From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 11 Apr 2021 05:00:00 +0000 (-0500)
Subject: postfix-3.6-20210411
X-Git-Tag: v3.6.0-RC1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7240584ca17cdc3ea313bb72180ee265f01eb2b1;p=thirdparty%2Fpostfix.git

postfix-3.6-20210411
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index c05ca1a72..a8ff1be00 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -25484,9 +25484,6 @@ Apologies for any names omitted.
 
 20210410
 
-	Added an msg_panic() call to silence a Coverity warning,
-	File: global/mail_task.c.
-
 	Documentation: updated containerization suggestions in
 	the postfix(1) manpage. File: postfix/postfix.c.
 
@@ -25498,3 +25495,15 @@ Apologies for any names omitted.
 	Documentation: added text and ASCII art to illustrate how
 	postlogd(8) provides an alternative to syslog logging.
 	File: proto/OVERVIEW.html.
+
+20210411
+
+	Updated the missing null pointer check (introduced: Postfix
+	alpha) after null argv[0] value. File: global/mail_task.c.
+
+	Cleanup: added a test case for a missing haproxy v1 protocol
+	type, and improved the haproxy parser error messages. File:
+	global/haproxy_srvr.c.
+
+	Documentation: updated examples and TLS configuration. File
+	proto/CONNECTION_CACHE_README.html.
diff --git a/postfix/README_FILES/CONNECTION_CACHE_README b/postfix/README_FILES/CONNECTION_CACHE_README
index db1d9affd..e1a0f07df 100644
--- a/postfix/README_FILES/CONNECTION_CACHE_README
+++ b/postfix/README_FILES/CONNECTION_CACHE_README
@@ -23,9 +23,6 @@ same SMTP connection. By default, Postfix 2.2 reuses a plaintext SMTP
 connection automatically when a destination has high volume of mail in the
 active queue.
 
-See Client-side TLS connection reuse to also implement multiple deliveries over
-a TLS-encrypted connection (Postfix version 3.4 and later).
-
 SMTP Connection caching is a performance feature. Whether or not it actually
 improves performance depends on the conditions:
 
@@ -62,27 +59,16 @@ For an overview of how Postfix delivers mail, see the Postfix architecture
 OVERVIEW document.
 
 The Postfix connection cache is shared among Postfix mail delivering processes.
-This maximizes the opportunity to reuse an open connection. Other MTAs such as
-Sendmail or exim have a non-shared connection cache. Here, a connection can be
-reused only by the mail delivering process that creates the connection. To get
-the same performance improvement as with a shared connection cache, non-shared
+This maximizes the opportunity to reuse an open connection. Some MTAs such as
+Sendmail have a non-shared connection cache. Here, a connection can be reused
+only by the mail delivering process that creates the connection. To get the
+same performance improvement as with a shared connection cache, non-shared
 connections need to be kept open for a longer time.
 
 The scache(8) server, introduced with Postfix version 2.2, maintains the shared
 connection cache. With Postfix version 2.2, only the smtp(8) client has support
 to access this cache.
 
-            /-- smtp(8) --> Internet
-
-    qmgr(8)
-                 |
-            \--  | smtp(8) --> Internet
-                 |
-                 ^
-                 |
-
-                 scache(8)
-
 When SMTP connection caching is enabled (see next section), the smtp(8) client
 does not disconnect after a mail transaction, but gives the connection to the
 scache(8) server which keeps the connection open for a limited amount of time.
@@ -92,6 +78,38 @@ client continues with some other mail delivery request. Meanwhile, any smtp(8)
 client process can ask the scache(8) server for that cached connection and
 reuse it for mail delivery.
 
+            /--  smtp(8)  --> Internet
+
+    qmgr(8)
+                |
+            \-- |    smtp(8)
+                |
+                |     ^
+                v     |
+
+                scache(8)
+
+With TLS connection reuse (Postfix 3.4 and later), the Postfix smtp(8) client
+connects to a remote SMTP server and sends plaintext EHLO and STARTTLS
+commands, then inserts a tlsproxy(8) process into the connection as shown
+below.
+
+After delivering mail, the smtp(8) client hands over the open smtp(8)-to-
+tlsproxy(8) connection to the scache(8) server, and continues with some other
+mail delivery request. Meanwhile, any smtp(8) client process can ask the scache
+(8) server for that cached connection and reuse it for mail delivery.
+
+            /--  smtp(8)  --> tlsproxy(8) --> Internet
+
+    qmgr(8)
+                |
+            \-- |    smtp(8)
+                |
+                |     ^
+                v     |
+
+                scache(8)
+
 The connection cache can be searched by destination domain name (the right-hand
 side of the recipient address) and by the IP address of the host at the other
 end of the connection. This allows Postfix to reuse a connection even when the
@@ -141,6 +159,9 @@ The Postfix smtp(8) client supports two connection caching strategies:
             smtp_connection_cache_destinations = hotmail.com, ...
             smtp_connection_cache_destinations = static:all (not recommended)
 
