From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 31 May 2020 05:00:00 +0000 (-0500)
Subject: postfix-3.6-20200531
X-Git-Tag: v3.6.0-RC1~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=119d6abed969b1b30c62722ae31c854b5682beae;p=thirdparty%2Fpostfix.git

postfix-3.6-20200531
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 191e064cf..2aa23d9d5 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -24811,3 +24811,31 @@ Apologies for any names omitted.
 	Cleanup: unit tests now build with -fno-common. Files:
 	global/server_acl.c, smtpd/smtpd_check.c, global/strip_addr.c,
 	proxymap/proxymap.c.
+
+20200525
+
+	Documentation: revised text about TLS connection reuse.
+	File: proto/CONNECTION_CACHE_README.html
+
+20200530
+
+	Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert"
+	did not handle a missing optional argument. File:
+	conf/postfix-tls-script.
+
+20200531
+
+	Debugging: per-nexthop SMTP client "debug peer" logging so
+	that we can also see what happens before, between, and after
+	SMTP sessions; add explicit SMTP client debug logging for
+	non-DNS host lookups.  Files: smtp/smtp.c, proto/postconf.proto,
+	smtp/smtp_addr.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_session.c,
+	smtp/smtp_state.c.
+
+	Postfix delivery agents now log an explicit record when
+	delegating delivery to a different Postfix delivery agent.
+	Example: "postfix/smtp[pid] queueid: passing <recipient>
+	to transport=local". This makes the delegating delivery
+	agent visible, where it would otherwise have remained
+	invisible, which would complicate troubleshooting. File:
+	global/deliver_pass.c.
diff --git a/postfix/README_FILES/CONNECTION_CACHE_README b/postfix/README_FILES/CONNECTION_CACHE_README
index bd2fd0308..db1d9affd 100644
--- a/postfix/README_FILES/CONNECTION_CACHE_README
+++ b/postfix/README_FILES/CONNECTION_CACHE_README
@@ -7,9 +7,6 @@ IInnttrroodduuccttiioonn
 This document describes the Postfix connection cache implementation, which is
 available with Postfix version 2.2 and later.
 
-See Client-side TLS connection reuse for how this connection cache is used to
-implement multiple deliveries per TLS-encrypted connection.
-
 Topics covered in this document:
 
   * What SMTP connection caching can do for you
@@ -22,8 +19,12 @@ Topics covered in this document:
 WWhhaatt SSMMTTPP ccoonnnneeccttiioonn ccaacchhiinngg ccaann ddoo ffoorr yyoouu
 
 With SMTP connection caching, Postfix can deliver multiple messages over the
-same SMTP connection. By default, Postfix 2.2 reuses an SMTP connection
-automatically when a destination has high volume of mail in the active queue.
+same SMTP connection. By default, Postfix 2.2 reuses a plaintext SMTP
+connection automatically when a destination has high volume of mail in the
+active queue.
+
+See Client-side TLS connection reuse to also implement multiple deliveries over
+a TLS-encrypted connection (Postfix version 3.4 and later).
 
 SMTP Connection caching is a performance feature. Whether or not it actually
 improves performance depends on the conditions:
@@ -32,9 +33,15 @@ improves performance depends on the conditions:
     mail to a destination with multiple mail servers, because it can help
     Postfix to skip over a non-responding server.
 
+  * SMTP Connection caching can also help with receivers that impose rate
+    limits on new connections.
+
   * Otherwise, the benefits of SMTP connection caching are minor: it eliminates
     the latency of the TCP handshake (SYN, SYN+ACK, ACK), plus the latency of
     the SMTP initial handshake (220 greeting, EHLO command, EHLO response).
+    With TLS-encrypted connections, this can save an additional two roundtrips
+    that would otherwise be needed to send STARTTLS and to resume a TLS
+    session.
 
   * SMTP Connection caching gives no gains with respect to SMTP session tear-
     down. The Postfix smtp(8) client normally does not wait for the server's
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 52dd221cb..3fc80718b 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -25,6 +25,26 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
 the software under the license of their choice. Those who are more
 comfortable with the IPL can continue with that license.
 
