postfix-2.6-20080629

postfix/HISTORY

@@ -14491,3 +14491,38 @@ Apologies for any names omitted.
 
 	Bitrot: "make test" was broken due to recent changes in
 	code and due to recent changes at mail-abuse.org.
+
+20080618
+
+	Add a note to SMTP session transcript email messages that
+	other details may be found in the maillog file.  Files:
+	smtpd/smtpd_chat.c, smtp/smtp_chat.c.
+
+20080620
+
+	Cleanup: with the "Before-queue content filter", RFC3848
+	information was not added to the headers. Carlos Velasco.
+	File smtpd/smtpd.c.
+
+20080621
+
+	Cleanup: include unread byte count in the SMTP server's "lost
+	connection after DATA (xx bytes)" logging. Files: smtpd/smtpd.c.
+
+20080629
+
+	Bugfix (introduced Postfix 2.2): multiple inconsistencies
+	in SASL support after introduction of TLS.  The Postfix
+	SMTP server 1) complained about plain-text SASL configuration
+	details when SASL was forbidden for plain-text sessions,
+	and 2) ignored the smtpd_tls_auth_only parameter setting
+	when built without TLS support.  Files: smtpd/smtpd.c,
+	smtpd/smtpd_check.c, smtpd/smtpd_sasl_glue.[hc],
+	smtpd/smtpd_state.c.
+
+	Some clarification about recipient address versus domain,
+	and recipients per message versus session. File:
+	proto/postconf.proto.
+
+	The description of SASL authentication attributes was
+	garbled.  File: pipe/pipe.c.

postfix/README_FILES/SMTPD_ACCESS_README

@@ -123,7 +123,7 @@ Examples of simple restriction lists are:
     # Don't accept mail from domains that don't exist.
     smtpd_sender_restrictions = reject_unknown_sender_domain
 
-    # Whitelisting: local clients may specify any destination. Others may not.
+    # Whitelisting: local clients may specify any destination domain.
     smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
 
     # Block clients that speak too early.

postfix/RELEASE_NOTES

@@ -17,6 +17,23 @@ Incompatibility with Postfix 2.4 and earlier
 If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
 before proceeding.
 
+Incompatibility with snapshot 20080629
+======================================
+
+When TLS support is not compiled in, the Postfix SMTP server no
+longer ignores the "smtpd_tls_auth_only = yes" parameter setting.
+Earlier Postfix SMTP server versions would announce SASL support,
+and would accept SASL login or sender information.
+
+Major changes with snapshot 20080629
+====================================
+
+The Postfix SMTP server's SASL authentication was re-structured.
+With "smtpd_tls_auth_only = yes", SASL support is now activated
+only after a successful TLS handshake. Earlier Postfix SMTP server
+versions could complain about unavailable SASL mechanisms during
+the plaintext phase of the SMTP protocol.
+
 Incompatibility with snapshot 20080510
 ======================================
 

postfix/html/SMTPD_ACCESS_README.html

@@ -136,7 +136,7 @@ no").  </p>
 
 <ul>
 
-<li> <p> Disallowing <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> address syntax (example: "MAIL FROM: the
+<li> <p> Disallowing <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> address syntax (example: "MAIL FROM: the
 dude &lt;dude@example.com&gt;"). </p>
 
 <li> <p> Disallowing addresses that are not enclosed with &lt;&gt;
@@ -178,7 +178,7 @@ described in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
     # Don't accept mail from domains that don't exist.
     <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
 
-    # Whitelisting: local clients may specify any destination. Others may not.
+    # Whitelisting: local clients may specify any destination domain.
     <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
 
     # Block clients that speak too early.

postfix/html/anvil.8.html

@@ -139,41 +139,41 @@ ANVIL(8)                                                              ANVIL(8)
        into connection count and/or rate limits falsely.
 
        In this preliminary implementation, a count (or rate) lim-
-       ited  server can have only one remote client at a time. If
-       a server reports multiple simultaneous clients,  state  is
-       kept only for the last reported client.
+       ited  server  process can have only one remote client at a
+       time. If a server process  reports  multiple  simultaneous
+       clients,  state is kept only for the last reported client.
 
-       The  <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request
-       information after it expires.   To  prevent  the  <a href="anvil.8.html"><b>anvil</b>(8)</a>
+       The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client  request
+       information  after  it  expires.   To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a>
        server from discarding client request rate information too
-       early or too late, a rate limited  service  should  always
-       register  connect/disconnect  events even when it does not
+       early  or  too  late, a rate limited service should always
+       register connect/disconnect events even when it  does  not
        explicitly limit them.
 
 <b>CONFIGURATION PARAMETERS</b>
        On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked
        up automatically as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a lim-
-       ited amount of time. On other mail systems, use  the  com-
+       ited  amount  of time. On other mail systems, use the com-
        mand "<b>postfix reload</b>" to speed up a change.
 
-       The  text  below  provides  only  a parameter summary. See
+       The text below provides  only  a  parameter  summary.  See
        <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
 
        <b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b>
-              The time unit over which  client  connection  rates
+              The  time  unit  over which client connection rates
               and other rates are calculated.
 
        <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b>
-              How  frequently  the  <a href="anvil.8.html"><b>anvil</b>(8)</a>  connection and rate
+              How frequently the  <a href="anvil.8.html"><b>anvil</b>(8)</a>  connection  and  rate
               limiting server logs peak usage information.
 
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How  much time a Postfix daemon process may take to
-              handle a request  before  it  is  terminated  by  a
+              How much time a Postfix daemon process may take  to
+              handle  a  request  before  it  is  terminated by a
               built-in watchdog timer.
 
        <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -181,29 +181,29 @@ ANVIL(8)                                                              ANVIL(8)
               over an internal communication channel.
 
        <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits  for  an incoming connection
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits  for  an  incoming  connection
               before terminating voluntarily.
 
        <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
-              The maximal number of incoming connections  that  a
-              Postfix  daemon  process will service before termi-
+              The  maximal  number of incoming connections that a
+              Postfix daemon process will service  before  termi-
               nating voluntarily.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
-              The mail system  name  that  is  prepended  to  the
-              process  name  in  syslog  records, so that "smtpd"
+              The  mail  system  name  that  is  prepended to the
+              process name in syslog  records,  so  that  "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>SEE ALSO</b>
@@ -215,7 +215,7 @@ ANVIL(8)                                                              ANVIL(8)
        <a href="TUNING_README.html">TUNING_README</a>, performance tuning
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>HISTORY</b>

postfix/html/pipe.8.html

@@ -227,31 +227,31 @@ PIPE(8)                                                                PIPE(8)
                      This macro expands to the remote client net-
                      work address.
 
-                     This is available in Postfix 2.2 and  later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${client_helo</b>}
                      This macro expands to the remote client HELO
                      command parameter.
 
-                     This is available in Postfix 2.2 and  later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${client_hostname</b>}
                      This  macro  expands  to  the  remote client
                      hostname.
 
-                     This is available in Postfix 2.2 and  later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${client_port</b>}
                      This  macro expands to the remote client TCP
                      port number.
 
-                     This is available in Postfix 2.5 and  later.
+                     This feature is available as of Postfix 2.5.
 
               <b>${client_protocol</b>}
                      This macro expands to the remote client pro-
                      tocol.
 
