From ee2fb09b60113714fa93cfba8e1d9baed0eac5a3 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Tue, 1 May 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.5-20070501 --- postfix/.indent.pro | 1 + postfix/HISTORY | 50 ++++- postfix/README_FILES/SMTPD_POLICY_README | 16 +- postfix/RELEASE_NOTES | 8 +- postfix/conf/postfix-script | 15 +- postfix/html/SMTPD_POLICY_README.html | 16 +- postfix/html/cleanup.8.html | 102 +++++----- postfix/html/lmtp.8.html | 215 ++++++++++----------- postfix/html/pipe.8.html | 231 ++++++++++++----------- postfix/html/postconf.1.html | 4 +- postfix/html/postconf.5.html | 33 +++- postfix/html/postfix.1.html | 63 ++++--- postfix/html/smtp.8.html | 215 ++++++++++----------- postfix/html/smtpd.8.html | 30 +-- postfix/man/man1/postconf.1 | 2 +- postfix/man/man1/postfix.1 | 2 + postfix/man/man5/postconf.5 | 27 ++- postfix/man/man8/cleanup.8 | 6 + postfix/man/man8/pipe.8 | 3 +- postfix/man/man8/smtp.8 | 6 +- postfix/man/man8/smtpd.8 | 15 +- postfix/mantools/postlink | 1 + postfix/proto/SMTPD_POLICY_README.html | 16 +- postfix/proto/postconf.proto | 29 ++- postfix/src/cleanup/cleanup.c | 6 + postfix/src/cleanup/cleanup_init.c | 26 +-- postfix/src/cleanup/cleanup_message.c | 3 +- postfix/src/global/Makefile.in | 19 +- postfix/src/global/delivered_hdr.c | 27 ++- postfix/src/global/delivered_hdr.h | 7 +- postfix/src/global/fold_addr.c | 85 +++++++++ postfix/src/global/fold_addr.h | 35 ++++ postfix/src/global/mail_copy.c | 1 + postfix/src/global/mail_params.c | 61 ++++++ postfix/src/global/mail_params.h | 4 + postfix/src/global/mail_version.h | 4 +- postfix/src/local/Makefile.in | 16 ++ postfix/src/local/local.c | 3 +- postfix/src/pipe/Makefile.in | 1 + postfix/src/pipe/pipe.c | 46 ++--- postfix/src/postconf/postconf.c | 2 +- postfix/src/postfix/postfix.c | 2 + postfix/src/qmqpd/qmqpd_peer.c | 22 ++- postfix/src/smtp/smtp.c | 6 +- postfix/src/smtpd/smtpd.c | 15 +- postfix/src/smtpd/smtpd_peer.c | 22 ++- postfix/src/smtpstone/smtp-sink.c | 10 +- postfix/src/util/sane_accept.c | 6 +- postfix/src/util/sane_connect.c | 6 +- postfix/src/xsasl/xsasl_dovecot_server.c | 2 +- 50 files changed, 1001 insertions(+), 542 deletions(-) create mode 100644 postfix/src/global/fold_addr.c create mode 100644 postfix/src/global/fold_addr.h diff --git a/postfix/.indent.pro b/postfix/.indent.pro index fc69659c2..f590fce21 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -256,6 +256,7 @@ -TXSASL_CYRUS_SERVER -TXSASL_DOVECOT_SERVER -TXSASL_DOVECOT_SERVER_IMPL +-TXSASL_DOVECOT_SERVER_MECHS -TXSASL_SERVER -TXSASL_SERVER_IMPL -TXSASL_SERVER_IMPL_INFO diff --git a/postfix/HISTORY b/postfix/HISTORY index 4ce416abb..528ce0fd3 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13454,7 +13454,7 @@ Apologies for any names omitted. to the recipient address domain portion. Based on code by Koen Vermeer. File: pipe/pipe.c. - Cleanup: suport for "Delivered-To:" loop detection in the + Cleanup: support for "Delivered-To:" loop detection in the pipe(8) delivery agent. This follows a general principle: if a program creates the "Delivered-To:" header, then it is also responsible for "Delivered-To:" loop detection. @@ -13466,6 +13466,54 @@ Apologies for any names omitted. between wildcard transport map entry with an "empty" transport field, or no wildcard transport map entry. +20070424 + + Cleanup: making hard-coded behavior configurable. In this + case, extracting 8BITMIME encoding information from + Content-Transfer-Encoding: message headers. The default + behavior, "detect_8bit_encoding_header = yes", is backwards + compatible. This behavior was introduced to generate + RFC-compliant bounce messages before Postfix supported the + 8BITMIME option in the MAIL FROM command and on the Postfix + sendmail command line. Files: cleanup/cleanup_init.c, + cleanup/cleanup_message.c, global/mail_params.h. + +20070425 + + Bugfix: don't falsely report "lost connection from + localhost[127.0.0.1]" when Postfix is being portscanned. + Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. + +20070429 + + Feature: "postfix status" to report whether Postfix is + running. By Mike Cappella. + + Cleanup: configurable address case folding moved from the + pipe(8) delivery agent to the library, where it can also + be used by other delivery agents. Files: global/fold_addr.[hc]. + +20070430 + + Robustness: recommend a "0" process limit for policy servers + to avoid "connection refused" problems when the smtpd process + limit exceeds the default process limit. File: + proto/SMTPD_POLICY_README.html. + +20070501 + + Workaround: turn on KEEPALIVE probes to avoided "lost + connection after sending end-of-data" problems when some + stateful (NAT) filter expires an idle connection too soon. + This requires that the kernel's TCP keepalive timer be set + to a sufficiently short time (perhaps 100s or less). Files: + util/sane_accept.c, util/sane_connect.c. + + Safety: when IPv6 (or IPv4) is turned off, don't treat an + IPv6 (or IPv4) connection from e.g. inetd as if it comes + from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + Wish list: Remove defer(8) and trace(8) references and man pages. These diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index bbcb28ef4..8182b6e0a 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -171,7 +171,7 @@ To create a policy service that listens on a UNIX-domain socket called use something like this: 1 /etc/postfix/master.cf: - 2 policy unix - n n - - spawn + 2 policy unix - n n - 0 spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: @@ -191,13 +191,17 @@ NOTES: "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when the smtpd process limit + exceeds the default_process_limit setting. + * Lines 8, 9: always specify "check_policy_service" AFTER "reject_unauth_destination" or else your system could become an open relay. * Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead: 1 /etc/postfix/master.cf: - 2 127.0.0.1:9998 inet n n n - - spawn + 2 127.0.0.1:9998 inet n n n - 0 spawn 3 user=nobody argv=/some/where/policy-server 4 5 /etc/postfix/main.cf: @@ -265,7 +269,7 @@ daemon. For example, to run the script as user "nobody", using a UNIX-domain socket that is accessible by Postfix processes only: 1 /etc/postfix/master.cf: - 2 policy unix - n n - - spawn + 2 policy unix - n n - 0 spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: @@ -283,11 +287,15 @@ Notes: "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when the smtpd process limit + exceeds the default_process_limit setting. + On Solaris you must use inet: style sockets instead of unix: style, as detailed in the "Policy client/server configuration" section above. 1 /etc/postfix/master.cf: - 2 127.0.0.1:9998 inet n n n - - spawn + 2 127.0.0.1:9998 inet n n n - 0 spawn 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl 4 5 /etc/postfix/main.cf: diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 78b49996c..543da6e99 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -21,7 +21,7 @@ Incompatibility with Postfix snapshot 20070422 ============================================== When the pipe(8) delivery agent is configured to create the optional -Delivered-To: header, it first checks if that same header is already -present. If so, the mail is returned as undeliverable. This test -should have been included with Postfix 2.0 when Delivered-To: support -was added to the pipe(8) delivery agent. +Delivered-To: header, it now first checks if that same header is +already present in the message. If so, the message is returned as +undeliverable. This test should have been included with Postfix 2.0 +when Delivered-To: support was added to the pipe(8) delivery agent. diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script index e5a516918..6e3b607c8 100644 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -178,11 +178,22 @@ check) exit 0 ;; +status) + + $daemon_directory/master -t 2>/dev/null && { + $INFO the Postfix mail system is not running + exit 1 + } + $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid` + exit 0 + ;; + + check-fatal) # This command is NOT part of the public interface. $SHELL $config_directory/post-install create-missing || { - $WARN unable to create missing queue directories + $FATAL unable to create missing queue directories exit 1 } @@ -285,7 +296,7 @@ post-install) *) - $FATAL "usage: postfix start (or stop, reload, abort, flush, check, set-permissions, upgrade-configuration)" + $FATAL "usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)" exit 1 ;; diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 05ff6ff5d..ee8d8cc79 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -241,7 +241,7 @@ daemon, you would use something like this: 

  1 /etc/postfix/master.cf:
- 2     policy  unix  -       n       n       -       -       spawn
+ 2     policy  unix  -       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -266,6 +266,10 @@ to an SMTP server process. The default time limit is overruled in
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  

 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
  •  
     Lines 8, 9: always specify "check_policy_service" AFTER
 "reject_unauth_destination" or else your system could become an
 open relay. 
    
@@ -278,7 +282,7 @@ TCP sockets instead: 
    
 
    
 
      1 /etc/postfix/master.cf:
- 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -370,7 +374,7 @@ processes only: 
    
 
    
 
     1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       -       spawn
+2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
@@ -393,6 +397,10 @@ to an SMTP server process. The default time limit is overruled in
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  
    
 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
 
 
     On Solaris you must use inet: style sockets instead of unix:
@@ -402,7 +410,7 @@ client/server configuration" section above.  
    
 
    
 
     1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html
index ee7571c32..eb5a6202c 100644
--- a/postfix/html/cleanup.8.html
+++ b/postfix/html/cleanup.8.html
@@ -241,36 +241,44 @@ CLEANUP(8)                                                          CLEANUP(8)
               information for the message/* or  multipart/*  MIME
               content types.
 
+       Available in Postfix version 2.5 and later:
+
+       detect_8bit_encoding_header (yes)
+              Automatically detect 8BITMIME body content by look-
+              ing at Content-Transfer-Encoding: message  headers;
+              historically,  this  behavior  was hard-coded to be
+              "always on".
+
 AUTOMATIC BCC RECIPIENT CONTROLS
        Postfix can automatically add BCC (blind carbon copy) when
        mail enters the mail system:
 
        always_bcc (empty)
-              Optional address  that  receives  a  "blind  carbon
+              Optional  address  that  receives  a  "blind carbon
               copy" of each message that is received by the Post-
               fix mail system.
 
        Available in Postfix version 2.1 and later:
 
        sender_bcc_maps (empty)
-              Optional BCC  (blind  carbon-copy)  address  lookup
+              Optional  BCC  (blind  carbon-copy)  address lookup
               tables, indexed by sender address.
 
        recipient_bcc_maps (empty)
-              Optional  BCC  (blind  carbon-copy)  address lookup
+              Optional BCC  (blind  carbon-copy)  address  lookup
               tables, indexed by recipient address.
 
 ADDRESS TRANSFORMATION CONTROLS
-       Address rewriting is delegated to  the  trivial-rewrite(8)
-       daemon.   The  cleanup(8)  server  implements table driven
+       Address  rewriting  is delegated to the trivial-rewrite(8)
+       daemon.  The cleanup(8)  server  implements  table  driven
        address mapping.
 
        empty_address_recipient (MAILER-DAEMON)
-              The  recipient  of  mail  addressed  to  the   null
+              The   recipient  of  mail  addressed  to  the  null
               address.
 
        canonical_maps (empty)
-              Optional  address mapping lookup tables for message
+              Optional address mapping lookup tables for  message
               headers and envelopes.
 
        recipient_canonical_maps (empty)
@@ -281,49 +289,49 @@ CLEANUP(8)                                                          CLEANUP(8)
               Optional address mapping lookup tables for envelope
               and header sender addresses.
 
-       masquerade_classes    (envelope_sender,     header_sender,
+       masquerade_classes     (envelope_sender,    header_sender,
        header_recipient)
               What addresses are subject to address masquerading.
 
        masquerade_domains (empty)
-              Optional  list of domains whose subdomain structure
+              Optional list of domains whose subdomain  structure
               will be stripped off in email addresses.
 
        masquerade_exceptions (empty)
-              Optional list of user names that are not  subjected
-              to  address  masquerading,  even when their address
+              Optional  list of user names that are not subjected
+              to address masquerading, even  when  their  address
               matches $masquerade_domains.
 
        propagate_unmatched_extensions (canonical, virtual)
-              What address lookup tables copy an  address  exten-
+              What  address  lookup tables copy an address exten-
               sion from the lookup key to the lookup result.
 
        Available before Postfix version 2.0:
 
        virtual_maps (empty)
               Optional lookup tables with a) names of domains for
-              which all addresses are  aliased  to  addresses  in
-              other  local  or  remote  domains, and b) addresses
-              that are aliased to addresses  in  other  local  or
+              which  all  addresses  are  aliased to addresses in
+              other local or remote  domains,  and  b)  addresses
+              that  are  aliased  to  addresses in other local or
               remote domains.
 
        Available in Postfix version 2.0 and later:
 
        virtual_alias_maps ($virtual_maps)
-              Optional  lookup  tables  that  alias specific mail
-              addresses or  domains  to  other  local  or  remote
+              Optional lookup tables  that  alias  specific  mail
+              addresses  or  domains  to  other  local  or remote
               address.
 
        Available in Postfix version 2.2 and later:
 
-       canonical_classes   (envelope_sender,  envelope_recipient,
+       canonical_classes  (envelope_sender,   envelope_recipient,
        header_sender, header_recipient)
-              What   addresses   are  subject  to  canonical_maps
+              What  addresses  are  subject   to   canonical_maps
               address mapping.
 
        recipient_canonical_classes           (envelope_recipient,
        header_recipient)
-              What addresses  are  subject  to  recipient_canoni-
+              What  addresses  are  subject  to recipient_canoni-
               cal_maps address mapping.
 
        sender_canonical_classes (envelope_sender, header_sender)
@@ -331,15 +339,15 @@ CLEANUP(8)                                                          CLEANUP(8)
               address mapping.
 
        remote_header_rewrite_domain (empty)
-              Don't rewrite message headers from  remote  clients
+              Don't  rewrite  message headers from remote clients
               at all when this parameter is empty; otherwise, re-
-              write message  headers  and  append  the  specified
+              write  message  headers  and  append  the specified
               domain name to incomplete addresses.
 
 RESOURCE AND RATE CONTROLS
        duplicate_filter_limit (1000)
-              The  maximal  number of addresses remembered by the
-              address duplicate filter  for  aliases(5)  or  vir-
+              The maximal number of addresses remembered  by  the
+              address  duplicate  filter  for  aliases(5) or vir-
               tual(5) alias expansion, or for showq(8) queue dis-
               plays.
 
@@ -348,16 +356,16 @@ CLEANUP(8)                                                          CLEANUP(8)
               message header.
 
        hopcount_limit (50)
-              The  maximal  number  of Received:  message headers
+              The maximal number of  Received:   message  headers
               that is allowed in the primary message headers.
 
        in_flow_delay (1s)
-              Time to pause before accepting a new message,  when
+              Time  to pause before accepting a new message, when
               the message arrival rate exceeds the message deliv-
               ery rate.
 
        message_size_limit (10240000)
-              The maximal size in bytes of a  message,  including
+              The  maximal  size in bytes of a message, including
               envelope information.
 
        Available in Postfix version 2.0 and later:
@@ -375,35 +383,35 @@ CLEANUP(8)                                                          CLEANUP(8)
               will handle.
 
        queue_file_attribute_count_limit (100)
-              The maximal number of (name=value) attributes  that
+              The  maximal number of (name=value) attributes that
               may be stored in a Postfix queue file.
 
        Available in Postfix version 2.1 and later:
 
        virtual_alias_expansion_limit (1000)
-              The  maximal number of addresses that virtual alias
+              The maximal number of addresses that virtual  alias
               expansion produces from each original recipient.
 
        virtual_alias_recursion_limit (1000)
-              The maximal nesting depth of virtual  alias  expan-
+              The  maximal  nesting depth of virtual alias expan-
               sion.
 
