From: Wietse Venema <wietse@porcupine.org>
Date: Thu, 9 Jan 2014 05:00:00 +0000 (-0500)
Subject: postfix-2.12-20140109
X-Git-Tag: v3.0.0-RC1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14e328a286c3e50b2b2118d8ac3abcd3935c9ba2;p=thirdparty%2Fpostfix.git

postfix-2.12-20140109
---

diff --git a/postfix/.indent.pro b/postfix/.indent.pro
index 61ea04957..7c1140ce0 100644
--- a/postfix/.indent.pro
+++ b/postfix/.indent.pro
@@ -180,6 +180,7 @@
 -TMATCH_OPS
 -TMBLOCK
 -TMBOX
+-TMDB_env
 -TMDB_txn
 -TMDB_val
 -TMILTER
@@ -381,6 +382,7 @@
 -Tssize_t
 -Tssl_cipher_stack_t
 -Tssl_comp_stack_t
+-Tstat
 -Ttime_t
 -Ttlsa_filter
 -Tx509_extension_stack_t
diff --git a/postfix/HISTORY b/postfix/HISTORY
index 77a10aeff..c67bceb16 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -19466,9 +19466,6 @@ Apologies for any names omitted.
 	Shockingly, LMDB terminates the postscreen daemon without
 	logfile record.  File: util/dict_cache.c.
 
-	Because of the above behavior, LMDB cannot be supported in
-	the stable Postfix 2.11 release.
-
 20140102
 
 	Bugfix: close the LMDB database cursor's read transaction
@@ -19484,11 +19481,46 @@ Apologies for any names omitted.
 	smtp_rcpt.c, smtp_session.c, smtp_chat.c, smtp_proto.c,
 	smtp_connect.c.
 
-20130104
+20140104
 
 	Feature: support for optional configuration files
 	"$daemon-directory/postfix-files.d/*".  These are processed
 	in sorted order after "$daemon-directory/postfix-files",
 	This avoids breaking "postfix set-permissions" etc. when a
-	Postfix distributions comes in multiple packages.  File:
+	Postfix distribution comes in multiple packages.  File:
 	conf/post-install.
+
+20140107
+
+	Feature: LMDB 0.9.11 allows Postfix daemons to log an LMDB
+	error message, instead of falling out of the sky without
+	any notification.  Files: util/slmdb.[hc], util/dict_lmdb.c.
+
+20140108
+
+	Bugfix: every Postfix LMDB transaction is now protected by
+	an external lock for its entire life time. File: util/slmdb.c.
+
+20140109
+
+	Cleanup: turn off DNSSEC lookup after CNAME redirection to
+	an insecure zone. This is an optimization for resolvers
+	that do not automatically resolve CNAME chains. Viktor
+	Dukhovni. File: dns/dns_lookup.c.
+
+	Cleanup: do not salt the SMTP TLS policy lookup cache key
+	with the DNSSEC status. The DNSSEC status will not change
+	when the same nexthop/host pair is looked up repeatedly.
+	Viktor Dukhovni. File: smtp/smtp_tls_policy.c.
+
+	Robustness: Suppress TLSA lookups only when the qname zone
+	is insecure, not just because the rname zone is insecure.
+	This requires an extra T_CNAME lookup for the qname, since
+	nameservers are often "too helpful" and report CNAME records
+	together with the CNAME targets. When the targets are
+	insecure the whole reply is marked as insecure.  Viktor
+	Dukhovni.  File: tls/tls_dane.c.
+
+	Cleanup: Unify/simplify reporting of configuration or other
+	conditions that prevent DANE security.  Viktor Dukhovni.
+	Files: global/dsn_buf.[hc], tls/tls_dane.c, smtp/smtp_tls_policy.c.
diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README
index d59c5a682..15751b71b 100644
--- a/postfix/README_FILES/FORWARD_SECRECY_README
+++ b/postfix/README_FILES/FORWARD_SECRECY_README
@@ -83,14 +83,13 @@ element of that group called a "generator". Presently, there are two flavors of
   * PPrriimmee--ffiieelldd ggrroouuppss ((EEDDHH)):: The server needs to be configured with a
     suitably-large prime and a corresponding "generator". The acronym for
     forward secrecy over prime fields is EDH for Ephemeral Diffie-Hellman (also
-    abbreviated as DHE for Diffie-Hellman Exchange).
+    abbreviated as DHE).
 
   * EElllliippttiicc--ccuurrvvee ggrroouuppss ((EEEECCDDHH)):: The server needs to be configured with a
     "named curve". These offer better security at lower computational cost than
     prime field groups, but are not as widely implemented. The acronym for the
     elliptic curve version is EECDH which is short for Ephemeral Elliptic Curve
-    Diffie-Hellman (also abbreviated as ECDHE for Elliptic Curve Diffie-Hellman
-    Exchange).
+    Diffie-Hellman (also abbreviated as ECDHE).
 
 It is not essential to know what these are, but one does need to know that
 OpenSSL supports EECDH with version 1.0.0 or later. Thus the configuration
@@ -201,7 +200,9 @@ GGeettttiinngg ssttaarrtteedd,, qquuiicckk aanndd ddiir
 EEEECCDDHH CClliieenntt aanndd sseerrvveerr ssuuppppoorrtt ((PPoossttffiixx >>== 22..66 wwiitthh OOppeennSSSSLL >>== 11..00..00))
 
 With Postfix 2.6 and 2.7, enable elliptic-curve support in the Postfix SMTP
-client and server. This is the default with Postfix >= 2.8.
+client and server. This is the default with Postfix >= 2.8. Note, however, that
+elliptic-curve support may be disabled by the vendor, as in some versions of
+RedHat Linux.
 
     /etc/postfix/main.cf:
         # Postfix 2.6 or 2.7 only. This is default with Postfix 2.8 and later.
@@ -209,7 +210,7 @@ client and server. This is the default with Postfix >= 2.8.
 
 EEDDHH CClliieenntt ssuuppppoorrtt ((PPoossttffiixx >>== 22..22))
 
-This space intentionally left blank.
+This works "out of the box" without additional configuration.
 
 EEDDHH SSeerrvveerr ssuuppppoorrtt ((PPoossttffiixx >>== 22..22))
 
diff --git a/postfix/README_FILES/LMDB_README b/postfix/README_FILES/LMDB_README
index 851621710..3fcfd9ab3 100644
--- a/postfix/README_FILES/LMDB_README
+++ b/postfix/README_FILES/LMDB_README
@@ -2,34 +2,26 @@ PPoossttffiixx OOppeennLLDDAAPP LLMMDDBB HHoowwttoo
 
 -------------------------------------------------------------------------------
 
-NNoottee
-
-LMDB is not supported in the stable Postfix release. It will spontaneously
-terminate a Postfix daemon process without allowing Postfix to 1) report the
-problem to the maillog file, and to 2) provide reduced service where this is
-appropriate.
-
 IInnttrroodduuccttiioonn
 
 Postfix uses databases of various kinds to store and look up information.
-Postfix databases are specified as "type:name". OpenLDAP LMDB implements the
-Postfix database type "lmdb". The name of a Postfix OpenLDAP LMDB database is
-the name of the database file without the ".lmdb" suffix.
+Postfix databases are specified as "type:name". OpenLDAP LMDB (called "LMDB"
+from here on) implements the Postfix database type "lmdb". The name of a
+Postfix LMDB database is the name of the database file without the ".lmdb"
+suffix.
 
 This document describes:
 
- 1. How to build Postfix with OpenLDAP LMDB support.
+  * Building Postfix with LMDB support.
 
- 2. How to configure LMDB settings.
+  * Configuring LMDB settings.
 
- 3. Missing pthread library trouble.
+  * Supported minimum LMDB patchlevel.
 
- 4. Unexpected failure modes that don't exist with other Postfix databases.
+BBuuiillddiinngg PPoossttffiixx wwiitthh LLMMDDBB ssuuppppoorrtt
 
-BBuuiillddiinngg PPoossttffiixx wwiitthh OOppeennLLDDAAPP LLMMDDBB ssuuppppoorrtt
-
-Postfix normally does not enable OpenLDAP LMDB support. To build Postfix with
-OpenLDAP LMDB support, use something like:
+Postfix normally does not enable LMDB support. To build Postfix with LMDB
+support, use something like:
 
     % make makefiles CCARGS="-DHAS_LMDB -I/usr/local/include" \
         AUXLIBS="-L/usr/local/lib -llmdb"
@@ -41,19 +33,7 @@ Solaris may need this:
         AUXLIBS="-R/usr/local/lib -L/usr/local/lib -llmdb"
     % make
 
-The exact pathnames depend on how OpenLDAP LMDB was installed.
-
-CCoonnffiigguurree LLMMDDBB sseettttiinnggss
-
-Postfix provides one configuration parameter that controls OpenLDAP LMDB
-database behavior.
-
-  * lmdb_map_size (default: 16777216). This setting specifies the initial
-    OpenLDAP LMDB database size limit in bytes. Each time a database becomes
-    full, its size limit is doubled. The maximum size is the largest signed
-    integer value of "long".
-
-MMiissssiinngg pptthhrreeaadd lliibbrraarryy ttrroouubbllee
+The exact pathnames depend on how LMDB was installed.
 
 When building Postfix fails with:
 
@@ -65,46 +45,40 @@ Add the "-lpthread" library to the "make makefiles" command.
 
     % make makefiles .... AUXLIBS="... -lpthread"
 
-Source code for OpenLDAP LMDB is available at http://www.openldap.org. More
-information is available at http://highlandsun.com/hyc/mdb/.
-
-UUnneexxppeecctteedd ffaaiilluurree mmooddeess ooff PPoossttffiixx LLMMDDBB ddaattaabbaasseess..
+CCoonnffiigguurriinngg LLMMDDBB sseettttiinnggss
 
-As documented below, conversion to LMDB introduces a number of failure modes
-that don't exist with other Postfix databases. Some failure modes have been
-eliminated in the course of time. The writeup below reflects the status as of
-LMDB 0.9.9.
+Postfix provides one configuration parameter that controls LMDB database
+behavior.
 
-NNoonn--oobbvviioouuss rreeccoovveerryy wwiitthh ppoossttmmaapp((11)),, ppoossttaalliiaass((11)),, oorr ttllssmmggrr((88)) ffrroomm aa
-ccoorrrruupptteedd ddaattaabbaassee..
+  * lmdb_map_size (default: 16777216). This setting specifies the initial LMDB
+    database size limit in bytes. Each time a database becomes full, its size
+    limit is doubled. The maximum size is the largest signed integer value of
+    "long".
 
-Problem:
-    A corrupted LMDB database can't be rebuilt simply by re-running postmap(1)
-    or postalias(1), or by waiting until a tlsmgr(8) daemon restarts. This
-    problem does not exist with other Postfix databases.
+SSuuppppoorrtteedd mmiinniimmuumm LLMMDDBB ppaattcchhlleevveell
 
-Background:
-    The Postfix LMDB database client does not truncate the database file.
-    Instead it attempts to create a transaction for a "drop" request plus
-    subsequent "store" requests. That is obviously not possible with a
-    corrupted database file.
+Currently, Postfix supports LMDB 0.9.11 or later. The supported minimum LMDB
+patchlevel has evolved over time, as the result of deployment experience with
+Postfix.
 
-Impact:
-    Postfix does not process mail until someone fixes the problem.
+  * LMDB 0.9.11 allows Postfix daemons to log an LMDB error message, instead of
+    falling out of the sky without any notification.
 
-Recovery:
-    First delete the ".lmdb" file by hand. Then rebuild the file with the
-    postmap(1) or postalias(1) command if the file was created with those
-    commands, or restart postfix daemons if the file is maintained by tlsmgr
-    (8).
+  * LMDB 0.9.10 closes an information leak where LMDB was writing up to 4kbyte-
+    chunks of uninitialized heap memory to the database, persisting information
+    that was not meant to be persisted, or sharing information that was not
+    meant to be shared.
 
-Prevention:
-    Arrange your file systems such that they never run out of free space.
+  * LMDB 0.9.8 allows Postfix to use external (fcntl()-based) locks, instead of
+    having to use world-writable LMDB lock files.
 
-    Use ECC memory to detect and correct silent corruption of in-memory file
-    system data and metadata.
+  * LMDB 0.9.8 allows an application to recover from a "database full" error
+    without having to close the database, by adding support to update the
+    database size limit on-the-fly; and it adds support for an application to
+    adopt someone elses change to the database size limit, without having to
+    close the database.
 
-    Use a file system such as ZFS to detect and correct silent corruption of
-    on-disk file system data and metadata. DO NOT use ZFS on systems without
-    ECC memory error correction.
+  * LMDB 0.9.7 allows the postmap and postalias commands to use a bulk-mode
+    transaction larger than the amount of physical memory. This is necessary
+    because LMDB supports databases larger than physical memory.
 
diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README
index 552279f72..404bde7c5 100644
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -622,33 +622,11 @@ ciphers:
         # Legacy syntax:
         smtpd_tls_mandatory_protocols = TLSv1
 
-If you want to take advantage of ciphers with ephemeral Diffie-Hellman (EDH)
-key exchange (this offers "forward-secrecy"), DH parameters are needed. Instead
-of using the built-in DH parameters for both 1024-bit (non-export ciphers) and
-512-bit (export ciphers), it is better to generate your own parameters, since
-otherwise it would "pay" for a possible attacker to start a brute force attack
-against parameters that are used by everybody. Postfix defaults to compiled-in
-parameters that are shared by all Postfix users who don't generate their own
-settings.
-
-To generate your own set of DH parameters, use:
-
-    % ooppeennssssll ggeennddhh --oouutt //eettcc//ppoossttffiixx//ddhh__551122..ppeemm --22 551122
-    % ooppeennssssll ggeennddhh --oouutt //eettcc//ppoossttffiixx//ddhh__11002244..ppeemm --22 11002244
-
-Support for elliptic curve cryptography is available with Postfix 2.6 and
-OpenSSL 1.0.0 or later. To enable ephemeral elliptic curve Diffie-Hellman
-(EECDH) key-exchange, set "smtpd_tls_eecdh_grade = strong" or
-"smtpd_tls_eecdh_grade = ultra". The "ultra" setting is substantially more CPU
-intensive, and "strong" is sufficiently secure for most situations.
-
-Examples:
-
-    /etc/postfix/main.cf:
-        smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
-        smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
-        # Postfix >= 2.6:
-        smtpd_tls_eecdh_grade = strong
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting started section of FORWARD_SECRECY_README. The full document
+conveniently presents all information about Postfix "perfect" forward secrecy
+support in one place: what forward secrecy is, how to tweak settings, and what
+you can expect to see when Postfix uses ciphers with forward secrecy.
 
 Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later allows TLS
 servers to preempt the TLS client's cipher-suite preference list. This is
@@ -1829,7 +1807,7 @@ Example:
         smtp_tls_exclude_ciphers = aNULL
         # Preferred form with Postfix >= 2.5:
         smtp_tls_mandatory_protocols = !SSLv2
-        # Legacy form for Postifx < 2.5:
+        # Legacy form for Postfix < 2.5:
         smtp_tls_mandatory_protocols = SSLv3, TLSv1
         # Also available with Postfix >= 2.6:
         smtp_tls_ciphers = export
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index a89e883f5..14b8ea23f 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,4 +1,4 @@
-This is the Postfix 2.12 (experimental) branch.
+This is the Postfix 2.12 (experimental) release.
 
 The stable Postfix release is called postfix-2.11.x where 2=major
 release number, 11=minor release number, x=patchlevel.  The stable
diff --git a/postfix/RELEASE_NOTES-2.11 b/postfix/RELEASE_NOTES-2.11
index 4931a94e7..be893f3ec 100644
--- a/postfix/RELEASE_NOTES-2.11
+++ b/postfix/RELEASE_NOTES-2.11
@@ -45,6 +45,23 @@ Another concern is that a legitimate CA might be coerced to provide
 a certificate that allows its government to play man-in-the-middle
 on TLS traffic and observe the plaintext.
 
+Major changes - LMDB database support
+-------------------------------------
+
+LMDB is a memory-mapped database that was originally developed as
+part of OpenLDAP. The Postfix LMDB driver was originally written
+by Howard Chu, LMDB's creator. Support for LMDB has evolved throughout
+the Postfix 2.11 development cycle.
+
+LMDB can be used for all Postfix lookup table and cache storage.
+It is the first persistent Postfix database that can be shared among
+multiple writers such as postscreen daemons (Postfix already supported
+non-persistent memcached caches).  See lmdb_table(5) and LMDB_README
+for further information.
+
+Postfix currently supports LMDB version 0.9.11 and later. The minimum
+version may change over time in the light of deployment experience.
+
 Major changes - postscreen whitelisting
 ---------------------------------------
 
@@ -74,7 +91,7 @@ Major changes - smtpd access control
 ------------------------------------
 
 [Feature 20131031] The check_sasl_access feature can be used to
-block hijacked logins. Like other check_mumble_acces features it
+block hijacked logins. Like other check_mumble_access features it
 queries a lookup table (in this case with the SASL login name), and
 it supports the same actions as any Postfix access(5) table.
 
diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html
index 40613f1ff..7ce054d6d 100644
--- a/postfix/html/FORWARD_SECRECY_README.html
+++ b/postfix/html/FORWARD_SECRECY_README.html
@@ -38,7 +38,7 @@ will focus on TLS Forward Secrecy in the Postfix SMTP client and
 server.  See <a href="TLS_README.html">TLS_README</a> for a general
 description of Postfix TLS support. </p>
 
-<h2> What is Forward Secrecy </h2>
+<h2><a name="dfn_fs">What is Forward Secrecy</a></h2>
 
 <p> The term "Forward Secrecy" (or sometimes "Perfect Forward Secrecy")
 is used to describe security protocols in which the confidentiality
@@ -126,7 +126,7 @@ Presently, there are two flavors of "groups" that work with PFS: </p>
 <li> <p> <b> Prime-field groups (EDH):</b>  The server needs to be
 configured with a suitably-large prime and a corresponding "generator".
 The acronym for forward secrecy over prime fields is EDH for Ephemeral
-Diffie-Hellman (also abbreviated as DHE for Diffie-Hellman Exchange).
+Diffie-Hellman (also abbreviated as DHE).
 </p>
 
 <li> <p> <b> Elliptic-curve groups (EECDH): </b>  The server needs
@@ -134,8 +134,7 @@ to be configured with a "named curve".  These offer better security
 at lower computational cost than prime field groups, but are not
 as widely implemented.  The acronym for the elliptic curve version
 is EECDH which is short for Ephemeral Elliptic Curve Diffie-Hellman
-(also abbreviated as ECDHE for Elliptic Curve Diffie-Hellman
-Exchange).  </p>
+(also abbreviated as ECDHE). </p>
 
 </ul>
 
@@ -276,7 +275,8 @@ href="TLS_README.html#client_tls_policy">TLS policy</a> table. </p>
 
 <p> With Postfix 2.6 and 2.7, enable elliptic-curve support in the
 Postfix SMTP client and server. This is the default with Postfix
-&ge; 2.8.
+&ge; 2.8. Note, however, that elliptic-curve support may be disabled
+by the vendor, as in some versions of RedHat Linux. </p>
 
 <blockquote>
 <pre>
@@ -288,7 +288,7 @@ Postfix SMTP client and server. This is the default with Postfix
 
 <h3> EDH Client support (Postfix &ge; 2.2) </h3>
 
-<p> This space intentionally left blank. </p>
+<p> This works "out of the box" without additional configuration. </p>
 
 <h3> EDH Server support (Postfix &ge; 2.2) </h3>
 
diff --git a/postfix/html/LMDB_README.html b/postfix/html/LMDB_README.html
index 56f468f2d..554320332 100644
--- a/postfix/html/LMDB_README.html
+++ b/postfix/html/LMDB_README.html
@@ -17,41 +17,31 @@
 
 <hr>
 
-<h2>Note</h2>
-
-<p> LMDB is not supported in the stable Postfix release.  It will
-spontaneously terminate a Postfix daemon process without allowing
-Postfix to 1) report the problem to the maillog file, and to 2)
-provide reduced service where this is appropriate. </p>
-
 <h2>Introduction</h2>
 
 <p> Postfix uses databases of various kinds to store and look up
-information. Postfix databases are specified as "type:name".
-OpenLDAP LMDB implements the Postfix database type "lmdb".
-The name of a Postfix OpenLDAP LMDB database is the name
-of the database file without the ".lmdb" suffix. </p>
+information. Postfix databases are specified as "type:name".  OpenLDAP
+LMDB (called "LMDB" from here on) implements the Postfix database
+type "lmdb".  The name of a Postfix LMDB database is the name of
+the database file without the ".lmdb" suffix. </p>
 
 <p> This document describes: </p>
 
-<ol>
-
-<li> <p> How to build Postfix <a href="#with_lmdb">with OpenLDAP
-LMDB support</a>. </p>
+<ul>
 
-<li> <p> How to <a href="#configure">configure</a> LMDB settings. </p>
+<li> <p> <a href="#with_lmdb">Building Postfix with LMDB support</a>.
+</p>
 
-<li> <p> Missing <a href="#pthread">pthread</a> library trouble. </p>
+<li> <p> <a href="#configure">Configuring LMDB settings</a>. </p>
 
-<li> <p> Unexpected <a href="#limitations">failure modes</a> that
-don't exist with other Postfix databases. </p>
+<li> <p> <a href="#supported"> Supported minimum LMDB patchlevel</a>. </p>
 
-</ol>
+</ul>
 
-<h2><a name="with_lmdb">Building Postfix with OpenLDAP LMDB support</a></h2>
+<h2><a name="with_lmdb">Building Postfix with LMDB support</a></h2>
 
-<p> Postfix normally does not enable OpenLDAP LMDB support.  To
-build Postfix with OpenLDAP LMDB support, use something like: </p>
+<p> Postfix normally does not enable LMDB support.  To
+build Postfix with LMDB support, use something like: </p>
 
 <blockquote>
 <pre>
@@ -71,23 +61,7 @@ build Postfix with OpenLDAP LMDB support, use something like: </p>
 </pre>
 </blockquote>
 
-<p> The exact pathnames depend on how OpenLDAP LMDB was installed. </p>
-
-<h2><a name="configure">Configure LMDB settings</a></h2>
-
-<p> Postfix provides one configuration parameter that controls
-OpenLDAP LMDB database behavior. </p>
-
-<ul>
-
-<li> <p> <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (default: 16777216).  This setting specifies
-the initial OpenLDAP LMDB database size limit in bytes.  Each time
-a database becomes full, its size limit is doubled. The maximum
-size is the largest signed integer value of "long".  </p>
-
-</ul>
-
-<h2><a name="pthread">Missing pthread library trouble</a></h2>
+<p> The exact pathnames depend on how LMDB was installed. </p>
 
 <p> When building Postfix fails with: </p>
 
@@ -107,10 +81,55 @@ undefined reference to `pthread_mutex_lock'
 </pre>
 </blockquote>
 
-<p> Source code for OpenLDAP LMDB is available at
-<a href="http://www.openldap.org">http://www.openldap.org</a>.
-More information is available at
-<a href="http://highlandsun.com/hyc/mdb/">http://highlandsun.com/hyc/mdb/</a>. </p>
+<h2><a name="configure">Configuring LMDB settings</a></h2>
+
+<p> Postfix provides one configuration parameter that controls
+LMDB database behavior. </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (default: 16777216).  This setting specifies
+the initial LMDB database size limit in bytes.  Each time
+a database becomes full, its size limit is doubled. The maximum
+size is the largest signed integer value of "long".  </p>
+
+</ul>
+
+<h2> <a name="supported"> Supported minimum LMDB patchlevel </a> </h2>
+
+<p> Currently, Postfix supports LMDB 0.9.11 or later. The supported
+minimum LMDB patchlevel has evolved over time, as the result of
+deployment experience with Postfix. </p>
+
+<ul>
+
+<li> <p> LMDB 0.9.11 allows Postfix daemons to log an LMDB error
+message, instead of falling out of the sky without any notification.
+</p>
+
+<li> <p> LMDB 0.9.10 closes an information leak where LMDB was
+writing up to 4kbyte-chunks of uninitialized heap memory to the
+database, persisting information that was not meant to be persisted,
+or sharing information that was not meant to be shared. </p>
+
+<li> <p> LMDB 0.9.8 allows Postfix to use external (fcntl()-based)
+locks, instead of having to use world-writable LMDB lock files.
+</p>
+
+<li> <p> LMDB 0.9.8 allows an application to recover from a "database
+full" error without having to close the database, by adding support
+to update the database size limit on-the-fly; and it adds support
+for an application to adopt someone elses change to the database
+size limit, without having to close the database. </p>
+
+<li> <p> LMDB 0.9.7 allows the postmap and postalias commands to
+use a bulk-mode transaction larger than the amount of physical
+memory. This is necessary because LMDB supports databases larger
+than physical memory. </p>
+
+</ul>
+
+<!--
 
 <h2><a name="limitations">Unexpected failure modes of Postfix LMDB
 databases.  </a> </h2>
@@ -120,6 +139,8 @@ failure modes that don't exist with other Postfix databases.  Some
 failure modes have been eliminated in the course of time.
 The writeup below reflects the status as of LMDB 0.9.9. </p>
 
+-->
+
 <!--
 
 <p> <strong>Unexpected "Permission denied" errors. </strong></p>
@@ -296,6 +317,8 @@ sure that <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> &gt; 3x the
 
 -->
 
+<!--
+
 <p> <strong>Non-obvious recovery with <a href="postmap.1.html">postmap(1)</a>, <a href="postalias.1.html">postalias(1)</a>, or
 <a href="tlsmgr.8.html">tlsmgr(8)</a> from a corrupted database.  </strong></p>
 
@@ -334,3 +357,9 @@ corruption of on-disk file system data and metadata. DO NOT
 use ZFS on systems without ECC memory error correction. </p>
 
 </dd> </dl>
+
+-->
+
+</body>
+
+</html>
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 25f01af61..50713e4e0 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -872,43 +872,15 @@ with high grade ciphers: </p>
 </pre>
 </blockquote>
 
-<p> If you want to take advantage of ciphers with ephemeral Diffie-Hellman
-(EDH) key exchange (this offers "forward-secrecy"), DH parameters are
-needed.  Instead of using the built-in DH parameters for both 1024-bit
-(non-export ciphers) and 512-bit (export ciphers), it is better to
-generate your own parameters, since otherwise it would "pay" for a
-possible attacker to start a brute force attack against parameters that
-are used by everybody.  Postfix defaults to compiled-in parameters
-that are shared by all Postfix users who don't generate their own
-settings. </p>
-
-<p> To generate your own set of DH parameters, use: </p>
-
-<blockquote>
-<pre>
-% <b>openssl gendh -out /etc/postfix/dh_512.pem -2 512</b>
-% <b>openssl gendh -out /etc/postfix/dh_1024.pem -2 1024</b>
-</pre>
-</blockquote>
-
-<p> Support for elliptic curve cryptography is available with Postfix
-2.6 and OpenSSL 1.0.0 or later.  To enable ephemeral elliptic curve
-Diffie-Hellman (EECDH) key-exchange, set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> =
-strong" or "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The "ultra" setting is
-substantially more CPU intensive, and "strong" is sufficiently
-secure for most situations. </p>
-
-<p> Examples: </p>
- 
-<blockquote>
-<pre>
-/etc/postfix/<a href="postconf.5.html">main.cf</a>:
-    <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh_1024.pem
-    <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem
-    # Postfix &ge; 2.6:
-    <a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong
-</pre>
-</blockquote>
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
 
 <p> Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later
 allows TLS servers to preempt the TLS client's cipher-suite preference list.
@@ -2390,7 +2362,7 @@ the SSL/TLS protocols used with opportunistic TLS. </p>
     <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
     # Preferred form with Postfix &ge; 2.5:
     <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2
-    # Legacy form for Postifx &lt; 2.5:
+    # Legacy form for Postfix &lt; 2.5:
     <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
     # Also available with Postfix &ge; 2.6:
     <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
diff --git a/postfix/html/lmdb_table.5.html b/postfix/html/lmdb_table.5.html
index 31acc6ac0..1a221a658 100644
--- a/postfix/html/lmdb_table.5.html
+++ b/postfix/html/lmdb_table.5.html
@@ -20,14 +20,10 @@ LMDB_TABLE(5)                                                    LMDB_TABLE(5)
        <b>postmap -q - <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
 
 <b>DESCRIPTION</b>
-       LMDB  is  not  supported in the stable Postfix release. It will sponta-
-       neously terminate a Postfix daemon process without allowing Postfix  to
-       1)  report  the  problem to the maillog file, and to 2) provide reduced
-       service where this is appropriate.
-
-       The Postfix LMDB adapter  provides  access  to  a  persistent,  memory-
+       The  Postfix  LMDB  adapter  provides  access  to a persistent, memory-
        mapped, key-value store.  The database size is limited only by the size
-       of the memory address space and file system.
+       of the memory address space (typically 32 or 64 bits) and by the avail-
+       able file system space.
 
 <b>REQUESTS</b>
        The LMDB adapter supports all Postfix lookup  table  operations.   This
@@ -69,7 +65,7 @@ LMDB_TABLE(5)                                                    LMDB_TABLE(5)
        configuration change.
 