-                     This is available in Postfix 2.2 and  later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${domain</b>}
                      This  macro expands to the domain portion of
@@ -262,7 +262,7 @@ PIPE(8)                                                                PIPE(8)
                      This information is modified by the  <b>h</b>  flag
                      for case folding.
 
-                     This  is available in Postfix 2.5 and later.
+                     This feature is available as of Postfix 2.5.
 
               <b>${extension</b>}
                      This macro expands to the extension part  of
@@ -309,8 +309,7 @@ PIPE(8)                                                                PIPE(8)
                      This  information  is  modified  by  the <b>hqu</b>
                      flags for quoting and case folding.
 
-                     This feature is available in Postfix 2.5 and
-                     later.
+                     This feature is available as of Postfix 2.5.
 
               <b>${recipient</b>}
                      This macro expands to the complete recipient
@@ -324,29 +323,27 @@ PIPE(8)                                                                PIPE(8)
                      flags for quoting and case folding.
 
               <b>${sasl_method</b>}
-                     This  macro  expands to the SASL authentica-
-                     tion mechanism used during the reception  of
-                     the  message.  An  empty string is passed if
-                     the message has been received  without  SASL
-                     authentication.
+                     This  macro  expands to the name of the SASL
+                     authentication mechanism in the AUTH command
+                     when  the  Postfix  SMTP server received the
+                     message.
 
-                     This  is available in Postfix 2.2 and later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${sasl_sender</b>}
-                     This macro expands to the SASL  sender  name
-                     (i.e.  the  original  submitter  as  per <a href="http://tools.ietf.org/html/rfc4954">RFC</a>
-                     <a href="http://tools.ietf.org/html/rfc4954">4954</a>) used during the reception of the  mes-
-                     sage.
+                     This  macro  expands to the SASL sender name
+                     (i.e. the  original  submitter  as  per  <a href="http://tools.ietf.org/html/rfc4954">RFC</a>
+                     <a href="http://tools.ietf.org/html/rfc4954">4954</a>)  in  the  MAIL  FROM  command when the
+                     Postfix SMTP server received the message.
 
-                     This  is available in Postfix 2.2 and later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${sasl_username</b>}
-                     This macro expands to  the  SASL  user  name
-                     used during the reception of the message. An
-                     empty string is passed if  the  message  has
-                     been received without SASL authentication.
+                     This  macro expands to the SASL user name in
+                     the  AUTH  command  when  the  Postfix  SMTP
+                     server received the message.
 
-                     This  is available in Postfix 2.2 and later.
+                     This feature is available as of Postfix 2.2.
 
               <b>${sender</b>}
                      This macro expands to  the  envelope  sender

postfix/html/postconf.1.html

@@ -35,8 +35,9 @@ POSTCONF(1)                                                        POSTCONF(1)
                      fix is built with Cyrus SASL support.
 
               <b>dovecot</b>
-                     This server  plug-in  requires  the  Dovecot
-                     authentication server.
+                     This server plug-in uses the Dovecot authen-
+                     tication server, and is available when Post-
+                     fix is built with any form of SASL  support.
 
               This  feature  is  available  with  Postfix 2.3 and
               later.

postfix/html/postconf.5.html

@@ -1147,6 +1147,11 @@ non-delivery notification. Specify a byte count. If you increase
 this limit, then you should increase the <a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value
 proportionally.  </p>
 
+<p> Note: be careful when making changes.  Excessively large values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds a local or remote MTA's message size limit.
+</p>
+
 
 </DD>
 
@@ -3613,7 +3618,7 @@ field in the entry in the <a href="master.5.html">master.cf</a> file.  </p>
 <DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a>
 (default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
 
-<p> The maximal number of recipients per delivery via the lmtp
+<p> The maximal number of recipients per message for the lmtp
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the <a href="master.5.html">master.cf</a> file.  </p>
@@ -5346,6 +5351,11 @@ content.  The usual C-like escape sequences are recognized: <tt>\a
 The maximal size in bytes of a message, including envelope information.
 </p>
 
+<p> Note: be careful when making changes.  Excessively small values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds the local or remote MTA's message size limit.
+</p>
+
 
 </DD>
 
@@ -6792,7 +6802,7 @@ first field in the entry in the <a href="master.5.html">master.cf</a> file.  </p
 <DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a>
 (default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
 
-<p> The maximal number of recipients per delivery via the relay
+<p> The maximal number of recipients per message for the relay
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the <a href="master.5.html">master.cf</a> file.  </p>
@@ -7701,7 +7711,7 @@ field in the entry in the <a href="master.5.html">master.cf</a> file.  </p>
 <DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a>
 (default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
 
-<p> The maximal number of recipients per delivery via the smtp
+<p> The maximal number of recipients per message for the smtp
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the <a href="master.5.html">master.cf</a> file.  </p>
@@ -7799,7 +7809,7 @@ destinations, Postfix will try them in the specified order.  </p>
 
 <p> To prevent mailer loops between MX hosts and fall-back hosts,
 Postfix version 2.2 and later will not use the fallback relays for
-destinations that it is MX host for (and DSN lookup is turned on).
+destinations that it is MX host for (assuming DNS lookup is turned on).
 </p>
 
 
@@ -10935,7 +10945,7 @@ corresponding action.  </dd>
 <dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
-the RCPT TO address, and execute the corresponding action.  Note:
+the RCPT TO domain, and execute the corresponding action.  Note:
 a result of "OK" is not allowed for safety reasons. Instead, use
 DUNNO in order to exclude specific hosts from blacklists.  This
 feature is available in Postfix 2.1 and later. </dd>
@@ -10943,7 +10953,7 @@ feature is available in Postfix 2.1 and later. </dd>
 <dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
-for the RCPT TO address, and execute the corresponding action.
+for the RCPT TO domain, and execute the corresponding action.
 Note: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  This
 feature is available in Postfix 2.1 and later.  </dd>
@@ -10954,11 +10964,11 @@ feature is available in Postfix 2.1 and later.  </dd>
 
 <ul>
 
-<li> Postfix is mail forwarder: the resolved RCPT TO address matches
+<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
 $<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no
 sender-specified routing (user@elsewhere@domain),
 
-<li> Postfix is the final destination: the resolved RCPT TO address
+<li> Postfix is the final destination: the resolved RCPT TO domain
 matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
 $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address
 contains no sender-specified routing (user@elsewhere@domain).
@@ -10968,7 +10978,7 @@ contains no sender-specified routing (user@elsewhere@domain).
 <dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
 
 <dd>Permit the request when the local mail system is backup MX for
-the RCPT TO address, or when the address is an authorized destination
+the RCPT TO domain, or when the domain is an authorized destination
 (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition).
 
