From: Wietse Venema Date: Sat, 25 Mar 2006 05:00:00 +0000 (-0500) Subject: postfix-2.3-20060325 X-Git-Tag: v2.3-RC1~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=303c7c57dd2cf2cda5575f46e06e49c30b329aee;p=thirdparty%2Fpostfix.git postfix-2.3-20060325 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 49ea1850c..76965c7d1 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12050,8 +12050,25 @@ Apologies for any names omitted. expression that matches the null string. This caused fatal run-time errors. File: dict_pcre.c. +20060324 + + Cleanup: eliminated name collisions between global and local + variables, and other forms of shadowing. Documented switch + fall-throughs with /* FALLTHROUGH */ where this wasn't + already done. Replaced (var = expr) by (var = expr) != 0 + where this wasn't already done. + +20060324 + + Bugfix: mis-placed parenthesis in a before-filter error + test. A filter timeout was mis-reported as lost connection. + Found in code review. File: smtpd/smtpd_proxy.c. + Wish list: + Don't send xforward attributes to every site that announces + xforward support. + The sendmail command should not return non-std exit status after fatal error in some internal library routine. diff --git a/postfix/README_FILES/ADDRESS_REWRITING_README b/postfix/README_FILES/ADDRESS_REWRITING_README index 6004bbcef..bca109535 100644 --- a/postfix/README_FILES/ADDRESS_REWRITING_README +++ b/postfix/README_FILES/ADDRESS_REWRITING_README @@ -809,8 +809,8 @@ following information: original recipient address. * The delivery status. -Some details are still preliminary and will change as Postfix implements the -DSN (delivery status notification) standards. +Some details depend on Postfix version. The example below is for Postfix +version 2.3 and later. Content-Description: Delivery report Content-Type: message/delivery-status @@ -823,8 +823,8 @@ DSN (delivery status notification) standards. Final-Recipient: rfc822; postfix-users@postfix.org Action: deliverable Status: 2.0.0 - Diagnostic-Code: X-Postfix; delivery via mail.cloud9.net[168.100.1.4]: 250 - Ok + Remote-MTA: dns; mail.cloud9.net + Diagnostic-Code: smtp; 250 Ok The third part of the report contains the message that Postfix would have delivered, including From: and To: message headers, so that you can see any diff --git a/postfix/README_FILES/STANDARD_CONFIGURATION_README b/postfix/README_FILES/STANDARD_CONFIGURATION_README index 9ee8d3dcd..7fdc63bb0 100644 --- a/postfix/README_FILES/STANDARD_CONFIGURATION_README +++ b/postfix/README_FILES/STANDARD_CONFIGURATION_README @@ -424,9 +424,9 @@ To find out what lookup tables Postfix supports, use the command "ppoossttc Execute the command "ppoossttmmaapp //eettcc//ppoossttffiixx//ttrraannssppoorrtt" whenever you change the transport table. -NOTE: Do not use the fallback_relay feature when relaying mail for a backup or -primary MX domain. Mail would loop between the Postfix MX host and the -fallback_relay host when the final destination is unavailable. +NOTE for Postfix < 2.2: Do not use the fallback_relay feature when relaying +mail for a backup or primary MX domain. Mail would loop between the Postfix MX +host and the fallback_relay host when the final destination is unavailable. * In main.cf specify "relay_transport = relay", * In master.cf specify "-o fallback_relay =" at the end of the relay entry. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index ba9fb6d10..533e975cb 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -1064,7 +1064,7 @@ Please differentiate when possible between: * Problems in the TLS code: * Problems in vanilla Postfix: -CCoommppaattiibbiilliittyy wwiitthh PPoossttffiixx <<22..22 TTLLSS ssuuppppoorrtt +CCoommppaattiibbiilliittyy wwiitthh PPoossttffiixx << 22..22 TTLLSS ssuuppppoorrtt Postfix version 2.2 TLS support is based on the Postfix/TLS patch by Lutz Jänicke, but differs in a few minor ways. diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index 517277974..f321730a3 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -1,13 +1,14 @@ # Global Postfix configuration file. This file lists only a subset -# of all 300+ parameters. See the postconf(5) manual page for a -# complete list. +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). # -# The general format of each line is: parameter = value. Lines -# that begin with whitespace continue the previous line. A value can -# contain references to other $names or ${name}s. +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/. # -# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF -# POSTFIX STILL WORKS AFTER EVERY CHANGE. +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. # SOFT BOUNCE # diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index b597e1a37..c37982a8b 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -1,6 +1,6 @@ # # Postfix master process configuration file. For details on the format -# of the file, see the Postfix master(5) manual page. +# of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html index 8233562a8..2a2ab64d3 100644 --- a/postfix/html/ADDRESS_REWRITING_README.html +++ b/postfix/html/ADDRESS_REWRITING_README.html @@ -546,14 +546,14 @@ clean up invalid domains in mail addresses produced by legacy mail systems.

Canonical mapping is disabled by default. To enable, edit the -canonical_maps parameter in the main.cf file and specify one or +canonical_maps parameter in the main.cf file and specify one or more lookup tables, separated by whitespace or commas.

Example: 

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     canonical_maps = hash:/etc/postfix/canonical
 
 /etc/postfix/canonical:
@@ -575,7 +575,7 @@ applied only to sender addresses or to recipient addresses. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     sender_canonical_maps = hash:/etc/postfix/sender_canonical
     recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
 

@@ -593,15 +593,15 @@ send mail to the those ugly address without creating a mailer loop.
 

 
 
 Canonical mapping can be turned off selectively for mail received
-by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings
-in the master.cf file.  This feature is available in Postfix version
+by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings
+in the master.cf file.  This feature is available in Postfix version
 2.1 and later.  

 
 
 Example: 

 
 

 
-/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     :10026      inet  n       -       n       -       -       smtpd
         -o receive_override_options=no_address_mappings
 

@@ -625,7 +625,7 @@ non-empty value. To get the behavior before Postfix 2.2, specify
 
 
 Address masquerading is disabled by default, and is implemented
 by the cleanup(8) server. To enable, edit the masquerade_domains
-parameter in the main.cf file and specify one or more domain names
+parameter in the main.cf file and specify one or more domain names
 separated by whitespace or commas.  When Postfix tries to masquerade
 a domain, it processes the list from left to right, and processing
 stops at the first match.  

@@ -634,7 +634,7 @@ stops at the first match.  

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     masquerade_domains = foo.example.com example.com
 

 

@@ -647,7 +647,7 @@ this domain or its subdomains: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     masquerade_domains = !foo.example.com example.com
 

 

@@ -664,7 +664,7 @@ Specify one or more user names separated by whitespace or commas.
 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     masquerade_exceptions = root
 

 

@@ -682,7 +682,7 @@ too, specify (Postfix version 1.1 and later):

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     masquerade_classes = envelope_sender, envelope_recipient,
         header_sender, header_recipient
 

@@ -692,15 +692,15 @@ too, specify (Postfix version 1.1 and later):

 no longer be able to send mail to individual machines. 

 
 
 Address masquerading can be turned off selectively for mail
-received by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf
-settings in the master.cf file.  This feature is available in
+received by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf
+settings in the master.cf file.  This feature is available in
 Postfix version 2.1 and later. 

 
 
 Example: 

 
 

 
-/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     :10026      inet  n       -       n       -       -       smtpd
         -o receive_override_options=no_address_mappings
 

@@ -743,14 +743,14 @@ generates itself. 

 
 
 Automatic BCC recipients (including always_bcc) can be turned
 off selectively for mail received by smtpd(8), qmqpd(8), or pickup(8),
-by overriding main.cf settings in the master.cf file.  This feature
+by overriding main.cf settings in the master.cf file.  This feature
 is available in Postfix version 2.1 and later. 

 
 
 Example: 

 
 

 
-/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     :10026      inet  n       -       n       -       -       smtpd
         -o receive_override_options=no_address_mappings
 

@@ -774,7 +774,7 @@ for an overview of methods to host virtual domains with Postfix.
 

 
 
 Virtual aliasing is disabled by default. To enable, edit the
-virtual_alias_maps parameter in the main.cf file and
+virtual_alias_maps parameter in the main.cf file and
 specify one or more lookup tables, separated by whitespace or
 commas. 

 
@@ -782,10 +782,10 @@ commas. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     virtual_alias_maps = hash:/etc/postfix/virtual
 
-/etc/postfix/virtual:
+/etc/postfix/virtual:
     Wietse.Venema        wietse
 

 

@@ -806,15 +806,15 @@ for mail that is forwarded internally, and are not generated for
 mail that is generated by Postfix itself. 

 
 
 Virtual aliasing can be turned off selectively for mail received
-by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings
-in the master.cf file.  This feature is available in Postfix version
+by smtpd(8), qmqpd(8), or pickup(8), by overriding main.cf settings
+in the master.cf file.  This feature is available in Postfix version
 2.1 and later. 

 
 
 Example: 

 
 

 
-/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     :10026      inet  n       -       n       -       -       smtpd
         -o receive_override_options=no_address_mappings
 

@@ -928,14 +928,14 @@ See, for example, the STANDARD_CONF
 documents, and the examples in the transport(5) manual page.  

