postfix-3.10-20240928

postfix/HISTORY

@@ -28313,3 +28313,18 @@ Apologies for any names omitted.
 	smtp/smtp_params.c, smtp/smtp_tlsrpt.c, tls/tls_client.c,
 	tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c,
 	tls/tlsrpt_wrapper.c, tls/tlsrpt_wrapper.h.
+
+20240928
+
+	Feature (no code change): generate HTML anchors for manpage
+	sections, for example: cidr_table.5.html#table_format. The
+	anchor contains the section name, after replacing upper
+	case with lower case, and after replacing spaces with
+	underscores. File: mantools/man2html.
+
+	Cleanaup (no code change): regenerate all man-style pages
+	so that the parameter summaries at the end match the text
+	in postconf(5). This also updates embedded man-style
+	comments in Postfix source code. Files: mantools/man2html,
+	proto/aliases, cleanup/cleanup.c, local/local.c, smtpd/smtpd.c,
+	tlsproxy/tlsproxy.c.

postfix/WISHLIST

@@ -18,9 +18,10 @@ Wish list:
 	When debug logging is enabled, dict_db_open() logs a newline
 	character after the version info.
 
-	postsuper fails to write the maillog file while Postfix is down
+	postsuper fails to write the maillog file while Postfix is
-	(the fallback to 'direct write' happens after an irreversible
+	down (the fallback to 'direct write' happens after an
-	set_ugid() call).
+	irreversible set_ugid() call). Possible solution: figure
+	out if we can open the maillog file before dropping privileges.
 
 	The postdrop code should be more explicit about what
 	attrributes it will pass through. rec_attr_map() is not

postfix/conf/aliases

@@ -206,10 +206,13 @@ decode:		root
 #               updated with "newaliases" or with "sendmail -bi".
 # 
 #        alias_maps (see 'postconf -d' output)
-#               Optional lookup tables with aliases that apply only
+#               Optional lookup tables that are searched only  with
-#               to   local(8)   recipients;  this  is  unlike  vir-
+#               an  email  address  localpart  (no domain) and that
-#               tual_alias_maps  that  apply  to  all   recipients:
+#               apply only to local(8) recipients; this  is  unlike
-#               local(8), virtual, and remote.
+#               virtual_alias_maps  that  are often searched with a
+#               full email  address  (including  domain)  and  that
+#               apply  to  all  recipients:  local(8), virtual, and
+#               remote.
 # 
 #        allow_mail_to_commands (alias, forward)
 #               Restrict local(8) mail delivery  to  external  com-

postfix/html/aliases.5.html

@@ -7,15 +7,15 @@
 </head> <body> <pre>
 ALIASES(5)                                                          ALIASES(5)
 
-<b>NAME</b>
+<b><a name="name">NAME</a></b>
        aliases - Postfix local alias database format
 
-<b>SYNOPSIS</b>
+<b><a name="synopsis">SYNOPSIS</a></b>
        <b>newaliases</b>
 
        <b>postalias -q</b> <i>name</i> <b>[</b><i>file-type</i><b>]:[</b><i>file-name</i><b>]</b>
 
-<b>DESCRIPTION</b>
+<b><a name="description">DESCRIPTION</a></b>
        The  optional  <a href="aliases.5.html"><b>aliases</b>(5)</a>  table  (<a href="postconf.5.html#alias_maps">alias_maps</a>) redirects mail for local
        recipients. The redirections are  processed  by  the  Postfix  <a href="local.8.html"><b>local</b>(8)</a>
        delivery  agent.  This  table  is always searched with an email address
@@ -105,7 +105,7 @@ ALIASES(5)                                                          ALIASES(5)
               disallowed  by  default.  To enable, edit the <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_com</a>-</b>
               <b><a href="postconf.5.html#allow_mail_to_commands">mands</a></b> and <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameters.
 
-<b>ADDRESS EXTENSION</b>
+<b><a name="address_extension">ADDRESS EXTENSION</a></b>
        When alias database search fails, and the recipient localpart  contains
        the  optional  recipient  delimiter  (e.g.,  <i>user+foo</i>),  the  search is
        repeated for the unextended address (e.g., <i>user</i>).
@@ -114,11 +114,11 @@ ALIASES(5)                                                          ALIASES(5)
        unmatched address extension (<i>+foo</i>) is propagated to the result of table
        lookup.
 
-<b>CASE FOLDING</b>
+<b><a name="case_folding">CASE FOLDING</a></b>
        The <a href="local.8.html">local(8)</a> delivery agent always folds the search string to lowercase
        before database lookup.
 
-<b>REGULAR EXPRESSION TABLES</b>
+<b><a name="regular_expression_tables">REGULAR EXPRESSION TABLES</a></b>
        This  section  describes how the table lookups change when the table is
        given in the form of regular expressions. For a description of  regular
        expression  lookup  table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
@@ -133,7 +133,7 @@ ALIASES(5)                                                          ALIASES(5)
        Lookup results are the same as with indexed file lookups.  For security
        reasons there is no support for <b>$1</b>, <b>$2</b> etc. substring interpolation.
 
-<b>SECURITY</b>
+<b><a name="security">SECURITY</a></b>
        The  <a href="local.8.html"><b>local</b>(8)</a>  delivery agent disallows regular expression substitution
        of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
 
@@ -142,7 +142,7 @@ ALIASES(5)                                                          ALIASES(5)
        directly.  Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
        terminate with a fatal error.
 
-<b>CONFIGURATION PARAMETERS</b>
+<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
        The  following  <a href="postconf.5.html"><b>main.cf</b></a>  parameters  are especially relevant.  The text
        below provides only a  parameter  summary.  See  <a href="postconf.5.html"><b>postconf</b>(5)</a>  for  more
        details including examples.
@@ -152,9 +152,11 @@ ALIASES(5)                                                          ALIASES(5)
               "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
 
        <b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
-              Optional lookup tables with aliases that apply only to  <a href="local.8.html"><b>local</b>(8)</a>
+              Optional lookup tables that are  searched  only  with  an  email
-              recipients;  this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
+              address  localpart  (no  domain) and that apply only to <a href="local.8.html"><b>local</b>(8)</a>
-              recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
+              recipients; this is unlike  <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>  that  are  often
+              searched  with  a full email address (including domain) and that
+              apply to all recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
 
        <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
               Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
@@ -189,19 +191,19 @@ ALIASES(5)                                                          ALIASES(5)
               of  a  delivery attempt; do not update the Delivered-To: address
               while expanding aliases or .forward files.
 
