From: Wietse Venema <wietse@porcupine.org>
Date: Fri, 1 Dec 2006 05:00:00 +0000 (-0500)
Subject: postfix-2.4-20061201
X-Git-Tag: v2.4.0-RC1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f05848f517c2379c73d81876da05fc228af4fc8;p=thirdparty%2Fpostfix.git

postfix-2.4-20061201
---

diff --git a/postfix/AAAREADME b/postfix/AAAREADME
index d68a0f16d..e78b4d8e1 100644
--- a/postfix/AAAREADME
+++ b/postfix/AAAREADME
@@ -135,7 +135,6 @@ Postfix daemons:
     src/cleanup/	Canonicalize and enqueue mail
     src/discard/	Trivial discard mailer
     src/error/		Trivial error mailer
-    src/lmtp/		LMTP client
     src/local/		Local delivery
     src/master/		Postfix resident superserver
     src/oqmgr/		Old queue manager
@@ -144,9 +143,10 @@ Postfix daemons:
     src/qmgr/		Queue manager
     src/qmqpd/		QMQPD server
     src/showq/		List Postfix queue status
-    src/smtp/		SMTP client
+    src/smtp/		SMTP and LMTP client
     src/smtpd/		SMTP server
     src/spawn/		Run non-Postfix server
+    src/tlsmgr/		TLS session keys and random pool
     src/trivial-rewrite/ Address rewriting and resolving
     src/verify/		address verification service
     src/virtual/	virtual mailbox-only delivery agent
diff --git a/postfix/HISTORY b/postfix/HISTORY
index 2891b9e4b..254e1d15f 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -12814,8 +12814,62 @@ Apologies for any names omitted.
 	response on a cached SMTP/LMTP connection.  Report by Brian
 	Kantor.  Fix by Victor Duchovni.  File: smtp/smtp_reuse.c.
 
+20061113
+
+	Bugfix: the Postfix install/upgrade procedure broke with
+	non-default config_directory. File: conf/post-install.
+
+20061115
+
+	Bugfix: null pointer bug in end-of-header Milter action
+	when the last header line is too large.  Reported by Mark
+	Martinec. The root of the problem is that the MIME state
+	engine may execute up to three call-back functions when it
+	reaches the end of the headers, before it returns to the
+	caller; as long as call-backs return no result, each call-back
+	has to check for itself if a previous call-back ran into a
+	problem.  File: milter/milter8.c.
+
+	Workaround: reduce effective header_size_limit to 60000
+	when Milter inspection is enabled, to avoid breaking the
+	Milter protocol request length limit. File:
+	cleanup/cleanup_message.c.
+
+20061123
+
+	Workaround: more agressive early refill of in-memory
+	recipients to prevent a worst-case scenario where the queue
+	manager became starved until after the last batch of slow
+	in-memory recipients of jumbo multi-recipient mail. Files:
+	qmgr/qmgr_job.c.
+
+	Safety: don't read more than 5000 recipients at a time, to
+	avoid spending too much time away from interrupts.  File:
+	qmgr/qmgr_message.c.
+	
+20061201
+
+	Workaround: don't complain in the trivial-rewrite, verify,
+	proxymap or connection cache client when the server exits
+	after the client sends its request. We still complain,
+	however, when the problem persists.  Files: global/rewrite_clnt.c,
+	global/resolve_clnt.c, global/verify_clnt.c, global/scache_clnt.c,
+	global/dict_proxy.c.
+
+	Safety: the header_size_limit is now enforced more strictly,
+	to avoid inter-operability problems with the Milter protocol.
+	Long headers are truncated at a line boundary if possible,
+	otherwise they are cut between line boundaries. File:
+	cleanup/cleanup_out.c.
+
 Wish list:
 
+	Investigate if clients of single-instance servers such as
+	tlsmgr, verify, can close sockets earlier.
+
+	REDIRECT should override original recipient info, and
+	probably override DSN as well.
+
 	Find out if with Sendmail, a Milter "add recipient" request
 	results in NOTIFY=NONE as Postfix does now.
 
diff --git a/postfix/README_FILES/ADDRESS_REWRITING_README b/postfix/README_FILES/ADDRESS_REWRITING_README
index 5a701344a..4ac6cb4e6 100644
--- a/postfix/README_FILES/ADDRESS_REWRITING_README
+++ b/postfix/README_FILES/ADDRESS_REWRITING_README
@@ -787,14 +787,14 @@ mailbox, or delivery to non-Postfix command.
     Content-Description: Notification
     Content-Type: text/plain
 
-    This is the Postfix program at host spike.porcupine.org.
+    This is the mail system at host spike.porcupine.org.
 
     Enclosed is the mail delivery report that you requested.
 
-                            The Postfix program
+                            The mail system
 
     <postfix-users@postfix.org>: delivery via mail.cloud9.net[168.100.1.4]: 250
-    Ok
+    2.1.5 Ok
 
 The second part of the report is in machine-readable form, and includes the
 following information:
@@ -814,13 +814,13 @@ version 2.3 and later.
     Reporting-MTA: dns; spike.porcupine.org
     X-Postfix-Queue-ID: 84863BC0E5
     X-Postfix-Sender: rfc822; wietse@porcupine.org
-    Arrival-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+    Arrival-Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 
     Final-Recipient: rfc822; postfix-users@postfix.org
     Action: deliverable
-    Status: 2.0.0
+    Status: 2.1.5
     Remote-MTA: dns; mail.cloud9.net
-    Diagnostic-Code: smtp; 250 Ok
+    Diagnostic-Code: smtp; 250 2.1.5 Ok
 
 The third part of the report contains the message that Postfix would have
 delivered, including From: and To: message headers, so that you can see any
@@ -831,10 +831,10 @@ no body content so none is shown in the example below.
     Content-Type: message/rfc822
 
     Received: by spike.porcupine.org (Postfix, from userid 1001)
-            id 84863BC0E5; Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+            id 84863BC0E5; id DA77DBC0A9; Sun, 26 Nov 2006 17:01:01 -0500 (EST)
     Subject: probe
     To: postfix-users@postfix.org
-    Message-Id: <20040413232743.84863BC0E5@spike.porcupine.org>
-    Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+    Message-Id: <20061126220101.84863BC0E5@spike.porcupine.org>
+    Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
     From: wietse@porcupine.org (Wietse Venema)
 
diff --git a/postfix/README_FILES/BACKSCATTER_README b/postfix/README_FILES/BACKSCATTER_README
index 78646f22d..fcde09c05 100644
--- a/postfix/README_FILES/BACKSCATTER_README
+++ b/postfix/README_FILES/BACKSCATTER_README
@@ -12,7 +12,7 @@ Topics covered in this document:
   * How do I block backscatter mail to random recipient addresses?
   * How do I block backscatter mail to real recipient addresses?
 
-      o Blocking backscatter mail with forged HELO information
+      o Blocking backscatter mail with forged mail server information
       o Blocking backscatter mail with forged sender information
       o Blocking backscatter mail with other forged information
       o Blocking backscatter mail from virus scanners
@@ -45,7 +45,7 @@ headers of the undeliverable mail in the non-delivery notification. These
 message headers contain information that you can use to recognize and block
 forged mail.
 
-BBlloocckkiinngg bbaacckkssccaatttteerr mmaaiill wwiitthh ffoorrggeedd HHEELLOO iinnffoorrmmaattiioonn
+BBlloocckkiinngg bbaacckkssccaatttteerr mmaaiill wwiitthh ffoorrggeedd mmaaiill sseerrvveerr iinnffoorrmmaattiioonn
 
 Although my email address is "wietse@porcupine.org", all my mail systems
 announce themselves with the SMTP HELO command as "hostname.porcupine.org".
@@ -67,6 +67,13 @@ result of forgery:
     Received: from host.example.com (HELO porcupine.org) ...
     Received: from host.example.com (EHLO porcupine.org) ...
 
+Some forgeries show up in the way that a mail server reports itself in
+Received: message headers. Keeping in mind that all my systems have a mail
+server name of hostname.porcupine.org, the following is definitely a forgery:
+
+    Received: by porcupine.org ...
+    Received: from host.example.com ( ... ) by porcupine.org ...
+
 Another frequent sign of forgery is the Message-ID: header. My systems produce
 a Message-ID: of <stuff@hostname.porcupine.org>. The following are forgeries,
 especially the first one:
@@ -82,20 +89,28 @@ this:
         body_checks = regexp:/etc/postfix/body_checks
 
     /etc/postfix/header_checks:
+        if /^Received:/
         /^Received: +from +(porcupine\.org) +/
             reject forged client name in Received: header: $1
         /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)
     (porcupine\.org)\)/
             reject forged client name in Received: header: $2
+        /^Received:.* +by +(porcupine\.org)[[:>:]]/
+            reject forged mail server name in Received: header: $1
+        endif
         /^Message-ID:.*@(porcupine\.org)/
     	reject forged domain name in Message-ID: header: $1
 
     /etc/postfix/body_checks:
+        if /^[> ]*Received:/
         /^[> ]*Received: +from +(porcupine\.org) /
             reject forged client name in Received: header: $1
         /^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)
     (porcupine\.org)\)/
             reject forged client name in Received: header: $2
+        /^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/
+            reject forged mail server name in Received: header: $1
+        endif
         /^[> ]*Message-ID:.*@(porcupine\.org)/
     	reject forged domain name in Message-ID: header: $1
 
@@ -110,6 +125,12 @@ Notes:
   * The "\(" and "\)" match "(" and ")" literally. Without the "\", the "(" and
     ")" would be grouping operators.
 
