From: Wietse Venema Date: Sun, 27 Nov 2011 05:00:00 +0000 (-0500) Subject: postfix-2.9-20111127 X-Git-Tag: v2.9.0-RC1~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5854f6cb4532705c337204de868baba37c361c92;p=thirdparty%2Fpostfix.git postfix-2.9-20111127 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 7636fe581..f84c61182 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17165,4 +17165,16 @@ Apologies for any names omitted. by Viktor Dukhovni. File: global/dict_ldap.c. Cleanup: four-space indentation had become a tab character. - File: postconf/postconf.h. + Files: postconf/postconf.h, postconf/test20.ref, + postconf/test21.ref. + +20111127 + + Cleanup: documented _suffix parameters that don't + show in postconf command output of earlier Postfix versions. + Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto, + proto/SCHEDULER_README.html. + + Cleanup: added the pipe(8) delivery agent to the list of + programs that implement transport_time_limit parameters. + File: postconf/postconf_service.c, postconf/test6.ref. diff --git a/postfix/README_FILES/SCHEDULER_README b/postfix/README_FILES/SCHEDULER_README index 87b698f5d..4bdeac2ca 100644 --- a/postfix/README_FILES/SCHEDULER_README +++ b/postfix/README_FILES/SCHEDULER_README @@ -2,6 +2,14 @@ PPoossttffiixx QQuueeuuee SScchheedduulleerr ------------------------------------------------------------------------------- +DDiissccllaaiimmeerr + +Many of the transport-specific configuration parameters discussed in this +document will not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a combination of +a master.cf service name such as "relay" and a built-in suffix such as +"_destination_concurrency_limit". + OOvveerrvviieeww The queue manager is by far the most complex part of the Postfix mail system. diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 6e986d4f1..b873cc0ad 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -5,8 +5,8 @@ PPoossttffiixx SSMMTTPP AAcccceessss PPoolliiccyy DDeel PPuurrppoossee ooff PPoossttffiixx SSMMTTPP aacccceessss ppoolliiccyy ddeelleeggaattiioonn The Postfix SMTP server has a number of built-in mechanisms to block or accept -mail at specific SMTP protocol stages. As of version 2.1, Postfix can delegate -policy decisions to an external server that runs outside Postfix. +mail at specific SMTP protocol stages. In addition, the Postfix SMTP server can +delegate decisions to an external policy server (Postfix 2.1 and later). With this policy delegation mechanism, a simple greylist policy can be implemented with only a dozen lines of Perl, as is shown at the end of this @@ -195,21 +195,30 @@ use something like this: NOTES: - * Lines 2, 11: the Postfix spawn(8) daemon by default kills its child process - after 1000 seconds. This is too short for a policy daemon that may need to - run for as long as the SMTP server process that talks to it. The default - time limit is overruled in main.cf with an explicit "policy_time_limit" - setting. The name of the parameter is the name of the master.cf entry - ("policy") concatenated with the "_time_limit" suffix. See spawn(8) for - more information about the time limit parameter. + * Lines 2-3: this creates the service called "policy" that listens on a UNIX- + domain socket. The service is implemented by the Postfix spawn(8) daemon, + which executes the policy server program that is specified with the aarrggvv + attribute, using the privileges specified with the uusseerr attribute. * Line 2: specify a "0" process limit instead of the default "-", to avoid - "connection refused" and other problems when the smtpd process limit - exceeds the default_process_limit setting. + "connection refused" and other problems when you increase the smtpd process + limit. * Lines 8, 9: always specify "check_policy_service" AFTER "reject_unauth_destination" or else your system could become an open relay. + * Line 11: this increases the time that a policy server process is allowed to + run from the default 1000 seconds to 3600 seconds. The default time limit + is too short for a policy daemon that needs to run long as the SMTP server + process that talks to it. See the spawn(8) manpage for more information + about the transport_time_limit parameter. + + Note: the "policy_time_limit" parameter will not show up in "postconf" + command output before Postfix version 2.9. This limitation applies to + many parameters whose name is a combination of a master.cf service name + (in the above example, "policy") and a built-in suffix (in the above + example: "_time_limit"). + * Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead: 1 /etc/postfix/master.cf: @@ -280,41 +289,58 @@ The greylist.pl Perl script can be run under control by the Postfix master daemon. For example, to run the script as user "nobody", using a UNIX-domain socket that is accessible by Postfix processes only: - 1 /etc/postfix/master.cf: - 2 policy unix - n n - 0 spawn - 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl - 4 - 5 /etc/postfix/main.cf: - 6 policy_time_limit = 3600 + 1 /etc/postfix/master.cf: + 2 greylist unix - n n - 0 spawn + 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl + 4 + 5 /etc/postfix/main.cf: + 6 greylist_time_limit = 3600 + 7 smtpd_recipient_restrictions = + 8 ... + 9 reject_unauth_destination + 10 check_policy_service unix:private/greylist + 11 ... Notes: + * Lines 2-3: this creates the service called "greylist" that listens on a + UNIX-domain socket. The service is implemented by the Postfix spawn(8) + daemon, which executes the greylist.pl script that is specified with the + aarrggvv attribute, using the privileges specified with the uusseerr attribute. + + * Line 2: specify a "0" process limit instead of the default "-", to avoid + "connection refused" and other problems when you increase the smtpd process + limit. + * Line 3: Specify "greylist.pl -v" for verbose logging of each request and reply. - * Lines 2, 6: the Postfix spawn(8) daemon by default kills its child process - after 1000 seconds. This is too short for a policy daemon that may run for - as long as an SMTP client is connected to an SMTP server process. The - default time limit is overruled in main.cf with an explicit - "policy_time_limit" setting. The name of the parameter is the name of the - master.cf entry ("policy") concatenated with the "_time_limit" suffix. + * Line 6: this increases the time that a greylist server process is allowed + to run from the default 1000 seconds to 3600 seconds. The default time + limit is too short for a greylist daemon that needs to run long as the SMTP + server process that talks to it. See the spawn(8) manpage for more + information about the transport_time_limit parameter. - * Line 2: specify a "0" process limit instead of the default "-", to avoid - "connection refused" and other problems when the smtpd process limit - exceeds the default_process_limit setting. + Note: the "greylist_time_limit" parameter will not show up in + "postconf" command output before Postfix version 2.9. This limitation + applies to many parameters whose name is a combination of a master.cf + service name (in the above example, "greylist") and a built-in suffix + (in the above example: "_time_limit"). On Solaris you must use inet: style sockets instead of unix: style, as detailed in the "Policy client/server configuration" section above. - 1 /etc/postfix/master.cf: - 2 127.0.0.1:9998 inet n n n - 0 spawn - 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl - 4 - 5 /etc/postfix/main.cf: - 6 127.0.0.1:9998_time_limit = 3600 - -To invoke this service you would specify "check_policy_service inet:127.0.0.1: -9998". + 1 /etc/postfix/master.cf: + 2 127.0.0.1:9998 inet n n n - 0 spawn + 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl + 4 + 5 /etc/postfix/main.cf: + 6 127.0.0.1:9998_time_limit = 3600 + 7 smtpd_recipient_restrictions = + 8 ... + 9 reject_unauth_destination + 10 check_policy_service inet:127.0.0.1:9998 + 11 ... GGrreeyylliissttiinngg mmaaiill ffrroomm ffrreeqquueennttllyy ffoorrggeedd ddoommaaiinnss @@ -331,7 +357,7 @@ filtering/sender-domain-validate.in. 6 check_sender_access hash:/etc/postfix/sender_access 7 ... 8 smtpd_restriction_classes = greylist - 9 greylist = check_policy_service unix:private/policy + 9 greylist = check_policy_service unix:private/greylist 10 11 /etc/postfix/sender_access: 12 aol.com greylist @@ -357,9 +383,12 @@ NOTES: GGrreeyylliissttiinngg aallll yyoouurr mmaaiill -If you turn on greylisting for all mail you will almost certainly want to make -exceptions for mailing lists that use one-time sender addresses, because such -mailing lists can pollute your greylist database relatively quickly. +If you turn on greylisting for all mail you may want to make exceptions for +mailing lists that use one-time sender addresses, because each message will be +delayed due to greylisting, and the one-time sender addresses can pollute your +greylist database relatively quickly. Instead of making exceptions, you can +automatically whitelist clients that survive greylisting repeatedly; this +avoids most of the delays and most of the database pollution problem. 1 /etc/postfix/main.cf: 2 smtpd_recipient_restrictions = diff --git a/postfix/html/SCHEDULER_README.html b/postfix/html/SCHEDULER_README.html index 3ab943201..c0e90d9db 100644 --- a/postfix/html/SCHEDULER_README.html +++ b/postfix/html/SCHEDULER_README.html @@ -18,6 +18,15 @@ Queue Scheduler
+