-<b>STANDARDS</b>
+<b><a name="standards">STANDARDS</a></b>
        <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
 
-<b>SEE ALSO</b>
+<b><a name="see_also">SEE ALSO</a></b>
        <a href="local.8.html">local(8)</a>, local delivery agent
        <a href="newaliases.1.html">newaliases(1)</a>, create/update alias database
        <a href="postalias.1.html">postalias(1)</a>, create/update alias database
        <a href="postconf.5.html">postconf(5)</a>, configuration parameters
 
-<b>README FILES</b>
+<b><a name="readme_files">README FILES</a></b>
        <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
 
-<b>LICENSE</b>
+<b><a name="license">LICENSE</a></b>
        The Secure Mailer license must be distributed with this software.
 
 <b>AUTHOR(S)</b>

postfix/html/cleanup.8.html

@@ -7,13 +7,13 @@
 </head> <body> <pre>
 CLEANUP(8)                                                          CLEANUP(8)
 
-<b>NAME</b>
+<b><a name="name">NAME</a></b>
        cleanup - canonicalize and enqueue Postfix message
 
-<b>SYNOPSIS</b>
+<b><a name="synopsis">SYNOPSIS</a></b>
        <b>cleanup</b> [generic Postfix daemon options]
 
-<b>DESCRIPTION</b>
+<b><a name="description">DESCRIPTION</a></b>
        The  <a href="cleanup.8.html"><b>cleanup</b>(8)</a>  daemon  processes  inbound  mail,  inserts it into the
        <b>incoming</b> mail queue, and informs the queue manager of its arrival.
 
@@ -62,7 +62,7 @@ CLEANUP(8)                                                          CLEANUP(8)
        <a href="cleanup.8.html"><b>cleanup</b>(8)</a>  daemon  to bounce the message back to the sender in case of
        trouble.
 
-<b>STANDARDS</b>
+<b><a name="standards">STANDARDS</a></b>
        <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
        <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
        <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
@@ -71,14 +71,14 @@ CLEANUP(8)                                                          CLEANUP(8)
        <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
        <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
 
-<b>DIAGNOSTICS</b>
+<b><a name="diagnostics">DIAGNOSTICS</a></b>
        Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
 
-<b>BUGS</b>
+<b><a name="bugs">BUGS</a></b>
        Table-driven rewriting rules make it hard to express <b>if then  else</b>  and
        other logical relationships.
 
-<b>CONFIGURATION PARAMETERS</b>
+<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
        Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="cleanup.8.html"><b>cleanup</b>(8)</a> processes
        run for only a limited amount of time. Use the command "<b>postfix reload</b>"
        to speed up a change.
@@ -86,7 +86,7 @@ CLEANUP(8)                                                          CLEANUP(8)
        The  text  below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
        more details including examples.
 
-<b>COMPATIBILITY CONTROLS</b>
+<b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
        <b><a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> (see 'postconf -d' output)</b>
               Message header that the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server inserts when a
               message contains no To: or Cc: message header.
@@ -121,7 +121,7 @@ CLEANUP(8)                                                          CLEANUP(8)
        <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
               The format of the Postfix-generated <b>From:</b> header.
 
-<b>BUILT-IN CONTENT FILTERING CONTROLS</b>
+<b><a name="built-in_content_filtering_controls">BUILT-IN CONTENT FILTERING CONTROLS</a></b>
        Postfix built-in content filtering is meant to stop a flood of worms or
        viruses. It is not a general content filter.
 
@@ -170,7 +170,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               independent from how a remote mail server handles  such  charac-
               ters.
 
-<b>BEFORE QUEUE MILTER CONTROLS</b>
+<b><a name="before_queue_milter_controls">BEFORE QUEUE MILTER CONTROLS</a></b>
        As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
        filter) protocol. When mail is not received via  the  <a href="smtpd.8.html">smtpd(8)</a>  server,
        the <a href="cleanup.8.html">cleanup(8)</a> server will simulate SMTP events to the extent that this
@@ -256,7 +256,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               for  arbitrary  macros  that Postfix may send to Milter applica-
               tions.
 
-<b>MIME PROCESSING CONTROLS</b>
+<b><a name="mime_processing_controls">MIME PROCESSING CONTROLS</a></b>
        Available in Postfix version 2.0 and later:
 
        <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a> (no)</b>
@@ -289,7 +289,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               tent-Transfer-Encoding:  message  headers;  historically,   this
               behavior was hard-coded to be "always on".
 
-<b>AUTOMATIC BCC RECIPIENT CONTROLS</b>
+<b><a name="automatic_bcc_recipient_controls">AUTOMATIC BCC RECIPIENT CONTROLS</a></b>
        Postfix  can automatically add BCC (blind carbon copy) when mail enters
        the mail system:
 
@@ -307,7 +307,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               Optional BCC (blind carbon-copy) address lookup tables,  indexed
               by envelope recipient address.
 
-<b>ADDRESS TRANSFORMATION CONTROLS</b>
+<b><a name="address_transformation_controls">ADDRESS TRANSFORMATION CONTROLS</a></b>
        Address  rewriting  is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon.  The
        <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven address mapping.
 
@@ -353,9 +353,11 @@ CLEANUP(8)                                                          CLEANUP(8)
        Available in Postfix version 2.0 and later:
 
        <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
-              Optional lookup tables with aliases that apply  to  all  recipi-
+              Optional lookup tables that are often searched with a full email
-              ents:  <a href="local.8.html"><b>local</b>(8)</a>,  virtual, and remote; this is unlike <a href="postconf.5.html#alias_maps">alias_maps</a>
+              address  (including  domain)  and  that apply to all recipients:
-              that apply only to <a href="local.8.html"><b>local</b>(8)</a> recipients.
+              <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote; this is  unlike  <a href="postconf.5.html#alias_maps">alias_maps</a>  that
+              are  only  searched  with an email address localpart (no domain)
+              and that apply only to <a href="local.8.html"><b>local</b>(8)</a> recipients.
 
        Available in Postfix version 2.2 and later:
 
@@ -378,7 +380,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing head-
               ers.
 
-<b>RESOURCE AND RATE CONTROLS</b>
+<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
        <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
               The maximal number of addresses remembered by the address dupli-
               cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
@@ -431,7 +433,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               The maximal length of  an  email  address  after  virtual  alias
               expansion.
 
-<b>SMTPUTF8 CONTROLS</b>
+<b><a name="smtputf8_controls">SMTPUTF8 CONTROLS</a></b>
        Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
 
        <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
@@ -449,7 +451,7 @@ CLEANUP(8)                                                          CLEANUP(8)
               IDNA2008, when converting UTF-8 domain names to/from  the  ASCII
               form that is used for DNS lookups.
 
