From: Wietse Venema Date: Mon, 31 Jan 2005 05:00:00 +0000 (-0500) Subject: postfix-2.2-20050131 X-Git-Tag: v2.2.0-RC1~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74ea72a587eca7c1c25b0ba91bcf30eac189d860;p=thirdparty%2Fpostfix.git postfix-2.2-20050131 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index b7036e2d6..29ffa67ed 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10193,8 +10193,51 @@ Apologies for any names omitted. Milestone: first non-non-production snapshot with TLS. +20040524 + + Workaround: don't send mail to $fallback_relay if Postfix + is MX host for the next-hop destination. This is, however, + a partial solution. The documentation has been updated to + cover all the cases where a fallback_relay could interfere + with the operation of a backup or primary MX host. Files: + smtp/smtp_addr.c, smtp/smtp_connect.c. + +20050127 + + Configuration: Postfix daemons that need privileged operation + (such as local, pipe, or spawn) now log a fatal error when + they are configured in master.cf as unprivileged. + +20050130 + + Cleanup: simplified the handling of receive_override_options + settings. Files: pickup/pickup.c, smtpd/smtpd.c, qmqpd/qmqpd.c, + global/input_transp.c. + + Feature: permit_inet_interfaces allows a request when the + client matches $inet_interfaces. This is used for generic + access restrictions and for header address rewriting control. + Files: global/mail_params.h, smtpd/smtpd_check.c. + + Cleanup: by default, message header address rewriting is + now enabled only for mail that originates from the machine + itself. Files: global/mail_params.h, smtpd/smtpd_check.c. + +20050131 + + Bugfix: when extracting recipients from message headers, + the Postfix sendmail command produced output records longer + than $line_length_limit, causing postdrop to reject the + mail. Diagnosis by Victor Duchovni. File: sendmail/sendmail.c. + Open problems: + Low: document regexp usage in aliases and other sensitive + maps. + + Low: pointers to postfinger and saslfinger. postfinger + is now bundled. + Med: transform IPv4-in-IPv6 address literals to IPv4 form when comparing against local IP addresses? diff --git a/postfix/README_FILES/ADDRESS_REWRITING_README b/postfix/README_FILES/ADDRESS_REWRITING_README index 3ed5247a8..e686d21fd 100644 --- a/postfix/README_FILES/ADDRESS_REWRITING_README +++ b/postfix/README_FILES/ADDRESS_REWRITING_README @@ -35,7 +35,7 @@ document gives an introduction to Postfix lookup tables. Topics covered in this document: - * To rewrite or not to rewrite, or to label as invalid + * To rewrite message headers or not, or to label as invalid * Postfix address rewriting overview * Address rewriting when mail is received @@ -56,33 +56,35 @@ Topics covered in this document: * Debugging your address manipulations -TToo rreewwrriittee oorr nnoott ttoo rreewwrriittee,, oorr ttoo llaabbeell aass iinnvvaalliidd +TToo rreewwrriittee mmeessssaaggee hheeaaddeerrss oorr nnoott,, oorr ttoo llaabbeell aass iinnvvaalliidd Postfix versions 2.1 and earlier always rewrite message header addresses, and -append Postfix's own domain information to incomplete addresses. While -rewriting message headers is OK for mail with a local origin, it is undesirable -for remote mail: +append Postfix's own domain information to addresses that Postfix considers +incomplete. While rewriting message header addresses is OK for mail with a +local origin, it is undesirable for remote mail: - * Header mangling is frowned upon by mail standards, - * Appending Postfix's own domain information produces incorrect results with - remote incomplete addresses, - * Appending Postfix's own domain information sometimes creates the appearance - that spam is sent by local users. + * Message header address rewriting is frowned upon by mail standards, + * Appending Postfix's own domain produces incorrect results with some + incomplete addresses, + * Appending Postfix's own domain sometimes creates the appearance that spam + is sent by local users. Postfix versions 2.2 give you the option to either not rewrite message headers from remote SMTP clients at all, or to label incomplete addresses in such message headers as invalid. Here is how it works: - * Postfix does not rewrite message headers from remote SMTP clients at all - when the remote_header_rewrite_domain parameter value is empty. - * Otherwise, Postfix appends the specified domain name to incomplete - addresses in message headers from remote SMTP clients. This feature can be - used to append a reserved domain such as "domain.invalid", so that + * Postfix always rewrites message header addresses from local SMTP clients, + and from the Postfix sendmail command. The local_header_rewrite_clients + parameter controls what SMTP clients Postfix considers local (by default, + only local network interface addresses). + * Postfix never rewrites message header addresses from remote SMTP clients + when the remote_header_rewrite_domain