 
 
 Transport table lookups are disabled by default. To enable,
-edit the transport_maps parameter in the main.cf file and specify
+edit the transport_maps parameter in the main.cf file and specify
 one or more lookup tables, separated by whitespace or commas. 

 
 
 Example: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     transport_maps = hash:/etc/postfix/transport
 

 

@@ -955,14 +955,14 @@ table lookups, in anticipation of transport(5) ta
 can replace one recipient address by a different one. 

 
 
 Lookups of relocated users are disabled by default. To enable,
-edit the relocated_maps parameter in the main.cf file and specify
+edit the relocated_maps parameter in the main.cf file and specify
 one or more lookup tables, separated by whitespace or commas. 

 
 
 Example: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relocated_maps = hash:/etc/postfix/relocated
 
 /etc/postfix/relocated:
@@ -996,7 +996,7 @@ local machine. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtp_generic_maps = hash:/etc/postfix/generic
 
 /etc/postfix/generic:
@@ -1029,7 +1029,7 @@ one of the following: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     alias_maps = hash:/etc/aliases
     alias_maps = dbm:/etc/aliases, nis:mail.aliases
 

@@ -1041,7 +1041,7 @@ Usually it is one of the following: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     alias_database = hash:/etc/aliases (4.4BSD, LINUX)
     alias_database = dbm:/etc/aliases (4.3BSD, SYSV<4)
     alias_database = dbm:/etc/mail/aliases (SYSV4)
@@ -1082,12 +1082,12 @@ mail for non-UNIX accounts, then you must specify: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     local_recipient_maps =
 

 

 
-
 (i.e. empty) in the main.cf file, otherwise the Postfix SMTP
+
 (i.e. empty) in the main.cf file, otherwise the Postfix SMTP
 server will reject mail for non-UNIX accounts with "User unknown
 in local recipient table". See the LOCAL_RECIPIENT_README file
 for more information on this.
@@ -1204,8 +1204,8 @@ includes the original recipient address.
 
 
 
-
 Some details are still preliminary and will change as Postfix
-implements the DSN (delivery status notification) standards. 

+
 Some details depend on Postfix version. The example below is
+for Postfix version 2.3 and later. 

 
 

 
@@ -1220,7 +1220,8 @@ Arrival-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
 Final-Recipient: rfc822; postfix-users@postfix.org
 Action: deliverable
 Status: 2.0.0
-Diagnostic-Code: X-Postfix; delivery via mail.cloud9.net[168.100.1.4]: 250 Ok
+Remote-MTA: dns; mail.cloud9.net
+Diagnostic-Code: smtp; 250 Ok
 

 

 
diff --git a/postfix/html/RESTRICTION_CLASS_README.html b/postfix/html/RESTRICTION_CLASS_README.html
index 528a263f3..4035994ec 100644
--- a/postfix/html/RESTRICTION_CLASS_README.html
+++ b/postfix/html/RESTRICTION_CLASS_README.html
@@ -41,9 +41,9 @@ care about these low-level details. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_restriction_classes = restrictive, permissive
-    # With Postfix < 2.3 specify reject_unknown_client.
+    # With Postfix < 2.3 specify reject_unknown_client.
     restrictive = reject_unknown_sender_domain reject_unknown_client_hostname ...
     permissive = permit
 
@@ -100,7 +100,7 @@ to IP spoofing. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_recipient_restrictions =
         check_recipient_access hash:/etc/postfix/access
         ...the usual stuff...
@@ -131,7 +131,7 @@ therefore is subject to SMTP sender spoofing. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_recipient_restrictions =
         check_recipient_access hash:/etc/postfix/protected_destinations
         ...the usual stuff...
@@ -191,7 +191,7 @@ with LDAP or SQL. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_recipient_restrictions =
         check_sender_access hash:/etc/postfix/restricted_senders
         ...other stuff...
@@ -220,7 +220,7 @@ bypassed in several ways: 

 
    
 
 
  •  
     By sending mail via a less restrictive mail
-relay host. 
    
+relay host. 
    
 
 
  •  
     By sending mail as someone else who does have permission
 to send mail to off-site destinations. 
    
diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html
index 3d542816a..978b5d7b4 100644
--- a/postfix/html/SMTPD_ACCESS_README.html
+++ b/postfix/html/SMTPD_ACCESS_README.html
@@ -167,12 +167,12 @@ described in the postconf(5) manual page. 
    
 
     Examples of simple restriction lists are: 
    
 
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     # Allow connections from trusted networks only.
     smtpd_client_restrictions = permit_mynetworks, reject
 
     # Don't talk to mail systems that don't know their own hostname.
-    # With Postfix < 2.3, specify reject_unknown_hostname.
+    # With Postfix < 2.3, specify reject_unknown_hostname.
     smtpd_helo_restrictions = reject_unknown_helo_hostname
 
     # Don't accept mail from domains that don't exist.
@@ -304,7 +304,7 @@ address is accepted. And this is where surprises can happen.  
    
 in too much access permission: 
    
 
 
    -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     smtpd_recipient_restrictions = 
 3         permit_mynetworks
 4         check_helo_access hash:/etc/postfix/helo_access
@@ -316,7 +316,7 @@ in too much access permission: 
    
 
    
 
 
     Line 5 rejects mail from hosts that don't specify a proper
-hostname in the HELO command (with Postfix < 2.3, specify
+hostname in the HELO command (with Postfix < 2.3, specify
 reject_unknown_hostname). Lines 4 and 9 make an exception to
 allow mail from some machine that announces itself with "HELO
 localhost.localdomain".  
    
@@ -344,7 +344,7 @@ testing: 
    
 
     soft_bounce 
     
     
     This is a safety net that changes
 SMTP server REJECT actions into DEFER (try again later) actions.
 This keeps mail queued that would otherwise be returned to the
-sender. Specify "soft_bounce = yes" in the main.cf file to prevent
+sender. Specify "soft_bounce = yes" in the main.cf file to prevent
 the Postfix SMTP server from rejecting mail permanently, by changing
 all 5xx SMTP reply codes into 4xx. 
     
    
 
diff --git a/postfix/html/STANDARD_CONFIGURATION_README.html b/postfix/html/STANDARD_CONFIGURATION_README.html
index 98b9f260e..75079d293 100644
--- a/postfix/html/STANDARD_CONFIGURATION_README.html
+++ b/postfix/html/STANDARD_CONFIGURATION_README.html
@@ -68,13 +68,13 @@ Postfix installs when you download the Postfix source code via
 http://www.postfix.org/. 
    
 
 
     You can use the command "postconf -n" to find out what
-settings are overruled by your main.cf. Besides a few pathname
+settings are overruled by your main.cf. Besides a few pathname
 settings, few parameters should be set on a stand-alone box, beyond
 what is covered in the BASIC_CONFIGURATION_README document: 
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     # Optional: send mail as user@domainname instead of user@hostname.
     #myorigin = $mydomain
 
@@ -104,13 +104,13 @@ their default settings. 
    
 
 
    
 
    -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     myorigin = $mydomain
 3     relayhost = $mydomain
 4     inet_interfaces = 127.0.0.1
 5     local_transport = error:local delivery is disabled
 6 
-7 /etc/postfix/master.cf:
+7 /etc/postfix/master.cf:
 8     Comment out the local delivery agent entry
 
    
 
    
@@ -160,7 +160,7 @@ is final destination for "user@hostname.example.com". 
    
 
 
    
 
    -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     myorigin = $mydomain
 3     mynetworks = 127.0.0.0/8 10.0.0.0/24
 4     relay_domains =
@@ -194,7 +194,7 @@ mail as "user@example.com" and is final destination for
  1 DNS:
  2     example.com    IN    MX  10 mailhost.example.com.
  3 
- 4 /etc/postfix/main.cf:
+ 4 /etc/postfix/main.cf:
  5     myorigin = $mydomain
  6     mydestination = $myhostname localhost.$mydomain localhost $mydomain
  7     mynetworks = 127.0.0.0/8 10.0.0.0/24
@@ -278,13 +278,13 @@ harder to break. 
    
 
 
    
 
    -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     myorigin = example.com
 3     mydestination =
 4     local_recipient_maps =
 5     local_transport = error:local mail delivery is disabled
 6 
-7 /etc/postfix/master.cf:
+7 /etc/postfix/master.cf:
 8     Comment out the local delivery agent
 
    
 
    
@@ -312,10 +312,10 @@ All the mail to these two accounts is forwarded to an inside address.
 
 
    
 
    -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     virtual_alias_maps = hash:/etc/postfix/virtual
 3 
-4 /etc/postfix/virtual:
+4 /etc/postfix/virtual:
 5     postmaster      postmaster@example.com
 6     abuse           abuse@example.com
 
    
@@ -338,7 +338,7 @@ is the real purpose of the firewall email function. 
    
 
 
    
 
    - 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     mynetworks = 127.0.0.0/8 12.34.56.0/24
  3     relay_domains = example.com
  4     parent_domain_matches_subdomains = 
@@ -418,10 +418,10 @@ follows:  
    
 
 
    
 
    -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     virtual_alias_maps = hash:/etc/postfix/virtual
 3 
-4 /etc/postfix/virtual:
+4 /etc/postfix/virtual:
 5     root     root@localhost
 6     . . .
 
