From: Wietse Venema Date: Thu, 1 Jun 2006 05:00:00 +0000 (-0500) Subject: postfix-2.3-20060601 X-Git-Tag: v2.3-RC1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=318987d107c7a9196c52503e9ae842916af48b39;p=thirdparty%2Fpostfix.git postfix-2.3-20060601 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 2d4cb49cd..89683247d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12163,8 +12163,25 @@ Apologies for any names omitted. problem. Victor Duchovni. Files: tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. +20060524 + + Cleanup: send ETRN command parameter when using check_policy + in the context of an ETRN command. Joshua Goodall. File: + smtpd/smtpd_check.c. + +20060601 + + Bugfix (bug introduced 20051118): permit_mx_backup authorized + domains without secondary MX records. Joshua Goodall. File: + smtpd/smtpd_check.c. + Wish list: + Find out if postfix_tls@aet.tu-cottbus.de is still appropriate, + and if not, update TLS_README. + + Do or don't introduce unknown_reverse_client_reject_code. + Don't send xforward attributes to every site that announces xforward support. diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index f3339537c..15679b7b0 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -225,7 +225,7 @@ Postfix has a bunch of parameters that control the caching of positive and negative results. Refer to the verify(8) manual page for details. The address_verify_map (NOTE: singular) configuration parameter specifies an -optional persistent database for sender address verification results. If you +optional database for sender or recipient address verification results. If you don't specify a file, all address verification information is lost after "postfix reload" or "postfix stop". diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index e58508cdd..efa61a323 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -64,6 +64,7 @@ a delegated SMTPD access policy request: encryption_protocol=TLSv1/SSLv3 encryption_cipher=DHE-RSA-AES256-SHA encryption_keysize=256 + etrn_domain= [empty line] Notes: @@ -119,6 +120,9 @@ Notes: about how the connection is encrypted. With plaintext connections the protocol and cipher attributes are empty and the keysize is zero. + * The "etrn_domain" attribute is defined only in the context of the ETRN + command, and specifies the ETRN command parameter. + The following is specific to SMTPD delegated policy requests: * Protocol names are ESMTP or SMTP. diff --git a/postfix/README_FILES/STANDARD_CONFIGURATION_README b/postfix/README_FILES/STANDARD_CONFIGURATION_README index 46b6dba47..a1c8f6ae2 100644 --- a/postfix/README_FILES/STANDARD_CONFIGURATION_README +++ b/postfix/README_FILES/STANDARD_CONFIGURATION_README @@ -413,8 +413,8 @@ Important notes: up.domain.tld" domain. This prevents your mail queue from filling up with undeliverable MAILER-DAEMON messages. If you can't maintain a list of valid recipients then you must specify "relay_recipient_maps =" (that is, an - empty value), or you must specify an "@the.backed-up.domain x" wild-card in - the relay_recipients table. + empty value), or you must specify an "@the.backed-up.domain.tld x" wild- + card in the relay_recipients table. * Line 22: The [] forces Postfix to do no MX lookup. diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html index 190bbaa7e..364dea607 100644 --- a/postfix/html/ADDRESS_VERIFICATION_README.html +++ b/postfix/html/ADDRESS_VERIFICATION_README.html @@ -166,7 +166,7 @@ the status is cached and Postfix replies immediately.

When verification takes too long the Postfix SMTP server defers the sender or recipient address with a 450 reply. Normal mail clients will connect again after some delay. The address verification -delay is configurable with the main.cf address_verify_poll_count +delay is configurable with the main.cf address_verify_poll_count and address_verify_poll_delay parameters. See postconf(5) for details.

@@ -232,7 +232,7 @@ succeeds, then Postfix accepts mail for the recipient address. 

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_recipient_restrictions = 
         permit_mynetworks
         reject_unauth_destination
@@ -259,7 +259,7 @@ specific domains that often appear in forged email. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_sender_restrictions = hash:/etc/postfix/sender_access
     unverified_sender_reject_code = 550
     # Note 1: Be sure to read the "Caching" section below!
@@ -296,7 +296,7 @@ you can see what mail would be blocked: 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtpd_sender_restrictions = 
         permit_mynetworks
         ... 
@@ -344,7 +344,7 @@ judgments. 