        <b><a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (default: 16777216)</b>
-              The initial OpenLDAP LMDB database size limit in bytes.
+              The initial LMDB database size limit in bytes.
 
 <b>SEE ALSO</b>
        <a href="postconf.1.html">postconf(1)</a>, Postfix supported lookup tables
@@ -78,7 +74,7 @@ LMDB_TABLE(5)                                                    LMDB_TABLE(5)
 
 <b>README FILES</b>
        <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
-       <a href="LMDB_README.html">LMDB_README</a>, Postfix LMDB howto
+       <a href="LMDB_README.html">LMDB_README</a>, Postfix OpenLDAP LMDB howto
 
 <b>LICENSE</b>
        The Secure Mailer license must be distributed with this software.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 888d885e5..d94d0bb44 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -9490,8 +9490,9 @@ that change the delivery time or destination are not available.
 <DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a>
 (default: version dependent)</b></DT><DD>
 
-<p> Allow DNS CNAME records to override the servername that the
-Postfix SMTP client uses for logging, SASL password lookup, TLS
+<p> When the remote SMTP servername is a DNS CNAME, replace the
+servername with the result from CNAME expansion for the purpose of
+logging, SASL password lookup, TLS
 policy decisions, or TLS certificate verification. The value "no"
 hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against
 false hostname information in DNS CNAME records, and makes SASL
@@ -11977,8 +11978,9 @@ not, TLS security will vary from delivery to delivery.  It is up
 to the domain owner to configure their MX hosts and their DNS
 sensibly.  To configure the Postfix SMTP client for DNSSEC lookups
 see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a>
-parameter.  When TLSA records are not found or are all unusable the
-effective security level is "may" or "encrypt" respectively.  For
+parameter.  When DNSSEC-validated TLSA records are not found the
+effective tls security level is "may".  When TLSA records are found,
+but are all unusable the effective security level is "encrypt".  For
 purposes of protocol and cipher selection, the "dane" security level
 is treated like a "mandatory" TLS security level, and weak ciphers
 and protocols are disabled.  Since DANE authenticates server
@@ -15229,27 +15231,38 @@ This file may also contain the Postfix SMTP server private DSA key. </p>
 (default: empty)</b></DT><DD>
 
 <p> File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers. </p>
+use with non-export EDH ciphers. </p>
 
 <p> Instead of using the exact same parameter sets as distributed
 with other TLS packages, it is more secure to generate your own
-set of parameters with something like the following command:  </p>
+set of parameters with something like the following commands:  </p>
 
 <blockquote>
 <pre>
-openssl gendh -out /etc/postfix/dh_1024.pem -2 1024
+openssl dhparam -out /etc/postfix/dh512.pem 512
+openssl dhparam -out /etc/postfix/dh1024.pem 1024
+openssl dhparam -out /etc/postfix/dh2048.pem 2048
 </pre>
 </blockquote>
 
-<p> Your actual source for entropy may differ. Some systems have
-/dev/random; on other system you may consider using the "Entropy
-Gathering Daemon EGD", available at <a href="http://egd.sourceforge.net/">http://egd.sourceforge.net/</a>
-</p>
+<p> It is safe to share the same DH parameters between multiple
+Postfix instances.  If you prefer, you can generate separate
+parameters for each instance.  </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
 
 <p> Example: </p>
 
 <pre>
-<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh_1024.pem
+<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh2048.pem
 </pre>
 
 <p>This feature is available with Postfix version 2.2.</p>
@@ -15261,7 +15274,7 @@ Gathering Daemon EGD", available at <a href="http://egd.sourceforge.net/">http:/
 (default: empty)</b></DT><DD>
 
 <p> File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers. </p>
+use with export-grade EDH ciphers. </p>
 
 <p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
 configuration parameter.  </p>
@@ -15360,8 +15373,19 @@ users. </dd>
 
 </dl>
 
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
+
 <p> This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later. </p>
+compiled and linked with OpenSSL 1.0.0 or later on platforms
+where EC algorithms have not been disabled by the vendor. </p>
 
 
 </DD>
@@ -16484,11 +16508,14 @@ strong" means approximately 128-bit security based on best known
 attacks. The selected curve must be implemented by OpenSSL (as
 reported by ecparam(1) with the "-list_curves" option) and be one
 of the curves listed in Section 5.1.1 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not
-generally change this setting. </p>
+generally change this setting.  Remote SMTP client implementations
+must support this curve for EECDH key exchange to take place.  It
+is unwise to choose an "exotic" curve supported by only a small subset
+of clients.  </p>
 
-<p> This default curve is specified in NSA "Suite B" Cryptography
-(see <a href="http://www.nsa.gov/ia/industry/crypto_suite_b.cfm">http://www.nsa.gov/ia/industry/crypto_suite_b.cfm</a>) for
-information classified as SECRET. </p>
+<p> The default "strong" curve is rated in NSA <a
+href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+B</a> for information classified up to SECRET.  </p>
 
 <p> Note: elliptic curve names are poorly standardized; different
 standards groups are assigning different names to the same underlying
@@ -16496,8 +16523,19 @@ curves.  The curve with the X9.62 name "prime256v1" is also known
 under the SECG name "secp256r1", but OpenSSL does not recognize the
 latter name. </p>
 
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
+
 <p> This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later. </p>
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
 
 
 </DD>
@@ -16516,12 +16554,23 @@ curve must be implemented by OpenSSL (as reported by ecparam(1) with the
 "-list_curves" option) and be one of the curves listed in Section 5.1.1
 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p>
 
-<p> This default "ultra" curve is specified in NSA "Suite B" Cryptography
-(see <a href="http://www.nsa.gov/ia/industry/crypto_suite_b.cfm">http://www.nsa.gov/ia/industry/crypto_suite_b.cfm</a>) for information
-classified as TOP SECRET. </p>
+<p> This default "ultra" curve is rated in NSA <a
+href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+B</a> for information classified up to TOP SECRET. </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
 
 <p> This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later. </p>
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
 
 
 </DD>
@@ -16975,8 +17024,8 @@ private DSA key.  See <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_d
 (default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD>
 
 <p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
-should use with EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> for
-further details. </p>
+should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
+for further details. </p>
 
 <p> This feature is available in Postfix 2.8 and later. </p>
 
@@ -16987,8 +17036,8 @@ further details. </p>
 (default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD>
 
 <p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
-should use with EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> for
-further details.  </p>
+should use with export-grade EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>
+for further details.  </p>
 
 <p> This feature is available in Postfix 2.8 and later. </p>
 
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 897fb8d10..814c715dd 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -422,11 +422,11 @@ SMTPD(8)                                                              SMTPD(8)
 
        <b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
               File with DH parameters that the Postfix SMTP server should  use
-              with EDH ciphers.
+              with non-export EDH ciphers.
 
        <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
               File  with DH parameters that the Postfix SMTP server should use
-              with EDH ciphers.
+              with export-grade EDH ciphers.
 
        <b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
               File with the Postfix SMTP server DSA private key in PEM format.
diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html
index 7a239b224..dfd6e6867 100644
--- a/postfix/html/tlsproxy.8.html
+++ b/postfix/html/tlsproxy.8.html
@@ -90,11 +90,11 @@ TLSPROXY(8)                                                        TLSPROXY(8)
 
        <b><a href="postconf.5.html#tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b>
               File with DH parameters  that  the  Postfix  <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>  server
-              should use with EDH ciphers.
+              should use with non-export EDH ciphers.
 
        <b><a href="postconf.5.html#tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b>
               File  with  DH  parameters  that  the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
-              should use with EDH ciphers.
+              should use with export-grade EDH ciphers.
 
        <b><a href="postconf.5.html#tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b>
               File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA private key in  PEM
diff --git a/postfix/man/man5/lmdb_table.5 b/postfix/man/man5/lmdb_table.5
index 9768ecb91..a58051db0 100644
--- a/postfix/man/man5/lmdb_table.5
+++ b/postfix/man/man5/lmdb_table.5
@@ -22,15 +22,10 @@ Postfix LMDB adapter
 .SH DESCRIPTION
 .ad
 .fi
-LMDB is not supported in the stable Postfix release. It
-will spontaneously terminate a Postfix daemon process without
-allowing Postfix to 1) report the problem to the maillog
-file, and to 2) provide reduced service where this is
-appropriate.
-
 The Postfix LMDB adapter provides access to a persistent,
 memory-mapped, key-value store.  The database size is limited
-only by the size of the memory address space and file system.
+only by the size of the memory address space (typically 32
+or 64 bits) and by the available file system space.
 .SH "REQUESTS"
 .na
 .nf
@@ -84,7 +79,7 @@ Short-lived programs automatically pick up changes to
 main.cf.  With long-running daemon programs, Use the command
 "\fBpostfix reload\fR" after a configuration change.
 .IP "\fBlmdb_map_size (default: 16777216)\fR"
-The initial OpenLDAP LMDB database size limit in bytes.
+The initial LMDB database size limit in bytes.
 .SH "SEE ALSO"
 .na
 .nf
@@ -101,7 +96,7 @@ Use "\fBpostconf readme_directory\fR" or
 .na
 .nf
 DATABASE_README, Postfix lookup table overview
-LMDB_README, Postfix LMDB howto
+LMDB_README, Postfix OpenLDAP LMDB howto
 .SH "LICENSE"
 .na
 .nf
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index baf8ac93f..9023f3e52 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -5771,8 +5771,9 @@ that change the delivery time or destination are not available.
 .PP
 This feature is available in Postfix 2.5 and later.
 .SH smtp_cname_overrides_servername (default: version dependent)
-Allow DNS CNAME records to override the servername that the
-Postfix SMTP client uses for logging, SASL password lookup, TLS
+When the remote SMTP servername is a DNS CNAME, replace the
+servername with the result from CNAME expansion for the purpose of
+logging, SASL password lookup, TLS
 policy decisions, or TLS certificate verification. The value "no"
 hardens Postfix smtp_tls_per_site hostname-based policies against
 false hostname information in DNS CNAME records, and makes SASL
@@ -7698,8 +7699,9 @@ not, TLS security will vary from delivery to delivery.  It is up
 to the domain owner to configure their MX hosts and their DNS
 sensibly.  To configure the Postfix SMTP client for DNSSEC lookups
 see the documentation for the smtp_dns_support_level main.cf
-parameter.  When TLSA records are not found or are all unusable the
-effective security level is "may" or "encrypt" respectively.  For
+parameter.  When DNSSEC-validated TLSA records are not found the
+effective tls security level is "may".  When TLSA records are found,
+but are all unusable the effective security level is "encrypt".  For
 purposes of protocol and cipher selection, the "dane" security level
 is treated like a "mandatory" TLS security level, and weak ciphers
 and protocols are disabled.  Since DANE authenticates server
@@ -10245,32 +10247,42 @@ smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem
 This feature is available in Postfix 2.2 and later.
 .SH smtpd_tls_dh1024_param_file (default: empty)
 File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers.
+use with non-export EDH ciphers.
 .PP
 Instead of using the exact same parameter sets as distributed
 with other TLS packages, it is more secure to generate your own
-set of parameters with something like the following command:
+set of parameters with something like the following commands:
 .sp
 .in +4
 .nf
 .na
 .ft C
-openssl gendh -out /etc/postfix/dh_1024.pem -2 1024
+openssl dhparam -out /etc/postfix/dh512.pem 512
+openssl dhparam -out /etc/postfix/dh1024.pem 1024
+openssl dhparam -out /etc/postfix/dh2048.pem 2048
 .fi
 .ad
 .ft R
 .in -4
 .PP
-Your actual source for entropy may differ. Some systems have
-/dev/random; on other system you may consider using the "Entropy
-Gathering Daemon EGD", available at http://egd.sourceforge.net/
+It is safe to share the same DH parameters between multiple
+Postfix instances.  If you prefer, you can generate separate
+parameters for each instance.
+.PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
 .PP
 Example:
 .PP
 .nf
 .na
 .ft C
-smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
+smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
 .fi
 .ad
 .ft R
@@ -10278,7 +10290,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
 This feature is available with Postfix version 2.2.
 .SH smtpd_tls_dh512_param_file (default: empty)
 File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers.
+use with export-grade EDH ciphers.
 .PP
 See also the discussion under the smtpd_tls_dh1024_param_file
 configuration parameter.
@@ -10360,8 +10372,17 @@ users.
 .br
 .br
 .PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
+.PP
 This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later.
+compiled and linked with OpenSSL 1.0.0 or later on platforms
+where EC algorithms have not been disabled by the vendor.
 .SH smtpd_tls_exclude_ciphers (default: empty)
 List of ciphers or cipher types to exclude from the SMTP server
 cipher list at all TLS security levels. Excluding valid ciphers
@@ -11258,11 +11279,13 @@ strong" means approximately 128-bit security based on best known
 attacks. The selected curve must be implemented by OpenSSL (as
 reported by \fBecparam\fR(1) with the "-list_curves" option) and be one
 of the curves listed in Section 5.1.1 of RFC 4492. You should not
-generally change this setting.
+generally change this setting.  Remote SMTP client implementations
+must support this curve for EECDH key exchange to take place.  It
+is unwise to choose an "exotic" curve supported by only a small subset
+of clients.
 .PP
-This default curve is specified in NSA "Suite B" Cryptography
-(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for
-information classified as SECRET.
+The default "strong" curve is rated in NSA Suite
+B for information classified up to SECRET.
 .PP
 Note: elliptic curve names are poorly standardized; different
 standards groups are assigning different names to the same underlying
@@ -11270,8 +11293,17 @@ curves.  The curve with the X9.62 name "prime256v1" is also known
 under the SECG name "secp256r1", but OpenSSL does not recognize the
 latter name.
 .PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
+.PP
 This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later.
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor.
 .SH tls_eecdh_ultra_curve (default: secp384r1)
 The elliptic curve used by the Postfix SMTP server for maximally
 strong
@@ -11284,12 +11316,20 @@ curve must be implemented by OpenSSL (as reported by \fBecparam\fR(1) with the
 "-list_curves" option) and be one of the curves listed in Section 5.1.1
 of RFC 4492. You should not generally change this setting.
 .PP
-This default "ultra" curve is specified in NSA "Suite B" Cryptography
-(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for information
-classified as TOP SECRET.
+This default "ultra" curve is rated in NSA Suite
+B for information classified up to TOP SECRET.
+.PP
+If you want to take maximal advantage of ciphers that offer forward secrecy see
+the Getting
+started section of FORWARD_SECRECY_README.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.
 .PP
 This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later.
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor.
 .SH tls_export_cipherlist (default: ALL:+RC4:@STRENGTH)
 The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
 defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
@@ -11586,14 +11626,14 @@ private DSA key.  See smtpd_tls_dcert_file for further details.
 This feature is available in Postfix 2.8 and later.
 .SH tlsproxy_tls_dh1024_param_file (default: $smtpd_tls_dh1024_param_file)
 File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
-should use with EDH ciphers. See smtpd_tls_dh1024_param_file for
-further details.
+should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file
+for further details.
 .PP
 This feature is available in Postfix 2.8 and later.
 .SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file)
 File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
-should use with EDH ciphers. See smtpd_tls_dh512_param_file for
-further details.
+should use with export-grade EDH ciphers. See smtpd_tls_dh512_param_file
+for further details.
 .PP
 This feature is available in Postfix 2.8 and later.
 .SH tlsproxy_tls_dkey_file (default: $smtpd_tls_dkey_file)
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 114b87b2a..f900b5fa4 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -398,10 +398,10 @@ cipher list at all TLS security levels.
 File with the Postfix SMTP server DSA certificate in PEM format.
 .IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
 File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers.
+use with non-export EDH ciphers.
 .IP "\fBsmtpd_tls_dh512_param_file (empty)\fR"
 File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers.
+use with export-grade EDH ciphers.
 .IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR"
 File with the Postfix SMTP server DSA private key in PEM format.
 .IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR"
diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8
index 61a010656..32644fc1d 100644
--- a/postfix/man/man8/tlsproxy.8
+++ b/postfix/man/man8/tlsproxy.8
@@ -100,10 +100,10 @@ File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM
 format.
 .IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR"
 File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
-should use with EDH ciphers.
+should use with non-export EDH ciphers.
 .IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR"
 File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
-should use with EDH ciphers.
+should use with export-grade EDH ciphers.
 .IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR"
 File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
 format.
diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html
index 4aa9012fe..7bff7678a 100644
--- a/postfix/proto/FORWARD_SECRECY_README.html
+++ b/postfix/proto/FORWARD_SECRECY_README.html
@@ -38,7 +38,7 @@ will focus on TLS Forward Secrecy in the Postfix SMTP client and
 server.  See <a href="TLS_README.html">TLS_README</a> for a general
 description of Postfix TLS support. </p>
 