-<b>MISCELLANEOUS CONTROLS</b>
+<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
               The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
               figuration files.
@@ -530,11 +532,11 @@ CLEANUP(8)                                                          CLEANUP(8)
               able, before <a href="postconf.5.html#header_checks">header_checks</a>,  <a href="postconf.5.html#body_checks">body_checks</a>,  Milters,  and  before
               after-queue content filters.
 
-<b>FILES</b>
+<b><a name="files">FILES</a></b>
        /etc/postfix/canonical*, canonical mapping table
        /etc/postfix/virtual*, virtual mapping table
 
-<b>SEE ALSO</b>
+<b><a name="see_also">SEE ALSO</a></b>
        <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address rewriting
        <a href="qmgr.8.html">qmgr(8)</a>, queue manager
        <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
@@ -547,11 +549,11 @@ CLEANUP(8)                                                          CLEANUP(8)
        <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
        syslogd(8), system logging
 
-<b>README FILES</b>
+<b><a name="readme_files">README FILES</a></b>
        <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> Postfix address manipulation
        <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> content inspection
 
-<b>LICENSE</b>
+<b><a name="license">LICENSE</a></b>
        The Secure Mailer license must be distributed with this software.
 
 <b>AUTHOR(S)</b>

postfix/html/local.8.html

@@ -7,13 +7,13 @@
 </head> <body> <pre>
 LOCAL(8)                                                              LOCAL(8)
 
-<b>NAME</b>
+<b><a name="name">NAME</a></b>
        local - Postfix local mail delivery
 
-<b>SYNOPSIS</b>
+<b><a name="synopsis">SYNOPSIS</a></b>
        <b>local</b> [generic Postfix daemon options]
 
-<b>DESCRIPTION</b>
+<b><a name="description">DESCRIPTION</a></b>
        The  <a href="local.8.html"><b>local</b>(8)</a> daemon processes delivery requests from the Postfix queue
        manager to deliver mail to local  recipients.   Each  delivery  request
        specifies  a  queue file, a sender address, a domain or host to deliver
@@ -25,12 +25,12 @@ LOCAL(8)                                                              LOCAL(8)
        again  at  a  later  time.  Delivery  status  reports  are  sent to the
        <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
 
-<b>CASE FOLDING</b>
+<b><a name="case_folding">CASE FOLDING</a></b>
        All delivery decisions are made using the bare recipient name (i.e. the
        address  localpart),  folded  to  lower  case.   See also under ADDRESS
        EXTENSION below for a few exceptions.
 
-<b>SYSTEM-WIDE AND USER-LEVEL ALIASING</b>
+<b><a name="system-wide_and_user-level_aliasing">SYSTEM-WIDE AND USER-LEVEL ALIASING</a></b>
        The system administrator can set  up  one  or  more  system-wide  <b>send-</b>
        <b>mail</b>-style  alias  databases.  Users can have <b>sendmail</b>-style ~/.<b>forward</b>
        files.  Mail for <i>name</i> is delivered to the alias <i>name</i>,  to  destinations
@@ -80,7 +80,7 @@ LOCAL(8)                                                              LOCAL(8)
        attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> con-
        figuration parameter limits the number of remembered recipients.
 
-<b>MAIL FORWARDING</b>
+<b><a name="mail_forwarding">MAIL FORWARDING</a></b>
        For  the  sake  of reliability, forwarded mail is re-submitted as a new
        message, so that each recipient has a separate on-file delivery  status
        record.
@@ -90,7 +90,7 @@ LOCAL(8)                                                              LOCAL(8)
        address.  If  mail  arrives for a recipient that is already listed in a
        <b>Delivered-To:</b> header, the message is bounced.
 
-<b>MAILBOX DELIVERY</b>
+<b><a name="mailbox_delivery">MAILBOX DELIVERY</a></b>
        The default per-user mailbox is a file in the UNIX mail spool directory
        (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>); the location can be specified
        with the <b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a></b> configuration parameter. Specify  a  name
@@ -132,7 +132,7 @@ LOCAL(8)                                                              LOCAL(8)
        to Postfix, and prepends a <b>Return-Path:</b> header with the envelope sender
        address.
 
-<b>EXTERNAL COMMAND DELIVERY</b>
+<b><a name="external_command_delivery">EXTERNAL COMMAND DELIVERY</a></b>
        The  <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b>  configuration parameter restricts delivery
        to external commands. The default setting (<b>alias, forward</b>) forbids com-
        mand destinations in <b>:include:</b> files.
@@ -246,7 +246,7 @@ LOCAL(8)                                                              LOCAL(8)
        with  the  final  recipient  envelope  address, prepends a <b>Return-Path:</b>
        header with the sender envelope address, and appends no empty line.
 
-<b>EXTERNAL FILE DELIVERY</b>
+<b><a name="external_file_delivery">EXTERNAL FILE DELIVERY</a></b>
        The delivery format depends on the destination  filename  syntax.   The
        default  is to use UNIX-style mailbox format.  Specify a name ending in
        <b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
@@ -272,7 +272,7 @@ LOCAL(8)                                                              LOCAL(8)
        to  Postfix.   The  envelope  sender  address  is  available   in   the
        <b>Return-Path:</b> header.
 
-<b>ADDRESS EXTENSION</b>
+<b><a name="address_extension">ADDRESS EXTENSION</a></b>
        The  optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
        to separate address extensions from local recipient names.
 
@@ -281,7 +281,7 @@ LOCAL(8)                                                              LOCAL(8)
        tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
        owned by the user <i>name</i>, or it is sent back as undeliverable.
 
-<b>DELIVERY RIGHTS</b>
+<b><a name="delivery_rights">DELIVERY RIGHTS</a></b>
        Deliveries  to  external  files and external commands are made with the
        rights of the receiving user on whose behalf the delivery is made.   In
        the  absence  of  a  user  context,  the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
@@ -289,11 +289,11 @@ LOCAL(8)                                                              LOCAL(8)
        owned by the superuser, delivery is made with the rights specified with
        the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
 
-<b>STANDARDS</b>
+<b><a name="standards">STANDARDS</a></b>
        <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
        <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
 
-<b>DIAGNOSTICS</b>
+<b><a name="diagnostics">DIAGNOSTICS</a></b>
        Problems and transactions are  logged  to  <b>syslogd</b>(8)  or  <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
        Corrupted  message  files are marked so that the queue manager can move
        them to the <b>corrupt</b> queue afterwards.
@@ -301,7 +301,7 @@ LOCAL(8)                                                              LOCAL(8)
        Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the  postmas-
        ter is notified of bounces and of other trouble.
 