+    See Client-side TLS connection reuse to enable multiple deliveries over a
+    TLS-encrypted connection (Postfix version 3.4 and later).
+
 CCoonnnneeccttiioonn ccaacchhee ssaaffeettyy mmeecchhaanniissmmss
 
 Connection caching must be used wisely. It is anti-social to keep an unused
diff --git a/postfix/README_FILES/OVERVIEW b/postfix/README_FILES/OVERVIEW
index d45672e10..71976d46b 100644
--- a/postfix/README_FILES/OVERVIEW
+++ b/postfix/README_FILES/OVERVIEW
@@ -300,12 +300,12 @@ queues.
     STARTTLS commands, the smtp(8) client inserts a tlsproxy(8) process into
     the connection as shown below.
 
-    After the mail transaction completes, the Postfix smtp(8) client gives its
-    connection to the tlsproxy(8) process to the scache(8) server, which keeps
-    the connection open for a limited amount of time. The smtp(8) client
-    continues with some other mail delivery request. Meanwhile, any Postfix
-    smtp(8) client can ask the scache(8) server for that cached connection and
-    reuse it for mail delivery.
+    After the mail transaction completes, the Postfix smtp(8) client gives the
+    smtp(8)-to-tlsproxy(8) connection to the scache(8) server, which keeps the
+    connection open for a limited amount of time. The smtp(8) client continues
+    with some other mail delivery request. Meanwhile, any Postfix smtp(8)
+    client can ask the scache(8) server for that cached connection and reuse it
+    for mail delivery.
 
             /--  smtp(8)  --> tlsproxy(8) --> Internet
 
diff --git a/postfix/html/CONNECTION_CACHE_README.html b/postfix/html/CONNECTION_CACHE_README.html
index 5a6679bea..d541fba28 100644
--- a/postfix/html/CONNECTION_CACHE_README.html
+++ b/postfix/html/CONNECTION_CACHE_README.html
@@ -48,10 +48,6 @@ messages over the same SMTP connection. By default, Postfix 2.2
 reuses a plaintext SMTP connection automatically when a destination has
 high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
 
-<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
-connection reuse</a> to also implement multiple deliveries over a
-TLS-encrypted connection (Postfix version 3.4 and later). </p>
-
 <p> SMTP Connection caching is a performance feature. Whether or not
 it actually improves performance depends on the conditions: </p>
 
@@ -95,7 +91,7 @@ architecture <a href="OVERVIEW.html">OVERVIEW</a> document. </p>
 
 <p> The Postfix connection cache is shared among Postfix mail
 delivering processes.  This maximizes the opportunity to reuse an
-open connection.  Other MTAs such as Sendmail or exim have a
+open connection.  Some MTAs such as Sendmail have a
 non-shared connection cache. Here, a connection can be reused only
 by the mail delivering process that creates the connection.  To get
 the same performance improvement as with a shared connection cache,
@@ -105,42 +101,79 @@ non-shared connections need to be kept open for a longer time. </p>
 maintains the shared connection cache.  With Postfix version 2.2,
 only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache.  </p>
 
+<p> When SMTP connection caching is enabled (see next section), the
+<a href="smtp.8.html">smtp(8)</a> client does not disconnect after a mail transaction, but
+gives the connection to the <a href="scache.8.html">scache(8)</a> server which keeps the
+connection open for a limited amount of time. </p>
+
+<p> After handing over the open connection to the <a href="scache.8.html">scache(8)</a> server,
+the <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery request.
+Meanwhile, any <a href="smtp.8.html">smtp(8)</a> client process can ask the <a href="scache.8.html">scache(8)</a> server
+for that cached connection and reuse it for mail delivery.  </p>
+
 <blockquote>
 