    
@@ -458,7 +458,7 @@ discussed the first half of this document. 
    
 
 
    
 
    - 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     transport_maps = hash:/etc/postfix/transport
  3     relayhost =
  4     # Optional for a machine that isn't "always on"
@@ -483,7 +483,7 @@ this example assumes that the organization uses DNS MX records
 internally.  The [] forces Postfix to do no MX lookup.
 
    
 
-
  •  
     Line 3: IMPORTANT: do not specify a relayhost in main.cf.
+
  •  
     Line 3: IMPORTANT: do not specify a relayhost in main.cf.
 
    
 
 
  •  
     Line 5: This prevents mail from being stuck in the queue
@@ -513,7 +513,7 @@ is all you need: 
    
  1 DNS:
  2     the.backed-up.domain.tld        IN      MX 100 your.machine.tld.
  3 
- 4 /etc/postfix/main.cf:
+ 4 /etc/postfix/main.cf:
  5     relay_domains = . . . the.backed-up.domain.tld
  6     smtpd_recipient_restrictions = 
  7         permit_mynetworks reject_unauth_destination
@@ -535,7 +535,7 @@ need the above, plus: 
    
 
 
    
 
    -18 /etc/postfix/main.cf:
+18 /etc/postfix/main.cf:
 19     transport_maps = hash:/etc/postfix/transport
 20 
 21 /etc/postfix/transport:
@@ -580,16 +580,17 @@ tables Postfix supports, use the command "postconf -m". 
    
 
     Execute the command "postmap /etc/postfix/transport"
 whenever you change the transport table. 
    
 
-
     NOTE: Do not use the fallback_relay feature when relaying mail 
+
     NOTE for Postfix < 2.2: Do not use the fallback_relay feature
+when relaying mail
 for a backup or primary MX domain. Mail would loop between the
 Postfix MX host and the fallback_relay host when the final destination
 is unavailable. 
    
  
 
      
 
-
    •  In main.cf specify "relay_transport = relay",
+
    •  In main.cf specify "relay_transport = relay",
 
-
    •  In master.cf specify "-o fallback_relay =" at the    
+
    •  In master.cf specify "-o fallback_relay =" at the    
 end of the relay entry.
 
 
    •  In transport maps, specify "relay:nexthop..."
@@ -626,7 +627,7 @@ that is connected all the time. In the example below, the []
 prevents Postfix from trying to look up DNS MX records.  
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relayhost = [smtprelay.someprovider.com]
 
      
 
@@ -640,14 +641,14 @@ Postfix retries to deliver delayed mail. To prevent such telephone
 calls from being placed, disable spontaneous SMTP mail deliveries. 
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     defer_transports = smtp (Only for on-demand dialup IP hosts)
 
      
 
 
    •  
      Disable SMTP client DNS lookups (dialup LAN only).
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     disable_dns_lookups = yes (Only for on-demand dialup IP hosts)
 
      
 
@@ -718,7 +719,7 @@ discussed the first half of this document. 
      
 
 
      
 
      -1 /etc/postfix/main.cf:
+1 /etc/postfix/main.cf:
 2     smtp_generic_maps = hash:/etc/postfix/generic
 3 
 4 /etc/postfix/generic:
@@ -766,7 +767,7 @@ discussed the first half of this document. 
      
 
 
      
 
      - 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/main.cf:
  2     myhostname = hostname.localdomain
  3     mydomain = localdomain
  4 
@@ -777,7 +778,7 @@ discussed the first half of this document. 
      
  9 /etc/postfix/canonical:
 10     your-login-name    your-account@your-isp.com
 11 
-12 /etc/postfix/virtual:
+12 /etc/postfix/virtual:
 13     your-account@your-isp.com       your-login-name
 
      
 
      
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index c7600071b..d2e9a3f52 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -37,7 +37,7 @@ SMTP mail or with SASL authentication.
 
       Postfix version 2.2 introduces support for TLS as described in
 RFC 3207.  TLS Support for older Postfix versions was available as
 an add-on patch.  The section "Compatibility with
-Postfix < 2.2 TLS support" below discusses the differences
+Postfix < 2.2 TLS support" below discusses the differences
 between these implementations.  
      
 
 
       Topics covered in this document: 
      
@@ -56,7 +56,7 @@ between these implementations.  
      
 
 
    •  Reporting problems 
 
-
    • Compatibility with Postfix < 2.2 TLS support
+
    • Compatibility with Postfix < 2.2 TLS support
 
 
    •  Credits 
 
@@ -1531,7 +1531,7 @@ Patches, when possible, are greatly appreciated too. 
      
 
 
    
 
-
    Compatibility with Postfix <2.2 TLS support
    
+
    Compatibility with Postfix < 2.2 TLS support
    
 
 
     Postfix version 2.2 TLS support is based on the Postfix/TLS
 patch by Lutz Jänicke, but differs in a few minor ways. 
    
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index dc29a2614..59557d39f 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2014,7 +2014,9 @@ mail that is still queued.
 
    
 
 
    
-To enable this feature, specify a non-zero integral value.
+To enable this feature, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit).
 
    
 
 
    
@@ -8360,11 +8362,11 @@ Examples:
 (default: yes)
    
 
 
     Postpone the start of an SMTP mail transaction until a valid
-RCPT TO command is received. Specify "smtpd_delay_open_until_rcpt =
-yes" to create a mail transaction as soon as the SMTP server receives
-a valid MAIL FROM command. 
    
+RCPT TO command is received. Specify "no" to create a mail transaction
+as soon as the SMTP server receives a valid MAIL FROM command. 
    
 
-
     Postponing the start of a mail transaction reduces the use of
+
     With sites that reject lots of mail, the default setting reduces
+the use of
 disk, CPU and memory resources. The downside is that rejected
 recipients are logged with NOQUEUE instead of a mail transaction
 ID. This complicates the logfile analysis of multi-recipient mail.
@@ -9162,17 +9164,17 @@ of forged mail from worms or viruses.  
    
 
      
 
 
    •  The sender domain matches $mydestination, $inet_interfaces or
-$proxy_interfaces, but the recipient is not listed in
+$proxy_interfaces, but the sender is not listed in
 $local_recipient_maps, and $local_recipient_maps is not null.
 
-
    •  The sender domain matches $virtual_alias_domains but the recipient
+
    •  The sender domain matches $virtual_alias_domains but the sender
 is not listed in $virtual_alias_maps.
 
 
    •  The sender domain matches $virtual_mailbox_domains but the
-recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
+sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
 is not null.
 
-
    •  The sender domain matches $relay_domains but the recipient is
+
    •  The sender domain matches $relay_domains but the sender is
 not listed in $relay_recipient_maps, and $relay_recipient_maps is
 not null.
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 6dce04ea8..cfec35d0c 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1102,7 +1102,9 @@ This feature is enabled with the delay_warning_time parameter.
 The time after which the sender receives the message headers of
 mail that is still queued.
 .PP
-To enable this feature, specify a non-zero integral value.
+To enable this feature, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit).
 .PP
 Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is h (hours).
@@ -4816,11 +4818,11 @@ smtpd_data_restrictions = reject_multi_recipient_bounce
 .ft R
 .SH smtpd_delay_open_until_valid_rcpt (default: yes)
 Postpone the start of an SMTP mail transaction until a valid
-RCPT TO command is received. Specify "smtpd_delay_open_until_rcpt =
-yes" to create a mail transaction as soon as the SMTP server receives
-a valid MAIL FROM command.
+RCPT TO command is received. Specify "no" to create a mail transaction
+as soon as the SMTP server receives a valid MAIL FROM command.
 .PP
-Postponing the start of a mail transaction reduces the use of
+With sites that reject lots of mail, the default setting reduces
+the use of
 disk, CPU and memory resources. The downside is that rejected
 recipients are logged with NOQUEUE instead of a mail transaction
 ID. This complicates the logfile analysis of multi-recipient mail.
@@ -5298,17 +5300,17 @@ access restriction is specified. This can slow down an explosion
 of forged mail from worms or viruses.
 .IP \(bu
 The sender domain matches $mydestination, $inet_interfaces or
-$proxy_interfaces, but the recipient is not listed in
+$proxy_interfaces, but the sender is not listed in
 $local_recipient_maps, and $local_recipient_maps is not null.
 .IP \(bu
-The sender domain matches $virtual_alias_domains but the recipient
+The sender domain matches $virtual_alias_domains but the sender
 is not listed in $virtual_alias_maps.
 .IP \(bu
 The sender domain matches $virtual_mailbox_domains but the
-recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
+sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
 is not null.
 .IP \(bu
-The sender domain matches $relay_domains but the recipient is
+The sender domain matches $relay_domains but the sender is
 not listed in $relay_recipient_maps, and $relay_recipient_maps is
 not null.
 .PP
diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html
index 57f7fa2a5..b29820e00 100644
--- a/postfix/proto/ADDRESS_REWRITING_README.html
+++ b/postfix/proto/ADDRESS_REWRITING_README.html
@@ -1204,8 +1204,8 @@ includes the original recipient address.
 
 
    
 
-
     Some details are still preliminary and will change as Postfix
-implements the DSN (delivery status notification) standards. 
    