-<b>SECURITY</b>
+<b><a name="security">SECURITY</a></b>
        The  <a href="local.8.html"><b>local</b>(8)</a>  delivery agent needs a dual personality 1) to access the
        private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
        ent  and deliver to recipient-specified files or commands. It is there-
@@ -315,7 +315,7 @@ LOCAL(8)                                                              LOCAL(8)
        directly.  Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
        terminate with a fatal error.
 
-<b>BUGS</b>
+<b><a name="bugs">BUGS</a></b>
        For security reasons, the message delivery status of external  commands
        or  of  external  files is never checkpointed to file. As a result, the
        program may occasionally deliver more than once to a command or  exter-
@@ -325,7 +325,7 @@ LOCAL(8)                                                              LOCAL(8)
        The resulting mail forwarding loop is broken by the use of  the  <b>Deliv-</b>
        <b>ered-To:</b> message header.
 
-<b>CONFIGURATION PARAMETERS</b>
+<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
        Changes  to  <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
        run for only a limited amount of time. Use the command "<b>postfix reload</b>"
        to speed up a change.
@@ -333,7 +333,7 @@ LOCAL(8)                                                              LOCAL(8)
        The  text  below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
        more details including examples.
 
-<b>COMPATIBILITY CONTROLS</b>
+<b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
        <b><a href="postconf.5.html#biff">biff</a> (yes)</b>
               Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service.
 
@@ -377,16 +377,18 @@ LOCAL(8)                                                              LOCAL(8)
               status code or explanatory text of  successful  or  unsuccessful
               deliveries.
 
-<b>DELIVERY METHOD CONTROLS</b>
+<b><a name="delivery_method_controls">DELIVERY METHOD CONTROLS</a></b>
        The  precedence  of  <a href="local.8.html"><b>local</b>(8)</a>  delivery  methods  from  high to low is:
        aliases,  .forward  files,  <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,  <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
        <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>,  <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
        <a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
 
        <b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
-              Optional lookup tables with aliases that apply only to  <a href="local.8.html"><b>local</b>(8)</a>
+              Optional lookup tables that are  searched  only  with  an  email
-              recipients;  this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
+              address  localpart  (no  domain) and that apply only to <a href="local.8.html"><b>local</b>(8)</a>
-              recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
+              recipients; this is unlike  <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>  that  are  often
+              searched  with  a full email address (including domain) and that
+              apply to all recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
 
        <b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
               The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding  a  .forward
@@ -436,7 +438,7 @@ LOCAL(8)                                                              LOCAL(8)
               The  <a href="local.8.html"><b>local</b>(8)</a>  delivery  agent working directory for delivery to
               external commands.
 
-<b>MAILBOX LOCKING CONTROLS</b>
+<b><a name="mailbox_locking_controls">MAILBOX LOCKING CONTROLS</a></b>
        <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
               The maximal number of attempts to acquire an exclusive lock on a
               mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
@@ -453,7 +455,7 @@ LOCAL(8)                                                              LOCAL(8)
               How  to  lock  a  UNIX-style  <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
               delivery.
 
-<b>RESOURCE AND RATE CONTROLS</b>
+<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
        <b><a href="postconf.5.html#command_time_limit">command_time_limit</a> (1000s)</b>
               Time limit for delivery to external commands.
 
@@ -479,7 +481,7 @@ LOCAL(8)                                                              LOCAL(8)
               The  maximal  number  of recipients per message delivery via the
               local mail delivery transport.
 
-<b>SECURITY CONTROLS</b>
+<b><a name="security_controls">SECURITY CONTROLS</a></b>
        <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
               Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
 
@@ -511,7 +513,7 @@ LOCAL(8)                                                              LOCAL(8)
               Defer  delivery  when a mailbox file is not owned by its recipi-
               ent.
 
-<b>MISCELLANEOUS CONTROLS</b>
+<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
               The default location of the Postfix <a href="postconf.5.html">main.cf</a> and  <a href="master.5.html">master.cf</a>  con-
               figuration files.
@@ -593,13 +595,13 @@ LOCAL(8)                                                              LOCAL(8)
               The  email  address  form that will be used in non-debug logging
               (info, warning, etc.).
 
-<b>FILES</b>
+<b><a name="files">FILES</a></b>
        The following are examples; details differ between systems.
        $HOME/.forward, per-user aliasing
        /etc/aliases, system-wide alias database
        /var/spool/mail, system mailboxes
 
-<b>SEE ALSO</b>
+<b><a name="see_also">SEE ALSO</a></b>
        <a href="qmgr.8.html">qmgr(8)</a>, queue manager
        <a href="bounce.8.html">bounce(8)</a>, delivery status reports
        <a href="newaliases.1.html">newaliases(1)</a>, create/update alias database
@@ -610,10 +612,10 @@ LOCAL(8)                                                              LOCAL(8)
        <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
        syslogd(8), system logging
 
-<b>LICENSE</b>
+<b><a name="license">LICENSE</a></b>
        The Secure Mailer license must be distributed with this software.
 
-<b>HISTORY</b>
+<b><a name="history">HISTORY</a></b>
        The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by  Daniel
        Bernstein.
 

postfix/html/smtpd.8.html

@@ -7,15 +7,15 @@
 </head> <body> <pre>
 SMTPD(8)                                                              SMTPD(8)
 
-<b>NAME</b>
+<b><a name="name">NAME</a></b>
        smtpd - Postfix SMTP server
 
-<b>SYNOPSIS</b>
+<b><a name="synopsis">SYNOPSIS</a></b>
        <b>smtpd</b> [generic Postfix daemon options]
 
        <b>sendmail -bs</b>
 
-<b>DESCRIPTION</b>
+<b><a name="description">DESCRIPTION</a></b>
        The  SMTP  server accepts network connection requests and performs zero
        or more SMTP transactions per connection.   Each  received  message  is
        piped  through  the  <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b>
@@ -35,12 +35,12 @@ SMTPD(8)                                                              SMTPD(8)
        <b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura-
        tion file.
 
-<b>SECURITY</b>
+<b><a name="security">SECURITY</a></b>
        The SMTP server is moderately  security-sensitive.  It  talks  to  SMTP
        clients  and  to DNS servers on the network. The SMTP server can be run
        chrooted at fixed low privilege.
 