parameter value is empty (the default + setting). + * Otherwise, Postfix appends the remote_header_rewrite_domain value to + incomplete message header addresses from remote SMTP clients. This feature + can be used to append a reserved domain such as "domain.invalid", so that incomplete addresses cannot be mistaken for local addresses. -The local_header_rewrite_clients parameter controls what SMTP clients Postfix -considers local instead of remote. - PPoossttffiixx aaddddrreessss rreewwrriittiinngg oovveerrvviieeww The figure below zooms in on those parts of Postfix that are most involved with diff --git a/postfix/README_FILES/DEBUG_README b/postfix/README_FILES/DEBUG_README index 81c2fa94b..f8e1504bc 100644 --- a/postfix/README_FILES/DEBUG_README +++ b/postfix/README_FILES/DEBUG_README @@ -338,7 +338,9 @@ When reporting a problem, be sure to include the following information. word wrapping the logging. * Output from "postconf -n". Please do not send your main.cf file. Or better, - provide output from the "postfinger" tool. + provide output from the "postfinger" tool. This tool is bundled with + Postfix 2.2 and later source code, and can be found at http://ftp.wl0.org/ + SOURCES/postfinger. * If the problem is about too much mail in the queue, consider including output from the qshape tool, as described in the QSHAPE_README file. diff --git a/postfix/README_FILES/OVERVIEW b/postfix/README_FILES/OVERVIEW index 504196b24..9c604c85e 100644 --- a/postfix/README_FILES/OVERVIEW +++ b/postfix/README_FILES/OVERVIEW @@ -203,10 +203,10 @@ queues. smtpd(8) qmgr(8) local(8) - * The anvil(8) server implements client connection and rate limiting for all - smtpd(8) servers. The TUNING_README document provides guidance for dealing - with mis-behaving SMTP clients. The anvil(8) service is not included with - Postfix version 2.1 or earlier. + * The anvil(8) server implements client connection and request rate limiting + for all smtpd(8) servers. The TUNING_README document provides guidance for + dealing with mis-behaving SMTP clients. The anvil(8) service is not + included with Postfix version 2.1 or earlier. Network -> smtpd(8) <-> anvil(8) @@ -268,14 +268,19 @@ queues. * The scache(8) server maintains the connection cache for the Postfix smtp(8) client. When connection caching is enabled for selected destinations, the smtp(8) client does not disconnect immediately after a mail transaction, - but gives the connection to the connection cache server. The smtp(8) client - continues with some other mail delivery request. Meanwhile, the connection - cache server keeps the connection open for a limited amount of time. During - that time, any smtp(8) process can ask the scache(8) server for that cached - connection and use it for mail delivery. + but gives the connection to the connection cache server which keeps the + connection open for a limited amount of time. The smtp(8) client continues + with some other mail delivery request. Meanwhile, any smtp(8) process can + ask the scache(8) server for that cached connection and reuse it for mail + delivery. As a safety measure, Postfix limits the number of times that a + connection may be reused. - smtp(8) -> scache(8) -> smtp(8) - + When delivering mail to a destination with multiple mail servers, + connection caching can help to skip over a non-responding server, and thus + dramatically speed up delivery. + + smtp(8) <-> scache(8) <-> smtp(8) + * The showq(8) servers list the Postfix queue status. This is the queue listing service that does the work for the mailq(1) and postqueue(1) @@ -290,6 +295,34 @@ queues. error streams. You can find examples of its use in the SMTPD_POLICY_README document. + * The tlsmgr(8) server runs when TLS (Transport Layer Security, formerly + known as SSL) is turned on in the Postfix smtp(8) client or smtpd(8) + server. This process has two duties: + + o Maintain the pseudo-random number generator (PRNG) that is used to seed + the TLS engines in Postfix smtp(8) client or smtpd(8) server processes. + The state of this PRNG is saved periodically to a file, and is read + when tlsmgr(8) starts up. + + o Maintain the optional Postfix smtp(8) client or smtpd(8) server caches + with TLS session keys. Saved keys can improve performance by reducing + the amount of computation at the start of a TLS session. + + TLS support is available in Postfix version 2.2 and later. Information + about the Postfix TLS implementation is in the TLS_README document. + + <---seed--- ---seed---> + Network-> smtpd(8) tlsmgr(8) smtp(8) ->Network + <-session-> <-session-> + + / | \ + | + / \ + + smtpd PRNG smtp + session state session + cache file cache + * The verify(8) server verifies that a sender or recipient address is deliverable before the smtpd(8) server accepts it. The verify(8) server injects probe messages into the Postfix queue and processes status updates diff --git a/postfix/README_FILES/PCRE_README b/postfix/README_FILES/PCRE_README