+
     Some details depend on Postfix version. The example below is
+for Postfix version 2.3 and later. 
    
 
 
    
 
    @@ -1220,7 +1220,8 @@ Arrival-Date: Tue, 13 Apr 2004 19:27:43 -0400 (EDT)
 Final-Recipient: rfc822; postfix-users@postfix.org
 Action: deliverable
 Status: 2.0.0
-Diagnostic-Code: X-Postfix; delivery via mail.cloud9.net[168.100.1.4]: 250 Ok
+Remote-MTA: dns; mail.cloud9.net
+Diagnostic-Code: smtp; 250 Ok
 
    
 
    
 
diff --git a/postfix/proto/RESTRICTION_CLASS_README.html b/postfix/proto/RESTRICTION_CLASS_README.html
index 93ab72983..705d10693 100644
--- a/postfix/proto/RESTRICTION_CLASS_README.html
+++ b/postfix/proto/RESTRICTION_CLASS_README.html
@@ -43,7 +43,7 @@ care about these low-level details. 
    
 
     /etc/postfix/main.cf:
     smtpd_restriction_classes = restrictive, permissive
-    # With Postfix < 2.3 specify reject_unknown_client.
+    # With Postfix < 2.3 specify reject_unknown_client.
     restrictive = reject_unknown_sender_domain reject_unknown_client_hostname ...
     permissive = permit
 
diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html
index c97e34b36..d862bb3c0 100644
--- a/postfix/proto/SMTPD_ACCESS_README.html
+++ b/postfix/proto/SMTPD_ACCESS_README.html
@@ -172,7 +172,7 @@ described in the postconf(5) manual page. 
    
     smtpd_client_restrictions = permit_mynetworks, reject
 
     # Don't talk to mail systems that don't know their own hostname.
-    # With Postfix < 2.3, specify reject_unknown_hostname.
+    # With Postfix < 2.3, specify reject_unknown_hostname.
     smtpd_helo_restrictions = reject_unknown_helo_hostname
 
     # Don't accept mail from domains that don't exist.
@@ -316,7 +316,7 @@ in too much access permission: 
    
 
    
 
 
     Line 5 rejects mail from hosts that don't specify a proper
-hostname in the HELO command (with Postfix < 2.3, specify
+hostname in the HELO command (with Postfix < 2.3, specify
 reject_unknown_hostname). Lines 4 and 9 make an exception to
 allow mail from some machine that announces itself with "HELO
 localhost.localdomain".  
    
diff --git a/postfix/proto/STANDARD_CONFIGURATION_README.html b/postfix/proto/STANDARD_CONFIGURATION_README.html
index fcc7c275a..9907ae877 100644
--- a/postfix/proto/STANDARD_CONFIGURATION_README.html
+++ b/postfix/proto/STANDARD_CONFIGURATION_README.html
@@ -580,7 +580,8 @@ tables Postfix supports, use the command "postconf -m". 
    
 
     Execute the command "postmap /etc/postfix/transport"
 whenever you change the transport table. 
    
 
-
     NOTE: Do not use the fallback_relay feature when relaying mail 
+
     NOTE for Postfix < 2.2: Do not use the fallback_relay feature
+when relaying mail
 for a backup or primary MX domain. Mail would loop between the
 Postfix MX host and the fallback_relay host when the final destination
 is unavailable. 
    
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index e4ed4bcee..31e2500bc 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -37,7 +37,7 @@ SMTP mail or with SASL authentication.
 
     Postfix version 2.2 introduces support for TLS as described in
 RFC 3207.  TLS Support for older Postfix versions was available as
 an add-on patch.  The section "Compatibility with
-Postfix < 2.2 TLS support" below discusses the differences
+Postfix < 2.2 TLS support" below discusses the differences
 between these implementations.  
    
 
 
     Topics covered in this document: 
    
@@ -56,7 +56,7 @@ between these implementations.  
    
 
 
  •  Reporting problems 
 
-
  • Compatibility with Postfix < 2.2 TLS support
+
  • Compatibility with Postfix < 2.2 TLS support
 
 
  •  Credits 
 
@@ -1531,7 +1531,7 @@ Patches, when possible, are greatly appreciated too. 
    
 
 

 
-
Compatibility with Postfix <2.2 TLS support

+
Compatibility with Postfix < 2.2 TLS support

 
 
 Postfix version 2.2 TLS support is based on the Postfix/TLS
 patch by Lutz Jänicke, but differs in a few minor ways. 

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index f21b3d0ae..fcf27e1c8 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -6541,7 +6541,9 @@ mail that is still queued.
 

 
 

-To enable this feature, specify a non-zero integral value.
+To enable this feature, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit).
 

 
 

@@ -7429,17 +7431,17 @@ of forged mail from worms or viruses.  

 
    
 
 
  •  The sender domain matches $mydestination, $inet_interfaces or
-$proxy_interfaces, but the recipient is not listed in
+$proxy_interfaces, but the sender is not listed in
 $local_recipient_maps, and $local_recipient_maps is not null.
 
-
  •  The sender domain matches $virtual_alias_domains but the recipient
+
  •  The sender domain matches $virtual_alias_domains but the sender
 is not listed in $virtual_alias_maps.
 
 
  •  The sender domain matches $virtual_mailbox_domains but the
-recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
+sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
 is not null.
 
-
  •  The sender domain matches $relay_domains but the recipient is
+
  •  The sender domain matches $relay_domains but the sender is
 not listed in $relay_recipient_maps, and $relay_recipient_maps is
 not null.
 
@@ -9244,11 +9246,11 @@ See there for details. 
    
 %PARAM smtpd_delay_open_until_valid_rcpt yes
 
 
     Postpone the start of an SMTP mail transaction until a valid
-RCPT TO command is received. Specify "smtpd_delay_open_until_rcpt =
-yes" to create a mail transaction as soon as the SMTP server receives
-a valid MAIL FROM command. 
    
+RCPT TO command is received. Specify "no" to create a mail transaction
+as soon as the SMTP server receives a valid MAIL FROM command. 
    
 
-
     Postponing the start of a mail transaction reduces the use of
+
     With sites that reject lots of mail, the default setting reduces
+the use of
 disk, CPU and memory resources. The downside is that rejected
 recipients are logged with NOQUEUE instead of a mail transaction
 ID. This complicates the logfile analysis of multi-recipient mail.
diff --git a/postfix/src/bounce/bounce_template.c b/postfix/src/bounce/bounce_template.c
index b2df97b76..23f16b0a3 100644
--- a/postfix/src/bounce/bounce_template.c
+++ b/postfix/src/bounce/bounce_template.c
@@ -288,7 +288,7 @@ static void bounce_template_parse_buffer(BOUNCE_TEMPLATE *tp)
      * Parse pseudo-header labels and values.
      */
 #define GETLINE(line, buf) \
-        (((line) = (buf)) ? ((buf) = split_at((buf), '\n'), (line)) : 0)
+        (((line) = (buf)) != 0 ? ((buf) = split_at((buf), '\n'), (line)) : 0)
 
     while ((GETLINE(cp, tval)) != 0 && (hlen = is_header(cp)) > 0) {
 	for (hval = cp + hlen; *hval && (*hval == ':' || ISSPACE(*hval)); hval++)
diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c
index 473a3d202..941b7594f 100644
--- a/postfix/src/dns/dns_lookup.c
+++ b/postfix/src/dns/dns_lookup.c
@@ -608,6 +608,7 @@ int     dns_lookup(const char *name, unsigned type, unsigned flags,
 		vstring_sprintf(why, "Name service error for name=%s type=%s: "
 				"Malformed or unexpected name server reply",
 				name, dns_strtype(type));
+	    /* FALLTHROUGH */
 	case DNS_OK:
 	    return (status);
 	case DNS_RECURSE:
diff --git a/postfix/src/global/conv_time.c b/postfix/src/global/conv_time.c
index 508e85326..cbd8050e3 100644
--- a/postfix/src/global/conv_time.c
+++ b/postfix/src/global/conv_time.c
@@ -67,6 +67,7 @@ int     conv_time(const char *strval, int *timval, int def_unit)
     switch (sscanf(strval, "%d%c%c", &intval, &unit, &junk)) {
     case 1:
 	unit = def_unit;
+	/* FALLTHROUGH */
     case 2:
 	if (intval < 0)
 	    return (0);
diff --git a/postfix/src/global/dsn_buf.h b/postfix/src/global/dsn_buf.h
index b38f46d0d..2871bdb2c 100644
--- a/postfix/src/global/dsn_buf.h
+++ b/postfix/src/global/dsn_buf.h
@@ -53,7 +53,6 @@ extern DSN_BUF *dsb_create(void);
 extern DSN_BUF *PRINTFLIKE(8, 9) dsb_update(DSN_BUF *, const char *, const char *, const char *, const char *, const char *, const char *, const char *,...);
 extern DSN_BUF *PRINTFLIKE(3, 4) dsb_simple(DSN_BUF *, const char *, const char *,...);
 extern DSN_BUF *PRINTFLIKE(4, 5) dsb_unix(DSN_BUF *, const char *, const char *, const char *,...);
-extern DSN_BUF *PRINTFLIKE(4, 5) dsb_smtp(DSN_BUF *, const char *, const char *, const char *,...);
 extern DSN_BUF *dsb_formal(DSN_BUF *, const char *, const char *, const char *, const char *, const char *, const char *);
 extern DSN_BUF *dsb_status(DSN_BUF *, const char *);
 extern void dsb_reset(DSN_BUF *);
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 7b62eb05d..45414bc44 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060315"
+#define MAIL_RELEASE_DATE	"20060325"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/own_inet_addr.c b/postfix/src/global/own_inet_addr.c
index 31c0f44cd..c9ea78c99 100644
--- a/postfix/src/global/own_inet_addr.c
+++ b/postfix/src/global/own_inet_addr.c
@@ -68,9 +68,9 @@
 