+  * The "[[:>:]]" matches the end of a word. On some systems you should specify
+    "\>" instead. For details see your system documentation.
+
+  * The "if /pattern/" and "endif" eliminate unnecessary matching attempts. DO
+    NOT indent lines starting with /pattern/ between the "if" and "endif"!
+
 CCaavveeaattss
 
 Netscape Messenger (and reportedly, Mozilla) sends a HELO name that is
diff --git a/postfix/README_FILES/DEBUG_README b/postfix/README_FILES/DEBUG_README
index da0cb445a..bb2ee7393 100644
--- a/postfix/README_FILES/DEBUG_README
+++ b/postfix/README_FILES/DEBUG_README
@@ -25,7 +25,8 @@ follows:
   * Making Postfix daemon programs more verbose
   * Manually tracing a Postfix daemon process
   * Automatically tracing a Postfix daemon process
-  * Running daemon programs with the interactive xxgdb debugger
+  * Running daemon programs with the interactive ddd debugger
+  * Running daemon programs with the interactive gdb debugger
   * Running daemon programs under a non-interactive debugger
   * Unreasonable behavior
   * Reporting problems to postfix-users@postfix.org
@@ -208,18 +209,18 @@ the call tracer of your choice, for example:
 
 Type "ppoossttffiixx rreellooaadd" and watch the logfile.
 
-RRuunnnniinngg ddaaeemmoonn pprrooggrraammss wwiitthh tthhee iinntteerraaccttiivvee xxxxggddbb ddeebbuuggggeerr
+RRuunnnniinngg ddaaeemmoonn pprrooggrraammss wwiitthh tthhee iinntteerraaccttiivvee dddddd ddeebbuuggggeerr
 
 If you have X Windows installed on the Postfix machine, then an interactive
-debugger such as xxxxggddbb can be convenient.
+debugger such as dddddd can be convenient.
 
 Edit the debugger_command definition in /etc/postfix/main.cf so that it invokes
-xxxxggddbb:
+dddddd:
 
     /etc/postfix/main.cf:
         debugger_command =
              PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
-             xxgdb $daemon_directory/$process_name $process_id & sleep 5
+             ddd $daemon_directory/$process_name $process_id & sleep 5
 
 Be sure that ggddbb is in the command search path, and export XXAAUUTTHHOORRIITTYY so that X
 access control works, for example:
@@ -239,6 +240,37 @@ the proper XXAAUUTTHHOORRIITTYY and DDIISSPPLLAAYY settings.
 Whenever the suspect daemon process is started, a debugger window pops up and
 you can watch in detail what happens.
 
+RRuunnnniinngg ddaaeemmoonn pprrooggrraammss wwiitthh tthhee iinntteerraaccttiivvee ggddbb ddeebbuuggggeerr
+
+If you have the screen command installed on the Postfix machine, then you can
+run an interactive debugger such as ggddbb as follows.
+
+Edit the debugger_command definition in /etc/postfix/main.cf so that it runs
+ggddbb inside a detached ssccrreeeenn session:
+
+    /etc/postfix/main.cf:
+        debugger_command =
+            PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; HOME=/root;
+            export HOME; screen -e^tt -dmS $process_name gdb
+            $daemon_directory/$process_name $process_id & sleep 2
+
+Be sure that ggddbb is in the command search path.
+
+Append a --DD option to the suspect daemon definition in /etc/postfix/master.cf,
+for example:
+
+    /etc/postfix/master.cf:
+        smtp      inet  n       -       n       -       -       smtpd -D
+
+Execute the command "ppoossttffiixx rreellooaadd" and wait until a daemon process is started
+(you can see this in the maillog file).
+
+Then attach to the screen, and debug away:
+
+    # HOME=/root screen -r
+    gdb) continue
+    gdb) where
+
 RRuunnnniinngg ddaaeemmoonn pprrooggrraammss uunnddeerr aa nnoonn--iinntteerraaccttiivvee ddeebbuuggggeerr
 
 If you do not have X Windows installed on the Postfix machine, or if you are
diff --git a/postfix/conf/post-install b/postfix/conf/post-install
index c64ff19f6..54b3b93bc 100644
--- a/postfix/conf/post-install
+++ b/postfix/conf/post-install
@@ -589,14 +589,14 @@ EOF
     # This safety net is also documented in LOCAL_RECIPIENT_README.
 
     unknown_local=unknown_local_recipient_reject_code
-    has_lrm=`$POSTCONF -n local_recipient_maps`
-    has_lrjc=`$POSTCONF -n $unknown_local`
+    has_lrm=`$POSTCONF -c $config_directory -n local_recipient_maps`
+    has_lrjc=`$POSTCONF -c $config_directory -n $unknown_local`
 
     if [ -z "$has_lrm" -a -z "$has_lrjc" ]
     then
 	echo SAFETY: editing main.cf, setting $unknown_local=450.
 	echo See the LOCAL_RECIPIENT_README file for details.
-	$POSTCONF -e "$unknown_local = 450" || exit 1
+	$POSTCONF -c $config_directory -e "$unknown_local = 450" || exit 1
     fi
 
     # Add missing proxymap service to master.cf.
@@ -678,8 +678,8 @@ EOF
 
 test -n "$first_install_reminder" && {
 
-    ALIASES=`$POSTCONF -h alias_database | sed 's/^[^:]*://'`
-    NEWALIASES_PATH=`$POSTCONF -h newaliases_path`
+    ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
+    NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
     cat <<EOF | ${FMT}
 
     Warning: you still need to edit myorigin/mydestination/mynetworks
diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html
index 4c1c53813..fd580115a 100644
--- a/postfix/html/ADDRESS_REWRITING_README.html
+++ b/postfix/html/ADDRESS_REWRITING_README.html
@@ -1174,13 +1174,13 @@ to mailbox, or delivery to non-Postfix command. </p>
 Content-Description: Notification
 Content-Type: text/plain
 
-This is the Postfix program at host spike.porcupine.org.
+This is the mail system at host spike.porcupine.org.
 
 Enclosed is the mail delivery report that you requested.
 
-                        The Postfix program
+                        The mail system
 
-&lt;postfix-users@postfix.org&gt;: delivery via mail.cloud9.net[168.100.1.4]: 250 Ok
+&lt;postfix-users@postfix.org&gt;: delivery via mail.cloud9.net[168.100.1.4]: 250 2.1.5 Ok
 </pre>
 </blockquote>
 
@@ -1210,13 +1210,13 @@ Content-Type: message/delivery-status
 Reporting-MTA: dns; spike.porcupine.org
 X-Postfix-Queue-ID: 84863BC0E5
 X-Postfix-Sender: rfc822; wietse@porcupine.org
-Arrival-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+Arrival-Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 
 Final-Recipient: rfc822; postfix-users@postfix.org
 Action: deliverable
-Status: 2.0.0
+Status: 2.1.5
 Remote-MTA: dns; mail.cloud9.net
-Diagnostic-Code: smtp; 250 Ok
+Diagnostic-Code: smtp; 250 2.1.5 Ok
 </pre>
 </blockquote>
 
@@ -1232,11 +1232,11 @@ Content-Description: Message
 Content-Type: message/rfc822
 
 Received: by spike.porcupine.org (Postfix, from userid 1001)
-        id 84863BC0E5; Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+        id 84863BC0E5; id DA77DBC0A9; Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 Subject: probe
 To: postfix-users@postfix.org
-Message-Id: &lt;20040413232743.84863BC0E5@spike.porcupine.org&gt;
-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+Message-Id: &lt;20061126220101.84863BC0E5@spike.porcupine.org&gt;
+Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 From: wietse@porcupine.org (Wietse Venema)
 </pre>
 </blockquote>
diff --git a/postfix/html/BACKSCATTER_README.html b/postfix/html/BACKSCATTER_README.html
index a007603bd..83a673d0f 100644
--- a/postfix/html/BACKSCATTER_README.html
+++ b/postfix/html/BACKSCATTER_README.html
@@ -38,7 +38,7 @@ recipient addresses?</a>
 <ul>
 
 <li><a href="#forged_helo">Blocking backscatter mail with forged
-HELO information</a>
+mail server information</a>
 
 <li><a href="#forged_sender">Blocking backscatter mail with forged
 sender information</a>
@@ -91,7 +91,7 @@ information that you can use to recognize and block forged mail.
 </p>
 
 <h3><a name="forged_helo">Blocking backscatter mail with forged
-HELO information</a></h3>
+mail server information</a></h3>
 
 <p> Although my email address is "wietse@porcupine.org", all my
 mail systems announce themselves with the SMTP HELO command as
@@ -127,6 +127,18 @@ Received: from host.example.com (EHLO porcupine.org) ...
 </pre>
 </blockquote>
 