index f80e3ae7d..c633ce186 100644 --- a/postfix/README_FILES/PCRE_README +++ b/postfix/README_FILES/PCRE_README @@ -38,7 +38,7 @@ AUXLIBS, for example: "CCARGS=-DHAS_PCRE -I/usr/local/include" \ "AUXLIBS=-L/usr/local/lib -lpcre" -Solaris may need run-time path information: +Solaris needs run-time path information too: make -f Makefile.init makefiles \ "CCARGS=-DHAS_PCRE -I/usr/local/include" \ diff --git a/postfix/README_FILES/STANDARD_CONFIGURATION_README b/postfix/README_FILES/STANDARD_CONFIGURATION_README index b1ca2920e..7c177af93 100644 --- a/postfix/README_FILES/STANDARD_CONFIGURATION_README +++ b/postfix/README_FILES/STANDARD_CONFIGURATION_README @@ -424,6 +424,17 @@ To find out what lookup tables Postfix supports, use the command "ppoossttc Execute the command "ppoossttmmaapp //eettcc//ppoossttffiixx//ttrraannssppoorrtt" whenever you change the transport table. +NOTE: Do not use the fallback_relay feature when relaying mail for a backup or +primary MX domain. Mail would loop between the Postfix MX host and the +fallback_relay host when the final destination is unavailable. + + * In main.cf specify "relay_transport = relay", + * In master.cf specify "-o fallback_relay =" at the end of the relay entry. + * In transport maps, specify "relay:nexthop..." as the right-hand side for + backup or primary MX domain entries. + +These are default settings in Postfix version 2.2 and later. + PPoossttffiixx oonn aa ddiiaalluupp mmaacchhiinnee This section applies to dialup connections that are down most of the time. For diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 832a5cd24..15feb304d 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -10,12 +10,38 @@ thousands of lines of OpenSSL library code. Assuming that OpenSSL is written as carefully as Wietse's own code, every 1000 lines introduce one additional bug into Postfix. -PPuurrppoossee ooff tthhiiss ddooccuummeenntt +IInnttrroodduuccttiioonn -This document describes how to build Postfix with Transport Layer Security -(TLS) support in the Postfix SMTP client and Postfix SMTP server, and how to -configure the TLS manager daemon that maintains the Pseudo Random Number -Generator (PRNG) pool and the TLS session cache information. +This document requires Postfix version 2.2 or later. + +Postfix may be built with Transport Layer Security (TLS, formerly called SSL) +protocol support as described in RFC 3207. This provides certificate-based +authentication, and encrypted sessions. An encrypted session protects the +information that is transmitted with SMTP mail or with SASL authentication. The +main elements of the Postfix TLS architecture are: + + * The smtpd(8) server implements the SMTP over TLS server side. + + * The smtp(8) client implements the SMTP over TLS client side. + + * The tlsmgr(8) server maintains the pseudo-random number generator (PRNG) + that seeds the TLS engines in the smtpd(8) server and smtp(8) client + processes, and maintains the TLS session cache files with TLS session keys. + +The following diagram shows the relationship between these architecture +elements. + + <---seed--- ---seed---> +Network-> smtpd(8) tlsmgr(8) smtp(8) ->Network + <-session-> <-session-> + + / | \ + | + / \ + + smtpd PRNG smtp + session state session + cache file cache Topics covered in this document: @@ -35,7 +61,7 @@ BBuuiillddiinngg PPoossttffiixx wwiitthh TTLLSS ssuuppp To build Postfix with TLS support, first we need to generate the make(1) files with the necessary definitions. This is done by invoking the command "make -makefiles in the Postfix top-level directory and with arguments as shown next. +makefiles" in the Postfix top-level directory and with arguments as shown next. * If the OpenSSL include files (such as ssl.h) are in directory /usr/include/ openssl, and the OpenSSL libraries (such as libssl.so and libcrypto.so) are @@ -52,6 +78,12 @@ makefiles in the Postfix top-level directory and with arguments as shown next. % mmaakkee mmaakkeeffiilleess CCCCAARRGGSS==""--DDUUSSEE__TTLLSS --II//uussrr//llooccaall//iinncclluuddee"" \\ AAUUXXLLIIBBSS==""--LL//uussrr//llooccaall//lliibb --llssssll --llccrryyppttoo"" + On Solaris, specify the -R option as shown below: + + % mmaakkee ttiiddyy # if you have left-over files from a previous build + % mmaakkee mmaakkeeffiilleess CCCCAARRGGSS==""--DDUUSSEE__TTLLSS --II//uussrr//llooccaall//iinncclluuddee"" \\ + AAUUXXLLIIBBSS==""--RR//uussrr//llooccaall//lliibb --LL//uussrr//llooccaall//lliibb --llssssll --llccrryyppttoo"" + If you need to apply other customizations (such as Berkeley DB databases, MySQL, PosgreSQL, LDAP or SASL), see the respective Postfix README documents, and combine their "make makefiles" instructions with the instructions above: @@ -672,9 +704,7 @@ keywords: Don't use TLS at all. MAY Try to use STARTTLS if offered, otherwise use the unencrypted - connection. NOTE: STARTTLS can be used only if TLS is already enabled - via main.cf, so that the client TLS