-<h2> What is Forward Secrecy </h2>
+<h2><a name="dfn_fs">What is Forward Secrecy</a></h2>
 
 <p> The term "Forward Secrecy" (or sometimes "Perfect Forward Secrecy")
 is used to describe security protocols in which the confidentiality
@@ -126,7 +126,7 @@ Presently, there are two flavors of "groups" that work with PFS: </p>
 <li> <p> <b> Prime-field groups (EDH):</b>  The server needs to be
 configured with a suitably-large prime and a corresponding "generator".
 The acronym for forward secrecy over prime fields is EDH for Ephemeral
-Diffie-Hellman (also abbreviated as DHE for Diffie-Hellman Exchange).
+Diffie-Hellman (also abbreviated as DHE).
 </p>
 
 <li> <p> <b> Elliptic-curve groups (EECDH): </b>  The server needs
@@ -134,8 +134,7 @@ to be configured with a "named curve".  These offer better security
 at lower computational cost than prime field groups, but are not
 as widely implemented.  The acronym for the elliptic curve version
 is EECDH which is short for Ephemeral Elliptic Curve Diffie-Hellman
-(also abbreviated as ECDHE for Elliptic Curve Diffie-Hellman
-Exchange).  </p>
+(also abbreviated as ECDHE). </p>
 
 </ul>
 
@@ -276,7 +275,8 @@ href="TLS_README.html#client_tls_policy">TLS policy</a> table. </p>
 
 <p> With Postfix 2.6 and 2.7, enable elliptic-curve support in the
 Postfix SMTP client and server. This is the default with Postfix
-&ge; 2.8.
+&ge; 2.8. Note, however, that elliptic-curve support may be disabled
+by the vendor, as in some versions of RedHat Linux. </p>
 
 <blockquote>
 <pre>
@@ -288,7 +288,7 @@ Postfix SMTP client and server. This is the default with Postfix
 
 <h3> EDH Client support (Postfix &ge; 2.2) </h3>
 
-<p> This space intentionally left blank. </p>
+<p> This works "out of the box" without additional configuration. </p>
 
 <h3> EDH Server support (Postfix &ge; 2.2) </h3>
 
diff --git a/postfix/proto/LMDB_README.html b/postfix/proto/LMDB_README.html
index ca5e35b62..6b448edca 100644
--- a/postfix/proto/LMDB_README.html
+++ b/postfix/proto/LMDB_README.html
@@ -17,41 +17,31 @@
 
 <hr>
 
-<h2>Note</h2>
-
-<p> LMDB is not supported in the stable Postfix release.  It will
-spontaneously terminate a Postfix daemon process without allowing
-Postfix to 1) report the problem to the maillog file, and to 2)
-provide reduced service where this is appropriate. </p>
-
 <h2>Introduction</h2>
 
 <p> Postfix uses databases of various kinds to store and look up
-information. Postfix databases are specified as "type:name".
-OpenLDAP LMDB implements the Postfix database type "lmdb".
-The name of a Postfix OpenLDAP LMDB database is the name
-of the database file without the ".lmdb" suffix. </p>
+information. Postfix databases are specified as "type:name".  OpenLDAP
+LMDB (called "LMDB" from here on) implements the Postfix database
+type "lmdb".  The name of a Postfix LMDB database is the name of
+the database file without the ".lmdb" suffix. </p>
 
 <p> This document describes: </p>
 
-<ol>
-
-<li> <p> How to build Postfix <a href="#with_lmdb">with OpenLDAP
-LMDB support</a>. </p>
+<ul>
 
-<li> <p> How to <a href="#configure">configure</a> LMDB settings. </p>
+<li> <p> <a href="#with_lmdb">Building Postfix with LMDB support</a>.
+</p>
 
-<li> <p> Missing <a href="#pthread">pthread</a> library trouble. </p>
+<li> <p> <a href="#configure">Configuring LMDB settings</a>. </p>
 
-<li> <p> Unexpected <a href="#limitations">failure modes</a> that
-don't exist with other Postfix databases. </p>
+<li> <p> <a href="#supported"> Supported minimum LMDB patchlevel</a>. </p>
 
-</ol>
+</ul>
 
-<h2><a name="with_lmdb">Building Postfix with OpenLDAP LMDB support</a></h2>
+<h2><a name="with_lmdb">Building Postfix with LMDB support</a></h2>
 
-<p> Postfix normally does not enable OpenLDAP LMDB support.  To
-build Postfix with OpenLDAP LMDB support, use something like: </p>
+<p> Postfix normally does not enable LMDB support.  To
+build Postfix with LMDB support, use something like: </p>
 
 <blockquote>
 <pre>
@@ -71,23 +61,7 @@ build Postfix with OpenLDAP LMDB support, use something like: </p>
 </pre>
 </blockquote>
 
-<p> The exact pathnames depend on how OpenLDAP LMDB was installed. </p>
-
-<h2><a name="configure">Configure LMDB settings</a></h2>
-
-<p> Postfix provides one configuration parameter that controls
-OpenLDAP LMDB database behavior. </p>
-
-<ul>
-
-<li> <p> lmdb_map_size (default: 16777216).  This setting specifies
-the initial OpenLDAP LMDB database size limit in bytes.  Each time
-a database becomes full, its size limit is doubled. The maximum
-size is the largest signed integer value of "long".  </p>
-
-</ul>
-
-<h2><a name="pthread">Missing pthread library trouble</a></h2>
+<p> The exact pathnames depend on how LMDB was installed. </p>
 
 <p> When building Postfix fails with: </p>
 
@@ -107,10 +81,55 @@ undefined reference to `pthread_mutex_lock'
 </pre>
 </blockquote>
 
-<p> Source code for OpenLDAP LMDB is available at
-http://www.openldap.org.
-More information is available at
-http://highlandsun.com/hyc/mdb/. </p>
+<h2><a name="configure">Configuring LMDB settings</a></h2>
+
+<p> Postfix provides one configuration parameter that controls
+LMDB database behavior. </p>
+
+<ul>
+
+<li> <p> lmdb_map_size (default: 16777216).  This setting specifies
+the initial LMDB database size limit in bytes.  Each time
+a database becomes full, its size limit is doubled. The maximum
+size is the largest signed integer value of "long".  </p>
+
+</ul>
+
+<h2> <a name="supported"> Supported minimum LMDB patchlevel </a> </h2>
+
+<p> Currently, Postfix supports LMDB 0.9.11 or later. The supported
+minimum LMDB patchlevel has evolved over time, as the result of
+deployment experience with Postfix. </p>
+
+<ul>
+
+<li> <p> LMDB 0.9.11 allows Postfix daemons to log an LMDB error
+message, instead of falling out of the sky without any notification.
+</p>
+
+<li> <p> LMDB 0.9.10 closes an information leak where LMDB was
+writing up to 4kbyte-chunks of uninitialized heap memory to the
+database, persisting information that was not meant to be persisted,
+or sharing information that was not meant to be shared. </p>
+
+<li> <p> LMDB 0.9.8 allows Postfix to use external (fcntl()-based)
+locks, instead of having to use world-writable LMDB lock files.
+</p>
+
+<li> <p> LMDB 0.9.8 allows an application to recover from a "database
+full" error without having to close the database, by adding support
+to update the database size limit on-the-fly; and it adds support
+for an application to adopt someone elses change to the database
+size limit, without having to close the database. </p>
+
+<li> <p> LMDB 0.9.7 allows the postmap and postalias commands to
+use a bulk-mode transaction larger than the amount of physical
+memory. This is necessary because LMDB supports databases larger
+than physical memory. </p>
+
+</ul>
+
+<!--
 
 <h2><a name="limitations">Unexpected failure modes of Postfix LMDB
 databases.  </a> </h2>
@@ -120,6 +139,8 @@ failure modes that don't exist with other Postfix databases.  Some
 failure modes have been eliminated in the course of time.
 The writeup below reflects the status as of LMDB 0.9.9. </p>
 
+-->
+
 <!--
 
 <p> <strong>Unexpected "Permission denied" errors. </strong></p>
@@ -296,6 +317,8 @@ sure that lmdb_map_size &gt; 3x the largest LMDB file size. </p>
 
 -->
 
+<!--
+
 <p> <strong>Non-obvious recovery with postmap(1), postalias(1), or
 tlsmgr(8) from a corrupted database.  </strong></p>
 
@@ -334,3 +357,9 @@ corruption of on-disk file system data and metadata. DO NOT
 use ZFS on systems without ECC memory error correction. </p>
 
 </dd> </dl>
+
+-->
+
+</body>
+
+</html>
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 9f6ed19bb..1151359f8 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -872,43 +872,15 @@ with high grade ciphers: </p>
 </pre>
 </blockquote>
 
-<p> If you want to take advantage of ciphers with ephemeral Diffie-Hellman
-(EDH) key exchange (this offers "forward-secrecy"), DH parameters are
-needed.  Instead of using the built-in DH parameters for both 1024-bit
-(non-export ciphers) and 512-bit (export ciphers), it is better to
-generate your own parameters, since otherwise it would "pay" for a
-possible attacker to start a brute force attack against parameters that
-are used by everybody.  Postfix defaults to compiled-in parameters
-that are shared by all Postfix users who don't generate their own
-settings. </p>
-
-<p> To generate your own set of DH parameters, use: </p>
-
-<blockquote>
-<pre>
-% <b>openssl gendh -out /etc/postfix/dh_512.pem -2 512</b>
-% <b>openssl gendh -out /etc/postfix/dh_1024.pem -2 1024</b>
-</pre>
-</blockquote>
-
-<p> Support for elliptic curve cryptography is available with Postfix
-2.6 and OpenSSL 1.0.0 or later.  To enable ephemeral elliptic curve
-Diffie-Hellman (EECDH) key-exchange, set "smtpd_tls_eecdh_grade =
-strong" or "smtpd_tls_eecdh_grade = ultra". The "ultra" setting is
-substantially more CPU intensive, and "strong" is sufficiently
-secure for most situations. </p>
-
-<p> Examples: </p>
- 
-<blockquote>
-<pre>
-/etc/postfix/main.cf:
-    smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
-    smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
-    # Postfix &ge; 2.6:
-    smtpd_tls_eecdh_grade = strong
-</pre>
-</blockquote>
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
 
 <p> Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later
 allows TLS servers to preempt the TLS client's cipher-suite preference list.
@@ -2390,7 +2362,7 @@ the SSL/TLS protocols used with opportunistic TLS. </p>
     smtp_tls_exclude_ciphers = aNULL
     # Preferred form with Postfix &ge; 2.5:
     smtp_tls_mandatory_protocols = !SSLv2
-    # Legacy form for Postifx &lt; 2.5:
+    # Legacy form for Postfix &lt; 2.5:
     smtp_tls_mandatory_protocols = SSLv3, TLSv1
     # Also available with Postfix &ge; 2.6:
     smtp_tls_ciphers = export
diff --git a/postfix/proto/lmdb_table b/postfix/proto/lmdb_table
index 46a27917b..132d3bd68 100644
--- a/postfix/proto/lmdb_table
+++ b/postfix/proto/lmdb_table
@@ -16,15 +16,10 @@
 # .br
 #	\fBpostmap -q - lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
 # DESCRIPTION
-#	LMDB is not supported in the stable Postfix release. It
-#	will spontaneously terminate a Postfix daemon process without
-#	allowing Postfix to 1) report the problem to the maillog
-#	file, and to 2) provide reduced service where this is
-#	appropriate.
-#
 #	The Postfix LMDB adapter provides access to a persistent,
 #	memory-mapped, key-value store.  The database size is limited
-#	only by the size of the memory address space and file system.
+#	only by the size of the memory address space (typically 32
+#	or 64 bits) and by the available file system space.
 # REQUESTS
 # .ad
 # .fi
@@ -72,7 +67,7 @@
 #	main.cf.  With long-running daemon programs, Use the command
 #	"\fBpostfix reload\fR" after a configuration change.
 # .IP "\fBlmdb_map_size (default: 16777216)\fR"
-#	The initial OpenLDAP LMDB database size limit in bytes.
+#	The initial LMDB database size limit in bytes.
 # SEE ALSO
 #	postconf(1), Postfix supported lookup tables
 #	postmap(1), Postfix lookup table maintenance
@@ -85,7 +80,7 @@
 # .na
 # .nf
 #	DATABASE_README, Postfix lookup table overview
-#	LMDB_README, Postfix LMDB howto
+#	LMDB_README, Postfix OpenLDAP LMDB howto
 # LICENSE
 # .ad
 # .fi
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 9fff7cc53..bba32ac53 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -9355,27 +9355,38 @@ Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p>
 %PARAM smtpd_tls_dh1024_param_file
 
 <p> File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers. </p>
+use with non-export EDH ciphers. </p>
 