Disclaimer

+ +

Many of the transport-specific configuration parameters +discussed in this document will not show up in "postconf" command +output before Postfix version 2.9. This limitation applies to many +parameters whose name is a combination of a master.cf service name +such as "relay" and a built-in suffix such as +"_destination_concurrency_limit".

+

Overview

The queue manager is by far the most complex part of the Postfix @@ -278,12 +287,12 @@ slow-downs by queue file I/O, logging I/O, and network I/O.

  • Concurrency was limited by the server process limit ("default_process_limit = 5" and "smtpd_client_event_limit_exceptions -= static:all"). Postfix was stopped and started after changing the += static:all"). Postfix was stopped and started after changing the process limit, because the same number is also used as the backlog argument to the listen(2) system call, and "postfix reload" does not re-issue this call. -
  • Mail was discarded with "local_recipient_maps = static:all" and +
  • Mail was discarded with "local_recipient_maps = static:all" and "local_transport = discard". The discard action in access maps or header/body checks could not be used as it fails to update the in_flow_delay counters. diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 85f4b77cd..b37e28616 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -20,9 +20,9 @@

    Purpose of Postfix SMTP access policy delegation

    The Postfix SMTP server has a number of built-in mechanisms to -block or accept mail at specific SMTP protocol stages. As of version -2.1, Postfix can delegate policy decisions to an external server -that runs outside Postfix.

    +block or accept mail at specific SMTP protocol stages. In addition, +the Postfix SMTP server can delegate decisions to an external policy +server (Postfix 2.1 and later).

    With this policy delegation mechanism, a simple greylist policy can be implemented with only a dozen lines of @@ -269,23 +269,34 @@ daemon, you would use something like this:

      -

    • Lines 2, 11: the Postfix spawn(8) daemon by default kills -its child process after 1000 seconds. This is too short for a -policy daemon that may need to run for as long as the SMTP server -process that talks to it. The default time limit is overruled in -main.cf with an explicit "policy_time_limit" setting. The name of -the parameter is the name of the master.cf entry ("policy") -concatenated with the "_time_limit" suffix. See spawn(8) for -more information about the time limit parameter.

      +

    • Lines 2-3: this creates the service called "policy" that +listens on a UNIX-domain socket. The service is implemented by the +Postfix spawn(8) daemon, which executes the policy server program +that is specified with the argv attribute, using the privileges +specified with the user attribute.

    • Line 2: specify a "0" process limit instead of the default -"-", to avoid "connection refused" and other problems when the smtpd -process limit exceeds the default_process_limit setting.

      +"-", to avoid "connection refused" and other problems when you +increase the smtpd process limit.

    • Lines 8, 9: always specify "check_policy_service" AFTER "reject_unauth_destination" or else your system could become an open relay.

