls_security_options\b;<a href="postconf.5.html#smtpd_sasl_tls_security_options">$&</a>;g;
     s;\bsmtpd_sasl_type\b;<a href="postconf.5.html#smtpd_sasl_type">$&</a>;g;

postfix/proto/postconf.proto

@@ -12590,15 +12590,17 @@ reporting PREGREET, HANGUP or DNSBL results. </dd>
 
 %PARAM smtpd_command_filter 
 
-<p> A mechanism to substitute incoming SMTP commands.  This is a
+<p> A mechanism to transform commands from remote SMTP clients.
-last-resort tool to work around problems with clients that send
+This is a last-resort tool to work around client commands that break
-invalid command syntax that would otherwise be rejected by Postfix.
+inter-operability with the Postfix SMTP server.  Other uses involve
+fault injection to test Postfix's handling of invalid commands.
 </p>
 
 <p> Specify the name of a "type:table" lookup table. The search
-string is the SMTP command as received from the SMTP client, except
+string is the SMTP command as received from the remote SMTP client,
-that initial whitespace and the trailing <CR><LF> are removed. The
+except that initial whitespace and the trailing &lt;CR&gt;&lt;LF&gt;
-result value is executed by the Postfix SMTP server.  </p>
+are removed.  The result value is executed by the Postfix SMTP
+server.  </p>
 
 <p> Examples: </p>
 
@@ -12619,20 +12621,81 @@ result value is executed by the Postfix SMTP server.  </p>
 </pre>
 
 <pre>
-    # Work around clients that send RCPT TO:<'user@domain'>.
+    # Work around clients that send RCPT TO:&lt;'user@domain'&gt;.
     # WARNING: do not lose the parameters that follow the address.
-    /^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/     RCPT TO:<$1>$2
+    /^RCPT\s+TO:\s*&lt;'([^[:space:]]+)'&gt;(.*)/     RCPT TO:&lt;$1&gt;$2
 </pre>
 
 <p> This feature is available in Postfix 2.7. </p>
 
+%PARAM smtp_reply_filter 
+
+<p> A mechanism to transform replies from remote SMTP servers one
+line at a time.  This is a last-resort tool to work around server
+replies that break inter-operability with the Postfix SMTP client.
+Other uses involve fault injection to test Postfix's handling of
+invalid responses. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> In the case of a multi-line reply, the Postfix SMTP client
+uses the last reply line's numerical SMTP reply code and enhanced
+status code.  </p>
+
+<li> <p> The numerical SMTP reply code (XYZ) takes precedence over
+the enhanced status code (X.Y.Z).  When the enhanced status code
+initial digit differs from the SMTP reply code initial digit, or
+when no enhanced status code is present, the Postfix SMTP client
+uses a generic enhanced status code (X.0.0) instead. </p>
+
+</ul>
+
+<p> Specify the name of a "type:table" lookup table. The search
+string is a single SMTP reply line as received from the remote SMTP
+server, except that the trailing &lt;CR&gt;&lt;LF&gt; are removed.  </p>
+
+<p> Examples: </p>
+
+<pre>
+/etc/postfix/main.cf:
+    smtp_reply_filter = pcre:/etc/postfix/command_filter
+</pre>
+
+<pre>
+/etc/postfix/reply_filter:
+    # Transform garbage into part of a multi-line reply. Note
+    # that the Postfix SMTP client uses only the last numerical
+    # SMTP reply code and enhanced status code from a multi-line
+    # reply, so it does not matter what we substitute here as
+    # long as it has the right syntax.
+    !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
+</pre>
+
+<p> This feature is available in Postfix 2.7. </p>
+
+%PARAM lmtp_reply_filter
+
+<p> The LMTP-specific version of the smtp_reply_filter
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
 %PARAM smtp_tls_block_early_mail_reply no
 
 <p> Try to detect a mail hijacking attack based on a TLS protocol
 vulnerability (CVE-2009-3555), where an attacker prepends malicious
-HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.  The
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
-attack would succeed with non-Postfix SMTP servers that reply to
+The attack would succeed with non-Postfix SMTP servers that reply
-the malicious HELO/MAIL/RCPT/DATA commands after negotiating the
+to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
-Postfix SMTP client TLS session.  </p>
+the Postfix SMTP client TLS session.  </p>
 