-<b>STANDARDS</b>
+<b><a name="standards">STANDARDS</a></b>
        <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
        <a href="https://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
        <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
@@ -63,14 +63,14 @@ SMTPD(8)                                                              SMTPD(8)
        <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
        <a href="https://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
 
-<b>DIAGNOSTICS</b>
+<b><a name="diagnostics">DIAGNOSTICS</a></b>
        Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
 
        Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the  postmas-
        ter  is  notified of bounces, protocol problems, policy violations, and
        of other trouble.
 
-<b>CONFIGURATION PARAMETERS</b>
+<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
        Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  processes
        run for only a limited amount of time. Use the command "<b>postfix reload</b>"
        to speed up a change.
@@ -78,7 +78,7 @@ SMTPD(8)                                                              SMTPD(8)
        The text below provides only a parameter summary. See  <a href="postconf.5.html"><b>postconf</b>(5)</a>  for
        more details including examples.
 
-<b>COMPATIBILITY CONTROLS</b>
+<b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
        The  following  parameters  work  around implementation errors in other
        software, and/or allow you to override standards in  order  to  prevent
        undesirable use.
@@ -190,7 +190,7 @@ SMTPD(8)                                                              SMTPD(8)
               DATA  and  BDAT  requests,  when  deadlines  are  enabled   with
               <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>.
 
-<b>ADDRESS REWRITING CONTROLS</b>
+<b><a name="address_rewriting_controls">ADDRESS REWRITING CONTROLS</a></b>
        See  the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of
        Postfix address rewriting.
 
@@ -205,7 +205,7 @@ SMTPD(8)                                                              SMTPD(8)
               updating incomplete addresses with the domain name in  $<a href="postconf.5.html#myorigin">myorigin</a>
               or $<a href="postconf.5.html#mydomain">mydomain</a>, and adding missing headers.
 
-<b>BEFORE-SMTPD PROXY AGENT</b>
+<b><a name="before-smtpd_proxy_agent">BEFORE-SMTPD PROXY AGENT</a></b>
        Available in Postfix version 2.10 and later:
 
        <b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b>
@@ -216,7 +216,7 @@ SMTPD(8)                                                              SMTPD(8)
               The time  limit  for  the  proxy  protocol  specified  with  the
               <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
 
-<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
+<b><a name="after_queue_external_content_inspection_controls">AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</a></b>
        As  of  version  1.0,  Postfix can be configured to send new mail to an
        external content filter AFTER the mail is queued. This  content  filter
        is  expected to inject mail back into a (Postfix or other) MTA for fur-
@@ -226,7 +226,7 @@ SMTPD(8)                                                              SMTPD(8)
               After the message is queued, send  the  entire  message  to  the
               specified <i>transport:destination</i>.
 
-<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
+<b><a name="before_queue_external_content_inspection_controls">BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</a></b>
        As  of  version  2.1, the Postfix SMTP server can be configured to send
        incoming mail to a real-time SMTP-based content filter BEFORE  mail  is
        queued.  This content filter is expected to inject mail back into Post-
@@ -248,7 +248,7 @@ SMTPD(8)                                                              SMTPD(8)
               The  time limit for connecting to a proxy filter and for sending
               or receiving information.
 
-<b>BEFORE QUEUE MILTER CONTROLS</b>
+<b><a name="before_queue_milter_controls">BEFORE QUEUE MILTER CONTROLS</a></b>
        As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
        filter)  protocol.  These content filters run outside Postfix. They can
        inspect the SMTP command  stream  and  the  message  content,  and  can
@@ -333,7 +333,7 @@ SMTPD(8)                                                              SMTPD(8)
               Lookup  tables  with  Milter  settings per remote SMTP client IP
               address.
 
-<b>GENERAL CONTENT INSPECTION CONTROLS</b>
+<b><a name="general_content_inspection_controls">GENERAL CONTENT INSPECTION CONTROLS</a></b>
        The following parameters are applicable for both built-in and  external
        content filters.
 
@@ -343,7 +343,7 @@ SMTPD(8)                                                              SMTPD(8)
               Enable or disable recipient validation, built-in content filter-
               ing, or address mapping.
 
-<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
+<b><a name="external_content_inspection_controls">EXTERNAL CONTENT INSPECTION CONTROLS</a></b>
        The following parameters  are  applicable  for  both  before-queue  and
        after-queue content filtering.
 
@@ -353,7 +353,7 @@ SMTPD(8)                                                              SMTPD(8)
               What  remote  SMTP  clients are allowed to use the XFORWARD fea-
               ture.
 
-<b>SASL AUTHENTICATION CONTROLS</b>
+<b><a name="sasl_authentication_controls">SASL AUTHENTICATION CONTROLS</a></b>
        Postfix SASL support (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
        clients  to  the  Postfix  SMTP server, and to authenticate the Postfix
        SMTP client to a remote SMTP server.  See the <a href="SASL_README.html">SASL_README</a> document  for
@@ -377,7 +377,7 @@ SMTPD(8)                                                              SMTPD(8)
 
        <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
               Optional  lookup  table  with  the SASL login names that own the
-              sender (MAIL FROM) addresses.
+              envelope sender (MAIL FROM) addresses.
 
        Available in Postfix version 2.1 and later:
 
@@ -430,7 +430,7 @@ SMTPD(8)                                                              SMTPD(8)
               If  non-empty,  a  filter  for the SASL mechanism names that the
               Postfix SMTP server will announce in the EHLO response.
 
-<b>STARTTLS SUPPORT CONTROLS</b>
+<b><a name="starttls_support_controls">STARTTLS SUPPORT CONTROLS</a></b>
        Detailed information about STARTTLS configuration may be found  in  the
        <a href="TLS_README.html">TLS_README</a> document.
 
@@ -612,8 +612,8 @@ SMTPD(8)                                                              SMTPD(8)
        Available in Postfix version 3.2 and later:
 
        <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
-              The prioritized list of elliptic curves supported by the Postfix
+              The  prioritized list of elliptic curves, that should be enabled
-              SMTP client and server.
+              in the Postfix SMTP client and server.
 
        Available in Postfix version 3.4 and later:
 
@@ -655,7 +655,7 @@ SMTPD(8)                                                              SMTPD(8)
               instead of an X.509 certificate, when asking  for  or  requiring
               client authentication.
 
-<b>OBSOLETE STARTTLS CONTROLS</b>
+<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b>
        The  following  configuration  parameters  exist for compatibility with
        Postfix versions before 2.3. Support for these will  be  removed  in  a
        future release.
@@ -673,7 +673,7 @@ SMTPD(8)                                                              SMTPD(8)
               Obsolete Postfix &lt; 2.3 control for the Postfix SMTP  server  TLS
               cipher list.
 