      +

    • Line 11: this increases the time that a policy server +process is allowed to run from the default 1000 seconds to 3600 +seconds. The default time limit is too short for a policy daemon +that needs to run long as the SMTP server process that talks to it. +See the spawn(8) manpage for more information about the +transport_time_limit parameter.

      + +

      Note: the "policy_time_limit" parameter will not +show up in "postconf" command output before Postfix version 2.9. +This limitation applies to many parameters whose name is a combination +of a master.cf service name (in the above example, "policy") and a +built-in suffix (in the above example: "_time_limit").

      +
      +

    • Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:

      @@ -385,12 +396,17 @@ processes only: 

      -1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       0       spawn
-3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4 
-5 /etc/postfix/main.cf:
-6      policy_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2     greylist  unix  -       n       n       -       0       spawn
+ 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4 
+ 5 /etc/postfix/main.cf:
+ 6     greylist_time_limit = 3600
+ 7     smtpd_recipient_restrictions =
+ 8         ... 
+ 9         reject_unauth_destination 
+10         check_policy_service unix:private/greylist
+11         ...
      @@ -398,20 +414,32 @@ processes only:

        +

      • Lines 2-3: this creates the service called "greylist" that +listens on a UNIX-domain socket. The service is implemented by the +Postfix spawn(8) daemon, which executes the greylist.pl script that +is specified with the argv attribute, using the privileges +specified with the user attribute.

        + +

      • Line 2: specify a "0" process limit instead of the default +"-", to avoid "connection refused" and other problems when you +increase the smtpd process limit.

        +

      • Line 3: Specify "greylist.pl -v" for verbose logging of each request and reply.

        -

      • Lines 2, 6: the Postfix spawn(8) daemon by default kills -its child process after 1000 seconds. This is too short for a -policy daemon that may run for as long as an SMTP client is connected -to an SMTP server process. The default time limit is overruled in -main.cf with an explicit "policy_time_limit" setting. The name of -the parameter is the name of the master.cf entry ("policy") -concatenated with the "_time_limit" suffix.

        - -

      • Line 2: specify a "0" process limit instead of the default -"-", to avoid "connection refused" and other problems when the smtpd -process limit exceeds the default_process_limit setting.

        +

      • Line 6: this increases the time that a greylist server +process is allowed to run from the default 1000 seconds to 3600 +seconds. The default time limit is too short for a greylist daemon +that needs to run long as the SMTP server process that talks to it. +See the spawn(8) manpage for more information about the +transport_time_limit parameter.

        + +

        Note: the "greylist_time_limit" parameter will not +show up in "postconf" command output before Postfix version 2.9. +This limitation applies to many parameters whose name is a combination +of a master.cf service name (in the above example, "greylist") and +a built-in suffix (in the above example: "_time_limit").

        +
      @@ -421,18 +449,20 @@ client/server configuration" section above. 

      -1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
-3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4 
-5 /etc/postfix/main.cf:
-6      127.0.0.1:9998_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
+ 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4 
+ 5 /etc/postfix/main.cf:
+ 6     127.0.0.1:9998_time_limit = 3600
+ 7     smtpd_recipient_restrictions =
+ 8         ... 
+ 9         reject_unauth_destination 
+10         check_policy_service inet:127.0.0.1:9998
+11         ...
      -

      To invoke this service you would specify "check_policy_service -inet:127.0.0.1:9998".

      -

      Greylisting mail from frequently forged domains

      It is relatively safe to turn on greylisting for specific @@ -451,7 +481,7 @@ forged MAIL FROM domains could be found at 6 check_sender_access hash:/etc/postfix/sender_access 7 ... 8 smtpd_restriction_classes = greylist - 9 greylist = check_policy_service unix:private/policy + 9 greylist = check_policy_service unix:private/greylist 10 11 /etc/postfix/sender_access: 12 aol.com greylist @@ -486,10 +516,13 @@ other restrictions that reject unknown senders and/or recipients.

      Greylisting all your mail

      -

      If you turn on greylisting for all mail you will almost certainly -want to make exceptions for mailing lists that use one-time sender -addresses, because such mailing lists can pollute your greylist -database relatively quickly.

      +

      If you turn on greylisting for all mail you may want to make +exceptions for mailing lists that use one-time sender addresses, +because each message will be delayed due to greylisting, and the +one-time sender addresses can pollute your greylist database +relatively quickly. Instead of making exceptions, you can automatically +whitelist clients that survive greylisting repeatedly; this avoids +most of the delays and most of the database pollution problem. 

      diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index fe0faa867..3d50fb62c 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2740,7 +2740,7 @@ behavior as if the queue file name was created with "
 
-
    •  New queue files are created with names such as C3CD21F3E90
+
    •  
       New queue files are created with names such as C3CD21F3E90
 from a hexadecimal alphabet that contains digits (0-9) and upper-case
 letters (A-F). The name format is: 5 characters for the time in
 microseconds; the remainder is the file inode number. 
      
@@ -14520,7 +14520,7 @@ fingerprints for       check_ccert_acc
 for backwards compatibility with Postfix releases prior to 2.5.
 
      
 
-
       The best practice algorithm is now sha1. Recent advances in hash
+
       Advances in hash
 function cryptanalysis have led to md5 being deprecated in favor of sha1.
 However, as long as there are no known "second pre-image" attacks
 against md5, its use in this context can still be considered safe.
@@ -14528,7 +14528,7 @@ against md5, its use in this context can still be considered safe.
 
 
       While additional digest algorithms are often available with OpenSSL's
 libcrypto, only those used by libssl in SSL cipher suites are available to
-Postfix. For now this means just md5 or sha1. 
      
+Postfix. 
      