+<p> Some forgeries show up in the way that a mail server reports
+itself in Received: message headers. Keeping in mind that all my
+systems have a mail server name of <i>hostname</i>.porcupine.org,
+the following is definitely a forgery:</p>
+
+<blockquote>
+<pre>
+Received: by porcupine.org ...
+Received: from host.example.com ( ... ) by porcupine.org ...
+</pre>
+</blockquote>
+
 <p> Another frequent sign of forgery is the Message-ID: header. My
 systems produce a Message-ID: of
 &lt;<i>stuff</i>@<i>hostname</i>.porcupine.org&gt;.  The following
@@ -149,18 +161,26 @@ patterns like this: </p>
     <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
+    if /^Received:/
     /^Received: +from +(porcupine\.org) +/
         reject forged client name in Received: header: $1
     /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
+    /^Received:.* +by +(porcupine\.org)[[:&gt;:]]/
+        reject forged mail server name in Received: header: $1
+    endif
     /^Message-ID:.*@(porcupine\.org)/
 	reject forged domain name in Message-ID: header: $1
 
 /etc/postfix/body_checks:
+    if /^[&gt; ]*Received:/
     /^[&gt; ]*Received: +from +(porcupine\.org) /
         reject forged client name in Received: header: $1
     /^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
+    /^[&gt; ]*Received:.* +by +(porcupine\.org)[[:&gt;:]]/
+        reject forged mail server name in Received: header: $1
+    endif
     /^[&gt; ]*Message-ID:.*@(porcupine\.org)/
 	reject forged domain name in Message-ID: header: $1
 </pre>
@@ -181,6 +201,14 @@ the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
 and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
 and "<tt>)</tt>" would be grouping operators.  </p>
 
+<li> <p> The "<tt>[[:&gt;:]]</tt>" matches the end of a word. On
+some systems you should specify "<tt>\&gt;</tt>" instead. For details
+see your system documentation. </p>
+
+<li> <p> The "if /pattern/" and "endif" eliminate unnecessary
+matching attempts. DO NOT indent lines starting with /pattern/
+between the "if" and "endif"! </p>
+
 </ul>
 
 <p><a name="caveats"><strong>Caveats</strong></a></p>
@@ -251,7 +279,7 @@ reality, my patterns list multiple email addresses as
 <li> <p> The "<tt>[[:&lt;:]]</tt>" and "<tt>[[:&gt;:]]</tt>" match
 the beginning and end of a word, respectively. On some systems you
 should specify "<tt>\&lt;</tt>" and "<tt>\&gt;</tt>" instead. For
-details see your system documentation.
+details see your system documentation. </p>
 
 <li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
 the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
diff --git a/postfix/html/DEBUG_README.html b/postfix/html/DEBUG_README.html
index 71fdfd08e..0f785d55b 100644
--- a/postfix/html/DEBUG_README.html
+++ b/postfix/html/DEBUG_README.html
@@ -24,7 +24,7 @@ system when things do not work according to expectation. The methods
 vary from making Postfix log a lot of detail, to running some daemon
 processes under control of a call tracer or debugger. </p>
 
-<p> The text assumes that the Postfix main.cf and master.cf
+<p> The text assumes that the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>
 configuration files are stored in directory /etc/postfix. You can
 use the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" to find out the
 actual location of this directory on your machine. </p>
@@ -54,8 +54,11 @@ sniffer</a>
 <li><a href="#auto_trace">Automatically tracing a Postfix daemon
 process</a>
 
-<li><a href="#xxgdb">Running daemon programs with the interactive
-xxgdb debugger</a>
+<li><a href="#ddd">Running daemon programs with the interactive
+ddd debugger</a>
+
+<li><a href="#screen">Running daemon programs with the interactive
+gdb debugger</a>
 
 <li><a href="#gdb">Running daemon programs under a non-interactive
 debugger</a>
@@ -153,7 +156,7 @@ section at the end of the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRIT
 
 <h2><a name="no_chroot">Try turning off chroot operation in master.cf</a></h2>
 
-<p> A common mistake is to turn on chroot operation in the master.cf
+<p> A common mistake is to turn on chroot operation in the <a href="master.5.html">master.cf</a>
 file without going through all the necessary steps to set up a
 chroot environment. This causes Postfix daemon processes to fail
 due to all kinds of missing files. </p>
@@ -163,7 +166,7 @@ chroot turned off: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
     # =============================================================
     # service type  private unpriv  <b>chroot</b>  wakeup  maxproc command
     #               (yes)   (yes)   <b>(yes)</b>   (never) (100)
@@ -172,8 +175,8 @@ chroot turned off: </p>
 </pre>
 </blockquote>
 
-<p> Inspect master.cf for any processes that have chroot operation
-not turned off. If you find any, save a copy of the master.cf file,
+<p> Inspect <a href="master.5.html">master.cf</a> for any processes that have chroot operation
+not turned off. If you find any, save a copy of the <a href="master.5.html">master.cf</a> file,
 and edit the entries in question.  After executing the command
 "<b>postfix reload</b>", see if the problem has gone away. </p>
 
@@ -187,14 +190,14 @@ prepare Postfix for chrooted operation. </p>
 <h2><a name="debug_peer">Verbose logging for specific SMTP
 connections</a></h2>
 
-<p> In /etc/postfix/main.cf, list the remote site name or address
+<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a>, list the remote site name or address
 in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. For example, in order to make
 the software log a lot of information to the syslog daemon for
 connections from or to the loopback interface: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
     <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1
 </pre>
 </blockquote>
@@ -223,13 +226,13 @@ utility that is available from <a href="ftp://ftp.porcupine.org/pub/debugging/">
 <h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
 
 <p> Append one or more "<b>-v</b>" options to selected daemon
-definitions in /etc/postfix/master.cf and type "<b>postfix reload</b>".
+definitions in /etc/postfix/<a href="master.5.html">master.cf</a> and type "<b>postfix reload</b>".
 This will cause a lot of activity to be logged to the syslog daemon.
 Example: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
     smtp      inet  n       -       n       -       -       smtpd -v
 </pre>
 </blockquote>
@@ -291,22 +294,22 @@ what is going on within the process. </p>
 </ol>
 
 <p> Append a <b>-D</b> option to the suspect command in
-/etc/postfix/master.cf, for example: </p>
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
     smtp      inet  n       -       n       -       -       smtpd -D
 </pre>
 </blockquote>
 
-<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/main.cf
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
 so that it invokes the call tracer of your choice, for example:
 </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
     <a href="postconf.5.html#debugger_command">debugger_command</a> =
          PATH=/bin:/usr/bin:/usr/local/bin;
          (truss -p $<a href="postconf.5.html#process_id">process_id</a> 2&gt&amp;1 | logger -p mail.info) &amp; sleep 5
@@ -315,22 +318,22 @@ so that it invokes the call tracer of your choice, for example:
 
 <p> Type "<b>postfix reload</b>" and watch the logfile. </p>
 
-<h2><a name="xxgdb">Running daemon programs with the interactive
-xxgdb debugger</a></h2>
+<h2><a name="ddd">Running daemon programs with the interactive
+ddd debugger</a></h2>
 
 <p> If you have X Windows installed on the Postfix machine, then
-an interactive debugger such as <b>xxgdb</b> can be convenient.
+an interactive debugger such as <b>ddd</b> can be convenient.
 </p>
 
-<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/main.cf
-so that it invokes <b>xxgdb</b>: </p>
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
+so that it invokes <b>ddd</b>: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
     <a href="postconf.5.html#debugger_command">debugger_command</a> =
          PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
-         xxgdb $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> &amp; sleep 5
+         ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> &amp; sleep 5
 </pre>
 </blockquote>
 
@@ -346,11 +349,11 @@ $ <b>export XAUTHORITY=$HOME/.Xauthority</b> (sh syntax)
 </blockquote>
 
 <p> Append a <b>-D</b> option to the suspect daemon definition in
-/etc/postfix/master.cf, for example: </p>
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
     smtp      inet  n       -       n       -       -       smtpd -D
 </pre>
 </blockquote>
@@ -362,6 +365,52 @@ settings. </p>
 <p> Whenever the suspect daemon process is started, a debugger
 window pops up and you can watch in detail what happens. </p>
 
+<h2><a name="screen">Running daemon programs with the interactive
+gdb debugger</a></h2>
+
+<p> If you have the screen command installed on the Postfix machine, then
+you can run an interactive debugger such as <b>gdb</b> as follows. </p>
+
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
+so that it runs <b>gdb</b> inside a detached <b>screen</b> session:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    <a href="postconf.5.html#debugger_command">debugger_command</a> =
+        PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; HOME=/root;
+        export HOME; screen -e^tt -dmS $<a href="postconf.5.html#process_name">process_name</a> gdb
+        $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> &amp; sleep 2
+</pre>
+</blockquote>
+
+<p> Be sure that <b>gdb</b> is in the command search path. </p>
+
+<p> Append a <b>-D</b> option to the suspect daemon definition in
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+    smtp      inet  n       -       n       -       -       smtpd -D
+</pre>
+</blockquote>
+
+<p> Execute the command "<b>postfix reload</b>" and wait until a
+daemon process is started (you can see this in the maillog file).
+</p>
+
+<p> Then attach to the screen, and debug away: </p>
+
+<blockquote>
+<pre>
+# HOME=/root screen -r
+gdb) continue
+gdb) where
+</pre>
+</blockquote>
+
 <h2><a name="gdb">Running daemon programs under a non-interactive
 debugger</a></h2>
 
@@ -370,12 +419,12 @@ or if you are not familiar with interactive debuggers, then you
 can try to run <b>gdb</b> in non-interactive mode, and have it
 print a stack trace when the process crashes.  </p>
 