+Incompatible change with snapshot 20200531
+==========================================
+
+Postfix delivery agents now log an explicit record when delegating
+delivery to a different Postfix delivery agent. 
+
+For example, with "best_mx_transport = local", an SMTP delivery
+agent will now log when a recipient will be delivered locally. This
+makes the delegating delivery agent visible, where it would otherwise
+have remained invisible, which would complicate troubleshooting.
+
+  postfix/smtp[pid]: queueid: passing <recipient> to transport=local
+
+This will usually be followed by logging for an actual delivery:
+
+  postfix/local[pid]: queueid: to=<recipient>, relay=local, ...
+
+Other examples: the local delivery agent defers mailbox delivery
+through mailbox_transport or through fallback_transport.
+
 Major changes with snapshot 20200509
 ====================================
 
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 96872fd9f..69913ede3 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -1,5 +1,11 @@
 Wish list:
 
+	DNS wrapper class, like XSASL, to support different stub
+	resolvers without contaminating Postfix programs with the
+	idiosyncracies of stub resolvers. Handle differences in
+	resolver feature sets gracefully: an unsupported request
+	will result in an error status, not program termination.
+
 	DNSSEC end-to-end test, probing a configurable zone (".")
 	and resource type (default: NS).
 
diff --git a/postfix/conf/postfix-tls-script b/postfix/conf/postfix-tls-script
index 2c3430a1a..1a364b7fc 100644
--- a/postfix/conf/postfix-tls-script
+++ b/postfix/conf/postfix-tls-script
@@ -777,7 +777,7 @@ get_cache_db_type() {
 deploy_server_cert() {
     certfile=$1; shift
     keyfile=$1; shift
-    deploy=$1; shift
+    case $# in 0) deploy=;; *) deploy=$1; shift;; esac
 
     # Sets key_algo, key_param and cert_param
     check_key "$keyfile" || return 1
diff --git a/postfix/html/CONNECTION_CACHE_README.html b/postfix/html/CONNECTION_CACHE_README.html
index c2bf8b6fa..28139109c 100644
--- a/postfix/html/CONNECTION_CACHE_README.html
+++ b/postfix/html/CONNECTION_CACHE_README.html
@@ -22,10 +22,6 @@
 <p> This document describes the Postfix connection cache implementation,
 which is available with Postfix version 2.2 and later. </p>
 
-<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
-connection reuse</a> for how this connection cache is used to
-implement multiple deliveries per TLS-encrypted connection. </p>
-
 <p> Topics covered in this document: </p>
 
 <ul>
@@ -49,8 +45,12 @@ you</a></h2>
 
 <p> With SMTP connection caching, Postfix can deliver multiple
 messages over the same SMTP connection. By default, Postfix 2.2
-reuses an SMTP connection automatically when a destination has
-high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.  </p>
+reuses a plaintext SMTP connection automatically when a destination has
+high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
+
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to also implement multiple deliveries over a
+TLS-encrypted connection (Postfix version 3.4 and later). </p>
 
 <p> SMTP Connection caching is a performance feature. Whether or not
 it actually improves performance depends on the conditions: </p>
@@ -62,10 +62,15 @@ when delivering mail to a destination with multiple mail servers,
 because it can help Postfix to skip over a non-responding server.
 </p>
 
+<li> <p> SMTP Connection caching can also help with receivers that
+impose rate limits on new connections. </p>
+
 <li> <p> Otherwise, the benefits of SMTP connection caching are
 minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK,
 ACK), plus the latency of the SMTP initial handshake (220 greeting,
-EHLO command, EHLO response).
+EHLO command, EHLO response). With TLS-encrypted connections, this
+can save an additional two roundtrips that would otherwise be needed
+to send STARTTLS and to resume a TLS session. </p>
 
 <li> <p> SMTP Connection caching gives no gains with respect to
 SMTP session tear-down.  The Postfix <a href="smtp.8.html">smtp(8)</a> client normally does
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html
index a01589cc1..f79f4e04e 100644
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -826,13 +826,15 @@ SMTP(8)                                                                SMTP(8)
 
 <b>TROUBLE SHOOTING CONTROLS</b>
        <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment in verbose logging level when a remote  client  or
-              server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+              The increment in verbose logging level when a next-hop  destina-
+              tion,  remote client or server name or network address matches a
+              pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
 
        <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional  list  of  remote  client or server hostname or network
-              address  patterns  that  cause  the  verbose  logging  level  to
-              increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+              Optional list of next-hop destination, remote client  or  server
+              name  or  network  address  patterns that, if matched, cause the
+              verbose logging level to increase by  the  amount  specified  in
+              $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 
        <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
               The  recipient  of  postmaster notifications about mail delivery
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index cf34baca6..6e3f44cfb 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -1834,8 +1834,11 @@ software.  </p>
 <DT><b><a name="debug_peer_level">debug_peer_level</a>
 (default: 2)</b></DT><DD>
 
-<p> The increment in verbose logging level when a remote client or
-server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.  </p>
+<p> The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
 
