diff --git a/postfix/HISTORY b/postfix/HISTORY index 02a620062..159afb167 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -22885,9 +22885,44 @@ Apologies for any names omitted. 20170129 - Cleanup: environment settings for root and non-root users - in set-gid programs. File: postqueue/postqueue.c (enforce - import_environment name=value overrides for root users), - util/msg_syslog_init.c (don't override non-existent TZ - settings), util/unsafe.c (exclude root from privilege - escalation concerns). + Cleanup: bogus UTC timezone setting for postqueue/mailq + command output, and other environment settings for root and + non-root users in set-gid programs. File: postqueue/postqueue.c + (enforce import_environment name=value overrides for root + users), util/msg_syslog_init.c (don't override non-existent + TZ settings with UTC), util/unsafe.c (exclude uid==0, euid==0 + super-user from privilege escalation concerns). + +20170131 + + Cleanup: more complete VALGRIND coverage for test build targets + and scripts. Files: postalias/fail_test.in, postmap/fail_test.in, + postmap/quote_test.in, util/dict_pipe_test.in, + util/dict_union_test.in, util/dict_utf8_test.in. + + +20170201 + + Portability: unsetenv() for ancient platforms. File: + makedefs, util/sys_compat.c. + +20170205 + + Cleanup: security checks for config_directory overrides. + File: global/mail_conf.c. + + Cleanup: enforce import_environment name=value settings in + command-line utilities, for consistency with Postfix daemons (but + without removing environment variables). This is not enforced + in the postconf command which must be able to process main.cf + files with incomplete settings. Files: postalias/postalias.c, + postcat/postcat.c, postkick/postkick.c, postlock/postlock.c, + postlog/postlog.c, postmap/postmap.c, postsuper/postsuper.c, + posttls-finger/posttls-finger.c, sendmail/sendmail.c, + util/clean_env.[hc]. + +20170206 + + Bugfix (introduced: Postfix 2.2): check_mumble_a_access + did not handle [ipaddress], unlike check_mumble_mx_access. + Reported by James (postfix_tracker). File: smtpd/smtpd_check.c. diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index e7d14fb53..802169364 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -405,6 +405,11 @@ SENDMAIL(1) SENDMAIL(1) The time after which the sender receives a copy of the message headers of mail that is still queued. + import_environment (see 'postconf -d' output) + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or + name=value environment overrides. + mail_owner (postfix) The UNIX system account that owns the Postfix queue and most Postfix daemon processes. @@ -429,7 +434,7 @@ SENDMAIL(1) SENDMAIL(1) alternate_config_directories (empty) A list of non-default Postfix configuration directories that may be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with -C config_directory"), or via the + the case of sendmail(1), with "-C config_directory"), or via the MAIL_CONFIG environment parameter. multi_instance_directories (empty) diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index e7d14fb53..802169364 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -405,6 +405,11 @@ SENDMAIL(1) SENDMAIL(1) The time after which the sender receives a copy of the message headers of mail that is still queued. + import_environment (see 'postconf -d' output) + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or + name=value environment overrides. + mail_owner (postfix) The UNIX system account that owns the Postfix queue and most Postfix daemon processes. @@ -429,7 +434,7 @@ SENDMAIL(1) SENDMAIL(1) alternate_config_directories (empty) A list of non-default Postfix configuration directories that may be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with -C config_directory"), or via the + the case of sendmail(1), with "-C config_directory"), or via the MAIL_CONFIG environment parameter. multi_instance_directories (empty) diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index e53d79162..b424a6700 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -187,6 +187,11 @@ POSTALIAS(1) POSTALIAS(1) The default database type for use in newaliases(1), postalias(1) and postmap(1) commands. + import_environment (see 'postconf -d' output) + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or + name=value environment overrides. + smtputf8_enable (yes) Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. diff --git a/postfix/html/postcat.1.html b/postfix/html/postcat.1.html index 000619ba9..9424d55f1 100644 --- a/postfix/html/postcat.1.html +++ b/postfix/html/postcat.1.html @@ -74,6 +74,11 @@ POSTCAT(1) POSTCAT(1) The default location of the Postfix main.cf and master.cf con- figuration files. + import_environment (see 'postconf -d' output) + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or + name=value environment overrides. + queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index cbb594b41..e07de0892 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -226,11 +226,12 @@ POSTCONF(1) POSTCONF(1) environ The UNIX process environment array. The lookup key is the - variable name. Originally implemented for testing, some- - one may find this useful someday. + environment variable name; the table name is ignored. + Originally implemented for testing, someone may find this + useful someday. - fail A table that reliably fails all requests. The lookup ta- - ble name is used for logging. This table exists to sim- + fail A table that reliably fails all requests. The lookup ta- + ble name is used for logging. This table exists to sim- plify Postfix error tests. This feature is available with Postfix 2.9 and later. @@ -239,22 +240,22 @@ POSTCONF(1) POSTCONF(1) tems with support for Berkeley DB databases. inline (read-only) - A non-shared, in-memory lookup table. Example: "inline:{ - key=value, { key = text with whitespace or comma }}". - Key-value pairs are separated by whitespace or comma; - whitespace after "{" and before "}" is ignored. Inline - tables eliminate the need to create a database file for - just a few fixed elements. See also the static: map + A non-shared, in-memory lookup table. Example: "inline:{ + key=value, { key = text with whitespace or comma }}". + Key-value pairs are separated by whitespace or comma; + whitespace after "{" and before "}" is ignored. Inline + tables eliminate the need to create a database file for + just a few fixed elements. See also the static: map type. This feature is available with Postfix 3.0 and later. internal - A non-shared, in-memory hash table. Its content are lost + A non-shared, in-memory hash table. Its content are lost when a process terminates. - lmdb OpenLDAP LMDB database (a memory-mapped, persistent - file). Available on systems with support for LMDB data- + lmdb OpenLDAP LMDB database (a memory-mapped, persistent + file). Available on systems with support for LMDB data- bases. This is described in lmdb_table(5). This feature is available with Postfix 2.11 and later. @@ -263,57 +264,57 @@ POSTCONF(1) POSTCONF(1) LDAP database client. This is described in ldap_table(5). memcache - Memcache database client. This is described in mem- + Memcache database client. This is described in mem- cache_table(5). This feature is available with Postfix 2.9 and later. mysql (read-only) MySQL database client. Available on systems with support - for MySQL databases. This is described in mysql_ta- + for MySQL databases. This is described in mysql_ta- ble(5). pcre (read-only) - A lookup table based on Perl Compatible Regular Expres- + A lookup table based on Perl Compatible Regular Expres- sions. The file format is described in pcre_table(5). pgsql (read-only) - PostgreSQL database client. This is described in + PostgreSQL database client. This is described in pgsql_table(5). This feature is available with Postfix 2.1 and later. pipemap (read-only) - A lookup table that constructs a pipeline of tables. - Example: "pipemap:{type_1:name_1, ..., type_n:name_n}". - Each "pipemap:" query is given to the first table. Each + A lookup table that constructs a pipeline of tables. + Example: "pipemap:{type_1:name_1, ..., type_n:name_n}". + Each "pipemap:" query is given to the first table. Each lookup result becomes the query for the next table in the - pipeline, and the last table produces the final result. - When any table lookup produces no result, the pipeline - produces no result. The first and last characters of the + pipeline, and the last table produces the final result. + When any table lookup produces no result, the pipeline + produces no result. The first and last characters of the "pipemap:" table name must be "{" and "}". Within these, individual maps are separated with comma or whitespace. This feature is available with Postfix 3.0 and later. - proxy Postfix proxymap(8) client for shared access to Postfix + proxy Postfix proxymap(8) client for shared access to Postfix databases. The table name syntax is type:name. This feature is available with Postfix 2.0 and later. randmap (read-only) - An in-memory table that performs random selection. Exam- + An in-memory table that performs random selection. Exam- ple: "randmap:{result_1, ..., result_n}". Each table query returns a random choice from the specified results. - The first and last characters of the "randmap:" table - name must be "{" and "}". Within these, individual + The first and last characters of the "randmap:" table + name must be "{" and "}". Within these, individual results are separated with comma or whitespace. To give a specific result more weight, specify it multiple times. This feature is available with Postfix 3.0 and later. regexp (read-only) - A lookup table based on regular expressions. The file + A lookup table based on regular expressions. The file format is described in regexp_table(5). sdbm An indexed file type based on hashing. Available on sys- @@ -322,9 +323,9 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.2 and later. socketmap (read-only) - Sendmail-style socketmap client. The table name is - inet:host:port:name for a TCP/IP server, or unix:path- - name:name for a UNIX-domain server. This is described in + Sendmail-style socketmap client. The table name is + inet:host:port:name for a TCP/IP server, or unix:path- + name:name for a UNIX-domain server. This is described in socketmap_table(5). This feature is available with Postfix 2.10 and later. @@ -335,10 +336,10 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.8 and later. static (read-only) - A table that always returns its name as lookup result. + A table that always returns its name as lookup result. For example, static:foobar always returns the string foo- - bar as lookup result. Specify "static:{ text with white- - space }" when the result contains whitespace; this form + bar as lookup result. Specify "static:{ text with white- + space }" when the result contains whitespace; this form ignores whitespace after "{" and before "}". See also the inline: map. @@ -349,57 +350,57 @@ POSTCONF(1) POSTCONF(1) TCP/IP client. The protocol is described in tcp_table(5). texthash (read-only) - Produces similar results as hash: files, except that you - don't need to run the postmap(1) command before you can - use the file, and that it does not detect changes after + Produces similar results as hash: files, except that you + don't need to run the postmap(1) command before you can + use the file, and that it does not detect changes after the file is read. This feature is available with Postfix 2.8 and later. unionmap (read-only) - A table that sends each query to multiple lookup tables - and that concatenates all found results, separated by + A table that sends each query to multiple lookup tables + and that concatenates all found results, separated by comma. The table name syntax is the same as for pipemap. This feature is available with Postfix 3.0 and later. unix (read-only) - A limited view of the UNIX authentication database. The + A limited view of the UNIX authentication database. The following tables are implemented: unix:passwd.byname - The table is the UNIX password database. The key - is a login name. The result is a password file + The table is the UNIX password database. The key + is a login name. The result is a password file entry in passwd(5) format. unix:group.byname The table is the UNIX group database. The key is a - group name. The result is a group file entry in + group name. The result is a group file entry in group(5) format. - Other table types may exist depending on how Postfix was built. + Other table types may exist depending on how Postfix was built. - -M Show master.cf file contents instead of main.cf file contents. + -M Show master.cf file contents instead of main.cf file contents. Specify -Mf to fold long lines for human readability. Specify zero or more arguments, each with a service-name or ser- - vice-name/service-type pair, where service-name is the first - field of a master.cf entry and service-type is one of (inet, + vice-name/service-type pair, where service-name is the first + field of a master.cf entry and service-type is one of (inet, unix, fifo, or pass). - If service-name or service-name/service-type is specified, only - the matching master.cf entries will be output. For example, - "postconf -Mf smtp" will output all services named "smtp", and - "postconf -Mf smtp/inet" will output only the smtp service that - listens on the network. Trailing service type fields that are + If service-name or service-name/service-type is specified, only + the matching master.cf entries will be output. For example, + "postconf -Mf smtp" will output all services named "smtp", and + "postconf -Mf smtp/inet" will output only the smtp service that + listens on the network. Trailing service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.9 and later. The syntax - was changed from "name.type" to "name/type", and "*" wildcard + was changed from "name.type" to "name/type", and "*" wildcard support was added with Postfix 2.11. -n Show only configuration parameters that have explicit name=value - settings in main.cf. Specify -nf to fold long lines for human + settings in main.cf. Specify -nf to fold long lines for human readability (Postfix 2.9 and later). -o name=value @@ -411,38 +412,38 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.11 and later. - -P Show master.cf service parameter settings (by default all ser- - vices and all parameters), formatted as "service/type/parame- + -P Show master.cf service parameter settings (by default all ser- + vices and all parameters), formatted as "service/type/parame- ter=value", one per line. Specify -Pf to fold long lines. - Specify one or more "service/type/parameter" instances on the - postconf(1) command line to limit the output to parameters of - interest. Trailing parameter name or service type fields that + Specify one or more "service/type/parameter" instances on the + postconf(1) command line to limit the output to parameters of + interest. Trailing parameter name or service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. -t [template_file] - Display the templates for text that appears at the beginning of - delivery status notification (DSN) messages, without expanding + Display the templates for text that appears at the beginning of + delivery status notification (DSN) messages, without expanding $name expressions. - To override the bounce_template_file parameter setting, specify - a template file name at the end of the "postconf -t" command - line. Specify an empty file name to display built-in templates + To override the bounce_template_file parameter setting, specify + a template file name at the end of the "postconf -t" command + line. Specify an empty file name to display built-in templates (in shell language: ""). This feature is available with Postfix 2.3 and later. -T mode - If Postfix is compiled without TLS support, the -T option pro- - duces no output. Otherwise, if an invalid mode is specified, - the -T option reports an error and exits with a non-zero status + If Postfix is compiled without TLS support, the -T option pro- + duces no output. Otherwise, if an invalid mode is specified, + the -T option reports an error and exits with a non-zero status code. The valid modes are: compile-version Output the OpenSSL version that Postfix was compiled with - (i.e. the OpenSSL version in a header file). The output + (i.e. the OpenSSL version in a header file). The output format is the same as with the command "openssl version". run-version @@ -450,59 +451,59 @@ POSTCONF(1) POSTCONF(1) runtime (i.e. the OpenSSL version in a shared library). public-key-algorithms - Output the lower-case names of the supported public-key + Output the lower-case names of the supported public-key algorithms, one per-line. This feature is available with Postfix 3.1 and later. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. - -x Expand $name in main.cf or master.cf parameter values. The + -x Expand $name in main.cf or master.cf parameter values. The expansion is recursive. This feature is available with Postfix 2.10 and later. - -X Edit the main.cf configuration file, and remove the parameters + -X Edit the main.cf configuration file, and remove the parameters named on the postconf(1) command line. Specify a list of param- eter names, not "name=value" pairs. - With -M, edit the master.cf configuration file, and remove one - or more service entries as specified with "service/type" on the + With -M, edit the master.cf configuration file, and remove one + or more service entries as specified with "service/type" on the postconf(1) command line. - With -P, edit the master.cf configuration file, and remove one + With -P, edit the master.cf configuration file, and remove one or more service parameter settings (-o parameter=value settings) - as specified with "service/type/parameter" on the postconf(1) + as specified with "service/type/parameter" on the postconf(1) command line. In all cases the file is copied to a temporary file then renamed into place. Specify quotes to protect special characters on the postconf(1) command line. - There is no postconf(1) command to perform the reverse opera- - tion. - - This feature is available with Postfix 2.10 and later. Support - for -M and -P was added with Postfix 2.11. - - -# Edit the main.cf configuration file, and comment out the parame- - ters named on the postconf(1) command line, so that those param- - eters revert to their default values. Specify a list of parame- - ter names, not "name=value" pairs. - - With -M, edit the master.cf configuration file, and comment out - one or more service entries as specified with "service/type" on - the postconf(1) command line. - - In all cases the file is copied to a temporary file then renamed - into place. Specify quotes to protect special characters on the - postconf(1) command line. - There is no postconf(1) command to perform the reverse opera- tion. - This feature is available with Postfix 2.6 and later. Support + This feature is available with Postfix 2.10 and later. Support + for -M and -P was added with Postfix 2.11. + + -# Edit the main.cf configuration file, and comment out the parame- + ters named on the postconf(1) command line, so that those param- + eters revert to their default values. Specify a list of parame- + ter names, not "name=value" pairs. + + With -M, edit the master.cf configuration file, and comment out + one or more service entries as specified with "service/type" on + the postconf(1) command line. + + In all cases the file is copied to a temporary file then renamed + into place. Specify quotes to protect special characters on the + postconf(1) command line. + + There is no postconf(1) command to perform the reverse opera- + tion. + + This feature is available with Postfix 2.6 and later. Support for -M was added with Postfix 2.11. DIAGNOSTICS @@ -513,18 +514,18 @@ POSTCONF(1) POSTCONF(1) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- + The following main.cf parameters are especially relevant to this pro- gram. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. bounce_template_file (empty) - Pathname of a configuration file with bounce message templates. + Pathname of a configuration file with bounce message templates. FILES /etc/postfix/main.cf, Postfix configuration parameters diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 4dc3f9547..4dfd5d854 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3783,17 +3783,18 @@ mis-delivery of mail.
import_environment (default: see "postconf -d" output)
-