 MISCELLANEOUS CONTROLS
        config_directory (see 'postconf -d' output)
-              The  default  location  of  the Postfix main.cf and
+              The default location of  the  Postfix  main.cf  and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        delay_logging_resolution_limit (2)
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
               point when logging sub-second delay values.
 
        delay_warning_time (0h)
-              The  time  after which the sender receives the mes-
+              The time after which the sender receives  the  mes-
               sage headers of mail that is still queued.
 
        ipc_timeout (3600s)
@@ -411,13 +419,13 @@ CLEANUP(8)                                                          CLEANUP(8)
               over an internal communication channel.
 
        max_idle (100s)
-              The  maximum  amount  of  time that an idle Postfix
-              daemon process waits  for  an  incoming  connection
+              The maximum amount of time  that  an  idle  Postfix
+              daemon  process  waits  for  an incoming connection
               before terminating voluntarily.
 
        max_use (100)
-              The  maximal  number of incoming connections that a
-              Postfix daemon process will service  before  termi-
+              The maximal number of incoming connections  that  a
+              Postfix  daemon  process will service before termi-
               nating voluntarily.
 
        myhostname (see 'postconf -d' output)
@@ -425,19 +433,19 @@ CLEANUP(8)                                                          CLEANUP(8)
 
        myorigin ($myhostname)
               The domain name that locally-posted mail appears to
-              come from, and that locally posted mail  is  deliv-
+              come  from,  and that locally posted mail is deliv-
               ered to.
 
        process_id (read-only)
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
               process.
 
        process_name (read-only)
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
               process.
 
        queue_directory (see 'postconf -d' output)
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        soft_bounce (no)
@@ -448,14 +456,14 @@ CLEANUP(8)                                                          CLEANUP(8)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
        Available in Postfix version 2.1 and later:
 
        enable_original_recipient (yes)
-              Enable   support   for  the  X-Original-To  message
+              Enable  support  for  the   X-Original-To   message
               header.
 
 FILES
@@ -479,7 +487,7 @@ CLEANUP(8)                                                          CLEANUP(8)
        CONTENT_INSPECTION_README content inspection
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html
index d991668be..69ec99349 100644
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -288,10 +288,10 @@ SMTP(8)                                                                SMTP(8)
               tion is enabled.
 
        smtp_sasl_security_options (noplaintext, noanonymous)
-              SASL  security  options; as of Postfix 2.3 the list
-              of available features depends on  the  SASL  client
-              implementation     that     is     selected    with
-              smtp_sasl_type.
+              Postfix  SMTP  client  SASL security options; as of
+              Postfix 2.3 the list of available features  depends
+              on  the SASL client implementation that is selected
+              with smtp_sasl_type.
 
        Available in Postfix version 2.2 and later:
 
@@ -310,52 +310,53 @@ SMTP(8)                                                                SMTP(8)
               will use the appropriate credentials.
 
        smtp_sasl_path (empty)
-              Implementation-specific information that is  passed
-              through  to the SASL plug-in implementation that is
-              selected with smtp_sasl_type.
+              Implementation-specific information that the  Post-
+              fix  SMTP client passes through to the SASL plug-in
+              implementation    that     is     selected     with
+              smtp_sasl_type.
 
        smtp_sasl_type (cyrus)
-              The SASL plug-in type that the Postfix SMTP  client
+              The  SASL plug-in type that the Postfix SMTP client
               should use for authentication.
 
 STARTTLS SUPPORT CONTROLS
-       Detailed  information  about STARTTLS configuration may be
+       Detailed information about STARTTLS configuration  may  be
        found in the TLS_README document.
 
        smtp_tls_security_level (empty)
               The default SMTP TLS security level for the Postfix
-              SMTP  client;  when a non-empty value is specified,
-              this    overrides    the    obsolete     parameters
+              SMTP client; when a non-empty value  is  specified,
+              this     overrides    the    obsolete    parameters
               smtp_use_tls,         smtp_enforce_tls,         and
               smtp_tls_enforce_peername.
 
        smtp_sasl_tls_security_options           ($smtp_sasl_secu-
        rity_options)
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
               sessions.
 
        smtp_starttls_timeout (300s)
-              Time limit for Postfix SMTP client write  and  read
-              operations  during  TLS  startup and shutdown hand-
+              Time  limit  for Postfix SMTP client write and read
+              operations during TLS startup  and  shutdown  hand-
               shake procedures.
 
        smtp_tls_CAfile (empty)
-              The file with the certificate of the  certification
-              authority  (CA) that issued the Postfix SMTP client
+              The  file with the certificate of the certification
+              authority (CA) that issued the Postfix SMTP  client
               certificate.
 
        smtp_tls_CApath (empty)
-              Directory with  PEM  format  certificate  authority
-              certificates  that  the Postfix SMTP client uses to
+              Directory  with  PEM  format  certificate authority
+              certificates that the Postfix SMTP client  uses  to
               verify a remote SMTP server certificate.
 
        smtp_tls_cert_file (empty)
-              File with the Postfix SMTP client  RSA  certificate
+              File  with  the Postfix SMTP client RSA certificate
               in PEM format.
 
        smtp_tls_mandatory_ciphers (medium)
-              The  minimum TLS cipher grade that the Postfix SMTP
+              The minimum TLS cipher grade that the Postfix  SMTP
               client will use with mandatory TLS encryption.
 
        smtp_tls_exclude_ciphers (empty)
@@ -364,43 +365,43 @@ SMTP(8)                                                                SMTP(8)
               levels.
 
        smtp_tls_mandatory_exclude_ciphers (empty)
-              Additional list  of  ciphers  or  cipher  types  to
-              exclude  from the SMTP client cipher list at manda-
+              Additional  list  of  ciphers  or  cipher  types to
+              exclude from the SMTP client cipher list at  manda-
               tory TLS security levels.
 
        smtp_tls_dcert_file (empty)
-              File with the Postfix SMTP client  DSA  certificate
+              File  with  the Postfix SMTP client DSA certificate
               in PEM format.
 
        smtp_tls_dkey_file ($smtp_tls_dcert_file)
-              File  with  the Postfix SMTP client DSA private key
+              File with the Postfix SMTP client DSA  private  key
               in PEM format.
 
        smtp_tls_key_file ($smtp_tls_cert_file)
-              File with the Postfix SMTP client RSA  private  key
+              File  with  the Postfix SMTP client RSA private key
               in PEM format.
 
        smtp_tls_loglevel (0)
-              Enable  additional  Postfix  SMTP client logging of
+              Enable additional Postfix SMTP  client  logging  of
               TLS activity.
 
        smtp_tls_note_starttls_offer (no)
-              Log the hostname  of  a  remote  SMTP  server  that
-              offers  STARTTLS,  when  TLS is not already enabled
+              Log  the  hostname  of  a  remote  SMTP server that
+              offers STARTTLS, when TLS is  not  already  enabled
               for that server.
 
        smtp_tls_policy_maps (empty)
               Optional lookup tables with the Postfix SMTP client
               TLS security policy by next-hop destination; when a
-              non-empty value is specified,  this  overrides  the
+              non-empty  value  is  specified, this overrides the
               obsolete smtp_tls_per_site parameter.
 
        smtp_tls_mandatory_protocols (SSLv3, TLSv1)
-              List  of TLS protocols that the Postfix SMTP client
+              List of TLS protocols that the Postfix SMTP  client
               will use with mandatory TLS encryption.
 
        smtp_tls_scert_verifydepth (5)
-              The verification depth for remote SMTP server  cer-
+              The  verification depth for remote SMTP server cer-
               tificates.
 
        smtp_tls_secure_cert_match (nexthop, dot-nexthop)
@@ -408,7 +409,7 @@ SMTP(8)                                                                SMTP(8)
               for the "secure" TLS security level.
 
        smtp_tls_session_cache_database (empty)
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
               SMTP client TLS session cache.
 
        smtp_tls_session_cache_timeout (3600s)
@@ -420,9 +421,9 @@ SMTP(8)                                                                SMTP(8)
               for the "verify" TLS security level.
 
        tls_daemon_random_bytes (32)
-              The  number  of pseudo-random bytes that an smtp(8)
-              or smtpd(8) process  requests  from  the  tlsmgr(8)
-              server  in order to seed its internal pseudo random
+              The number of pseudo-random bytes that  an  smtp(8)
+              or  smtpd(8)  process  requests  from the tlsmgr(8)
+              server in order to seed its internal pseudo  random
               number generator (PRNG).
 
        tls_high_cipherlist
@@ -434,7 +435,7 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
-              The  OpenSSL  cipherlist  for "LOW" or higher grade
+              The OpenSSL cipherlist for "LOW"  or  higher  grade
               ciphers.
 
        tls_export_cipherlist (ALL:+RC4:@STRENGTH)
@@ -442,40 +443,40 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        tls_null_cipherlist (eNULL:!aNULL)
-              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
+              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
               that provide authentication without encryption.
 
        Available in Postfix version 2.4 and later:
 
        smtp_sasl_tls_verified_security_options
        ($smtp_sasl_tls_security_options)
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
               sessions with a verified server certificate.
 
 OBSOLETE STARTTLS CONTROLS
-       The following configuration parameters exist for  compati-
+       The  following configuration parameters exist for compati-
        bility with Postfix versions before 2.3. Support for these
        will be removed in a future release.
 
        smtp_use_tls (no)
-              Opportunistic mode: use  TLS  when  a  remote  SMTP
-              server  announces  STARTTLS support, otherwise send
+              Opportunistic  mode:  use  TLS  when  a remote SMTP
+              server announces STARTTLS support,  otherwise  send
               the mail in the clear.
 
        smtp_enforce_tls (no)
-              Enforcement mode: require that remote SMTP  servers
-              use  TLS  encryption,  and  never  send mail in the
+              Enforcement  mode: require that remote SMTP servers
+              use TLS encryption, and  never  send  mail  in  the
               clear.
 
        smtp_tls_enforce_peername (yes)
-              With mandatory TLS  encryption,  require  that  the
+              With  mandatory  TLS  encryption,  require that the
               remote SMTP server hostname matches the information
               in the remote SMTP server certificate.
 
        smtp_tls_per_site (empty)
               Optional lookup tables with the Postfix SMTP client
-              TLS  usage  policy  by  next-hop destination and by
+              TLS usage policy by  next-hop  destination  and  by
               remote SMTP server hostname.
 
        smtp_tls_cipherlist (empty)
@@ -485,27 +486,27 @@ SMTP(8)                                                                SMTP(8)
 RESOURCE AND RATE CONTROLS
        smtp_destination_concurrency_limit      ($default_destina-
        tion_concurrency_limit)
-              The  maximal  number  of parallel deliveries to the
-              same destination  via  the  smtp  message  delivery
+              The maximal number of parallel  deliveries  to  the
+              same  destination  via  the  smtp  message delivery
               transport.
 
        smtp_destination_recipient_limit        ($default_destina-
        tion_recipient_limit)
-              The  maximal  number of recipients per delivery via
+              The maximal number of recipients per  delivery  via
               the smtp message delivery transport.
 
        smtp_connect_timeout (30s)
-              The SMTP client time limit  for  completing  a  TCP
+              The  SMTP  client  time  limit for completing a TCP
               connection,  or  zero  (use  the  operating  system
               built-in time limit).
 
        smtp_helo_timeout (300s)
-              The SMTP client time limit for sending the HELO  or
-              EHLO  command, and for receiving the initial server
+              The  SMTP client time limit for sending the HELO or
+              EHLO command, and for receiving the initial  server
               response.
 
        lmtp_lhlo_timeout (300s)
-              The LMTP client time limit  for  sending  the  LHLO
+              The  LMTP  client  time  limit for sending the LHLO
               command,  and  for  receiving  the  initial  server
               response.
 
@@ -514,30 +515,30 @@ SMTP(8)                                                                SMTP(8)
               command, and for receiving the server response.
 
        smtp_mail_timeout (300s)
-              The  SMTP  client  time  limit for sending the MAIL
-              FROM  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  MAIL
+              FROM   command,   and   for  receiving  the  server
               response.
 
        smtp_rcpt_timeout (300s)
-              The  SMTP  client  time  limit for sending the SMTP
-              RCPT TO  command,  and  for  receiving  the  server
+              The SMTP client time limit  for  sending  the  SMTP
+              RCPT  TO  command,  and  for  receiving  the server
               response.
 
        smtp_data_init_timeout (120s)
-              The  SMTP  client  time  limit for sending the SMTP
-              DATA  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  SMTP
+              DATA   command,   and   for  receiving  the  server
               response.
 
        smtp_data_xfer_timeout (180s)
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
               message content.
 
        smtp_data_done_timeout (600s)
-              The SMTP client time limit  for  sending  the  SMTP
+              The  SMTP  client  time  limit for sending the SMTP
               ".", and for receiving the server response.
 
        smtp_quit_timeout (300s)
-              The  SMTP  client  time  limit for sending the QUIT
+              The SMTP client time limit  for  sending  the  QUIT
               command, and for receiving the server response.
 
        Available in Postfix version 2.1 and later:
@@ -548,12 +549,12 @@ SMTP(8)                                                                SMTP(8)
               lookups, or zero (no limit).
 
        smtp_mx_session_limit (2)
-              The maximal number of SMTP  sessions  per  delivery
-              request  before  giving up or delivering to a fall-
+              The  maximal  number  of SMTP sessions per delivery
+              request before giving up or delivering to  a  fall-
               back relay host, or zero (no limit).
 
        smtp_rset_timeout (20s)
-              The SMTP client time limit  for  sending  the  RSET
+              The  SMTP  client  time  limit for sending the RSET
               command, and for receiving the server response.
 
        Available in Postfix version 2.2 and earlier:
@@ -565,11 +566,11 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.2 and later:
 
        smtp_connection_cache_destinations (empty)
-              Permanently enable SMTP connection caching for  the
+              Permanently  enable SMTP connection caching for the
               specified destinations.
 
        smtp_connection_cache_on_demand (yes)
-              Temporarily  enable SMTP connection caching while a
+              Temporarily enable SMTP connection caching while  a
               destination has a high volume of mail in the active
               queue.
 
@@ -579,62 +580,62 @@ SMTP(8)                                                                SMTP(8)
 
        smtp_connection_cache_time_limit (2s)
               When SMTP connection caching is enabled, the amount
-              of  time  that an unused SMTP client socket is kept
+              of time that an unused SMTP client socket  is  kept
               open before it is closed.
 
        Available in Postfix version 2.3 and later:
 
        connection_cache_protocol_timeout (5s)
-              Time limit for connection cache  connect,  send  or
+              Time  limit  for  connection cache connect, send or
               receive operations.
 
 TROUBLE SHOOTING CONTROLS
        debug_peer_level (2)
-              The  increment  in  verbose  logging  level  when a
-              remote client or server matches a  pattern  in  the
+              The increment  in  verbose  logging  level  when  a
+              remote  client  or  server matches a pattern in the
               debug_peer_list parameter.
 
        debug_peer_list (empty)
-              Optional  list  of remote client or server hostname
-              or network address patterns that cause the  verbose
-              logging  level  to increase by the amount specified
+              Optional list of remote client or  server  hostname
+              or  network address patterns that cause the verbose
+              logging level to increase by the  amount  specified
               in $debug_peer_level.
 
        error_notice_recipient (postmaster)
-              The recipient  of  postmaster  notifications  about
-              mail  delivery  problems that are caused by policy,
+              The  recipient  of  postmaster  notifications about
+              mail delivery problems that are caused  by  policy,
               resource, software or protocol errors.
 
        internal_mail_filter_classes (empty)
-              What categories of Postfix-generated mail are  sub-
-              ject   to   before-queue   content   inspection  by
+              What  categories of Postfix-generated mail are sub-
+              ject  to   before-queue   content   inspection   by
               non_smtpd_milters, header_checks and body_checks.
 
        notify_classes (resource, software)
-              The list of error classes that are reported to  the
+              The  list of error classes that are reported to the
               postmaster.
 