 
 </DD>
@@ -1843,9 +1846,12 @@ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_
 <DT><b><a name="debug_peer_list">debug_peer_list</a>
 (default: empty)</b></DT><DD>
 
-<p> Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.  </p>
+<p> Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+</p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
 
 <p> Specify domain names, network/netmask patterns, "/file/name"
 patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index a01589cc1..f79f4e04e 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -826,13 +826,15 @@ SMTP(8)                                                                SMTP(8)
 
 <b>TROUBLE SHOOTING CONTROLS</b>
        <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment in verbose logging level when a remote  client  or
-              server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+              The increment in verbose logging level when a next-hop  destina-
+              tion,  remote client or server name or network address matches a
+              pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
 
        <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional  list  of  remote  client or server hostname or network
-              address  patterns  that  cause  the  verbose  logging  level  to
-              increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+              Optional list of next-hop destination, remote client  or  server
+              name  or  network  address  patterns that, if matched, cause the
+              verbose logging level to increase by  the  amount  specified  in
+              $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 
        <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
               The  recipient  of  postmaster notifications about mail delivery
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 0d6dd2712..0fef63682 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1104,12 +1104,17 @@ software.
 .PP
 This feature is available in Postfix 2.5 and later.
 .SH debug_peer_level (default: 2)
-The increment in verbose logging level when a remote client or
-server matches a pattern in the debug_peer_list parameter.
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.PP
+Per\-nexthop debug logging is available in Postfix 3.6 and later.
 .SH debug_peer_list (default: empty)
-Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $debug_peer_level.
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.PP
+Per\-nexthop debug logging is available in Postfix 3.6 and later.
 .PP
 Specify domain names, network/netmask patterns, "/file/name"
 patterns or "type:table" lookup tables. The right\-hand side result
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 89a7b60eb..1aaae63d3 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -744,12 +744,13 @@ used for DNS lookups.
 .ad
 .fi
 .IP "\fBdebug_peer_level (2)\fR"
-The increment in verbose logging level when a remote client or
-server matches a pattern in the debug_peer_list parameter.
+The increment in verbose logging level when a next\-hop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
 .IP "\fBdebug_peer_list (empty)\fR"
-Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $debug_peer_level.
+Optional list of next\-hop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
 .IP "\fBerror_notice_recipient (postmaster)\fR"
 The recipient of postmaster notifications about mail delivery
 problems that are caused by policy, resource, software or protocol
diff --git a/postfix/proto/CONNECTION_CACHE_README.html b/postfix/proto/CONNECTION_CACHE_README.html
index 7ffd7bb04..7d170a1b6 100644
--- a/postfix/proto/CONNECTION_CACHE_README.html
+++ b/postfix/proto/CONNECTION_CACHE_README.html
@@ -22,10 +22,6 @@
 <p> This document describes the Postfix connection cache implementation,
 which is available with Postfix version 2.2 and later. </p>
 
-<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
-connection reuse</a> for how this connection cache is used to
-implement multiple deliveries per TLS-encrypted connection. </p>
-
 <p> Topics covered in this document: </p>
 
 <ul>
@@ -49,8 +45,12 @@ you</a></h2>
 
 <p> With SMTP connection caching, Postfix can deliver multiple
 messages over the same SMTP connection. By default, Postfix 2.2
-reuses an SMTP connection automatically when a destination has
-high volume of mail in the active queue.  </p>
+reuses a plaintext SMTP connection automatically when a destination has
+high volume of mail in the active queue. </p>
+
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to also implement multiple deliveries over a
+TLS-encrypted connection (Postfix version 3.4 and later). </p>
 
 <p> SMTP Connection caching is a performance feature. Whether or not
 it actually improves performance depends on the conditions: </p>
@@ -62,10 +62,15 @@ when delivering mail to a destination with multiple mail servers,
 because it can help Postfix to skip over a non-responding server.
 </p>
 
+<li> <p> SMTP Connection caching can also help with receivers that
+impose rate limits on new connections. </p>
+
 <li> <p> Otherwise, the benefits of SMTP connection caching are
 minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK,
 ACK), plus the latency of the SMTP initial handshake (220 greeting,
-EHLO command, EHLO response).
+EHLO command, EHLO response). With TLS-encrypted connections, this
+can save an additional two roundtrips that would otherwise be needed
+to send STARTTLS and to resume a TLS session. </p>
 
 <li> <p> SMTP Connection caching gives no gains with respect to
 SMTP session tear-down.  The Postfix smtp(8) client normally does
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 3d5365743..e608f1017 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -916,14 +916,20 @@ The default time unit is s (seconds).
 