 <table>
 
 <tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
 colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
---&gt; </tt> Internet </td> </tr>
+--&gt; </tt> </td> <td> Internet </td> </tr>
 
 <tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
-<td align="center" rowspan="3"> &nbsp; </td> <td align="center"
-rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> &nbsp; </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
 </tr>
+ 
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+&nbsp; </td> </tr>
 
-<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
-colspan="2" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left"> <tt>
---&gt; </tt> Internet </td> </tr>
-
-<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
-<td> &nbsp; </td> </tr>
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
 
-<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
 bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
 
 </table>
 
 </blockquote>
 
-<p> When SMTP connection caching is enabled (see next section), the
-<a href="smtp.8.html">smtp(8)</a> client does not disconnect after a mail transaction, but
-gives the connection to the <a href="scache.8.html">scache(8)</a> server which keeps the
-connection open for a limited amount of time. </p>
+<p> With TLS connection reuse (Postfix 3.4 and later), the Postfix
+<a href="smtp.8.html">smtp(8)</a> client connects to a remote SMTP server and sends plaintext
+EHLO and STARTTLS commands, then inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into
+the connection as shown below. </p>
 
-<p> After handing over the open connection to the <a href="scache.8.html">scache(8)</a> server,
-the <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery request.
-Meanwhile, any <a href="smtp.8.html">smtp(8)</a> client process can ask the <a href="scache.8.html">scache(8)</a> server
-for that cached connection and reuse it for mail delivery.  </p>
+<p> After delivering mail, the <a href="smtp.8.html">smtp(8)</a> client hands over the open
+<a href="smtp.8.html">smtp(8)</a>-to-<a href="tlsproxy.8.html">tlsproxy(8)</a> connection to the <a href="scache.8.html">scache(8)</a> server, and
+continues with some other mail delivery request. Meanwhile, any
+<a href="smtp.8.html">smtp(8)</a> client process can ask the <a href="scache.8.html">scache(8)</a> server for that cached
+connection and reuse it for mail delivery. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--&gt; </tt> </td> <td align="center"bgcolor="#f0f0ff"> <a href="tlsproxy.8.html">tlsproxy(8)</a>
+</td> <td> <tt> --&gt; </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
+ 
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+&nbsp; </td> </tr>
+
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
+
+</table>
+
+</blockquote>
 
 <p> The connection cache can be searched by destination domain name
 (the right-hand side of the recipient address) and by the IP address
@@ -214,6 +247,10 @@ lookups is ignored.  </p>
 
 </blockquote>
 
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to enable multiple deliveries over a TLS-encrypted
+connection (Postfix version 3.4 and later). </p>
+
 </ul>
 
 <h2><a name="safety">Connection cache safety mechanisms </a></h2>
diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html
index be680e02e..42ae04e91 100644
--- a/postfix/html/OVERVIEW.html
+++ b/postfix/html/OVERVIEW.html
@@ -588,7 +588,7 @@ client inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into the conn
 below. </p>
 
 <p> After the mail transaction completes, the Postfix <a href="smtp.8.html">smtp(8)</a> client
-gives its connection to the <a href="tlsproxy.8.html">tlsproxy(8)</a> process to the <a href="scache.8.html">scache(8)</a>
+gives the <a href="smtp.8.html">smtp(8)</a>-to-<a href="tlsproxy.8.html">tlsproxy(8)</a> connection to the <a href="scache.8.html">scache(8)</a>
 server, which keeps the connection open for a limited amount of
 time. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery
 request. Meanwhile, any Postfix <a href="smtp.8.html">smtp(8)</a> client can ask the <a href="scache.8.html">scache(8)</a>
diff --git a/postfix/proto/CONNECTION_CACHE_README.html b/postfix/proto/CONNECTION_CACHE_README.html
index dafecf400..7f35146e0 100644
--- a/postfix/proto/CONNECTION_CACHE_README.html
+++ b/postfix/proto/CONNECTION_CACHE_README.html
@@ -48,10 +48,6 @@ messages over the same SMTP connection. By default, Postfix 2.2
 reuses a plaintext SMTP connection automatically when a destination has
 high volume of mail in the active queue. </p>
 
-<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
-connection reuse</a> to also implement multiple deliveries over a
-TLS-encrypted connection (Postfix version 3.4 and later). </p>
-
 <p> SMTP Connection caching is a performance feature. Whether or not
 it actually improves performance depends on the conditions: </p>
 