 <p> This feature is available in Postfix 2.7. </p>
+
+%PARAM lmtp_tls_block_early_mail_reply
+
+<p> The LMTP-specific version of the smtp_tls_block_early_mail_reply
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>

postfix/src/global/mail_params.h

@@ -1019,6 +1019,12 @@ extern bool var_smtp_always_ehlo;
 #define DEF_SMTP_NEVER_EHLO	0
 extern bool var_smtp_never_ehlo;
 
+#define VAR_SMTP_RESP_FILTER	"smtp_reply_filter"
+#define DEF_SMTP_RESP_FILTER	""
+#define VAR_LMTP_RESP_FILTER	"lmtp_reply_filter"
+#define DEF_LMTP_RESP_FILTER	""
+extern char *var_smtp_resp_filter;
+
 #define VAR_SMTP_BIND_ADDR	"smtp_bind_address"
 #define DEF_SMTP_BIND_ADDR	""
 #define VAR_LMTP_BIND_ADDR	"lmtp_bind_address"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20091110"
+#define MAIL_RELEASE_DATE	"20091115"
 #define MAIL_VERSION_NUMBER	"2.7"
 
 #ifdef SNAPSHOT

postfix/src/smtp/Makefile.in

@@ -222,6 +222,7 @@ smtp_connect.o: ../../include/host_port.h
 smtp_connect.o: ../../include/htable.h
 smtp_connect.o: ../../include/inet_addr_list.h
 smtp_connect.o: ../../include/iostuff.h
+smtp_connect.o: ../../include/mail_addr.h
 smtp_connect.o: ../../include/mail_error.h
 smtp_connect.o: ../../include/mail_params.h
 smtp_connect.o: ../../include/mail_proto.h

postfix/src/smtp/lmtp_params.c

@@ -51,6 +51,7 @@
 	VAR_LMTP_MIME_CHKS, DEF_LMTP_MIME_CHKS, &var_smtp_mime_chks, 0, 0,
 	VAR_LMTP_NEST_CHKS, DEF_LMTP_NEST_CHKS, &var_smtp_nest_chks, 0, 0,
 	VAR_LMTP_BODY_CHKS, DEF_LMTP_BODY_CHKS, &var_smtp_body_chks, 0, 0,
+	VAR_LMTP_RESP_FILTER, DEF_LMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE lmtp_time_table[] = {

postfix/src/smtp/smtp.c

@@ -163,6 +163,9 @@
 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
 /*	Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
 /*	by RFC 2821.
+/* .IP "\fBsmtp_reply_filter (empty)\fR"
+/*	A mechanism to transform replies from remote SMTP servers one
+/*	line at a time.
 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
 /*	Skip SMTP servers that greet with a 5XX status code (go away, do
 /*	not try again later).
@@ -405,7 +408,7 @@
 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
 /*	Try to detect a mail hijacking attack based on a TLS protocol
 /*	vulnerability (CVE-2009-3555), where an attacker prepends malicious
-/*	HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.
+/*	HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
 /* OBSOLETE STARTTLS CONTROLS
 /* .ad
 /* .fi
@@ -792,6 +795,7 @@ char   *var_smtp_head_chks;
 char   *var_smtp_mime_chks;
 char   *var_smtp_nest_chks;
 char   *var_smtp_body_chks;
+char   *var_smtp_resp_filter;
 bool    var_lmtp_assume_final;
 
  /* Special handling of 535 AUTH errors. */
@@ -1060,6 +1064,14 @@ static void pre_init(char *unused_name, char **unused_argv)
     smtp_body_checks = hbc_body_checks_create(
 				     VAR_SMTP_BODY_CHKS, var_smtp_body_chks,
 					      smtp_hbc_callbacks);
+
+    /*
+     * Server reply filter.
+     */
+    if (*var_smtp_resp_filter)
+	smtp_chat_resp_filter =
+	    dict_open(var_smtp_resp_filter, O_RDONLY,
+		      DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
 }
 
 /* pre_accept - see if tables have changed */

postfix/src/smtp/smtp.h

@@ -20,6 +20,7 @@
 #include <vstring.h>
 #include <argv.h>
 #include <htable.h>
+#include <dict.h>
 