 <ul>
@@ -11016,11 +11026,11 @@ in Postfix version 2.0 and later.</dd>
 
 <ul>
 
-<li> Postfix is mail forwarder: the resolved RCPT TO address matches
+<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
 $<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified
 routing (user@elsewhere@domain),
 
-<li> Postfix is the final destination: the resolved RCPT TO address
+<li> Postfix is the final destination: the resolved RCPT TO domain
 matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
 $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains
 no sender-specified routing (user@elsewhere@domain).
@@ -11031,7 +11041,7 @@ code for rejected requests (default: 554). </dd>
 <dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
 
 <dd>Reject the request when Postfix is not final destination for
-the recipient address, and the RCPT TO address has no DNS A or MX
+the recipient domain, and the RCPT TO domain has no DNS A or MX
 record, or when it has a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later). <br> The
 <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the response code
@@ -13458,7 +13468,7 @@ first field in the entry in the <a href="master.5.html">master.cf</a> file.  </p
 <DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a>
 (default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
 
-<p> The maximal number of recipients per delivery via the virtual
+<p> The maximal number of recipients per message for the virtual
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the <a href="master.5.html">master.cf</a> file.  </p>

postfix/man/man1/postconf.1

@@ -37,8 +37,9 @@ listed below.
 This server plug-in is available when Postfix is built with
 Cyrus SASL support.
 .IP \fBdovecot\fR
-This server plug-in requires the Dovecot authentication
-server.
+This server plug-in uses the Dovecot authentication server,
+and is available when Postfix is built with any form of SASL
+support.
 .RE
 .IP
 This feature is available with Postfix 2.3 and later.

postfix/man/man5/postconf.5

@@ -637,6 +637,10 @@ The maximal amount of original message text that is sent in a
 non-delivery notification. Specify a byte count. If you increase
 this limit, then you should increase the mime_nesting_limit value
 proportionally.
+.PP
+Note: be careful when making changes.  Excessively large values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds a local or remote MTA's message size limit.
 .SH bounce_template_file (default: empty)
 Pathname of a configuration file with bounce message templates.
 These override the built-in templates of delivery status notification
@@ -1997,7 +2001,7 @@ via the lmtp message delivery transport. This limit is enforced by
 the queue manager. The message delivery transport name is the first
 field in the entry in the master.cf file.
 .SH lmtp_destination_recipient_limit (default: $default_destination_recipient_limit)
-The maximal number of recipients per delivery via the lmtp
+The maximal number of recipients per message for the lmtp
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.
@@ -2953,6 +2957,10 @@ message_reject_characters = \e0
 This feature is available in Postfix 2.3 and later.
 .SH message_size_limit (default: 10240000)
 The maximal size in bytes of a message, including envelope information.
+.PP
+Note: be careful when making changes.  Excessively small values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds the local or remote MTA's message size limit.
 .SH message_strip_characters (default: empty)
 The set of characters that Postfix will remove from message
 content.  The usual C-like escape sequences are recognized: \ea
@@ -3778,7 +3786,7 @@ first field in the entry in the master.cf file.
 .PP
 This feature is available in Postfix 2.0 and later.
 .SH relay_destination_recipient_limit (default: $default_destination_recipient_limit)
-The maximal number of recipients per delivery via the relay
+The maximal number of recipients per message for the relay
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.
@@ -4340,7 +4348,7 @@ via the smtp message delivery transport. This limit is enforced by
 the queue manager. The message delivery transport name is the first
 field in the entry in the master.cf file.
 .SH smtp_destination_recipient_limit (default: $default_destination_recipient_limit)
-The maximal number of recipients per delivery via the smtp
+The maximal number of recipients per message for the smtp
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.
@@ -4407,7 +4415,7 @@ destinations, Postfix will try them in the specified order.
 .PP
 To prevent mailer loops between MX hosts and fall-back hosts,
 Postfix version 2.2 and later will not use the fallback relays for
-destinations that it is MX host for (and DSN lookup is turned on).
+destinations that it is MX host for (assuming DNS lookup is turned on).
 .SH smtp_generic_maps (default: empty)
 Optional lookup tables that perform address rewriting in the
 SMTP client, typically to transform a locally valid address into
@@ -6625,30 +6633,30 @@ TO address, domain, parent domains, or localpart@, and execute the
 corresponding action.
 .IP "\fBcheck_recipient_mx_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the MX hosts for
-the RCPT TO address, and execute the corresponding action.  Note:
+the RCPT TO domain, and execute the corresponding action.  Note:
 a result of "OK" is not allowed for safety reasons. Instead, use
 DUNNO in order to exclude specific hosts from blacklists.  This
 feature is available in Postfix 2.1 and later.
 .IP "\fBcheck_recipient_ns_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the DNS servers
-for the RCPT TO address, and execute the corresponding action.
+for the RCPT TO domain, and execute the corresponding action.
 Note: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  This
 feature is available in Postfix 2.1 and later.
 .IP "\fBpermit_auth_destination\fR"
 Permit the request when one of the following is true:
 .IP \(bu
-Postfix is mail forwarder: the resolved RCPT TO address matches
+Postfix is mail forwarder: the resolved RCPT TO domain matches
 $relay_domains or a subdomain thereof, and the address contains no
 sender-specified routing (user@elsewhere@domain),
 .IP \(bu
-Postfix is the final destination: the resolved RCPT TO address
+Postfix is the final destination: the resolved RCPT TO domain
 matches $mydestination, $inet_interfaces, $proxy_interfaces,
 $virtual_alias_domains, or $virtual_mailbox_domains, and the address
 contains no sender-specified routing (user@elsewhere@domain).
 .IP "\fBpermit_mx_backup\fR"
 Permit the request when the local mail system is backup MX for
-the RCPT TO address, or when the address is an authorized destination
+the RCPT TO domain, or when the domain is an authorized destination
 (see permit_auth_destination for definition).
 .IP \(bu
 Safety: permit_mx_backup does not accept addresses that have
@@ -6688,11 +6696,11 @@ in Postfix version 2.0 and later.
 .IP "\fBreject_unauth_destination\fR"
 Reject the request unless one of the following is true:
 .IP \(bu
-Postfix is mail forwarder: the resolved RCPT TO address matches
+Postfix is mail forwarder: the resolved RCPT TO domain matches
 $relay_domains or a subdomain thereof, and contains no sender-specified
 routing (user@elsewhere@domain),
 .IP \(bu
-Postfix is the final destination: the resolved RCPT TO address
+Postfix is the final destination: the resolved RCPT TO domain
 matches $mydestination, $inet_interfaces, $proxy_interfaces,
 $virtual_alias_domains, or $virtual_mailbox_domains, and contains
 no sender-specified routing (user@elsewhere@domain).
@@ -6700,7 +6708,7 @@ no sender-specified routing (user@elsewhere@domain).
 code for rejected requests (default: 554).
 .IP "\fBreject_unknown_recipient_domain\fR"
 Reject the request when Postfix is not final destination for
-the recipient address, and the RCPT TO address has no DNS A or MX
+the recipient domain, and the RCPT TO domain has no DNS A or MX
 record, or when it has a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later).
 .br
@@ -8268,7 +8276,7 @@ via the virtual message delivery transport. This limit is enforced
 by the queue manager. The message delivery transport name is the
 first field in the entry in the master.cf file.
 .SH virtual_destination_recipient_limit (default: $default_destination_recipient_limit)
-The maximal number of recipients per delivery via the virtual
+The maximal number of recipients per message for the virtual
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.

postfix/man/man8/anvil.8

@@ -181,7 +181,8 @@ appear to have the same client address and can run into connection
 count and/or rate limits falsely.
 