 MISCELLANEOUS CONTROLS
        best_mx_transport (empty)
-              Where  the  Postfix SMTP client should deliver mail
+              Where the Postfix SMTP client should  deliver  mail
               when it detects a "mail loops back to myself" error
               condition.
 
        config_directory (see 'postconf -d' output)
-              The  default  location  of  the Postfix main.cf and
+              The default location of  the  Postfix  main.cf  and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        delay_logging_resolution_limit (2)
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
               point when logging sub-second delay values.
 
        disable_dns_lookups (no)
-              Disable  DNS  lookups  in the Postfix SMTP and LMTP
+              Disable DNS lookups in the Postfix  SMTP  and  LMTP
               clients.
 
        inet_interfaces (all)
@@ -642,7 +643,7 @@ SMTP(8)                                                                SMTP(8)
               tem receives mail on.
 
        inet_protocols (ipv4)
-              The  Internet protocols Postfix will attempt to use
+              The Internet protocols Postfix will attempt to  use
               when making or accepting connections.
 
        ipc_timeout (3600s)
@@ -650,75 +651,75 @@ SMTP(8)                                                                SMTP(8)
               over an internal communication channel.
 
        lmtp_tcp_port (24)
-              The  default  TCP port that the Postfix LMTP client
+              The default TCP port that the Postfix  LMTP  client
               connects to.
 
        max_idle (100s)
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits  for  an incoming connection
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits  for  an  incoming  connection
               before terminating voluntarily.
 
        max_use (100)
-              The maximal number of incoming connections  that  a
-              Postfix  daemon  process will service before termi-
+              The  maximal  number of incoming connections that a
+              Postfix daemon process will service  before  termi-
               nating voluntarily.
 
        process_id (read-only)
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        process_name (read-only)
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        proxy_interfaces (empty)
               The network interface addresses that this mail sys-
-              tem  receives  mail on by way of a proxy or network
+              tem receives mail on by way of a proxy  or  network
               address translation unit.
 
        smtp_bind_address (empty)
-              An optional  numerical  network  address  that  the
-              Postfix  SMTP  client should bind to when making an
+              An  optional  numerical  network  address  that the
+              Postfix SMTP client should bind to when  making  an
               IPv4 connection.
 
        smtp_bind_address6 (empty)
-              An optional  numerical  network  address  that  the
-              Postfix  SMTP  client should bind to when making an
+              An  optional  numerical  network  address  that the
+              Postfix SMTP client should bind to when  making  an
               IPv6 connection.
 
        smtp_helo_name ($myhostname)
-              The hostname to send in the SMTP EHLO or HELO  com-
+              The  hostname to send in the SMTP EHLO or HELO com-
               mand.
 
        lmtp_lhlo_name ($myhostname)
               The hostname to send in the LMTP LHLO command.
 
        smtp_host_lookup (dns)
-              What  mechanisms  when the Postfix SMTP client uses
+              What mechanisms when the Postfix SMTP  client  uses
               to look up a host's IP address.
 
        smtp_randomize_addresses (yes)
-              Randomize the order  of  equal-preference  MX  host
+              Randomize  the  order  of  equal-preference MX host
               addresses.
 
        syslog_facility (mail)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
        Available with Postfix 2.2 and earlier:
 
        fallback_relay (empty)
-              Optional  list of relay hosts for SMTP destinations
+              Optional list of relay hosts for SMTP  destinations
               that can't be found or that are unreachable.
 
        Available with Postfix 2.3 and later:
 
        smtp_fallback_relay ($fallback_relay)
-              Optional list of relay hosts for SMTP  destinations
+              Optional  list of relay hosts for SMTP destinations
               that can't be found or that are unreachable.
 
 SEE ALSO
@@ -736,7 +737,7 @@ SMTP(8)                                                                SMTP(8)
        TLS_README, Postfix STARTTLS howto
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html
index ba1b42e7e..df7810652 100644
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@@ -95,87 +95,88 @@ PIPE(8)                                                                PIPE(8)
                      (Postfix  2.5  and  later):  if  a   message
                      already contains a Delivered-To: header with
                      the same recipient address, then the message
-                     is returned as undeliverable.
+                     is  returned  as  undeliverable. The address
+                     comparison is case insensitive.
 
                      This feature is available as of Postfix 2.0.
 
-              F      Prepend a "From sender time_stamp"  envelope
-                     header  to  the  message  content.   This is
+              F      Prepend  a "From sender time_stamp" envelope
+                     header to  the  message  content.   This  is
                      expected by, for example, UUCP software.
 
-              O      Prepend an "X-Original-To:  recipient"  mes-
-                     sage  header  with  the recipient address as
-                     given to Postfix. Note: for  this  to  work,
+              O      Prepend  an  "X-Original-To: recipient" mes-
+                     sage header with the  recipient  address  as
+                     given  to  Postfix.  Note: for this to work,
                      the    transport_destination_recipient_limit
-                     must be  1  (see  SINGLE-RECIPIENT  DELIVERY
+                     must  be  1  (see  SINGLE-RECIPIENT DELIVERY
                      above for details).
 
                      This feature is available as of Postfix 2.0.
 
-              R      Prepend a Return-Path: message  header  with
+              R      Prepend  a  Return-Path: message header with
                      the envelope sender address.
 
               h      Fold  the  command-line  $recipient  address
                      domain part (text to the right of the right-
-                     most  @  character)  to lower case; fold the
+                     most @ character) to lower  case;  fold  the
                      entire  command-line  $domain  and  $nexthop
-                     host  or  domain  information to lower case.
+                     host or domain information  to  lower  case.
                      This is recommended for delivery via UUCP.
 
-              q      Quote white space and other special  charac-
+              q      Quote  white space and other special charac-
                      ters in the command-line $sender and $recip-
                      ient address localparts (text to the left of
                      the right-most @ character), according to an
-                     8-bit transparent version of RFC 822.   This
-                     is  recommended  for  delivery  via  UUCP or
+                     8-bit  transparent version of RFC 822.  This
+                     is recommended  for  delivery  via  UUCP  or
                      BSMTP.
 
-                     The result is compatible  with  the  address
-                     parsing  of  command-line  recipients by the
+                     The  result  is  compatible with the address
+                     parsing of command-line  recipients  by  the
                      Postfix sendmail(1) mail submission command.
 
-                     The  q  flag  affects only entire addresses,
+                     The q flag affects  only  entire  addresses,
                      not the partial address information from the
-                     $user,  $extension  or $mailbox command-line
+                     $user, $extension or  $mailbox  command-line
                      macros.
 
               u      Fold  the  command-line  $recipient  address
-                     localpart  (text  to  the left of the right-
-                     most @ character) to lower  case.   This  is
+                     localpart (text to the left  of  the  right-
+                     most  @  character)  to lower case.  This is
                      recommended for delivery via UUCP.
 
               .      Prepend "." to lines starting with ".". This
                      is needed by, for example, BSMTP software.
 
-              >      Prepend ">" to lines starting with "From  ".
+              >      Prepend  ">" to lines starting with "From ".
                      This is expected by, for example, UUCP soft-
                      ware.
 
        null_sender=replacement (default: MAILER-DAEMON)
               Replace the null sender address (typically used for
-              delivery  status  notifications) with the specified
+              delivery status notifications) with  the  specified
               text when expanding the $sender command-line macro,
               and when generating a From_ or Return-Path: message
               header.
 
-              If the null sender replacement text is a  non-empty
-              string  then  it  is  affected  by  the  q flag for
+              If  the null sender replacement text is a non-empty
+              string then it  is  affected  by  the  q  flag  for
               address quoting in command-line arguments.
 
               The null sender replacement text may be empty; this
-              form  is  recommended for content filters that feed
+              form is recommended for content filters  that  feed
               mail back into Postfix. The empty sender address is
-              not  affected  by the q flag for address quoting in
+              not affected by the q flag for address  quoting  in
               command-line arguments.
 
               Caution: a null sender address is easily mis-parsed
-              by  naive  software.  For example, when the pipe(8)
+              by naive software. For example,  when  the  pipe(8)
               daemon executes a command such as:
 
                   command -f$sender -- $recipient (bad)
 
               the command will mis-parse the -f option value when
-              the  sender  address is a null string.  For correct
+              the sender address is a null string.   For  correct
               parsing, specify $sender as an argument by itself:
 
                   command -f $sender -- $recipient (good)
@@ -190,233 +191,233 @@ PIPE(8)                                                                PIPE(8)
 
        user=username:groupname
               Execute the external command with the rights of the
-              specified username.  The software refuses  to  exe-
-              cute  commands  with  root  privileges, or with the
-              privileges of the mail system owner.  If  groupname
-              is  specified,  the  corresponding group ID is used
+              specified  username.   The software refuses to exe-
+              cute commands with root  privileges,  or  with  the
+              privileges  of  the mail system owner. If groupname
+              is specified, the corresponding group  ID  is  used
               instead of the group ID of username.
 
        argv=command... (required)
-              The command to be executed. This must be  specified
+              The  command to be executed. This must be specified
               as the last command attribute.  The command is exe-
               cuted  directly,  i.e.  without  interpretation  of
-              shell  meta  characters  by  a shell command inter-
+              shell meta characters by  a  shell  command  inter-
               preter.
 
               In  the  command  argument  vector,  the  following
               macros are recognized and replaced with correspond-
-              ing information  from  the  Postfix  queue  manager
+              ing  information  from  the  Postfix  queue manager
               delivery request.
 
-              In  addition  to  the form ${name}, the forms $name
-              and $(name) are also recognized.  Specify $$  where
+              In addition to the form ${name},  the  forms  $name
+              and  $(name) are also recognized.  Specify $$ where
               a single $ is wanted.
 
               ${client_address}
                      This macro expands to the remote client net-
                      work address.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${client_helo}
                      This macro expands to the remote client HELO
                      command parameter.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${client_hostname}
-                     This  macro  expands  to  the  remote client
+                     This macro  expands  to  the  remote  client
                      hostname.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${client_protocol}
                      This macro expands to the remote client pro-
                      tocol.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${domain}
-                     This  macro expands to the domain portion of
+                     This macro expands to the domain portion  of
                      the recipient address.  For example, with an
-                     address   user+foo@domain   the   domain  is
+                     address  user+foo@domain   the   domain   is
                      domain.
 
-                     This information is modified by the  h  flag
+                     This  information  is modified by the h flag
                      for case folding.
 
-                     This  is available in Postfix 2.5 and later.
+                     This is available in Postfix 2.5 and  later.
 
               ${extension}
-                     This macro expands to the extension part  of
-                     a  recipient  address.  For example, with an
+                     This  macro expands to the extension part of
+                     a recipient address.  For example,  with  an
                      address  user+foo@domain  the  extension  is
                      foo.
 
-                     A   command-line   argument   that  contains
-                     ${extension} expands into as  many  command-
+                     A  command-line   argument   that   contains
+                     ${extension}  expands  into as many command-
                      line arguments as there are recipients.
 
-                     This  information  is modified by the u flag
+                     This information is modified by the  u  flag
                      for case folding.
 
               ${mailbox}
-                     This macro expands  to  the  complete  local
-                     part  of  a recipient address.  For example,
-                     with an address user+foo@domain the  mailbox
+                     This  macro  expands  to  the complete local
+                     part of a recipient address.   For  example,
+                     with  an address user+foo@domain the mailbox
                      is user+foo.
 
-                     A   command-line   argument   that  contains
-                     ${mailbox} expands to as  many  command-line
+                     A  command-line   argument   that   contains
+                     ${mailbox}  expands  to as many command-line
                      arguments as there are recipients.
 
-                     This  information  is modified by the u flag
+                     This information is modified by the  u  flag
                      for case folding.
 
               ${nexthop}
                      This macro expands to the next-hop hostname.
 
-                     This  information  is modified by the h flag
+                     This information is modified by the  h  flag
                      for case folding.
 
               ${recipient}
                      This macro expands to the complete recipient
                      address.
 
-                     A   command-line   argument   that  contains
+                     A  command-line   argument   that   contains
                      ${recipient} expands to as many command-line
                      arguments as there are recipients.
 
-                     This  information  is  modified  by  the hqu
+                     This information  is  modified  by  the  hqu
                      flags for quoting and case folding.
 
               ${sasl_method}
-                     This macro expands to the  SASL  authentica-
-                     tion  mechanism used during the reception of
-                     the message. An empty string  is  passed  if
-                     the  message  has been received without SASL
+                     This  macro  expands to the SASL authentica-
+                     tion mechanism used during the reception  of
+                     the  message.  An  empty string is passed if
+                     the message has been received  without  SASL
                      authentication.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${sasl_sender}
-                     This  macro  expands to the SASL sender name
-                     (i.e. the  original  submitter  as  per  RFC
-                     2554)  used during the reception of the mes-
+                     This macro expands to the SASL  sender  name
+                     (i.e.  the  original  submitter  as  per RFC
+                     2554) used during the reception of the  mes-
                      sage.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${sasl_username}
-                     This  macro  expands  to  the SASL user name
+                     This macro expands to  the  SASL  user  name
                      used during the reception of the message. An
-                     empty  string  is  passed if the message has
+                     empty string is passed if  the  message  has
                      been received without SASL authentication.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${sender}
-                     This  macro  expands  to the envelope sender
+                     This macro expands to  the  envelope  sender
                      address. By default, the null sender address
-                     expands   to   MAILER-DAEMON;  this  can  be
-                     changed with the null_sender  attribute,  as
+                     expands  to  MAILER-DAEMON;  this   can   be
+                     changed  with  the null_sender attribute, as
                      described above.
 
-                     This  information  is modified by the q flag
+                     This information is modified by the  q  flag
                      for quoting.
 
               ${size}
-                     This macro expands to Postfix's idea of  the
-                     message  size,  which is an approximation of
+                     This  macro expands to Postfix's idea of the
+                     message size, which is an  approximation  of
                      the size of the message as delivered.
 
               ${user}
                      This macro expands to the username part of a
-                     recipient  address.   For  example,  with an
+                     recipient address.   For  example,  with  an
                      address user+foo@domain the username part is
                      user.
 
-                     A   command-line   argument   that  contains
-                     ${user} expands into  as  many  command-line
+                     A  command-line   argument   that   contains
+                     ${user}  expands  into  as many command-line
                      arguments as there are recipients.
 
-                     This  information  is modified by the u flag
+                     This information is modified by the  u  flag
                      for case folding.
 
 STANDARDS
        RFC 3463 (Enhanced status codes)
 
 DIAGNOSTICS
-       Command exit status codes are expected to follow the  con-
-       ventions  defined  in  <sysexits.h>.   Exit status 0 means
+       Command  exit status codes are expected to follow the con-
+       ventions defined in <sysexits.h>.   Exit  status  0  means
        normal successful completion.
 
-       Postfix version  2.3  and  later  support  RFC  3463-style
-       enhanced  status  codes.   If  a command terminates with a
-       non-zero exit status, and the command output  begins  with
+       Postfix  version  2.3  and  later  support  RFC 3463-style
+       enhanced status codes.  If a  command  terminates  with  a
+       non-zero  exit  status, and the command output begins with
        an enhanced status code, this status code takes precedence
        over the non-zero exit status.
 
-       Problems and transactions are logged to syslogd(8).   Cor-
-       rupted  message files are marked so that the queue manager
+       Problems  and transactions are logged to syslogd(8).  Cor-
+       rupted message files are marked so that the queue  manager
        can move them to the corrupt queue for further inspection.
 
 SECURITY
-       This  program  needs  a  dual personality 1) to access the
-       private Postfix queue and IPC mechanisms, and 2)  to  exe-
+       This program needs a dual personality  1)  to  access  the
+       private  Postfix  queue and IPC mechanisms, and 2) to exe-
        cute external commands as the specified user. It is there-
        fore security sensitive.
 
 CONFIGURATION PARAMETERS
-       Changes to main.cf are picked up automatically as  pipe(8)
-       processes  run  for only a limited amount of time. Use the
+       Changes  to main.cf are picked up automatically as pipe(8)
+       processes run for only a limited amount of time.  Use  the
        command "postfix reload" to speed up a change.
 
-       The text below provides  only  a  parameter  summary.  See
+       The  text  below  provides  only  a parameter summary. See
        postconf(5) for more details including examples.
 
 RESOURCE AND RATE CONTROLS
-       In  the text below, transport is the first field in a mas-
+       In the text below, transport is the first field in a  mas-
        ter.cf entry.
 
        transport_destination_concurrency_limit ($default_destina-
        tion_concurrency_limit)
               Limit the number of parallel deliveries to the same
-              destination,  for delivery via the named transport.
+              destination, for delivery via the named  transport.
               The limit is enforced by the Postfix queue manager.
 
        transport_destination_recipient_limit   ($default_destina-
        tion_recipient_limit)
-              Limit  the  number of recipients per message deliv-
-              ery, for delivery via  the  named  transport.   The
+              Limit the number of recipients per  message  deliv-
+              ery,  for  delivery  via  the named transport.  The
               limit is enforced by the Postfix queue manager.
 
        transport_time_limit ($command_time_limit)
-              Limit  the  time  for delivery to external command,
+              Limit the time for delivery  to  external  command,
               for delivery via the named transport.  The limit is
               enforced by the pipe delivery agent.
 
-              Postfix  2.4 and later support a suffix that speci-
-              fies the time unit: s  (seconds),  m  (minutes),  h
+              Postfix 2.4 and later support a suffix that  speci-
+              fies  the  time  unit:  s (seconds), m (minutes), h
               (hours), d (days), w (weeks). The default time unit
               is seconds.
 