 
 
       To find the fingerprint of a specific certificate file, with a
 specific digest algorithm, run: 
      
@@ -15959,6 +15959,12 @@ This feature is available in Postfix 2.1 and later.
 parameter value, where transport is the       master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_delivery_slot_cost parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_cost"). 
      
+
 
 
 
@@ -15969,6 +15975,12 @@ the message delivery transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_delivery_slot_discount parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_delivery_slot_discount"). 
      
+
 
 
 
@@ -15979,6 +15991,12 @@ the message delivery transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_delivery_slot_loan parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_loan"). 
      
+
 
 
 
@@ -15990,6 +16008,13 @@ the message delivery transport. 
      
 where transport is the master.cf name of the message delivery
 transport. 
      
 
+
       Note: some transport_destination_concurrency_failed_cohort_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit"). 
      
+
 
       This feature is available in Postfix 2.5 and later. 
      
 
 
@@ -16003,6 +16028,13 @@ transport. 
      
 transport is the master.cf name of the message delivery
 transport. 
      
 
+
       Note: some transport_destination_concurrency_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
+
      
+
 
 
 
@@ -16014,6 +16046,13 @@ transport. 
      
 where transport is the master.cf name of the message delivery
 transport. 
      
 
+
       Note: some transport_destination_concurrency_negative_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback"). 
      
+
 
       This feature is available in Postfix 2.5 and later. 
      
 
 
@@ -16027,6 +16066,13 @@ transport. 
      
 where transport is the master.cf name of the message delivery
 transport. 
      
 
+
       Note: some transport_destination_concurrency_positive_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback"). 
      
+
 
       This feature is available in Postfix 2.5 and later. 
      
 
 
@@ -16039,6 +16085,12 @@ transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: some transport_destination_rate_delay parameters
+will not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_rate_delay"). 
      
+
 
       This feature is available in Postfix 2.5 and later. 
      
 
 
@@ -16052,6 +16104,12 @@ the message delivery transport. 
      
 transport is the master.cf name of the message delivery
 transport. 
      
 
+
       Note: some transport_destination_recipient_limit parameters
+will not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_recipient_limit"). 
      
+
 
 
 
@@ -16062,6 +16120,12 @@ transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_extra_recipient_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_extra_recipient_limit").  
      
+
 
 
 
@@ -16072,6 +16136,13 @@ the message delivery transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: some transport_initial_destination_concurrency
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+
      
+
 
       This feature is available in Postfix 2.5 and later. 
      
 
 
@@ -16113,6 +16184,12 @@ Examples:
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_minimum_delivery_slots parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_minimum_delivery_slots"). 
      
+
 
 
 
@@ -16123,6 +16200,12 @@ the message delivery transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: some transport_recipient_limit parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_recipient_limit"). 
      
+
 
 
 
@@ -16133,6 +16216,12 @@ the message delivery transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_recipient_refill_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_delay").  
      
+
 
       This feature is available in Postfix 2.4 and later. 
      
 
 
@@ -16145,6 +16234,12 @@ the message delivery transport. 
      
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
      
 
+
       Note: transport_recipient_refill_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_limit").  
      
+
 
       This feature is available in Postfix 2.4 and later. 
      
 
 
@@ -16173,6 +16268,12 @@ The default time unit is s (seconds).
 value, where transport is the master.cf name of the message
 delivery transport. 
      
 
+
       Note: transport_time_limit parameters will not show up
+in "postconf" command output before Postfix version 2.9.  This
+limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_time_limit"). 
      