@@ -95,7 +91,7 @@ architecture OVERVIEW document. </p>
 
 <p> The Postfix connection cache is shared among Postfix mail
 delivering processes.  This maximizes the opportunity to reuse an
-open connection.  Other MTAs such as Sendmail or exim have a
+open connection.  Some MTAs such as Sendmail have a
 non-shared connection cache. Here, a connection can be reused only
 by the mail delivering process that creates the connection.  To get
 the same performance improvement as with a shared connection cache,
@@ -105,42 +101,79 @@ non-shared connections need to be kept open for a longer time. </p>
 maintains the shared connection cache.  With Postfix version 2.2,
 only the smtp(8) client has support to access this cache.  </p>
 
+<p> When SMTP connection caching is enabled (see next section), the
+smtp(8) client does not disconnect after a mail transaction, but
+gives the connection to the scache(8) server which keeps the
+connection open for a limited amount of time. </p>
+
+<p> After handing over the open connection to the scache(8) server,
+the smtp(8) client continues with some other mail delivery request.
+Meanwhile, any smtp(8) client process can ask the scache(8) server
+for that cached connection and reuse it for mail delivery.  </p>
+
 <blockquote>
 
 <table>
 
 <tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
 colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
---&gt; </tt> Internet </td> </tr>
+--&gt; </tt> </td> <td> Internet </td> </tr>
 
 <tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
-<td align="center" rowspan="3"> &nbsp; </td> <td align="center"
-rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> &nbsp; </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
 </tr>
+ 
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left">
+&nbsp; </td> </tr>
 
-<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
-colspan="2" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> <tt>
---&gt; </tt> Internet </td> </tr>
-
-<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
-<td> &nbsp; </td> </tr>
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
 
-<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
 bgcolor="#f0f0ff"> scache(8) </td> </tr>
 
 </table>
 
 </blockquote>
 
-<p> When SMTP connection caching is enabled (see next section), the
-smtp(8) client does not disconnect after a mail transaction, but
-gives the connection to the scache(8) server which keeps the
-connection open for a limited amount of time. </p>
+<p> With TLS connection reuse (Postfix 3.4 and later), the Postfix
+smtp(8) client connects to a remote SMTP server and sends plaintext
+EHLO and STARTTLS commands, then inserts a tlsproxy(8) process into
+the connection as shown below. </p>
 
-<p> After handing over the open connection to the scache(8) server,
-the smtp(8) client continues with some other mail delivery request.
-Meanwhile, any smtp(8) client process can ask the scache(8) server
-for that cached connection and reuse it for mail delivery.  </p>
+<p> After delivering mail, the smtp(8) client hands over the open
+smtp(8)-to-tlsproxy(8) connection to the scache(8) server, and
+continues with some other mail delivery request. Meanwhile, any
+smtp(8) client process can ask the scache(8) server for that cached
+connection and reuse it for mail delivery. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
+--&gt; </tt> </td> <td align="center"bgcolor="#f0f0ff"> tlsproxy(8)
+</td> <td> <tt> --&gt; </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
+ 
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left">
+&nbsp; </td> </tr>
+
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> scache(8) </td> </tr>
+
+</table>
+
+</blockquote>
 
 <p> The connection cache can be searched by destination domain name
 (the right-hand side of the recipient address) and by the IP address
@@ -214,6 +247,10 @@ lookups is ignored.  </p>
 
 </blockquote>
 
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to enable multiple deliveries over a TLS-encrypted
+connection (Postfix version 3.4 and later). </p>
+
 </ul>
 
 <h2><a name="safety">Connection cache safety mechanisms </a></h2>
diff --git a/postfix/proto/OVERVIEW.html b/postfix/proto/OVERVIEW.html
index 663070156..af743aacf 100644
--- a/postfix/proto/OVERVIEW.html
+++ b/postfix/proto/OVERVIEW.html
@@ -588,7 +588,7 @@ client inserts a tlsproxy(8) process into the connection as shown
 below. </p>
 