 
Address verification database

 
 
 NOTE: By default, address verification information is not stored
-in a persistent file. You have to specify one in main.cf (see
+in a persistent file. You have to specify one in main.cf (see
 below). Persistent storage is off by default because it may need
 more disk space than is available in your file system. 

 
@@ -354,7 +354,7 @@ of positive and negative results. Refer to the verify(8)
 page for details. 

 
 
 The address_verify_map (NOTE: singular) configuration parameter
-specifies an optional persistent database for sender address
+specifies an optional database for sender or recipient address
 verification results.  If you don't specify a file, all address
 verification information is lost after "postfix reload" or "postfix
 stop". 

@@ -363,7 +363,7 @@ stop". 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     # Note: avoid hash files here. Use btree instead.
     address_verify_map = btree:/var/mta/verify
 

@@ -463,7 +463,7 @@ for address verification probes and leave everything else alone:
 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relayhost = $mydomain
     address_verify_relayhost =
     ...
@@ -476,12 +476,12 @@ information:  

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relayhost = $mydomain
     address_verify_relayhost =
     address_verify_default_transport = direct_smtp
 
-/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     direct_smtp .. .. .. ..  .. .. .. .. .. smtp
         -o smtp_helo_name=nat.box.tld
 

diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html
index 179b22fc2..d1b0c73f9 100644
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@@ -96,6 +96,7 @@ ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
 encryption_protocol=TLSv1/SSLv3
 encryption_cipher=DHE-RSA-AES256-SHA
 encryption_keysize=256
+etrn_domain=
 [empty line]
 

 

@@ -167,6 +168,10 @@ encryption_keysize=256
     plaintext connections the protocol and cipher attributes are
     empty and the keysize is zero.  

 
+    
  •  
     The "etrn_domain" attribute is defined only in the
+    context of the ETRN command, and specifies the ETRN command
+    parameter. 
    
+
 
 
 
     The following is specific to SMTPD delegated policy requests:
diff --git a/postfix/html/STANDARD_CONFIGURATION_README.html b/postfix/html/STANDARD_CONFIGURATION_README.html
index 7823217ff..e2163568d 100644
--- a/postfix/html/STANDARD_CONFIGURATION_README.html
+++ b/postfix/html/STANDARD_CONFIGURATION_README.html
@@ -566,8 +566,8 @@ world than the local machine. 
    
 from filling up with undeliverable MAILER-DAEMON messages. If you
 can't maintain a list of valid recipients then you must specify
 "relay_recipient_maps =" (that is, an empty value), or you must
-specify an "@the.backed-up.domain  x" wild-card in the relay_recipients
-table. 
    
+specify an "@the.backed-up.domain.tld  x" wild-card in the
+relay_recipients table. 
    
 
 
  •  
     Line 22: The [] forces Postfix to do no MX lookup. 
    
 
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html
index 893e76525..ac970d48e 100644
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@@ -159,13 +159,15 @@ PIPE(8)                                                                PIPE(8)
               by naive software. For example,  when  the  pipe(8)
               daemon executes a command such as:
 
-                  command -f$sender -- $recipient
+                  command -f$sender -- $recipient (bad)
 
               the command will mis-parse the -f option value when
               the sender address is a null string.   For  correct
-              parsing,  specify $sender as an argument by itself.
+              parsing, specify $sender as an argument by itself:
 
-              This feature is  available  with  Postfix  2.3  and
+                  command -f $sender -- $recipient (good)
+
+              This  feature  is  available  with  Postfix 2.3 and
               later.
 
        size=size_limit (optional)
@@ -176,217 +178,217 @@ PIPE(8)                                                                PIPE(8)
 
        user=username:groupname
               Execute the external command with the rights of the
-              specified  username.   The software refuses to exe-
-              cute commands with root  privileges,  or  with  the
-              privileges  of  the mail system owner. If groupname
-              is specified, the corresponding group  ID  is  used
+              specified username.  The software refuses  to  exe-
+              cute  commands  with  root  privileges, or with the
+              privileges of the mail system owner.  If  groupname
+              is  specified,  the  corresponding group ID is used
               instead of the group ID of username.
 
        argv=command... (required)
-              The  command to be executed. This must be specified
+              The command to be executed. This must be  specified
               as the last command attribute.  The command is exe-
               cuted  directly,  i.e.  without  interpretation  of
-              shell meta characters by  a  shell  command  inter-
+              shell  meta  characters  by  a shell command inter-
               preter.
 