+
 
 
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index a8346737c..7d4f93388 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -9266,14 +9266,14 @@ fingerprints for \fBcheck_ccert_access\fR and
 \fBpermit_tls_clientcerts\fR. The default algorithm is \fBmd5\fR,
 for backwards compatibility with Postfix releases prior to 2.5.
 .PP
-The best practice algorithm is now \fBsha1\fR. Recent advances in hash
+Advances in hash
 function cryptanalysis have led to md5 being deprecated in favor of sha1.
 However, as long as there are no known "second pre-image" attacks
 against md5, its use in this context can still be considered safe.
 .PP
 While additional digest algorithms are often available with OpenSSL's
 libcrypto, only those used by libssl in SSL cipher suites are available to
-Postfix. For now this means just md5 or sha1.
+Postfix.
 .PP
 To find the fingerprint of a specific certificate file, with a
 specific digest algorithm, run:
@@ -10220,32 +10220,70 @@ This feature is available in Postfix 2.1 and later.
 A transport-specific override for the default_delivery_slot_cost
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_cost parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_cost").
 .SH transport_delivery_slot_discount (default: $default_delivery_slot_discount)
 A transport-specific override for the default_delivery_slot_discount
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_discount parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_delivery_slot_discount").
 .SH transport_delivery_slot_loan (default: $default_delivery_slot_loan)
 A transport-specific override for the default_delivery_slot_loan
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_loan parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_loan").
 .SH transport_destination_concurrency_failed_cohort_limit (default: $default_destination_concurrency_failed_cohort_limit)
 A transport-specific override for the
 default_destination_concurrency_failed_cohort_limit parameter value,
 where \fItransport\fR is the master.cf name of the message delivery
 transport.
 .PP
+Note: some \fItransport\fR_destination_concurrency_failed_cohort_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit").
+.PP
 This feature is available in Postfix 2.5 and later.
 .SH transport_destination_concurrency_limit (default: $default_destination_concurrency_limit)
 A transport-specific override for the
 default_destination_concurrency_limit parameter value, where
 \fItransport\fR is the master.cf name of the message delivery
 transport.
+.PP
+Note: some \fItransport\fR_destination_concurrency_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
 .SH transport_destination_concurrency_negative_feedback (default: $default_destination_concurrency_negative_feedback)
 A transport-specific override for the
 default_destination_concurrency_negative_feedback parameter value,
 where \fItransport\fR is the master.cf name of the message delivery
 transport.
 .PP
+Note: some \fItransport\fR_destination_concurrency_negative_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback").
+.PP
 This feature is available in Postfix 2.5 and later.
 .SH transport_destination_concurrency_positive_feedback (default: $default_destination_concurrency_positive_feedback)
 A transport-specific override for the
@@ -10253,27 +10291,58 @@ default_destination_concurrency_positive_feedback parameter value,
 where \fItransport\fR is the master.cf name of the message delivery
 transport.
 .PP
+Note: some \fItransport\fR_destination_concurrency_positive_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback").
+.PP
 This feature is available in Postfix 2.5 and later.
 .SH transport_destination_rate_delay (default: $default_destination_rate_delay)
 A transport-specific override for the default_destination_rate_delay
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
 .PP
+Note: some \fItransport\fR_destination_rate_delay parameters
+will not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_rate_delay").
+.PP
 This feature is available in Postfix 2.5 and later.
 .SH transport_destination_recipient_limit (default: $default_destination_recipient_limit)
 A transport-specific override for the
 default_destination_recipient_limit parameter value, where
 \fItransport\fR is the master.cf name of the message delivery
 transport.
+.PP
+Note: some \fItransport\fR_destination_recipient_limit parameters
+will not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_recipient_limit").
 .SH transport_extra_recipient_limit (default: $default_extra_recipient_limit)
 A transport-specific override for the default_extra_recipient_limit
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
+.PP
+Note: \fItransport\fR_extra_recipient_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_extra_recipient_limit").
 .SH transport_initial_destination_concurrency (default: $initial_destination_concurrency)
 A transport-specific override for the initial_destination_concurrency
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
 .PP
+Note: some \fItransport\fR_initial_destination_concurrency
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+.PP
 This feature is available in Postfix 2.5 and later.
 .SH transport_maps (default: empty)
 Optional lookup tables with mappings from recipient address to
@@ -10301,21 +10370,45 @@ transport_maps = hash:/etc/postfix/transport
 A transport-specific override for the default_minimum_delivery_slots
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
+.PP
+Note: \fItransport\fR_minimum_delivery_slots parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_minimum_delivery_slots").
 .SH transport_recipient_limit (default: $default_recipient_limit)
 A transport-specific override for the default_recipient_limit
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
+.PP
+Note: some \fItransport\fR_recipient_limit parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_recipient_limit").
 .SH transport_recipient_refill_delay (default: $default_recipient_refill_delay)
 A transport-specific override for the default_recipient_refill_delay
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
 .PP
+Note: \fItransport\fR_recipient_refill_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_delay").
+.PP
 This feature is available in Postfix 2.4 and later.
 .SH transport_recipient_refill_limit (default: $default_recipient_refill_limit)
 A transport-specific override for the default_recipient_refill_limit
 parameter value, where \fItransport\fR is the master.cf name of
 the message delivery transport.
 .PP
+Note: \fItransport\fR_recipient_refill_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_limit").
+.PP
 This feature is available in Postfix 2.4 and later.
 .SH transport_retry_time (default: 60s)
 The time between attempts by the Postfix queue manager to contact
@@ -10327,6 +10420,12 @@ The default time unit is s (seconds).
 A transport-specific override for the command_time_limit parameter
 value, where \fItransport\fR is the master.cf name of the message
 delivery transport.
+.PP
+Note: \fItransport\fR_time_limit parameters will not show up
+in "postconf" command output before Postfix version 2.9.  This
+limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_time_limit").
 .SH trigger_timeout (default: 10s)
 The time limit for sending a trigger to a Postfix daemon (for
 example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). This time limit prevents
diff --git a/postfix/proto/SCHEDULER_README.html b/postfix/proto/SCHEDULER_README.html
index af2a8f89b..bfdc652c1 100644
--- a/postfix/proto/SCHEDULER_README.html
+++ b/postfix/proto/SCHEDULER_README.html
@@ -18,6 +18,15 @@ Queue Scheduler
 
 
      
 
+
       Disclaimer 
      
+
+
       Many of the transport-specific configuration parameters
+discussed in this document will not show up in "postconf" command
+output before Postfix version 2.9. This limitation applies to many
+parameters whose name is a combination of a master.cf service name
+such as "relay" and a built-in suffix such as
+"_destination_concurrency_limit". 
      
+
 
       Overview 
      
 
 
       The queue manager is by far the most complex part of the Postfix
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index e27d06541..178813fc8 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -20,9 +20,9 @@
 
      Purpose of Postfix SMTP access policy delegation
      
 
 
       The Postfix SMTP server has a number of built-in mechanisms to
-block or accept mail at specific SMTP protocol stages. As of version
-2.1, Postfix can delegate policy decisions to an external server
-that runs outside Postfix. 
      
+block or accept mail at specific SMTP protocol stages. In addition,
+the Postfix SMTP server can delegate decisions to an external policy
+server (Postfix 2.1 and later). 
      
 
 
       With this policy delegation mechanism, a simple 
 greylist  policy can be implemented with only a dozen lines of
@@ -269,23 +269,34 @@ daemon, you would use something like this: 
      
 
 
        
 
-
      •  
         Lines 2, 11: the Postfix spawn(8) daemon by default kills
-its child process after 1000 seconds.  This is too short for a
-policy daemon that may need to run for as long as the SMTP server
-process that talks to it. The default time limit is overruled in
-main.cf with an explicit "policy_time_limit" setting.  The name of
-the parameter is the name of the master.cf entry ("policy")
-concatenated with the "_time_limit" suffix. See spawn(8) for
-more information about the time limit parameter.  
        
+
      •  
         Lines 2-3: this creates the service called "policy" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix spawn(8) daemon, which executes the policy server program
+that is specified with the argv attribute, using the privileges
+specified with the user attribute. 
        