 MISCELLANEOUS CONTROLS
        config_directory (see 'postconf -d' output)
-              The default location of  the  Postfix  main.cf  and
+              The  default  location  of  the Postfix main.cf and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How  much time a Postfix daemon process may take to
-              handle a request  before  it  is  terminated  by  a
+              How much time a Postfix daemon process may take  to
+              handle  a  request  before  it  is  terminated by a
               built-in watchdog timer.
 
        delay_logging_resolution_limit (2)
-              The  maximal  number  of  digits  after the decimal
+              The maximal number  of  digits  after  the  decimal
               point when logging sub-second delay values.
 
        export_environment (see 'postconf -d' output)
-              The list of environment variables  that  a  Postfix
+              The  list  of  environment variables that a Postfix
               process will export to non-Postfix processes.
 
        ipc_timeout (3600s)
@@ -428,25 +429,25 @@ PIPE(8)                                                                PIPE(8)
               and most Postfix daemon processes.
 
        max_idle (100s)
-              The  maximum  amount  of  time that an idle Postfix
-              daemon process waits  for  an  incoming  connection
+              The maximum amount of time  that  an  idle  Postfix
+              daemon  process  waits  for  an incoming connection
               before terminating voluntarily.
 
        max_use (100)
-              The  maximal  number of incoming connections that a
-              Postfix daemon process will service  before  termi-
+              The maximal number of incoming connections  that  a
+              Postfix  daemon  process will service before termi-
               nating voluntarily.
 
        process_id (read-only)
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
               process.
 
        process_name (read-only)
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
               process.
 
        queue_directory (see 'postconf -d' output)
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        recipient_delimiter (empty)
@@ -457,8 +458,8 @@ PIPE(8)                                                                PIPE(8)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 SEE ALSO
@@ -470,7 +471,7 @@ PIPE(8)                                                                PIPE(8)
        syslogd(8), system logging
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index 02eef4281..0640384da 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -177,8 +177,8 @@ POSTCONF(1)                                                        POSTCONF(1)
               tcp (read-only)
                      Perform lookups using a simple request-reply
                      protocol that is described in  tcp_table(5).
-                     This  feature  is  not included with Postfix
-                     2.2.
+                     This feature is not included with the stable
+                     Postfix release.
 
               unix (read-only)
                      A limited way to query the UNIX  authentica-
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index a2d5b12f0..cd9cde335 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2089,6 +2089,18 @@ The default time unit is s (seconds).
 
    
 
 
+
+
+
    detect_8bit_encoding_header
+(default: yes)
    
+
+
     Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on".  
    
+
+
     This feature is available in Postfix 2.5 and later. 
    
+
+
 
    
 
 
    disable_dns_lookups
@@ -7757,7 +7769,8 @@ chroot jail, so you can leave the password file in /etc/postfix.
 
    smtp_sasl_path
 (default: empty)
    
 
-
     Implementation-specific information that is passed through to
+
     Implementation-specific information that the Postfix SMTP client
+passes through to
 the SASL plug-in implementation that is selected with
 smtp_sasl_type.  Typically this specifies the name of a
 configuration file or rendezvous point. 
    
@@ -7770,7 +7783,8 @@ configuration file or rendezvous point. 
    
 
    smtp_sasl_security_options
 (default: noplaintext, noanonymous)
    
 
-
     SASL security options; as of Postfix 2.3 the list of available
+
     Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL client implementation that is selected
 with smtp_sasl_type.  
    
 
@@ -10367,7 +10381,8 @@ See the RESTRICTION_CLASS_README doc
 (default: smtpd)
    
 
 
    
-The application name used for SASL server initialization. This
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
 controls the name of the SASL configuration file. The default value
 is smtpd, corresponding to a SASL configuration file named
 smtpd.conf.
@@ -10429,7 +10444,8 @@ message header.  
    
 (default: empty)
    
 
 
    
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
 
    
 
 
    
@@ -10476,7 +10492,8 @@ This feature is available in Postfix 2.1 and later.
 (default: empty)
    
 
 
    
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
 
    
 
 
    
@@ -10498,7 +10515,8 @@ Examples:
 
    smtpd_sasl_path
 (default: smtpd)
    
 
-
     Implementation-specific information that is passed through to
+
     Implementation-specific information that the Postfix SMTP server
+passes through to
 the SASL plug-in implementation that is selected with
 smtpd_sasl_type.  Typically this specifies the name of a
 configuration file or rendezvous point. 
    
@@ -10512,7 +10530,8 @@ releases it was called smtpd_sasl_application. 
    
 
    smtpd_sasl_security_options
 (default: noanonymous)
    
 
-
     SASL security options; as of Postfix 2.3 the list of available
+
     Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL server implementation that is selected
 with smtpd_sasl_type.  
    
 
diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html
index aa6796442..56c38c773 100644
--- a/postfix/html/postfix.1.html
+++ b/postfix/html/postfix.1.html
@@ -56,14 +56,17 @@ POSTFIX(1)                                                          POSTFIX(1)
        reload Re-read configuration files. Running processes ter-
               minate at their earliest convenience.
 
+       status Indicate if the Postfix mail  system  is  currently
+              running.
+
        set-permissions [name=value ...]
-              Set  the  ownership  and  permissions  of   Postfix
-              related  files and directories, as specified in the
+              Set   the  ownership  and  permissions  of  Postfix
+              related files and directories, as specified in  the
               postfix-files file.
 
-              Specify name=value to override and update  specific
-              main.cf  configuration  parameters.  Use  this, for
-              example, to change the mail_owner  or  setgid_group
+              Specify  name=value to override and update specific
+              main.cf configuration  parameters.  Use  this,  for
+              example,  to  change the mail_owner or setgid_group
               setting for an already installed Postfix system.
 
               This feature is available in Postfix 2.1 and later.
@@ -71,12 +74,12 @@ POSTFIX(1)                                                          POSTFIX(1)
               fix/post-install set-permissions".
 
        upgrade-configuration [name=value ...]
-              Update  the main.cf and master.cf files with infor-
-              mation that Postfix needs in order to run:  add  or
-              update  services,  and  add or update configuration
+              Update the main.cf and master.cf files with  infor-
+              mation  that  Postfix needs in order to run: add or
+              update services, and add  or  update  configuration
               parameter settings.
 
-              Specify name=value to override and update  specific
+              Specify  name=value to override and update specific
               main.cf configuration parameters.
 
               This feature is available in Postfix 2.1 and later.
@@ -86,10 +89,10 @@ POSTFIX(1)                                                          POSTFIX(1)
        The following options are implemented:
 
        -c config_dir
-              Read  the main.cf and master.cf configuration files
-              in the named directory instead of the default  con-
+              Read the main.cf and master.cf configuration  files
+              in  the named directory instead of the default con-
               figuration  directory.   Use  this  to  distinguish
-              between multiple  Postfix  instances  on  the  same
+              between  multiple  Postfix  instances  on  the same
               host.
 
        -D (with postfix start only)
@@ -98,43 +101,43 @@ POSTFIX(1)                                                          POSTFIX(1)
               parameter.
 
        -v     Enable verbose logging for debugging purposes. Mul-
-              tiple -v options  make  the  software  increasingly
+              tiple  -v  options  make  the software increasingly
               verbose.
 
 ENVIRONMENT
-       The  postfix(1)  command exports the following environment
+       The postfix(1) command exports the  following  environment
        variables before executing the postfix-script file:
 
        MAIL_CONFIG
-              This is set when  the  -c  command-line  option  is
+              This  is  set  when  the  -c command-line option is
               present.
 
        MAIL_VERBOSE
-              This  is  set  when  the  -v command-line option is
+              This is set when  the  -v  command-line  option  is
               present.
 
        MAIL_DEBUG
-              This is set when  the  -D  command-line  option  is
+              This  is  set  when  the  -D command-line option is
               present.
 
 CONFIGURATION PARAMETERS
-       The   following   main.cf   configuration  parameters  are
+       The  following  main.cf   configuration   parameters   are
        exported as environment variables with the same names:
 
        command_directory (see 'postconf -d' output)
-              The location of  all  postfix  administrative  com-
+              The  location  of  all  postfix administrative com-
               mands.
 
        daemon_directory (see 'postconf -d' output)
-              The  directory  with  Postfix  support programs and
+              The directory with  Postfix  support  programs  and
               daemon programs.
 
        config_directory (see 'postconf -d' output)
-              The default location of  the  Postfix  main.cf  and
+              The  default  location  of  the Postfix main.cf and
               master.cf configuration files.
 
        queue_directory (see 'postconf -d' output)
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        mail_owner (postfix)
@@ -150,7 +153,7 @@ POSTFIX(1)                                                          POSTFIX(1)
               location of the Postfix sendmail(1) command.
 
        newaliases_path (see 'postconf -d' output)
-              Sendmail  compatibility  feature that specifies the
+              Sendmail compatibility feature that  specifies  the
               location of the newaliases(1) command.
 
        mailq_path (see 'postconf -d' output)
@@ -158,7 +161,7 @@ POSTFIX(1)                                                          POSTFIX(1)
               the Postfix mailq(1) command is installed.
 
        html_directory (see 'postconf -d' output)
-              The  location  of  Postfix HTML files that describe
+              The location of Postfix HTML  files  that  describe
               how to build, configure or operate a specific Post-
               fix subsystem or feature.
 
@@ -166,18 +169,18 @@ POSTFIX(1)                                                          POSTFIX(1)
               Where the Postfix manual pages are installed.
 
        readme_directory (see 'postconf -d' output)
-              The  location of Postfix README files that describe
+              The location of Postfix README files that  describe
               how to build, configure or operate a specific Post-
               fix subsystem or feature.
 
        Other configuration parameters:
 
        config_directory (see 'postconf -d' output)
-              The  default  location  of  the Postfix main.cf and
+              The default location of  the  Postfix  main.cf  and
               master.cf configuration files.
 
        import_environment (see 'postconf -d' output)
-              The list of environment parameters that  a  Postfix
+              The  list  of environment parameters that a Postfix
               process  will  import  from  a  non-Postfix  parent
               process.
 
@@ -185,8 +188,8 @@ POSTFIX(1)                                                          POSTFIX(1)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The mail system  name  that  is  prepended  to  the
-              process  name  in  syslog  records, so that "smtpd"
+              The  mail  system  name  that  is  prepended to the
+              process name in syslog  records,  so  that  "smtpd"
               becomes, for example, "postfix/smtpd".
 
 FILES
@@ -274,7 +277,7 @@ POSTFIX(1)                                                          POSTFIX(1)
        QSHAPE_README, Postfix queue analysis
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index d991668be..69ec99349 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -288,10 +288,10 @@ SMTP(8)                                                                SMTP(8)
               tion is enabled.
 
        smtp_sasl_security_options (noplaintext, noanonymous)
-              SASL  security  options; as of Postfix 2.3 the list
-              of available features depends on  the  SASL  client
-              implementation     that     is     selected    with
-              smtp_sasl_type.
+              Postfix  SMTP  client  SASL security options; as of
+              Postfix 2.3 the list of available features  depends
+              on  the SASL client implementation that is selected
+              with smtp_sasl_type.
 
        Available in Postfix version 2.2 and later:
 
@@ -310,52 +310,53 @@ SMTP(8)                                                                SMTP(8)
               will use the appropriate credentials.
 
        smtp_sasl_path (empty)
-              Implementation-specific information that is  passed
-              through  to the SASL plug-in implementation that is
-              selected with smtp_sasl_type.
+              Implementation-specific information that the  Post-
+              fix  SMTP client passes through to the SASL plug-in
+              implementation    that     is     selected     with
+              smtp_sasl_type.
 
        smtp_sasl_type (cyrus)
-              The SASL plug-in type that the Postfix SMTP  client
+              The  SASL plug-in type that the Postfix SMTP client
               should use for authentication.
 
 STARTTLS SUPPORT CONTROLS
-       Detailed  information  about STARTTLS configuration may be
+       Detailed information about STARTTLS configuration  may  be
        found in the TLS_README document.
 
        smtp_tls_security_level (empty)
               The default SMTP TLS security level for the Postfix
-              SMTP  client;  when a non-empty value is specified,
-              this    overrides    the    obsolete     parameters
+              SMTP client; when a non-empty value  is  specified,
+              this     overrides    the    obsolete    parameters
               smtp_use_tls,         smtp_enforce_tls,         and
               smtp_tls_enforce_peername.
 
        smtp_sasl_tls_security_options           ($smtp_sasl_secu-
        rity_options)
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
               sessions.
 
        smtp_starttls_timeout (300s)
-              Time limit for Postfix SMTP client write  and  read
-              operations  during  TLS  startup and shutdown hand-
+              Time  limit  for Postfix SMTP client write and read
+              operations during TLS startup  and  shutdown  hand-
               shake procedures.
 
        smtp_tls_CAfile (empty)
-              The file with the certificate of the  certification
-              authority  (CA) that issued the Postfix SMTP client
+              The  file with the certificate of the certification
+              authority (CA) that issued the Postfix SMTP  client
               certificate.
 
        smtp_tls_CApath (empty)
-              Directory with  PEM  format  certificate  authority
-              certificates  that  the Postfix SMTP client uses to
+              Directory  with  PEM  format  certificate authority
+              certificates that the Postfix SMTP client  uses  to
               verify a remote SMTP server certificate.
 
        smtp_tls_cert_file (empty)
-              File with the Postfix SMTP client  RSA  certificate
+              File  with  the Postfix SMTP client RSA certificate
               in PEM format.
 
        smtp_tls_mandatory_ciphers (medium)
-              The  minimum TLS cipher grade that the Postfix SMTP
+              The minimum TLS cipher grade that the Postfix  SMTP
               client will use with mandatory TLS encryption.
 
        smtp_tls_exclude_ciphers (empty)
@@ -364,43 +365,43 @@ SMTP(8)                                                                SMTP(8)
               levels.
 
        smtp_tls_mandatory_exclude_ciphers (empty)
-              Additional list  of  ciphers  or  cipher  types  to
-              exclude  from the SMTP client cipher list at manda-
+              Additional  list  of  ciphers  or  cipher  types to
+              exclude from the SMTP client cipher list at  manda-
               tory TLS security levels.
 
        smtp_tls_dcert_file (empty)
-              File with the Postfix SMTP client  DSA  certificate
+              File  with  the Postfix SMTP client DSA certificate
               in PEM format.
 
        smtp_tls_dkey_file ($smtp_tls_dcert_file)
-              File  with  the Postfix SMTP client DSA private key
+              File with the Postfix SMTP client DSA  private  key
               in PEM format.
 
        smtp_tls_key_file ($smtp_tls_cert_file)
-              File with the Postfix SMTP client RSA  private  key
+              File  with  the Postfix SMTP client RSA private key
               in PEM format.
 
        smtp_tls_loglevel (0)
-              Enable  additional  Postfix  SMTP client logging of
+              Enable additional Postfix SMTP  client  logging  of
               TLS activity.
 
        smtp_tls_note_starttls_offer (no)
-              Log the hostname  of  a  remote  SMTP  server  that
-              offers  STARTTLS,  when  TLS is not already enabled
+              Log  the  hostname  of  a  remote  SMTP server that
+              offers STARTTLS, when TLS is  not  already  enabled
               for that server.
 
        smtp_tls_policy_maps (empty)
               Optional lookup tables with the Postfix SMTP client
               TLS security policy by next-hop destination; when a
-              non-empty value is specified,  this  overrides  the
+              non-empty  value  is  specified, this overrides the
               obsolete smtp_tls_per_site parameter.
 
        smtp_tls_mandatory_protocols (SSLv3, TLSv1)
-              List  of TLS protocols that the Postfix SMTP client
+              List of TLS protocols that the Postfix SMTP  client
               will use with mandatory TLS encryption.
 
        smtp_tls_scert_verifydepth (5)
-              The verification depth for remote SMTP server  cer-
+              The  verification depth for remote SMTP server cer-
               tificates.
 
        smtp_tls_secure_cert_match (nexthop, dot-nexthop)
@@ -408,7 +409,7 @@ SMTP(8)                                                                SMTP(8)
               for the "secure" TLS security level.
 
        smtp_tls_session_cache_database (empty)
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
               SMTP client TLS session cache.
 
        smtp_tls_session_cache_timeout (3600s)
@@ -420,9 +421,9 @@ SMTP(8)                                                                SMTP(8)
               for the "verify" TLS security level.
 
        tls_daemon_random_bytes (32)
-              The  number  of pseudo-random bytes that an smtp(8)
-              or smtpd(8) process  requests  from  the  tlsmgr(8)
-              server  in order to seed its internal pseudo random
+              The number of pseudo-random bytes that  an  smtp(8)
+              or  smtpd(8)  process  requests  from the tlsmgr(8)
+              server in order to seed its internal pseudo  random
               number generator (PRNG).
 
        tls_high_cipherlist
@@ -434,7 +435,7 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
-              The  OpenSSL  cipherlist  for "LOW" or higher grade
+              The OpenSSL cipherlist for "LOW"  or  higher  grade
               ciphers.
 
        tls_export_cipherlist (ALL:+RC4:@STRENGTH)
@@ -442,40 +443,40 @@ SMTP(8)                                                                SMTP(8)
               ciphers.
 
        tls_null_cipherlist (eNULL:!aNULL)
-              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
+              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
               that provide authentication without encryption.
 