  /*
   * Global library.
@@ -366,7 +367,8 @@ typedef struct SMTP_RESP {		/* server response */
     VSTRING *str_buf;			/* reply buffer */
 } SMTP_RESP;
 
-extern void PRINTFLIKE(2, 3) smtp_chat_cmd(SMTP_SESSION *, char *,...);
+extern void PRINTFLIKE(2, 3) smtp_chat_cmd(SMTP_SESSION *, const char *,...);
+extern DICT *smtp_chat_resp_filter;
 extern SMTP_RESP *smtp_chat_resp(SMTP_SESSION *);
 extern void smtp_chat_init(SMTP_SESSION *);
 extern void smtp_chat_reset(SMTP_SESSION *);

postfix/src/smtp/smtp_chat.c

@@ -18,7 +18,9 @@
 /*
 /*	void	smtp_chat_cmd(session, format, ...)
 /*	SMTP_SESSION *session;
-/*	char	*format;
+/*	const char *format;
+/*
+/*	DICT	*smtp_chat_resp_filter;
 /*
 /*	SMTP_RESP *smtp_chat_resp(session)
 /*	SMTP_SESSION *session;
@@ -69,6 +71,10 @@
 /*	the client and server get out of step due to a broken proxy
 /*	agent.
 /* .PP
+/*	smtp_chat_resp_filter specifies an optional filter to
+/*	transform one server reply line before it is parsed. The
+/*	filter is invoked once for each line of a multi-line reply.
+/*
 /*	smtp_chat_notify() sends a copy of the SMTP transaction log
 /*	to the postmaster for review. The postmaster notice is sent only
 /*	when delivery is possible immediately. It is an error to call
@@ -107,6 +113,7 @@
 #include <stdlib.h>
 #include <setjmp.h>
 #include <string.h>
+#include <limits.h>
 
 /* Utility library. */
 
@@ -133,6 +140,11 @@
 
 #include "smtp.h"
 
+ /*
+  * Server reply transformations.
+  */
+DICT   *smtp_chat_resp_filter;
+
 /* smtp_chat_init - initialize SMTP transaction log */
 
 void    smtp_chat_init(SMTP_SESSION *session)
@@ -152,7 +164,8 @@ void    smtp_chat_reset(SMTP_SESSION *session)
 
 /* smtp_chat_append - append record to SMTP transaction log */
 
-static void smtp_chat_append(SMTP_SESSION *session, char *direction, char *data)
+static void smtp_chat_append(SMTP_SESSION *session, const char *direction,
+			     const char *data)
 {
     char   *line;
 
@@ -165,7 +178,7 @@ static void smtp_chat_append(SMTP_SESSION *session, char *direction, char *data)
 
 /* smtp_chat_cmd - send an SMTP command */
 
-void    smtp_chat_cmd(SMTP_SESSION *session, char *fmt,...)
+void    smtp_chat_cmd(SMTP_SESSION *session, const char *fmt,...)
 {
     va_list ap;
 
@@ -226,6 +239,9 @@ SMTP_RESP *smtp_chat_resp(SMTP_SESSION *session)
     int     last_char;
     int     three_digs = 0;
     size_t  len;
+    const char *new_reply;
+    int     chat_append_flag;
+    int     chat_append_skipped = 0;
 
     /*
      * Initialize the response data buffer.
@@ -254,17 +270,41 @@ SMTP_RESP *smtp_chat_resp(SMTP_SESSION *session)
 	 * Defend against a denial of service attack by limiting the amount
 	 * of multi-line text that we are willing to store.
 	 */
-	if (LEN(rdata.str_buf) < var_line_limit) {
+	chat_append_flag = (LEN(rdata.str_buf) < var_line_limit);
-	    if (LEN(rdata.str_buf))
+	if (chat_append_flag)
-		VSTRING_ADDCH(rdata.str_buf, '\n');
-	    vstring_strcat(rdata.str_buf, STR(session->buffer));
 	    smtp_chat_append(session, "In:  ", STR(session->buffer));
+	else {
+	    if (chat_append_skipped == 0)
+		msg_warn("%s: multi-line response longer than %d %.30s...",
+		  session->namaddrport, var_line_limit, STR(rdata.str_buf));
+	    if (chat_append_skipped < INT_MAX)
+		chat_append_skipped++;
 	}
 