-<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/main.cf
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
 so that it invokes the <b>gdb</b> debugger: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
     <a href="postconf.5.html#debugger_command">debugger_command</a> =
         PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo
         where; sleep 8640000) | gdb $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> 
@@ -385,11 +434,11 @@ so that it invokes the <b>gdb</b> debugger: </p>
 </blockquote>
 
 <p> Append a <b>-D</b> option to the suspect daemon in
-/etc/postfix/master.cf, for example: </p>
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
     smtp      inet  n       -       n       -       -       smtpd -D
 </pre>
 </blockquote>
@@ -500,7 +549,7 @@ by "D" so that the helpers can still recognize syntactical errors.
 </p>
 
 <li> <p> Output from "<b>postconf -n</b>". Please do not send your
-main.cf file or 400+ lines of <b>postconf</b> output. </p>
+<a href="postconf.5.html">main.cf</a> file or 400+ lines of <b>postconf</b> output. </p>
 
 <li> <p>  Better, provide output from the <b>postfinger</b> tool.
 This can be found at <a href="http://ftp.wl0.org/SOURCES/postfinger">http://ftp.wl0.org/SOURCES/postfinger</a>.  </p>
diff --git a/postfix/html/Makefile.in b/postfix/html/Makefile.in
index 777024146..22f7c23fb 100644
--- a/postfix/html/Makefile.in
+++ b/postfix/html/Makefile.in
@@ -25,9 +25,6 @@ MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2
 
 update:	$(DAEMONS) $(COMMANDS) $(CONFIG) $(OTHER)
 
-Makefile: Makefile.in
-	(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@
-
 clean:
 	echo clean
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 2c5304b81..49ac96961 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -4837,7 +4837,8 @@ Examples:
 <p>
 The maximum amount of time that an idle Postfix daemon process
 waits for the next service request before exiting.  This parameter
-is ignored by the Postfix queue manager.
+is ignored by the Postfix queue manager and by other long-lived
+Postfix daemon processes.
 </p>
 
 <p>
@@ -6751,7 +6752,7 @@ Example:
 (default: empty)</b></DT><DD>
 
 <p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
-setting. The tables are searched by the sender address and by the
+setting. The tables are searched by the envelope sender address and
 @domain. This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
 <a href="postconf.5.html#default_transport">default_transport</a> and with the <a href="transport.5.html">transport(5)</a> table. </p>
 
diff --git a/postfix/man/Makefile.in b/postfix/man/Makefile.in
index 31e948f6f..7ff2e3471 100644
--- a/postfix/man/Makefile.in
+++ b/postfix/man/Makefile.in
@@ -23,9 +23,6 @@ TOOLS	= man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \
 
 update:	$(DAEMONS) $(COMMANDS) $(CONFIG) $(TOOLS)
 
-Makefile: Makefile.in
-	(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@
-
 clean:
 	rm -f cat?/*
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 15cc3134f..688476ed8 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2627,7 +2627,8 @@ masquerade_exceptions = root
 .SH max_idle (default: 100s)
 The maximum amount of time that an idle Postfix daemon process
 waits for the next service request before exiting.  This parameter
-is ignored by the Postfix queue manager.
+is ignored by the Postfix queue manager and by other long-lived
+Postfix daemon processes.
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
@@ -3750,7 +3751,7 @@ sender_canonical_maps = hash:/etc/postfix/sender_canonical
 .ft R
 .SH sender_dependent_relayhost_maps (default: empty)
 A sender-dependent override for the global relayhost parameter
-setting. The tables are searched by the sender address and by the
+setting. The tables are searched by the envelope sender address and
 @domain. This information is overruled with relay_transport,
 default_transport and with the \fBtransport\fR(5) table.
 .PP
diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html
index 76c78e0cb..21895ae5e 100644
--- a/postfix/proto/ADDRESS_REWRITING_README.html
+++ b/postfix/proto/ADDRESS_REWRITING_README.html
@@ -1174,13 +1174,13 @@ to mailbox, or delivery to non-Postfix command. </p>
 Content-Description: Notification
 Content-Type: text/plain
 
-This is the Postfix program at host spike.porcupine.org.
+This is the mail system at host spike.porcupine.org.
 
 Enclosed is the mail delivery report that you requested.
 
-                        The Postfix program
+                        The mail system
 
-&lt;postfix-users@postfix.org&gt;: delivery via mail.cloud9.net[168.100.1.4]: 250 Ok
+&lt;postfix-users@postfix.org&gt;: delivery via mail.cloud9.net[168.100.1.4]: 250 2.1.5 Ok
 </pre>
 </blockquote>
 
@@ -1210,13 +1210,13 @@ Content-Type: message/delivery-status
 Reporting-MTA: dns; spike.porcupine.org
 X-Postfix-Queue-ID: 84863BC0E5
 X-Postfix-Sender: rfc822; wietse@porcupine.org
-Arrival-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+Arrival-Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 
 Final-Recipient: rfc822; postfix-users@postfix.org
 Action: deliverable
-Status: 2.0.0
+Status: 2.1.5
 Remote-MTA: dns; mail.cloud9.net
-Diagnostic-Code: smtp; 250 Ok
+Diagnostic-Code: smtp; 250 2.1.5 Ok
 </pre>
 </blockquote>
 
@@ -1232,11 +1232,11 @@ Content-Description: Message
 Content-Type: message/rfc822
 
 Received: by spike.porcupine.org (Postfix, from userid 1001)
-        id 84863BC0E5; Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+        id 84863BC0E5; id DA77DBC0A9; Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 Subject: probe
 To: postfix-users@postfix.org
-Message-Id: &lt;20040413232743.84863BC0E5@spike.porcupine.org&gt;
-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
+Message-Id: &lt;20061126220101.84863BC0E5@spike.porcupine.org&gt;
+Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
 From: wietse@porcupine.org (Wietse Venema)
 </pre>
 </blockquote>
diff --git a/postfix/proto/BACKSCATTER_README.html b/postfix/proto/BACKSCATTER_README.html
index 1b9a7864e..4c7dd3677 100644
--- a/postfix/proto/BACKSCATTER_README.html
+++ b/postfix/proto/BACKSCATTER_README.html
@@ -38,7 +38,7 @@ recipient addresses?</a>
 <ul>
 
 <li><a href="#forged_helo">Blocking backscatter mail with forged
-HELO information</a>
+mail server information</a>
 
 <li><a href="#forged_sender">Blocking backscatter mail with forged
 sender information</a>
@@ -91,7 +91,7 @@ information that you can use to recognize and block forged mail.
 </p>
 
 <h3><a name="forged_helo">Blocking backscatter mail with forged
-HELO information</a></h3>
+mail server information</a></h3>
 
 <p> Although my email address is "wietse@porcupine.org", all my
 mail systems announce themselves with the SMTP HELO command as
@@ -127,6 +127,18 @@ Received: from host.example.com (EHLO porcupine.org) ...
 </pre>
 </blockquote>
 
+<p> Some forgeries show up in the way that a mail server reports
+itself in Received: message headers. Keeping in mind that all my
+systems have a mail server name of <i>hostname</i>.porcupine.org,
+the following is definitely a forgery:</p>
+
+<blockquote>
+<pre>
+Received: by porcupine.org ...
+Received: from host.example.com ( ... ) by porcupine.org ...
+</pre>
+</blockquote>
+
 <p> Another frequent sign of forgery is the Message-ID: header. My
 systems produce a Message-ID: of
 &lt;<i>stuff</i>@<i>hostname</i>.porcupine.org&gt;.  The following
@@ -149,18 +161,26 @@ patterns like this: </p>
     body_checks = regexp:/etc/postfix/body_checks
 
 /etc/postfix/header_checks:
+    if /^Received:/
     /^Received: +from +(porcupine\.org) +/
         reject forged client name in Received: header: $1
     /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
+    /^Received:.* +by +(porcupine\.org)[[:&gt;:]]/
+        reject forged mail server name in Received: header: $1
+    endif
     /^Message-ID:.*@(porcupine\.org)/
 	reject forged domain name in Message-ID: header: $1
 
 /etc/postfix/body_checks:
+    if /^[&gt; ]*Received:/
     /^[&gt; ]*Received: +from +(porcupine\.org) /
         reject forged client name in Received: header: $1
     /^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
         reject forged client name in Received: header: $2
+    /^[&gt; ]*Received:.* +by +(porcupine\.org)[[:&gt;:]]/
+        reject forged mail server name in Received: header: $1
+    endif
     /^[&gt; ]*Message-ID:.*@(porcupine\.org)/
 	reject forged domain name in Message-ID: header: $1
 </pre>
@@ -181,6 +201,14 @@ the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
 and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
 and "<tt>)</tt>" would be grouping operators.  </p>
 
+<li> <p> The "<tt>[[:&gt;:]]</tt>" matches the end of a word. On
+some systems you should specify "<tt>\&gt;</tt>" instead. For details
+see your system documentation. </p>
+
+<li> <p> The "if /pattern/" and "endif" eliminate unnecessary
+matching attempts. DO NOT indent lines starting with /pattern/
+between the "if" and "endif"! </p>
+
 </ul>
 
 <p><a name="caveats"><strong>Caveats</strong></a></p>
@@ -251,7 +279,7 @@ reality, my patterns list multiple email addresses as
 <li> <p> The "<tt>[[:&lt;:]]</tt>" and "<tt>[[:&gt;:]]</tt>" match
 the beginning and end of a word, respectively. On some systems you
 should specify "<tt>\&lt;</tt>" and "<tt>\&gt;</tt>" instead. For
-details see your system documentation.
+details see your system documentation. </p>
 