        Available in Postfix version 2.4 and later:
 
        smtp_sasl_tls_verified_security_options
        ($smtp_sasl_tls_security_options)
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
               sessions with a verified server certificate.
 
 OBSOLETE STARTTLS CONTROLS
-       The following configuration parameters exist for  compati-
+       The  following configuration parameters exist for compati-
        bility with Postfix versions before 2.3. Support for these
        will be removed in a future release.
 
        smtp_use_tls (no)
-              Opportunistic mode: use  TLS  when  a  remote  SMTP
-              server  announces  STARTTLS support, otherwise send
+              Opportunistic  mode:  use  TLS  when  a remote SMTP
+              server announces STARTTLS support,  otherwise  send
               the mail in the clear.
 
        smtp_enforce_tls (no)
-              Enforcement mode: require that remote SMTP  servers
-              use  TLS  encryption,  and  never  send mail in the
+              Enforcement  mode: require that remote SMTP servers
+              use TLS encryption, and  never  send  mail  in  the
               clear.
 
        smtp_tls_enforce_peername (yes)
-              With mandatory TLS  encryption,  require  that  the
+              With  mandatory  TLS  encryption,  require that the
               remote SMTP server hostname matches the information
               in the remote SMTP server certificate.
 
        smtp_tls_per_site (empty)
               Optional lookup tables with the Postfix SMTP client
-              TLS  usage  policy  by  next-hop destination and by
+              TLS usage policy by  next-hop  destination  and  by
               remote SMTP server hostname.
 
        smtp_tls_cipherlist (empty)
@@ -485,27 +486,27 @@ SMTP(8)                                                                SMTP(8)
 RESOURCE AND RATE CONTROLS
        smtp_destination_concurrency_limit      ($default_destina-
        tion_concurrency_limit)
-              The  maximal  number  of parallel deliveries to the
-              same destination  via  the  smtp  message  delivery
+              The maximal number of parallel  deliveries  to  the
+              same  destination  via  the  smtp  message delivery
               transport.
 
        smtp_destination_recipient_limit        ($default_destina-
        tion_recipient_limit)
-              The  maximal  number of recipients per delivery via
+              The maximal number of recipients per  delivery  via
               the smtp message delivery transport.
 
        smtp_connect_timeout (30s)
-              The SMTP client time limit  for  completing  a  TCP
+              The  SMTP  client  time  limit for completing a TCP
               connection,  or  zero  (use  the  operating  system
               built-in time limit).
 
        smtp_helo_timeout (300s)
-              The SMTP client time limit for sending the HELO  or
-              EHLO  command, and for receiving the initial server
+              The  SMTP client time limit for sending the HELO or
+              EHLO command, and for receiving the initial  server
               response.
 
        lmtp_lhlo_timeout (300s)
-              The LMTP client time limit  for  sending  the  LHLO
+              The  LMTP  client  time  limit for sending the LHLO
               command,  and  for  receiving  the  initial  server
               response.
 
@@ -514,30 +515,30 @@ SMTP(8)                                                                SMTP(8)
               command, and for receiving the server response.
 
        smtp_mail_timeout (300s)
-              The  SMTP  client  time  limit for sending the MAIL
-              FROM  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  MAIL
+              FROM   command,   and   for  receiving  the  server
               response.
 
        smtp_rcpt_timeout (300s)
-              The  SMTP  client  time  limit for sending the SMTP
-              RCPT TO  command,  and  for  receiving  the  server
+              The SMTP client time limit  for  sending  the  SMTP
+              RCPT  TO  command,  and  for  receiving  the server
               response.
 
        smtp_data_init_timeout (120s)
-              The  SMTP  client  time  limit for sending the SMTP
-              DATA  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  SMTP
+              DATA   command,   and   for  receiving  the  server
               response.
 
        smtp_data_xfer_timeout (180s)
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
               message content.
 
        smtp_data_done_timeout (600s)
-              The SMTP client time limit  for  sending  the  SMTP
+              The  SMTP  client  time  limit for sending the SMTP
               ".", and for receiving the server response.
 
        smtp_quit_timeout (300s)
-              The  SMTP  client  time  limit for sending the QUIT
+              The SMTP client time limit  for  sending  the  QUIT
               command, and for receiving the server response.
 
        Available in Postfix version 2.1 and later:
@@ -548,12 +549,12 @@ SMTP(8)                                                                SMTP(8)
               lookups, or zero (no limit).
 
        smtp_mx_session_limit (2)
-              The maximal number of SMTP  sessions  per  delivery
-              request  before  giving up or delivering to a fall-
+              The  maximal  number  of SMTP sessions per delivery
+              request before giving up or delivering to  a  fall-
               back relay host, or zero (no limit).
 
        smtp_rset_timeout (20s)
-              The SMTP client time limit  for  sending  the  RSET
+              The  SMTP  client  time  limit for sending the RSET
               command, and for receiving the server response.
 
        Available in Postfix version 2.2 and earlier:
@@ -565,11 +566,11 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.2 and later:
 
        smtp_connection_cache_destinations (empty)
-              Permanently enable SMTP connection caching for  the
+              Permanently  enable SMTP connection caching for the
               specified destinations.
 
        smtp_connection_cache_on_demand (yes)
-              Temporarily  enable SMTP connection caching while a
+              Temporarily enable SMTP connection caching while  a
               destination has a high volume of mail in the active
               queue.
 
@@ -579,62 +580,62 @@ SMTP(8)                                                                SMTP(8)
 
        smtp_connection_cache_time_limit (2s)
               When SMTP connection caching is enabled, the amount
-              of  time  that an unused SMTP client socket is kept
+              of time that an unused SMTP client socket  is  kept
               open before it is closed.
 
        Available in Postfix version 2.3 and later:
 
        connection_cache_protocol_timeout (5s)
-              Time limit for connection cache  connect,  send  or
+              Time  limit  for  connection cache connect, send or
               receive operations.
 
 TROUBLE SHOOTING CONTROLS
        debug_peer_level (2)
-              The  increment  in  verbose  logging  level  when a
-              remote client or server matches a  pattern  in  the
+              The increment  in  verbose  logging  level  when  a
+              remote  client  or  server matches a pattern in the
               debug_peer_list parameter.
 
        debug_peer_list (empty)
-              Optional  list  of remote client or server hostname
-              or network address patterns that cause the  verbose
-              logging  level  to increase by the amount specified
+              Optional list of remote client or  server  hostname
+              or  network address patterns that cause the verbose
+              logging level to increase by the  amount  specified
               in $debug_peer_level.
 
        error_notice_recipient (postmaster)
-              The recipient  of  postmaster  notifications  about
-              mail  delivery  problems that are caused by policy,
+              The  recipient  of  postmaster  notifications about
+              mail delivery problems that are caused  by  policy,
               resource, software or protocol errors.
 
        internal_mail_filter_classes (empty)
-              What categories of Postfix-generated mail are  sub-
-              ject   to   before-queue   content   inspection  by
+              What  categories of Postfix-generated mail are sub-
+              ject  to   before-queue   content   inspection   by
               non_smtpd_milters, header_checks and body_checks.
 
        notify_classes (resource, software)
-              The list of error classes that are reported to  the
+              The  list of error classes that are reported to the
               postmaster.
 
 MISCELLANEOUS CONTROLS
        best_mx_transport (empty)
-              Where  the  Postfix SMTP client should deliver mail
+              Where the Postfix SMTP client should  deliver  mail
               when it detects a "mail loops back to myself" error
               condition.
 
        config_directory (see 'postconf -d' output)
-              The  default  location  of  the Postfix main.cf and
+              The default location of  the  Postfix  main.cf  and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        delay_logging_resolution_limit (2)
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
               point when logging sub-second delay values.
 
        disable_dns_lookups (no)
-              Disable  DNS  lookups  in the Postfix SMTP and LMTP
+              Disable DNS lookups in the Postfix  SMTP  and  LMTP
               clients.
 
        inet_interfaces (all)
@@ -642,7 +643,7 @@ SMTP(8)                                                                SMTP(8)
               tem receives mail on.
 
        inet_protocols (ipv4)
-              The  Internet protocols Postfix will attempt to use
+              The Internet protocols Postfix will attempt to  use
               when making or accepting connections.
 
        ipc_timeout (3600s)
@@ -650,75 +651,75 @@ SMTP(8)                                                                SMTP(8)
               over an internal communication channel.
 
        lmtp_tcp_port (24)
-              The  default  TCP port that the Postfix LMTP client
+              The default TCP port that the Postfix  LMTP  client
               connects to.
 
        max_idle (100s)
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits  for  an incoming connection
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits  for  an  incoming  connection
               before terminating voluntarily.
 
        max_use (100)
-              The maximal number of incoming connections  that  a
-              Postfix  daemon  process will service before termi-
+              The  maximal  number of incoming connections that a
+              Postfix daemon process will service  before  termi-
               nating voluntarily.
 
        process_id (read-only)
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        process_name (read-only)
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        proxy_interfaces (empty)
               The network interface addresses that this mail sys-
-              tem  receives  mail on by way of a proxy or network
+              tem receives mail on by way of a proxy  or  network
               address translation unit.
 
        smtp_bind_address (empty)
-              An optional  numerical  network  address  that  the
-              Postfix  SMTP  client should bind to when making an
+              An  optional  numerical  network  address  that the
+              Postfix SMTP client should bind to when  making  an
               IPv4 connection.
 
        smtp_bind_address6 (empty)
-              An optional  numerical  network  address  that  the
-              Postfix  SMTP  client should bind to when making an
+              An  optional  numerical  network  address  that the
+              Postfix SMTP client should bind to when  making  an
               IPv6 connection.
 
        smtp_helo_name ($myhostname)
-              The hostname to send in the SMTP EHLO or HELO  com-
+              The  hostname to send in the SMTP EHLO or HELO com-
               mand.
 
        lmtp_lhlo_name ($myhostname)
               The hostname to send in the LMTP LHLO command.
 
        smtp_host_lookup (dns)
-              What  mechanisms  when the Postfix SMTP client uses
+              What mechanisms when the Postfix SMTP  client  uses
               to look up a host's IP address.
 
        smtp_randomize_addresses (yes)
-              Randomize the order  of  equal-preference  MX  host
+              Randomize  the  order  of  equal-preference MX host
               addresses.
 
        syslog_facility (mail)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
        Available with Postfix 2.2 and earlier:
 
        fallback_relay (empty)
-              Optional  list of relay hosts for SMTP destinations
+              Optional list of relay hosts for SMTP  destinations
               that can't be found or that are unreachable.
 
        Available with Postfix 2.3 and later:
 
        smtp_fallback_relay ($fallback_relay)
-              Optional list of relay hosts for SMTP  destinations
+              Optional  list of relay hosts for SMTP destinations
               that can't be found or that are unreachable.
 
 SEE ALSO
@@ -736,7 +737,7 @@ SMTP(8)                                                                SMTP(8)
        TLS_README, Postfix STARTTLS howto
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 364f879b0..6c70ca80b 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -108,8 +108,8 @@ SMTPD(8)                                                              SMTPD(8)
               is specified.
 
        smtpd_sasl_exceptions_networks (empty)
-              What SMTP clients Postfix will not offer AUTH  sup-
-              port to.
+              What remote SMTP clients the  Postfix  SMTP  server
+              will not offer AUTH support to.
 
        Available in Postfix version 2.2 and later:
 
@@ -298,34 +298,36 @@ SMTPD(8)                                                              SMTPD(8)
               server.
 
        smtpd_sasl_local_domain (empty)
-              The name of the local SASL authentication realm.
+              The name of the Postfix SMTP  server's  local  SASL
+              authentication realm.
 
        smtpd_sasl_security_options (noanonymous)
-              SASL security options; as of Postfix 2.3  the  list
-              of  available  features  depends on the SASL server
-              implementation    that     is     selected     with
-              smtpd_sasl_type.
+              Postfix  SMTP  server  SASL security options; as of
+              Postfix 2.3 the list of available features  depends
+              on  the SASL server implementation that is selected
+              with smtpd_sasl_type.
 
        smtpd_sender_login_maps (empty)
-              Optional  lookup  table  with  the SASL login names
+              Optional lookup table with  the  SASL  login  names
               that own sender (MAIL FROM) addresses.
 
        Available in Postfix version 2.1 and later:
 
        smtpd_sasl_exceptions_networks (empty)
-              What SMTP clients Postfix will not offer AUTH  sup-
-              port to.
+              What  remote  SMTP  clients the Postfix SMTP server
+              will not offer AUTH support to.
 
        Available in Postfix version 2.3 and later:
 
        smtpd_sasl_authenticated_header (no)
-              Report  the  SASL  authenticated  user  name in the
+              Report the SASL  authenticated  user  name  in  the
               smtpd(8) Received message header.
 
        smtpd_sasl_path (smtpd)
-              Implementation-specific information that is  passed
-              through  to the SASL plug-in implementation that is
-              selected with smtpd_sasl_type.
+              Implementation-specific  information that the Post-
+              fix SMTP server passes through to the SASL  plug-in
+              implementation     that     is     selected    with
+              smtpd_sasl_type.
 