 %PARAM debug_peer_level 2
 
-<p> The increment in verbose logging level when a remote client or
-server matches a pattern in the debug_peer_list parameter.  </p>
+<p> The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter. </p>
 
-%PARAM debug_peer_list 
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
 
-<p> Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $debug_peer_level.  </p>
+%PARAM debug_peer_list
+
+<p> Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+</p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
 
 <p> Specify domain names, network/netmask patterns, "/file/name"
 patterns or "type:table" lookup tables. The right-hand side result
diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in
index 14f7283e3..7984512d0 100644
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@@ -1057,6 +1057,7 @@ deliver_pass.o: deliver_request.h
 deliver_pass.o: dsb_scan.h
 deliver_pass.o: dsn.h
 deliver_pass.o: dsn_buf.h
+deliver_pass.o: info_log_addr_form.h
 deliver_pass.o: mail_params.h
 deliver_pass.o: mail_proto.h
 deliver_pass.o: msg_stats.h
@@ -1401,6 +1402,7 @@ haproxy_srvr.o: ../../include/inet_proto.h
 haproxy_srvr.o: ../../include/msg.h
 haproxy_srvr.o: ../../include/myaddrinfo.h
 haproxy_srvr.o: ../../include/mymalloc.h
+haproxy_srvr.o: ../../include/sock_addr.h
 haproxy_srvr.o: ../../include/split_at.h
 haproxy_srvr.o: ../../include/stringops.h
 haproxy_srvr.o: ../../include/sys_defs.h
diff --git a/postfix/src/global/deliver_pass.c b/postfix/src/global/deliver_pass.c
index e2112bafc..d7945fcd4 100644
--- a/postfix/src/global/deliver_pass.c
+++ b/postfix/src/global/deliver_pass.c
@@ -70,6 +70,7 @@
 #include <dsb_scan.h>
 #include <defer.h>
 #include <rcpt_print.h>
+#include <info_log_addr_form.h>
 
 #define DELIVER_PASS_DEFER	1
 #define DELIVER_PASS_UNKNOWN	2
@@ -182,6 +183,9 @@ int     deliver_pass(const char *class, const char *service,
     /*
      * Initialize.
      */
+    msg_info("%s: passing <%s> to transport=%s",
+	     request->queue_id, info_log_addr_form_recipient(rcpt->address),
+	     transport);
     stream = mail_connect_wait(class, transport);
     dsb = dsb_create();
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index cf9a271e6..41ff81483 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20200523"
+#define MAIL_RELEASE_DATE	"20200531"
 #define MAIL_VERSION_NUMBER	"3.6"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/smtp/Makefile.in b/postfix/src/smtp/Makefile.in
index 140192f89..30d028011 100644
--- a/postfix/src/smtp/Makefile.in
+++ b/postfix/src/smtp/Makefile.in
@@ -93,12 +93,14 @@ smtp.o: ../../include/byte_mask.h
 smtp.o: ../../include/check_arg.h
 smtp.o: ../../include/debug_peer.h
 smtp.o: ../../include/deliver_request.h
+smtp.o: ../../include/delivered_hdr.h
 smtp.o: ../../include/dict.h
 smtp.o: ../../include/dns.h
 smtp.o: ../../include/dsn.h
 smtp.o: ../../include/dsn_buf.h
 smtp.o: ../../include/ext_prop.h
 smtp.o: ../../include/flush_clnt.h
+smtp.o: ../../include/fold_addr.h
 smtp.o: ../../include/header_body_checks.h
 smtp.o: ../../include/header_opts.h
 smtp.o: ../../include/htable.h
@@ -713,6 +715,7 @@ smtp_session.o: smtp_session.c
 smtp_state.o: ../../include/argv.h
 smtp_state.o: ../../include/attr.h
 smtp_state.o: ../../include/check_arg.h
+smtp_state.o: ../../include/debug_peer.h
 smtp_state.o: ../../include/deliver_request.h
 smtp_state.o: ../../include/dict.h
 smtp_state.o: ../../include/dns.h
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index aa35d2107..9f1357aa6 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -702,12 +702,13 @@
 /* .ad
 /* .fi
 /* .IP "\fBdebug_peer_level (2)\fR"
-/*	The increment in verbose logging level when a remote client or
-/*	server matches a pattern in the debug_peer_list parameter.
+/*	The increment in verbose logging level when a next-hop destination,
+/*	remote client or server name or network address matches a pattern
+/*	given with the debug_peer_list parameter.
 /* .IP "\fBdebug_peer_list (empty)\fR"
-/*	Optional list of remote client or server hostname or network
-/*	address patterns that cause the verbose logging level to increase
-/*	by the amount specified in $debug_peer_level.
+/*	Optional list of next-hop destination, remote client or server
+/*	name or network address patterns that, if matched, cause the verbose
+/*	logging level to increase by the amount specified in $debug_peer_level.
 /* .IP "\fBerror_notice_recipient (postmaster)\fR"
 /*	The recipient of postmaster notifications about mail delivery
 /*	problems that are caused by policy, resource, software or protocol
@@ -1215,6 +1216,8 @@ static int deliver_message(const char *service, DELIVER_REQUEST *request)
     state->src = request->fp;
     state->service = service;
     state->misc_flags |= smtp_addr_pref;
+    state->debug_peer_per_nexthop =
+	debug_peer_check(request->nexthop, "noaddr");
     SMTP_RCPT_INIT(state);
 