 <li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
 the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
diff --git a/postfix/proto/DEBUG_README.html b/postfix/proto/DEBUG_README.html
index f663add13..cdfc09a4b 100644
--- a/postfix/proto/DEBUG_README.html
+++ b/postfix/proto/DEBUG_README.html
@@ -54,8 +54,11 @@ sniffer</a>
 <li><a href="#auto_trace">Automatically tracing a Postfix daemon
 process</a>
 
-<li><a href="#xxgdb">Running daemon programs with the interactive
-xxgdb debugger</a>
+<li><a href="#ddd">Running daemon programs with the interactive
+ddd debugger</a>
+
+<li><a href="#screen">Running daemon programs with the interactive
+gdb debugger</a>
 
 <li><a href="#gdb">Running daemon programs under a non-interactive
 debugger</a>
@@ -315,22 +318,22 @@ so that it invokes the call tracer of your choice, for example:
 
 <p> Type "<b>postfix reload</b>" and watch the logfile. </p>
 
-<h2><a name="xxgdb">Running daemon programs with the interactive
-xxgdb debugger</a></h2>
+<h2><a name="ddd">Running daemon programs with the interactive
+ddd debugger</a></h2>
 
 <p> If you have X Windows installed on the Postfix machine, then
-an interactive debugger such as <b>xxgdb</b> can be convenient.
+an interactive debugger such as <b>ddd</b> can be convenient.
 </p>
 
 <p> Edit the debugger_command definition in /etc/postfix/main.cf
-so that it invokes <b>xxgdb</b>: </p>
+so that it invokes <b>ddd</b>: </p>
 
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
     debugger_command =
          PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
-         xxgdb $daemon_directory/$process_name $process_id &amp; sleep 5
+         ddd $daemon_directory/$process_name $process_id &amp; sleep 5
 </pre>
 </blockquote>
 
@@ -362,6 +365,52 @@ settings. </p>
 <p> Whenever the suspect daemon process is started, a debugger
 window pops up and you can watch in detail what happens. </p>
 
+<h2><a name="screen">Running daemon programs with the interactive
+gdb debugger</a></h2>
+
+<p> If you have the screen command installed on the Postfix machine, then
+you can run an interactive debugger such as <b>gdb</b> as follows. </p>
+
+<p> Edit the debugger_command definition in /etc/postfix/main.cf
+so that it runs <b>gdb</b> inside a detached <b>screen</b> session:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+    debugger_command =
+        PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; HOME=/root;
+        export HOME; screen -e^tt -dmS $process_name gdb
+        $daemon_directory/$process_name $process_id &amp; sleep 2
+</pre>
+</blockquote>
+
+<p> Be sure that <b>gdb</b> is in the command search path. </p>
+
+<p> Append a <b>-D</b> option to the suspect daemon definition in
+/etc/postfix/master.cf, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/master.cf:
+    smtp      inet  n       -       n       -       -       smtpd -D
+</pre>
+</blockquote>
+
+<p> Execute the command "<b>postfix reload</b>" and wait until a
+daemon process is started (you can see this in the maillog file).
+</p>
+
+<p> Then attach to the screen, and debug away: </p>
+
+<blockquote>
+<pre>
+# HOME=/root screen -r
+gdb) continue
+gdb) where
+</pre>
+</blockquote>
+
 <h2><a name="gdb">Running daemon programs under a non-interactive
 debugger</a></h2>
 
diff --git a/postfix/proto/Makefile.in b/postfix/proto/Makefile.in
index b8814aff7..b76c8dc04 100644
--- a/postfix/proto/Makefile.in
+++ b/postfix/proto/Makefile.in
@@ -88,9 +88,6 @@ MAKEAAA	= ../mantools/makereadme
 
 update:	$(CONFIG) $(HTML) $(README) $(MAN)
 
-Makefile: Makefile.in
-	(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../makedefs; cat $?) >$@
-
 clean:
 	:
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 5dbcfa348..67f86b46f 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -2543,7 +2543,8 @@ masquerade_exceptions = root
 <p>
 The maximum amount of time that an idle Postfix daemon process
 waits for the next service request before exiting.  This parameter
-is ignored by the Postfix queue manager.
+is ignored by the Postfix queue manager and by other long-lived
+Postfix daemon processes.
 </p>
 
 <p>
@@ -8998,7 +8999,7 @@ is placed into the Postfix configuration directory.  </p>
 %PARAM sender_dependent_relayhost_maps empty
 
 <p> A sender-dependent override for the global relayhost parameter
-setting. The tables are searched by the sender address and by the
+setting. The tables are searched by the envelope sender address and
 @domain. This information is overruled with relay_transport,
 default_transport and with the transport(5) table. </p>
 
diff --git a/postfix/src/anvil/Makefile.in b/postfix/src/anvil/Makefile.in
index 3a40defa9..62946461e 100644
--- a/postfix/src/anvil/Makefile.in
+++ b/postfix/src/anvil/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/bounce/Makefile.in b/postfix/src/bounce/Makefile.in
index 2916a25c2..ddfaaa2eb 100644
--- a/postfix/src/bounce/Makefile.in
+++ b/postfix/src/bounce/Makefile.in
@@ -36,7 +36,7 @@ main.cf:
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in
index 843e94dbc..2b1993750 100644
--- a/postfix/src/cleanup/Makefile.in
+++ b/postfix/src/cleanup/Makefile.in
@@ -27,7 +27,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index 5af24c59c..5e71c8b89 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -596,6 +596,16 @@ static void cleanup_header_done_callback(void *context)
     TOK822 *token;
     time_t  tv;
 
+    /*
+     * XXX Workaround: when we reach the end of headers, mime_state_update()
+     * may execute up to three call-backs before returning to the caller:
+     * head_out(), head_end(), and body_out() or body_end(). As long as
+     * call-backs don't return a result, each call-back has to check for
+     * itself if the previous call-back experienced a problem.
+     */
+    if (CLEANUP_OUT_OK(state) == 0)
+	return;
+
     /*
      * Add a missing (Resent-)Message-Id: header. The message ID gives the
      * time in GMT units, plus the local queue ID.
@@ -706,6 +716,16 @@ static void cleanup_body_callback(void *context, int type,
 {
     CLEANUP_STATE *state = (CLEANUP_STATE *) context;
 
+    /*
+     * XXX Workaround: when we reach the end of headers, mime_state_update()
+     * may execute up to three call-backs before returning to the caller:
+     * head_out(), head_end(), and body_out() or body_end(). As long as
+     * call-backs don't return a result, each call-back has to check for
+     * itself if the previous call-back experienced a problem.
+     */
+    if (CLEANUP_OUT_OK(state) == 0)
+	return;
+
     /*
      * Crude message body content filter for emergencies. This code has
      * several problems: it sees one line at a time; it looks at long lines
@@ -892,6 +912,15 @@ void    cleanup_message(CLEANUP_STATE *state, int type, const char *buf, ssize_t
 					 cleanup_mime_error_callback,
 					 (void *) state);
 
+    /*
+     * XXX Workaround: truncate a long message header so that we don't exceed
+     * the Milter request size limit of 65535.
+     */
+#define KLUDGE_HEADER_LIMIT	60000
+    if ((cleanup_milters || state->milters)
+	&& var_header_limit > KLUDGE_HEADER_LIMIT)
+	var_header_limit = KLUDGE_HEADER_LIMIT;
+
     /*
      * Pass control to the header processing routine.
      */
diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c
index 87a079577..5836159c4 100644
--- a/postfix/src/cleanup/cleanup_milter.c
+++ b/postfix/src/cleanup/cleanup_milter.c
@@ -1805,6 +1805,7 @@ int     main(int unused_argc, char **argv)
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
     var_line_limit = DEF_LINE_LIMIT;
+    var_header_limit = DEF_HEADER_LIMIT;
 