               In  the  command  argument  vector,  the  following
               macros are recognized and replaced with correspond-
-              ing  information  from  the  Postfix  queue manager
+              ing information  from  the  Postfix  queue  manager
               delivery request.
 
-              In addition to the form ${name},  the  forms  $name
-              and  $(name) are also recognized.  Specify $$ where
+              In  addition  to  the form ${name}, the forms $name
+              and $(name) are also recognized.  Specify $$  where
               a single $ is wanted.
 
               ${client_address}
                      This macro expands to the remote client net-
                      work address.
 
-                     This  is available in Postfix 2.2 and later.
+                     This is available in Postfix 2.2 and  later.
 
               ${client_helo}
                      This macro expands to the remote client HELO
                      command parameter.
 
-                     This  is available in Postfix 2.2 and later.
+                     This is available in Postfix 2.2 and  later.
 
               ${client_hostname}
-                     This macro  expands  to  the  remote  client
+                     This  macro  expands  to  the  remote client
                      hostname.
 
-                     This  is available in Postfix 2.2 and later.
+                     This is available in Postfix 2.2 and  later.
 
               ${client_protocol}
                      This macro expands to the remote client pro-
                      tocol.
 
-                     This  is available in Postfix 2.2 and later.
+                     This is available in Postfix 2.2 and  later.
 
               ${extension}
-                     This macro expands to the extension part  of
-                     a  recipient  address.  For example, with an
+                     This  macro expands to the extension part of
+                     a recipient address.  For example,  with  an
                      address  user+foo@domain  the  extension  is
                      foo.
 
-                     A   command-line   argument   that  contains
-                     ${extension} expands into as  many  command-
+                     A  command-line   argument   that   contains
+                     ${extension}  expands  into as many command-
                      line arguments as there are recipients.
 
-                     This  information  is modified by the u flag
+                     This information is modified by the  u  flag
                      for case folding.
 
               ${mailbox}
-                     This macro expands  to  the  complete  local
-                     part  of  a recipient address.  For example,
-                     with an address user+foo@domain the  mailbox
+                     This  macro  expands  to  the complete local
+                     part of a recipient address.   For  example,
+                     with  an address user+foo@domain the mailbox
                      is user+foo.
 
-                     A   command-line   argument   that  contains
-                     ${mailbox} expands to as  many  command-line
+                     A  command-line   argument   that   contains
+                     ${mailbox}  expands  to as many command-line
                      arguments as there are recipients.
 
-                     This  information  is modified by the u flag
+                     This information is modified by the  u  flag
                      for case folding.
 
               ${nexthop}
                      This macro expands to the next-hop hostname.
 
-                     This  information  is modified by the h flag
+                     This information is modified by the  h  flag
                      for case folding.
 
               ${recipient}
                      This macro expands to the complete recipient
                      address.
 
-                     A   command-line   argument   that  contains
+                     A  command-line   argument   that   contains
                      ${recipient} expands to as many command-line
                      arguments as there are recipients.
 
-                     This  information  is  modified  by  the hqu
+                     This information  is  modified  by  the  hqu
                      flags for quoting and case folding.
 
               ${sasl_method}
-                     This macro expands to the  SASL  authentica-
-                     tion  mechanism used during the reception of
-                     the message. An empty string  is  passed  if
-                     the  message  has been received without SASL
+                     This  macro  expands to the SASL authentica-
+                     tion mechanism used during the reception  of
+                     the  message.  An  empty string is passed if
+                     the message has been received  without  SASL
                      authentication.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${sasl_sender}
-                     This  macro  expands to the SASL sender name
-                     (i.e. the  original  submitter  as  per  RFC
-                     2554)  used during the reception of the mes-
+                     This macro expands to the SASL  sender  name
+                     (i.e.  the  original  submitter  as  per RFC
+                     2554) used during the reception of the  mes-
                      sage.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${sasl_username}
-                     This  macro  expands  to  the SASL user name
+                     This macro expands to  the  SASL  user  name
                      used during the reception of the message. An
-                     empty  string  is  passed if the message has
+                     empty string is passed if  the  message  has
                      been received without SASL authentication.
 
-                     This is available in Postfix 2.2 and  later.
+                     This  is available in Postfix 2.2 and later.
 