-The list of environment parameters that a Postfix process will -import from a non-Postfix parent process. Examples of relevant -parameters: -

+

The list of environment parameters that a privileged Postfix +process will import from a non-Postfix parent process, or name=value +environment overrides. Unprivileged utilities will enforce the +name=value overrides, but otherwise will not change their process +environment. Examples of relevant parameters:

TZ
-
Needed for sane time keeping on most System-V-ish systems.
+
May be needed for sane time keeping on most System-V-ish systems. +
DISPLAY
diff --git a/postfix/html/postkick.1.html b/postfix/html/postkick.1.html index 67b724b9e..15af2e115 100644 --- a/postfix/html/postkick.1.html +++ b/postfix/html/postkick.1.html @@ -61,6 +61,11 @@ POSTKICK(1) POSTKICK(1) How long the postkick(1) command waits for a request to enter the Postfix daemon process input buffer before giving up. + import_environment (see 'postconf -d' output) + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or + name=value environment overrides. + queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. diff --git a/postfix/html/postlock.1.html b/postfix/html/postlock.1.html index 6ad337adc..0ebce6ca7 100644 --- a/postfix/html/postlock.1.html +++ b/postfix/html/postlock.1.html @@ -4,7 +4,7 @@ Postfix manual - postlock(1) 
-POSTLOCK(1)                 General Commands Manual                POSTLOCK(1)
+POSTLOCK(1)                                                        POSTLOCK(1)
 
 NAME
        postlock - lock mail folder and execute command
@@ -91,6 +91,11 @@ POSTLOCK(1)                 General Commands Manual                POSTLOCK(1)
               The default location of the Postfix main.cf and  master.cf  con-
               figuration files.
 
+       import_environment (see 'postconf -d' output)
+              The  list  of  environment  parameters that a privileged Postfix
+              process will  import  from  a  non-Postfix  parent  process,  or
+              name=value environment overrides.
+
 SEE ALSO
        postconf(5), configuration parameters
 
diff --git a/postfix/html/postlog.1.html b/postfix/html/postlog.1.html
index 9943658b6..bf3b0ad5a 100644
--- a/postfix/html/postlog.1.html
+++ b/postfix/html/postlog.1.html
@@ -59,6 +59,11 @@ POSTLOG(1)                                                          POSTLOG(1)
               The default location of the Postfix main.cf and  master.cf  con-
               figuration files.
 
+       import_environment (see 'postconf -d' output)
+              The  list  of  environment  parameters that a privileged Postfix
+              process will  import  from  a  non-Postfix  parent  process,  or
+              name=value environment overrides.
+
        syslog_facility (mail)
               The syslog facility of Postfix logging.
 
diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html
index 2d3361348..6b16a3427 100644
--- a/postfix/html/postmap.1.html
+++ b/postfix/html/postmap.1.html
@@ -248,6 +248,11 @@ POSTMAP(1)                                                          POSTMAP(1)
               The default database type for use in newaliases(1), postalias(1)
               and postmap(1) commands.
 
+       import_environment (see 'postconf -d' output)
+              The  list  of  environment  parameters that a privileged Postfix
+              process will  import  from  a  non-Postfix  parent  process,  or
+              name=value environment overrides.
+
        smtputf8_enable (yes)
               Enable  preliminary SMTPUTF8 support for the protocols described
               in RFC 6531..6533.
diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html
index 8430ef568..dcafbafdd 100644
--- a/postfix/html/postsuper.1.html
+++ b/postfix/html/postsuper.1.html
@@ -222,6 +222,11 @@ POSTSUPER(1)                                                      POSTSUPER(1)
               The names of queue directories that are  split  across  multiple
               subdirectory levels.
 