 
 
      •  
         Line 2: specify a "0" process limit instead of the default
-"-", to avoid "connection refused" and other problems when the smtpd
-process limit exceeds the default_process_limit setting. 
        
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. 
        
 
 
      •  
         Lines 8, 9: always specify "check_policy_service" AFTER
 "reject_unauth_destination" or else your system could become an
 open relay. 
        
 
+
      •  
         Line 11: this increases the time that a policy server
+process is allowed to run from the default 1000 seconds to 3600
+seconds.  The default time limit is too short for a policy daemon
+that needs to run long as the SMTP server process that talks to it.
+See the spawn(8) manpage for more information about the
+transport_time_limit parameter.  
        
+
+
         
         Note: the "policy_time_limit" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name (in the above example, "policy") and a
+built-in suffix (in the above example: "_time_limit").  
        
+
        
+
 
      •  
         Solaris UNIX-domain sockets do not work reliably. Use
 TCP sockets instead: 
        
 
@@ -385,12 +396,17 @@ processes only: 
        
 
 
        
 
        -1 /etc/postfix/master.cf:
-2     policy  unix  -       n       n       -       0       spawn
-3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4 
-5 /etc/postfix/main.cf:
-6      policy_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2     greylist  unix  -       n       n       -       0       spawn
+ 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4 
+ 5 /etc/postfix/main.cf:
+ 6     greylist_time_limit = 3600
+ 7     smtpd_recipient_restrictions =
+ 8         ... 
+ 9         reject_unauth_destination 
+10         check_policy_service unix:private/greylist
+11         ...
 
        
 
        
 
@@ -398,20 +414,32 @@ processes only: 
        
 
 
          
 
+
        •  
           Lines 2-3: this creates the service called "greylist" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix spawn(8) daemon, which executes the greylist.pl script that
+is specified with the argv attribute, using the privileges
+specified with the user attribute. 
          
+
+
        •  
           Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. 
          
+
 
        •  
           Line 3: Specify "greylist.pl -v" for verbose logging of
 each request and reply. 
          
 
-
        •  
           Lines 2, 6: the Postfix spawn(8) daemon by default kills
-its child process after 1000 seconds.  This is too short for a
-policy daemon that may run for as long as an SMTP client is connected
-to an SMTP server process. The default time limit is overruled in
-main.cf with an explicit "policy_time_limit" setting.  The name of
-the parameter is the name of the master.cf entry ("policy")
-concatenated with the "_time_limit" suffix.  
          
-
-
        •  
           Line 2: specify a "0" process limit instead of the default
-"-", to avoid "connection refused" and other problems when the smtpd
-process limit exceeds the default_process_limit setting. 
          
+
        •  
           Line 6: this increases the time that a greylist server
+process is allowed to run from the default 1000 seconds to 3600
+seconds.  The default time limit is too short for a greylist daemon
+that needs to run long as the SMTP server process that talks to it.
+See the spawn(8) manpage for more information about the
+transport_time_limit parameter.  
          
+
+
           
           Note: the "greylist_time_limit" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name (in the above example, "greylist") and
+a built-in suffix (in the above example: "_time_limit").  
          
+
          
 
 
        
 
@@ -421,18 +449,20 @@ client/server configuration" section above.  
        
 
 
        
 
        -1 /etc/postfix/master.cf:
-2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
-3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4 
-5 /etc/postfix/main.cf:
-6      127.0.0.1:9998_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2     127.0.0.1:9998  inet  n       n       n       -       0       spawn
+ 3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4 
+ 5 /etc/postfix/main.cf:
+ 6     127.0.0.1:9998_time_limit = 3600
+ 7     smtpd_recipient_restrictions =
+ 8         ... 
+ 9         reject_unauth_destination 
+10         check_policy_service inet:127.0.0.1:9998
+11         ...
 
        
 
        
 
-
         To invoke this service you would specify "check_policy_service
-inet:127.0.0.1:9998". 
        
-
 
        Greylisting mail from frequently forged domains
        
 
 
         It is relatively safe to turn on greylisting for specific
@@ -451,7 +481,7 @@ http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in.
  6         check_sender_access hash:/etc/postfix/sender_access
  7         ...
  8     smtpd_restriction_classes = greylist
- 9     greylist = check_policy_service unix:private/policy
+ 9     greylist = check_policy_service unix:private/greylist
 10 
 11 /etc/postfix/sender_access:
 12     aol.com     greylist
@@ -486,10 +516,13 @@ other restrictions that reject unknown senders and/or recipients.
 
 
        Greylisting all your mail
        
 
-
         If you turn on greylisting for all mail you will almost certainly
-want to make exceptions for mailing lists that use one-time sender
-addresses, because such mailing lists can pollute your greylist
-database relatively quickly. 
        
+
         If you turn on greylisting for all mail you may want to make
+exceptions for mailing lists that use one-time sender addresses,
+because each message will be delayed due to greylisting, and the
+one-time sender addresses can pollute your greylist database
+relatively quickly. Instead of making exceptions, you can automatically
+whitelist clients that survive greylisting repeatedly; this avoids
+most of the delays and most of the database pollution problem. 
        
 
 
        
 
        diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 0a63df48b..5fb3710f7 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -11503,7 +11503,7 @@ fingerprints for check_ccert_access and
 for backwards compatibility with Postfix releases prior to 2.5.
 
        
 
-
         The best practice algorithm is now sha1. Recent advances in hash
+
         Advances in hash
 function cryptanalysis have led to md5 being deprecated in favor of sha1.
 However, as long as there are no known "second pre-image" attacks
 against md5, its use in this context can still be considered safe.
@@ -11511,7 +11511,7 @@ against md5, its use in this context can still be considered safe.
 