               ${sender}
-                     This  macro  expands  to the envelope sender
+                     This macro expands to  the  envelope  sender
                      address. By default, the null sender address
-                     expands   to   MAILER-DAEMON;  this  can  be
-                     changed with the null_sender  attribute,  as
+                     expands  to  MAILER-DAEMON;  this   can   be
+                     changed  with  the null_sender attribute, as
                      described above.
 
-                     This  information  is modified by the q flag
+                     This information is modified by the  q  flag
                      for quoting.
 
               ${size}
-                     This macro expands to Postfix's idea of  the
-                     message  size,  which is an approximation of
+                     This  macro expands to Postfix's idea of the
+                     message size, which is an  approximation  of
                      the size of the message as delivered.
 
               ${user}
                      This macro expands to the username part of a
-                     recipient  address.   For  example,  with an
+                     recipient address.   For  example,  with  an
                      address user+foo@domain the username part is
                      user.
 
-                     A   command-line   argument   that  contains
-                     ${user} expands into  as  many  command-line
+                     A  command-line   argument   that   contains
+                     ${user}  expands  into  as many command-line
                      arguments as there are recipients.
 
-                     This  information  is modified by the u flag
+                     This information is modified by the  u  flag
                      for case folding.
 
 STANDARDS
        RFC 3463 (Enhanced status codes)
 
 DIAGNOSTICS
-       Command exit status codes are expected to follow the  con-
-       ventions  defined  in  <sysexits.h>.   Exit status 0 means
+       Command  exit status codes are expected to follow the con-
+       ventions defined in <sysexits.h>.   Exit  status  0  means
        normal successful completion.
 
-       Postfix version  2.3  and  later  support  RFC  3463-style
-       enhanced  status  codes.   If  a command terminates with a
-       non-zero exit status, and the command output  begins  with
+       Postfix  version  2.3  and  later  support  RFC 3463-style
+       enhanced status codes.  If a  command  terminates  with  a
+       non-zero  exit  status, and the command output begins with
        an enhanced status code, this status code takes precedence
        over the non-zero exit status.
 
-       Problems and transactions are logged to syslogd(8).   Cor-
-       rupted  message files are marked so that the queue manager
+       Problems  and transactions are logged to syslogd(8).  Cor-
+       rupted message files are marked so that the queue  manager
        can move them to the corrupt queue for further inspection.
 
 SECURITY
-       This  program  needs  a  dual personality 1) to access the
-       private Postfix queue and IPC mechanisms, and 2)  to  exe-
+       This program needs a dual personality  1)  to  access  the
+       private  Postfix  queue and IPC mechanisms, and 2) to exe-
        cute external commands as the specified user. It is there-
        fore security sensitive.
 
 CONFIGURATION PARAMETERS
-       Changes to main.cf are picked up automatically as  pipe(8)
-       processes  run  for only a limited amount of time. Use the
+       Changes  to main.cf are picked up automatically as pipe(8)
+       processes run for only a limited amount of time.  Use  the
        command "postfix reload" to speed up a change.
 
-       The text below provides  only  a  parameter  summary.  See
+       The  text  below  provides  only  a parameter summary. See
        postconf(5) for more details including examples.
 
 RESOURCE AND RATE CONTROLS
-       In  the text below, transport is the first field in a mas-
+       In the text below, transport is the first field in a  mas-
        ter.cf entry.
 
        transport_destination_concurrency_limit ($default_destina-
        tion_concurrency_limit)
               Limit the number of parallel deliveries to the same
-              destination,  for delivery via the named transport.
+              destination, for delivery via the named  transport.
               The limit is enforced by the Postfix queue manager.
 
        transport_destination_recipient_limit   ($default_destina-
        tion_recipient_limit)
-              Limit  the  number of recipients per message deliv-
-              ery, for delivery via  the  named  transport.   The
+              Limit the number of recipients per  message  deliv-
+              ery,  for  delivery  via  the named transport.  The
               limit is enforced by the Postfix queue manager.
 
        transport_time_limit ($command_time_limit)
-              Limit  the  time  for delivery to external command,
+              Limit the time for delivery  to  external  command,
               for delivery via the named transport.  The limit is
               enforced by the pipe delivery agent.
 