     for (;;) {
 	ARGV   *argv;
diff --git a/postfix/src/cleanup/cleanup_out.c b/postfix/src/cleanup/cleanup_out.c
index c81637372..52d3211fb 100644
--- a/postfix/src/cleanup/cleanup_out.c
+++ b/postfix/src/cleanup/cleanup_out.c
@@ -175,9 +175,22 @@ void    cleanup_out_header(CLEANUP_STATE *state, VSTRING *header_buf)
      * of such header lines. NB: This code destroys the header. We could try
      * to avoid clobbering it, but we're not going to use the data any
      * further.
+     * 
+     * XXX We prefer to truncate a header at the last line boundary before the
+     * header size limit. If this would undershoot the limit by more than
+     * 10%, we truncate between line boundaries to avoid losing too much
+     * text. This "unkind cut" may result in syntax errors and may trigger
+     * warnings from down-stream MTAs.
      */
     for (line = start; line; line = next_line) {
 	next_line = split_at(line, '\n');
+	if ((next_line ? next_line - 1 : line + strlen(line))
+	    > start + var_header_limit) {
+	    if (line - start > 0.9 * var_header_limit)	/* nice cut */
+		break;
+	    start[var_header_limit] = 0;	/* unkind cut */
+	    next_line = 0;
+	}
 	if (line == start || IS_SPACE_TAB(*line)) {
 	    cleanup_out_string(state, REC_TYPE_NORM, line);
 	} else {
diff --git a/postfix/src/discard/Makefile.in b/postfix/src/discard/Makefile.in
index df5478594..e39100098 100644
--- a/postfix/src/discard/Makefile.in
+++ b/postfix/src/discard/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/dns/Makefile.in b/postfix/src/dns/Makefile.in
index 2ed6fd65d..bbc5e9884 100644
--- a/postfix/src/dns/Makefile.in
+++ b/postfix/src/dns/Makefile.in
@@ -21,7 +21,7 @@ all: $(LIB)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/error/Makefile.in b/postfix/src/error/Makefile.in
index 86f6a40d3..84ececa7e 100644
--- a/postfix/src/error/Makefile.in
+++ b/postfix/src/error/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/flush/Makefile.in b/postfix/src/flush/Makefile.in
index c6d309bc9..b83c38529 100644
--- a/postfix/src/flush/Makefile.in
+++ b/postfix/src/flush/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/fsstone/Makefile.in b/postfix/src/fsstone/Makefile.in
index a390e794e..098b141ea 100644
--- a/postfix/src/fsstone/Makefile.in
+++ b/postfix/src/fsstone/Makefile.in
@@ -17,7 +17,7 @@ all:	$(PROG)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 fsstone: fsstone.o $(LIBS)
 	$(CC) $(CFLAGS) -o $@ fsstone.o $(LIBS) $(SYSLIBS)
diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in
index ab9162360..778e3c5c1 100644
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@@ -105,7 +105,7 @@ all: $(LIB)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c
index 5ce496af7..b8da5abce 100644
--- a/postfix/src/global/dict_proxy.c
+++ b/postfix/src/global/dict_proxy.c
@@ -90,6 +90,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
     DICT_PROXY *dict_proxy = (DICT_PROXY *) dict;
     VSTREAM *stream;
     int     status;
+    int     count = 0;
 
     /*
      * The client and server live in separate processes that may start and
@@ -103,6 +104,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
     for (;;) {
 	stream = clnt_stream_access(proxy_stream);
 	errno = 0;
+	count += 1;
 	if (attr_print(stream, ATTR_FLAG_NONE,
 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_LOOKUP,
 		       ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict->name,
@@ -114,7 +116,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
 			 ATTR_TYPE_INT, MAIL_ATTR_STATUS, &status,
 			 ATTR_TYPE_STR, MAIL_ATTR_VALUE, dict_proxy->result,
 			 ATTR_TYPE_END) != 2) {
-	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+	    if (msg_verbose || count > 1 || (errno && errno != EPIPE && errno != ENOENT))
 		msg_warn("%s: service %s: %m", myname, VSTREAM_PATH(stream));
 	} else {
 	    if (msg_verbose)
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 7efa772c4..50368ed84 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20061019"
+#define MAIL_RELEASE_DATE	"20061201"
 #define MAIL_VERSION_NUMBER	"2.4"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/mime_state.c b/postfix/src/global/mime_state.c
index 66b93fb7a..7e7f162dd 100644
--- a/postfix/src/global/mime_state.c
+++ b/postfix/src/global/mime_state.c
@@ -182,6 +182,13 @@
 /* .IP state
 /*	MIME parser state created with mime_state_alloc().
 /* BUGS
+/*	NOTE: when the end of headers is reached, mime_state_update()
+/*	may execute up to three call-backs before returning to the
+/*	caller: head_out(), head_end(), and body_out() or body_end().
+/*	As long as call-backs return no result, it is up to the
+/*	call-back routines to check if a previous call-back experienced
+/*	an error.
+/*
 /*	Different mail user agents treat malformed message boundary
 /*	strings in different ways. The Postfix MIME processor cannot
 /*	be bug-compatible with everything.
diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c
index 1b9ae4e8d..b96f0a736 100644
--- a/postfix/src/global/resolve_clnt.c
+++ b/postfix/src/global/resolve_clnt.c
@@ -164,6 +164,7 @@ void    resolve_clnt(const char *class, const char *sender,
     const char *myname = "resolve_clnt";
     VSTREAM *stream;
     int     server_flags;
+    int     count = 0;
 
     /*
      * One-entry cache.
@@ -226,6 +227,7 @@ void    resolve_clnt(const char *class, const char *sender,
     for (;;) {
 	stream = clnt_stream_access(rewrite_clnt_stream);
 	errno = 0;
+	count += 1;
 	if (attr_print(stream, ATTR_FLAG_NONE,
 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, class,
 		       ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender,
@@ -239,7 +241,7 @@ void    resolve_clnt(const char *class, const char *sender,
 			 ATTR_TYPE_STR, MAIL_ATTR_RECIP, reply->recipient,
 			 ATTR_TYPE_INT, MAIL_ATTR_FLAGS, &reply->flags,
 			 ATTR_TYPE_END) != 5) {
-	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+	    if (msg_verbose || count > 1 || (errno && errno != EPIPE && errno != ENOENT))
 		msg_warn("problem talking to service %s: %m",
 			 var_rewrite_service);
 	} else {
diff --git a/postfix/src/global/rewrite_clnt.c b/postfix/src/global/rewrite_clnt.c
index 601f7ca00..8bb3f0a52 100644
--- a/postfix/src/global/rewrite_clnt.c
+++ b/postfix/src/global/rewrite_clnt.c
@@ -82,6 +82,7 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result)
 {
     VSTREAM *stream;
     int     server_flags;
+    int     count = 0;
 
     /*
      * One-entry cache.
@@ -129,6 +130,7 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result)
     for (;;) {
 	stream = clnt_stream_access(rewrite_clnt_stream);
 	errno = 0;
+	count += 1;
 	if (attr_print(stream, ATTR_FLAG_NONE,
 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, REWRITE_ADDR,
 		       ATTR_TYPE_STR, MAIL_ATTR_RULE, rule,
@@ -139,7 +141,7 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result)
 			 ATTR_TYPE_INT, MAIL_ATTR_FLAGS, &server_flags,
 			 ATTR_TYPE_STR, MAIL_ATTR_ADDR, result,
 			 ATTR_TYPE_END) != 2) {
-	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+	    if (msg_verbose || count > 1 || (errno && errno != EPIPE && errno != ENOENT))
 		msg_warn("problem talking to service %s: %m",
 			 var_rewrite_service);
 	} else {
diff --git a/postfix/src/global/scache_clnt.c b/postfix/src/global/scache_clnt.c
index 10573e7df..658e88f75 100644
--- a/postfix/src/global/scache_clnt.c
+++ b/postfix/src/global/scache_clnt.c
@@ -91,6 +91,7 @@ static void scache_clnt_save_endp(SCACHE *scache, int endp_ttl,
     VSTREAM *stream;
     int     status;
     int     tries;
+    int     count = 0;
 
     if (msg_verbose)
 	msg_info("%s: endp=%s prop=%s fd=%d",
@@ -110,6 +111,7 @@ static void scache_clnt_save_endp(SCACHE *scache, int endp_ttl,
     for (tries = 0; sp->auto_clnt != 0; tries++) {
 	if ((stream = auto_clnt_access(sp->auto_clnt)) != 0) {
 	    errno = 0;
+	    count += 1;
 	    if (attr_print(stream, ATTR_FLAG_NONE,
 			 ATTR_TYPE_STR, MAIL_ATTR_REQ, SCACHE_REQ_SAVE_ENDP,
 			   ATTR_TYPE_INT, MAIL_ATTR_TTL, endp_ttl,
@@ -126,7 +128,7 @@ static void scache_clnt_save_endp(SCACHE *scache, int endp_ttl,
 		|| attr_scan(stream, ATTR_FLAG_STRICT,
 			     ATTR_TYPE_INT, MAIL_ATTR_STATUS, &status,
 			     ATTR_TYPE_END) != 1) {
-		if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+		if (msg_verbose || count > 1 || (errno && errno != EPIPE && errno != ENOENT))
 		    msg_warn("problem talking to service %s: %m",
 			     VSTREAM_PATH(stream));
 		/* Give up or recover. */
@@ -281,7 +283,7 @@ static void scache_clnt_save_dest(SCACHE *scache, int dest_ttl,
 			     myname, status);
 		break;
 	    }
-	    }
+	}
 	/* Give up or recover. */
 	if (tries >= SCACHE_MAX_TRIES - 1) {
 	    msg_warn("disabling connection caching");
diff --git a/postfix/src/global/verify_clnt.c b/postfix/src/global/verify_clnt.c
index 916cce3fc..7468c1f0c 100644
--- a/postfix/src/global/verify_clnt.c
+++ b/postfix/src/global/verify_clnt.c
@@ -96,6 +96,7 @@ int     verify_clnt_query(const char *addr, int *addr_status, VSTRING *why)
 {
     VSTREAM *stream;
     int     request_status;
+    int     count = 0;
 