engine is properly initialized at - program startup. + connection. MUST Require usage of STARTTLS, require that the remote SMTP server hostname matches the information in the remote SMTP server certificate, and @@ -781,10 +811,11 @@ Example: In order to feed its in-memory PRNG pool, the tlsmgr(8) reads entropy from an external source, both at startup and during run-time. Specify a good entropy -source, like EGD or /dev/urandom; be sure to only use non-blocking sources. If -the entropy source is not a regular file, you must prepend the source type to -the source name: "dev:" for a device special file, or "egd:" for a source with -EGD compatible socket interface. +source, like EGD or /dev/urandom; be sure to only use non-blocking sources (on +OpenBSD, use /dev/arandom when tlsmgr(8) complains about /dev/urandom timeout +errors). If the entropy source is not a regular file, you must prepend the +source type to the source name: "dev:" for a device special file, or "egd:" for +a source with EGD compatible socket interface. Examples (specify only one in main.cf): diff --git a/postfix/README_FILES/TUNING_README b/postfix/README_FILES/TUNING_README index 0eff51856..58e5edd98 100644 --- a/postfix/README_FILES/TUNING_README +++ b/postfix/README_FILES/TUNING_README @@ -191,8 +191,8 @@ GGeenneerraall mmaaiill ddeelliivveerryy ppeerrffoorrm network link. * Reduce the smtp_connect_timeout and smtp_helo_timeout values so that - Postfix does not waste lots of time connecting to non-responding smtpd(8) - servers. + Postfix does not waste lots of time connecting to non-responding remote + SMTP servers. * Use a dedicated mail delivery transport for problematic destinations, with reduced timeouts and with adjusted concurrency. See "Tuning the number of diff --git a/postfix/README_FILES/XFORWARD_README b/postfix/README_FILES/XFORWARD_README index bd7fc0dce..c11ea991f 100644 --- a/postfix/README_FILES/XFORWARD_README +++ b/postfix/README_FILES/XFORWARD_README @@ -60,10 +60,11 @@ are in fact case insensitive. hostname. * The SOURCE attribute specifies LOCAL when the message was received from a - source that is local with respect to the up-stream host, REMOTE for mail - from a remote source, or [UNAVAILABLE] when the information is unavailable. - The down-stream MTA may decide to enable header munging and address - qualification with mail from local sources. + source that is local with respect to the up-stream host (for example, the + message originated from the up-stream host itself), REMOTE for all other + mail, or [UNAVAILABLE] when the information is unavailable. The down-stream + MTA may decide to enable features such as header munging or address + qualification with mail from local sources but not other sources. Note 1: Attribute values must not be longer than 255 characters (specific attributes may impose shorter lengths), must not contain control characters, diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 7e9f0c467..5a1e813f7 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -7,6 +7,13 @@ snapshot release). Patches are issued for the official release and change the patchlevel and the release date. Patches are never issued for snapshot releases. +Incompatible changes with snapshot Postfix-2.2-20050131 +======================================================= + +Postfix rewrites message header addresses only in mail that originates +from the local machine. Specify "local_header_rewrite_clients = +static:all" to get the old behavior of Postfix 2.1 and earlier. + Incompatible changes with snapshot Postfix-2.2-20050117 ======================================================= diff --git a/postfix/auxiliary/postfinger/postfinger b/postfix/auxiliary/postfinger/postfinger new file mode 100755 index 000000000..ec43099e9 --- /dev/null +++ b/postfix/auxiliary/postfinger/postfinger @@ -0,0 +1,242 @@ +#!/bin/sh +# postfinger - captures Postfix configuration for reporting errors +# +# Inspired by comments on the postfix-users mailing list. +# Copyright (C) 2003 Simon J. Mudd (sjmudd@pobox.com) +# With help from: +# Matthias Andree +# Victor Duchovni +# Sasa Babic +# IƱaki Arenaza +# Jorge Gordoy +# $Revision: 1.29 $ +# +# License: +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You may have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# +# An on-line copy of the GNU General Public License can be found +# http://www.fsf.org/copyleft/gpl.html. + +version_number=1.29 # don't use rcs version here +version="version: ${version_number}" +BACKUP_IFS=$IFS +usage="postfinger ${version}: a Postfix configuration extraction utility +Usage: postfinger [options] + +Options can be any of: + --all Show all configuration information + --system Show basic system environment (os/kernel/...) [default] + --package Show packaging information [default] + --locking Show mailbox locking methods + --tables Show supported lookup tables + --main Show main.cf non-default configuration values [default] + --defaultsinmain Show main.cf defined values which are identical to defaults + --master Show master.cf configuration [default] + --permissions Show some of the spool_directory permissions + --libraries Show the Postfix libraries dependencies + + --nosystem Do not show basic system environment (os/kernel/...) + --nomain Do not show main.cf non-default configuration values + --nomaster Do not show master.cf configuration + --nowarn Do not warn about private information being leaked to + outsiders + --version print the version of postfinger being used and exit + +Mail bug reports and suggestions to ". + +system=1; package=1; locking=; tables=; main=1; master=1; permissions=; libraries=;warn=1;defaultsinmain= + +for arg +do + case $arg in + --version) echo "postfinger ${version}"; exit 0;; + --all) system=1; package=1; locking=1; tables=1; main=1; master=1; permissions=1; libraries=1; warn=1;; + --system) system=1;; + --package) package=1;; + --locking) locking=1;; + --tables) tables=1;; + --main) main=1;; + --defaultsinmain) defaultsinmain=1;; + --master) master=1;; + --permissions) permissions=1;; + --libraries) libraries=1;; + --nosystem) system=;; + --nomain) main=;; + --nomaster) master=;; + --nowarn) warn=;; + --help) echo "${usage}"; exit 0;; + *) echo "Error: ${usage}" 1>&2; exit 1;; + esac + shift +done + +echo "postfinger - postfix configuration on `LANG=C date`" +echo ${version} +echo '' + +[ "${warn}" = 1 ] && { +cat </dev/null 2>/dev/null && { + package=`${DPKG} -S ${SMTPD} | awk -F: '{print $1}' | head -n 1` + package_ver=`COLUMNS=132 ${DPKG} -l ${package} | grep ii | grep -v "documentation" | awk '{print $3}'` + echo "looks like this postfix comes from deb package: ${package}-${package_ver}" + } + } + + RPM= + [ -x /bin/rpm ] && RPM=/bin/rpm + [ -z "${RPM}" ] && [ -x /usr/local/bin/rpm ] && RPM=/usr/local/bin/rpm + [ -n "${RPM}" ] && { + ${RPM} -qf ${SMTPD} >/dev/null 2>/dev/null && \ + echo "looks like this postfix comes from RPM package: `${RPM} -qf ${SMTPD}`" + } + + BSDPKG= + [ -x /usr/sbin/pkg_info ] && BSDPKG=/usr/sbin/pkg_info + [ -n "${BSDPKG}" ] && { + ${BSDPKG} -q -W ${SMTPD} >/dev/null 2>/dev/null && \ + echo "looks like this postfix comes from BSD package: `${BSDPKG} -q -W ${SMTPD}`" + } + + echo "" +} + +IFS=" +" +[ "${locking}" = 1 ] && { + echo "--Mailbox locking methods--" + locking_methods=`${POSTCONF} -l` + echo $locking_methods + echo "" +} + +[ "${tables}" = 1 ] && { + echo "--Supported Lookup tables--" + lookup_tables=`${POSTCONF} -m` + echo $lookup_tables + echo "" +} + +[ "${main}" = 1 -o "${defaultsinmain}" = 1 ] && { + if [ "x`find . -prune \( -perm 020 -o -perm 002 \) -print`" != "x" ] + then + echo 2>&2 "Do not run this in a public- or group-writable directory" + exit 1 + fi + + rm -f postfinger.$$.d postfinger.$$.n + ${POSTCONF} -d | tr -s [:blank:] | sort > postfinger.$$.d + ${POSTCONF} -n | tr -s [:blank:] | sort > postfinger.$$.n + + [ "$main" = 1 ] && { + echo "--main.cf non-default parameters--" + comm -13 postfinger.$$.d postfinger.$$.n + echo "" + } + + [ "${defaultsinmain}" = 1 ] && { + echo "--main.cf parameters defined as per defaults--" + comm -12 postfinger.$$.d postfinger.$$.n + echo "" + } + + rm -f postfinger.$$.d postfinger.$$.n +} + +[ "${master}" = 1 ] && { + echo "--master.cf--" + # Remove blank and commented lines to reduce the output + # Note: the second grep contains a space followed by a tab character + cat `${POSTCONF} -h config_directory`/master.cf | \ + grep -v '^#' | \ + grep -v '^[ ]*$' + echo "" +} + +[ "${permissions}" = 1 ] && { + echo "--Specific file and directory permissions--" + ls -ld `${POSTCONF} -h queue_directory`/maildrop + ls -ld `${POSTCONF} -h queue_directory`/public + ls -l `${POSTCONF} -h queue_directory`/public 2>/dev/null || { + echo 'WARNING: No access to $queue_directory/public' + echo ' Try running postfinger as user root or postfix' + } + ls -ld `${POSTCONF} -h queue_directory`/private + ls -l `${POSTCONF} -h queue_directory`/private 2>/dev/null || { + echo 'WARNING: No access to $queue_directory/private' + echo ' Try running postfinger as user root or postfix' + } + ls -l `${POSTCONF} -h command_directory`/postdrop + ls -l `${POSTCONF} -h command_directory`/postqueue + echo "" +} + +[ "${libraries}" = 1 ] && { + echo "--Library dependencies--" + echo "${SMTPD}:" + ldd ${SMTPD} || echo "WARNING: Can not find ldd. Check you have it installed and in your path" +} + +echo "-- end of postfinger output --" diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 2372fc4f9..3833ad6b4 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -29,7 +29,9 @@ verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp +# When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp + -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html index dfa689427..9abb142c1 100644 --- a/postfix/html/ADDRESS_REWRITING_README.html +++ b/postfix/html/ADDRESS_REWRITING_README.html @@ -63,7 +63,7 @@ tables.