 MISCELLANEOUS CONTROLS
        config_directory (see 'postconf -d' output)
-              The  default  location  of  the Postfix main.cf and
+              The default location of  the  Postfix  main.cf  and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        delay_logging_resolution_limit (2)
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
               point when logging sub-second delay values.
 
        export_environment (see 'postconf -d' output)
-              The  list  of  environment variables that a Postfix
+              The list of environment variables  that  a  Postfix
               process will export to non-Postfix processes.
 
        ipc_timeout (3600s)
@@ -398,24 +400,24 @@ PIPE(8)                                                                PIPE(8)
               and most Postfix daemon processes.
 
        max_idle (100s)
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits for the next service request
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits for the next  service  request
               before exiting.
 
        max_use (100)
-              The maximal number of connection requests before  a
+              The  maximal number of connection requests before a
               Postfix daemon process terminates.
 
        process_id (read-only)
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
               process.
 
        process_name (read-only)
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
               process.
 
        queue_directory (see 'postconf -d' output)
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        recipient_delimiter (empty)
@@ -426,8 +428,8 @@ PIPE(8)                                                                PIPE(8)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 SEE ALSO
@@ -439,7 +441,7 @@ PIPE(8)                                                                PIPE(8)
        syslogd(8), system logging
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 27b42a0d8..4703069df 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -7929,7 +7929,8 @@ Example:
 
 
    
 Clients that are excluded from connection count, connection rate,
-or SMTP request rate restrictions.
+or SMTP request rate restrictions. See the mynetworks parameter
+description for the parameter value syntax.
 
    
 
 
    
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index f476d0564..e4471ffe4 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4500,7 +4500,8 @@ smtpd_client_connection_rate_limit = 1000
 .ft R
 .SH smtpd_client_event_limit_exceptions (default: $mynetworks)
 Clients that are excluded from connection count, connection rate,
-or SMTP request rate restrictions.
+or SMTP request rate restrictions. See the mynetworks parameter
+description for the parameter value syntax.
 .PP
 By default, clients in trusted networks are excluded. Specify a
 list of network blocks, hostnames or .domain names (the initial
diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8
index 40ccc713d..ef34634b0 100644
--- a/postfix/man/man8/pipe.8
+++ b/postfix/man/man8/pipe.8
@@ -147,12 +147,15 @@ naive software. For example, when the \fBpipe\fR(8) daemon
 executes a command such as:
 
 .ti +4
-command -f$sender -- $recipient
+command -f$sender -- $recipient (\fIbad\fR)
 
 the command will mis-parse the -f option value when the
 sender address is a null string.  For correct parsing,
-specify \fB$sender\fR as an argument by itself.
-.sp
+specify \fB$sender\fR as an argument by itself:
+
+.ti +4
+command -f $sender -- $recipient (\fIgood\fR)
+
 This feature is available with Postfix 2.3 and later.
 .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
 Messages greater in size than this limit (in bytes) will
diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html
index ef1fb069c..beb6c87bf 100644
--- a/postfix/proto/ADDRESS_VERIFICATION_README.html
+++ b/postfix/proto/ADDRESS_VERIFICATION_README.html
@@ -354,7 +354,7 @@ of positive and negative results. Refer to the verify(8) manual
 page for details. 
    
 
 
     The address_verify_map (NOTE: singular) configuration parameter
-specifies an optional persistent database for sender address
+specifies an optional database for sender or recipient address
 verification results.  If you don't specify a file, all address
 verification information is lost after "postfix reload" or "postfix
 stop". 
    
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index f9c60d5a8..a722f99a0 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -96,6 +96,7 @@ ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
 encryption_protocol=TLSv1/SSLv3
 encryption_cipher=DHE-RSA-AES256-SHA
 encryption_keysize=256
+etrn_domain=
 [empty line]
 
    • 
 
    
@@ -167,6 +168,10 @@ encryption_keysize=256
     plaintext connections the protocol and cipher attributes are
     empty and the keysize is zero.  
    
 
+    
  •  
     The "etrn_domain" attribute is defined only in the
+    context of the ETRN command, and specifies the ETRN command
+    parameter. 
    