        smtpd_sasl_type (cyrus)
               The SASL plug-in type that the Postfix SMTP  server
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index f53403163..c0fed1ae4 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -152,7 +152,7 @@ result.
 .IP "\fBtcp\fR (read-only)"
 Perform lookups using a simple request-reply protocol that is
 described in \fBtcp_table\fR(5).
-This feature is not included with Postfix 2.2.
+This feature is not included with the stable Postfix release.
 .IP "\fBunix\fR (read-only)"
 A limited way to query the UNIX authentication database. The
 following tables are implemented:
diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1
index 6dd40a489..5a2087f8a 100644
--- a/postfix/man/man1/postfix.1
+++ b/postfix/man/man1/postfix.1
@@ -51,6 +51,8 @@ poor delivery performance of all other mail.
 .IP \fBreload\fR
 Re-read configuration files. Running processes terminate at their
 earliest convenience.
+.IP \fBstatus\fR
+Indicate if the Postfix mail system is currently running.
 .IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
 Set the ownership and permissions of Postfix related files and
 directories, as specified in the \fBpostfix-files\fR file.
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 7d56391ad..62a6d11a7 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1138,6 +1138,12 @@ file or \fBbounce\fR(8) logfile.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
+.SH detect_8bit_encoding_header (default: yes)
+Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on".
+.PP
+This feature is available in Postfix 2.5 and later.
 .SH disable_dns_lookups (default: no)
 Disable DNS lookups in the Postfix SMTP and LMTP clients. When
 disabled, hosts are looked up with the getaddrinfo() system
@@ -4325,14 +4331,16 @@ attempt to authenticate to the remote host.
 The Postfix SMTP client opens the lookup table before going to
 chroot jail, so you can leave the password file in /etc/postfix.
 .SH smtp_sasl_path (default: empty)
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP client
+passes through to
 the SASL plug-in implementation that is selected with
 \fBsmtp_sasl_type\fR.  Typically this specifies the name of a
 configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtp_sasl_security_options (default: noplaintext, noanonymous)
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL client implementation that is selected
 with \fBsmtp_sasl_type\fR.
 .PP
@@ -6179,7 +6187,8 @@ right-hand side of a Postfix \fBaccess\fR(5) table.
 One major application is for implementing per-recipient UCE control.
 See the RESTRICTION_CLASS_README document for other examples.
 .SH smtpd_sasl_application_name (default: smtpd)
-The application name used for SASL server initialization. This
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
 controls the name of the SASL configuration file. The default value
 is \fBsmtpd\fR, corresponding to a SASL configuration file named
 \fBsmtpd.conf\fR.
@@ -6220,7 +6229,8 @@ message header.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtpd_sasl_exceptions_networks (default: empty)
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
 .PP
 Some clients (Netscape 4 at least) have a bug that causes them to
 require a login and password whenever AUTH is offered, whether it's
@@ -6256,7 +6266,8 @@ smtpd_sasl_exceptions_networks = $mynetworks
 .PP
 This feature is available in Postfix 2.1 and later.
 .SH smtpd_sasl_local_domain (default: empty)
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
 .PP
 By default, the local authentication realm name is the null string.
 .PP
@@ -6271,7 +6282,8 @@ smtpd_sasl_local_domain = $myhostname
 .ad
 .ft R
 .SH smtpd_sasl_path (default: smtpd)
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP server
+passes through to
 the SASL plug-in implementation that is selected with
 \fBsmtpd_sasl_type\fR.  Typically this specifies the name of a
 configuration file or rendezvous point.
@@ -6279,7 +6291,8 @@ configuration file or rendezvous point.
 This feature is available in Postfix 2.3 and later. In earlier
 releases it was called smtpd_sasl_application.
 .SH smtpd_sasl_security_options (default: noanonymous)
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL server implementation that is selected
 with \fBsmtpd_sasl_type\fR.
 .PP
diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8
index e6876820b..24798cb05 100644
--- a/postfix/man/man8/cleanup.8
+++ b/postfix/man/man8/cleanup.8
@@ -201,6 +201,12 @@ information.
 .IP "\fBstrict_mime_encoding_domain (no)\fR"
 Reject mail with invalid Content-Transfer-Encoding: information
 for the message/* or multipart/* MIME content types.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBdetect_8bit_encoding_header (yes)\fR"
+Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on".
 .SH "AUTOMATIC BCC RECIPIENT CONTROLS"
 .na
 .nf
diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8
index b18bf7329..5f521c3d3 100644
--- a/postfix/man/man8/pipe.8
+++ b/postfix/man/man8/pipe.8
@@ -92,7 +92,8 @@ envelope recipient address. Note: for this to work, the
 The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later):
 if a message already contains a \fBDelivered-To:\fR header
 with the same recipient address, then the message is
-returned as undeliverable.
+returned as undeliverable. The address comparison is case
+insensitive.
 .sp
 This feature is available as of Postfix 2.0.
 .IP \fBF\fR
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index f1c2bca62..aa5097e40 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -259,7 +259,8 @@ Optional SMTP client lookup tables with one username:password entry
 per remote hostname or domain, or sender address when sender-dependent
 authentication is enabled.
 .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL client implementation that is selected
 with \fBsmtp_sasl_type\fR.
 .PP
@@ -275,7 +276,8 @@ available only with SASL authentication, and disables SMTP connection
 caching to ensure that mail from different senders will use the
 appropriate credentials.
 .IP "\fBsmtp_sasl_path (empty)\fR"
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP client
+passes through to
 the SASL plug-in implementation that is selected with
 \fBsmtp_sasl_type\fR.
 .IP "\fBsmtp_sasl_type (cyrus)\fR"
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 21ab94646..3ee6d1deb 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -109,7 +109,8 @@ Request that the Postfix SMTP server rejects mail from unknown
 sender addresses, even when no explicit reject_unlisted_sender
 access restriction is specified.
 .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
 .PP
 Available in Postfix version 2.2 and later:
 .IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
@@ -269,9 +270,11 @@ version of the AUTH command (RFC 2554).
 .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
 Enable SASL authentication in the Postfix SMTP server.
 .IP "\fBsmtpd_sasl_local_domain (empty)\fR"
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
 .IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL server implementation that is selected
 with \fBsmtpd_sasl_type\fR.
 .IP "\fBsmtpd_sender_login_maps (empty)\fR"
@@ -280,14 +283,16 @@ Optional lookup table with the SASL login names that own sender
 .PP
 Available in Postfix version 2.1 and later:
 .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
 .PP
 Available in Postfix version 2.3 and later:
 .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
 Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
 message header.
 .IP "\fBsmtpd_sasl_path (smtpd)\fR"
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP server
+passes through to
 the SASL plug-in implementation that is selected with
 \fBsmtpd_sasl_type\fR.
 .IP "\fBsmtpd_sasl_type (cyrus)\fR"
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 4088d6982..6d4320497 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -151,6 +151,7 @@ while (<>) {
     s;\bdelay_warn[-]*\n*[ ]*ing_time\b;$&;g;
     s;\bdeliver_lock_attempts\b;$&;g;
     s;\bdeliver_lock_delay\b;$&;g;
+    s;\bdetect_8bit_encoding_header\b;$&;g;
     s;\bdisable_dns_lookups\b;$&;g;
     s;\bdisable_mime_input_processing\b;$&;g;
     s;\bdisable_mime_output_conversion\b;$&;g;
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index 1854a6f00..55af89162 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -241,7 +241,7 @@ daemon, you would use something like this: 
    
 
    
 
      1 /etc/postfix/master.cf:
- 2     policy  unix  -       n       n       -       -       spawn
+ 2     policy  unix  -       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -266,6 +266,10 @@ main.cf with an explicit "policy_time_limit" setting.  The name of
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  
    
 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
  •  
     Lines 8, 9: always specify "check_policy_service" AFTER
 "reject_unauth_destination" or else your system could become an
 open relay. 
    
@@ -278,7 +282,7 @@ TCP sockets instead: 
    
 
    
 
      1 /etc/postfix/master.cf:
- 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
  3       user=nobody argv=/some/where/policy-server
  4 
  5 /etc/postfix/main.cf:
@@ -370,7 +374,7 @@ processes only: 
    
 
    
 
     1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       -       spawn
+2     policy  unix  -       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
@@ -393,6 +397,10 @@ main.cf with an explicit "policy_time_limit" setting.  The name of
 the parameter is the name of the master.cf entry ("policy")
 concatenated with the "_time_limit" suffix.  
    
 
+
  •  
     Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. 
    
+
 
 
 
     On Solaris you must use inet: style sockets instead of unix:
@@ -402,7 +410,7 @@ client/server configuration" section above.  
    
 
    
 
     1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
+2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
 4 
 5 /etc/postfix/main.cf:
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index a42ea22d6..7054b3181 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -4095,7 +4095,8 @@ chroot jail, so you can leave the password file in /etc/postfix.
 
 %PARAM smtp_sasl_security_options noplaintext, noanonymous
 
-
     SASL security options; as of Postfix 2.3 the list of available
+
     Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL client implementation that is selected
 with smtp_sasl_type.  
    
 
@@ -5461,7 +5462,8 @@ message header.  
    
 %PARAM smtpd_sasl_exceptions_networks 
 
 
    
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
 
    
 
 
    
@@ -5504,7 +5506,8 @@ This feature is available in Postfix 2.1 and later.
 %PARAM smtpd_sasl_local_domain 
 
 
    
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
 
    
 
 
    
@@ -5522,7 +5525,8 @@ smtpd_sasl_local_domain = $myhostname
 
 %PARAM smtpd_sasl_security_options noanonymous
 
-
     SASL security options; as of Postfix 2.3 the list of available
+
     Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
 features depends on the SASL server implementation that is selected
 with smtpd_sasl_type.  
    
 
@@ -7542,7 +7546,8 @@ See the RESTRICTION_CLASS_README document for other examples.
 %PARAM smtpd_sasl_application_name smtpd
 
 
    
-The application name used for SASL server initialization. This
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
 controls the name of the SASL configuration file. The default value
 is smtpd, corresponding to a SASL configuration file named
 smtpd.conf.
@@ -9379,7 +9384,8 @@ for authentication.  The available types are listed with the
 
 %PARAM smtpd_sasl_path smtpd
 
-
     Implementation-specific information that is passed through to
+
     Implementation-specific information that the Postfix SMTP server
+passes through to
 the SASL plug-in implementation that is selected with
 smtpd_sasl_type.  Typically this specifies the name of a
 configuration file or rendezvous point. 
    
@@ -9389,7 +9395,8 @@ releases it was called smtpd_sasl_application. 
    
 
 %PARAM smtp_sasl_path
 
-
     Implementation-specific information that is passed through to
+
     Implementation-specific information that the Postfix SMTP client
+passes through to
 the SASL plug-in implementation that is selected with
 smtp_sasl_type.  Typically this specifies the name of a
 configuration file or rendezvous point. 
    
@@ -10572,3 +10579,11 @@ configuration parameter.  See there for details. 
    
 configuration parameter.  See there for details. 
    
 
 
     This feature is available in Postfix 2.4 and later. 
    
+
+%PARAM detect_8bit_encoding_header yes
+
+
     Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on".  
    
+
+
     This feature is available in Postfix 2.5 and later. 
    
diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c
index 5747f8c94..1ce24302f 100644
--- a/postfix/src/cleanup/cleanup.c
+++ b/postfix/src/cleanup/cleanup.c
@@ -179,6 +179,12 @@
 /* .IP "\fBstrict_mime_encoding_domain (no)\fR"
 /*	Reject mail with invalid Content-Transfer-Encoding: information
 /*	for the message/* or multipart/* MIME content types.
+/* .PP
+/*	Available in Postfix version 2.5 and later:
+/* .IP "\fBdetect_8bit_encoding_header (yes)\fR"
+/*	Automatically detect 8BITMIME body content by looking at
+/*	Content-Transfer-Encoding: message headers; historically, this
+/*	behavior was hard-coded to be "always on".
 /* AUTOMATIC BCC RECIPIENT CONTROLS
 /* .ad
 /* .fi
diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c
index 13e792e52..ebbcb5461 100644
--- a/postfix/src/cleanup/cleanup_init.c
+++ b/postfix/src/cleanup/cleanup_init.c
@@ -160,6 +160,7 @@ char   *var_milt_data_macros;		/* DATA macros */
 char   *var_milt_eod_macros;		/* end-of-data macros */
 char   *var_milt_unk_macros;		/* unknown command macros */
 char   *var_cleanup_milters;		/* non-SMTP mail */
+int     var_auto_8bit_enc_hdr;		/* auto-detect 8bit encoding header */
 
 CONFIG_INT_TABLE cleanup_int_table[] = {
     VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
@@ -174,6 +175,7 @@ CONFIG_INT_TABLE cleanup_int_table[] = {
 CONFIG_BOOL_TABLE cleanup_bool_table[] = {
     VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
     VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
+    VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
     0,
 };
 
@@ -382,18 +384,18 @@ void    cleanup_pre_jail(char *unused_name, char **unused_argv)
 			DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
     if (*var_cleanup_milters)
 	cleanup_milters = milter_create(var_cleanup_milters,
-                                      var_milt_conn_time,
-                                      var_milt_cmd_time,
-                                      var_milt_msg_time,
-                                      var_milt_protocol,
-                                      var_milt_def_action,
-                                      var_milt_conn_macros,
-                                      var_milt_helo_macros,
-                                      var_milt_mail_macros,
-                                      var_milt_rcpt_macros,
-                                      var_milt_data_macros,
-                                      var_milt_eod_macros,
-                                      var_milt_unk_macros);
+					var_milt_conn_time,
+					var_milt_cmd_time,
+					var_milt_msg_time,
+					var_milt_protocol,
+					var_milt_def_action,
+					var_milt_conn_macros,
+					var_milt_helo_macros,
+					var_milt_mail_macros,
+					var_milt_rcpt_macros,
+					var_milt_data_macros,
+					var_milt_eod_macros,
+					var_milt_unk_macros);
 
     flush_init();
 }
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index 2087c0908..61ac63425 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -512,7 +512,8 @@ static void cleanup_header_callback(void *context, int header_class,
     while (ISSPACE(*hdrval))
 	hdrval++;
     /* trimblanks(hdrval, 0)[0] = 0; */
-    if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
+    if (var_auto_8bit_enc_hdr 
+	&& hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
 	for (cmp = code_map; cmp->name != 0; cmp++) {
 	    if (strcasecmp(hdrval, cmp->name) == 0) {
 		if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in
index 1e2aa89a2..881440680 100644
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@@ -27,7 +27,8 @@ SRCS	= abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
 	sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
 	tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
 	user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
-	verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c
+	verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c \
+	fold_addr.c
 OBJS	= abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
 	canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
 	clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
@@ -56,7 +57,8 @@ OBJS	= abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
 	sys_exits.o timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
 	tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
 	user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
-	verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o
+	verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o \
+	fold_addr.o
 HDRS	= abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
 	canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
 	conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
@@ -79,7 +81,8 @@ HDRS	= abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
 	rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \
 	string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
 	trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
-	verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h
+	verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \
+	fold_addr.h
 TESTSRC	= rec2stream.c stream2rec.c recdump.c
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
 CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
@@ -699,6 +702,7 @@ delivered_hdr.o: ../../include/vstring.h
 delivered_hdr.o: ../../include/vstring_vstream.h
 delivered_hdr.o: delivered_hdr.c
 delivered_hdr.o: delivered_hdr.h
+delivered_hdr.o: fold_addr.h
 delivered_hdr.o: header_opts.h
 delivered_hdr.o: is_header.h
 delivered_hdr.o: quote_822_local.h
@@ -883,6 +887,12 @@ flush_clnt.o: mail_flush.h
 flush_clnt.o: mail_params.h
 flush_clnt.o: mail_proto.h
 flush_clnt.o: match_parent_style.h
+fold_addr.o: ../../include/stringops.h
+fold_addr.o: ../../include/sys_defs.h
+fold_addr.o: ../../include/vbuf.h
+fold_addr.o: ../../include/vstring.h
+fold_addr.o: fold_addr.c
+fold_addr.o: fold_addr.h
 header_opts.o: ../../include/htable.h
 header_opts.o: ../../include/msg.h
 header_opts.o: ../../include/stringops.h
@@ -1147,13 +1157,16 @@ mail_params.o: ../../include/iostuff.h
 mail_params.o: ../../include/msg.h
 mail_params.o: ../../include/msg_syslog.h
 mail_params.o: ../../include/myaddrinfo.h
+mail_params.o: ../../include/mymalloc.h
 mail_params.o: ../../include/safe.h
+mail_params.o: ../../include/safe_open.h
 mail_params.o: ../../include/stringops.h
 mail_params.o: ../../include/sys_defs.h
 mail_params.o: ../../include/valid_hostname.h
 mail_params.o: ../../include/vbuf.h
 mail_params.o: ../../include/vstream.h
 mail_params.o: ../../include/vstring.h
+mail_params.o: ../../include/vstring_vstream.h
 mail_params.o: mail_conf.h
 mail_params.o: mail_params.c
 mail_params.o: mail_params.h
diff --git a/postfix/src/global/delivered_hdr.c b/postfix/src/global/delivered_hdr.c
index f3dc2c4d5..746998a57 100644
--- a/postfix/src/global/delivered_hdr.c
+++ b/postfix/src/global/delivered_hdr.c
@@ -6,9 +6,10 @@
 /* SYNOPSIS
 /*	#include 
 /*
-/*	DELIVERED_HDR_INFO *delivered_hdr_init(stream, offset)
+/*	DELIVERED_HDR_INFO *delivered_hdr_init(stream, offset, flags)
 /*	VSTREAM	*stream;
 /*	off_t	offset;
+/*	int	flags;
 /*
 /*	int	delivered_hdr_find(info, address)
 /*	DELIVERED_HDR_INFO *info;
@@ -39,6 +40,16 @@
 /*	The open queue file.
 /* .IP offset
 /*	Offset of the first message content record.
+/* .IP flags
+/*	Zero, or the bit-wise OR ot:
+/* .RS
+/* .IP FOLD_ADDR_USER
+/*	Case fold the address local part.
+/* .IP FOLD_ADDR_HOST
+/*	Case fold the address domain part.
+/* .IP FOLD_ADDR_ALL
+/*	Alias for (FOLD_ADDR_USER | FOLD_ADDR_HOST).
+/* .RE
 /* .IP info
 /*	Extracted Delivered-To: addresses information.
 /* .IP address
@@ -83,11 +94,13 @@
 #include 
 #include 
 #include 
+#include 
 
  /*
   * Application-specific.
   */
 struct DELIVERED_HDR_INFO {
+    int     flags;
     VSTRING *buf;
     HTABLE *table;
 };
@@ -96,13 +109,17 @@ struct DELIVERED_HDR_INFO {
 
 /* delivered_hdr_init - extract delivered-to information from the message */
 
-DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset)
+DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags)
 {
     char   *cp;
     DELIVERED_HDR_INFO *info;
     HEADER_OPTS *hdr;
 
+    /*
+     * Sanity check.
+     */
     info = (DELIVERED_HDR_INFO *) mymalloc(sizeof(*info));
+    info->flags = flags;
     info->buf = vstring_alloc(10);
     info->table = htable_create(0);
 
@@ -126,7 +143,8 @@ DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset)
 		cp = STR(info->buf) + strlen(hdr->name) + 1;
 		while (ISSPACE(*cp))
 		    cp++;
-		lowercase(cp);
+		if (info->flags & FOLD_ADDR_ALL)
+		    fold_addr(cp, info->flags);
 		if (msg_verbose)
 		    msg_info("delivered_hdr_init: %s", cp);
 		htable_enter(info->table, cp, (char *) 0);
@@ -152,7 +170,8 @@ int     delivered_hdr_find(DELIVERED_HDR_INFO *info, const char *address)
      * up the recipient. Lowercase the delivered-to address for consistency.
      */
     quote_822_local(info->buf, address);
-    lowercase(STR(info->buf));
+    if (info->flags & FOLD_ADDR_ALL)
+	fold_addr(STR(info->buf), info->flags);
     ht = htable_locate(info->table, STR(info->buf));
     return (ht != 0);
 }
diff --git a/postfix/src/global/delivered_hdr.h b/postfix/src/global/delivered_hdr.h
index 4a7ca25b7..24e0ceb15 100644
--- a/postfix/src/global/delivered_hdr.h
+++ b/postfix/src/global/delivered_hdr.h
@@ -16,11 +16,16 @@
   */
 #include 
 