     /*
diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h
index 281cfe42f..e8c994fbf 100644
--- a/postfix/src/smtp/smtp.h
+++ b/postfix/src/smtp/smtp.h
@@ -185,6 +185,12 @@ typedef struct SMTP_STATE {
      * DSN Support introduced major bloat in error processing.
      */
     DSN_BUF *why;			/* on-the-fly formatting buffer */
+
+    /*
+     * Whether per-nexthop debug_peer support was requested. Otherwise,
+     * assume per-server debug_peer support.
+     */
+    int     debug_peer_per_nexthop;
 } SMTP_STATE;
 
  /*
diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index 2210ff7d8..7111fe433 100644
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -154,6 +154,8 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host, int res_opt,
 		msg_fatal("host %s: conversion error for address family "
 			  "%d: %m", host, res0->ai_addr->sa_family);
 	    addr_list = dns_rr_append(addr_list, addr);
+	    if (msg_verbose)
+		msg_info("%s: using numerical host %s", myname, host);
 	    freeaddrinfo(res0);
 	    return (addr_list);
 	}
@@ -230,6 +232,14 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host, int res_opt,
 		    msg_fatal("host %s: conversion error for address family "
 			      "%d: %m", host, res0->ai_addr->sa_family);
 		addr_list = dns_rr_append(addr_list, addr);
+		if (msg_verbose) {
+		    MAI_HOSTADDR_STR hostaddr_str;
+
+		    SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen,
+				  &hostaddr_str, (MAI_SERVPORT_STR *) 0, 0);
+		    msg_info("%s: native lookup result: %s",
+			     myname, hostaddr_str.buf);
+		}
 	    }
 	    freeaddrinfo(res0);
 	    if (found == 0) {
@@ -370,8 +380,7 @@ static DNS_RR *smtp_balance_inet_proto(DNS_RR *addr_list, int misc_flags,
     DNS_RR *next;
     int     v6_count;
     int     v4_count;
-    int     v6_target,
-            v4_target;
+    int     v6_target, v4_target;
     int    *p;
 
     /*
diff --git a/postfix/src/smtp/smtp_session.c b/postfix/src/smtp/smtp_session.c
index 1b3a20e9c..9f1397843 100644
--- a/postfix/src/smtp/smtp_session.c
+++ b/postfix/src/smtp/smtp_session.c
@@ -229,7 +229,8 @@ void    smtp_session_free(SMTP_SESSION *session)
     smtp_sasl_cleanup(session);
 #endif
 
-    debug_peer_restore();
+    if (session->state->debug_peer_per_nexthop == 0)
+	debug_peer_restore();
     myfree((void *) session);
 }
 
diff --git a/postfix/src/smtp/smtp_state.c b/postfix/src/smtp/smtp_state.c
index f91ab8c48..3416e0f5d 100644
--- a/postfix/src/smtp/smtp_state.c
+++ b/postfix/src/smtp/smtp_state.c
@@ -28,6 +28,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -43,6 +48,7 @@
 /* Global library. */
 
 #include <mail_params.h>
+#include <debug_peer.h>
 
 /* Application-specific. */
 
@@ -81,6 +87,7 @@ SMTP_STATE *smtp_state_alloc(void)
 	state->cache_used = 0;
     }
     state->why = dsb_create();
+    state->debug_peer_per_nexthop = 0;
     return (state);
 }
 
@@ -109,6 +116,8 @@ void    smtp_state_free(SMTP_STATE *state)
 	htable_free(state->cache_used, (void (*) (void *)) 0);
     if (state->why)
 	dsb_free(state->why);
+    if (state->debug_peer_per_nexthop)
+	debug_peer_restore();
 
     myfree((void *) state);
 }