 <p> Instead of using the exact same parameter sets as distributed
 with other TLS packages, it is more secure to generate your own
-set of parameters with something like the following command:  </p>
+set of parameters with something like the following commands:  </p>
 
 <blockquote>
 <pre>
-openssl gendh -out /etc/postfix/dh_1024.pem -2 1024
+openssl dhparam -out /etc/postfix/dh512.pem 512
+openssl dhparam -out /etc/postfix/dh1024.pem 1024
+openssl dhparam -out /etc/postfix/dh2048.pem 2048
 </pre>
 </blockquote>
 
-<p> Your actual source for entropy may differ. Some systems have
-/dev/random; on other system you may consider using the "Entropy
-Gathering Daemon EGD", available at http://egd.sourceforge.net/
-</p>
+<p> It is safe to share the same DH parameters between multiple
+Postfix instances.  If you prefer, you can generate separate
+parameters for each instance.  </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
 
 <p> Example: </p>
 
 <pre>
-smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
+smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
 </pre>
 
 <p>This feature is available with Postfix version 2.2.</p>
@@ -9383,7 +9394,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
 %PARAM smtpd_tls_dh512_param_file
 
 <p> File with DH parameters that the Postfix SMTP server should
-use with EDH ciphers. </p>
+use with export-grade EDH ciphers. </p>
 
 <p> See also the discussion under the smtpd_tls_dh1024_param_file
 configuration parameter.  </p>
@@ -10477,8 +10488,9 @@ substitutions in regular expression maps. </p>
 
 %PARAM smtp_cname_overrides_servername version dependent
 
-<p> Allow DNS CNAME records to override the servername that the
-Postfix SMTP client uses for logging, SASL password lookup, TLS
+<p> When the remote SMTP servername is a DNS CNAME, replace the
+servername with the result from CNAME expansion for the purpose of
+logging, SASL password lookup, TLS
 policy decisions, or TLS certificate verification. The value "no"
 hardens Postfix smtp_tls_per_site hostname-based policies against
 false hostname information in DNS CNAME records, and makes SASL
@@ -11083,8 +11095,9 @@ not, TLS security will vary from delivery to delivery.  It is up
 to the domain owner to configure their MX hosts and their DNS
 sensibly.  To configure the Postfix SMTP client for DNSSEC lookups
 see the documentation for the smtp_dns_support_level main.cf
-parameter.  When TLSA records are not found or are all unusable the
-effective security level is "may" or "encrypt" respectively.  For
+parameter.  When DNSSEC-validated TLSA records are not found the
+effective tls security level is "may".  When TLSA records are found,
+but are all unusable the effective security level is "encrypt".  For
 purposes of protocol and cipher selection, the "dane" security level
 is treated like a "mandatory" TLS security level, and weak ciphers
 and protocols are disabled.  Since DANE authenticates server
@@ -11092,7 +11105,6 @@ certificates the "aNULL" cipher-suites are transparently excluded
 at this level, no need to configure this manually.  RFC 6698 (DANE)
 TLS authentication is available with Postfix 2.11 and later.  </dd>
 
-
 <dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
 <dd>Mandatory DANE TLS.  This is just like "dane" above, but DANE
 TLSA authentication is required.  There is no fallback to "may" or
@@ -12282,11 +12294,14 @@ strong" means approximately 128-bit security based on best known
 attacks. The selected curve must be implemented by OpenSSL (as
 reported by ecparam(1) with the "-list_curves" option) and be one
 of the curves listed in Section 5.1.1 of RFC 4492. You should not
-generally change this setting. </p>
+generally change this setting.  Remote SMTP client implementations
+must support this curve for EECDH key exchange to take place.  It
+is unwise to choose an "exotic" curve supported by only a small subset
+of clients.  </p>
 
-<p> This default curve is specified in NSA "Suite B" Cryptography
-(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for
-information classified as SECRET. </p>
+<p> The default "strong" curve is rated in NSA <a
+href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+B</a> for information classified up to SECRET.  </p>
 
 <p> Note: elliptic curve names are poorly standardized; different
 standards groups are assigning different names to the same underlying
@@ -12294,8 +12309,19 @@ curves.  The curve with the X9.62 name "prime256v1" is also known
 under the SECG name "secp256r1", but OpenSSL does not recognize the
 latter name. </p>
 
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
+
 <p> This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later. </p>
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
 
 %PARAM tls_eecdh_ultra_curve secp384r1
 
@@ -12310,12 +12336,23 @@ curve must be implemented by OpenSSL (as reported by ecparam(1) with the
 "-list_curves" option) and be one of the curves listed in Section 5.1.1
 of RFC 4492. You should not generally change this setting. </p>
 
-<p> This default "ultra" curve is specified in NSA "Suite B" Cryptography
-(see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm) for information
-classified as TOP SECRET. </p>
+<p> This default "ultra" curve is rated in NSA <a
+href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+B</a> for information classified up to TOP SECRET. </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
 
 <p> This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later. </p>
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
 
 %PARAM smtpd_tls_eecdh_grade see "postconf -d" output
 
@@ -12344,8 +12381,19 @@ users. </dd>
 
 </dl>
 
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>.  The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy.  </p>
+
 <p> This feature is available in Postfix 2.6 and later, when it is
-compiled and linked with OpenSSL 1.0.0 or later. </p>
+compiled and linked with OpenSSL 1.0.0 or later on platforms
+where EC algorithms have not been disabled by the vendor. </p>
 
 %PARAM smtpd_tls_eccert_file
 
@@ -14533,16 +14581,16 @@ private DSA key.  See smtpd_tls_dcert_file for further details.
 %PARAM tlsproxy_tls_dh1024_param_file $smtpd_tls_dh1024_param_file
 
 <p> File with DH parameters that the Postfix tlsproxy(8) server
-should use with EDH ciphers. See smtpd_tls_dh1024_param_file for
-further details. </p>
+should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file
+for further details. </p>
 
 <p> This feature is available in Postfix 2.8 and later. </p>
 
 %PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file
 
 <p> File with DH parameters that the Postfix tlsproxy(8) server
-should use with EDH ciphers. See smtpd_tls_dh512_param_file for
-further details.  </p>
+should use with export-grade EDH ciphers. See smtpd_tls_dh512_param_file
+for further details.  </p>
 
 <p> This feature is available in Postfix 2.8 and later. </p>
 
diff --git a/postfix/proto/stop b/postfix/proto/stop
index 0603576d3..2e75dd0f6 100644
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@@ -1283,3 +1283,16 @@ YYY
 ZZZ
 kEECDH
 EXIM
+DLV
+IANA
+RRs
+RRset
+RRsets
+SNI
+tlsa
+TSIG
+ciphersuite
+ciphersuites
+nlnetlabs
+resolver's
+tempfails
diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c
index 0eb8ab4f4..854cdb49b 100644
--- a/postfix/src/dns/dns_lookup.c
+++ b/postfix/src/dns/dns_lookup.c
@@ -204,7 +204,7 @@ typedef struct DNS_REPLY {
     unsigned char *buf;			/* raw reply data */
     size_t  buf_len;			/* reply buffer length */
     int     rcode;			/* unfiltered reply code */
-    int     dnssec_valid;		/* DNSSEC AD bit */
+    int     dnssec_ad;			/* DNSSEC AD bit */
     int     query_count;		/* number of queries */
     int     answer_count;		/* number of answers */
     unsigned char *query_start;		/* start of query data */
@@ -317,12 +317,12 @@ static int dns_query(const char *name, int type, int flags,
 
     /*
      * Initialize the reply structure. Some structure members are filled on
-     * the fly while the reply is being parsed.
+     * the fly while the reply is being parsed.  Coerce AD bit to boolean.
      */
 #if RES_USE_DNSSEC != 0
-    reply->dnssec_valid = (flags & RES_USE_DNSSEC) ? reply_header->ad : 0;
+    reply->dnssec_ad = (flags & RES_USE_DNSSEC) ? !!reply_header->ad : 0;
 #else
-    reply->dnssec_valid = 0;
+    reply->dnssec_ad = 0;
 #endif
     reply->end = reply->buf + len;
     reply->query_start = reply->buf + sizeof(HEADER);
@@ -537,7 +537,7 @@ static int dns_get_alias(DNS_REPLY *reply, unsigned char *pos,
 
 static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
 	             DNS_RR **rrlist, VSTRING *fqdn, char *cname, int c_len,
-			          int *validate_mask)
+			          int *maybe_secure)
 {
     char    rr_name[DNS_NAME_LEN];
     unsigned char *pos;
@@ -613,7 +613,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
 		if ((status = dns_get_rr(&rr, orig_name, reply, pos, rr_name,
 					 &fixed)) == DNS_OK) {
 		    resource_found++;
-		    rr->dnssec_valid = (reply->dnssec_valid & *validate_mask);
+		    rr->dnssec_valid = *maybe_secure ? reply->dnssec_ad : 0;
 		    *rrlist = dns_rr_append(*rrlist, rr);
 		} else if (not_found_status != DNS_RETRY)
 		    not_found_status = status;
@@ -624,7 +624,8 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
 	    if (cname && c_len > 0)
 		if ((status = dns_get_alias(reply, pos, &fixed, cname, c_len)) != DNS_OK)
 		    CORRUPT(status);
-	    *validate_mask &= reply->dnssec_valid;
+	    if (!reply->dnssec_ad)
+		*maybe_secure = 0;
 	}
 	pos += fixed.length;
     }
@@ -652,7 +653,7 @@ int     dns_lookup_r(const char *name, unsigned type, unsigned flags,
     static DNS_REPLY reply;
     int     count;
     int     status;
-    int     validate_mask = 1;		/* May reset to 0 via CNAME expansion */
+    int     maybe_secure = 1;		/* Query name presumed secure */
     const char *orig_name = name;
 
     /*
@@ -696,12 +697,10 @@ int     dns_lookup_r(const char *name, unsigned type, unsigned flags,
 
 	/*
 	 * Extract resource records of the requested type. Pick up CNAME
-	 * information just in case the requested data is not found. If any
-	 * CNAME result is not validated, all consequent RRs are deemed not
-	 * validated (the validate_mask is set to 0).
+	 * information just in case the requested data is not found.
 	 */
 	status = dns_get_answer(orig_name, &reply, type, rrlist, fqdn,
-				cname, c_len, &validate_mask);
+				cname, c_len, &maybe_secure);
 	switch (status) {
 	default:
 	    if (why)
@@ -714,6 +713,16 @@ int     dns_lookup_r(const char *name, unsigned type, unsigned flags,
 	case DNS_RECURSE:
 	    if (msg_verbose)
 		msg_info("dns_lookup: %s aliased to %s", name, cname);
+#if RES_USE_DNSSEC
+
+	    /*
+	     * Once an intermediate CNAME reply is not validated, all
+	     * consequent RRs are deemed not validated, so we don't ask for
+	     * further DNSSEC replies.
+	     */
+	    if (maybe_secure == 0)
+		flags &= ~RES_USE_DNSSEC;
+#endif
 	    name = cname;
 	}
     }
diff --git a/postfix/src/dns/dns_sa_to_rr.c b/postfix/src/dns/dns_sa_to_rr.c
index d8a8dc94c..8a0e15722 100644
--- a/postfix/src/dns/dns_sa_to_rr.c
+++ b/postfix/src/dns/dns_sa_to_rr.c
@@ -15,7 +15,8 @@
 /*
 /*	Arguments:
 /* .IP hostname
-/*	The resource record host name.
+/*	The resource record host name. This will be both the qname
+/*	and the rname in the synthetic DNS resource record.
 /* .IP pref
 /*	The resource record MX host preference, if applicable.
 /* .IP sa
diff --git a/postfix/src/dns/test_dns_lookup.c b/postfix/src/dns/test_dns_lookup.c
index 4c6c781b1..572f4e37a 100644
--- a/postfix/src/dns/test_dns_lookup.c
+++ b/postfix/src/dns/test_dns_lookup.c
@@ -46,7 +46,7 @@ static void print_rr(DNS_RR *rr)
     size_t  i;
 
     while (rr) {
-	printf("%s: ad: %d, ttl: %9d ", rr->rname, rr->dnssec_valid, rr->ttl);
+	printf("%s: ad: %u, ttl: %9u ", rr->rname, rr->dnssec_valid, rr->ttl);
 	switch (rr->type) {
 	case T_A:
 #ifdef T_AAAA
diff --git a/postfix/src/global/dsn_buf.c b/postfix/src/global/dsn_buf.c
index cd842989d..04a3272b4 100644
--- a/postfix/src/global/dsn_buf.c
+++ b/postfix/src/global/dsn_buf.c
@@ -254,25 +254,34 @@ DSN_BUF *dsb_update(DSN_BUF *dsb, const char *status, const char *action,
     return (dsb);
 }
 
-/* dsb_simple - update status and informal text */
+/* vdsb_simple - update status and informal text, va_list form */
 
-DSN_BUF *dsb_simple(DSN_BUF *dsb, const char *status, const char *format,...)
+DSN_BUF *vdsb_simple(DSN_BUF *dsb, const char *status, const char *format,
+		             va_list ap)
 {
-    va_list ap;
-
     vstring_strcpy(dsb->status, status);
     DSB_TRUNCATE(dsb->action);
     DSB_TRUNCATE(dsb->mtype);
     DSB_TRUNCATE(dsb->mname);
     DSB_TRUNCATE(dsb->dtype);
     DSB_TRUNCATE(dsb->dtext);
-    va_start(ap, format);
     vstring_vsprintf(dsb->reason, format, ap);
-    va_end(ap);
 
     return (dsb);
 }
 
+/* dsb_simple - update status and informal text */
+
+DSN_BUF *dsb_simple(DSN_BUF *dsb, const char *status, const char *format,...)
+{
+    va_list ap;
+
+    va_start(ap, format);
+    (void) vdsb_simple(dsb, status, format, ap);
+    va_end(ap);
+    return (dsb);
+}
+
 /* dsb_unix - update status, UNIX diagnostic and informal text */
 