+       import_environment (see 'postconf -d' output)
+              The  list  of  environment  parameters that a privileged Postfix
+              process will  import  from  a  non-Postfix  parent  process,  or
+              name=value environment overrides.
+
        queue_directory (see 'postconf -d' output)
               The location of the Postfix top-level queue directory.
 
diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html
index e7d14fb53..802169364 100644
--- a/postfix/html/sendmail.1.html
+++ b/postfix/html/sendmail.1.html
@@ -405,6 +405,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               The time after which the sender receives a copy of  the  message
               headers of mail that is still queued.
 
+       import_environment (see 'postconf -d' output)
+              The  list  of  environment  parameters that a privileged Postfix
+              process will  import  from  a  non-Postfix  parent  process,  or
+              name=value environment overrides.
+
        mail_owner (postfix)
               The  UNIX  system  account  that owns the Postfix queue and most
               Postfix daemon processes.
@@ -429,7 +434,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
        alternate_config_directories (empty)
               A list of non-default Postfix configuration directories that may
               be specified with "-c config_directory" on the command line  (in
-              the  case of sendmail(1), with -C config_directory"), or via the
+              the case of sendmail(1), with "-C config_directory"), or via the
               MAIL_CONFIG environment parameter.
 
        multi_instance_directories (empty)
diff --git a/postfix/makedefs b/postfix/makedefs
index 1152270c7..fde0548b6 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -383,7 +383,11 @@ case "$SYSTEM.$RELEASE" in
 		case $RELEASE in
 		    5.[0-8]|5.[0-8].*) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM -DNO_FUTIMESAT -DSTREAM_CONNECTIONS";;
 		esac
-		# Somewhere NISPLUS went away.
+		# Solaris 10 added setenv(), unsetenv().
+		case $RELEASE in
+		    5.[0-9]|5.[0-9].*) CCARGS="$CCARGS -DMISSING_SETENV";;
+		esac
+		# NISPLUS was removed after Solaris 10.
 		case $RELEASE in
 		    5.[0-9][0-9]*) CCARGS="$CCARGS -DNO_NISPLUS";;
 		esac
diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1
index 3e228debd..5ae9ef442 100644
--- a/postfix/man/man1/postalias.1
+++ b/postfix/man/man1/postalias.1
@@ -192,6 +192,10 @@ hash or btree tables.
 .IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
 The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
 and \fBpostmap\fR(1) commands.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBsmtputf8_enable (yes)\fR"
 Enable preliminary SMTPUTF8 support for the protocols described
 in RFC 6531..6533.
diff --git a/postfix/man/man1/postcat.1 b/postfix/man/man1/postcat.1
index fd4e8e3f1..0606cbfc9 100644
--- a/postfix/man/man1/postcat.1
+++ b/postfix/man/man1/postcat.1
@@ -79,6 +79,10 @@ The text below provides only a parameter summary. See
 .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
 The default location of the Postfix main.cf and master.cf
 configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
 The location of the Postfix top\-level queue directory.
 .SH "FILES"
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index b4ca86bf0..600facc2b 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -259,8 +259,8 @@ An indexed file type based on hashing.  Available on systems
 with support for DBM databases.
 .IP \fBenviron\fR
 The UNIX process environment array. The lookup key is the
-variable name. Originally implemented for testing, someone
-may find this useful someday.
+environment variable name; the table name is ignored.  Originally
+implemented for testing, someone may find this useful someday.
 .IP \fBfail\fR
 A table that reliably fails all requests. The lookup table
 name is used for logging. This table exists to simplify
diff --git a/postfix/man/man1/postkick.1 b/postfix/man/man1/postkick.1
index 12dc8e87c..6cd0ef655 100644
--- a/postfix/man/man1/postkick.1
+++ b/postfix/man/man1/postkick.1
@@ -65,6 +65,10 @@ configuration files.
 .IP "\fBapplication_event_drain_time (100s)\fR"
 How long the \fBpostkick\fR(1) command waits for a request to enter the
 Postfix daemon process input buffer before giving up.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
 The location of the Postfix top\-level queue directory.
 .SH "FILES"
diff --git a/postfix/man/man1/postlock.1 b/postfix/man/man1/postlock.1
index cfc648510..cd468e7c2 100644
--- a/postfix/man/man1/postlock.1
+++ b/postfix/man/man1/postlock.1
@@ -98,6 +98,10 @@ The delay between attempts to fork() a child process.
 .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
 The default location of the Postfix main.cf and master.cf
 configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .SH "SEE ALSO"
 .na
 .nf
diff --git a/postfix/man/man1/postlog.1 b/postfix/man/man1/postlog.1
index 670901a4b..10b1eb826 100644
--- a/postfix/man/man1/postlog.1
+++ b/postfix/man/man1/postlog.1
@@ -65,6 +65,10 @@ The text below provides only a parameter summary. See
 .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
 The default location of the Postfix main.cf and master.cf
 configuration files.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBsyslog_facility (mail)\fR"
 The syslog facility of Postfix logging.
 .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1
index 862438ed2..f5d3b1d55 100644
--- a/postfix/man/man1/postmap.1
+++ b/postfix/man/man1/postmap.1
@@ -266,6 +266,10 @@ configuration files.
 .IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
 The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
 and \fBpostmap\fR(1) commands.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBsmtputf8_enable (yes)\fR"
 Enable preliminary SMTPUTF8 support for the protocols described
 in RFC 6531..6533.
diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1
index 0078e19a3..cfae09d65 100644
--- a/postfix/man/man1/postsuper.1
+++ b/postfix/man/man1/postsuper.1
@@ -244,6 +244,10 @@ the hash_queue_names parameter.
 .IP "\fBhash_queue_names (deferred, defer)\fR"
 The names of queue directories that are split across multiple
 subdirectory levels.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
 The location of the Postfix top\-level queue directory.
 .IP "\fBsyslog_facility (mail)\fR"
diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1
index 1b798ba38..091f053ff 100644
--- a/postfix/man/man1/sendmail.1
+++ b/postfix/man/man1/sendmail.1
@@ -393,6 +393,10 @@ and \fBpostmap\fR(1) commands.
 .IP "\fBdelay_warning_time (0h)\fR"
 The time after which the sender receives a copy of the message
 headers of mail that is still queued.
+.IP "\fBimport_environment (see 'postconf -d' output)\fR"
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
 .IP "\fBmail_owner (postfix)\fR"
 The UNIX system account that owns the Postfix queue and most Postfix
 daemon processes.
@@ -412,7 +416,7 @@ Postfix 3.2 and later:
 .IP "\fBalternate_config_directories (empty)\fR"
 A list of non\-default Postfix configuration directories that may
 be specified with "\-c config_directory" on the command line (in the
-case of \fBsendmail\fR(1), with \-C config_directory"), or via the MAIL_CONFIG
+case of \fBsendmail\fR(1), with "\-C config_directory"), or via the MAIL_CONFIG
 environment parameter.
 .IP "\fBmulti_instance_directories (empty)\fR"
 An optional list of non\-default Postfix configuration directories;
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index ecc2d75de..bbdc24eb2 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2329,11 +2329,13 @@ Specify "ignore_mx_lookup_error = yes" to force a DNS A record
 lookup instead. This violates the SMTP standard and can result in
 mis\-delivery of mail.
 .SH import_environment (default: see "postconf \-d" output)
-The list of environment parameters that a Postfix process will
-import from a non\-Postfix parent process. Examples of relevant
-parameters:
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.  Unprivileged utilities will enforce the
+name=value overrides, but otherwise will not change their process
+environment.  Examples of relevant parameters:
 .IP "\fBTZ\fR"
-Needed for sane time keeping on most System\-V\-ish systems.
+May be needed for sane time keeping on most System\-V\-ish systems.
 .br
 .IP "\fBDISPLAY\fR"
 Needed for debugging Postfix daemons with an X\-windows debugger.
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 7e9a6369f..69c80f83b 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1872,17 +1872,18 @@ mis-delivery of mail.
 
 %PARAM import_environment see "postconf -d" output
 
-

-The list of environment parameters that a Postfix process will
-import from a non-Postfix parent process. Examples of relevant
-parameters:
-

+
 The list of environment parameters that a privileged Postfix
+process will import from a non-Postfix parent process, or name=value
+environment overrides.  Unprivileged utilities will enforce the
+name=value overrides, but otherwise will not change their process
+environment.  Examples of relevant parameters: 

 
 

 
 
TZ

 
-
Needed for sane time keeping on most System-V-ish systems. 

+
May be needed for sane time keeping on most System-V-ish systems.
+

 
 
DISPLAY

 
diff --git a/postfix/src/global/mail_conf.c b/postfix/src/global/mail_conf.c
index 6a254cde2..5ffbbf460 100644
--- a/postfix/src/global/mail_conf.c
+++ b/postfix/src/global/mail_conf.c
@@ -173,6 +173,16 @@ void    mail_conf_suck(void)
     char   *config_dir;
     char   *path;
 
+    /*
+     * The code below requires that all configuration directory override
+     * mechanisms set the CONF_ENV_PATH environment variable, even if the
+     * override was specified via the command line. This reduces the number
+     * of pathways that need to be checked for possible security attacks.
+     * 
+     * Note: this code necessarily runs before cleanenv() can enforce the
+     * import_environment scrubbing policy.
+     */
+
     /*
      * Permit references to unknown configuration variable names. We rely on
      * a separate configuration checking tool to spot misspelled names and
@@ -191,8 +201,7 @@ void    mail_conf_suck(void)
      * domain, require that it is listed in the default main.cf file.
      */
     if (strcmp(var_config_dir, DEF_CONFIG_DIR) != 0	/* non-default */
-	&& safe_getenv(CONF_ENV_PATH) == 0	/* non-default */
-	&& geteuid() != 0)			/* untrusted */
+	&& unsafe())				/* untrusted env and cli */
 	mail_conf_checkdir(var_config_dir);
     path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
     if (dict_load_file_xt(CONFIG_DICT, path) == 0)
diff --git a/postfix/src/global/mail_parm_split.c b/postfix/src/global/mail_parm_split.c
index f0c67f5cf..e856d23ab 100644
--- a/postfix/src/global/mail_parm_split.c
+++ b/postfix/src/global/mail_parm_split.c
@@ -56,14 +56,6 @@
 #include 
 #include 
 
- /*
-  * While testing, do not terminate the program after a syntax error.
-  */
-#ifdef TEST
-#undef msg_fatal
-#define msg_fatal msg_warn
-#endif
-
 /* mail_parm_split - split list, extract {text}, errors are fatal */
 