-<b>SMTPUTF8 CONTROLS</b>
+<b><a name="smtputf8_controls">SMTPUTF8 CONTROLS</a></b>
        Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
 
        <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
@@ -694,7 +694,7 @@ SMTPD(8)                                                              SMTPD(8)
               IDNA2008, when converting UTF-8 domain names to/from  the  ASCII
               form that is used for DNS lookups.
 
-<b>VERP SUPPORT CONTROLS</b>
+<b><a name="verp_support_controls">VERP SUPPORT CONTROLS</a></b>
        With  VERP  style delivery, each recipient of a message receives a cus-
        tomized copy of the message with his/her own recipient address  encoded
        in the envelope sender address.  The <a href="VERP_README.html">VERP_README</a> file describes config-
@@ -722,7 +722,7 @@ SMTPD(8)                                                              SMTPD(8)
               What  remote  SMTP clients are allowed to specify the XVERP com-
               mand.
 
-<b>TROUBLE SHOOTING CONTROLS</b>
+<b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
        The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of  the  Postfix
        mail  system.  The  methods  vary from making the software log a lot of
        detail, to running some daemon processes under control of a call tracer
@@ -772,7 +772,7 @@ SMTPD(8)                                                              SMTPD(8)
               access lists (by default, the SMTP server logs "reject"  actions
               but not "permit" actions).
 
-<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
+<b><a name="known_versus_unknown_recipient_controls">KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</a></b>
        As  of  Postfix  version  2.0, the SMTP server rejects mail for unknown
        recipients. This prevents the mail queue from clogging up with undeliv-
        erable  MAILER-DAEMON messages. Additional information on this topic is
@@ -878,7 +878,7 @@ SMTPD(8)                                                              SMTPD(8)
               specifies a list of lookup tables that does not match the recip-
               ient address.
 
-<b>RESOURCE AND RATE CONTROLS</b>
+<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
        The following parameters limit resource usage by the SMTP server and/or
        control client request rates.
 
@@ -1014,7 +1014,7 @@ SMTPD(8)                                                              SMTPD(8)
               The numerical Postfix SMTP server response code when rejecting a
               request with "<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject".
 
-<b>TARPIT CONTROLS</b>
+<b><a name="tarpit_controls">TARPIT CONTROLS</a></b>
        When  a  remote  SMTP  client makes errors, the Postfix SMTP server can
        insert delays before responding. This can help to  slow  down  run-away
        software.   The  behavior is controlled by an error counter that counts
@@ -1049,7 +1049,7 @@ SMTPD(8)                                                              SMTPD(8)
               before  the Postfix SMTP server increments the per-session error
               count for each excess recipient.
 
-<b>ACCESS POLICY DELEGATION CONTROLS</b>
+<b><a name="access_policy_delegation_controls">ACCESS POLICY DELEGATION CONTROLS</a></b>
        As of version 2.1, Postfix can be configured to delegate access  policy
        decisions  to  an  external  server that runs outside Postfix.  See the
        file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
@@ -1092,7 +1092,7 @@ SMTPD(8)                                                              SMTPD(8)
               (originally, to share the same service endpoint  among  multiple
               <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
 
-<b>ACCESS CONTROLS</b>
+<b><a name="access_controls">ACCESS CONTROLS</a></b>
        The  <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
        server access control features.
 
@@ -1186,7 +1186,7 @@ SMTPD(8)                                                              SMTPD(8)
               server applies in the context of the  RCPT  TO  command,  before
               <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
 
-<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
+<b><a name="sender_and_recipient_address_verification_controls">SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</a></b>
        Postfix  version  2.1 introduces sender and recipient address verifica-
        tion.  This feature is implemented by sending probe email messages that
        are  not  actually  delivered.   This  feature  is  requested  via  the
@@ -1249,7 +1249,7 @@ SMTPD(8)                                                              SMTPD(8)
               The  time  between  changes  in  the  time-dependent  portion of
               address verification probe sender addresses.
 
-<b>ACCESS CONTROL RESPONSES</b>
+<b><a name="access_control_responses">ACCESS CONTROL RESPONSES</a></b>
        The following parameters control numerical SMTP reply codes and/or text
        responses.
 
@@ -1338,7 +1338,7 @@ SMTPD(8)                                                              SMTPD(8)
               <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or  <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
               fail due to a temporary error condition.
 
-<b>MISCELLANEOUS CONTROLS</b>
+<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
               The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
               figuration files.
@@ -1432,7 +1432,7 @@ SMTPD(8)                                                              SMTPD(8)
               Lookup  tables,  indexed by the complete Postfix SMTP server 4xx
               or 5xx response, with reject footer templates.
 
-<b>SEE ALSO</b>
+<b><a name="see_also">SEE ALSO</a></b>
        <a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
        <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
        <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
@@ -1444,7 +1444,7 @@ SMTPD(8)                                                              SMTPD(8)
        <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
        syslogd(8), system logging
 
-<b>README FILES</b>
+<b><a name="readme_files">README FILES</a></b>
        <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, blocking unknown hosted or relay recipients
        <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, Postfix address manipulation
        <a href="BDAT_README.html">BDAT_README</a>, Postfix CHUNKING support
@@ -1460,7 +1460,7 @@ SMTPD(8)                                                              SMTPD(8)
        <a href="XCLIENT_README.html">XCLIENT_README</a>, Postfix XCLIENT extension
        <a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
 
-<b>LICENSE</b>
+<b><a name="license">LICENSE</a></b>
        The Secure Mailer license must be distributed with this software.
 
 <b>AUTHOR(S)</b>

postfix/html/tlsproxy.8.html

@@ -7,13 +7,13 @@
 </head> <body> <pre>
 TLSPROXY(8)                                                        TLSPROXY(8)
 
-<b>NAME</b>
+<b><a name="name">NAME</a></b>
        tlsproxy - Postfix TLS proxy
 
-<b>SYNOPSIS</b>
+<b><a name="synopsis">SYNOPSIS</a></b>
        <b>tlsproxy</b> [generic Postfix daemon options]
 
-<b>DESCRIPTION</b>
+<b><a name="description">DESCRIPTION</a></b>
        The  <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>  server  implements a two-way TLS proxy. It is used by
        the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server to talk SMTP-over-TLS with remote SMTP clients
        that  are not allowlisted (including clients whose allowlist status has
@@ -24,7 +24,7 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        same time, it is a good idea  to  allow  the  number  of  processes  to
        increase with load, so that the service remains responsive.
 