 <p> After the mail transaction completes, the Postfix smtp(8) client
-gives its connection to the tlsproxy(8) process to the scache(8)
+gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
 server, which keeps the connection open for a limited amount of
 time. The smtp(8) client continues with some other mail delivery
 request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
diff --git a/postfix/src/global/haproxy_srvr.c b/postfix/src/global/haproxy_srvr.c
index da33eec8c..63147c1c5 100644
--- a/postfix/src/global/haproxy_srvr.c
+++ b/postfix/src/global/haproxy_srvr.c
@@ -455,19 +455,19 @@ const char *haproxy_srvr_parse(const char *str, ssize_t *str_len,
 	if (beyond_header == 0)
 	    err = "missing protocol header terminator";
 	else if (haproxy_srvr_parse_lit(NEXT_TOKEN, "PROXY", (char *) 0) < 0)
-	    err = "unexpected protocol header";
+	    err = "bad or missing protocol header";
 	else if (haproxy_srvr_parse_proto(NEXT_TOKEN, &addr_family) < 0)
-	    err = "unsupported protocol type";
+	    err = "bad or missing protocol type";
 	else if (haproxy_srvr_parse_addr(NEXT_TOKEN, smtp_client_addr,
 					 addr_family) < 0)
-	    err = "unexpected client address syntax";
+	    err = "bad or missing client address";
 	else if (haproxy_srvr_parse_addr(NEXT_TOKEN, smtp_server_addr,
 					 addr_family) < 0)
-	    err = "unexpected server address syntax";
+	    err = "bad or missing server address";
 	else if (haproxy_srvr_parse_port(NEXT_TOKEN, smtp_client_port) < 0)
-	    err = "unexpected client port syntax";
+	    err = "bad or missing client port";
 	else if (haproxy_srvr_parse_port(NEXT_TOKEN, smtp_server_port) < 0)
-	    err = "unexpected server port syntax";
+	    err = "bad or missing server port";
 	else {
 	    err = 0;
 	    *str_len = beyond_header - saved_str;
@@ -561,32 +561,35 @@ static TEST_CASE v1_test_cases[] = {
     /* IPv6. */
     {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1 123 321\n", 0, 0, 0, 0, "fc::1:2:3:4", "fc::4:3:2:1", "123", "321"},
     {"PROXY TCP6 FC:00:00:00:1:2:3:4 FC:00:00:00:4:3:2:1 123 321\n", 0, 0, 0, 0, "fc::1:2:3:4", "fc::4:3:2:1", "123", "321"},
-    {"PROXY TCP6 1.2.3.4 4.3.2.1 123 321\n", 0, 0, 0, "unexpected client address syntax"},
-    {"PROXY TCP6 fc:00:00:00:1:2:3:4 4.3.2.1 123 321\n", 0, 0, 0, "unexpected server address syntax"},
+    {"PROXY TCP6 1.2.3.4 4.3.2.1 123 321\n", 0, 0, 0, "bad or missing client address"},
+    {"PROXY TCP6 fc:00:00:00:1:2:3:4 4.3.2.1 123 321\n", 0, 0, 0, "bad or missing server address"},
     /* IPv4 in IPv6. */
     {"PROXY TCP6 ::ffff:1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"},
     {"PROXY TCP6 ::FFFF:1.2.3.4 ::FFFF:4.3.2.1 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"},
-    {"PROXY TCP4 ::ffff:1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, "unexpected client address syntax"},
-    {"PROXY TCP4 1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, "unexpected server address syntax"},
+    {"PROXY TCP4 ::ffff:1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, "bad or missing client address"},
+    {"PROXY TCP4 1.2.3.4 ::ffff:4.3.2.1 123 321\n", 0, 0, 0, "bad or missing server address"},
     /* IPv4. */
     {"PROXY TCP4 1.2.3.4 4.3.2.1 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"},
     {"PROXY TCP4 01.02.03.04 04.03.02.01 123 321\n", 0, 0, 0, 0, "1.2.3.4", "4.3.2.1", "123", "321"},
-    {"PROXY TCP4 1.2.3.4 4.3.2.1 123456 321\n", 0, 0, 0, "unexpected client port syntax"},
-    {"PROXY TCP4 1.2.3.4 4.3.2.1 123 654321\n", 0, 0, 0, "unexpected server port syntax"},
-    {"PROXY TCP4 1.2.3.4 4.3.2.1 0123 321\n", 0, 0, 0, "unexpected client port syntax"},
-    {"PROXY TCP4 1.2.3.4 4.3.2.1 123 0321\n", 0, 0, 0, "unexpected server port syntax"},
+    {"PROXY TCP4 1.2.3.4 4.3.2.1 123456 321\n", 0, 0, 0, "bad or missing client port"},
+    {"PROXY TCP4 1.2.3.4 4.3.2.1 123 654321\n", 0, 0, 0, "bad or missing server port"},
+    {"PROXY TCP4 1.2.3.4 4.3.2.1 0123 321\n", 0, 0, 0, "bad or missing client port"},
+    {"PROXY TCP4 1.2.3.4 4.3.2.1 123 0321\n", 0, 0, 0, "bad or missing server port"},
     /* Missing fields. */
-    {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1 123\n", 0, 0, 0, "unexpected server port syntax"},
-    {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1\n", 0, 0, 0, "unexpected client port syntax"},
-    {"PROXY TCP6 fc:00:00:00:1:2:3:4\n", 0, 0, 0, "unexpected server address syntax"},
-    {"PROXY TCP6\n", 0, 0, 0, "unexpected client address syntax"},
-    {"PROXY TCP4 1.2.3.4 4.3.2.1 123\n", 0, 0, 0, "unexpected server port syntax"},
-    {"PROXY TCP4 1.2.3.4 4.3.2.1\n", 0, 0, 0, "unexpected client port syntax"},
-    {"PROXY TCP4 1.2.3.4\n", 0, 0, 0, "unexpected server address syntax"},
-    {"PROXY TCP4\n", 0, 0, 0, "unexpected client address syntax"},
+    {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1 123\n", 0, 0, 0, "bad or missing server port"},
+    {"PROXY TCP6 fc:00:00:00:1:2:3:4 fc:00:00:00:4:3:2:1\n", 0, 0, 0, "bad or missing client port"},
+    {"PROXY TCP6 fc:00:00:00:1:2:3:4\n", 0, 0, 0, "bad or missing server address"},
+    {"PROXY TCP6\n", 0, 0, 0, "bad or missing client address"},
+    {"PROXY TCP4 1.2.3.4 4.3.2.1 123\n", 0, 0, 0, "bad or missing server port"},
+    {"PROXY TCP4 1.2.3.4 4.3.2.1\n", 0, 0, 0, "bad or missing client port"},
+    {"PROXY TCP4 1.2.3.4\n", 0, 0, 0, "bad or missing server address"},
+    {"PROXY TCP4\n", 0, 0, 0, "bad or missing client address"},
     /* Other. */
-    {"PROXY BLAH\n", 0, 0, 0, "unsupported protocol type"},
+    {"PROXY BLAH\n", 0, 0, 0, "bad or missing protocol type"},
+    {"PROXY\n", 0, 0, 0, "short protocol header"},
     {"BLAH\n", 0, 0, 0, "short protocol header"},
+    {"\n", 0, 0, 0, "short protocol header"},
+    {"", 0, 0, 0, "short protocol header"},
     0,
 };
 