+
 
 
 
     The following is specific to SMTPD delegated policy requests:
diff --git a/postfix/proto/STANDARD_CONFIGURATION_README.html b/postfix/proto/STANDARD_CONFIGURATION_README.html
index 5250a023e..ececbf902 100644
--- a/postfix/proto/STANDARD_CONFIGURATION_README.html
+++ b/postfix/proto/STANDARD_CONFIGURATION_README.html
@@ -566,8 +566,8 @@ world than the local machine. 
    
 from filling up with undeliverable MAILER-DAEMON messages. If you
 can't maintain a list of valid recipients then you must specify
 "relay_recipient_maps =" (that is, an empty value), or you must
-specify an "@the.backed-up.domain  x" wild-card in the relay_recipients
-table. 
    
+specify an "@the.backed-up.domain.tld  x" wild-card in the
+relay_recipients table. 
    
 
 
  •  
     Line 22: The [] forces Postfix to do no MX lookup. 
    
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 6563096f1..9dbcabb7a 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -4356,7 +4356,8 @@ This feature is available in Postfix 2.2 and later.
 
 
    
 Clients that are excluded from connection count, connection rate,
-or SMTP request rate restrictions.
+or SMTP request rate restrictions. See the mynetworks parameter
+description for the parameter value syntax.
 
    
 
 
    
diff --git a/postfix/src/global/mail_proto.h b/postfix/src/global/mail_proto.h
index 232b5ffe5..26e41a332 100644
--- a/postfix/src/global/mail_proto.h
+++ b/postfix/src/global/mail_proto.h
@@ -124,6 +124,7 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_SASL_METHOD	"sasl_method"
 #define MAIL_ATTR_SASL_USERNAME	"sasl_username"
 #define MAIL_ATTR_SASL_SENDER	"sasl_sender"
+#define MAIL_ATTR_ETRN_DOMAIN	"etrn_domain"
 #define MAIL_ATTR_DUMMY		"dummy"
 #define MAIL_ATTR_RWR_CONTEXT	"rewrite_context"
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0aa427842..8aca55168 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060518"
+#define MAIL_RELEASE_DATE	"20060601"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c
index b35b689fe..09bc80360 100644
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -137,12 +137,15 @@
 /*	executes a command such as:
 /*
 /* .ti +4
-/*	command -f$sender -- $recipient
+/*	command -f$sender -- $recipient (\fIbad\fR)
 /*
 /*	the command will mis-parse the -f option value when the
 /*	sender address is a null string.  For correct parsing,
-/*	specify \fB$sender\fR as an argument by itself.
-/* .sp
+/*	specify \fB$sender\fR as an argument by itself:
+/*
+/* .ti +4
+/*	command -f $sender -- $recipient (\fIgood\fR)
+/*
 /*	This feature is available with Postfix 2.3 and later.
 /* .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
 /*	Messages greater in size than this limit (in bytes) will
diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in
index 5efa11f84..d39c70185 100644
--- a/postfix/src/smtpd/Makefile.in
+++ b/postfix/src/smtpd/Makefile.in
@@ -62,16 +62,21 @@ clean:
 tidy:	clean
 
 tests: smtpd_check_test smtpd_check_test2 smtpd_acl_test smtpd_exp_test \
-	smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test
+	smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \
+	smtpd_check_backup_test
 
 root_tests:
 
+# This requires that the DNS server can query mail-abuse.org.
+
 smtpd_check_test: smtpd_check smtpd_check.in smtpd_check.ref smtpd_check_access
 	../postmap/postmap hash:smtpd_check_access
 	./smtpd_check smtpd_check.tmp 2>&1
 	diff smtpd_check.ref smtpd_check.tmp
 	rm -f smtpd_check.tmp smtpd_check_access.*
 
+# This requires that the DNS server can query mail-abuse.org.
+
 smtpd_check_test2: smtpd_check smtpd_check.in2 smtpd_check.ref2 smtpd_check_access
 	../postmap/postmap hash:smtpd_check_access
 	./smtpd_check smtpd_check.tmp 2>&1
@@ -90,6 +95,8 @@ smtpd_acl_test: smtpd_check smtpd_acl.in smtpd_acl.ref smtpd_check_access
 	diff smtpd_acl.ref smtpd_check.tmp
 	rm -f smtpd_check.tmp smtpd_check_access.*
 
+# This requires that the DNS server can query mail-abuse.org.
+
 smtpd_exp_test: smtpd_check smtpd_exp.in smtpd_exp.ref
 	../postmap/postmap hash:smtpd_check_access
 	./smtpd_check smtpd_exp.tmp 2>&1
@@ -102,6 +109,13 @@ smtpd_check_dsn_test: smtpd_check smtpd_check_dsn.in smtpd_check_dsn.ref smtpd_c
 	diff smtpd_check_dsn.ref smtpd_check.tmp
 	rm -f smtpd_check.tmp smtpd_check_access.*
 