 	/*
-	 * Parse into code and text. Ignore unrecognized garbage. This means
+	 * Server reply substitution, for fault-injection testing, or for
-	 * that any character except space (or end of line) will have the
+	 * working around broken systems. Use with care.
-	 * same effect as the '-' line continuation character.
+	 */
+	if (smtp_chat_resp_filter != 0) {
+	    new_reply = dict_get(smtp_chat_resp_filter, STR(session->buffer));
+	    if (new_reply != 0) {
+		msg_info("%s: replacing server reply \"%s\" with \"%s\"",
+		     session->namaddrport, STR(session->buffer), new_reply);
+		vstring_strcpy(session->buffer, new_reply);
+		if (chat_append_flag) {
+		    smtp_chat_append(session, "Replaced-by: ", "");
+		    smtp_chat_append(session, "     ", new_reply);
+		}
+	    }
+	}
+	if (chat_append_flag) {
+	    if (LEN(rdata.str_buf))
+		VSTRING_ADDCH(rdata.str_buf, '\n');
+	    vstring_strcat(rdata.str_buf, STR(session->buffer));
+	}
+
+	/*
+	 * Parse into code and text. Do not ignore garbage (see below).
 	 */
 	for (cp = STR(session->buffer); *cp && ISDIGIT(*cp); cp++)
 	     /* void */ ;

postfix/src/smtp/smtp_connect.c

@@ -95,6 +95,7 @@
 #include <deliver_pass.h>
 #include <mail_error.h>
 #include <dsn_buf.h>
+#include <mail_addr.h>
 
 /* DNS library. */
 
@@ -374,11 +375,17 @@ static void smtp_cleanup_session(SMTP_STATE *state)
 
     /*
      * Inform the postmaster of trouble.
+     * 
+     * XXX Don't send notifications about errors while sending notifications.
      */
+#define POSSIBLE_NOTIFICATION(sender) \
+	(*sender == 0 || strcmp(sender, mail_addr_double_bounce()) == 0)
+
     if (session->history != 0
 	&& (session->error_mask & name_mask(VAR_NOTIFY_CLASSES,
 					    mail_error_masks,
-					    var_notify_classes)) != 0)
+					    var_notify_classes)) != 0
+	&& POSSIBLE_NOTIFICATION(request->sender) == 0)
 	smtp_chat_notify(session);
 
     /*

postfix/src/smtp/smtp_params.c

@@ -52,6 +52,7 @@
 	VAR_SMTP_MIME_CHKS, DEF_SMTP_MIME_CHKS, &var_smtp_mime_chks, 0, 0,
 	VAR_SMTP_NEST_CHKS, DEF_SMTP_NEST_CHKS, &var_smtp_nest_chks, 0, 0,
 	VAR_SMTP_BODY_CHKS, DEF_SMTP_BODY_CHKS, &var_smtp_body_chks, 0, 0,
+	VAR_SMTP_RESP_FILTER, DEF_SMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE smtp_time_table[] = {

postfix/src/smtp/smtp_trouble.c

@@ -288,7 +288,7 @@ static void vsmtp_fill_dsn(SMTP_STATE *state, const char *mta_name,
      * cycles.
      */
     VSTRING_RESET(why->reason);
-    if (mta_name && reply && reply[0] != '4' && reply[0] != '5') {
+    if (mta_name && status && status[0] != '4' && status[0] != '5') {
 	vstring_strcpy(why->reason, "Protocol error: ");
 	status = "5.5.0";
     }