-

To rewrite or not to rewrite, or to label +

To rewrite message headers or not, or to label as invalid

Postfix versions 2.1 and earlier always rewrite message header -addresses, and append Postfix's own domain information to incomplete -addresses. While rewriting message headers is OK for mail with a -local origin, it is undesirable for remote mail:

+addresses, and append Postfix's own domain information to addresses +that Postfix considers incomplete. While rewriting message header +addresses is OK for mail with a local origin, it is undesirable +for remote mail:

    -
  • Header mangling is frowned upon by mail standards, +
  • Message header address rewriting is frowned upon by mail standards, -
  • Appending Postfix's own domain information produces incorrect -results with remote incomplete addresses, +
  • Appending Postfix's own domain produces incorrect results with +some incomplete addresses, -
  • Appending Postfix's own domain information sometimes creates -the appearance that spam is sent by local users. +
  • Appending Postfix's own domain sometimes creates the appearance +that spam is sent by local users.
@@ -133,21 +134,24 @@ how it works:

    -
  • Postfix does not rewrite message headers from remote SMTP -clients at all when the remote_header_rewrite_domain parameter -value is empty. +
  • Postfix always rewrites message header addresses from local +SMTP clients, and from the Postfix sendmail command. The +local_header_rewrite_clients parameter controls what SMTP clients +Postfix considers local (by default, only local network interface +addresses). -
  • Otherwise, Postfix appends the specified domain name to -incomplete addresses in message headers from remote SMTP clients. -This feature can be used to append a reserved domain such as -"domain.invalid", so that incomplete addresses cannot be mistaken +
  • Postfix never rewrites message header addresses from remote +SMTP clients when the remote_header_rewrite_domain parameter value +is empty (the default setting). + +
  • Otherwise, Postfix appends the remote_header_rewrite_domain +value to incomplete message header addresses from remote SMTP +clients. This feature can be used to append a reserved domain such +as "domain.invalid", so that incomplete addresses cannot be mistaken for local addresses.
-

The local_header_rewrite_clients parameter controls what SMTP -clients Postfix considers local instead of remote.

-

Postfix address rewriting overview

The figure below zooms in on those parts of Postfix that are most diff --git a/postfix/html/DEBUG_README.html b/postfix/html/DEBUG_README.html index da8b4f5fd..e326699cc 100644 --- a/postfix/html/DEBUG_README.html +++ b/postfix/html/DEBUG_README.html @@ -499,7 +499,9 @@ document to find out where logging is stored. Please do not frustrate the helpers by word wrapping the logging.

  • Output from "postconf -n". Please do not send your main.cf -file. Or better, provide output from the "postfinger" tool.

    +file. Or better, provide output from the "postfinger" tool. This +tool is bundled with Postfix 2.2 and later source code, and can be +found at http://ftp.wl0.org/SOURCES/postfinger.

  • If the problem is about too much mail in the queue, consider including output from the qshape tool, as described in the diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html index 609a85033..0462854fa 100644 --- a/postfix/html/OVERVIEW.html +++ b/postfix/html/OVERVIEW.html @@ -445,7 +445,8 @@ postfix-script(1) -

  • The anvil(8) server implements client connection and rate +

  • The anvil(8) server implements client connection and +request rate limiting for all smtpd(8) servers. The TUNING_README document provides guidance for dealing with mis-behaving SMTP clients. The anvil(8) service is not included with Postfix version 2.1 or earlier. @@ -538,22 +539,26 @@ table among multiple processes.

  • The scache(8) server maintains the connection cache for the Postfix smtp(8) client. When connection caching is enabled for -selected -destinations, the smtp(8) client does not disconnect immediately -after a mail transaction, but gives the connection to the connection -cache server. The smtp(8) client continues with some other mail -delivery request. Meanwhile, the connection cache server keeps the -connection open for a limited amount of time. During that time, -any smtp(8) process can ask the scache(8) server for that cached -connection and use it for mail delivery.

    +selected destinations, the smtp(8) client does not disconnect +immediately after a mail transaction, but gives the connection to +the connection cache server which keeps the connection open for a +limited amount of time. The smtp(8) client continues with some +other mail delivery request. Meanwhile, any smtp(8) process can +ask the scache(8) server for that cached connection and reuse it +for mail delivery. As a safety measure, Postfix limits the number +of times that a connection may be reused.

    + +

    When delivering mail to a destination with multiple mail servers, +connection caching can help to skip over a non-responding server, +and thus dramatically speed up delivery.

    - +

    smtp(8)
    		->
    scache(8)
          		-> -
    smtp(8) -
     

    smtp(8)
    		<->
    scache(8)
          		+<->
    +smtp(8)
     
    @@ -579,6 +584,53 @@ with the client connected via socket or FIFO to the command's standard input, output and error streams. You can find examples of its use in the SMTPD_POLICY_README document.