 In this preliminary implementation, a count (or rate) limited server
-can have only one remote client at a time. If a server reports
+process can have only one remote client at a time. If a
+server process reports
 multiple simultaneous clients, state is kept only for the last
 reported client.
 

postfix/man/man8/pipe.8

@@ -210,23 +210,23 @@ $(\fIname\fR) are also recognized.  Specify \fB$$\fR where a single
 .IP \fB${\fBclient_address\fR}\fR
 This macro expands to the remote client network address.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBclient_helo\fR}\fR
 This macro expands to the remote client HELO command parameter.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBclient_hostname\fR}\fR
 This macro expands to the remote client hostname.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBclient_port\fR}\fR
 This macro expands to the remote client TCP port number.
 .sp
-This is available in Postfix 2.5 and later.
+This feature is available as of Postfix 2.5.
 .IP \fB${\fBclient_protocol\fR}\fR
 This macro expands to the remote client protocol.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBdomain\fR}\fR
 This macro expands to the domain portion of the recipient
 address.  For example, with an address \fIuser+foo@domain\fR
@@ -234,7 +234,7 @@ the domain is \fIdomain\fR.
 .sp
 This information is modified by the \fBh\fR flag for case folding.
 .sp
-This is available in Postfix 2.5 and later.
+This feature is available as of Postfix 2.5.
 .IP \fB${\fBextension\fR}\fR
 This macro expands to the extension part of a recipient address.
 For example, with an address \fIuser+foo@domain\fR the extension is
@@ -268,7 +268,7 @@ command-line arguments as there are recipients.
 This information is modified by the \fBhqu\fR flags for quoting
 and case folding.
 .sp
-This feature is available in Postfix 2.5 and later.
+This feature is available as of Postfix 2.5.
 .IP \fB${\fBrecipient\fR}\fR
 This macro expands to the complete recipient address.
 .sp
@@ -278,22 +278,22 @@ expands to as many command-line arguments as there are recipients.
 This information is modified by the \fBhqu\fR flags for quoting
 and case folding.
 .IP \fB${\fBsasl_method\fR}\fR
-This macro expands to the SASL authentication mechanism used
-during the reception of the message. An empty string is passed
-if the message has been received without SASL authentication.
+This macro expands to the name of the SASL authentication
+mechanism in the AUTH command when the Postfix SMTP server
+received the message.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBsasl_sender\fR}\fR
 This macro expands to the SASL sender name (i.e. the original
-submitter as per RFC 4954) used during the reception of the message.
+submitter as per RFC 4954) in the MAIL FROM command when
+the Postfix SMTP server received the message.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBsasl_username\fR}\fR
-This macro expands to the SASL user name used during the reception
-of the message. An empty string is passed if the message has been
-received without SASL authentication.
+This macro expands to the SASL user name in the AUTH command
+when the Postfix SMTP server received the message.
 .sp
-This is available in Postfix 2.2 and later.
+This feature is available as of Postfix 2.2.
 .IP \fB${\fBsender\fR}\fR
 This macro expands to the envelope sender address. By default,
 the null sender address expands to MAILER-DAEMON; this can

postfix/proto/SMTPD_ACCESS_README.html

@@ -178,7 +178,7 @@ described in the postconf(5) manual page. </p>
     # Don't accept mail from domains that don't exist.
     smtpd_sender_restrictions = reject_unknown_sender_domain
 
-    # Whitelisting: local clients may specify any destination. Others may not.
+    # Whitelisting: local clients may specify any destination domain.
     smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
 
     # Block clients that speak too early.

postfix/proto/postconf.proto

@@ -713,6 +713,11 @@ non-delivery notification. Specify a byte count. If you increase
 this limit, then you should increase the mime_nesting_limit value
 proportionally.  </p>
 
+<p> Note: be careful when making changes.  Excessively large values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds a local or remote MTA's message size limit.
+</p>
+
 %PARAM canonical_maps 
 
 <p>
@@ -1353,7 +1358,7 @@ destinations, Postfix will try them in the specified order.  </p>
 
 <p> To prevent mailer loops between MX hosts and fall-back hosts,
 Postfix version 2.2 and later will not use the fallback relays for
-destinations that it is MX host for (and DSN lookup is turned on).
+destinations that it is MX host for (assuming DNS lookup is turned on).
 </p>
 
 %PARAM fallback_relay 
@@ -2712,6 +2717,11 @@ Specify 0 when mail delivery should be tried only once.
 The maximal size in bytes of a message, including envelope information.
 </p>
 
+<p> Note: be careful when making changes.  Excessively small values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds the local or remote MTA's message size limit.
+</p>
+
 %PARAM minimal_backoff_time 300s
 
 <p>
@@ -3897,7 +3907,7 @@ field in the entry in the master.cf file.  </p>
 
 %PARAM lmtp_destination_recipient_limit $default_destination_recipient_limit
 
-<p> The maximal number of recipients per delivery via the lmtp
+<p> The maximal number of recipients per message for the lmtp
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.  </p>
@@ -3917,7 +3927,7 @@ first field in the entry in the master.cf file.  </p>
 
 %PARAM relay_destination_recipient_limit $default_destination_recipient_limit
 
-<p> The maximal number of recipients per delivery via the relay
+<p> The maximal number of recipients per message for the relay
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.  </p>
@@ -3937,7 +3947,7 @@ field in the entry in the master.cf file.  </p>
 
 %PARAM smtp_destination_recipient_limit $default_destination_recipient_limit
 
-<p> The maximal number of recipients per delivery via the smtp
+<p> The maximal number of recipients per message for the smtp
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.  </p>
@@ -3955,7 +3965,7 @@ first field in the entry in the master.cf file.  </p>
 
 %PARAM virtual_destination_recipient_limit $default_destination_recipient_limit
 
-<p> The maximal number of recipients per delivery via the virtual
+<p> The maximal number of recipients per message for the virtual
 message delivery transport. This limit is enforced by the queue
 manager. The message delivery transport name is the first field in
 the entry in the master.cf file.  </p>
@@ -5394,7 +5404,7 @@ corresponding action.  </dd>
 <dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access(5) database for the MX hosts for
-the RCPT TO address, and execute the corresponding action.  Note:
+the RCPT TO domain, and execute the corresponding action.  Note:
 a result of "OK" is not allowed for safety reasons. Instead, use
 DUNNO in order to exclude specific hosts from blacklists.  This
 feature is available in Postfix 2.1 and later. </dd>
@@ -5402,7 +5412,7 @@ feature is available in Postfix 2.1 and later. </dd>
 <dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access(5) database for the DNS servers
-for the RCPT TO address, and execute the corresponding action.
+for the RCPT TO domain, and execute the corresponding action.
 Note: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  This
 feature is available in Postfix 2.1 and later.  </dd>
@@ -5413,11 +5423,11 @@ feature is available in Postfix 2.1 and later.  </dd>
 
 <ul>
 
-<li> Postfix is mail forwarder: the resolved RCPT TO address matches
+<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
 $relay_domains or a subdomain thereof, and the address contains no
 sender-specified routing (user@elsewhere@domain),
 
-<li> Postfix is the final destination: the resolved RCPT TO address
+<li> Postfix is the final destination: the resolved RCPT TO domain
 matches $mydestination, $inet_interfaces, $proxy_interfaces,
 $virtual_alias_domains, or $virtual_mailbox_domains, and the address
 contains no sender-specified routing (user@elsewhere@domain).
@@ -5427,7 +5437,7 @@ contains no sender-specified routing (user@elsewhere@domain).
 <dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
 
 <dd>Permit the request when the local mail system is backup MX for
-the RCPT TO address, or when the address is an authorized destination
+the RCPT TO domain, or when the domain is an authorized destination
 (see permit_auth_destination for definition).
 