-<b>PROTOCOL EXAMPLE</b>
+<b><a name="protocol_example">PROTOCOL EXAMPLE</a></b>
        The  example  below  concerns  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>.  However, the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
        server is agnostic of the application protocol, and the example is eas-
        ily adapted to other applications.
@@ -40,15 +40,15 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        of  the  TLS-level  handshake, <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> translates between plaintext
        from/to <a href="postscreen.8.html"><b>postscreen</b>(8)</a> and ciphertext to/from the remote SMTP client.
 
-<b>SECURITY</b>
+<b><a name="security">SECURITY</a></b>
        The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is moderately security-sensitive.  It  talks  to
        untrusted  clients  on  the network. The process can be run chrooted at
        fixed low privilege.
 
-<b>DIAGNOSTICS</b>
+<b><a name="diagnostics">DIAGNOSTICS</a></b>
        Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
 
-<b>CONFIGURATION PARAMETERS</b>
+<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
        Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> pro-
        cesses  may run for a long time depending on mail server load.  Use the
        command "<b>postfix reload</b>" to speed up a change.
@@ -56,7 +56,7 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        The text below provides only a parameter summary. See  <a href="postconf.5.html"><b>postconf</b>(5)</a>  for
        more details including examples.
 
-<b>STARTTLS GLOBAL CONTROLS</b>
+<b><a name="starttls_global_controls">STARTTLS GLOBAL CONTROLS</a></b>
        The  following settings are global and therefore cannot be overruled by
        information specified in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request.
 
@@ -137,8 +137,8 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        Available in Postfix version 3.2 and later:
 
        <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
-              The prioritized list of elliptic curves supported by the Postfix
+              The prioritized list of elliptic curves, that should be  enabled
-              SMTP client and server.
+              in the Postfix SMTP client and server.
 
        Available in Postfix version 3.4 and later:
 
@@ -169,7 +169,7 @@ TLSPROXY(8)                                                        TLSPROXY(8)
               The application name passed by Postfix to OpenSSL  library  ini-
               tialization functions.
 
-<b>STARTTLS SERVER CONTROLS</b>
+<b><a name="starttls_server_controls">STARTTLS SERVER CONTROLS</a></b>
        These  settings are clones of Postfix SMTP server settings.  They allow
        <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
        the  Postfix  SMTP  server, before dropping privileges, so that the key
@@ -287,7 +287,7 @@ TLSPROXY(8)                                                        TLSPROXY(8)
               instead of an X.509 certificate, when asking or requiring client
               authentication.
 
-<b>STARTTLS CLIENT CONTROLS</b>
+<b><a name="starttls_client_controls">STARTTLS CLIENT CONTROLS</a></b>
        These settings are clones of Postfix SMTP client settings.  They  allow
        <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
        the Postfix SMTP client, before dropping privileges, so  that  the  key
@@ -381,7 +381,7 @@ TLSPROXY(8)                                                        TLSPROXY(8)
               Optional  lookup  tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
               security policy by next-hop destination.
 
-<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
+<b><a name="obsolete_starttls_support_controls">OBSOLETE STARTTLS SUPPORT CONTROLS</a></b>
        These parameters are supported for compatibility with  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  legacy
        parameters.
 
@@ -400,12 +400,12 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        <b><a href="postconf.5.html#tlsproxy_client_enforce_tls">tlsproxy_client_enforce_tls</a> ($<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>)</b>
               Enforcement mode: require that SMTP servers use TLS  encryption.
 
-<b>RESOURCE CONTROLS</b>
+<b><a name="resource_controls">RESOURCE CONTROLS</a></b>
        <b><a href="postconf.5.html#tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> (10s)</b>
               How much time a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process may take to process local or
               remote I/O before it is terminated by a built-in watchdog timer.
 
-<b>MISCELLANEOUS CONTROLS</b>
+<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
               The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
               figuration files.
@@ -428,17 +428,17 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
               The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
 
-<b>SEE ALSO</b>
+<b><a name="see_also">SEE ALSO</a></b>
        <a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
        <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
        <a href="postconf.5.html">postconf(5)</a>, configuration parameters
        <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
        syslogd(8), system logging
 
-<b>LICENSE</b>
+<b><a name="license">LICENSE</a></b>
        The Secure Mailer license must be distributed with this software.
 
-<b>HISTORY</b>
+<b><a name="history">HISTORY</a></b>
        This service was introduced with Postfix version 2.8.
 
 <b>AUTHOR(S)</b>

postfix/man/man5/aliases.5

@@ -175,9 +175,11 @@ The text below provides only a parameter summary. See
 The alias databases for \fBlocal\fR(8) delivery that are updated with
 "\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
 .IP "\fBalias_maps (see 'postconf -d' output)\fR"
-Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
+Optional lookup tables that are searched only with an email address
-recipients; this is unlike virtual_alias_maps that apply to all
+localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
-recipients: \fBlocal\fR(8), virtual, and remote.
+this is unlike virtual_alias_maps that are often searched with a
+full email address (including domain) and that apply to all recipients:
+\fBlocal\fR(8), virtual, and remote.
 .IP "\fBallow_mail_to_commands (alias, forward)\fR"
 Restrict \fBlocal\fR(8) mail delivery to external commands.
 .IP "\fBallow_mail_to_files (alias, forward)\fR"

postfix/man/man8/cleanup.8

@@ -329,8 +329,10 @@ remote domains.
 .PP
 Available in Postfix version 2.0 and later:
 .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
-Optional lookup tables with aliases that apply to all recipients:
+Optional lookup tables that are often searched with a full email
-\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply
+address (including domain) and that apply to all recipients: \fBlocal\fR(8),
+virtual, and remote; this is unlike alias_maps that are only searched
+with an email address localpart (no domain) and that apply
 only to \fBlocal\fR(8) recipients.
 .PP
 Available in Postfix version 2.2 and later:

postfix/man/man8/local.8

@@ -452,9 +452,11 @@ mailbox_transport, mailbox_command_maps, mailbox_command,
 home_mailbox, mail_spool_directory, fallback_transport_maps,
 fallback_transport, and luser_relay.
 .IP "\fBalias_maps (see 'postconf -d' output)\fR"
-Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
+Optional lookup tables that are searched only with an email address
-recipients; this is unlike virtual_alias_maps that apply to all
+localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
-recipients: \fBlocal\fR(8), virtual, and remote.
+this is unlike virtual_alias_maps that are often searched with a
+full email address (including domain) and that apply to all recipients:
+\fBlocal\fR(8), virtual, and remote.
 .IP "\fBforward_path (see 'postconf -d' output)\fR"
 The \fBlocal\fR(8) delivery agent search list for finding a .forward
 file with user\-specified delivery methods.