 DSN_BUF *dsb_unix(DSN_BUF *dsb, const char *status,
diff --git a/postfix/src/global/dsn_buf.h b/postfix/src/global/dsn_buf.h
index 2871bdb2c..6fd53dc95 100644
--- a/postfix/src/global/dsn_buf.h
+++ b/postfix/src/global/dsn_buf.h
@@ -51,6 +51,7 @@ typedef struct {
 
 extern DSN_BUF *dsb_create(void);
 extern DSN_BUF *PRINTFLIKE(8, 9) dsb_update(DSN_BUF *, const char *, const char *, const char *, const char *, const char *, const char *, const char *,...);
+extern DSN_BUF *vdsb_simple(DSN_BUF *, const char *, const char *, va_list);
 extern DSN_BUF *PRINTFLIKE(3, 4) dsb_simple(DSN_BUF *, const char *, const char *,...);
 extern DSN_BUF *PRINTFLIKE(4, 5) dsb_unix(DSN_BUF *, const char *, const char *, const char *,...);
 extern DSN_BUF *dsb_formal(DSN_BUF *, const char *, const char *, const char *, const char *, const char *, const char *);
diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c
index 9da2e67f7..2d919776c 100644
--- a/postfix/src/global/mail_params.c
+++ b/postfix/src/global/mail_params.c
@@ -179,7 +179,7 @@
 #ifdef HAS_DB
 #include <dict_db.h>
 #endif
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
 #include <dict_lmdb.h>
 #endif
 #include <inet_proto.h>
@@ -725,7 +725,7 @@ void    mail_params_init()
 #ifdef HAS_DB
     dict_db_cache_size = var_db_read_buf;
 #endif
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
     dict_lmdb_map_size = var_lmdb_map_size;
 #endif
     inet_windowsize = var_inet_windowsize;
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f55e582f4..63d620844 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20140105"
+#define MAIL_RELEASE_DATE	"20140109"
 #define MAIL_VERSION_NUMBER	"2.12"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/mkmap_lmdb.c b/postfix/src/global/mkmap_lmdb.c
index b75f2ba42..9aebd25c8 100644
--- a/postfix/src/global/mkmap_lmdb.c
+++ b/postfix/src/global/mkmap_lmdb.c
@@ -45,7 +45,7 @@
 #include <myflock.h>
 #include <warn_stat.h>
 
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
 #ifdef PATH_LMDB_H
 #include PATH_LMDB_H
 #else
diff --git a/postfix/src/global/mkmap_open.c b/postfix/src/global/mkmap_open.c
index 3e2aac745..dfa9bc2ff 100644
--- a/postfix/src/global/mkmap_open.c
+++ b/postfix/src/global/mkmap_open.c
@@ -102,7 +102,7 @@ static const MKMAP_OPEN_INFO mkmap_types[] = {
     DICT_TYPE_HASH, mkmap_hash_open,
     DICT_TYPE_BTREE, mkmap_btree_open,
 #endif
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
     DICT_TYPE_LMDB, mkmap_lmdb_open,
 #endif
     DICT_TYPE_FAIL, mkmap_fail_open,
diff --git a/postfix/src/milter/test-milter.c b/postfix/src/milter/test-milter.c
index cbd0e4eb8..9bb3c46f3 100644
--- a/postfix/src/milter/test-milter.c
+++ b/postfix/src/milter/test-milter.c
@@ -714,7 +714,7 @@ int     main(int argc, char **argv)
 	    fprintf(stderr,
 		    "usage: %s [-dv] \n"
 		    "\t[-a action]              non-default action\n"
-		    "\t[-b body_text]           replace body\n",
+		    "\t[-b body_text]           replace body\n"
 		    "\t[-c command]             non-default action trigger\n"
 		    "\t[-h 'index label value'] replace header\n"
 		    "\t[-i 'index label value'] insert header\n"
diff --git a/postfix/src/smtp/smtp_tls_policy.c b/postfix/src/smtp/smtp_tls_policy.c
index 7c93e464d..15880a316 100644
--- a/postfix/src/smtp/smtp_tls_policy.c
+++ b/postfix/src/smtp/smtp_tls_policy.c
@@ -105,6 +105,7 @@
 
 #include <mail_params.h>
 #include <maps.h>
+#include <dsn_buf.h>
 
 /* DNS library. */
 
@@ -626,8 +627,6 @@ int     smtp_tls_policy_cache_query(DSN_BUF *why, SMTP_TLS_POLICY *tls,
 				            SMTP_ITERATOR *iter)
 {
     VSTRING *key;
-    int     valid = iter->rr && iter->rr->dnssec_valid;
-    int     mxvalid = iter->mx == 0 || iter->mx->dnssec_valid;
 
     /*
      * Create an empty TLS Policy cache on the fly.
@@ -644,7 +643,6 @@ int     smtp_tls_policy_cache_query(DSN_BUF *why, SMTP_TLS_POLICY *tls,
     smtp_key_prefix(key, ":", iter, SMTP_KEY_FLAG_NEXTHOP
 		    | SMTP_KEY_FLAG_HOSTNAME
 		    | SMTP_KEY_FLAG_PORT);
-    vstring_sprintf_append(key, "%d:%d", !!valid, !!mxvalid);
     ctable_newcontext(policy_cache, (void *) iter);
     *tls = *(SMTP_TLS_POLICY *) ctable_locate(policy_cache, STR(key));
     vstring_free(key);
@@ -706,6 +704,35 @@ static int global_tls_level(void)
     return l;
 }
 
+#define NONDANE_CONFIG	0		/* Administrator's fault */
+#define NONDANE_DEST	1		/* Remote server's fault */
+
+static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls,
+					           SMTP_ITERATOR *iter,
+					           int errtype,
+					           const char *fmt,...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    if (tls->level == TLS_LEV_DANE) {
+	tls->level = TLS_LEV_MAY;
+	if (errtype == NONDANE_CONFIG)
+	    vmsg_warn(fmt, ap);
+	else if (msg_verbose)
+	    vmsg_info(fmt, ap);
+    } else {
+	if (errtype == NONDANE_CONFIG) {
+	    vmsg_warn(fmt, ap);
+	    MARK_INVALID(tls->why, &tls->level);
+	} else {
+	    tls->level = TLS_LEV_INVALID;
+	    vdsb_simple(tls->why, "4.7.5", fmt, ap);
+	}
+    }
+    va_end(ap);
+}
+
 /* dane_init - special initialization for "dane" security level */
 
 static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter)
@@ -718,59 +745,47 @@ static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter)
 	MARK_INVALID(tls->why, &tls->level);
 	return;
     }
-
-    /*
-     * To use DANE security the requisite features must be provided by the
-     * OpenSSL (runtime) and DNS resolver (compile-time) libraries. Also,
-     * "smtp_host_lookup = dns" and "smtp_dns_support_level = dnssec" are
-     * required.
-     */
-#define DANEMSG(msg_func, reason, iter, tls) \
-	msg_func("%s: %s, the security level for delivery via %s:%u will " \
-		 "degrade to \"%s\"", STR((iter)->dest), reason, \
-		 STR((iter)->host), ntohs((iter)->port), \
-		 policy_name((tls)->level))
-#define DANEWARN(reason, iter, tls) DANEMSG(msg_warn, (reason), (iter), (tls))
-
     if (!tls_dane_avail()) {
-	if (tls->level == TLS_LEV_DANE) {
-	    tls->level = TLS_LEV_MAY;
-	    DANEWARN("DANE not available", iter, tls);
-	} else {
-	    msg_warn("%s: \"%s\" requested without requisite library support",
-		     STR(iter->dest), policy_name(tls->level));
-	    MARK_INVALID(tls->why, &tls->level);
-	}
+	dane_incompat(tls, iter, NONDANE_CONFIG,
+		      "%s: %s configured, but no requisite library support",
+		      STR(iter->dest), policy_name(tls->level));
 	return;
     }
     if (!(smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS)
 	|| smtp_dns_support != SMTP_DNS_DNSSEC) {
-	if (tls->level == TLS_LEV_DANE) {
-	    tls->level = TLS_LEV_MAY;
-	    DANEWARN("DNSSEC hostname lookups not enabled", iter, tls);
-	} else {
-	    msg_warn("%s: \"%s\" requested with dnssec lookups disabled",
-		     STR(iter->dest), policy_name(tls->level));
-	    MARK_INVALID(tls->why, &tls->level);
-	}
+	dane_incompat(tls, iter, NONDANE_CONFIG,
+		      "%s: %s configured with dnssec lookups disabled",
+		      STR(iter->dest), policy_name(tls->level));
 	return;
     }
 
     /*
-     * If there were no MX records and the destination host is the original
-     * nexthop domain, or if the MX RRset is DNS validated, we can at least
-     * try DANE with the destination host prior to CNAME expansion, but we
-     * prefer CNAME expanded MX hosts if those are also secure.
+     * If we ignore MX lookup errors, we also ignore DNSSEC security problems
+     * and thus avoid any reasonable expectation that we get the right DANE
+     * key material.
      */
+    if (smtp_mode && var_ign_mx_lookup_err) {
+	dane_incompat(tls, iter, NONDANE_CONFIG,
+		      "%s: %s configured with MX lookup errors ignored",
+		      STR(iter->dest), policy_name(tls->level));
+	return;
+    }
+
+    /*
+     * This is not optional, code in tls_dane.c assumes that the nexthop
+     * qname is already an fqdn.  If we're using these flags to go from qname
+     * to rname, the assumption is invalid.  Likewise we cannot add the qname
+     * to certificate name checks, ...
+     */
+    if (smtp_dns_res_opt & (RES_DEFNAMES | RES_DNSRCH)) {
+	dane_incompat(tls, iter, NONDANE_CONFIG,
+		      "%s: dns resolver options incompatible with %s TLS",
+		      STR(iter->dest), policy_name(tls->level));
+	return;
+    }
+    /* When the MX name is present and insecure, DANE does not apply. */
     if (iter->mx && !iter->mx->dnssec_valid) {
-	if (tls->level == TLS_LEV_DANE) {
-	    tls->level = TLS_LEV_MAY;
-	    if (msg_verbose)
-		DANEMSG(msg_info, "non DNSSEC destination", iter, tls);
-	} else {
-	    tls->level = TLS_LEV_INVALID;
-	    dsb_simple(tls->why, "4.7.5", "non DNSSEC destination");
-	}
+	dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination");
 	return;
     }
     /* When TLSA lookups fail, we defer the message */
@@ -782,14 +797,7 @@ static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter)
 	return;
     }
     if (tls_dane_notfound(dane)) {
-	if (tls->level == TLS_LEV_DANE) {
-	    tls->level = TLS_LEV_MAY;
-	    if (msg_verbose)
-		DANEMSG(msg_info, "no TLSA records found", iter, tls);
-	} else {
-	    tls->level = TLS_LEV_INVALID;
-	    dsb_simple(tls->why, "4.7.5", "no TLSA records found");
-	}
+	dane_incompat(tls, iter, NONDANE_DEST, "no TLSA records found");
 	tls_dane_free(dane);
 	return;
     }
@@ -808,15 +816,7 @@ static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter)
      * given verifier some of the CAs are surely not trustworthy).
      */
     if (tls_dane_unusable(dane)) {
-	if (tls->level == TLS_LEV_DANE) {
-	    tls->level = TLS_LEV_ENCRYPT;
-	    if (msg_verbose)
-		DANEWARN("TLSA records unusable", iter, tls);
-	} else {
-	    tls->level = TLS_LEV_INVALID;
-	    dsb_simple(tls->why, "4.7.5", "TLSA records unusable");
-	}
-	tls_dane_free(dane);
+	dane_incompat(tls, iter, NONDANE_DEST, "TLSA records unusable");
 	return;
     }
 
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 8acf91f13..6344a6127 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -364,10 +364,10 @@
 /*	File with the Postfix SMTP server DSA certificate in PEM format.
 /* .IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
 /*	File with DH parameters that the Postfix SMTP server should
-/*	use with EDH ciphers.
+/*	use with non-export EDH ciphers.
 /* .IP "\fBsmtpd_tls_dh512_param_file (empty)\fR"
 /*	File with DH parameters that the Postfix SMTP server should
-/*	use with EDH ciphers.
+/*	use with export-grade EDH ciphers.
 /* .IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR"
 /*	File with the Postfix SMTP server DSA private key in PEM format.
 /* .IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR"
diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c
index 9824828e4..9013bc50f 100644
--- a/postfix/src/tls/tls_dane.c
+++ b/postfix/src/tls/tls_dane.c
@@ -117,8 +117,7 @@
 /* .IP proto
 /*	Almost certainly "tcp".
 /* .IP hostrr
-/*	DNS_RR pointer to TLSA base domain data.  When dnssec_valid is false,
-/*	the rname (and the qname if same as rname) are insecure.
+/*	DNS_RR pointer to TLSA base domain data.
 /* .IP forcetlsa
 /*	When true, TLSA lookups are performed even when the qname and rname
 /*	are insecure.  This is only useful in the unlikely case that DLV is
@@ -1160,39 +1159,78 @@ static TLS_DANE *resolve_host(const char *host, const char *proto,
     return (dane);
 }
 
+/* qname_secure - Lookup qname DNSSEC status */
+
+static int qname_secure(const char *qname)
+{
+    static VSTRING *why;
+    int     ret = 0;
+    DNS_RR *rrs;
+
+    if (!why)
+	why = vstring_alloc(10);
+
+    /*
+     * We assume that qname is already an fqdn, and does not need any
+     * suffixes from RES_DEFNAME or RES_DNSRCH.  This is typically the name
+     * of an MX host, and must be a complete DNS name.  DANE initialization
+     * code in the SMTP client is responsible for checking that the default
+     * resolver flags do not include RES_DEFNAME and RES_DNSRCH.
+     */
+    ret = dns_lookup(qname, T_CNAME, RES_USE_DNSSEC, &rrs, 0, why);
+    if (ret == DNS_OK) {
+	ret = rrs->dnssec_valid;
+	dns_rr_free(rrs);
+	return (ret);
+    }
+    if (ret == DNS_NOTFOUND)
+	vstring_sprintf(why, "no longer a CNAME");
+    msg_warn("DNSSEC status lookup error for %s: %s", qname, STR(why));
+    return (-1);
+}
+
 /* tls_dane_resolve - cached map: (name, proto, port) -> TLS_DANE */
 
 TLS_DANE *tls_dane_resolve(unsigned port, const char *proto, DNS_RR *hostrr,
 			           int forcetlsa)
 {
     TLS_DANE *dane = 0;
-    int     iscname;
+    int     iscname = strcasecmp(hostrr->rname, hostrr->qname);
+    int     isvalid = 1;
 
     if (!tls_dane_avail())
-	return (dane);
-
-    if (!dane_cache)
-	dane_cache = ctable_create(CACHE_SIZE, dane_lookup, dane_free, 0);
+	return (0);				/* Error */
 
     /*
-     * By default suppress TLSA lookups for non-DNSSEC + non-CNAME hosts. If
-     * the host address is not DNSSEC validated, the TLSA RRset is safely
-     * assumed to not be in a DNSSEC Look-aside Validation child zone.
+     * By default suppress TLSA lookups for hosts in non-DNSSEC zones.  If
+     * the host zone is not DNSSEC validated, the TLSA qname sub-domain is
+     * safely assumed to not be in a DNSSEC Look-aside Validation child zone.
      */
-    iscname = strcasecmp(hostrr->rname, hostrr->qname);
-    if (!forcetlsa && !hostrr->dnssec_valid && !iscname) {
+    if (!forcetlsa && !hostrr->dnssec_valid) {
+	isvalid = iscname ? qname_secure(hostrr->qname) : 0;
+	if (isvalid < 0)
+	    return (0);				/* Error */
+    }
+    if (!isvalid) {
 	dane = tls_dane_alloc();
 	dane->flags = TLS_DANE_FLAG_NORRS;
     } else {
+	if (!dane_cache)
+	    dane_cache = ctable_create(CACHE_SIZE, dane_lookup, dane_free, 0);
 