     /*
      * Do client-server plumbing.
@@ -109,6 +110,7 @@ int     verify_clnt_query(const char *addr, int *addr_status, VSTRING *why)
     for (;;) {
 	stream = clnt_stream_access(vrfy_clnt);
 	errno = 0;
+	count += 1;
 	if (attr_print(stream, ATTR_FLAG_NONE,
 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, VRFY_REQ_QUERY,
 		       ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr,
@@ -119,7 +121,7 @@ int     verify_clnt_query(const char *addr, int *addr_status, VSTRING *why)
 			 ATTR_TYPE_INT, MAIL_ATTR_ADDR_STATUS, addr_status,
 			 ATTR_TYPE_STR, MAIL_ATTR_WHY, why,
 			 ATTR_TYPE_END) != 3) {
-	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+	    if (msg_verbose || count > 1 || (errno && errno != EPIPE && errno != ENOENT))
 		msg_warn("problem talking to service %s: %m",
 			 var_verify_service);
 	} else {
diff --git a/postfix/src/local/Makefile.in b/postfix/src/local/Makefile.in
index 486f206e7..bd9814b5f 100644
--- a/postfix/src/local/Makefile.in
+++ b/postfix/src/local/Makefile.in
@@ -24,7 +24,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/master/Makefile.in b/postfix/src/master/Makefile.in
index ba4658c9c..2138f0a48 100644
--- a/postfix/src/master/Makefile.in
+++ b/postfix/src/master/Makefile.in
@@ -27,7 +27,7 @@ all:	$(PROG) $(LIB)
 $(OBJS) $(LIB_OBJ): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 $(PROG): $(OBJS) $(LIBS)
 	$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
diff --git a/postfix/src/milter/Makefile.in b/postfix/src/milter/Makefile.in
index fb507c9cf..4b10cda9b 100644
--- a/postfix/src/milter/Makefile.in
+++ b/postfix/src/milter/Makefile.in
@@ -21,7 +21,7 @@ all: $(LIB)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c
index 2fe60af83..f5ac7240a 100644
--- a/postfix/src/milter/milter8.c
+++ b/postfix/src/milter/milter8.c
@@ -877,6 +877,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 				         int skip_reply,
 				         ARGV *macros,...)
 {
+    const char *myname = "milter8_event";
     va_list ap;
     ssize_t data_len;
     int     err;
@@ -890,6 +891,17 @@ static const char *milter8_event(MILTER8 *milter, int event,
 
 #define DONT_SKIP_REPLY	0
 
+    /*
+     * Sanity check.
+     */
+    if (milter->fp == 0 || milter->def_reply != 0) {
+	msg_warn("%s: attempt to send event %s to milter %s after error",
+		 myname,
+		 (smfic_name = str_name_code(smfic_table, event)) != 0 ?
+		 smfic_name : "(unknown MTA event)", milter->m.name);
+	return (milter->def_reply);
+    }
+
     /*
      * Skip this event if it doesn't exist in the protocol that I announced.
      */
@@ -1204,7 +1216,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 						       (ssize_t) index,
 						       STR(milter->buf));
 		    if (edit_resp)
-			return (milter8_def_reply(milter, edit_resp));
+			return (edit_resp);
 		    continue;
 #endif
 
@@ -1222,7 +1234,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 						   STR(milter->buf),
 						   STR(milter->body));
 		    if (edit_resp)
-			return (milter8_def_reply(milter, edit_resp));
+			return (edit_resp);
 		    continue;
 
 		    /*
@@ -1251,7 +1263,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 						   STR(milter->buf),
 						   STR(milter->body));
 		    if (edit_resp)
-			return (milter8_def_reply(milter, edit_resp));
+			return (edit_resp);
 		    continue;
 #endif
 
@@ -1267,7 +1279,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 		    edit_resp = parent->add_rcpt(parent->chg_context,
 						 STR(milter->buf));
 		    if (edit_resp)
-			return (milter8_def_reply(milter, edit_resp));
+			return (edit_resp);
 		    continue;
 
 		    /*
@@ -1282,7 +1294,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 		    edit_resp = parent->del_rcpt(parent->chg_context,
 						 STR(milter->buf));
 		    if (edit_resp)
-			return (milter8_def_reply(milter, edit_resp));
+			return (edit_resp);
 		    continue;
 
 		    /*
@@ -1299,7 +1311,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
 		    edit_resp = parent->repl_body(parent->chg_context,
 						  milter->body);
 		    if (edit_resp)
-			return (milter8_def_reply(milter, edit_resp));
+			return (edit_resp);
 		    continue;
 #endif
 		}
@@ -1946,6 +1958,16 @@ static void milter8_header(void *ptr, int unused_header_class,
     char   *cp;
     int     skip_reply;
 
+    /*
+     * XXX Workaround: mime_state_update() may invoke multiple call-backs
+     * before returning to the caller.
+     */
+#define MILTER8_MESSAGE_DONE(milter, msg_ctx) \
+	((milter)->state != MILTER8_STAT_MESSAGE || (msg_ctx)->resp != 0)
+
+    if (MILTER8_MESSAGE_DONE(milter, msg_ctx))
+	return;
+
     /*
      * XXX Sendmail compatibility. Don't expose our first (received) header
      * to mail filter applications. See also cleanup_milter.c for code to
@@ -2009,6 +2031,8 @@ static void milter8_eoh(void *ptr)
     MILTER_MSG_CONTEXT *msg_ctx = (MILTER_MSG_CONTEXT *) ptr;
     MILTER8 *milter = msg_ctx->milter;
 
+    if (MILTER8_MESSAGE_DONE(milter, msg_ctx))
+	return;
     if (msg_verbose)
 	msg_info("%s: eoh milter %s", myname, milter->m.name);
     msg_ctx->resp =
@@ -2031,6 +2055,9 @@ static void milter8_body(void *ptr, int rec_type,
     ssize_t space;
     ssize_t count;
 
+    if (MILTER8_MESSAGE_DONE(milter, msg_ctx))
+	return;
+
     /*
      * XXX Sendmail compatibility: don't expose our first body line.
      */
@@ -2098,6 +2125,8 @@ static void milter8_eob(void *ptr)
     MILTER_MSG_CONTEXT *msg_ctx = (MILTER_MSG_CONTEXT *) ptr;
     MILTER8 *milter = msg_ctx->milter;
 
+    if (MILTER8_MESSAGE_DONE(milter, msg_ctx))
+	return;
     if (msg_verbose)
 	msg_info("%s: eob milter %s", myname, milter->m.name);
     msg_ctx->resp =
@@ -2183,9 +2212,7 @@ static const char *milter8_message(MILTER *m, VSTREAM *qfile,
 		msg_ctx.resp = "450 4.3.0 Queue file write error";
 		break;
 	    }
-	    if (msg_ctx.resp != 0)
-		break;
-	    if (milter->state != MILTER8_STAT_MESSAGE)
+	    if (MILTER8_MESSAGE_DONE(milter, &msg_ctx))
 		break;
 	    if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT)
 		break;
diff --git a/postfix/src/oqmgr/Makefile.in b/postfix/src/oqmgr/Makefile.in
index f3937eb56..1420a87e5 100644
--- a/postfix/src/oqmgr/Makefile.in
+++ b/postfix/src/oqmgr/Makefile.in
@@ -22,7 +22,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/oqmgr/qmgr_entry.c b/postfix/src/oqmgr/qmgr_entry.c
index 3783a61f1..ccffdb0b0 100644
--- a/postfix/src/oqmgr/qmgr_entry.c
+++ b/postfix/src/oqmgr/qmgr_entry.c
@@ -237,7 +237,7 @@ void    qmgr_entry_done(QMGR_ENTRY *entry, int which)
 #define FUDGE(x)	((x) * (var_qmgr_fudge / 100.0))
     message->refcount--;
     if (message->rcpt_offset > 0
-	&& qmgr_recipient_count < FUDGE(var_qmgr_rcpt_limit))
+	&& qmgr_recipient_count < FUDGE(var_qmgr_rcpt_limit) - 100)
 	qmgr_message_realloc(message);
     if (message->refcount == 0)
 	qmgr_active_done(message);
diff --git a/postfix/src/pickup/Makefile.in b/postfix/src/pickup/Makefile.in
index ca118fcf6..f416e3cb1 100644
--- a/postfix/src/pickup/Makefile.in
+++ b/postfix/src/pickup/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/pipe/Makefile.in b/postfix/src/pipe/Makefile.in
index 1e10bd08f..f4e286670 100644
--- a/postfix/src/pipe/Makefile.in
+++ b/postfix/src/pipe/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postalias/Makefile.in b/postfix/src/postalias/Makefile.in
index a60ec6806..109dd6f71 100644
--- a/postfix/src/postalias/Makefile.in
+++ b/postfix/src/postalias/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 update: ../../bin/$(PROG)
 
diff --git a/postfix/src/postcat/Makefile.in b/postfix/src/postcat/Makefile.in
index 04be39e01..e92b6b71f 100644
--- a/postfix/src/postcat/Makefile.in
+++ b/postfix/src/postcat/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index e721b8db2..3002e2cf2 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -28,7 +28,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postdrop/Makefile.in b/postfix/src/postdrop/Makefile.in
index fead147a3..178b14ba9 100644
--- a/postfix/src/postdrop/Makefile.in
+++ b/postfix/src/postdrop/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postfix/Makefile.in b/postfix/src/postfix/Makefile.in
index 543a684c7..f61f6703d 100644
--- a/postfix/src/postfix/Makefile.in
+++ b/postfix/src/postfix/Makefile.in
@@ -19,7 +19,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postkick/Makefile.in b/postfix/src/postkick/Makefile.in
index 261d6d080..527598be8 100644
--- a/postfix/src/postkick/Makefile.in
+++ b/postfix/src/postkick/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postlock/Makefile.in b/postfix/src/postlock/Makefile.in
index d46df3e14..b97c2b9d4 100644
--- a/postfix/src/postlock/Makefile.in
+++ b/postfix/src/postlock/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postlog/Makefile.in b/postfix/src/postlog/Makefile.in
index 65029b795..d0e135930 100644
--- a/postfix/src/postlog/Makefile.in
+++ b/postfix/src/postlog/Makefile.in
@@ -19,7 +19,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postmap/Makefile.in b/postfix/src/postmap/Makefile.in
index 3acf6f2db..a71a34f84 100644
--- a/postfix/src/postmap/Makefile.in
+++ b/postfix/src/postmap/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 update: ../../bin/$(PROG)
 