 /* Application-specific. */
 
-static INET_ADDR_LIST addr_list;
-static INET_ADDR_LIST mask_list;
-static INET_ADDR_LIST proxy_list;
+static INET_ADDR_LIST saved_addr_list;
+static INET_ADDR_LIST saved_mask_list;
+static INET_ADDR_LIST saved_proxy_list;
 
 /* own_inet_addr_init - initialize my own address list */
 
@@ -182,11 +182,11 @@ int     own_inet_addr(struct sockaddr * addr)
 {
     int     i;
 
-    if (addr_list.used == 0)
-	own_inet_addr_init(&addr_list, &mask_list);
+    if (saved_addr_list.used == 0)
+	own_inet_addr_init(&saved_addr_list, &saved_mask_list);
 
-    for (i = 0; i < addr_list.used; i++)
-	if (SOCK_ADDR_EQ_ADDR(addr, addr_list.addrs + i))
+    for (i = 0; i < saved_addr_list.used; i++)
+	if (SOCK_ADDR_EQ_ADDR(addr, saved_addr_list.addrs + i))
 	    return (1);
     return (0);
 }
@@ -195,20 +195,20 @@ int     own_inet_addr(struct sockaddr * addr)
 
 INET_ADDR_LIST *own_inet_addr_list(void)
 {
-    if (addr_list.used == 0)
-	own_inet_addr_init(&addr_list, &mask_list);
+    if (saved_addr_list.used == 0)
+	own_inet_addr_init(&saved_addr_list, &saved_mask_list);
 
-    return (&addr_list);
+    return (&saved_addr_list);
 }
 
 /* own_inet_mask_list - return list of addresses */
 
 INET_ADDR_LIST *own_inet_mask_list(void)
 {
-    if (addr_list.used == 0)
-	own_inet_addr_init(&addr_list, &mask_list);
+    if (saved_addr_list.used == 0)
+	own_inet_addr_init(&saved_addr_list, &saved_mask_list);
 
-    return (&mask_list);
+    return (&saved_mask_list);
 }
 
 /* proxy_inet_addr_init - initialize my proxy interface list */
@@ -247,11 +247,11 @@ int     proxy_inet_addr(struct sockaddr * addr)
     if (*var_proxy_interfaces == 0)
 	return (0);
 
-    if (proxy_list.used == 0)
-	proxy_inet_addr_init(&proxy_list);
+    if (saved_proxy_list.used == 0)
+	proxy_inet_addr_init(&saved_proxy_list);
 
-    for (i = 0; i < proxy_list.used; i++)
-	if (SOCK_ADDR_EQ_ADDR(addr, proxy_list.addrs + i))
+    for (i = 0; i < saved_proxy_list.used; i++)
+	if (SOCK_ADDR_EQ_ADDR(addr, saved_proxy_list.addrs + i))
 	    return (1);
     return (0);
 }
@@ -260,10 +260,10 @@ int     proxy_inet_addr(struct sockaddr * addr)
 
 INET_ADDR_LIST *proxy_inet_addr_list(void)
 {
-    if (*var_proxy_interfaces != 0 && proxy_list.used == 0)
-	proxy_inet_addr_init(&proxy_list);
+    if (*var_proxy_interfaces != 0 && saved_proxy_list.used == 0)
+	proxy_inet_addr_init(&saved_proxy_list);
 
-    return (&proxy_list);
+    return (&saved_proxy_list);
 }
 
 #ifdef TEST
diff --git a/postfix/src/global/pipe_command.c b/postfix/src/global/pipe_command.c
index fe02a3226..8939ba2bb 100644
--- a/postfix/src/global/pipe_command.c
+++ b/postfix/src/global/pipe_command.c
@@ -316,7 +316,7 @@ static ssize_t pipe_command_read(int fd, void *buf, ssize_t len,
 
 static void kill_command(pid_t pid, int sig, uid_t kill_uid, gid_t kill_gid)
 {
-    pid_t   saved_euid = geteuid();
+    uid_t   saved_euid = geteuid();
     gid_t   saved_egid = getegid();
 
     /*
diff --git a/postfix/src/global/resolve_local.c b/postfix/src/global/resolve_local.c
index fdbf7c528..703ec0743 100644
--- a/postfix/src/global/resolve_local.c
+++ b/postfix/src/global/resolve_local.c
@@ -78,6 +78,9 @@ int     resolve_local(const char *addr)
     struct addrinfo *res0 = 0;
     ssize_t len;
 
+    /*
+     * The optimizer will eliminate tests that always fail.
+     */
 #define RETURN(x) \
     do { \
 	myfree(saved_addr); \
diff --git a/postfix/src/global/verp_sender.c b/postfix/src/global/verp_sender.c
index bed3b3d8c..922c1ce1f 100644
--- a/postfix/src/global/verp_sender.c
+++ b/postfix/src/global/verp_sender.c
@@ -73,9 +73,9 @@ VSTRING *verp_sender(VSTRING *buf, const char *delimiters,
     /*
      * Change prefix@origin into prefix+user=domain@origin.
      */
-    send_local_len = ((cp = strrchr(sender, '@')) ?
+    send_local_len = ((cp = strrchr(sender, '@')) != 0 ?
 		      cp - sender : strlen(sender));
-    rcpt_local_len = ((cp = strrchr(recipient, '@')) ?
+    rcpt_local_len = ((cp = strrchr(recipient, '@')) != 0 ?
 		      cp - recipient : strlen(recipient));
     vstring_strncpy(buf, sender, send_local_len);
     VSTRING_ADDCH(buf, delimiters[0] & 0xff);
diff --git a/postfix/src/oqmgr/qmgr_deliver.c b/postfix/src/oqmgr/qmgr_deliver.c
index 356c844d4..c9f1f5e1e 100644
--- a/postfix/src/oqmgr/qmgr_deliver.c
+++ b/postfix/src/oqmgr/qmgr_deliver.c
@@ -56,6 +56,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -215,6 +216,7 @@ static void qmgr_deliver_update(int unused_event, char *context)
     int     status;
     RECIPIENT *recipient;
     int     nrcpt;
+    char   *whatsup;
 
     if (dsb == 0)
 	dsb = dsb_create();
@@ -244,9 +246,17 @@ static void qmgr_deliver_update(int unused_event, char *context)
      */
     if (status == DELIVER_STAT_CRASH) {
 	message->flags |= DELIVER_STAT_DEFER;
+#if 0
+	whatsup = concatenate("unknown ", transport->name,
+			      " mail transport error", (char *) 0);
+	qmgr_transport_throttle(transport,
+				DSN_SIMPLE(&dsb->dsn, "4.3.0", whatsup));
+	myfree(whatsup);
+#else
 	qmgr_transport_throttle(transport,
 				DSN_SIMPLE(&dsb->dsn, "4.3.0",
 					   "unknown mail transport error"));
+#endif
 	msg_warn("transport %s failure -- see a previous warning/fatal/panic logfile record for the problem description",
 		 transport->name);
 
@@ -275,7 +285,7 @@ static void qmgr_deliver_update(int unused_event, char *context)
      * (the todo list); stay away from queue entries that have been selected
      * (the busy list), or we would have dangling pointers. The queue itself
      * won't go away before we dispose of the current queue entry.
-     *
+     * 
      * XXX Caution: DSN_COPY() will panic on empty status or reason.
      */
 #define SUSPENDED	"delivery temporarily suspended: "
@@ -324,6 +334,7 @@ void    qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
     QMGR_QUEUE *queue;
     QMGR_ENTRY *entry;
     DSN     dsn;
+    char   *whatsup;
 