 ARGV   *mail_parm_split(const char *name, const char *value)
@@ -72,7 +64,7 @@ ARGV   *mail_parm_split(const char *name, const char *value)
     char   *saved_string = mystrdup(value);
     char   *bp = saved_string;
     char   *arg;
-    const char *err;
+    char   *err;
 
     /*
      * The code that detects the error shall either signal or handle the
@@ -81,8 +73,14 @@ ARGV   *mail_parm_split(const char *name, const char *value)
      */
     while ((arg = mystrtokq(&bp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
 	if (*arg == CHARS_BRACE[0]
-	    && (err = extpar(&arg, CHARS_BRACE, EXTPAR_FLAG_STRIP)) != 0)
+	    && (err = extpar(&arg, CHARS_BRACE, EXTPAR_FLAG_STRIP)) != 0) {
+#ifndef TEST
 	    msg_fatal("%s: %s", name, err);
+#else
+	    msg_warn("%s: %s", name, err);
+	    myfree(err);
+#endif
+	}
 	argv_add(argvp, arg, (char *) 0);
     }
     argv_terminate(argvp);
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 9dcf67079..4c2948526 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20170129"
+#define MAIL_RELEASE_DATE	"20170206"
 #define MAIL_VERSION_NUMBER	"3.2"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postalias/Makefile.in b/postfix/src/postalias/Makefile.in
index 02fe174bb..16485bb40 100644
--- a/postfix/src/postalias/Makefile.in
+++ b/postfix/src/postalias/Makefile.in
@@ -28,33 +28,35 @@ tests:	test1 test2 fail_test
 root_tests:
 
 test1:	$(PROG) map.in map-abc1.ref map-ghi1.ref map-uABC1.ref
-	./$(PROG) map.in
+	${SHLIB_ENV} ${VALGRIND} ./$(PROG) map.in
 	for key in abc ghi; \
 	do \
-	    ./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \
+	    ${SHLIB_ENV} ${VALGRIND} ./$(PROG) -q $${key} map.in | diff map-$${key}1.ref -; \
 	done
-	./$(PROG) -f map.in
+	${SHLIB_ENV} ${VALGRIND} ./$(PROG) -f map.in
 	for key in ABC; \
 	do \
-	    ./$(PROG) -fq $${key} map.in | diff map-u$${key}1.ref -; \
+	    ${SHLIB_ENV} ${VALGRIND} ./$(PROG) -fq $${key} map.in | diff map-u$${key}1.ref -; \
 	done
 	rm -f map.in.db
 
 test2:	$(PROG) map.in map-abc2.ref map-ghi2.ref map-uABC2.ref
-	./$(PROG) map.in
+	${SHLIB_ENV} ${VALGRIND} ./$(PROG) map.in
 	for key in abc ghi; \
 	do \
-	    echo $${key} | ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \
+	    echo $${key} | ${SHLIB_ENV} ${VALGRIND} ./$(PROG) -q - map.in | diff map-$${key}2.ref -; \
 	done
-	./$(PROG) -f map.in
+	${SHLIB_ENV} ${VALGRIND} ./$(PROG) -f map.in
 	for key in ABC; \
 	do \
-	    echo $${key} | ./$(PROG) -fq - map.in | diff map-u$${key}2.ref -; \
+	    echo $${key} | ${SHLIB_ENV} ${VALGRIND} ./$(PROG) -fq - map.in | diff map-u$${key}2.ref -; \
 	done
 	rm -f map.in.db
 
 fail_test: $(PROG) aliases fail_test.in fail_test.ref
-	-(sh fail_test.in 2>&1 || exit 0) | sed 's/No error:/Unknown error:/' > fail_test.tmp
+	-(${SHLIB_ENV} sh fail_test.in 2>&1 || exit 0) | sed \
+	    -e 's/No error:/Unknown error:/' \
+	    -e 's/Success/Unknown error: 0/' > fail_test.tmp
 	diff fail_test.ref fail_test.tmp
 	rm -f fail_test.tmp
 
@@ -89,11 +91,13 @@ depend: $(MAKES)
 # do not edit below this line - it is generated by 'make depend'
 postalias.o: ../../include/argv.h
 postalias.o: ../../include/check_arg.h
+postalias.o: ../../include/clean_env.h
 postalias.o: ../../include/dict.h
 postalias.o: ../../include/dict_proxy.h
 postalias.o: ../../include/mail_conf.h
 postalias.o: ../../include/mail_dict.h
 postalias.o: ../../include/mail_params.h
+postalias.o: ../../include/mail_parm_split.h
 postalias.o: ../../include/mail_task.h
 postalias.o: ../../include/mail_version.h
 postalias.o: ../../include/mkmap.h
diff --git a/postfix/src/postalias/fail_test.in b/postfix/src/postalias/fail_test.in
index 1502c2ce6..4a68f6e6b 100644
--- a/postfix/src/postalias/fail_test.in
+++ b/postfix/src/postalias/fail_test.in
@@ -1,7 +1,7 @@
-./postalias -q xx fail:aliases
-echo xx | ./postalias -q - fail:aliases
-./postalias -d xx fail:aliases
-echo xx | ./postalias -d - fail:aliases
-./postalias -s fail:aliases
-./postalias -i fail:aliases < aliases
-./postalias fail:aliases
+${VALGRIND} ./postalias -q xx fail:aliases
+echo xx | ${VALGRIND} ./postalias -q - fail:aliases
+${VALGRIND} ./postalias -d xx fail:aliases
+echo xx | ${VALGRIND} ./postalias -d - fail:aliases
+${VALGRIND} ./postalias -s fail:aliases
+${VALGRIND} ./postalias -i fail:aliases < aliases
+${VALGRIND} ./postalias fail:aliases
diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c
index c0d28d9d4..e5dea9b9e 100644
--- a/postfix/src/postalias/postalias.c
+++ b/postfix/src/postalias/postalias.c
@@ -180,6 +180,10 @@
 /* .IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
 /*	The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
 /*	and \fBpostmap\fR(1) commands.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBsmtputf8_enable (yes)\fR"
 /*	Enable preliminary SMTPUTF8 support for the protocols described
 /*	in RFC 6531..6533.
@@ -246,6 +250,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -257,6 +262,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -700,6 +706,7 @@ int     main(int argc, char **argv)
     char   *delkey = 0;
     int     sequence = 0;
     int     found;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -806,6 +813,10 @@ int     main(int argc, char **argv)
 	}
     }
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
     /* Re-evaluate mail_task() after reading main.cf. */
     msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
     mail_dict_init();
diff --git a/postfix/src/postcat/Makefile.in b/postfix/src/postcat/Makefile.in
index 1541f9356..06c5eb804 100644
--- a/postfix/src/postcat/Makefile.in
+++ b/postfix/src/postcat/Makefile.in
@@ -98,14 +98,17 @@ depend: $(MAKES)
 	@$(EXPORT) make -f Makefile.in Makefile 1>&2
 
 # do not edit below this line - it is generated by 'make depend'
+postcat.o: ../../include/argv.h
 postcat.o: ../../include/attr.h
 postcat.o: ../../include/check_arg.h
+postcat.o: ../../include/clean_env.h
 postcat.o: ../../include/htable.h
 postcat.o: ../../include/iostuff.h
 postcat.o: ../../include/is_header.h
 postcat.o: ../../include/lex_822.h
 postcat.o: ../../include/mail_conf.h
 postcat.o: ../../include/mail_params.h
+postcat.o: ../../include/mail_parm_split.h
 postcat.o: ../../include/mail_proto.h
 postcat.o: ../../include/mail_queue.h
 postcat.o: ../../include/mail_version.h
diff --git a/postfix/src/postcat/postcat.c b/postfix/src/postcat/postcat.c
index 5d734a7c7..f1eb3fd63 100644
--- a/postfix/src/postcat/postcat.c
+++ b/postfix/src/postcat/postcat.c
@@ -67,6 +67,10 @@
 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
 /*	The default location of the Postfix main.cf and master.cf
 /*	configuration files.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
 /*	The location of the Postfix top-level queue directory.
 /* FILES
@@ -110,6 +114,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -122,6 +127,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -424,6 +430,7 @@ int     main(int argc, char **argv)
     };
     char  **cpp;
     int     tries;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -486,6 +493,9 @@ int     main(int argc, char **argv)
      * Further initialization...
      */
     mail_conf_read();
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
 
     /*
      * Initialize.
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index a846d1cf7..05c6a3342 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -36,7 +36,7 @@ $(PROG): $(OBJS) $(LIBS)
 	rm -f $@
 	(echo "# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE"; \
 	 echo "# TEXT HERE JUST SHOWS DEFAULT SETTINGS BUILT INTO POSTFIX."; \
-	 echo "#"; $(SHLIB_ENV) $(SHLIB_ENV) ./$(PROG) -d -c ../../conf) | \
+	 echo "#"; $(SHLIB_ENV) ./$(PROG) -d -c ../../conf) | \
 	    egrep -v '^(myhostname|mydomain|mynetworks|process_name|process_id) ' >$@
 
 $(OBJS): ../../conf/makedefs.out
@@ -52,7 +52,7 @@ tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \
 	test31 test32 test33 test34 test35 test36 test37 test39 test40 test41 \
 	test42 test43 test44 test45 test46 test47 test48 test49 test50 test51 \
 	test52 test53 test54 test55 test56 test57 test58 test59 test60 test61 \
-	test62 test63
+	test62 test63 test64 test65
 
 root_tests:
 
@@ -848,6 +848,28 @@ test63: $(PROG) test63.ref
 	diff test63.ref test63.tmp
 	rm -f main.cf master.cf test63.tmp
 