 <ul>
@@ -5475,11 +5485,11 @@ in Postfix version 2.0 and later.</dd>
 
 <ul>
 
-<li> Postfix is mail forwarder: the resolved RCPT TO address matches
+<li> Postfix is mail forwarder: the resolved RCPT TO domain matches
 $relay_domains or a subdomain thereof, and contains no sender-specified
 routing (user@elsewhere@domain),
 
-<li> Postfix is the final destination: the resolved RCPT TO address
+<li> Postfix is the final destination: the resolved RCPT TO domain
 matches $mydestination, $inet_interfaces, $proxy_interfaces,
 $virtual_alias_domains, or $virtual_mailbox_domains, and contains
 no sender-specified routing (user@elsewhere@domain).
@@ -5490,7 +5500,7 @@ code for rejected requests (default: 554). </dd>
 <dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
 
 <dd>Reject the request when Postfix is not final destination for
-the recipient address, and the RCPT TO address has no DNS A or MX
+the recipient domain, and the RCPT TO domain has no DNS A or MX
 record, or when it has a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later). <br> The
 unknown_address_reject_code parameter specifies the response code

postfix/src/anvil/anvil.c

@@ -161,7 +161,8 @@
 /*	count and/or rate limits falsely.
 /*
 /*	In this preliminary implementation, a count (or rate) limited server
-/*	can have only one remote client at a time. If a server reports
+/*	process can have only one remote client at a time. If a
+/*	server process reports
 /*	multiple simultaneous clients, state is kept only for the last
 /*	reported client.
 /*

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20080606"
+#define MAIL_RELEASE_DATE	"20080629"
 #define MAIL_VERSION_NUMBER	"2.6"
 
 #ifdef SNAPSHOT

postfix/src/pipe/pipe.c

@@ -200,23 +200,23 @@
 /* .IP \fB${\fBclient_address\fR}\fR
 /*	This macro expands to the remote client network address.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBclient_helo\fR}\fR
 /*	This macro expands to the remote client HELO command parameter.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBclient_hostname\fR}\fR
 /*	This macro expands to the remote client hostname.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBclient_port\fR}\fR
 /*	This macro expands to the remote client TCP port number.
 /* .sp
-/*	This is available in Postfix 2.5 and later.
+/*	This feature is available as of Postfix 2.5.
 /* .IP \fB${\fBclient_protocol\fR}\fR
 /*	This macro expands to the remote client protocol.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBdomain\fR}\fR
 /*	This macro expands to the domain portion of the recipient
 /*	address.  For example, with an address \fIuser+foo@domain\fR
@@ -224,7 +224,7 @@
 /* .sp
 /*	This information is modified by the \fBh\fR flag for case folding.
 /* .sp
-/*	This is available in Postfix 2.5 and later.
+/*	This feature is available as of Postfix 2.5.
 /* .IP \fB${\fBextension\fR}\fR
 /*	This macro expands to the extension part of a recipient address.
 /*	For example, with an address \fIuser+foo@domain\fR the extension is
@@ -258,7 +258,7 @@
 /*	This information is modified by the \fBhqu\fR flags for quoting
 /*	and case folding.
 /* .sp
-/*	This feature is available in Postfix 2.5 and later.
+/*	This feature is available as of Postfix 2.5.
 /* .IP \fB${\fBrecipient\fR}\fR
 /*	This macro expands to the complete recipient address.
 /* .sp
@@ -268,22 +268,22 @@
 /*	This information is modified by the \fBhqu\fR flags for quoting
 /*	and case folding.
 /* .IP \fB${\fBsasl_method\fR}\fR
-/*	This macro expands to the SASL authentication mechanism used
-/*	during the reception of the message. An empty string is passed
-/*	if the message has been received without SASL authentication.
+/*	This macro expands to the name of the SASL authentication
+/*	mechanism in the AUTH command when the Postfix SMTP server
+/*	received the message.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBsasl_sender\fR}\fR
 /*	This macro expands to the SASL sender name (i.e. the original
-/*	submitter as per RFC 4954) used during the reception of the message.
+/*	submitter as per RFC 4954) in the MAIL FROM command when
+/*	the Postfix SMTP server received the message.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBsasl_username\fR}\fR
-/*	This macro expands to the SASL user name used during the reception
-/*	of the message. An empty string is passed if the message has been
-/*	received without SASL authentication.
+/*	This macro expands to the SASL user name in the AUTH command
+/*	when the Postfix SMTP server received the message.
 /* .sp
-/*	This is available in Postfix 2.2 and later.
+/*	This feature is available as of Postfix 2.2.
 /* .IP \fB${\fBsender\fR}\fR
 /*	This macro expands to the envelope sender address. By default,
 /*	the null sender address expands to MAILER-DAEMON; this can

postfix/src/postconf/postconf.c

@@ -31,8 +31,9 @@
 /*	This server plug-in is available when Postfix is built with
 /*	Cyrus SASL support.
 /* .IP \fBdovecot\fR
-/*	This server plug-in requires the Dovecot authentication
-/*	server.
+/*	This server plug-in uses the Dovecot authentication server,
+/*	and is available when Postfix is built with any form of SASL
+/*	support.
 /* .RE
 /* .IP
 /*	This feature is available with Postfix 2.3 and later.

postfix/src/smtp/smtp_chat.c

@@ -431,5 +431,7 @@ void    smtp_chat_notify(SMTP_SESSION *session)
     for (cpp = session->history->argv; *cpp; cpp++)
 	line_wrap(printable(*cpp, '?'), LENGTH, INDENT, print_line,
 		  (char *) notice);
+    post_mail_fputs(notice, "");
+    post_mail_fprintf(notice, "For other details, see the local mail logfile");
     (void) post_mail_fclose(notice);
 }

postfix/src/smtpd/Makefile.in

@@ -315,6 +315,7 @@ smtpd_milter.o: ../../include/vstring.h
 smtpd_milter.o: smtpd.h
 smtpd_milter.o: smtpd_milter.c
 smtpd_milter.o: smtpd_milter.h
+smtpd_milter.o: smtpd_sasl_glue.h
 smtpd_peer.o: ../../include/argv.h
 smtpd_peer.o: ../../include/attr.h
 smtpd_peer.o: ../../include/inet_proto.h

postfix/src/smtpd/smtpd.c

@@ -1115,6 +1115,7 @@ char   *var_smtpd_tls_level;
 bool    var_smtpd_use_tls;
 bool    var_smtpd_enforce_tls;
 bool    var_smtpd_tls_wrappermode;
+bool    var_smtpd_tls_auth_only;
 