    +

  • The tlsmgr(8) server runs when TLS (Transport Layer +Security, formerly known as SSL) is turned on in the Postfix smtp(8) +client or smtpd(8) server. This process has two duties:

    + +
      + +

    • Maintain the pseudo-random number generator (PRNG) that +is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8) +server processes. The state of this PRNG is saved periodically to +a file, and is read when tlsmgr(8) starts up.

      + +

    • Maintain the optional Postfix smtp(8) client or smtpd(8) +server caches with TLS session keys. Saved keys can improve +performance by reducing the amount of computation at the start of +a TLS session.

      + +
    + +

    TLS support is available in Postfix version 2.2 and later. +Information about the Postfix TLS implementation is in the TLS_README +document.

    + + + + + + + + + + + +
    Network->
    smtpd(8)
          		+ <---seed---

    <-session->
    tlsmgr(8)
          		---seed--->

    <-session-> +
    smtp(8)
    		->Network
    + /
    /
    +    		 |
    |    		 + +
    \
    \
    +smtpd
    session
    cache     		PRNG
    state
    file     		smtp
    session
    cache
    + +

  • The verify(8) server verifies that a sender or recipient address is deliverable before the smtpd(8) server accepts it. The verify(8) server injects probe messages into the Postfix queue and diff --git a/postfix/html/PCRE_README.html b/postfix/html/PCRE_README.html index 3585232a0..f4a4e25c4 100644 --- a/postfix/html/PCRE_README.html +++ b/postfix/html/PCRE_README.html @@ -61,7 +61,7 @@ make -f Makefile.init makefiles \ -

    Solaris may need run-time path information:

    +

    Solaris needs run-time path information too: 

    diff --git a/postfix/html/STANDARD_CONFIGURATION_README.html b/postfix/html/STANDARD_CONFIGURATION_README.html
index ac6caa60c..855747fca 100644
--- a/postfix/html/STANDARD_CONFIGURATION_README.html
+++ b/postfix/html/STANDARD_CONFIGURATION_README.html
@@ -577,8 +577,28 @@ table. 
    
 dbm files instead of db files. To find out what lookup
 tables Postfix supports, use the command "postconf -m". 
    
 
-
     Execute the command "postmap /etc/postfix/transport" whenever
-you change the transport table. 
    
+
     Execute the command "postmap /etc/postfix/transport"
+whenever you change the transport table. 
    
+
+
     NOTE: Do not use the fallback_relay feature when relaying mail 
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable. 
    
+ 
+
      
+
+
    •  In main.cf specify "relay_transport = relay",
+
+
    •  In master.cf specify "-o fallback_relay =" at the    
+end of the relay entry.
+
+
    •  In transport maps, specify "relay:nexthop..."
+as the right-hand side for backup or primary MX domain entries.
+
+
    
+
+
     These are default settings in Postfix version 2.2 and later.
+
    
 
 
    Postfix on a dialup machine
    
 
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 6826d9f67..2f8e2bdd8 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -27,13 +27,63 @@ code.  Assuming that OpenSSL is written as carefully as Wietse's
 own code, every 1000 lines introduce one additional bug into
 Postfix.  
    
 
-
     Purpose of this document 
    
+
     Introduction 
    
 
-
     This document describes how to build Postfix with Transport
-Layer Security (TLS) support in the Postfix SMTP client and Postfix
-SMTP server, and how to configure the TLS manager daemon that
-maintains the Pseudo Random Number Generator (PRNG) pool and the
-TLS session cache information. 
    
+
     This document requires Postfix version 2.2 or later. 
    
+
+
     Postfix may be built with Transport Layer Security (TLS, formerly
+called SSL) protocol support as described in RFC 3207. This provides
+certificate-based authentication, and encrypted sessions.  An
+encrypted session protects the information that is transmitted with
+SMTP mail or with SASL authentication.  The main elements of the
+Postfix TLS architecture are:  
    
+
+
      
+
+
    •  
       The smtpd(8) server implements the SMTP over TLS server
+side. 
      
+
+
    •  
       The smtp(8) client implements the SMTP over TLS client
+side. 
      
+
+
    •  
       The tlsmgr(8) server maintains the pseudo-random number
+generator (PRNG) that seeds the TLS engines in the smtpd(8) server
+and smtp(8) client processes, and maintains the TLS session cache
+files with TLS session keys. 
      
+
+
    
+
+
     The following diagram shows the relationship between these
+architecture elements. 
    
+
+
+
+
+
+
+
+
+
+
+
+
+
     Network->    
     smtpd(8) 
           		 
+
+ <---seed---

    <-session->          		  
     tlsmgr(8) 
           		  ---seed--->
     
    <-session->
+
+         		  
     smtp(8) 
    		   ->Network  
        
     
     
+
+  /  
     
      /    
     
    
+    		  |
     |    		  
+
+
+
      \    
     
        \ 
     
         		   
       
+smtpd
     session
     cache     		    PRNG
     state 
    file     		    smtp
     session
     cache     		  
    
 
 
     Topics covered in this document: 
    
 
@@ -67,7 +117,7 @@ TLS session cache information. 
    