     /*
      * Find out if this delivery process is really available. Once elected,
@@ -333,9 +344,17 @@ void    qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
      * while some other queue manipulation is happening.
      */
     if (qmgr_deliver_initial_reply(stream) != 0) {
+#if 0
+	whatsup = concatenate(transport->name,
+			      " mail transport unavailable", (char *) 0);
+	qmgr_transport_throttle(transport,
+				DSN_SIMPLE(&dsn, "4.3.0", whatsup));
+	myfree(whatsup);
+#else
 	qmgr_transport_throttle(transport,
 				DSN_SIMPLE(&dsn, "4.3.0",
 					   "mail transport unavailable"));
+#endif
 	qmgr_defer_transport(transport, &dsn);
 	(void) vstream_fclose(stream);
 	return;
@@ -362,9 +381,17 @@ void    qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
      */
     if (qmgr_deliver_send_request(entry, stream) < 0) {
 	qmgr_entry_unselect(queue, entry);
+#if 0
+	whatsup = concatenate(transport->name,
+			      " mail transport unavailable", (char *) 0);
+	qmgr_transport_throttle(transport,
+				DSN_SIMPLE(&dsn, "4.3.0", whatsup));
+	myfree(whatsup);
+#else
 	qmgr_transport_throttle(transport,
 				DSN_SIMPLE(&dsn, "4.3.0",
 					   "mail transport unavailable"));
+#endif
 	qmgr_defer_transport(transport, &dsn);
 	/* warning: entry and queue may be dangling pointers here */
 	(void) vstream_fclose(stream);
diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c
index f36b57baa..01473a803 100644
--- a/postfix/src/pickup/pickup.c
+++ b/postfix/src/pickup/pickup.c
@@ -335,7 +335,7 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup,
     if (info->st.st_uid == var_owner_uid) {
 	msg_info("%s: uid=%d from=<%s> orig_id=%s", info->id,
 		 (int) info->st.st_uid, info->sender,
-		 ((name = strrchr(info->path, '/')) ?
+		 ((name = strrchr(info->path, '/')) != 0 ?
 		  name + 1 : info->path));
     } else {
 	msg_info("%s: uid=%d from=<%s>", info->id,
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index 8d4a3621e..960861406 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -362,7 +362,7 @@ static CONFIG_STR_FN_TABLE str_fn_table_2[] = {
  /*
   * XXX Global so that call-backs can see it.
   */
-static int mode = SHOW_NAME;
+static int cmd_mode = SHOW_NAME;
 
 /* check_myhostname - lookup hostname and validate */
 
@@ -385,7 +385,7 @@ static const char *check_myhostname(void)
      * XXX Do not complain when running as "postconf -d".
      */
     name = get_hostname();
-    if ((mode & SHOW_DEFS) == 0 && (dot = strchr(name, '.')) == 0) {
+    if ((cmd_mode & SHOW_DEFS) == 0 && (dot = strchr(name, '.')) == 0) {
 	if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) {
 	    msg_warn("My hostname %s is not a fully qualified name - set %s or %s in %s/main.cf",
 		     name, VAR_MYHOSTNAME, VAR_MYDOMAIN, var_config_dir);
@@ -432,20 +432,20 @@ static const char *check_mynetworks(void)
     const char *junk;
 
     if (var_inet_interfaces == 0) {
-	if ((mode & SHOW_DEFS)
-	    || !(junk = mail_conf_lookup_eval(VAR_INET_INTERFACES)))
+	if ((cmd_mode & SHOW_DEFS)
+	    || (junk = mail_conf_lookup_eval(VAR_INET_INTERFACES)) == 0)
 	    junk = DEF_INET_INTERFACES;
 	var_inet_interfaces = mystrdup(junk);
     }
     if (var_mynetworks_style == 0) {
-	if ((mode & SHOW_DEFS)
-	    || !(junk = mail_conf_lookup_eval(VAR_MYNETWORKS_STYLE)))
+	if ((cmd_mode & SHOW_DEFS)
+	    || (junk = mail_conf_lookup_eval(VAR_MYNETWORKS_STYLE)) == 0)
 	    junk = DEF_MYNETWORKS_STYLE;
 	var_mynetworks_style = mystrdup(junk);
     }
     if (var_inet_protocols == 0) {
-	if ((mode & SHOW_DEFS)
-	    || !(junk = mail_conf_lookup_eval(VAR_INET_PROTOCOLS)))
+	if ((cmd_mode & SHOW_DEFS)
+	    || (junk = mail_conf_lookup_eval(VAR_INET_PROTOCOLS)) == 0)
 	    junk = DEF_INET_PROTOCOLS;
 	var_inet_protocols = mystrdup(junk);
 	proto_info = inet_proto_init(VAR_INET_PROTOCOLS, var_inet_protocols);
@@ -1001,10 +1001,10 @@ int     main(int argc, char **argv)
     while ((ch = GETOPT(argc, argv, "aAbc:deEhmlntv")) > 0) {
 	switch (ch) {
 	case 'a':
-	    mode |= SHOW_SASL_SERV;
+	    cmd_mode |= SHOW_SASL_SERV;
 	    break;
 	case 'A':
-	    mode |= SHOW_SASL_CLNT;
+	    cmd_mode |= SHOW_SASL_CLNT;
 	    break;
 	case 'b':
 	    if (ext_argv)
@@ -1017,10 +1017,10 @@ int     main(int argc, char **argv)
 		msg_fatal("out of memory");
 	    break;
 	case 'd':
-	    mode |= SHOW_DEFS;
+	    cmd_mode |= SHOW_DEFS;
 	    break;
 	case 'e':
-	    mode |= EDIT_MAIN;
+	    cmd_mode |= EDIT_MAIN;
 	    break;
 
 	    /*
@@ -1031,20 +1031,20 @@ int     main(int argc, char **argv)
 	     */
 #if 0
 	case 'E':
-	    mode |= SHOW_EVAL;
+	    cmd_mode |= SHOW_EVAL;
 	    break;
 #endif
 	case 'h':
-	    mode &= ~SHOW_NAME;
+	    cmd_mode &= ~SHOW_NAME;
 	    break;
 	case 'l':
-	    mode |= SHOW_LOCKS;
+	    cmd_mode |= SHOW_LOCKS;
 	    break;
 	case 'm':
-	    mode |= SHOW_MAPS;
+	    cmd_mode |= SHOW_MAPS;
 	    break;
 	case 'n':
-	    mode |= SHOW_NONDEF;
+	    cmd_mode |= SHOW_NONDEF;
 	    break;
 	case 't':
 	    if (ext_argv)
@@ -1063,7 +1063,7 @@ int     main(int argc, char **argv)
     /*
      * Sanity check.
      */
-    junk = (mode & (SHOW_DEFS | SHOW_NONDEF | SHOW_MAPS | SHOW_LOCKS | EDIT_MAIN | SHOW_SASL_SERV | SHOW_SASL_CLNT));
+    junk = (cmd_mode & (SHOW_DEFS | SHOW_NONDEF | SHOW_MAPS | SHOW_LOCKS | EDIT_MAIN | SHOW_SASL_SERV | SHOW_SASL_CLNT));
     if (junk != 0 && ((junk != SHOW_DEFS && junk != SHOW_NONDEF
 	     && junk != SHOW_MAPS && junk != SHOW_LOCKS && junk != EDIT_MAIN
 		       && junk != SHOW_SASL_SERV && junk != SHOW_SASL_CLNT)
@@ -1094,7 +1094,7 @@ int     main(int argc, char **argv)
     /*
      * If showing map types, show them and exit
      */
-    if (mode & SHOW_MAPS) {
+    if (cmd_mode & SHOW_MAPS) {
 	mail_dict_init();
 	show_maps();
     }
@@ -1102,23 +1102,23 @@ int     main(int argc, char **argv)
     /*
      * If showing locking methods, show them and exit
      */
-    else if (mode & SHOW_LOCKS) {
+    else if (cmd_mode & SHOW_LOCKS) {
 	show_locks();
     }
 
     /*
      * If showing SASL plug-in types, show them and exit
      */
-    else if (mode & SHOW_SASL_SERV) {
+    else if (cmd_mode & SHOW_SASL_SERV) {
 	show_sasl(SHOW_SASL_SERV);
-    } else if (mode & SHOW_SASL_CLNT) {
+    } else if (cmd_mode & SHOW_SASL_CLNT) {
 	show_sasl(SHOW_SASL_CLNT);
     }
 
     /*
      * Edit main.cf.
      */
-    else if (mode & EDIT_MAIN) {
+    else if (cmd_mode & EDIT_MAIN) {
 	edit_parameters(argc - optind, argv + optind);
     }
 
@@ -1126,7 +1126,7 @@ int     main(int argc, char **argv)
      * If showing non-default values, read main.cf.
      */
     else {
-	if ((mode & SHOW_DEFS) == 0) {
+	if ((cmd_mode & SHOW_DEFS) == 0) {
 	    read_parameters();
 	    set_parameters();
 	}
@@ -1135,7 +1135,7 @@ int     main(int argc, char **argv)
 	 * Throw together all parameters and show the asked values.
 	 */
 	hash_parameters();
-	show_parameters(mode, argv + optind);
+	show_parameters(cmd_mode, argv + optind);
     }
     vstream_fflush(VSTREAM_OUT);
     exit(0);
diff --git a/postfix/src/qmgr/Makefile.in b/postfix/src/qmgr/Makefile.in
index e00895342..f4b3dff9f 100644
--- a/postfix/src/qmgr/Makefile.in
+++ b/postfix/src/qmgr/Makefile.in
@@ -157,6 +157,7 @@ qmgr_deliver.o: ../../include/mail_proto.h
 qmgr_deliver.o: ../../include/mail_queue.h
 qmgr_deliver.o: ../../include/msg.h
 qmgr_deliver.o: ../../include/msg_stats.h
+qmgr_deliver.o: ../../include/mymalloc.h
 qmgr_deliver.o: ../../include/rcpt_print.h
 qmgr_deliver.o: ../../include/recipient_list.h
 qmgr_deliver.o: ../../include/scan_dir.h
diff --git a/postfix/src/qmgr/qmgr.h b/postfix/src/qmgr/qmgr.h
index cffdc180c..b9ec6830e 100644
--- a/postfix/src/qmgr/qmgr.h
+++ b/postfix/src/qmgr/qmgr.h
@@ -56,12 +56,12 @@ typedef struct QMGR_SCAN QMGR_SCAN;
 }
 