 #ifdef USE_TLS
 char   *var_smtpd_relay_ccerts;
@@ -1123,7 +1124,6 @@ int     var_smtpd_starttls_tmout;
 char   *var_smtpd_tls_CAfile;
 char   *var_smtpd_tls_CApath;
 bool    var_smtpd_tls_ask_ccert;
-bool    var_smtpd_tls_auth_only;
 int     var_smtpd_tls_ccert_vd;
 char   *var_smtpd_tls_cert_file;
 char   *var_smtpd_tls_mand_ciph;
@@ -1555,11 +1555,7 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 #endif
 #ifdef USE_SASL_AUTH
     if ((discard_mask & EHLO_MASK_AUTH) == 0) {
-	if (var_smtpd_sasl_enable && !sasl_client_exception(state)
-#ifdef USE_TLS
-	    && (!state->tls_auth_only || state->tls_context)
-#endif
-	    ) {
+	if (smtpd_sasl_is_active(state) && !sasl_client_exception(state)) {
 	    ENQUEUE_FMT_REPLY(state, reply_buf, "AUTH %s",
 			      state->sasl_mechanism_list);
 	    if (var_broken_auth_clients)
@@ -1709,7 +1705,7 @@ static int mail_open_stream(SMTPD_STATE *state)
 	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 			MAIL_ATTR_RWR_CONTEXT, FORWARD_DOMAIN(state));
 #ifdef USE_SASL_AUTH
-	    if (var_smtpd_sasl_enable) {
+	    if (smtpd_sasl_is_active(state)) {
 		if (state->sasl_method)
 		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 				MAIL_ATTR_SASL_METHOD, state->sasl_method);
@@ -1810,7 +1806,7 @@ static int mail_open_stream(SMTPD_STATE *state)
      * Log the queue ID with the message origin.
      */
 #ifdef USE_SASL_AUTH
-    if (var_smtpd_sasl_enable)
+    if (smtpd_sasl_is_active(state))
 	smtpd_sasl_mail_log(state);
     else
 #endif
@@ -2052,7 +2048,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 		return (-1);
 	    }
 #ifdef USE_SASL_AUTH
-	} else if (var_smtpd_sasl_enable && strncasecmp(arg, "AUTH=", 5) == 0) {
+	} else if (smtpd_sasl_is_active(state)
+		   && strncasecmp(arg, "AUTH=", 5) == 0) {
 	    if ((err = smtpd_sasl_mail_opt(state, arg + 5)) != 0) {
 		smtpd_chat_reply(state, "%s", err);
 		return (-1);
@@ -2233,7 +2230,7 @@ static void mail_reset(SMTPD_STATE *state)
     state->saved_delay = 0;
 #endif
 #ifdef USE_SASL_AUTH
-    if (var_smtpd_sasl_enable)
+    if (smtpd_sasl_is_active(state))
 	smtpd_sasl_mail_reset(state);
 #endif
     state->discard = 0;
@@ -2756,7 +2753,8 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 #endif
 	    rfc3848_sess = "";
 #ifdef USE_SASL_AUTH
-	if (var_smtpd_sasl_enable && var_smtpd_sasl_auth_hdr && state->sasl_username) {
+	if (smtpd_sasl_is_active(state) && var_smtpd_sasl_auth_hdr
+	    && state->sasl_username) {
 	    username = VSTRING_STRDUP(state->sasl_username);
 	    comment_sanitize(username);
 	    out_fprintf(out_stream, REC_TYPE_NORM,
@@ -2764,7 +2762,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 	    vstring_free(username);
 	}
 	/* RFC 3848 is defined for ESMTP only. */
-	if (var_smtpd_sasl_enable && state->sasl_username
+	if (smtpd_sasl_is_active(state) && state->sasl_username
 	    && strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0)
 	    rfc3848_auth = "A";
 	else
@@ -2773,7 +2771,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 	if (state->rcpt_count == 1 && state->recipient) {
 	    out_fprintf(out_stream, REC_TYPE_NORM,
 			state->cleanup ? "\tby %s (%s) with %s%s%s id %s" :
-			"\tby %s (%s) with %s",
+			"\tby %s (%s) with %s%s%s",
 			var_myhostname, var_mail_name,
 			state->protocol, rfc3848_sess,
 			rfc3848_auth, state->queue_id);
@@ -2784,7 +2782,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 	} else {
 	    out_fprintf(out_stream, REC_TYPE_NORM,
 			state->cleanup ? "\tby %s (%s) with %s%s%s id %s;" :
-			"\tby %s (%s) with %s;",
+			"\tby %s (%s) with %s%s%s;",
 			var_myhostname, var_mail_name,
 			state->protocol, rfc3848_sess,
 			rfc3848_auth, state->queue_id);
@@ -3521,7 +3519,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	state->protocol = mystrdup(MAIL_PROTO_SMTP);
     }
 #ifdef USE_SASL_AUTH
-    if (var_smtpd_sasl_enable)
+    if (smtpd_sasl_is_active(state))
 	smtpd_sasl_auth_reset(state);
 #endif
     chat_reset(state, 0);
@@ -3916,12 +3914,17 @@ static void smtpd_start_tls(SMTPD_STATE *state)
      * offered within a plain-text session.
      */
 #ifdef USE_SASL_AUTH
-    if (var_smtpd_sasl_enable
-	&& strcmp(var_smtpd_sasl_tls_opts, var_smtpd_sasl_opts) != 0) {
-	smtpd_sasl_auth_reset(state);
-	smtpd_sasl_disconnect(state);
-	smtpd_sasl_connect(state, VAR_SMTPD_SASL_TLS_OPTS,
-			   var_smtpd_sasl_tls_opts);
+    if (var_smtpd_sasl_enable) {
+	/* Non-wrappermode, presumably. */
+	if (smtpd_sasl_is_active(state)
+	    && strcmp(var_smtpd_sasl_opts, var_smtpd_sasl_tls_opts) != 0) {
+	    smtpd_sasl_auth_reset(state);
+	    smtpd_sasl_deactivate(state);
+	}
+	/* Wrappermode and non-wrappermode. */
+	if (smtpd_sasl_is_active(state) == 0)
+	    smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS,
+				var_smtpd_sasl_tls_opts);
     }
 #endif
 }
@@ -4265,6 +4268,27 @@ static void smtpd_proto(SMTPD_STATE *state)
 	    ehlo_words = var_smtpd_ehlo_dis_words;
 	state->ehlo_discard_mask = ehlo_mask(ehlo_words);
 
+	/*
+	 * SASL initialization for plaintext mode.
+	 * 
+	 * XXX Backwards compatibility: allow AUTH commands when the AUTH
+	 * announcement is suppressed via smtpd_sasl_exceptions_networks.
+	 * 
+	 * XXX Safety: don't enable SASL with "smtpd_tls_auth_only = yes" and
+	 * non-TLS build.
+	 */
+#ifdef USE_SASL_AUTH
+	if (var_smtpd_sasl_enable && smtpd_sasl_is_active(state) == 0
+#ifdef USE_TLS
+	    && state->tls_context == 0 && !state->tls_auth_only
+#else
+	    && var_smtpd_tls_auth_only == 0
+#endif
+	    )
+	    smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS,
+				var_smtpd_sasl_opts);
+#endif
+
 	for (;;) {
 	    if (state->flags & SMTPD_FLAG_HANGUP)
 		break;
@@ -4373,8 +4397,9 @@ static void smtpd_proto(SMTPD_STATE *state)
      */
     if (state->reason && state->where) {
 	if (strcmp(state->where, SMTPD_CMD_DATA) == 0) {
-	    msg_info("%s after %s (%lu bytes) from %s",
-		     state->reason, state->where, (long) state->act_size,
+	    msg_info("%s after %s (approximately %lu bytes) from %s",
+		     state->reason, state->where,
+		     (long) (state->act_size + vstream_peek(state->client)),
 		     state->namaddr);
 	} else if (strcmp(state->where, SMTPD_AFTER_DOT)
 		   || strcmp(state->reason, REASON_LOST_CONNECTION)) {
@@ -4394,8 +4419,10 @@ static void smtpd_proto(SMTPD_STATE *state)
 #endif
     helo_reset(state);
 #ifdef USE_SASL_AUTH
-    if (var_smtpd_sasl_enable)
+    if (smtpd_sasl_is_active(state)) {
 	smtpd_sasl_auth_reset(state);
+	smtpd_sasl_deactivate(state);
+    }
 #endif
     chat_reset(state, 0);
     mail_reset(state);
@@ -4800,8 +4827,8 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_USE_TLS, DEF_SMTPD_USE_TLS, &var_smtpd_use_tls,
 	VAR_SMTPD_ENFORCE_TLS, DEF_SMTPD_ENFORCE_TLS, &var_smtpd_enforce_tls,
 	VAR_SMTPD_TLS_WRAPPER, DEF_SMTPD_TLS_WRAPPER, &var_smtpd_tls_wrappermode,
-#ifdef USE_TLS
 	VAR_SMTPD_TLS_AUTH_ONLY, DEF_SMTPD_TLS_AUTH_ONLY, &var_smtpd_tls_auth_only,
+#ifdef USE_TLS
 	VAR_SMTPD_TLS_ACERT, DEF_SMTPD_TLS_ACERT, &var_smtpd_tls_ask_ccert,
 	VAR_SMTPD_TLS_RCERT, DEF_SMTPD_TLS_RCERT, &var_smtpd_tls_req_ccert,
 	VAR_SMTPD_TLS_RECHEAD, DEF_SMTPD_TLS_RECHEAD, &var_smtpd_tls_received_header,