diff --git a/postfix/src/postqueue/Makefile.in b/postfix/src/postqueue/Makefile.in
index f9b06cb93..51894330c 100644
--- a/postfix/src/postqueue/Makefile.in
+++ b/postfix/src/postqueue/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/postsuper/Makefile.in b/postfix/src/postsuper/Makefile.in
index 6200c3a5b..b131fe88b 100644
--- a/postfix/src/postsuper/Makefile.in
+++ b/postfix/src/postsuper/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/proxymap/Makefile.in b/postfix/src/proxymap/Makefile.in
index 4d84aa6da..565afbf6d 100644
--- a/postfix/src/proxymap/Makefile.in
+++ b/postfix/src/proxymap/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/qmgr/Makefile.in b/postfix/src/qmgr/Makefile.in
index f4b3dff9f..0f5489ebe 100644
--- a/postfix/src/qmgr/Makefile.in
+++ b/postfix/src/qmgr/Makefile.in
@@ -24,7 +24,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/qmgr/qmgr_job.c b/postfix/src/qmgr/qmgr_job.c
index 30365f6a8..cc86d0b46 100644
--- a/postfix/src/qmgr/qmgr_job.c
+++ b/postfix/src/qmgr/qmgr_job.c
@@ -763,6 +763,16 @@ static QMGR_PEER *qmgr_job_peer_select(QMGR_JOB *job)
     QMGR_PEER *peer;
     QMGR_MESSAGE *message = job->message;
 
+    /*
+     * Workaround to prevent queue manager starvation until the last slow
+     * batch of multi-recipient mail is finished. Postfix 2.4 has a final
+     * solution, but that involves major changes.
+     */
+    if (message->rcpt_offset != 0
+	&& message->rcpt_limit > message->rcpt_count - 100
+	&& message->refcount > 0) {
+	qmgr_message_realloc(message);
+    }
     if (HAS_ENTRIES(job) && (peer = qmgr_peer_select(job)) != 0)
 	return (peer);
 
diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c
index aa71e1907..dcb796df0 100644
--- a/postfix/src/qmgr/qmgr_message.c
+++ b/postfix/src/qmgr/qmgr_message.c
@@ -361,6 +361,9 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
 	if (recipient_limit < message->rcpt_limit)
 	    recipient_limit = message->rcpt_limit;
     }
+    /* Keep interrupt latency in check. */
+    if (recipient_limit > 5000)
+	recipient_limit = 5000;
     if (recipient_limit <= 0)
 	msg_panic("%s: no recipient slots available", message->queue_id);
 
diff --git a/postfix/src/qmqpd/Makefile.in b/postfix/src/qmqpd/Makefile.in
index 8b54f7e24..84c5523b8 100644
--- a/postfix/src/qmqpd/Makefile.in
+++ b/postfix/src/qmqpd/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/scache/Makefile.in b/postfix/src/scache/Makefile.in
index 8060c9c93..e5282e84f 100644
--- a/postfix/src/scache/Makefile.in
+++ b/postfix/src/scache/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/sendmail/Makefile.in b/postfix/src/sendmail/Makefile.in
index 27be129d7..cf9dbeeaa 100644
--- a/postfix/src/sendmail/Makefile.in
+++ b/postfix/src/sendmail/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/showq/Makefile.in b/postfix/src/showq/Makefile.in
index df28b0583..2783e9700 100644
--- a/postfix/src/showq/Makefile.in
+++ b/postfix/src/showq/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/smtp/Makefile.in b/postfix/src/smtp/Makefile.in
index dad89aae9..9b10ef251 100644
--- a/postfix/src/smtp/Makefile.in
+++ b/postfix/src/smtp/Makefile.in
@@ -23,7 +23,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in
index 69ac49e33..a7a3e9c5d 100644
--- a/postfix/src/smtpd/Makefile.in
+++ b/postfix/src/smtpd/Makefile.in
@@ -25,7 +25,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/smtpstone/Makefile.in b/postfix/src/smtpstone/Makefile.in
index 212fa78ec..fd86e89e1 100644
--- a/postfix/src/smtpstone/Makefile.in
+++ b/postfix/src/smtpstone/Makefile.in
@@ -17,7 +17,7 @@ all:	$(PROG)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 smtp-sink: smtp-sink.o $(LIBS)
 	$(CC) $(CFLAGS) -o $@ smtp-sink.o $(LIBS) $(SYSLIBS)
@@ -114,14 +114,19 @@ qmqp-source.o: ../../include/vbuf.h
 qmqp-source.o: ../../include/vstream.h
 qmqp-source.o: ../../include/vstring.h
 qmqp-source.o: qmqp-source.c
+smtp-sink.o: ../../include/chroot_uid.h
 smtp-sink.o: ../../include/events.h
 smtp-sink.o: ../../include/get_hostname.h
 smtp-sink.o: ../../include/inet_proto.h
 smtp-sink.o: ../../include/iostuff.h
 smtp-sink.o: ../../include/listen.h
+smtp-sink.o: ../../include/mail_date.h
+smtp-sink.o: ../../include/make_dirs.h
 smtp-sink.o: ../../include/msg.h
 smtp-sink.o: ../../include/msg_vstream.h
+smtp-sink.o: ../../include/myaddrinfo.h
 smtp-sink.o: ../../include/mymalloc.h
+smtp-sink.o: ../../include/myrand.h
 smtp-sink.o: ../../include/sane_accept.h
 smtp-sink.o: ../../include/smtp_stream.h
 smtp-sink.o: ../../include/stringops.h
diff --git a/postfix/src/spawn/Makefile.in b/postfix/src/spawn/Makefile.in
index bb5127200..24d2cc2fe 100644
--- a/postfix/src/spawn/Makefile.in
+++ b/postfix/src/spawn/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in
index 8b8d254bf..2c48df724 100644
--- a/postfix/src/tls/Makefile.in
+++ b/postfix/src/tls/Makefile.in
@@ -29,7 +29,7 @@ all: $(LIB)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/tlsmgr/Makefile.in b/postfix/src/tlsmgr/Makefile.in
index 68cbe886c..05301e47b 100644
--- a/postfix/src/tlsmgr/Makefile.in
+++ b/postfix/src/tlsmgr/Makefile.in
@@ -19,7 +19,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/trivial-rewrite/Makefile.in b/postfix/src/trivial-rewrite/Makefile.in
index e8366c313..eadb385c0 100644
--- a/postfix/src/trivial-rewrite/Makefile.in
+++ b/postfix/src/trivial-rewrite/Makefile.in
@@ -23,7 +23,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index aadfe11c9..9a9d8e730 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -110,7 +110,7 @@ all: $(LIB)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/verify/Makefile.in b/postfix/src/verify/Makefile.in
index c454c6712..f9671f8da 100644
--- a/postfix/src/verify/Makefile.in
+++ b/postfix/src/verify/Makefile.in
@@ -18,7 +18,7 @@ $(PROG): $(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/virtual/Makefile.in b/postfix/src/virtual/Makefile.in
index 55ee026a1..51360fe43 100644
--- a/postfix/src/virtual/Makefile.in
+++ b/postfix/src/virtual/Makefile.in
@@ -18,7 +18,7 @@ $(PROG):	$(OBJS) $(LIBS)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/xsasl/Makefile.in b/postfix/src/xsasl/Makefile.in
index 13d0eca2d..65aeb6894 100644
--- a/postfix/src/xsasl/Makefile.in
+++ b/postfix/src/xsasl/Makefile.in
@@ -25,7 +25,7 @@ all: $(LIB)
 $(OBJS): ../../conf/makedefs.out
 
 Makefile: Makefile.in
-	(cat ../../conf/makedefs.out $?) >$@
+	cat ../../conf/makedefs.out $? >$@
 
 test:	$(TESTPROG)
 
diff --git a/postfix/src/xsasl/xsasl_cyrus_client.c b/postfix/src/xsasl/xsasl_cyrus_client.c
index bbaa7d15d..4e525e031 100644
--- a/postfix/src/xsasl/xsasl_cyrus_client.c
+++ b/postfix/src/xsasl/xsasl_cyrus_client.c
@@ -159,7 +159,7 @@ static int xsasl_cyrus_client_get_user(void *context, int unused_id,
 				               const char **result,
 				               unsigned *len)
 {
-    const char *myname = "xsasl_cyrus_get_user";
+    const char *myname = "xsasl_cyrus_client_get_user";
     XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) context;
 
     if (msg_verbose)
@@ -182,7 +182,7 @@ static int xsasl_cyrus_client_get_user(void *context, int unused_id,
 static int xsasl_cyrus_client_get_passwd(sasl_conn_t *conn, void *context,
 				            int id, sasl_secret_t **psecret)
 {
-    const char *myname = "xsasl_cyrus_get_passwd";
+    const char *myname = "xsasl_cyrus_client_get_passwd";
     XSASL_CYRUS_CLIENT *client = (XSASL_CYRUS_CLIENT *) context;
     int     len;