 #define QMGR_LIST_UNLINK(head, type, object, peers) { \
-    type   next = object->peers.next; \
-    type   prev = object->peers.prev; \
-    if (prev) prev->peers.next = next; \
-    else head.next = next; \
-    if (next) next->peers.prev = prev; \
-    else head.prev = prev; \
+    type   _next = object->peers.next; \
+    type   _prev = object->peers.prev; \
+    if (_prev) _prev->peers.next = _next; \
+	else head.next = _next; \
+    if (_next) _next->peers.prev = _prev; \
+	else head.prev = _prev; \
     object->peers.next = object->peers.prev = 0; \
 }
 
diff --git a/postfix/src/qmgr/qmgr_deliver.c b/postfix/src/qmgr/qmgr_deliver.c
index 59ae7f102..ed16d8691 100644
--- a/postfix/src/qmgr/qmgr_deliver.c
+++ b/postfix/src/qmgr/qmgr_deliver.c
@@ -61,6 +61,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -220,6 +221,7 @@ static void qmgr_deliver_update(int unused_event, char *context)
     int     status;
     RECIPIENT *recipient;
     int     nrcpt;
+    char   *whatsup;
 
     if (dsb == 0)
 	dsb = dsb_create();
@@ -249,9 +251,17 @@ static void qmgr_deliver_update(int unused_event, char *context)
      */
     if (status == DELIVER_STAT_CRASH) {
 	message->flags |= DELIVER_STAT_DEFER;
+#if 0
+	whatsup = concatenate("unknown ", transport->name,
+			      " mail transport error", (char *) 0);
+	qmgr_transport_throttle(transport,
+				DSN_SIMPLE(&dsb->dsn, "4.3.0", whatsup));
+	myfree(whatsup);
+#else
 	qmgr_transport_throttle(transport,
 				DSN_SIMPLE(&dsb->dsn, "4.3.0",
 					   "unknown mail transport error"));
+#endif
 	msg_warn("transport %s failure -- see a previous warning/fatal/panic logfile record for the problem description",
 		 transport->name);
 
@@ -280,7 +290,7 @@ static void qmgr_deliver_update(int unused_event, char *context)
      * (the todo list); stay away from queue entries that have been selected
      * (the busy list), or we would have dangling pointers. The queue itself
      * won't go away before we dispose of the current queue entry.
-     *
+     * 
      * XXX Caution: DSN_COPY() will panic on empty status or reason.
      */
 #define SUSPENDED	"delivery temporarily suspended: "
@@ -328,6 +338,7 @@ void    qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
 {
     QMGR_ENTRY *entry;
     DSN     dsn;
+    char   *whatsup;
 
     /*
      * Find out if this delivery process is really available. Once elected,
@@ -337,9 +348,17 @@ void    qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
      * while some other queue manipulation is happening.
      */
     if (qmgr_deliver_initial_reply(stream) != 0) {
+#if 0
+	whatsup = concatenate(transport->name,
+			      " mail transport unavailable", (char *) 0);
+	qmgr_transport_throttle(transport,
+				DSN_SIMPLE(&dsn, "4.3.0", whatsup));
+	myfree(whatsup);
+#else
 	qmgr_transport_throttle(transport,
 				DSN_SIMPLE(&dsn, "4.3.0",
 					   "mail transport unavailable"));
+#endif
 	qmgr_defer_transport(transport, &dsn);
 	(void) vstream_fclose(stream);
 	return;
@@ -365,9 +384,17 @@ void    qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
      */
     if (qmgr_deliver_send_request(entry, stream) < 0) {
 	qmgr_entry_unselect(entry);
+#if 0
+	whatsup = concatenate(transport->name,
+			      " mail transport unavailable", (char *) 0);
+	qmgr_transport_throttle(transport,
+				DSN_SIMPLE(&dsn, "4.3.0", whatsup));
+	myfree(whatsup);
+#else
 	qmgr_transport_throttle(transport,
 				DSN_SIMPLE(&dsn, "4.3.0",
 					   "mail transport unavailable"));
+#endif
 	qmgr_defer_transport(transport, &dsn);
 	/* warning: entry may be a dangling pointer here */
 	(void) vstream_fclose(stream);
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index d25a60121..86068af17 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -2700,8 +2700,9 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
     }
 #define STREQ(x,y)	(strcasecmp((x), (y)) == 0)
 #define UPDATE_STR(s, v) do { \
+	    const char *_v = (v); \
 	    if (s) myfree(s); \
-	    s = (v) ? mystrdup(v) : 0; \
+	    s = (_v) ? mystrdup(_v) : 0; \
 	} while(0)
 
     /*
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 3b8228f50..f071b757e 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -3240,7 +3240,7 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
      * Sanity check.
      */
     if (!policy_clnt_table
-    || !(policy_clnt = (ATTR_CLNT *) htable_find(policy_clnt_table, server)))
+	|| (policy_clnt = (ATTR_CLNT *) htable_find(policy_clnt_table, server)) == 0)
 	msg_panic("check_policy_service: no client endpoint for server %s",
 		  server);
 
diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c
index 3a25270f4..9df37e355 100644
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@@ -452,7 +452,7 @@ int     smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
     if (vstream_ftimeout(state->proxy)
 	|| vstream_ferror(state->proxy)
 	|| vstream_feof(state->proxy)
-	|| ((err = vstream_setjmp(state->proxy) != 0)
+	|| ((err = vstream_setjmp(state->proxy)) != 0
 	    && smtpd_proxy_rdwr_error(state->proxy, err))) {
 	state->error_mask |= MAIL_ERROR_SOFTWARE;
 	state->err |= CLEANUP_STAT_PROXY;
diff --git a/postfix/src/smtpstone/qmqp-sink.c b/postfix/src/smtpstone/qmqp-sink.c
index 3be497a45..2116b1bda 100644
--- a/postfix/src/smtpstone/qmqp-sink.c
+++ b/postfix/src/smtpstone/qmqp-sink.c
@@ -85,7 +85,7 @@ typedef struct {
 static int var_tmout;
 static VSTRING *buffer;
 static void disconnect(SINK_STATE *);
-static int count;
+static int count_deliveries;
 static int counter;
 
 /* send_reply - finish conversation */
@@ -95,7 +95,7 @@ static void send_reply(SINK_STATE *state)
     vstring_sprintf(buffer, "%cOk", QMQP_STAT_OK);
     NETSTRING_PUT_BUF(state->stream, buffer);
     netstring_fflush(state->stream);
-    if (count) {
+    if (count_deliveries) {
 	counter++;
 	vstream_printf("%d\r", counter);
 	vstream_fflush(VSTREAM_OUT);
@@ -265,7 +265,7 @@ int     main(int argc, char **argv)
 	    protocols = INET_PROTO_NAME_IPV6;
 	    break;
 	case 'c':
-	    count++;
+	    count_deliveries++;
 	    break;
 	case 'v':
 	    msg_verbose++;
diff --git a/postfix/src/tls/tls_session.c b/postfix/src/tls/tls_session.c
index b30b72761..864bc4627 100644
--- a/postfix/src/tls/tls_session.c
+++ b/postfix/src/tls/tls_session.c
@@ -74,7 +74,7 @@
 
 /* tls_session_stop - shut down the TLS connection and reset state */
 
-void    tls_session_stop(SSL_CTX *ctx, VSTREAM *stream, int timeout,
+void    tls_session_stop(SSL_CTX *unused_ctx, VSTREAM *stream, int timeout,
 			         int failure, TLScontext_t *TLScontext)
 {
     const char *myname = "tls_session_stop";
diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c
index 87ab4e9f7..2c9edd008 100644
--- a/postfix/src/tls/tls_verify.c
+++ b/postfix/src/tls/tls_verify.c
@@ -295,7 +295,7 @@ char   *tls_issuer_CN(X509 *peer)
      * If no issuer CN field, use Organization instead. CA certs without a CN
      * are common, so we only complain if the organization is also missing.
      */
-    if (!(cn = tls_text_name(name, NID_commonName, "issuer CN", DONT_GRIPE)))
+    if ((cn = tls_text_name(name, NID_commonName, "issuer CN", DONT_GRIPE)) == 0)
 	cn = tls_text_name(name, NID_organizationName,
 			   "issuer Organization", DO_GRIPE);
     return (cn);
diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c
index b72619957..c03f019be 100644
--- a/postfix/src/trivial-rewrite/resolve.c
+++ b/postfix/src/trivial-rewrite/resolve.c
@@ -188,8 +188,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr,
     tree = tok822_scan_addr(vstring_str(addr_buf));
 