postfix/src/smtpd/smtpd_chat.c

@@ -266,5 +266,7 @@ void    smtpd_chat_notify(SMTPD_STATE *state)
     post_mail_fputs(notice, "");
     if (state->reason)
 	post_mail_fprintf(notice, "Session aborted, reason: %s", state->reason);
+    post_mail_fputs(notice, "");
+    post_mail_fprintf(notice, "For other details, see the local mail logfile");
     (void) post_mail_fclose(notice);
 }

postfix/src/smtpd/smtpd_check.c

@@ -3247,7 +3247,7 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen
     /*
      * Reject if the client is logged in and does not own the sender address.
      */
-    if (var_smtpd_sasl_enable && state->sasl_username != 0) {
+    if (smtpd_sasl_is_active(state) && state->sasl_username != 0) {
 	reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
 	if (reply->flags & RESOLVE_FLAG_FAIL)
 	    reject_dict_retry(state, sender);
@@ -3280,7 +3280,7 @@ static int reject_unauth_sender_login_mismatch(SMTPD_STATE *state, const char *s
      * Reject if the client is not logged in and the sender address has an
      * owner.
      */
-    if (var_smtpd_sasl_enable && state->sasl_username == 0) {
+    if (smtpd_sasl_is_active(state) && state->sasl_username == 0) {
 	reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
 	if (reply->flags & RESOLVE_FLAG_FAIL)
 	    reject_dict_retry(state, sender);
@@ -3373,13 +3373,13 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 			  ATTR_TYPE_STR, MAIL_ATTR_STRESS, var_stress,
 #ifdef USE_SASL_AUTH
 			  ATTR_TYPE_STR, MAIL_ATTR_SASL_METHOD,
-			  var_smtpd_sasl_enable && state->sasl_method ?
+			  smtpd_sasl_is_active(state) && state->sasl_method ?
 			  state->sasl_method : "",
 			  ATTR_TYPE_STR, MAIL_ATTR_SASL_USERNAME,
-			  var_smtpd_sasl_enable && state->sasl_username ?
+		       smtpd_sasl_is_active(state) && state->sasl_username ?
 			  state->sasl_username : "",
 			  ATTR_TYPE_STR, MAIL_ATTR_SASL_SENDER,
-			  var_smtpd_sasl_enable && state->sasl_sender ?
+			  smtpd_sasl_is_active(state) && state->sasl_sender ?
 			  state->sasl_sender : "",
 #endif
 #ifdef USE_TLS
@@ -3731,7 +3731,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 					  state->sender, SMTPD_NAME_SENDER);
 	} else if (strcasecmp(name, REJECT_AUTH_SENDER_LOGIN_MISMATCH) == 0) {
 #ifdef USE_SASL_AUTH
-	    if (var_smtpd_sasl_enable) {
+	    if (smtpd_sasl_is_active(state)) {
 		if (state->sender && *state->sender)
 		    status = reject_auth_sender_login_mismatch(state, state->sender);
 	    } else
@@ -3739,7 +3739,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 		msg_warn("restriction `%s' ignored: no SASL support", name);
 	} else if (strcasecmp(name, REJECT_UNAUTH_SENDER_LOGIN_MISMATCH) == 0) {
 #ifdef USE_SASL_AUTH
-	    if (var_smtpd_sasl_enable) {
+	    if (smtpd_sasl_is_active(state)) {
 		if (state->sender && *state->sender)
 		    status = reject_unauth_sender_login_mismatch(state, state->sender);
 	    } else
@@ -3800,7 +3800,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 			 cpp[1], CHECK_RELAY_DOMAINS);
 	} else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
 #ifdef USE_SASL_AUTH
-	    if (var_smtpd_sasl_enable)
+	    if (smtpd_sasl_is_active(state))
 		status = permit_sasl_auth(state,
 					  SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO);
 #endif
@@ -3963,7 +3963,7 @@ void    smtpd_check_rewrite(SMTPD_STATE *state)
 		status = SMTPD_CHECK_OK;
 	} else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
 #ifdef USE_SASL_AUTH
-	    if (var_smtpd_sasl_enable)
+	    if (smtpd_sasl_is_active(state))
 		status = permit_sasl_auth(state, SMTPD_CHECK_OK,
 					  SMTPD_CHECK_DUNNO);
 #endif
@@ -4970,19 +4970,19 @@ bool    var_smtpd_sasl_enable = 0;
 
 #ifdef USE_SASL_AUTH
 
-/* smtpd_sasl_connect - stub */
+/* smtpd_sasl_activate - stub */
 
-void    smtpd_sasl_connect(SMTPD_STATE *state, const char *opts_name,
-			           const char *opts_var)
+void    smtpd_sasl_activate(SMTPD_STATE *state, const char *opts_name,
+			            const char *opts_var)
 {
-    msg_panic("smtpd_sasl_connect was called");
+    msg_panic("smtpd_sasl_activate was called");
 }
 
-/* smtpd_sasl_disconnect - stub */
+/* smtpd_sasl_deactivate - stub */
 
-void    smtpd_sasl_disconnect(SMTPD_STATE *state)
+void    smtpd_sasl_deactivate(SMTPD_STATE *state)
 {
-    msg_panic("smtpd_sasl_disconnect was called");
+    msg_panic("smtpd_sasl_deactivate was called");
 }
 