+ /*
+  * Global library.
+  */
+#include 
+
  /*
   * External interface.
   */
 typedef struct DELIVERED_HDR_INFO DELIVERED_HDR_INFO;
-extern DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *, off_t);
+extern DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *, off_t, int);
 extern int delivered_hdr_find(DELIVERED_HDR_INFO *, const char *);
 extern void delivered_hdr_free(DELIVERED_HDR_INFO *);
 
diff --git a/postfix/src/global/fold_addr.c b/postfix/src/global/fold_addr.c
new file mode 100644
index 000000000..99263dca0
--- /dev/null
+++ b/postfix/src/global/fold_addr.c
@@ -0,0 +1,85 @@
+/*++
+/* NAME
+/*	fold_addr 3
+/* SUMMARY
+/*	address case folding
+/* SYNOPSIS
+/*	#include 
+/*
+/*	char	*fold_addr(addr, flags)
+/*	char	*addr;
+/*	int	flags;
+/* DESCRIPTION
+/*	fold_addr() case folds an address according to the options
+/*	specified with \fIflags\fR. The result value is the address
+/*	argument.
+/*
+/*	Arguments
+/* .IP addr
+/*	Null-terminated writable string with the address.
+/* .IP flags
+/*	Zero or the bit-wise OR of:
+/* .RS
+/* .IP FOLD_ADDR_USER
+/*	Case fold the address local part.
+/* .IP FOLD_ADDR_HOST
+/*	Case fold the address domain part.
+/* .IP FOLD_ADDR_ALL
+/*	Alias for (FOLD_ADDR_USER | FOLD_ADDR_HOST).
+/* .RE
+/* SEE ALSO
+/*	msg(3) diagnostics interface
+/* DIAGNOSTICS
+/*	Fatal errors: memory allocation problem.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include 
+#include 
+
+/* Utility library. */
+
+#include 
+
+/* Global library. */
+
+#include 
+
+/* fold_addr - case fold mail address */
+
+char   *fold_addr(char *addr, int flags)
+{
+    char   *cp;
+
+    /*
+     * Fold the address as appropriate.
+     */
+    switch (flags & FOLD_ADDR_ALL) {
+    case FOLD_ADDR_HOST:
+	if ((cp = strrchr(addr, '@')) != 0)
+	    lowercase(cp + 1);
+	break;
+    case FOLD_ADDR_USER:
+	if ((cp = strrchr(addr, '@')) != 0) {
+	    *cp = 0;
+	    lowercase(addr);
+	    *cp = '@';
+	    break;
+	}
+	/* FALLTHROUGH */
+    case FOLD_ADDR_USER | FOLD_ADDR_HOST:
+	lowercase(addr);
+	break;
+    }
+    return (addr);
+}
diff --git a/postfix/src/global/fold_addr.h b/postfix/src/global/fold_addr.h
new file mode 100644
index 000000000..557e830b1
--- /dev/null
+++ b/postfix/src/global/fold_addr.h
@@ -0,0 +1,35 @@
+#ifndef _FOLD_ADDR_H_INCLUDED_
+#define _FOLD_ADDR_H_INCLUDED_
+
+/*++
+/* NAME
+/*	fold_addr 3h
+/* SUMMARY
+/*	address case folding
+/* SYNOPSIS
+/*	#include 
+/* DESCRIPTION
+/* .nf
+
+ /*
+  * External interface.
+  */
+#define FOLD_ADDR_USER	(1<<0)
+#define FOLD_ADDR_HOST	(1<<1)
+
+#define FOLD_ADDR_ALL	(FOLD_ADDR_USER | FOLD_ADDR_HOST)
+
+extern char *fold_addr(char *, int);
+
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
diff --git a/postfix/src/global/mail_copy.c b/postfix/src/global/mail_copy.c
index 3a2b30e83..7088f480d 100644
--- a/postfix/src/global/mail_copy.c
+++ b/postfix/src/global/mail_copy.c
@@ -49,6 +49,7 @@
 /* .IP MAIL_COPY_DELIVERED
 /*	Prepend a Delivered-To: header with the name of the
 /*	\fIdelivered\fR attribute.
+/*	The address is quoted according to RFC822 rules.
 /* .IP MAIL_COPY_ORIG_RCPT
 /*	Prepend an X-Original-To: header with the original
 /*	envelope recipient address.
diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c
index 85fadf3e9..0702e2db1 100644
--- a/postfix/src/global/mail_params.c
+++ b/postfix/src/global/mail_params.c
@@ -144,6 +144,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #ifdef STRCASECMP_IN_STRINGS_H
 #include 
@@ -157,10 +158,13 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 #ifdef HAS_DB
 #include 
 #endif
 #include 
+#include 
 
 /* Global library. */
 
@@ -433,6 +437,48 @@ static void check_overlap(void)
 		  (long) var_sgid_gid);
 }
 
+#ifdef MYORIGIN_FROM_FILE
+
+/* read_param_from_file - read parameter value from file */
+
+static char *read_param_from_file(const char *path)
+{
+    VSTRING *why = vstring_alloc(100);
+    VSTRING *buf = vstring_alloc(100);
+    VSTREAM *fp;
+    char   *bp;
+    char   *result;
+
+    /*
+     * Ugly macros to make complex expressions less unreadable.
+     */
+#define SKIP(start, var, cond) \
+	for (var = start; *var && (cond); var++);
+
+#define TRIM(s) { \
+	char *p; \
+	for (p = (s) + strlen(s); p > (s) && ISSPACE(p[-1]); p--); \
+	*p = 0; \
+    }
+
+    fp = safe_open(path, O_RDONLY, 0, (struct stat *) 0, -1, -1, why);
+    if (fp == 0)
+	msg_fatal("%s: %s", path, vstring_str(why));
+    vstring_get_nonl(buf, fp);
+    if (vstream_ferror(fp))			/* FIX 20070501 */
+	msg_fatal("%s: read error: %m", path);
+    vstream_fclose(fp);
+    SKIP(vstring_str(buf), bp, ISSPACE(*bp));
+    TRIM(bp);
+    result = mystrdup(bp);
+
+    vstring_free(why);
+    vstring_free(buf);
+    return (result);
+}
+
+#endif
+
 /* mail_params_init - configure built-in parameters */
 
 void    mail_params_init()
@@ -582,8 +628,23 @@ void    mail_params_init()
 
     /*
      * Variables that are needed by almost every program.
+     * 
+     * XXX Reading the myorigin value from file is originally a Debian Linux
+     * feature. This code is not enabled by default because of problems: 1)
+     * it re-implements its own parameter syntax checks, and 2) it does not
+     * implement $name expansions.
      */
     get_mail_conf_str_table(other_str_defaults);
+#ifdef MYORIGIN_FROM_FILE
+    if (*var_myorigin == '/') {
+	char   *origin = read_param_from_file(var_myorigin);
+
+	if (*origin == 0)
+	    msg_fatal("%s file %s is empty", VAR_MYORIGIN, var_myorigin);
+	myfree(var_myorigin);			/* FIX 20070501 */
+	var_myorigin = origin;
+    }
+#endif
     get_mail_conf_int_table(other_int_defaults);
     get_mail_conf_bool_table(bool_defaults);
     get_mail_conf_time_table(time_defaults);
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 4c3c3f3ca..9c70bfd85 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -2473,6 +2473,10 @@ extern bool var_strict_8bit_body;
 #define DEF_STRICT_ENCODING		0
 extern bool var_strict_encoding;
 
+#define VAR_AUTO_8BIT_ENC_HDR		"detect_8bit_encoding_header"
+#define DEF_AUTO_8BIT_ENC_HDR		1
+extern int var_auto_8bit_enc_hdr;
+
  /*
   * Bizarre.
   */
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 84f5b3f4c..bf2c5a497 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20070423"
+#define MAIL_RELEASE_DATE	"20070501"
 #define MAIL_VERSION_NUMBER	"2.5"
 
 #ifdef SNAPSHOT
@@ -56,6 +56,8 @@ extern char *var_mail_release;
   * - Is this installation mixing multiple Postfix versions?
   * 
   * - What Postfix version generated this core dump?
+  * 
+  * To find out: strings -f file... | grep mail_version=
   */
 #include 
 
diff --git a/postfix/src/local/Makefile.in b/postfix/src/local/Makefile.in
index 10962b5cc..13a2788a1 100644
--- a/postfix/src/local/Makefile.in
+++ b/postfix/src/local/Makefile.in
@@ -76,6 +76,7 @@ alias.o: ../../include/dict.h
 alias.o: ../../include/dsn.h
 alias.o: ../../include/dsn_buf.h
 alias.o: ../../include/dsn_mask.h
+alias.o: ../../include/fold_addr.h
 alias.o: ../../include/htable.h
 alias.o: ../../include/mail_params.h
 alias.o: ../../include/maps.h
@@ -111,6 +112,7 @@ command.o: ../../include/dict.h
 command.o: ../../include/dsn.h
 command.o: ../../include/dsn_buf.h
 command.o: ../../include/dsn_util.h
+command.o: ../../include/fold_addr.h
 command.o: ../../include/htable.h
 command.o: ../../include/mac_parse.h
 command.o: ../../include/mail_copy.h
@@ -138,6 +140,7 @@ deliver_attr.o: ../../include/delivered_hdr.h
 deliver_attr.o: ../../include/dict.h
 deliver_attr.o: ../../include/dsn.h
 deliver_attr.o: ../../include/dsn_buf.h
+deliver_attr.o: ../../include/fold_addr.h
 deliver_attr.o: ../../include/htable.h
 deliver_attr.o: ../../include/maps.h
 deliver_attr.o: ../../include/mbox_conf.h
@@ -163,6 +166,7 @@ dotforward.o: ../../include/dsn.h
 dotforward.o: ../../include/dsn_buf.h
 dotforward.o: ../../include/dsn_mask.h
 dotforward.o: ../../include/ext_prop.h
+dotforward.o: ../../include/fold_addr.h
 dotforward.o: ../../include/htable.h
 dotforward.o: ../../include/iostuff.h
 dotforward.o: ../../include/lstat_as.h
@@ -201,6 +205,7 @@ file.o: ../../include/dict.h
 file.o: ../../include/dsn.h
 file.o: ../../include/dsn_buf.h
 file.o: ../../include/dsn_util.h
+file.o: ../../include/fold_addr.h
 file.o: ../../include/htable.h
 file.o: ../../include/mail_copy.h
 file.o: ../../include/mail_params.h
@@ -233,6 +238,7 @@ forward.o: ../../include/dict.h
 forward.o: ../../include/dsn.h
 forward.o: ../../include/dsn_buf.h
 forward.o: ../../include/dsn_mask.h
+forward.o: ../../include/fold_addr.h
 forward.o: ../../include/htable.h
 forward.o: ../../include/iostuff.h
 forward.o: ../../include/mail_date.h
@@ -269,6 +275,7 @@ include.o: ../../include/dict.h
 include.o: ../../include/dsn.h
 include.o: ../../include/dsn_buf.h
 include.o: ../../include/ext_prop.h
+include.o: ../../include/fold_addr.h
 include.o: ../../include/htable.h
 include.o: ../../include/iostuff.h
 include.o: ../../include/mail_params.h
@@ -300,6 +307,7 @@ indirect.o: ../../include/delivered_hdr.h
 indirect.o: ../../include/dict.h
 indirect.o: ../../include/dsn.h
 indirect.o: ../../include/dsn_buf.h
+indirect.o: ../../include/fold_addr.h
 indirect.o: ../../include/htable.h
 indirect.o: ../../include/mail_params.h
 indirect.o: ../../include/maps.h
@@ -327,6 +335,7 @@ local.o: ../../include/dsn.h
 local.o: ../../include/dsn_buf.h
 local.o: ../../include/ext_prop.h
 local.o: ../../include/flush_clnt.h
+local.o: ../../include/fold_addr.h
 local.o: ../../include/htable.h
 local.o: ../../include/iostuff.h
 local.o: ../../include/mail_addr.h
@@ -358,6 +367,7 @@ local_expand.o: ../../include/delivered_hdr.h
 local_expand.o: ../../include/dict.h
 local_expand.o: ../../include/dsn.h
 local_expand.o: ../../include/dsn_buf.h
+local_expand.o: ../../include/fold_addr.h
 local_expand.o: ../../include/htable.h
 local_expand.o: ../../include/mac_expand.h
 local_expand.o: ../../include/mac_parse.h
@@ -386,6 +396,7 @@ mailbox.o: ../../include/dict.h
 mailbox.o: ../../include/dsn.h
 mailbox.o: ../../include/dsn_buf.h
 mailbox.o: ../../include/dsn_util.h
+mailbox.o: ../../include/fold_addr.h
 mailbox.o: ../../include/htable.h
 mailbox.o: ../../include/iostuff.h
 mailbox.o: ../../include/mail_copy.h
@@ -423,6 +434,7 @@ maildir.o: ../../include/dict.h
 maildir.o: ../../include/dsn.h
 maildir.o: ../../include/dsn_buf.h
 maildir.o: ../../include/dsn_util.h
+maildir.o: ../../include/fold_addr.h
 maildir.o: ../../include/get_hostname.h
 maildir.o: ../../include/htable.h
 maildir.o: ../../include/mail_copy.h
@@ -460,6 +472,7 @@ recipient.o: ../../include/dict.h
 recipient.o: ../../include/dsn.h
 recipient.o: ../../include/dsn_buf.h
 recipient.o: ../../include/ext_prop.h
+recipient.o: ../../include/fold_addr.h
 recipient.o: ../../include/htable.h
 recipient.o: ../../include/mail_params.h
 recipient.o: ../../include/maps.h
@@ -492,6 +505,7 @@ resolve.o: ../../include/delivered_hdr.h
 resolve.o: ../../include/dict.h
 resolve.o: ../../include/dsn.h
 resolve.o: ../../include/dsn_buf.h
+resolve.o: ../../include/fold_addr.h
 resolve.o: ../../include/htable.h
 resolve.o: ../../include/iostuff.h
 resolve.o: ../../include/mail_params.h
@@ -520,6 +534,7 @@ token.o: ../../include/delivered_hdr.h
 token.o: ../../include/dict.h
 token.o: ../../include/dsn.h
 token.o: ../../include/dsn_buf.h
+token.o: ../../include/fold_addr.h
 token.o: ../../include/htable.h
 token.o: ../../include/mail_params.h
 token.o: ../../include/maps.h
@@ -549,6 +564,7 @@ unknown.o: ../../include/delivered_hdr.h
 unknown.o: ../../include/dict.h
 unknown.o: ../../include/dsn.h
 unknown.o: ../../include/dsn_buf.h
+unknown.o: ../../include/fold_addr.h
 unknown.o: ../../include/htable.h
 unknown.o: ../../include/iostuff.h
 unknown.o: ../../include/mail_addr.h
diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c
index f46ed71b3..b2992d7c4 100644
--- a/postfix/src/local/local.c
+++ b/postfix/src/local/local.c
@@ -693,7 +693,8 @@ static int local_deliver(DELIVER_REQUEST *rqst, char *service)
     state.msg_attr.request = rqst;
     RESET_OWNER_ATTR(state.msg_attr, state.level);
     RESET_USER_ATTR(usr_attr, state.level);
-    state.loop_info = delivered_hdr_init(rqst->fp, rqst->data_offset);
+    state.loop_info = delivered_hdr_init(rqst->fp, rqst->data_offset,
+					 FOLD_ADDR_ALL);
     state.request = rqst;
 
     /*
diff --git a/postfix/src/pipe/Makefile.in b/postfix/src/pipe/Makefile.in
index b9f534fbd..6a10d5ff6 100644
--- a/postfix/src/pipe/Makefile.in
+++ b/postfix/src/pipe/Makefile.in
@@ -70,6 +70,7 @@ pipe.o: ../../include/dsn.h
 pipe.o: ../../include/dsn_buf.h
 pipe.o: ../../include/dsn_util.h
 pipe.o: ../../include/flush_clnt.h
+pipe.o: ../../include/fold_addr.h
 pipe.o: ../../include/htable.h
 pipe.o: ../../include/iostuff.h
 pipe.o: ../../include/mac_parse.h
diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c
index 4ecf4e609..ca2e310bc 100644
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -82,7 +82,8 @@
 /*	The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later):
 /*	if a message already contains a \fBDelivered-To:\fR header
 /*	with the same recipient address, then the message is
-/*	returned as undeliverable.
+/*	returned as undeliverable. The address comparison is case
+/*	insensitive.
 /* .sp
 /*	This feature is available as of Postfix 2.0.
 /* .IP \fBF\fR
@@ -440,6 +441,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Single server skeleton. */
 