 	/*
-	 * Try the rname first, if nothing there, try the qname.  Note,
-	 * lookup errors are distinct from success with nothing found.  If
-	 * the rname lookup fails we don't try the qname.
+	 * Try the rname first if secure, if nothing there, try the qname if
+	 * different.  Note, lookup errors are distinct from success with
+	 * nothing found.  If the rname lookup fails we don't try the qname.
 	 */
-	if (hostrr->dnssec_valid)
+	if (hostrr->dnssec_valid) {
 	    dane = resolve_host(hostrr->rname, proto, port);
-	if (!dane || (iscname && tls_dane_notfound(dane)))
+	    if (tls_dane_notfound(dane) && iscname) {
+		tls_dane_free(dane);
+		dane = 0;
+	    }
+	}
+	if (!dane)
 	    dane = resolve_host(hostrr->qname, proto, port);
 	if (dane->flags & TLS_DANE_FLAG_ERROR) {
 	    /* We don't return this object. */
diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c
index eb826b00c..1338d72fe 100644
--- a/postfix/src/tlsproxy/tlsproxy.c
+++ b/postfix/src/tlsproxy/tlsproxy.c
@@ -84,10 +84,10 @@
 /*	format.
 /* .IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR"
 /*	File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
-/*	should use with EDH ciphers.
+/*	should use with non-export EDH ciphers.
 /* .IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR"
 /*	File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
-/*	should use with EDH ciphers.
+/*	should use with export-grade EDH ciphers.
 /* .IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR"
 /*	File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
 /*	format.
diff --git a/postfix/src/util/dict_cache.c b/postfix/src/util/dict_cache.c
index 7a8178c93..a6ca42f3b 100644
--- a/postfix/src/util/dict_cache.c
+++ b/postfix/src/util/dict_cache.c
@@ -752,7 +752,7 @@ typedef struct DICT_CACHE_TEST {
 
 int     show_elapsed = 1;		/* show elapsed time */
 
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
 extern size_t dict_lmdb_map_size;	/* LMDB-specific */
 
 #endif
@@ -871,7 +871,7 @@ static void show_status(DICT_CACHE_TEST *tp, DICT_CACHE *dp)
 {
     DICT_CACHE_SREQ *cp;
 
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
     vstream_printf("lmdb_map_size\t%ld\n", (long) dict_lmdb_map_size);
 #endif
     vstream_printf("cache\t%s\n", dp ? dp->name : "(none)");
@@ -1089,7 +1089,7 @@ int     main(int argc, char **argv)
 	    msg_verbose = atoi(args->argv[1]);
 	} else if (strcmp(args->argv[0], "elapsed") == 0 && args->argc == 2) {
 	    show_elapsed = atoi(args->argv[1]);
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
 	} else if (strcmp(args->argv[0], "lmdb_map_size") == 0 && args->argc == 2) {
 	    dict_lmdb_map_size = atol(args->argv[1]);
 #endif
diff --git a/postfix/src/util/dict_lmdb.c b/postfix/src/util/dict_lmdb.c
index 276b6155b..f0e3befc7 100644
--- a/postfix/src/util/dict_lmdb.c
+++ b/postfix/src/util/dict_lmdb.c
@@ -46,7 +46,7 @@
 
 #include <sys_defs.h>
 
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
 
 /* System library. */
 
@@ -536,6 +536,16 @@ static void dict_lmdb_notify(void *context, int error_code,...)
     va_end(ap);
 }
 
+/* dict_lmdb_assert - report LMDB internal assertion failure */
+
+static void dict_lmdb_assert(void *context, const char *text)
+{
+    DICT_LMDB *dict_lmdb = (DICT_LMDB *) context;
+
+    msg_fatal("%s:%s: internal error: %s",
+	      dict_lmdb->dict.type, dict_lmdb->dict.name, text);
+}
+
 /* dict_lmdb_open - open LMDB data base */
 
 DICT   *dict_lmdb_open(const char *path, int open_flags, int dict_flags)
@@ -611,6 +621,7 @@ DICT   *dict_lmdb_open(const char *path, int open_flags, int dict_flags)
 			     DICT_LMDB_SIZE_MAX)) != 0
 	|| (status = slmdb_open(&slmdb, mdb_path, open_flags, mdb_flags,
 				slmdb_flags)) != 0) {
+	/* This leaks a little memory that would have been used otherwise. */
 	dict = dict_surrogate(DICT_TYPE_LMDB, path, open_flags, dict_flags,
 		    "open database %s: %s", mdb_path, mdb_strerror(status));
 	DICT_LMDB_OPEN_RETURN(dict);
@@ -634,9 +645,10 @@ DICT   *dict_lmdb_open(const char *path, int open_flags, int dict_flags)
     }
 
     /*
-     * Bundle up.
+     * Bundle up. From here on no more assignments to slmdb.
      */
     dict_lmdb = (DICT_LMDB *) dict_alloc(DICT_TYPE_LMDB, path, sizeof(*dict_lmdb));
+    dict_lmdb->slmdb = slmdb;
     dict_lmdb->dict.lookup = dict_lmdb_lookup;
     dict_lmdb->dict.update = dict_lmdb_update;
     dict_lmdb->dict.delete = dict_lmdb_delete;
@@ -679,24 +691,20 @@ DICT   *dict_lmdb_open(const char *path, int open_flags, int dict_flags)
      * The following requests return an error result only if we have serious
      * memory corruption problem.
      */
-    slmdb_control(&slmdb,
-		  SLMDB_CTL_API_RETRY_LIMIT, DICT_LMDB_API_RETRY_LIMIT,
-		  SLMDB_CTL_BULK_RETRY_LIMIT, DICT_LMDB_BULK_RETRY_LIMIT,
-		  SLMDB_CTL_LONGJMP_FN, dict_lmdb_longjmp,
-		  SLMDB_CTL_CONTEXT, (void *) dict_lmdb,
-		  SLMDB_CTL_END);
-    if (msg_verbose) {
-	slmdb_control(&slmdb,
-		      SLMDB_CTL_NOTIFY_FN, dict_lmdb_notify,
-		      SLMDB_CTL_END);
+    if (slmdb_control(&dict_lmdb->slmdb,
+		      SLMDB_CTL_API_RETRY_LIMIT, DICT_LMDB_API_RETRY_LIMIT,
+		      SLMDB_CTL_BULK_RETRY_LIMIT, DICT_LMDB_BULK_RETRY_LIMIT,
+		      SLMDB_CTL_LONGJMP_FN, dict_lmdb_longjmp,
+		      SLMDB_CTL_NOTIFY_FN, msg_verbose ?
+		      dict_lmdb_notify : (SLMDB_NOTIFY_FN) 0,
+		      SLMDB_CTL_ASSERT_FN, dict_lmdb_assert,
+		      SLMDB_CTL_CB_CONTEXT, (void *) dict_lmdb,
+		      SLMDB_CTL_END) != 0)
+	msg_panic("dict_lmdb_open: slmdb_control: %m");
+
+    if (msg_verbose)
 	dict_lmdb_notify((void *) dict_lmdb, MDB_SUCCESS,
-			 slmdb_curr_limit(&slmdb));
-    }
-
-    /*
-     * From here on no direct assignments to slmdb.
-     */
-    dict_lmdb->slmdb = slmdb;
+			 slmdb_curr_limit(&dict_lmdb->slmdb));
 
     DICT_LMDB_OPEN_RETURN(DICT_DEBUG (&dict_lmdb->dict));
 }
diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c
index 616631413..c8706da4e 100644
--- a/postfix/src/util/dict_open.c
+++ b/postfix/src/util/dict_open.c
@@ -307,7 +307,7 @@ static const DICT_OPEN_INFO dict_open_info[] = {
     DICT_TYPE_HASH, dict_hash_open,
     DICT_TYPE_BTREE, dict_btree_open,
 #endif
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+#ifdef HAS_LMDB
     DICT_TYPE_LMDB, dict_lmdb_open,
 #endif
 #ifdef HAS_NIS
diff --git a/postfix/src/util/lmdb_cache_test.sh b/postfix/src/util/lmdb_cache_test.sh
deleted file mode 100644
index 8dfc72d4c..000000000
--- a/postfix/src/util/lmdb_cache_test.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-
-set -e
-
-rm -f foo.lmdb
-
-./dict_cache <<EOF
-cache lmdb:foo
-update x ${1-2000}
-run 
-update y ${1-2000}
-purge x
-run 
-purge y
-run 
-EOF
-
-../../bin/postmap -s lmdb:foo | diff /dev/null -
-rm -f foo.lmdb
diff --git a/postfix/src/util/lmdb_cache_test_1.sh b/postfix/src/util/lmdb_cache_test_1.sh
new file mode 100644
index 000000000..f5d476735
--- /dev/null
+++ b/postfix/src/util/lmdb_cache_test_1.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# Torture test: run update and purge operations in parallel processes.
+# This will result in some purge operations not finding all entries,
+# but the final sequential purge should eliminate all.
+
+set -e
+
+rm -f foo.lmdb
+./dict_cache <<EOF
+lmdb_map_size 20000
+cache lmdb:foo
+EOF
+
+(./dict_cache <<EOF
+cache lmdb:foo
+update x ${1-10000}
+run 
+update y ${1-10000}
+purge x
+run 
+purge y
+run 
+EOF
+) &
+
+(./dict_cache <<EOF
+cache lmdb:foo
+update a ${1-10000}
+run 
+update b ${1-10000}
+purge a
+run 
+purge b
+run 
+EOF
+) &
+
+wait
+
+./dict_cache <<EOF
+cache lmdb:foo
+purge a
+run
+purge b
+run
+purge x
+run
+purge y
+run
+EOF
+
+../../bin/postmap -s lmdb:foo | diff /dev/null -
+
+rm -f foo.lmdb
diff --git a/postfix/src/util/lmdb_cache_test_2.sh b/postfix/src/util/lmdb_cache_test_2.sh
new file mode 100644
index 000000000..a54e7bd3c
--- /dev/null
+++ b/postfix/src/util/lmdb_cache_test_2.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+# Torture test: run update and delete ${1-10000}perations in
+# parallel processes. None should remain.
+
+set -e
+
+rm -f foo.lmdb
+./dict_cache <<EOF
+lmdb_map_size 20000
+cache lmdb:foo
+EOF
+
+(./dict_cache <<EOF
+cache lmdb:foo
+update x ${1-10000}
+run 
+update y ${1-10000}
+delete x ${1-10000}
+run 
+delete y ${1-10000}
+run 
+EOF
+) &
+
+(./dict_cache <<EOF
+cache lmdb:foo
+update a ${1-10000}
+run 
+update b ${1-10000}
+delete a ${1-10000}
+run 
+delete b ${1-10000}
+run 
+EOF
+) &
+
+wait
+
+../../bin/postmap -s lmdb:foo | diff /dev/null -
+
+rm -f foo.lmdb
diff --git a/postfix/src/util/name_mask.c b/postfix/src/util/name_mask.c
index 454e5bfd7..6bb3b4df4 100644
--- a/postfix/src/util/name_mask.c
+++ b/postfix/src/util/name_mask.c
@@ -448,8 +448,7 @@ static int hex_to_ulong(char *value, unsigned long mask, unsigned long *ulp)
     if (*cp != '\0' || errno == ERANGE)
 	return (0);
 
-    if (ulp)
-	*ulp = (result & mask);
+    *ulp = (result & mask);
     return (*ulp == result);
 }
 
diff --git a/postfix/src/util/slmdb.c b/postfix/src/util/slmdb.c
index 38d1da31e..2d944b1be 100644
--- a/postfix/src/util/slmdb.c
+++ b/postfix/src/util/slmdb.c
@@ -93,8 +93,7 @@
 /*	for the specified database.
 /*
 /*	slmdb_control() specifies optional features. The result is
-/*	0 in case of success, or -1 with errno indicating the nature
-/*	of the problem.
+/*	an LMDB status code (zero in case of success).
 /*
 /* Arguments:
 /* .IP slmdb
@@ -113,13 +112,24 @@
 /*	Flags that control file open operations. Do not specify
 /*	locking flags here.
 /* .IP lmdb_flags
-/*	Flags that control the LMDB environment.
+/*	Flags that control the LMDB environment. If MDB_NOLOCK is
+/*	specified, then each slmdb_get() or slmdb_cursor_get() call
+/*	must be protected with a shared (or stronger) external lock,
+/*	and each slmdb_put() or slmdb_del() call must be protected
+/*	with an exclusive external lock. The locks may be released
+/*	after the call returns.
 /* .IP slmdb_flags
 /*	Bit-wise OR of zero or more of the following:
 /* .RS
 /* .IP SLMDB_FLAG_BULK
-/*	Open the database for a "bulk" transaction that is not
-/*	committed until the database is closed.
+/*	Open the database and create a "bulk" transaction that is
+/*	committed when the database is closed. If MDB_NOLOCK is
+/*	specified, then the entire transaction must be protected
+/*	with a persistent exclusive external lock (the lock may be
+/*	atomically downgraded to a shared lock to permit concurrent
+/*	read-only access). All slmdb_get(), slmdb_put() and slmdb_del()
+/*	requests will be directed to the "bulk" transaction. The effect
+/*	of calling slmdb_cursor_get() is undefined.
 /* .RE
 /* .IP mdb_key
 /*	Pointer to caller-provided lookup key storage.
@@ -133,20 +143,24 @@
 /*	request names and the corresponding value types.
 /* .RS
 /* .IP "SLMDB_CTL_LONGJMP_FN (void (*)(void *, int))
-/*	Application long-jump call-back function pointer. The
-/*	function must not return and is called to repeat a failed
-/*	bulk-mode transaction from the start. The arguments are the
-/*	application context and the setjmp() or sigsetjmp() result
-/*	value.
+/*	Call-back function pointer. The function is called to repeat
+/*	a failed bulk-mode transaction from the start. The arguments
+/*	are the application context and the setjmp() or sigsetjmp()
+/*	result value.
 /* .IP "SLMDB_CTL_NOTIFY_FN (void (*)(void *, int, ...))"
-/*	Application notification call-back function pointer. The
-/*	function is called after succesful error recovery with
-/*	arguments the application context, the MDB error code, and
-/*	additional arguments that depend on the error code.  Details
-/*	are given in the section "ERROR RECOVERY".
-/* .IP "SLMDB_CTL_CONTEXT (void *)"
-/*	Application context that is passed in application notification
-/*	and long-jump call-back function calls.
+/*	Call-back function pointer. The function is called to report
+/*	succesful error recovery. The arguments are the application
+/*	context, the MDB error code, and additional arguments that
+/*	depend on the error code.  Details are given in the section
+/*	"ERROR RECOVERY".
+/* .IP "SLMDB_CTL_ASSERT_FN (void (*)(void *, const char *))"
+/*	Call-back function pointer.  The function is called to
+/*	report an LMDB internal assertion failure. The arguments
+/*	are the application context, and text that describes the
+/*	problem.
+/* .IP "SLMDB_CTL_CB_CONTEXT (void *)"
+/*	Application context that is passed in call-back function
+/*	calls.
 /* .IP "SLMDB_CTL_API_RETRY_LIMIT (int)"
 /*	How many times to recover from LMDB errors within the
 /*	execution of a single slmdb(3) API call before giving up.
@@ -172,12 +186,12 @@
 /*	memory mapping.  According to LMDB documentation this
 /*	requires that there is no concurrent activity in the same
 /*	database by other threads in the same memory address space.
+/*
+/*	When a database is opened with MDB_NOLOCK, and the external
+/*	lock is based on fcntl() or the like, there is no protection
+/*	against concurrent activity in the same process.
 /* SEE ALSO
 /*	lmdb(3) API manpage (currently, non-existent).
-/* LICENSE
-/* .ad
-/* .fi
-/*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Howard Chu
 /*	Symas Corporation
@@ -188,7 +202,12 @@
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 
-#if defined(SNAPSHOT) && defined(HAS_LMDB)
+ /*
+  * DO NOT include other Postfix-specific header files. This LMDB wrapper
+  * must be usable outside Postfix.
+  */
+
+#ifdef HAS_LMDB
 