 
         While additional digest algorithms are often available with OpenSSL's
 libcrypto, only those used by libssl in SSL cipher suites are available to
-Postfix. For now this means just md5 or sha1. 
        
+Postfix. 
        
 
 
         To find the fingerprint of a specific certificate file, with a
 specific digest algorithm, run: 
        
@@ -12053,6 +12053,13 @@ default_destination_concurrency_failed_cohort_limit parameter value,
 where transport is the master.cf name of the message delivery
 transport. 
        
 
+
         Note: some transport_destination_concurrency_failed_cohort_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit"). 
        
+
 
         This feature is available in Postfix 2.5 and later. 
        
 
 %PARAM transport_destination_concurrency_positive_feedback $default_destination_concurrency_positive_feedback
@@ -12062,6 +12069,13 @@ default_destination_concurrency_positive_feedback parameter value,
 where transport is the master.cf name of the message delivery
 transport. 
        
 
+
         Note: some transport_destination_concurrency_positive_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback"). 
        
+
 
         This feature is available in Postfix 2.5 and later. 
        
 
 %PARAM transport_destination_concurrency_negative_feedback $default_destination_concurrency_negative_feedback
@@ -12071,6 +12085,13 @@ default_destination_concurrency_negative_feedback parameter value,
 where transport is the master.cf name of the message delivery
 transport. 
        
 
+
         Note: some transport_destination_concurrency_negative_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback"). 
        
+
 
         This feature is available in Postfix 2.5 and later. 
        
 
 %PARAM transport_initial_destination_concurrency $initial_destination_concurrency
@@ -12079,6 +12100,13 @@ transport. 
        
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: some transport_initial_destination_concurrency
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+
        
+
 
         This feature is available in Postfix 2.5 and later. 
        
 
 %PARAM transport_destination_concurrency_limit $default_destination_concurrency_limit
@@ -12088,6 +12116,13 @@ default_destination_concurrency_limit parameter value, where
 transport is the master.cf name of the message delivery
 transport. 
        
 
+
         Note: some transport_destination_concurrency_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9.  This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
+
        
+
 %PARAM transport_destination_recipient_limit $default_destination_recipient_limit
 
 
         A transport-specific override for the
@@ -12095,54 +12130,108 @@ default_destination_recipient_limit parameter value, where
 transport is the master.cf name of the message delivery
 transport. 
        
 
+
         Note: some transport_destination_recipient_limit parameters
+will not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_recipient_limit"). 
        
+
 %PARAM transport_time_limit $command_time_limit
 
 
         A transport-specific override for the command_time_limit parameter
 value, where transport is the master.cf name of the message
 delivery transport. 
        
 
+
         Note: transport_time_limit parameters will not show up
+in "postconf" command output before Postfix version 2.9.  This
+limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_time_limit"). 
        
+
 %PARAM transport_delivery_slot_cost $default_delivery_slot_cost
 
 
         A transport-specific override for the default_delivery_slot_cost
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: transport_delivery_slot_cost parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_cost"). 
        
+
 %PARAM transport_delivery_slot_loan $default_delivery_slot_loan
 
 
         A transport-specific override for the default_delivery_slot_loan
 parameter value, where transport is the master.cf name of  
 the message delivery transport. 
        
 
+
         Note: transport_delivery_slot_loan parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_loan"). 
        
+
 %PARAM transport_delivery_slot_discount $default_delivery_slot_discount
 
 
         A transport-specific override for the default_delivery_slot_discount
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: transport_delivery_slot_discount parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_delivery_slot_discount"). 
        
+
 %PARAM transport_minimum_delivery_slots $default_minimum_delivery_slots
 
 
         A transport-specific override for the default_minimum_delivery_slots
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: transport_minimum_delivery_slots parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_minimum_delivery_slots"). 
        
+
 %PARAM transport_recipient_limit $default_recipient_limit
 
 
         A transport-specific override for the default_recipient_limit
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: some transport_recipient_limit parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_recipient_limit"). 
        
+
 %PARAM transport_extra_recipient_limit $default_extra_recipient_limit
 
 
         A transport-specific override for the default_extra_recipient_limit
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: transport_extra_recipient_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_extra_recipient_limit").  
        
+
 %PARAM transport_recipient_refill_limit $default_recipient_refill_limit
 
 
         A transport-specific override for the default_recipient_refill_limit
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: transport_recipient_refill_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_limit").  
        
+
 
         This feature is available in Postfix 2.4 and later. 
        
 
 %PARAM transport_recipient_refill_delay $default_recipient_refill_delay
@@ -12151,6 +12240,12 @@ the message delivery transport. 
        
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: transport_recipient_refill_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_delay").  
        
+
 
         This feature is available in Postfix 2.4 and later. 
        
 
 %PARAM default_destination_rate_delay 0s
@@ -12190,6 +12285,12 @@ destination after only one connection or handshake error. 
        
 parameter value, where transport is the master.cf name of
 the message delivery transport. 
        
 
+
         Note: some transport_destination_rate_delay parameters
+will not show up in "postconf" command output before Postfix version
+2.9.  This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_rate_delay"). 
        
+
 
         This feature is available in Postfix 2.5 and later. 
        
 
 %PARAM data_directory see "postconf -d" output
@@ -14180,7 +14281,7 @@ behavior as if the queue file name was created with "enable_long_queue_ids
 
      •  
         Existing long queue file names are renamed to the short
 form (while running "postfix reload" or "postsuper").  
        
 
-
      •  New queue files are created with names such as C3CD21F3E90
+
      •  
         New queue files are created with names such as C3CD21F3E90
 from a hexadecimal alphabet that contains digits (0-9) and upper-case
 letters (A-F). The name format is: 5 characters for the time in
 microseconds; the remainder is the file inode number. 
        