+# main.cf overrides built-in default.
+
+test64: $(PROG) test64.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo 'relayhost = relay-from-main.cf' >> main.cf
+	touch -t 197101010000 main.cf
+	$(SHLIB_ENV) ./$(PROG) -c. relayhost >test64.tmp 2>&1
+	diff test64.ref test64.tmp
+	rm -f main.cf master.cf test64.tmp
+
+# '-o name=value' overrides main.cf.
+
+test65: $(PROG) test65.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo 'relayhost = relay-from-main.cf' >> main.cf
+	touch -t 197101010000 main.cf
+	$(SHLIB_ENV) ./$(PROG) -c. -o relayhost=relay-from-cmd-line relayhost >test65.tmp 2>&1
+	diff test65.ref test65.tmp
+	rm -f main.cf master.cf test65.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index b93dc89fb..a80f3e2fe 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -253,8 +253,8 @@
 /*	with support for DBM databases.
 /* .IP \fBenviron\fR
 /*	The UNIX process environment array. The lookup key is the
-/*	variable name. Originally implemented for testing, someone
-/*	may find this useful someday.
+/*	environment variable name; the table name is ignored.  Originally
+/*	implemented for testing, someone may find this useful someday.
 /* .IP \fBfail\fR
 /*	A table that reliably fails all requests. The lookup table
 /*	name is used for logging. This table exists to simplify
@@ -919,6 +919,20 @@ int     main(int argc, char **argv)
 	}
     }
 
+    /*
+     * We don't enforce import_environment consistency in this program.
+     * 
+     * We don't extract import_environment from main.cf, because the postconf
+     * command must be able to extract parameter settings from main.cf before
+     * all installation parameters such as mail_owner or setgid_group have a
+     * legitimate value.
+     * 
+     * We would need the functionality of mail_params_init() including all the
+     * side effects of populating the CONFIG_DICT with default values so that
+     * $name expansion works correctly, but excluding all the parameter value
+     * sanity checks so that it would not abort at installation time.
+     */
+
     /*
      * Make all options explicit, before checking their compatibility.
      */
diff --git a/postfix/src/postconf/test64.ref b/postfix/src/postconf/test64.ref
new file mode 100644
index 000000000..595620cca
--- /dev/null
+++ b/postfix/src/postconf/test64.ref
@@ -0,0 +1 @@
+relayhost = relay-from-main.cf
diff --git a/postfix/src/postconf/test65.ref b/postfix/src/postconf/test65.ref
new file mode 100644
index 000000000..6bc7fd871
--- /dev/null
+++ b/postfix/src/postconf/test65.ref
@@ -0,0 +1 @@
+relayhost = relay-from-cmd-line
diff --git a/postfix/src/postkick/Makefile.in b/postfix/src/postkick/Makefile.in
index 241f9601a..a0c72710c 100644
--- a/postfix/src/postkick/Makefile.in
+++ b/postfix/src/postkick/Makefile.in
@@ -58,13 +58,16 @@ depend: $(MAKES)
 	@$(EXPORT) make -f Makefile.in Makefile 1>&2
 
 # do not edit below this line - it is generated by 'make depend'
+postkick.o: ../../include/argv.h
 postkick.o: ../../include/attr.h
 postkick.o: ../../include/check_arg.h
+postkick.o: ../../include/clean_env.h
 postkick.o: ../../include/events.h
 postkick.o: ../../include/htable.h
 postkick.o: ../../include/iostuff.h
 postkick.o: ../../include/mail_conf.h
 postkick.o: ../../include/mail_params.h
+postkick.o: ../../include/mail_parm_split.h
 postkick.o: ../../include/mail_proto.h
 postkick.o: ../../include/mail_version.h
 postkick.o: ../../include/msg.h
diff --git a/postfix/src/postkick/postkick.c b/postfix/src/postkick/postkick.c
index ff10a09f7..4adcf848c 100644
--- a/postfix/src/postkick/postkick.c
+++ b/postfix/src/postkick/postkick.c
@@ -53,6 +53,10 @@
 /* .IP "\fBapplication_event_drain_time (100s)\fR"
 /*	How long the \fBpostkick\fR(1) command waits for a request to enter the
 /*	Postfix daemon process input buffer before giving up.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
 /*	The location of the Postfix top-level queue directory.
 /* FILES
@@ -97,6 +101,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -104,6 +109,7 @@
 #include 
 #include 
 #include 
+#include 
 
 static NORETURN usage(char *myname)
 {
@@ -121,6 +127,7 @@ int     main(int argc, char **argv)
     struct stat st;
     char   *slash;
     int     c;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -178,6 +185,10 @@ int     main(int argc, char **argv)
      * Finish initializations.
      */
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
     if (chdir(var_queue_dir))
 	msg_fatal("chdir %s: %m", var_queue_dir);
 
diff --git a/postfix/src/postlock/Makefile.in b/postfix/src/postlock/Makefile.in
index c6da0f012..fcb01d2e6 100644
--- a/postfix/src/postlock/Makefile.in
+++ b/postfix/src/postlock/Makefile.in
@@ -60,6 +60,7 @@ depend: $(MAKES)
 # do not edit below this line - it is generated by 'make depend'
 postlock.o: ../../include/argv.h
 postlock.o: ../../include/check_arg.h
+postlock.o: ../../include/clean_env.h
 postlock.o: ../../include/deliver_flock.h
 postlock.o: ../../include/dot_lockfile.h
 postlock.o: ../../include/dsn.h
@@ -68,6 +69,7 @@ postlock.o: ../../include/dsn_util.h
 postlock.o: ../../include/iostuff.h
 postlock.o: ../../include/mail_conf.h
 postlock.o: ../../include/mail_params.h
+postlock.o: ../../include/mail_parm_split.h
 postlock.o: ../../include/mail_version.h
 postlock.o: ../../include/mbox_conf.h
 postlock.o: ../../include/mbox_open.h
diff --git a/postfix/src/postlock/postlock.c b/postfix/src/postlock/postlock.c
index aeb6db304..68683263b 100644
--- a/postfix/src/postlock/postlock.c
+++ b/postfix/src/postlock/postlock.c
@@ -78,6 +78,10 @@
 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
 /*	The default location of the Postfix main.cf and master.cf
 /*	configuration files.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* SEE ALSO
 /*	postconf(5), configuration parameters
 /* LICENSE
@@ -114,6 +118,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -126,6 +131,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -161,6 +167,7 @@ int     main(int argc, char **argv)
     int     lock_mask;
     char   *lock_style = 0;
     MBOX   *mp;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -226,6 +233,10 @@ int     main(int argc, char **argv)
      * configured lock style.
      */
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
     lock_mask = mbox_lock_mask(lock_style ? lock_style :
 	       get_mail_conf_str(VAR_MAILBOX_LOCK, DEF_MAILBOX_LOCK, 1, 0));
 
diff --git a/postfix/src/postlog/Makefile.in b/postfix/src/postlog/Makefile.in
index 69eb0732e..28f7276c8 100644
--- a/postfix/src/postlog/Makefile.in
+++ b/postfix/src/postlog/Makefile.in
@@ -62,9 +62,12 @@ depend: $(MAKES)
 	@$(EXPORT) make -f Makefile.in Makefile 1>&2
 
 # do not edit below this line - it is generated by 'make depend'
+postlog.o: ../../include/argv.h
 postlog.o: ../../include/check_arg.h
+postlog.o: ../../include/clean_env.h
 postlog.o: ../../include/mail_conf.h
 postlog.o: ../../include/mail_params.h
+postlog.o: ../../include/mail_parm_split.h
 postlog.o: ../../include/mail_task.h
 postlog.o: ../../include/mail_version.h
 postlog.o: ../../include/msg.h
diff --git a/postfix/src/postlog/postlog.c b/postfix/src/postlog/postlog.c
index 936697f90..9e3861a72 100644
--- a/postfix/src/postlog/postlog.c
+++ b/postfix/src/postlog/postlog.c
@@ -55,6 +55,10 @@
 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
 /*	The default location of the Postfix main.cf and master.cf
 /*	configuration files.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBsyslog_facility (mail)\fR"
 /*	The syslog facility of Postfix logging.
 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
@@ -103,6 +107,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -110,6 +115,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -183,6 +189,7 @@ int     main(int argc, char **argv)
     const char *tag;
     int     log_flags = 0;
     int     level = MSG_INFO;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -250,6 +257,10 @@ int     main(int argc, char **argv)
      * may require that mail_task() be re-evaluated.
      */
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
     if (tag == 0)
 	tag = mail_task(argv[0]);
 