postfix/src/smtpd/smtpd.c

@@ -93,7 +93,7 @@
 /*	local hostname were specified, instead of rejecting the address as
 /*	invalid.
 /* .IP "\fBsmtpd_command_filter (empty)\fR"
-/*	A mechanism to substitute incoming SMTP commands.
+/*	A mechanism to transform commands from remote SMTP clients.
 /* .IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
 /*	Request that the Postfix SMTP server rejects mail from unknown
 /*	sender addresses, even when no explicit reject_unlisted_sender
@@ -4431,11 +4431,15 @@ static void smtpd_proto(SMTPD_STATE *state)
 	    }
 	    watchdog_pat();
 	    smtpd_chat_query(state);
+	    /* Move into smtpd_chat_query() and update session transcript. */
 	    if (smtpd_cmd_filter != 0) {
 		for (cp = STR(state->buffer); *cp && IS_SPACE_TAB(*cp); cp++)
 		     /* void */ ;
-		if ((cp = dict_get(smtpd_cmd_filter, cp)) != 0)
+		if ((cp = dict_get(smtpd_cmd_filter, cp)) != 0) {
+		    msg_info("%s: replacing client command \"%s\" with \"%s\"",
+			     state->namaddr, STR(state->buffer), cp);
 		    vstring_strcpy(state->buffer, cp);
+		}
 	    }
 	    if ((argc = smtpd_token(vstring_str(state->buffer), &argv)) == 0) {
 		state->error_mask |= MAIL_ERROR_PROTOCOL;

postfix/src/smtpd/smtpd_proxy.c

@@ -183,7 +183,6 @@
 /* System library. */
 
 #include <sys_defs.h>
-#include <sys/stat.h>
 #include <ctype.h>
 #include <unistd.h>
 
@@ -556,6 +555,7 @@ static int smtpd_proxy_replay_send(SMTPD_STATE *state)
      */
     if (vstream_ferror(smtpd_proxy_replay_stream)
 	|| vstream_feof(smtpd_proxy_replay_stream)
+	|| rec_put(smtpd_proxy_replay_stream, REC_TYPE_END, "", 0) != REC_TYPE_END
 	|| vstream_fflush(smtpd_proxy_replay_stream))
 	/* NOT: fsync(vstream_fileno(smtpd_proxy_replay_stream)) */
 	return (smtpd_proxy_replay_rdwr_error(state));
@@ -615,9 +615,9 @@ static int smtpd_proxy_replay_send(SMTPD_STATE *state)
 	    break;
 
 	    /*
-	     * End of replay log.
+	     * Explicit end marker, instead of implicit EOF.
 	     */
-	case REC_TYPE_EOF:
+	case REC_TYPE_END:
 	    return (0);
 
 	    /*
@@ -954,7 +954,7 @@ static int smtpd_proxy_rec_fprintf(VSTREAM *stream, int rec_type,
 static int smtpd_proxy_replay_setup(SMTPD_STATE *state)
 {
     const char *myname = "smtpd_proxy_replay_setup";
-    struct stat st;
+    off_t   file_offs;
 
     /*
      * Where possible reuse an existing replay logfile, because creating a
@@ -962,28 +962,19 @@ static int smtpd_proxy_replay_setup(SMTPD_STATE *state)
      * we must truncate the file before reuse. For performance reasons we
      * should truncate the file immediately after the end of a mail
      * transaction. We enforce the security guarantee here by requiring that
-     * the file is emtpy when it is reused. This is less expensive than
+     * no I/O happened since the file was truncated. This is less expensive
-     * truncating the file redundantly.
+     * than truncating the file redundantly.
      */
     if (smtpd_proxy_replay_stream != 0) {
-	if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0) {
+	/* vstream_ftell() won't invoke the kernel, so all errors are mine. */
-	    msg_warn("seek before-queue filter speed-adjust log: %m");
+	if ((file_offs = vstream_ftell(smtpd_proxy_replay_stream)) != 0)
-	    (void) vstream_fclose(smtpd_proxy_replay_stream);
+	    msg_panic("%s: bad before-queue filter speed-adjust log offset %lu",
-	    smtpd_proxy_replay_stream = 0;
+		      myname, (unsigned long) file_offs);
-	} else if (fstat(vstream_fileno(smtpd_proxy_replay_stream), &st) < 0) {
+	vstream_clearerr(smtpd_proxy_replay_stream);
-	    msg_warn("fstat before-queue filter speed-adjust log: %m");
+	if (msg_verbose)
-	    (void) vstream_fclose(smtpd_proxy_replay_stream);
+	    msg_info("%s: reuse speed-adjust stream fd=%d", myname,
-	    smtpd_proxy_replay_stream = 0;
+		     vstream_fileno(smtpd_proxy_replay_stream));
-	} else {
+	/* Here, smtpd_proxy_replay_stream != 0 */
-	    if (st.st_size > 0)
-		msg_panic("%s: non-empty before-queue filter speed-adjust log",
-			  myname);
-	    vstream_clearerr(smtpd_proxy_replay_stream);
-	    if (msg_verbose)
-		msg_info("%s: reuse speed-adjust stream fd=%d", myname,
-			 vstream_fileno(smtpd_proxy_replay_stream));
-	    /* Here, smtpd_proxy_replay_stream != 0 */
-	}
     }
 