     /*
-     * Let the optimizer replace multiple expansions of this macro by a GOTO
-     * to a single instance.
+     * The optimizer will eliminate tests that always fail, and will replace
+     * multiple expansions of this macro by a GOTO to a single instance.
      */
 #define FREE_MEMORY_AND_RETURN { \
 	if (saved_domain) \
@@ -366,6 +366,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr,
      */
     tok822_internalize(nextrcpt, tree, TOK822_STR_DEFL);
     rcpt_domain = strrchr(STR(nextrcpt), '@') + 1;
+    if (rcpt_domain == 0)
+	msg_panic("no @ in address: \"%s\"", STR(nextrcpt));
     if (*rcpt_domain == '[') {
 	if (!valid_mailhost_literal(rcpt_domain, DONT_GRIPE))
 	    *flags |= RESOLVE_FLAG_ERROR;
diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c
index 1e5df5a2b..60155de03 100644
--- a/postfix/src/trivial-rewrite/rewrite.c
+++ b/postfix/src/trivial-rewrite/rewrite.c
@@ -211,36 +211,12 @@ void    rewrite_tree(RWR_CONTEXT *context, TOK822 *tree)
 	tok822_free_tree(tok822_sub_keep_before(tree, tree->tail));
 }
 
-/* rewrite_addr - rewrite address according to rule set */
-
-void    rewrite_addr(RWR_CONTEXT *context, char *addr, VSTRING *result)
-{
-    TOK822 *tree;
-
-    /*
-     * Sanity check. An address is supposed to be in externalized form.
-     */
-    if (*addr == 0) {
-	msg_warn("rewrite_addr: null address");
-	vstring_strcpy(result, addr);
-	return;
-    }
-
-    /*
-     * Convert the address from externalized (quoted) form to token list,
-     * rewrite it, and convert back.
-     */
-    tree = tok822_scan_addr(addr);
-    rewrite_tree(context, tree);
-    tok822_externalize(result, tree, TOK822_STR_DEFL);
-    tok822_free_tree(tree);
-}
-
 /* rewrite_proto - read request and send reply */
 
 int     rewrite_proto(VSTREAM *stream)
 {
     RWR_CONTEXT *context;
+    TOK822 *tree;
 
     if (attr_scan(stream, ATTR_FLAG_STRICT,
 		  ATTR_TYPE_STR, MAIL_ATTR_RULE, ruleset,
@@ -256,8 +232,25 @@ int     rewrite_proto(VSTREAM *stream)
 	msg_warn("unknown context: %s", vstring_str(ruleset));
 	return (-1);
     }
-    rewrite_addr(context, vstring_str(address), result);
 
+    /*
+     * Sanity check. An address is supposed to be in externalized form.
+     */
+    if (*vstring_str(address) == 0) {
+	msg_warn("rewrite_addr: null address");
+	vstring_strcpy(result, vstring_str(address));
+    }
+
+    /*
+     * Convert the address from externalized (quoted) form to token list,
+     * rewrite it, and convert back.
+     */
+    else {
+	tree = tok822_scan_addr(vstring_str(address));
+	rewrite_tree(context, tree);
+	tok822_externalize(result, tree, TOK822_STR_DEFL);
+	tok822_free_tree(tree);
+    }
     if (msg_verbose)
 	msg_info("`%s' `%s' -> `%s'", vstring_str(ruleset),
 		 vstring_str(address), vstring_str(result));
diff --git a/postfix/src/util/dict.c b/postfix/src/util/dict.c
index b39a97154..bb55c5a2f 100644
--- a/postfix/src/util/dict.c
+++ b/postfix/src/util/dict.c
@@ -248,7 +248,7 @@ DICT   *dict_handle(const char *dict_name)
 {
     DICT_NODE *node;
 
-    return ((node = dict_node(dict_name)) ? node->dict : 0);
+    return ((node = dict_node(dict_name)) != 0 ? node->dict : 0);
 }
 
 /* dict_node_free - dict_unregister() callback */
diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c
index 24142fcde..4c338125a 100644
--- a/postfix/src/util/dict_db.c
+++ b/postfix/src/util/dict_db.c
@@ -152,15 +152,16 @@ static int sanitize(int status)
      */
     switch (status) {
 
-	case DB_NOTFOUND:		/* get, del */
-	case DB_KEYEXIST:		/* put */
-	return (1);			/* non-fatal */
+    case DB_NOTFOUND:				/* get, del */
+    case DB_KEYEXIST:				/* put */
+	return (1);				/* non-fatal */
 
     case 0:
 	return (0);				/* success */
 
     case DB_KEYEMPTY:				/* get, others? */
 	status = EINVAL;
+	/* FALLTHROUGH */
     default:
 	errno = status;
 	return (-1);				/* fatal */
diff --git a/postfix/src/util/htable.c b/postfix/src/util/htable.c
index 86116e1e0..1fbbfcf24 100644
--- a/postfix/src/util/htable.c
+++ b/postfix/src/util/htable.c
@@ -140,11 +140,11 @@ static unsigned htable_hash(const char *s, unsigned size)
 /* htable_link - insert element into table */
 
 #define htable_link(table, element) { \
-     HTABLE_INFO **h = table->data + htable_hash(element->key, table->size);\
+     HTABLE_INFO **_h = table->data + htable_hash(element->key, table->size);\
     element->prev = 0; \
-    if ((element->next = *h) != 0) \
-	(*h)->prev = element; \
-    *h = element; \
+    if ((element->next = *_h) != 0) \
+	(*_h)->prev = element; \
+    *_h = element; \
     table->used++; \
 }
 
diff --git a/postfix/src/util/percentm.c b/postfix/src/util/percentm.c
index 31eb14ca9..854f1869f 100644
--- a/postfix/src/util/percentm.c
+++ b/postfix/src/util/percentm.c
@@ -67,6 +67,7 @@ char   *percentm(const char *str, int err)
 	    switch (ip[1]) {
 	    default:				/* leave % alone */
 		VSTRING_ADDCH(vp, *ip++);
+		/* FALLTHROUGH */
 	    case '\0':				/* don't fall off end */
 		VSTRING_ADDCH(vp, *ip++);
 		break;
diff --git a/postfix/src/util/safe_open.c b/postfix/src/util/safe_open.c
index d64840b11..1ecabecf2 100644
--- a/postfix/src/util/safe_open.c
+++ b/postfix/src/util/safe_open.c
@@ -175,7 +175,7 @@ static VSTREAM *safe_open_exist(const char *path, int flags,
 /* safe_open_create - create new file */
 
 static VSTREAM *safe_open_create(const char *path, int flags, mode_t mode,
-	            struct stat * st, uid_t user, uid_t group, VSTRING *why)
+	            struct stat * st, uid_t user, gid_t group, VSTRING *why)
 {
     VSTREAM *fp;
 
diff --git a/postfix/src/util/vbuf_print.c b/postfix/src/util/vbuf_print.c
index 4046110e6..e64b15b2e 100644
--- a/postfix/src/util/vbuf_print.c
+++ b/postfix/src/util/vbuf_print.c
@@ -96,9 +96,9 @@
 
 #define VBUF_STRCAT(bp, s) { \
 	unsigned char *_cp = (unsigned char *) (s); \
-	int ch; \
-	while ((ch = *_cp++) != 0) \
-	    VBUF_PUT((bp), ch); \
+	int _ch; \
+	while ((_ch = *_cp++) != 0) \
+	    VBUF_PUT((bp), _ch); \
     }
 
 /* vbuf_print - format string, vsprintf-like interface */
@@ -156,7 +156,7 @@ VBUF   *vbuf_print(VBUF *bp, const char *format, va_list ap)
 		VSTRING_ADDNUM(fmt, width);
 		cp++;
 	    } else {				/* hard-coded field width */
-		for (width = 0; ISDIGIT(ch = *cp); cp++) {
+		for (width = 0; ch = *cp, ISDIGIT(ch); cp++) {
 		    width = width * 10 + ch - '0';
 		    VSTRING_ADDCH(fmt, ch);
 		}
@@ -172,7 +172,7 @@ VBUF   *vbuf_print(VBUF *bp, const char *format, va_list ap)
 		VSTRING_ADDNUM(fmt, prec);
 		cp++;
 	    } else {				/* hard-coded precision */
-		for (prec = 0; ISDIGIT(ch = *cp); cp++) {
+		for (prec = 0; ch = *cp, ISDIGIT(ch); cp++) {
 		    prec = prec * 10 + ch - '0';
 		    VSTRING_ADDCH(fmt, ch);
 		}
diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c
index 2fb5a291a..c5f2911af 100644
--- a/postfix/src/util/vstream.c
+++ b/postfix/src/util/vstream.c
@@ -303,7 +303,8 @@
 /*	given to vstream_longjmp().
 /*
 /*	NB: non-local jumps such as vstream_longjmp() are not safe
-/*	for jumping out of any vstream routine.
+/*	for jumping out of any routine that manipulates VSTREAM data.
+/*	longjmp() like calls are best avoided in signal handlers.
 /*
 /*	vstream_ftime() returns the time of initialization, the last buffer
 /*	fill operation, or the last buffer flush operation for the specified
@@ -891,6 +892,7 @@ off_t   vstream_fseek(VSTREAM *stream, off_t offset, int whence)
 	    offset += bp->cnt;			/* subtract unread data */
 	else if (whence == SEEK_END)
 	    bp->flags &= ~VSTREAM_FLAG_SEEK;
+	/* FALLTHROUGH */
     case 0:
 	VSTREAM_BUF_AT_END(bp);
 	break;