 /* permit_sasl_auth - stub */

postfix/src/smtpd/smtpd_milter.c

@@ -45,6 +45,7 @@
 /* Application-specific. */
 
 #include <smtpd.h>
+#include <smtpd_sasl_glue.h>
 #include <smtpd_milter.h>
 
  /*
@@ -138,7 +139,7 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
     /*
      * MAIL FROM macros.
      */
-#define IF_SASL_ENABLED(s) (var_smtpd_sasl_enable && (s) ? (s) : 0)
+#define IF_SASL_ENABLED(s) (smtpd_sasl_is_active(state) && (s) ? (s) : 0)
 
     if (strcmp(name, S8_MAC_I) == 0)
 	return (state->queue_id);

postfix/src/smtpd/smtpd_sasl_glue.c

@@ -8,7 +8,7 @@
 /*
 /*	void    smtpd_sasl_initialize()
 /*
-/*	void	smtpd_sasl_connect(state, sasl_opts_name, sasl_opts_val)
+/*	void	smtpd_sasl_activate(state, sasl_opts_name, sasl_opts_val)
 /*	SMTPD_STATE *state;
 /*	const char *sasl_opts_name;
 /*	const char *sasl_opts_val;
@@ -21,7 +21,13 @@
 /*	void	smtpd_sasl_logout(state)
 /*	SMTPD_STATE *state;
 /*
-/*	void	smtpd_sasl_disconnect(state)
+/*	void	smtpd_sasl_deactivate(state)
+/*	SMTPD_STATE *state;
+/*
+/*	int	smtpd_sasl_is_active(state)
+/*	SMTPD_STATE *state;
+/*
+/*	int	smtpd_sasl_set_inactive(state)
 /*	SMTPD_STATE *state;
 /* DESCRIPTION
 /*	This module encapsulates most of the detail specific to SASL
@@ -32,7 +38,7 @@
 /*	need access to the file system for run-time loading of
 /*	plug-in modules. There is no corresponding cleanup routine.
 /*
-/*	smtpd_sasl_connect() performs per-connection initialization.
+/*	smtpd_sasl_activate() performs per-connection initialization.
 /*	This routine should be called once at the start of every
 /*	connection. The sasl_opts_name and sasl_opts_val parameters
 /*	are the postfix configuration parameters setting the security
@@ -54,9 +60,16 @@
 /*	smtpd_sasl_logout() cleans up after smtpd_sasl_authenticate().
 /*	This routine exists for the sake of symmetry.
 /*
-/*	smtpd_sasl_disconnect() performs per-connection cleanup.
+/*	smtpd_sasl_deactivate() performs per-connection cleanup.
 /*	This routine should be called at the end of every connection.
 /*
+/*	smtpd_sasl_is_active() is a predicate that returns true
+/*	if the SMTP server session state is between smtpd_sasl_activate()
+/*	and smtpd_sasl_deactivate().
+/*
+/*	smtpd_sasl_set_inactive() initializes the SMTP session
+/*	state before the first smtpd_sasl_activate() call.
+/*
 /*	Arguments:
 /* .IP state
 /*	SMTP session context.
@@ -145,13 +158,19 @@ void    smtpd_sasl_initialize(void)
 
 }
 
-/* smtpd_sasl_connect - per-connection initialization */
+/* smtpd_sasl_activate - per-connection initialization */
 
-void    smtpd_sasl_connect(SMTPD_STATE *state, const char *sasl_opts_name,
-			           const char *sasl_opts_val)
+void    smtpd_sasl_activate(SMTPD_STATE *state, const char *sasl_opts_name,
+			            const char *sasl_opts_val)
 {
     const char *mechanism_list;
 
+    /*
+     * Sanity check.
+     */
+    if (smtpd_sasl_is_active(state))
+	msg_panic("smtpd_sasl_activate: already active");
+
     /*
      * Initialize SASL-specific state variables. Use long-lived storage for
      * base 64 conversion results, rather than local variables, to avoid
@@ -185,9 +204,9 @@ void    smtpd_sasl_connect(SMTPD_STATE *state, const char *sasl_opts_name,
     state->sasl_mechanism_list = mystrdup(mechanism_list);
 }
 
-/* smtpd_sasl_disconnect - per-connection cleanup */
+/* smtpd_sasl_deactivate - per-connection cleanup */
 
-void    smtpd_sasl_disconnect(SMTPD_STATE *state)
+void    smtpd_sasl_deactivate(SMTPD_STATE *state)
 {
     if (state->sasl_reply) {
 	vstring_free(state->sasl_reply);

postfix/src/smtpd/smtpd_sasl_glue.h

@@ -12,12 +12,15 @@
   * SASL protocol interface
   */
 extern void smtpd_sasl_initialize(void);
-extern void smtpd_sasl_connect(SMTPD_STATE *, const char *, const char *);
-extern void smtpd_sasl_disconnect(SMTPD_STATE *);
+extern void smtpd_sasl_activate(SMTPD_STATE *, const char *, const char *);
+extern void smtpd_sasl_deactivate(SMTPD_STATE *);
 extern int smtpd_sasl_authenticate(SMTPD_STATE *, const char *, const char *);
 extern void smtpd_sasl_logout(SMTPD_STATE *);
 extern int permit_sasl_auth(SMTPD_STATE *, int, int);
 
+#define smtpd_sasl_is_active(s)		((s)->sasl_server != 0)
+#define smtpd_sasl_set_inactive(s)	((void) ((s)->sasl_server = 0))
+
 /* LICENSE
 /* .ad
 /* .fi

postfix/src/smtpd/smtpd_sasl_proto.c

@@ -146,24 +146,24 @@ int     smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "503 5.5.1 Error: send HELO/EHLO first");
 	return (-1);
     }
-    if (SMTPD_STAND_ALONE(state) || !var_smtpd_sasl_enable
+    if (SMTPD_STAND_ALONE(state) || !smtpd_sasl_is_active(state)
 	|| (state->ehlo_discard_mask & EHLO_MASK_AUTH)) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled");
 	return (-1);
     }
     if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) {
-        if (err[0] == '5') {
-            state->error_mask |= MAIL_ERROR_POLICY;
-            smtpd_chat_reply(state, "%s", err);
-            return (-1);
-        }
-        /* Sendmail compatibility: map 4xx into 454. */
-        else if (err[0] == '4') {
-            state->error_mask |= MAIL_ERROR_POLICY;
-            smtpd_chat_reply(state, "454 4.3.0 Try again later");
-            return (-1);
-        }
+	if (err[0] == '5') {
+	    state->error_mask |= MAIL_ERROR_POLICY;
+	    smtpd_chat_reply(state, "%s", err);
+	    return (-1);
+	}
+	/* Sendmail compatibility: map 4xx into 454. */
+	else if (err[0] == '4') {
+	    state->error_mask |= MAIL_ERROR_POLICY;
+	    smtpd_chat_reply(state, "454 4.3.0 Try again later");
+	    return (-1);
+	}
     }
 #ifdef USE_TLS
     if (state->tls_auth_only && !state->tls_context) {
@@ -209,7 +209,7 @@ char   *smtpd_sasl_mail_opt(SMTPD_STATE *state, const char *addr)
     /*
      * Do not store raw RFC2554 protocol data.
      */
-    if (!var_smtpd_sasl_enable) {
+    if (!smtpd_sasl_is_active(state)) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	return ("503 5.5.4 Error: authentication disabled");
     }

postfix/src/smtpd/smtpd_state.c

@@ -149,8 +149,7 @@ void    smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream,
 #ifdef USE_SASL_AUTH
     if (SMTPD_STAND_ALONE(state))
 	var_smtpd_sasl_enable = 0;
-    if (var_smtpd_sasl_enable)
-	smtpd_sasl_connect(state, VAR_SMTPD_SASL_OPTS, var_smtpd_sasl_opts);
+    smtpd_sasl_set_inactive(state);
 #endif
 
     state->milter_argv = 0;
@@ -216,9 +215,4 @@ void    smtpd_state_reset(SMTPD_STATE *state)
 	vstring_free(state->dsn_buf);
     if (state->dsn_orcpt_buf)
 	vstring_free(state->dsn_orcpt_buf);
-
-#ifdef USE_SASL_AUTH
-    if (var_smtpd_sasl_enable)
-	smtpd_sasl_disconnect(state);
-#endif
 }