postfix/man/man8/smtpd.8

@@ -357,7 +357,8 @@ the list of available
 features depends on the SASL server implementation that is selected
 with \fBsmtpd_sasl_type\fR.
 .IP "\fBsmtpd_sender_login_maps (empty)\fR"
-Optional lookup table with the SASL login names that own the sender
+Optional lookup table with the SASL login names that own the
+envelope sender
 (MAIL FROM) addresses.
 .PP
 Available in Postfix version 2.1 and later:
@@ -542,8 +543,8 @@ Algorithm used to encrypt RFC5077 TLS session tickets.
 .PP
 Available in Postfix version 3.2 and later:
 .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
-The prioritized list of elliptic curves supported by the Postfix
+The prioritized list of elliptic curves, that should be enabled in the
-SMTP client and server.
+Postfix SMTP client and server.
 .PP
 Available in Postfix version 3.4 and later:
 .IP "\fBsmtpd_tls_chain_files (empty)\fR"

postfix/man/man8/tlsproxy.8

@@ -139,8 +139,8 @@ The location of the OpenSSL command line program \fBopenssl\fR(1).
 .PP
 Available in Postfix version 3.2 and later:
 .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
-The prioritized list of elliptic curves supported by the Postfix
+The prioritized list of elliptic curves, that should be enabled in the
-SMTP client and server.
+Postfix SMTP client and server.
 .PP
 Available in Postfix version 3.4 and later:
 .IP "\fBtls_server_sni_maps (empty)\fR"

postfix/mantools/man2html

@@ -44,6 +44,19 @@ sed '
 		N
 		g
 	}
+
+	# Generate anchors for sections.
+	/^<b>\([A-Z][-_A-Z0-9 ]*\)<\/b>/{
+		s//\1/
+		s/[ 	]*$//
+		h
+		y/ABCDEFGHIJKLMNOPQRSTUVWXYZ /abcdefghijklmnopqrstuvwxyz_/
+		s/^/<b><a name="/
+		s/$/">/
+		G
+		s/\n//
+		s;$;</a></b>;
+	}
 ' "$@"
 
 echo '</pre> </body> </html>'

postfix/proto/aliases

@@ -159,9 +159,11 @@
 #	The alias databases for \fBlocal\fR(8) delivery that are updated with
 #	"\fBnewaliases\fR" or with "\fBsendmail -bi\fR".
 # .IP "\fBalias_maps (see 'postconf -d' output)\fR"
-#	Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
+#	Optional lookup tables that are searched only with an email address
-#	recipients; this is unlike virtual_alias_maps that apply to all
+#	localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
-#	recipients: \fBlocal\fR(8), virtual, and remote.
+#	this is unlike virtual_alias_maps that are often searched with a
+#	full email address (including domain) and that apply to all recipients:
+#	\fBlocal\fR(8), virtual, and remote.
 # .IP "\fBallow_mail_to_commands (alias, forward)\fR"
 #	Restrict \fBlocal\fR(8) mail delivery to external commands.
 # .IP "\fBallow_mail_to_files (alias, forward)\fR"

postfix/proto/stop.double-history

@@ -132,3 +132,4 @@ proto  proto mysql_table proto pgsql_table proto ldap_table
  File postcat postcat c 
  Files src tls tls h src tls tls_dh c src tls tls_misc c 
  proto TLSRPT_README html proto postconf proto smtp smtp c 
+ proto aliases cleanup cleanup c local local c smtpd smtpd c 

postfix/src/cleanup/cleanup.c

@@ -303,8 +303,10 @@
 /* .PP
 /*	Available in Postfix version 2.0 and later:
 /* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
-/*	Optional lookup tables with aliases that apply to all recipients:
+/*	Optional lookup tables that are often searched with a full email
-/*	\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply
+/*	address (including domain) and that apply to all recipients: \fBlocal\fR(8),
+/*	virtual, and remote; this is unlike alias_maps that are only searched
+/*	with an email address localpart (no domain) and that apply
 /*	only to \fBlocal\fR(8) recipients.
 /* .PP
 /*	Available in Postfix version 2.2 and later:

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20240927"
+#define MAIL_RELEASE_DATE	"20240928"
 #define MAIL_VERSION_NUMBER	"3.10"
 
 #ifdef SNAPSHOT

postfix/src/local/local.c

@@ -416,9 +416,11 @@
 /*	home_mailbox, mail_spool_directory, fallback_transport_maps,
 /*	fallback_transport, and luser_relay.
 /* .IP "\fBalias_maps (see 'postconf -d' output)\fR"
-/*	Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
+/*	Optional lookup tables that are searched only with an email address
-/*	recipients; this is unlike virtual_alias_maps that apply to all
+/*	localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
-/*	recipients: \fBlocal\fR(8), virtual, and remote.
+/*	this is unlike virtual_alias_maps that are often searched with a
+/*	full email address (including domain) and that apply to all recipients:
+/*	\fBlocal\fR(8), virtual, and remote.
 /* .IP "\fBforward_path (see 'postconf -d' output)\fR"
 /*	The \fBlocal\fR(8) delivery agent search list for finding a .forward
 /*	file with user-specified delivery methods.

postfix/src/smtpd/smtpd.c

@@ -325,7 +325,8 @@
 /*	features depends on the SASL server implementation that is selected
 /*	with \fBsmtpd_sasl_type\fR.
 /* .IP "\fBsmtpd_sender_login_maps (empty)\fR"
-/*	Optional lookup table with the SASL login names that own the sender
+/*	Optional lookup table with the SASL login names that own the
+/*	envelope sender
 /*	(MAIL FROM) addresses.
 /* .PP
 /*	Available in Postfix version 2.1 and later:
@@ -508,8 +509,8 @@
 /* .PP
 /*	Available in Postfix version 3.2 and later:
 /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
-/*	The prioritized list of elliptic curves supported by the Postfix
+/*	The prioritized list of elliptic curves, that should be enabled in the
-/*	SMTP client and server.
+/*	Postfix SMTP client and server.
 /* .PP
 /*	Available in Postfix version 3.4 and later:
 /* .IP "\fBsmtpd_tls_chain_files (empty)\fR"

postfix/src/tlsproxy/tlsproxy.c

@@ -123,8 +123,8 @@
 /* .PP
 /*	Available in Postfix version 3.2 and later:
 /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
-/*	The prioritized list of elliptic curves supported by the Postfix
+/*	The prioritized list of elliptic curves, that should be enabled in the
-/*	SMTP client and server.
+/*	Postfix SMTP client and server.
 /* .PP
 /*	Available in Postfix version 3.4 and later:
 /* .IP "\fBtls_server_sni_maps (empty)\fR"