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index c0c7842b0..2588e3406 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20111126"
+#define MAIL_RELEASE_DATE	"20111127"
 #define MAIL_VERSION_NUMBER	"2.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index a6a1b8249..82a9c8bb0 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -14,7 +14,7 @@ MAKES	= bool_table.h bool_vars.h int_table.h int_vars.h str_table.h \
 	str_vars.h time_table.h time_vars.h raw_table.h raw_vars.h \
 	nint_table.h nint_vars.h nbool_table.h nbool_vars.h long_table.h \
 	long_vars.h
-TEST_TMP= main.cf master.cf
+TEST_TMP= main.cf master.cf test*.tmp
 DUMMIES	= makes_dummy # for "make -j"
 PROG	= postconf
 SAMPLES	= ../../conf/main.cf.default
@@ -41,7 +41,7 @@ Makefile: Makefile.in
 test:	$(TESTPROG)
 
 tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \
-	test12 test13 test14 test15 test16 test17 test18 test19
+	test12 test13 test14 test15 test16 test17 test18 test19 test20 test21
 
 root_tests:
 
@@ -262,6 +262,28 @@ test19:	$(PROG) test19.ref
 	diff test19.ref test19.tmp
 	rm -f main.cf master.cf test19.tmp
 
+# Test master.cf line folding.
+
+test20:	$(PROG) test20.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo foo inet - n n - 0 spawn >> master.cf
+	echo ' -o always_bcc=$$bar$$baz' >> master.cf
+	./$(PROG) -Mfc . >test20.tmp 2>&1
+	diff test20.ref test20.tmp
+	rm -f main.cf master.cf test20.tmp
+
+# Test main.cf line folding.
+
+test21:	$(PROG) test21.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo forward_path = xxxxxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxxxx \
+	    xxxxxxxxxxxxx xxxxxxxxxxxxxx >> main.cf
+	./$(PROG) -nfc . >test21.tmp 2>&1
+	diff test21.ref test21.tmp
+	rm -f main.cf master.cf test21.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
@@ -275,7 +297,7 @@ lint:
 
 clean:
 	rm -f *.o *core $(PROG) $(TESTPROG) junk $(MAKES) $(AUTOS) $(DUMMIES) \
-	$(TEST_TMP) *.tmp
+	$(TEST_TMP)
 	rm -rf printfck
 
 tidy:	clean
diff --git a/postfix/src/postconf/postconf_node.c b/postfix/src/postconf/postconf_node.c
index b7d2bbfd3..05fb23370 100644
--- a/postfix/src/postconf/postconf_node.c
+++ b/postfix/src/postconf/postconf_node.c
@@ -65,7 +65,7 @@
 /*	convert_param_node() produces a string representation for
 /*	a global parameter default value.
 /*
-/*	PC_RAW_PARAMETER() returns non-zero is the specified parameter
+/*	PC_RAW_PARAMETER() returns non-zero if the specified parameter
 /*	node represents a "raw parameter". The value of such
 /*	parameters must not be scanned for macro names.  Some "raw
 /*	parameter" values contain "$" without macros, such as the
diff --git a/postfix/src/postconf/postconf_service.c b/postfix/src/postconf/postconf_service.c
index b3f792020..168b9ec3d 100644
--- a/postfix/src/postconf/postconf_service.c
+++ b/postfix/src/postconf/postconf_service.c
@@ -108,8 +108,10 @@ static void register_service_parameter(const char *service, const char *suffix,
 void    register_service_parameters(void)
 {
     const char *myname = "register_service_parameters";
-    static const PC_STRING_NV service_params[] = {
+    static const PC_STRING_NV pipe_params[] = {
 	/* suffix, default parameter name */
+	_MAXTIME, VAR_COMMAND_MAXTIME,
+#define service_params (pipe_params + 1)
 	_XPORT_RCPT_LIMIT, VAR_XPORT_RCPT_LIMIT,
 	_STACK_RCPT_LIMIT, VAR_STACK_RCPT_LIMIT,
 	_XPORT_REFILL_LIMIT, VAR_XPORT_REFILL_LIMIT,
@@ -142,7 +144,7 @@ void    register_service_parameters(void)
 	MAIL_PROGRAM_VIRTUAL, service_params,
 	MAIL_PROGRAM_SMTP, service_params,
 	MAIL_PROGRAM_LMTP, service_params,
-	MAIL_PROGRAM_PIPE, service_params,
+	MAIL_PROGRAM_PIPE, pipe_params,
 	MAIL_PROGRAM_SPAWN, spawn_params,
 	0,
     };
diff --git a/postfix/src/postconf/test20.ref b/postfix/src/postconf/test20.ref
new file mode 100644
index 000000000..667c93d90
--- /dev/null
+++ b/postfix/src/postconf/test20.ref
@@ -0,0 +1,2 @@
+foo        inet  -       n       n       -       0       spawn
+    -o always_bcc=$bar$baz
diff --git a/postfix/src/postconf/test21.ref b/postfix/src/postconf/test21.ref
new file mode 100644
index 000000000..423197ebc
--- /dev/null
+++ b/postfix/src/postconf/test21.ref
@@ -0,0 +1,3 @@
+config_directory = .
+forward_path = xxxxxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxxx
+    xxxxxxxxxxxxxx
diff --git a/postfix/src/postconf/test6.ref b/postfix/src/postconf/test6.ref
index bb1c81e10..504c0c32a 100644
--- a/postfix/src/postconf/test6.ref
+++ b/postfix/src/postconf/test6.ref
@@ -13,3 +13,4 @@ whatevershebrings_minimum_delivery_slots = $default_minimum_delivery_slots
 whatevershebrings_recipient_limit = $default_recipient_limit
 whatevershebrings_recipient_refill_delay = $default_recipient_refill_delay
 whatevershebrings_recipient_refill_limit = $default_recipient_refill_limit
+whatevershebrings_time_limit = $command_time_limit