diff --git a/postfix/src/postmap/Makefile.in b/postfix/src/postmap/Makefile.in
index c8c723a76..3fd7f3d0e 100644
--- a/postfix/src/postmap/Makefile.in
+++ b/postfix/src/postmap/Makefile.in
@@ -97,12 +97,14 @@ depend: $(MAKES)
 # do not edit below this line - it is generated by 'make depend'
 postmap.o: ../../include/argv.h
 postmap.o: ../../include/check_arg.h
+postmap.o: ../../include/clean_env.h
 postmap.o: ../../include/dict.h
 postmap.o: ../../include/dict_proxy.h
 postmap.o: ../../include/header_opts.h
 postmap.o: ../../include/mail_conf.h
 postmap.o: ../../include/mail_dict.h
 postmap.o: ../../include/mail_params.h
+postmap.o: ../../include/mail_parm_split.h
 postmap.o: ../../include/mail_task.h
 postmap.o: ../../include/mail_version.h
 postmap.o: ../../include/mime_state.h
diff --git a/postfix/src/postmap/fail_test.in b/postfix/src/postmap/fail_test.in
index a1c6b7c58..ce01127d3 100644
--- a/postfix/src/postmap/fail_test.in
+++ b/postfix/src/postmap/fail_test.in
@@ -1,8 +1,8 @@
-./postmap -q xx fail:aliases
-echo xx | ./postmap -q - fail:aliases
-echo xx | ./postmap -bq - fail:aliases
-./postmap -d xx fail:aliases
-echo xx | ./postmap -d - fail:aliases
-./postmap -s fail:aliases
-./postmap -i fail:aliases < aliases
-./postmap fail:aliases
+${VALGRIND} ./postmap -q xx fail:aliases
+echo xx | ${VALGRIND} ./postmap -q - fail:aliases
+echo xx | ${VALGRIND} ./postmap -bq - fail:aliases
+${VALGRIND} ./postmap -d xx fail:aliases
+echo xx | ${VALGRIND} ./postmap -d - fail:aliases
+${VALGRIND} ./postmap -s fail:aliases
+${VALGRIND} ./postmap -i fail:aliases < aliases
+${VALGRIND} ./postmap fail:aliases
diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c
index 2cb433365..87e0143ee 100644
--- a/postfix/src/postmap/postmap.c
+++ b/postfix/src/postmap/postmap.c
@@ -250,6 +250,10 @@
 /* .IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
 /*	The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
 /*	and \fBpostmap\fR(1) commands.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBsmtputf8_enable (yes)\fR"
 /*	Enable preliminary SMTPUTF8 support for the protocols described
 /*	in RFC 6531..6533.
@@ -311,6 +315,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -323,6 +328,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -857,6 +863,7 @@ int     main(int argc, char **argv)
     int     sequence = 0;
     int     found;
     int     force_utf8 = 0;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -975,6 +982,10 @@ int     main(int argc, char **argv)
 	}
     }
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
     /* Re-evaluate mail_task() after reading main.cf. */
     msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
     mail_dict_init();
diff --git a/postfix/src/postmap/quote_test.in b/postfix/src/postmap/quote_test.in
index 14ae42dde..fb507fc0e 100644
--- a/postfix/src/postmap/quote_test.in
+++ b/postfix/src/postmap/quote_test.in
@@ -1,8 +1,8 @@
-echo '"aa bb" cc' | ./postmap -i quote_test_map || exit 1
-echo '"dd ee ff' | ./postmap -i quote_test_map || exit 1
-echo 'gg\ hh ii' | ./postmap -i quote_test_map || exit 1
-echo '"gg\"hh" ii' | ./postmap -i quote_test_map || exit 1
-echo '"jj@kk" ll' | ./postmap -i quote_test_map || exit 1
-echo 'mm@nn@oo pp' | ./postmap -i quote_test_map || exit 1
-echo '@oo pp' | ./postmap -i quote_test_map || exit 1
-./postmap -s quote_test_map | LC_ALL=C sort
+echo '"aa bb" cc' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+echo '"dd ee ff' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+echo 'gg\ hh ii' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+echo '"gg\"hh" ii' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+echo '"jj@kk" ll' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+echo 'mm@nn@oo pp' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+echo '@oo pp' | ${VALGRIND} ./postmap -i quote_test_map || exit 1
+${VALGRIND} ./postmap -s quote_test_map | LC_ALL=C sort
diff --git a/postfix/src/postsuper/Makefile.in b/postfix/src/postsuper/Makefile.in
index 7a6985f3f..e130daa55 100644
--- a/postfix/src/postsuper/Makefile.in
+++ b/postfix/src/postsuper/Makefile.in
@@ -60,10 +60,12 @@ depend: $(MAKES)
 # do not edit below this line - it is generated by 'make depend'
 postsuper.o: ../../include/argv.h
 postsuper.o: ../../include/check_arg.h
+postsuper.o: ../../include/clean_env.h
 postsuper.o: ../../include/file_id.h
 postsuper.o: ../../include/mail_conf.h
 postsuper.o: ../../include/mail_open_ok.h
 postsuper.o: ../../include/mail_params.h
+postsuper.o: ../../include/mail_parm_split.h
 postsuper.o: ../../include/mail_queue.h
 postsuper.o: ../../include/mail_task.h
 postsuper.o: ../../include/mail_version.h
diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c
index 2abc25306..a6293de43 100644
--- a/postfix/src/postsuper/postsuper.c
+++ b/postfix/src/postsuper/postsuper.c
@@ -230,6 +230,10 @@
 /* .IP "\fBhash_queue_names (deferred, defer)\fR"
 /*	The names of queue directories that are split across multiple
 /*	subdirectory levels.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
 /*	The location of the Postfix top-level queue directory.
 /* .IP "\fBsyslog_facility (mail)\fR"
@@ -288,6 +292,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -299,6 +304,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -1080,6 +1086,7 @@ int     main(int argc, char **argv)
     ARGV   *hold_names = 0;
     ARGV   *release_names = 0;
     char  **cpp;
+    ARGV   *import_env;
 
     /*
      * Defaults. The structural checks must fix the directory levels of "log
@@ -1230,6 +1237,10 @@ int     main(int argc, char **argv)
      * configuration directory location.
      */
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    clean_env(import_env->argv);
+    argv_free(import_env);
     /* Re-evaluate mail_task() after reading main.cf. */
     msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
     if (chdir(var_queue_dir))
diff --git a/postfix/src/posttls-finger/Makefile.in b/postfix/src/posttls-finger/Makefile.in
index 73b5f81d1..fe94575b4 100644
--- a/postfix/src/posttls-finger/Makefile.in
+++ b/postfix/src/posttls-finger/Makefile.in
@@ -65,6 +65,7 @@ depend: $(MAKES)
 posttls-finger.o: ../../include/argv.h
 posttls-finger.o: ../../include/check_arg.h
 posttls-finger.o: ../../include/chroot_uid.h
+posttls-finger.o: ../../include/clean_env.h
 posttls-finger.o: ../../include/dns.h
 posttls-finger.o: ../../include/dsn.h
 posttls-finger.o: ../../include/dsn_buf.h
@@ -73,6 +74,7 @@ posttls-finger.o: ../../include/inet_proto.h
 posttls-finger.o: ../../include/iostuff.h
 posttls-finger.o: ../../include/mail_conf.h
 posttls-finger.o: ../../include/mail_params.h
+posttls-finger.o: ../../include/mail_parm_split.h
 posttls-finger.o: ../../include/mail_server.h
 posttls-finger.o: ../../include/midna_domain.h
 posttls-finger.o: ../../include/msg.h
diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c
index ea532f296..5f559b4fd 100644
--- a/postfix/src/posttls-finger/posttls-finger.c
+++ b/postfix/src/posttls-finger/posttls-finger.c
@@ -345,6 +345,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define STR(x)		vstring_str(x)
 
@@ -355,6 +356,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* DNS library. */
 
@@ -1919,6 +1921,7 @@ int     main(int argc, char *argv[])
     static STATE state;
     char   *loopenv = getenv("VALGRINDLOOP");
     int     loop = loopenv ? atoi(loopenv) : 1;
+    ARGV   *import_env;
 
     /* Don't die when a peer goes away unexpectedly. */
     signal(SIGPIPE, SIG_IGN);
@@ -1937,6 +1940,11 @@ int     main(int argc, char *argv[])
     mail_params_init();
     parse_tas(&state);
 
+    /* Enforce consistent operation of different Postfix parts. */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
+
     argc -= optind;
     argv += optind;
 
diff --git a/postfix/src/sendmail/Makefile.in b/postfix/src/sendmail/Makefile.in
index c09bfa757..83fa93bb9 100644
--- a/postfix/src/sendmail/Makefile.in
+++ b/postfix/src/sendmail/Makefile.in
@@ -61,6 +61,7 @@ depend: $(MAKES)
 sendmail.o: ../../include/argv.h
 sendmail.o: ../../include/attr.h
 sendmail.o: ../../include/check_arg.h
+sendmail.o: ../../include/clean_env.h
 sendmail.o: ../../include/cleanup_user.h
 sendmail.o: ../../include/connect.h
 sendmail.o: ../../include/debug_process.h
@@ -74,6 +75,7 @@ sendmail.o: ../../include/iostuff.h
 sendmail.o: ../../include/mail_conf.h
 sendmail.o: ../../include/mail_flush.h
 sendmail.o: ../../include/mail_params.h
+sendmail.o: ../../include/mail_parm_split.h
 sendmail.o: ../../include/mail_proto.h
 sendmail.o: ../../include/mail_queue.h
 sendmail.o: ../../include/mail_run.h
diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c
index 5341ca169..d63caaf60 100644
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -365,6 +365,10 @@
 /* .IP "\fBdelay_warning_time (0h)\fR"
 /*	The time after which the sender receives a copy of the message
 /*	headers of mail that is still queued.
+/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
+/*	The list of environment parameters that a privileged Postfix
+/*	process will import from a non-Postfix parent process, or name=value
+/*	environment overrides.
 /* .IP "\fBmail_owner (postfix)\fR"
 /*	The UNIX system account that owns the Postfix queue and most Postfix
 /*	daemon processes.
@@ -384,7 +388,7 @@
 /* .IP "\fBalternate_config_directories (empty)\fR"
 /*	A list of non-default Postfix configuration directories that may
 /*	be specified with "-c config_directory" on the command line (in the
-/*	case of \fBsendmail\fR(1), with -C config_directory"), or via the MAIL_CONFIG
+/*	case of \fBsendmail\fR(1), with "-C config_directory"), or via the MAIL_CONFIG
 /*	environment parameter.
 /* .IP "\fBmulti_instance_directories (empty)\fR"
 /*	An optional list of non-default Postfix configuration directories;
@@ -468,6 +472,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -492,6 +497,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -1001,6 +1007,7 @@ int     main(int argc, char **argv)
     int     dsn_ret = 0;
     const char *dsn_envid = 0;
     int     saved_optind;
+    ARGV   *import_env;
 
     /*
      * Fingerprint executables and core dumps.
@@ -1099,6 +1106,10 @@ int     main(int argc, char **argv)
     }
     optind = saved_optind;
     mail_conf_read();
+    /* Enforce consistent operation of different Postfix parts.	 */
+    import_env = mail_parm_split(VAR_IMPORT_ENVIRON, var_import_environ);
+    update_env(import_env->argv);
+    argv_free(import_env);
     /* Re-evaluate mail_task() after reading main.cf. */
     msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
     get_mail_conf_str_table(str_table);
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index e1d80e8a2..47ccec1a1 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -2957,7 +2957,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
 	const char *bare_addr;
 	ssize_t len;
 