     /*
@@ -1029,6 +1020,12 @@ int     smtpd_proxy_create(SMTPD_STATE *state, int flags, const char *service,
 	 (p)->a3, (p)->a4, (p)->a5, (p)->a6, (p)->a7, (p)->a8, (p)->a9, \
 	 (p)->a10, (p)->a11, (p))
 
+    /*
+     * Sanity check.
+     */
+    if (state->proxy != 0)
+	msg_panic("smtpd_proxy_create: handle still exists");
+
     /*
      * Connect to the before-queue filter immediately.
      */
@@ -1122,11 +1119,19 @@ void    smtpd_proxy_free(SMTPD_STATE *state)
      * truncate the replay logfile before reuse. For performance reasons we
      * should truncate the replay logfile immediately after the end of a mail
      * transaction. We truncate the file here, and enforce the security
-     * guarantee by requiring that the file is empty when it is reused.
+     * guarantee by requiring that no I/O happens before the file is reused.
      */
     if (smtpd_proxy_replay_stream == 0)
 	return;
     if (vstream_ferror(smtpd_proxy_replay_stream)) {
+	/* Errors are already reported. */
+	(void) vstream_fclose(smtpd_proxy_replay_stream);
+	smtpd_proxy_replay_stream = 0;
+	return;
+    }
+    /* Flush output from aborted transaction before truncating the file!! */
+    if (vstream_fseek(smtpd_proxy_replay_stream, (off_t) 0, SEEK_SET) < 0) {
+	msg_warn("seek before-queue filter speed-adjust log: %m");
 	(void) vstream_fclose(smtpd_proxy_replay_stream);
 	smtpd_proxy_replay_stream = 0;
 	return;

postfix/src/util/inet_addr_local.c

@@ -183,13 +183,16 @@ static int ial_getifaddrs(INET_ADDR_LIST *addr_list,
     for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
 	if (!(ifa->ifa_flags & IFF_UP) || ifa->ifa_addr == 0)
 	    continue;
-	/* XXX Should we cons up a default mask instead? */
-	if (ifa->ifa_netmask == 0)
-	    continue;				
 	sa = ifa->ifa_addr;
-	sam = ifa->ifa_netmask;
 	if (af != AF_UNSPEC && sa->sa_family != af)
 	    continue;
+	sam = ifa->ifa_netmask;
+	if (sam == 0) {
+	    /* XXX In mynetworks, a null netmask would match everyone. */
+	    msg_warn("ignoring interface with null netmask, address family %d",
+		     sa->sa_family);
+	    continue;
+	}
 	switch (sa->sa_family) {
 	case AF_INET:
 	    if (SOCK_ADDR_IN_ADDR(sa).s_addr == INADDR_ANY)
@@ -586,7 +589,8 @@ int     main(int unused_argc, char **argv)
     msg_vstream_init(argv[0], VSTREAM_ERR);
     msg_verbose = 1;
 
-    proto_info = inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
+    proto_info = inet_proto_init(argv[0],
+				 argv[1] ? argv[1] : INET_PROTO_NAME_ALL);
     inet_addr_list_init(&addr_list);
     inet_addr_list_init(&mask_list);
     inet_addr_local(&addr_list, &mask_list, proto_info->ai_family_list);

postfix/src/util/sys_defs.h

@@ -111,7 +111,7 @@
 #define HAS_DUPLEX_PIPE			/* 4.1 breaks with kqueue(2) */
 #endif
 
-#if __FreeBSD_version >= 800098		/* commit: r194262 */
+#if __FreeBSD_version >= 800107		/* safe; don't believe the experts */
 #define HAS_CLOSEFROM
 #endif