+# This requires that 168,100.189.7 is a local or virtual interface.
+
+smtpd_check_backup_test: smtpd_check smtpd_check_backup.in smtpd_check_backup.ref
+	./smtpd_check smtpd_check.tmp 2>&1
+	diff smtpd_check_backup.ref smtpd_check.tmp
+	rm -f smtpd_check.tmp
+
 smtpd_token_test: smtpd_token smtpd_token.in smtpd_token.ref
 	./smtpd_token smtpd_token.tmp 2>&1
 	diff smtpd_token.ref smtpd_token.tmp
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index b88923257..83a8c313e 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -1655,7 +1655,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
     /*
      * Then, see if we match any of the backup MX servers.
      */
-    if (rest && !i_am_mx(state, rest, reply_name, reply_class))
+    if (rest == 0 || !i_am_mx(state, rest, reply_name, reply_class))
 	PERMIT_MX_BACKUP_RETURN(SMTPD_CHECK_DUNNO);
 
     /*
@@ -3291,6 +3291,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
 			  ATTR_TYPE_LONG, MAIL_ATTR_SIZE,
 			  (unsigned long) (state->act_size > 0 ?
 					 state->act_size : state->msg_size),
+			  ATTR_TYPE_STR, MAIL_ATTR_ETRN_DOMAIN,
+			  state->etrn_name ? state->etrn_name : "",
 #ifdef USE_SASL_AUTH
 			  ATTR_TYPE_STR, MAIL_ATTR_SASL_METHOD,
 			  var_smtpd_sasl_enable && state->sasl_method ?
diff --git a/postfix/src/smtpd/smtpd_backup.in b/postfix/src/smtpd/smtpd_check_backup.in
similarity index 100%
rename from postfix/src/smtpd/smtpd_backup.in
rename to postfix/src/smtpd/smtpd_check_backup.in
diff --git a/postfix/src/smtpd/smtpd_backup.ref b/postfix/src/smtpd/smtpd_check_backup.ref
similarity index 65%
rename from postfix/src/smtpd/smtpd_backup.ref
rename to postfix/src/smtpd/smtpd_check_backup.ref
index e783ac25b..3e0b643cc 100644
--- a/postfix/src/smtpd/smtpd_backup.ref
+++ b/postfix/src/smtpd/smtpd_check_backup.ref
@@ -21,13 +21,13 @@ OK
 >>> rcpt wietse@fist.porcupine.org
 OK
 >>> rcpt wietse@porcupine.org
-./smtpd_check: : reject: RCPT from localhost[127.0.0.1]: 554 : Recipient address rejected: Access denied; to= proto=SMTP
-554 : Recipient address rejected: Access denied
+./smtpd_check: : reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 : Recipient address rejected: Access denied; to= proto=SMTP
+554 5.7.1 : Recipient address rejected: Access denied
 >>> permit_mx_backup_networks 168.100.189.5
 OK
 >>> rcpt wietse@fist.porcupine.org
-./smtpd_check: : reject: RCPT from localhost[127.0.0.1]: 554 : Recipient address rejected: Access denied; to= proto=SMTP
-554 : Recipient address rejected: Access denied
+./smtpd_check: : reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 : Recipient address rejected: Access denied; to= proto=SMTP
+554 5.7.1 : Recipient address rejected: Access denied
 >>> permit_mx_backup_networks 168.100.189.4
 OK
 >>> rcpt wietse@fist.porcupine.org
diff --git a/postfix/src/smtpd/smtpd_exp.ref b/postfix/src/smtpd/smtpd_exp.ref
index c04381ba8..75b6c84f3 100644
--- a/postfix/src/smtpd/smtpd_exp.ref
+++ b/postfix/src/smtpd/smtpd_exp.ref
@@ -107,8 +107,8 @@ OK
 >>> mail sname@sdomain
 OK
 >>> rcpt rname@rdomain
-./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from= to= proto=SMTP helo=
-554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain
+./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@example.tld; from= to= proto=SMTP helo=
+554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@example.tld
 >>> #
 >>> # Check MX access
 >>> #