diff --git a/postfix/src/global/mail_task.c b/postfix/src/global/mail_task.c
index 4f006768b..733645d38 100644
--- a/postfix/src/global/mail_task.c
+++ b/postfix/src/global/mail_task.c
@@ -18,9 +18,7 @@
 /*	The result is overwritten with each call.
 /*
 /*	A null argv0 argument requests that the current result is
-/*	returned.
-/* DIAGNOSTICS
-/*	Panic: argv0 is a null pointer, but no current result exists.
+/*	returned, or "unknown" when no current result exists.
 /* LICENSE
 /* .ad
 /* .fi
@@ -46,7 +44,6 @@
 
 #include <vstring.h>
 #include <safe.h>
-#include <msg.h>
 
 /* Global library. */
 
@@ -62,6 +59,8 @@ const char *mail_task(const char *argv0)
     const char *slash;
     const char *tag;
 
+    if (argv0 == 0 && canon_name == 0)
+	argv0 = "unknown";
     if (argv0) {
 	if (canon_name == 0)
 	    canon_name = vstring_alloc(10);
@@ -74,7 +73,5 @@ const char *mail_task(const char *argv0)
 		mail_conf_eval(DEF_SYSLOG_NAME);
 	vstring_sprintf(canon_name, "%s/%s", tag, argv0);
     }
-    if (canon_name == 0)
-	msg_panic("mail_task: no current result");
     return (vstring_str(canon_name));
 }
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 9b5e60df9..0b75ecc55 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20210410"
+#define MAIL_RELEASE_DATE	"20210411"
 #define MAIL_VERSION_NUMBER	"3.6"
 
 #ifdef SNAPSHOT