@@ -485,11 +487,14 @@
   * Additional flags. These are colocated with mail_copy() flags. Allow some
   * space for extension of the mail_copy() interface.
   */
-#define PIPE_OPT_FOLD_USER	(1<<16)
-#define PIPE_OPT_FOLD_HOST	(1<<17)
-#define PIPE_OPT_QUOTE_LOCAL	(1<<18)
+#define PIPE_OPT_FOLD_BASE	(16)
+#define PIPE_OPT_FOLD_USER	(FOLD_ADDR_USER << PIPE_OPT_FOLD_BASE)
+#define PIPE_OPT_FOLD_HOST	(FOLD_ADDR_HOST << PIPE_OPT_FOLD_BASE)
+#define PIPE_OPT_QUOTE_LOCAL	(PIPE_OPT_FOLD_BASE << 2)
 
-#define PIPE_OPT_FOLD_FLAGS	(PIPE_OPT_FOLD_USER | PIPE_OPT_FOLD_HOST)
+#define PIPE_OPT_FOLD_ALL	(FOLD_ADDR_ALL << PIPE_OPT_FOLD_BASE)
+#define PIPE_OPT_FOLD_FLAGS(f) \
+	(((f) & PIPE_OPT_FOLD_ALL) >> PIPE_OPT_FOLD_BASE)
 
  /*
   * Tunable parameters. Values are taken from the config file, after
@@ -589,7 +594,6 @@ static int parse_callback(int type, VSTRING *buf, char *context)
 
 static void morph_recipient(VSTRING *buf, const char *address, int flags)
 {
-    char   *cp;
 
     /*
      * Quote the recipient address as appropriate.
@@ -602,23 +606,8 @@ static void morph_recipient(VSTRING *buf, const char *address, int flags)
     /*
      * Fold the recipient address as appropriate.
      */
-    switch (flags & PIPE_OPT_FOLD_FLAGS) {
-    case PIPE_OPT_FOLD_HOST:
-	if ((cp = strrchr(STR(buf), '@')) != 0)
-	    lowercase(cp + 1);
-	break;
-    case PIPE_OPT_FOLD_USER:
-	if ((cp = strrchr(STR(buf), '@')) != 0) {
-	    *cp = 0;
-	    lowercase(STR(buf));
-	    *cp = '@';
-	    break;
-	}
-	/* FALLTHROUGH */
-    case PIPE_OPT_FOLD_USER | PIPE_OPT_FOLD_HOST:
-	lowercase(STR(buf));
-	break;
-    }
+    if (flags & PIPE_OPT_FOLD_ALL)
+	fold_addr(STR(buf), PIPE_OPT_FOLD_FLAGS(flags));
 }
 
 /* expand_argv - expand macros in the argument vector */
@@ -683,7 +672,7 @@ static ARGV *expand_argv(const char *service, char **argv,
 		 */
 		if (state.expand_flag & PIPE_FLAG_USER) {
 		    morph_recipient(buf, rcpt_list->info[i].address,
-				    flags & PIPE_OPT_FOLD_FLAGS);
+				    flags & PIPE_OPT_FOLD_ALL);
 		    if (split_at_right(STR(buf), '@') == 0)
 			msg_warn("no @ in recipient address: %s",
 				 rcpt_list->info[i].address);
@@ -701,7 +690,7 @@ static ARGV *expand_argv(const char *service, char **argv,
 		 */
 		if (state.expand_flag & PIPE_FLAG_EXTENSION) {
 		    morph_recipient(buf, rcpt_list->info[i].address,
-				    flags & PIPE_OPT_FOLD_FLAGS);
+				    flags & PIPE_OPT_FOLD_ALL);
 		    if (split_at_right(STR(buf), '@') == 0)
 			msg_warn("no @ in recipient address: %s",
 				 rcpt_list->info[i].address);
@@ -717,7 +706,7 @@ static ARGV *expand_argv(const char *service, char **argv,
 		 */
 		if (state.expand_flag & PIPE_FLAG_MAILBOX) {
 		    morph_recipient(buf, rcpt_list->info[i].address,
-				    flags & PIPE_OPT_FOLD_FLAGS);
+				    flags & PIPE_OPT_FOLD_ALL);
 		    if (split_at_right(STR(buf), '@') == 0)
 			msg_warn("no @ in recipient address: %s",
 				 rcpt_list->info[i].address);
@@ -730,7 +719,7 @@ static ARGV *expand_argv(const char *service, char **argv,
 		 */
 		if (state.expand_flag & PIPE_FLAG_DOMAIN) {
 		    morph_recipient(buf, rcpt_list->info[i].address,
-				    flags & PIPE_OPT_FOLD_FLAGS);
+				    flags & PIPE_OPT_FOLD_ALL);
 		    dom = split_at_right(STR(buf), '@');
 		    if (dom == 0) {
 			msg_warn("no @ in recipient address: %s",
@@ -1125,7 +1114,8 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
 	if (request->rcpt_list.len > 1)
 	    msg_panic("%s: delivered-to enabled with multi-recipient request",
 		      myname);
-	info = delivered_hdr_init(request->fp, request->data_offset);
+	info = delivered_hdr_init(request->fp, request->data_offset,
+				  FOLD_ADDR_ALL);
 	rcpt = request->rcpt_list.info;
 	loop_found = delivered_hdr_find(info, rcpt->address);
 	delivered_hdr_free(info);
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index dfa03612d..bb88fcd64 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -146,7 +146,7 @@
 /* .IP "\fBtcp\fR (read-only)"
 /*	Perform lookups using a simple request-reply protocol that is
 /*	described in \fBtcp_table\fR(5).
-/*	This feature is not included with Postfix 2.2.
+/*	This feature is not included with the stable Postfix release.
 /* .IP "\fBunix\fR (read-only)"
 /*	A limited way to query the UNIX authentication database. The
 /*	following tables are implemented:
diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c
index 6c902148d..a0a4a9609 100644
--- a/postfix/src/postfix/postfix.c
+++ b/postfix/src/postfix/postfix.c
@@ -45,6 +45,8 @@
 /* .IP \fBreload\fR
 /*	Re-read configuration files. Running processes terminate at their
 /*	earliest convenience.
+/* .IP \fBstatus\fR
+/*	Indicate if the Postfix mail system is currently running.
 /* .IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
 /*	Set the ownership and permissions of Postfix related files and
 /*	directories, as specified in the \fBpostfix-files\fR file.
diff --git a/postfix/src/qmqpd/qmqpd_peer.c b/postfix/src/qmqpd/qmqpd_peer.c
index 9d084e56d..f97a52452 100644
--- a/postfix/src/qmqpd/qmqpd_peer.c
+++ b/postfix/src/qmqpd/qmqpd_peer.c
@@ -91,7 +91,7 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
     /*
      * If peer went away, give up.
      */
-    if (errno == ECONNRESET || errno == ECONNABORTED) {
+    if (errno != 0 && errno != ENOTSOCK) {
 	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
 	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@@ -100,14 +100,32 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
 
     /*
      * Convert the client address to printable address and hostname.
+     * 
+     * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+     * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+     * else clause, pretend the origin is localhost[127.0.0.1], and become an
+     * open relay).
      */
     else if (errno == 0
-	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+	     && (sa->sa_family == AF_INET
+#ifdef AF_INET6
+		 || sa->sa_family == AF_INET6
+#endif
+		 )) {
 	MAI_HOSTNAME_STR client_name;
 	MAI_HOSTADDR_STR client_addr;
 	int     aierr;
 	char   *colonp;
 
+	/*
+	 * Sanity check: we can't use sockets that we're not configured for.
+	 */
+	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+		      sa->sa_family == AF_INET ? "AF_INET" :
+		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
+
 	/*
 	 * Sorry, but there are some things that we just cannot do while
 	 * connected to the network.
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 9a69f2adc..2e854c596 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -231,7 +231,8 @@
 /*	per remote hostname or domain, or sender address when sender-dependent
 /*	authentication is enabled.
 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
-/*	SASL security options; as of Postfix 2.3 the list of available
+/*	Postfix SMTP client SASL security options; as of Postfix 2.3
+/*	the list of available
 /*	features depends on the SASL client implementation that is selected
 /*	with \fBsmtp_sasl_type\fR.
 /* .PP
@@ -247,7 +248,8 @@
 /*	caching to ensure that mail from different senders will use the
 /*	appropriate credentials.
 /* .IP "\fBsmtp_sasl_path (empty)\fR"
-/*	Implementation-specific information that is passed through to
+/*	Implementation-specific information that the Postfix SMTP client
+/*	passes through to
 /*	the SASL plug-in implementation that is selected with
 /*	\fBsmtp_sasl_type\fR.
 /* .IP "\fBsmtp_sasl_type (cyrus)\fR"
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 70522679f..7c94a7256 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -93,7 +93,8 @@
 /*	sender addresses, even when no explicit reject_unlisted_sender
 /*	access restriction is specified.
 /* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-/*	What SMTP clients Postfix will not offer AUTH support to.
+/*	What remote SMTP clients the Postfix SMTP server will not offer
+/*	AUTH support to.
 /* .PP
 /*	Available in Postfix version 2.2 and later:
 /* .IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
@@ -239,9 +240,11 @@
 /* .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
 /*	Enable SASL authentication in the Postfix SMTP server.
 /* .IP "\fBsmtpd_sasl_local_domain (empty)\fR"
-/*	The name of the local SASL authentication realm.
+/*	The name of the Postfix SMTP server's local SASL authentication
+/*	realm.
 /* .IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
-/*	SASL security options; as of Postfix 2.3 the list of available
+/*	Postfix SMTP server SASL security options; as of Postfix 2.3
+/*	the list of available
 /*	features depends on the SASL server implementation that is selected
 /*	with \fBsmtpd_sasl_type\fR.
 /* .IP "\fBsmtpd_sender_login_maps (empty)\fR"
@@ -250,14 +253,16 @@
 /* .PP
 /*	Available in Postfix version 2.1 and later:
 /* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-/*	What SMTP clients Postfix will not offer AUTH support to.
+/*	What remote SMTP clients the Postfix SMTP server will not offer
+/*	AUTH support to.
 /* .PP
 /*	Available in Postfix version 2.3 and later:
 /* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
 /*	Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
 /*	message header.
 /* .IP "\fBsmtpd_sasl_path (smtpd)\fR"
-/*	Implementation-specific information that is passed through to
+/*	Implementation-specific information that the Postfix SMTP server
+/*	passes through to
 /*	the SASL plug-in implementation that is selected with
 /*	\fBsmtpd_sasl_type\fR.
 /* .IP "\fBsmtpd_sasl_type (cyrus)\fR"
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index d2e7c14d2..e6a7b2aef 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -162,7 +162,7 @@ void    smtpd_peer_init(SMTPD_STATE *state)
     /*
      * If peer went away, give up.
      */
-    if (errno == ECONNRESET || errno == ECONNABORTED) {
+    if (errno != 0 && errno != ENOTSOCK) {
 	state->name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@@ -174,14 +174,32 @@ void    smtpd_peer_init(SMTPD_STATE *state)
 
     /*
      * Convert the client address to printable address and hostname.
+     * 
+     * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+     * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+     * else clause, pretend the origin is localhost[127.0.0.1], and become an
+     * open relay).
      */
     else if (errno == 0
-	     && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+	     && (sa->sa_family == AF_INET
+#ifdef AF_INET6
+		 || sa->sa_family == AF_INET6
+#endif
+		 )) {
 	MAI_HOSTNAME_STR client_name;
 	MAI_HOSTADDR_STR client_addr;
 	int     aierr;
 	char   *colonp;
 
+	/*
+	 * Sanity check: we can't use sockets that we're not configured for.
+	 */
+	if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+	    msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+		      sa->sa_family == AF_INET6 ? "AF_INET6" :
+		      sa->sa_family == AF_INET ? "AF_INET" :
+		      "other", VAR_INET_PROTOCOLS, var_inet_protocols);
+
 	/*
 	 * Sorry, but there are some things that we just cannot do while
 	 * connected to the network.
diff --git a/postfix/src/smtpstone/smtp-sink.c b/postfix/src/smtpstone/smtp-sink.c
index d5b0bcd7e..ea1cbc7fd 100644
--- a/postfix/src/smtpstone/smtp-sink.c
+++ b/postfix/src/smtpstone/smtp-sink.c
@@ -335,6 +335,8 @@ static char *single_template;		/* individual template */
 static char *shared_template;		/* shared template */
 static VSTRING *start_string;		/* dump content prefix */
 
+static INET_PROTO_INFO *proto_info;
+
 #define SOFT_ERROR_RESP		"450 4.3.0 Error: command failed"
 #define HARD_ERROR_RESP		"500 5.3.0 Error: command failed"
 
@@ -1172,8 +1174,11 @@ static void connect_event(int unused_event, char *unused_context)
 	if (++client_count == max_client_count)
 	    event_disable_readwrite(sock);
 	state = (SINK_STATE *) mymalloc(sizeof(*state));
-	SOCKADDR_TO_HOSTADDR(&sa, len, &state->client_addr,
-			     (MAI_SERVPORT_STR *) 0, sa.sa_family);
+	if (strchr((char *) proto_info->sa_family_list, sa.sa_family))
+	    SOCKADDR_TO_HOSTADDR(&sa, len, &state->client_addr,
+				 (MAI_SERVPORT_STR *) 0, sa.sa_family);
+	else
+	    strncpy(state->client_addr.buf, "local", sizeof("local"));
 	if (msg_verbose)
 	    msg_info("connect (%s %s)",
 #ifdef AF_LOCAL
@@ -1257,7 +1262,6 @@ int     main(int argc, char **argv)
     int     backlog;
     int     ch;
     const char *protocols = INET_PROTO_NAME_ALL;
-    INET_PROTO_INFO *proto_info;
     const char *root_dir = 0;
     const char *user_privs = 0;
 
diff --git a/postfix/src/util/sane_accept.c b/postfix/src/util/sane_accept.c
index 5c49aa036..613177c29 100644
--- a/postfix/src/util/sane_accept.c
+++ b/postfix/src/util/sane_accept.c
@@ -106,8 +106,11 @@ int     sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len)
      * socket. Turning on keepalives will fix a blocking socket provided that
      * the kernel's keepalive timer expires before the Postfix watchdog
      * timer.
+     * 
+     * XXX Work around NAT induced damage by sending a keepalive before an idle
+     * connection is expired. This requires that the kernel keepalive timer
+     * is set to a short time, like 100s.
      */
-#if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
     else if (sa && (sa->sa_family == AF_INET
 #ifdef HAS_IPV6
 		    || sa->sa_family == AF_INET6
@@ -118,6 +121,5 @@ int     sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len)
 	(void) setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
 			  (char *) &on, sizeof(on));
     }
-#endif
     return (fd);
 }
diff --git a/postfix/src/util/sane_connect.c b/postfix/src/util/sane_connect.c
index ab18c5188..b8286a798 100644
--- a/postfix/src/util/sane_connect.c
+++ b/postfix/src/util/sane_connect.c
@@ -50,14 +50,16 @@ int     sane_connect(int sock, struct sockaddr * sa, SOCKADDR_SIZE len)
      * socket. Turning on keepalives will fix a blocking socket provided that
      * the kernel's keepalive timer expires before the Postfix watchdog
      * timer.
+     * 
+     * XXX Work around NAT induced damage by sending a keepalive before an idle
+     * connection is expired. This requires that the kernel keepalive timer
+     * is set to a short time, like 100s.
      */
-#if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
     if (sa->sa_family == AF_INET) {
 	int     on = 1;
 
 	(void) setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
 			  (char *) &on, sizeof(on));
     }
-#endif
     return (connect(sock, sa, len));
 }
diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c
index 47b6bc984..c20e3da47 100644
--- a/postfix/src/xsasl/xsasl_dovecot_server.c
+++ b/postfix/src/xsasl/xsasl_dovecot_server.c
@@ -123,7 +123,7 @@ static const char *xsasl_dovecot_server_get_mechanism_list(XSASL_SERVER *);
 static const char *xsasl_dovecot_server_get_username(XSASL_SERVER *);
 
 /* xsasl_dovecot_server_connect - initial auth server handshake */
- 
+
 static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
 {
     const char *myname = "xsasl_dovecot_server_connect";