-	if (type != T_MX)
+	if (type != T_A && type != T_MX)
 	    return (SMTPD_CHECK_DUNNO);
 	len = strlen(domain);
 	if (domain[len - 1] != ']')
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 4400ddbf6..6414fc833 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -546,148 +546,148 @@ tests: all valid_hostname_test mac_expand_test dict_test unescape_test \
 root_tests:
 
 valid_hostname_test: valid_hostname valid_hostname.in valid_hostname.ref
-	$(SHLIB_ENV) ./valid_hostname valid_hostname.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./valid_hostname valid_hostname.tmp
 	diff valid_hostname.ref valid_hostname.tmp
 	rm -f valid_hostname.tmp
 
 mac_expand_test: mac_expand mac_expand.in mac_expand.ref
-	$(SHLIB_ENV) ./mac_expand mac_expand.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./mac_expand mac_expand.tmp 2>&1
 	diff mac_expand.ref mac_expand.tmp
 	rm -f mac_expand.tmp
 
 unescape_test: unescape unescape.in unescape.ref
-	$(SHLIB_ENV) ./unescape unescape.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp
 	diff -b unescape.ref unescape.tmp
-#	$(SHLIB_ENV) ./unescape unescape.tmp
+#	$(SHLIB_ENV) ${VALGRIND} ./unescape unescape.tmp
 #	diff unescape.in unescape.tmp
 	rm -f unescape.tmp
 
 hex_quote_test: hex_quote
-	$(SHLIB_ENV) ./hex_quote hex_quote.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./hex_quote hex_quote.tmp
 	od -cb hex_quote.ref
 	cmp hex_quote.ref hex_quote.tmp
 	rm -f hex_quote.ref hex_quote.tmp
 
 ctable_test: ctable
-	$(SHLIB_ENV) ./ctable ctable.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./ctable ctable.tmp 2>&1
 	diff ctable.ref ctable.tmp
 	rm -f ctable.tmp
 
 # On Linux, following test may require "modprobe ipv6" to enable IPv6.
 
 inet_addr_list_test: inet_addr_list
-	$(SHLIB_ENV) ./inet_addr_list `cat inet_addr_list.in` >inet_addr_list.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./inet_addr_list `cat inet_addr_list.in` >inet_addr_list.tmp 2>&1
 	diff inet_addr_list.ref inet_addr_list.tmp
 	rm -f inet_addr_list.tmp
 
 sane_basename_test: sane_basename
-	$(SHLIB_ENV) ./sane_basename sane_basename.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./sane_basename sane_basename.tmp 2>&1
 	diff sane_basename.ref sane_basename.tmp
 	rm -f sane_basename.tmp
 
 base64_code_test: base64_code
-	$(SHLIB_ENV) ./base64_code
+	$(SHLIB_ENV) ${VALGRIND} ./base64_code
 
 attr_scan64_test: attr_print64 attr_scan64 attr_scan64.ref
-	($(SHLIB_ENV) ./attr_print64 2>&3 | (sleep 1;  $(SHLIB_ENV) ./attr_scan64)) >attr_scan64.tmp 2>&1 3>&1
+	($(SHLIB_ENV) ${VALGRIND} ./attr_print64 2>&3 | (sleep 1;  $(SHLIB_ENV) ./attr_scan64)) >attr_scan64.tmp 2>&1 3>&1
 	diff attr_scan64.ref attr_scan64.tmp
 	rm -f attr_scan64.tmp
 
 attr_scan0_test: attr_print0 attr_scan0 attr_scan0.ref
-	($(SHLIB_ENV) ./attr_print0 2>&3 | (sleep 1;  $(SHLIB_ENV) ./attr_scan0)) >attr_scan0.tmp 2>&1 3>&1
+	($(SHLIB_ENV) ${VALGRIND} ./attr_print0 2>&3 | (sleep 1;  $(SHLIB_ENV) ./attr_scan0)) >attr_scan0.tmp 2>&1 3>&1
 	diff attr_scan0.ref attr_scan0.tmp
 	rm -f attr_scan0.tmp
 
 dict_test: dict_open testdb dict_test.in dict_test.ref
 	rm -f testdb.db testdb.dir testdb.pag
 	$(SHLIB_ENV) ../postmap/postmap -N hash:testdb
-	$(SHLIB_ENV) ./dict_open hash:testdb write < dict_test.in 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_test.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./dict_open hash:testdb write < dict_test.in 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_test.tmp
 	diff dict_test.ref dict_test.tmp
 	$(SHLIB_ENV) ../postmap/postmap -n hash:testdb
-	$(SHLIB_ENV) ./dict_open hash:testdb write < dict_test.in 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_test.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./dict_open hash:testdb write < dict_test.in 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_test.tmp
 	diff dict_test.ref dict_test.tmp
 	rm -f testdb.db testdb.dir testdb.pag dict_test.tmp
 
 dict_pcre_test: dict_open dict_pcre.in dict_pcre.map dict_pcre.ref
-	$(SHLIB_ENV) ./dict_open pcre:dict_pcre.map read &1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_pcre.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./dict_open pcre:dict_pcre.map read &1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_pcre.tmp
 	diff dict_pcre.ref dict_pcre.tmp
 	rm -f dict_pcre.tmp
 
 dict_regexp_test: dict_open dict_regexp.in dict_regexp.map dict_regexp.ref
-	$(SHLIB_ENV) ./dict_open regexp:dict_regexp.map read &1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_regexp.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./dict_open regexp:dict_regexp.map read &1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_regexp.tmp
 	diff dict_regexp.ref dict_regexp.tmp
 	rm -f dict_regexp.tmp
 
 dict_cidr_test: dict_open dict_cidr.in dict_cidr.map dict_cidr.ref
-	$(SHLIB_ENV) ./dict_open cidr:dict_cidr.map read &1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_cidr.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./dict_open cidr:dict_cidr.map read &1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_cidr.tmp
 	diff dict_cidr.ref dict_cidr.tmp
 	rm -f dict_cidr.tmp
 
 miss_endif_cidr_test: dict_open miss_endif_cidr.map miss_endif_cidr.ref
-	echo get 1.2.3.5 | $(SHLIB_ENV) ./dict_open cidr:miss_endif_cidr.map read 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_cidr.tmp
+	echo get 1.2.3.5 | $(SHLIB_ENV) ${VALGRIND} ./dict_open cidr:miss_endif_cidr.map read 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_cidr.tmp
 	diff miss_endif_cidr.ref dict_cidr.tmp
 	rm -f dict_cidr.tmp
 
 miss_endif_pcre_test: dict_open miss_endif_re.map miss_endif_pcre.ref
-	echo get 1.2.3.5 | $(SHLIB_ENV) ./dict_open pcre:miss_endif_re.map read 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_pcre.tmp
+	echo get 1.2.3.5 | $(SHLIB_ENV) ${VALGRIND} ./dict_open pcre:miss_endif_re.map read 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_pcre.tmp
 	diff miss_endif_pcre.ref dict_pcre.tmp
 	rm -f dict_pcre.tmp
 
 miss_endif_regexp_test: dict_open miss_endif_re.map miss_endif_regexp.ref
-	echo get 1.2.3.5 | $(SHLIB_ENV) ./dict_open regexp:miss_endif_re.map read 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_regexp.tmp
+	echo get 1.2.3.5 | $(SHLIB_ENV) ${VALGRIND} ./dict_open regexp:miss_endif_re.map read 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' >dict_regexp.tmp
 	diff miss_endif_regexp.ref dict_regexp.tmp
 	rm -f dict_regexp.tmp
 
 split_qnameval_test: split_qnameval update
-	$(SHLIB_ENV) ./split_qnameval
+	$(SHLIB_ENV) ${VALGRIND} ./split_qnameval
 
 dict_seq_test: dict_open testdb dict_seq.in dict_seq.ref
 	rm -f testdb.db testdb.dir testdb.pag
-	$(SHLIB_ENV) ./dict_open hash:testdb create sync < dict_seq.in 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' > dict_seq.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./dict_open hash:testdb create sync < dict_seq.in 2>&1 | sed 's/uid=[0-9][0-9][0-9]*/uid=USER/' > dict_seq.tmp
 	diff dict_seq.ref dict_seq.tmp
 	rm -f testdb.db testdb.dir testdb.pag dict_seq.tmp
 
 host_port_test: host_port host_port.in host_port.ref
-	$(SHLIB_ENV) ./host_port host_port.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./host_port host_port.tmp 2>&1
 	diff host_port.ref host_port.tmp
 	rm -f host_port.tmp
 
 attr_scan_plain_test: attr_print_plain attr_scan_plain attr_scan_plain.ref
-	($(SHLIB_ENV) ./attr_print_plain 2>&3 | (sleep 1;  $(SHLIB_ENV) ./attr_scan_plain)) >attr_scan_plain.tmp 2>&1 3>&1
+	($(SHLIB_ENV) ${VALGRIND} ./attr_print_plain 2>&3 | (sleep 1;  $(SHLIB_ENV) ./attr_scan_plain)) >attr_scan_plain.tmp 2>&1 3>&1
 	diff attr_scan_plain.ref attr_scan_plain.tmp
 	rm -f attr_scan_plain.tmp
 
 htable_test: htable /usr/share/dict/words
-	$(SHLIB_ENV) ./htable < /usr/share/dict/words
+	$(SHLIB_ENV) ${VALGRIND} ./htable < /usr/share/dict/words
 
 hex_code_test: hex_code
-	$(SHLIB_ENV) ./hex_code
+	$(SHLIB_ENV) ${VALGRIND} ./hex_code
 
 timecmp_test: timecmp
-	$(SHLIB_ENV) ./timecmp
+	$(SHLIB_ENV) ${VALGRIND} ./timecmp
 
 myaddrinfo_test: myaddrinfo myaddrinfo.ref myaddrinfo.ref2
-	$(SHLIB_ENV) ./myaddrinfo all belly.porcupine.org 168.100.189.2 >myaddrinfo.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo all belly.porcupine.org 168.100.189.2 >myaddrinfo.tmp 2>&1
 	diff myaddrinfo.ref myaddrinfo.tmp
 	rm -f myaddrinfo.tmp
-	$(SHLIB_ENV) ./myaddrinfo all null.porcupine.org 10.0.0.0 >myaddrinfo.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo all null.porcupine.org 10.0.0.0 >myaddrinfo.tmp 2>&1
 	diff myaddrinfo.ref2 myaddrinfo.tmp
 	rm -f myaddrinfo.tmp
 
 myaddrinfo4_test: myaddrinfo4 myaddrinfo4.ref myaddrinfo4.ref2
-	$(SHLIB_ENV) ./myaddrinfo4 all belly.porcupine.org 168.100.189.2 >myaddrinfo4.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo4 all belly.porcupine.org 168.100.189.2 >myaddrinfo4.tmp 2>&1
 	diff myaddrinfo4.ref myaddrinfo4.tmp
-	$(SHLIB_ENV) ./myaddrinfo4 all null.porcupine.org 10.0.0.0 >myaddrinfo4.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo4 all null.porcupine.org 10.0.0.0 >myaddrinfo4.tmp 2>&1
 	diff myaddrinfo4.ref2 myaddrinfo4.tmp
 	rm -f myaddrinfo4.tmp
 
 format_tv_test: format_tv format_tv.in format_tv.ref
-	$(SHLIB_ENV) ./format_tv format_tv.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./format_tv format_tv.tmp
 	diff format_tv.ref format_tv.tmp
 	rm -f format_tv.tmp
 
 ip_match_test: ip_match ip_match.in ip_match.ref
-	$(SHLIB_ENV) ./ip_match ip_match.tmp
+	$(SHLIB_ENV) ${VALGRIND} ./ip_match ip_match.tmp
 	diff ip_match.ref ip_match.tmp
 	rm -f ip_match.tmp
 