 /* System library. */
 
@@ -207,19 +226,31 @@
 #include <slmdb.h>
 
  /*
-  * Supported LMDB versions.
+  * Minimum LMDB patchlevel.
+  * 
+  * LMDB 0.9.11 allows Postfix daemons to log an LMDB error message instead of
+  * falling out of the sky without any explanation. Without such logging,
+  * Postfix with LMDB would be too hard to support.
+  * 
+  * LMDB 0.9.10 fixes an information leak where LMDB wrote chunks of up to 4096
+  * bytes of uninitialized heap memory to a database. This was a security
+  * violation because it made information persistent that was not meant to be
+  * persisted, or it was sharing information that was not meant to be shared.
   * 
   * LMDB 0.9.8 allows the application to update the database size limit
-  * on-the-fly, so that it can recover from an MDB_MAP_FULL error; it also
-  * allows an application to "pick up" a new database size limit on-the-fly,
-  * so that it can recover from an MDB_MAP_RESIZED error. The database size
-  * limit that remains is imposed by the hardware address space. The
-  * implementation is supposed to handle databases larger than physical
-  * memory. However, this is not necessarily guaranteed for (bulk)
+  * on-the-fly, so that it can recover from an MDB_MAP_FULL error without
+  * having to close the database. It also allows an application to "pick up"
+  * a new database size limit on-the-fly, so that it can recover from an
+  * MDB_MAP_RESIZED error without having to close the database. Finally, it
+  * avoids the need for world-writable lockfiles, by using MDB_NOLOCK.
+  * 
+  * The database size limit that remains is imposed by the hardware address
+  * space. The implementation is supposed to handle databases larger than
+  * physical memory. However, this is not necessarily guaranteed for (bulk)
   * transactions larger than physical memory.
   */
-#if MDB_VERSION_FULL < MDB_VERINT(0, 9, 8)
-#error "Build with LMDB version 0.9.8 or later"
+#if MDB_VERSION_FULL < MDB_VERINT(0, 9, 11)
+#error "This Postfix version requires LMDB version 0.9.11 or later"
 #endif
 
  /*
@@ -245,7 +276,7 @@
   * call for non-bulk transactions. We allow a number of bulk-transaction
   * retries that is proportional to the memory address space.
   */
-#define SLMDB_DEF_API_RETRY_LIMIT 2	/* Retries per slmdb(3) API call */
+#define SLMDB_DEF_API_RETRY_LIMIT 30	/* Retries per slmdb(3) API call */
 #define SLMDB_DEF_BULK_RETRY_LIMIT \
         (2 * sizeof(size_t) * CHAR_BIT)	/* Retries per bulk-mode transaction */
 
@@ -260,11 +291,9 @@
     } while (0)
 
  /*
-  * We must close the cursor's read transaction before writing to the
-  * database with MDB_NOLOCK, and before changing the memory map size. Our
-  * database iterator saves the key under the last cursor position, and
-  * restores the cursor if needed. This supports only one cursor per
-  * database.
+  * With MDB_NOLOCK, the iterator must close the cursor's read transaction
+  * before returning the (key, value) to the caller. See ITS#7774 and
+  * followups.
   */
 
 /* slmdb_cursor_close - close cursor and its read transaction */
@@ -373,8 +402,8 @@ static int slmdb_recover(SLMDB *slmdb, int status)
     MDB_envinfo info;
 
     /*
-     * Close the cursor and its read transaction before changing the memory
-     * map size. We can restore it later from the saved key information.
+     * This may be needed in non-MDB_NOLOCK mode. Recovery is rare enough that
+     * we don't care about a few wasted cycles.
      */
     if (slmdb->cursor != 0)
 	slmdb_cursor_close(slmdb);
@@ -540,15 +569,6 @@ int     slmdb_put(SLMDB *slmdb, MDB_val *mdb_key,
     else if ((status = slmdb_txn_begin(slmdb, 0, &txn)) != 0)
 	SLMDB_API_RETURN(slmdb, status);
 
-    /*
-     * Before doing a non-bulk write transaction in MDB_NOLOCK mode, close a
-     * cursor and its read transaction. We can restore it later with the
-     * saved key information.
-     */
-    if (slmdb->cursor != 0 && slmdb->txn == 0
-	&& (slmdb->lmdb_flags & MDB_NOLOCK))
-	slmdb_cursor_close(slmdb);
-
     /*
      * Do the update.
      */
@@ -586,15 +606,6 @@ int     slmdb_del(SLMDB *slmdb, MDB_val *mdb_key)
     else if ((status = slmdb_txn_begin(slmdb, 0, &txn)) != 0)
 	SLMDB_API_RETURN(slmdb, status);
 
-    /*
-     * Before doing a non-bulk write transaction in MDB_NOLOCK mode, close a
-     * cursor and its read transaction. We can restore it later from the
-     * saved key information.
-     */
-    if (slmdb->cursor != 0 && slmdb->txn == 0
-	&& (slmdb->lmdb_flags & MDB_NOLOCK))
-	slmdb_cursor_close(slmdb);
-
     /*
      * Do the update.
      */
@@ -623,7 +634,7 @@ int     slmdb_cursor_get(SLMDB *slmdb, MDB_val *mdb_key,
 			         MDB_val *mdb_value, MDB_cursor_op op)
 {
     MDB_txn *txn;
-    int     status;
+    int     status = 0;
 
     /*
      * Open a read transaction and cursor if needed.
@@ -641,37 +652,41 @@ int     slmdb_cursor_get(SLMDB *slmdb, MDB_val *mdb_key,
 	/*
 	 * Restore the cursor position from the saved key information.
 	 */
-	if (HAVE_SLMDB_SAVED_KEY(slmdb) && op != MDB_FIRST) {
-	    if ((status = mdb_cursor_get(slmdb->cursor, &slmdb->saved_key,
-					 (MDB_val *) 0, MDB_SET)) != 0) {
-		slmdb_cursor_close(slmdb);
-		if ((status = slmdb_recover(slmdb, status)) == 0)
-		    status = slmdb_cursor_get(slmdb, mdb_key, mdb_value, op);
-		SLMDB_API_RETURN(slmdb, status);
-	    }
-	}
+	if (HAVE_SLMDB_SAVED_KEY(slmdb) && op != MDB_FIRST)
+	    status = mdb_cursor_get(slmdb->cursor, &slmdb->saved_key,
+					 (MDB_val *) 0, MDB_SET);
     }
 
     /*
      * Database lookup.
      */
-    status = mdb_cursor_get(slmdb->cursor, mdb_key, mdb_value, op);
+    if (status == 0)
+	status = mdb_cursor_get(slmdb->cursor, mdb_key, mdb_value, op);
 
     /*
-     * Save the cursor position. This can fail only with ENOMEM.
+     * Save the cursor position if successful. This can fail only with
+     * ENOMEM.
+     * 
+     * Close the cursor read transaction if in MDB_NOLOCK mode, because the
+     * caller may release the external lock after we return.
      */
-    if (status == 0)
+    if (status == 0) {
 	status = slmdb_saved_key_assign(slmdb, mdb_key);
+	if (slmdb->lmdb_flags & MDB_NOLOCK)
+	    slmdb_cursor_close(slmdb);
+    }
 
     /*
      * Handle end-of-database or other error.
      */
     else {
+	/* Do not hand-optimize out the slmdb_cursor_close() calls below. */
 	if (status == MDB_NOTFOUND) {
 	    slmdb_cursor_close(slmdb);
 	    if (HAVE_SLMDB_SAVED_KEY(slmdb))
 		slmdb_saved_key_free(slmdb);
 	} else {
+	    slmdb_cursor_close(slmdb);
 	    if ((status = slmdb_recover(slmdb, status)) == 0)
 		status = slmdb_cursor_get(slmdb, mdb_key, mdb_value, op);
 	    SLMDB_API_RETURN(slmdb, status);
@@ -681,6 +696,16 @@ int     slmdb_cursor_get(SLMDB *slmdb, MDB_val *mdb_key,
     SLMDB_API_RETURN(slmdb, status);
 }
 
+/* slmdb_assert_cb - report LMDB assertion failure */
+
+static void slmdb_assert_cb(MDB_env *env, const char *text)
+{
+    SLMDB  *slmdb = (SLMDB *) mdb_env_get_userctx(env);
+
+    if (slmdb->assert_fn)
+	slmdb->assert_fn(slmdb->cb_context, text);
+}
+
 /* slmdb_control - control optional settings */
 
 int     slmdb_control(SLMDB *slmdb, int first,...)
@@ -688,6 +713,7 @@ int     slmdb_control(SLMDB *slmdb, int first,...)
     va_list ap;
     int     status = 0;
     int     reqno;
+    int     rc;
 
     va_start(ap, first);
     for (reqno = first; status == 0 && reqno != SLMDB_CTL_END; reqno = va_arg(ap, int)) {
@@ -698,7 +724,13 @@ int     slmdb_control(SLMDB *slmdb, int first,...)
 	case SLMDB_CTL_NOTIFY_FN:
 	    slmdb->notify_fn = va_arg(ap, SLMDB_NOTIFY_FN);
 	    break;
-	case SLMDB_CTL_CONTEXT:
+	case SLMDB_CTL_ASSERT_FN:
+	    slmdb->assert_fn = va_arg(ap, SLMDB_ASSERT_FN);
+	    if ((rc = mdb_env_set_userctx(slmdb->env, (void *) slmdb)) != 0
+	     || (rc = mdb_env_set_assert(slmdb->env, slmdb_assert_cb)) != 0)
+		status = rc;
+	    break;
+	case SLMDB_CTL_CB_CONTEXT:
 	    slmdb->cb_context = va_arg(ap, void *);
 	    break;
 	case SLMDB_CTL_API_RETRY_LIMIT:
@@ -708,8 +740,7 @@ int     slmdb_control(SLMDB *slmdb, int first,...)
 	    slmdb->bulk_retry_limit = va_arg(ap, int);
 	    break;
 	default:
-	    errno = EINVAL;
-	    status = -1;
+	    status = errno = EINVAL;
 	    break;
 	}
     }
@@ -834,6 +865,7 @@ int     slmdb_open(SLMDB *slmdb, const char *path, int open_flags,
     slmdb->bulk_retry_limit = SLMDB_DEF_BULK_RETRY_LIMIT;
     slmdb->longjmp_fn = 0;
     slmdb->notify_fn = 0;
+    slmdb->assert_fn = 0;
     slmdb->cb_context = 0;
     slmdb->txn = txn;
 
@@ -843,20 +875,4 @@ int     slmdb_open(SLMDB *slmdb, const char *path, int open_flags,
     return (status);
 }
 
-#endif
-
- /*
-  * Implementation-dependent workaround to debug LMDB assert() failures. The
-  * code below prevents daemons from disappearing without logfile record.
-  */
-#ifdef LMDB_ASSERT_WORKAROUND
-
-#include <assert.h>
-
-void    __assert(const char *func, const char *file, int line, const char *text)
-{
-    msg_panic("Assertion failed: %s, function %s, file %s, line %d.",
-	      text, func, file, line);
-}
-
 #endif
diff --git a/postfix/src/util/slmdb.h b/postfix/src/util/slmdb.h
index 6f5ad5cfa..4b41cae18 100644
--- a/postfix/src/util/slmdb.h
+++ b/postfix/src/util/slmdb.h
@@ -50,6 +50,7 @@ typedef struct {
     size_t  saved_key_size;		/* saved cursor key buffer size */
     void    (*longjmp_fn) (void *, int);/* exception handling */
     void    (*notify_fn) (void *, int,...);	/* workaround notification */
+    void    (*assert_fn) (void *, const char *);	/* assert notification */
     void   *cb_context;			/* call-back context */
     int     api_retry_count;		/* slmdb(3) API call retry count */
     int     bulk_retry_count;		/* bulk_mode retry count */
@@ -74,13 +75,15 @@ extern int slmdb_close(SLMDB *);
 #define SLMDB_CTL_END		0
 #define SLMDB_CTL_LONGJMP_FN	1	/* exception handling */
 #define SLMDB_CTL_NOTIFY_FN	2	/* debug logging function */
-#define SLMDB_CTL_CONTEXT	3	/* exception/debug logging context */
+#define SLMDB_CTL_CB_CONTEXT	3	/* call-back context */
 #define SLMDB_CTL_HARD_LIMIT	4	/* hard database size limit */
 #define SLMDB_CTL_API_RETRY_LIMIT	5	/* per slmdb(3) API call */
 #define SLMDB_CTL_BULK_RETRY_LIMIT	6	/* per bulk update */
+#define SLMDB_CTL_ASSERT_FN	7	/* report assertion failure */
 
 typedef void (*SLMDB_NOTIFY_FN) (void *, int,...);
 typedef void (*SLMDB_LONGJMP_FN) (void *, int);
+typedef void (*SLMDB_ASSERT_FN) (void *, const char *);
 
 /* LICENSE
 /* .ad