@@ -696,57 +696,57 @@ name_mask_tests: name_mask_test0 name_mask_test1 name_mask_test2 \
 	name_mask_test7 name_mask_test8 name_mask_test9
 
 name_mask_test0: name_mask name_mask.in name_mask.ref0
-	$(SHLIB_ENV) ./name_mask IGNORE IGNORE < name_mask.in > name_mask.tmp 2>&0
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask IGNORE IGNORE < name_mask.in > name_mask.tmp 2>&0
 	diff name_mask.ref0 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test1: name_mask name_mask.in name_mask.ref1
-	$(SHLIB_ENV) ./name_mask NUMBER,WARN NUMBER < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,WARN NUMBER < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref1 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test2: name_mask name_mask.in name_mask.ref2
-	$(SHLIB_ENV) ./name_mask NUMBER,RETURN NUMBER < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,RETURN NUMBER < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref2 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test3: name_mask name_mask.in name_mask.ref3
-	$(SHLIB_ENV) ./name_mask WARN NUMBER < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask WARN NUMBER < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref3 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test4: name_mask name_mask.in name_mask.ref4
-	$(SHLIB_ENV) ./name_mask RETURN NUMBER < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask RETURN NUMBER < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref4 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test5: name_mask name_mask.in name_mask.ref5
-	$(SHLIB_ENV) ./name_mask NUMBER,WARN RETURN < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,WARN RETURN < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref5 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test6: name_mask name_mask.in name_mask.ref6
-	$(SHLIB_ENV) ./name_mask NUMBER,WARN WARN < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,WARN WARN < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref6 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test7: name_mask name_mask.in name_mask.ref7
-	$(SHLIB_ENV) ./name_mask NUMBER,WARN IGNORE < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,WARN IGNORE < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref7 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test8: name_mask name_mask.in name_mask.ref8
-	$(SHLIB_ENV) ./name_mask NUMBER,WARN NUMBER,COMMA < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,WARN NUMBER,COMMA < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref8 name_mask.tmp
 	rm -f name_mask.tmp
 
 name_mask_test9: name_mask name_mask.in name_mask.ref9
-	$(SHLIB_ENV) ./name_mask NUMBER,WARN NUMBER,PIPE < name_mask.in > name_mask.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./name_mask NUMBER,WARN NUMBER,PIPE < name_mask.in > name_mask.tmp 2>&1
 	diff name_mask.ref9 name_mask.tmp
 	rm -f name_mask.tmp
 
 base32_code_test: base32_code
-	$(SHLIB_ENV) ./base32_code
+	$(SHLIB_ENV) ${VALGRIND} ./base32_code
 
 dict_thash_test: ../postmap/postmap dict_thash.map dict_thash.in dict_thash.ref
 	$(SHLIB_ENV) ../postmap/postmap -fs texthash:dict_thash.map 2>&1 | \
@@ -757,54 +757,54 @@ dict_thash_test: ../postmap/postmap dict_thash.map dict_thash.in dict_thash.ref
 
 surrogate_test: dict_open surrogate.ref
 	cp /dev/null surrogate.tmp
-	echo get foo|$(SHLIB_ENV) ./dict_open cidr:/xx write >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open cidr:/xx read >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open pcre:/xx write >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open pcre:/xx read >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open regexp:/xx write >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open regexp:/xx read >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open unix:xx write >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open unix:xx read >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open texthash:/xx write >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open texthash:/xx read >>surrogate.tmp 2>&1
-	echo get foo|$(SHLIB_ENV) ./dict_open hash:/xx read >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open cidr:/xx write >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open cidr:/xx read >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open pcre:/xx write >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open pcre:/xx read >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open regexp:/xx write >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open regexp:/xx read >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open unix:xx write >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open unix:xx read >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open texthash:/xx write >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open texthash:/xx read >>surrogate.tmp 2>&1
+	echo get foo|$(SHLIB_ENV) ${VALGRIND} ./dict_open hash:/xx read >>surrogate.tmp 2>&1
 	diff surrogate.ref surrogate.tmp
 	rm -f surrogate.tmp
 
 dict_static_test: dict_open dict_static.ref
 	(set -e; \
 	(echo get foo; echo get bar) | $(SHLIB_ENV) \
-	    ./dict_open static:fooxx read; \
-	$(SHLIB_ENV) ./dict_open static:'{ foo xx ' read dict_static.tmp 2>&1
 	diff dict_static.ref dict_static.tmp
 	rm -f dict_static.tmp
 
 dict_inline_test: dict_open dict_inline.ref
 	(set -e; \
-	$(SHLIB_ENV) ./dict_open inline:'{ }' read dict_inline.tmp 2>&1
 	diff dict_inline.ref dict_inline.tmp
 	rm -f dict_inline.tmp
 
 midna_domain_test: midna_domain midna_domain_test.in midna_domain_test.ref
-	$(SHLIB_ENV) ./midna_domain midna_domain_test.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./midna_domain midna_domain_test.tmp 2>&1
 	diff midna_domain_test.ref midna_domain_test.tmp
 	rm -f midna_domain_test.tmp
 
 casefold_test: casefold casefold_test.in casefold_test.ref
-	$(SHLIB_ENV) ./casefold casefold_test.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./casefold casefold_test.tmp 2>&1
 	diff casefold_test.ref casefold_test.tmp
 	rm -f casefold_test.tmp
 
@@ -815,12 +815,12 @@ dict_utf8_test: dict_open dict_utf8_test.in dict_utf8_test.ref
 
 strcasecmp_utf8_test: strcasecmp_utf8 strcasecmp_utf8_test.in \
 	strcasecmp_utf8_test.ref
-	$(SHLIB_ENV) ./strcasecmp_utf8 strcasecmp_utf8_test.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./strcasecmp_utf8 strcasecmp_utf8_test.tmp 2>&1
 	diff strcasecmp_utf8_test.ref strcasecmp_utf8_test.tmp
 	rm -f strcasecmp_utf8_test.tmp
 
 vbuf_print_test: vbuf_print vbuf_print_test.in vbuf_print_test.ref
-	$(SHLIB_ENV) ./vbuf_print vbuf_print_test.tmp 2>&1
+	$(SHLIB_ENV) ${VALGRIND} ./vbuf_print vbuf_print_test.tmp 2>&1
 	diff vbuf_print_test.ref vbuf_print_test.tmp
 	rm -f vbuf_print_test.tmp
 
@@ -1779,8 +1779,6 @@ load_file.o: vbuf.h
 load_file.o: vstream.h
 load_file.o: warn_stat.h
 load_lib.o: load_lib.c
-load_lib.o: load_lib.h
-load_lib.o: msg.h
 load_lib.o: sys_defs.h
 lowercase.o: check_arg.h
 lowercase.o: lowercase.c
diff --git a/postfix/src/util/clean_env.c b/postfix/src/util/clean_env.c
index ec337cdf0..e2143959e 100644
--- a/postfix/src/util/clean_env.c
+++ b/postfix/src/util/clean_env.c
@@ -8,12 +8,18 @@
 /*
 /*	void	clean_env(preserve_list)
 /*	const char **preserve_list;
+/*
+/*	void	update_env(preserve_list)
+/*	const char **preserve_list;
 /* DESCRIPTION
 /*	clean_env() reduces the process environment to the bare minimum.
 /*	The function takes a null-terminated list of arguments.
 /*	Each argument specifies the name of an environment variable
 /*	that should be preserved, or specifies a name=value that should
 /*	be entered into the new environment.
+/*
+/*	update_env() applies name=value settings, but otherwise does not
+/*	change the process environment.
 /* DIAGNOSTICS
 /*	Fatal error: out of memory.
 /* SEE ALSO
@@ -85,3 +91,33 @@ void    clean_env(char **preserve_list)
      */
     argv_free(save_list);
 }
+
+/* update_env - apply name=value settings only */
+
+void    update_env(char **preserve_list)
+{
+    char  **cpp;
+    ARGV   *save_list;
+    char   *eq;
+
+    /*
+     * Extract name=value settings.
+     */
+    save_list = argv_alloc(10);
+    for (cpp = preserve_list; *cpp; cpp++)
+	if ((eq = strchr(*cpp, '=')) != 0)
+	    argv_addn(save_list, STRING_AND_LENGTH(*cpp, eq - *cpp),
+		      STRING_AND_LENGTH(eq + 1, strlen(eq + 1)), (char *) 0);
+
+    /*
+     * Apply name=value settings.
+     */
+    for (cpp = save_list->argv; *cpp; cpp += 2)
+	if (setenv(cpp[0], cpp[1], 1))
+	    msg_fatal("setenv(%s, %s): %m", cpp[0], cpp[1]);
+
+    /*
+     * Cleanup.
+     */
+    argv_free(save_list);
+}
diff --git a/postfix/src/util/clean_env.h b/postfix/src/util/clean_env.h
index 24cf70bea..7d587da9f 100644
--- a/postfix/src/util/clean_env.h
+++ b/postfix/src/util/clean_env.h
@@ -15,6 +15,7 @@
   * External interface.
   */
 extern void clean_env(char **);
+extern void update_env(char **);
 
 /* LICENSE
 /* .ad
diff --git a/postfix/src/util/dict_pipe_test.in b/postfix/src/util/dict_pipe_test.in
index 4ee6f101c..9626dcd3f 100644
--- a/postfix/src/util/dict_pipe_test.in
+++ b/postfix/src/util/dict_pipe_test.in
@@ -1,9 +1,9 @@
-./dict_open 'pipemap:{inline:{k1=v1,k2=v2},inline:{v2=v3}}' read <