 
 
     To build Postfix with TLS support, first we need to generate
 the make(1) files with the necessary definitions. This is
-done by invoking the command "make makefiles in the Postfix
+done by invoking the command "make makefiles" in the Postfix
 top-level directory and with arguments as shown next. 
    
 
 
      
@@ -97,6 +147,16 @@ are in directory /usr/local/lib:
    +

    On Solaris, specify the -R option as shown below: + +

    +
    +% make tidy # if you have left-over files from a previous build
+% make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+    AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" 
+
    +
    +

    If you need to apply other customizations (such as Berkeley DB @@ -973,9 +1033,7 @@ specify one of the following keywords:

    NONE
    Don't use TLS at all.
    MAY
    Try to use STARTTLS if offered, otherwise use -the unencrypted connection. NOTE: STARTTLS can be used only if TLS -is already enabled via main.cf, so that the client TLS engine is -properly initialized at program startup.
    +the unencrypted connection.
    MUST
    Require usage of STARTTLS, require that the remote SMTP server hostname matches the information in the remote @@ -1124,7 +1182,9 @@ session key.

    In order to feed its in-memory PRNG pool, the tlsmgr(8) reads entropy from an external source, both at startup and during run-time. Specify a good entropy source, like EGD or /dev/urandom; be sure -to only use non-blocking sources. If the entropy source is not a +to only use non-blocking sources (on OpenBSD, use /dev/arandom +when tlsmgr(8) complains about /dev/urandom timeout errors). +If the entropy source is not a regular file, you must prepend the source type to the source name: "dev:" for a device special file, or "egd:" for a source with EGD compatible socket interface.

    diff --git a/postfix/html/TUNING_README.html b/postfix/html/TUNING_README.html index b5da33a88..f0911ee98 100644 --- a/postfix/html/TUNING_README.html +++ b/postfix/html/TUNING_README.html @@ -246,7 +246,7 @@ process limit.

    connections per unit time (default: no limit).

  • These limits are not applied to SMTP clients in the networks -specified with $smtpd_client_connection_limit_exceptions (default: +specified with $smtpd_client_connection_limit_exceptions (default: clients in $mynetworks may make an unlimited number of connections).

  • The anvil_rate_time_unit parameter specifies the time @@ -284,7 +284,7 @@ across the upstream network link.

  • Reduce the smtp_connect_timeout and smtp_helo_timeout values so that Postfix does not waste lots of time connecting -to non-responding smtpd(8) servers.

    +to non-responding remote SMTP servers.

  • Use a dedicated mail delivery transport for problematic destinations, with reduced timeouts and with adjusted concurrency. diff --git a/postfix/html/XFORWARD_README.html b/postfix/html/XFORWARD_README.html index c1f02d821..11a26b40f 100644 --- a/postfix/html/XFORWARD_README.html +++ b/postfix/html/XFORWARD_README.html @@ -96,10 +96,12 @@ names are shown in upper case, they are in fact case insensitive.

  • The SOURCE attribute specifies LOCAL when the message was received from a source that is local with respect to the - up-stream host, REMOTE for mail from a remote source, or - [UNAVAILABLE] when the information is unavailable. The down-stream - MTA may decide to enable header munging and address qualification - with mail from local sources.

    + up-stream host (for example, the message originated from the + up-stream host itself), REMOTE for all other mail, or [UNAVAILABLE] + when the information is unavailable. The down-stream MTA may + decide to enable features such as header munging or address + qualification with mail from local sources but not other sources. +

    diff --git a/postfix/html/cidr_table.5.html b/postfix/html/cidr_table.5.html index bfdbe7d44..799786d44 100644 --- a/postfix/html/cidr_table.5.html +++ b/postfix/html/cidr_table.5.html @@ -35,6 +35,16 @@ CIDR_TABLE(5) CIDR_TABLE(5) 0.0.0.0/0 to match every IPv4 address, and ::/0 to match every IPv6 address. + An IPv4 network address is a sequence of four deci- + mal octets separated by ".", and an IPv6 network + address is a sequence of three to eight hexadecimal + octet pairs separated by ":". + + Before comparisons are made, lookup keys and table + entries are converted from string to binary. There- + fore table entries will be matched regardless of + redundant zero characters. + Note: address information may be enclosed inside "[]" but this form is not recommended. diff --git a/postfix/html/master.5.html b/postfix/html/master.5.html index 67e2b0e20..d12f852e6 100644 --- a/postfix/html/master.5.html +++ b/postfix/html/master.5.html @@ -122,10 +122,10 @@ MASTER(5) MASTER(5) main.cf file). Chroot should not be used with the local(8), - pipe(8) and spawn(8) daemons. Although the prox- - ymap(8) server can run chrooted, doing so defeats - most of the purpose of having that service in the - first place. + pipe(8), spawn(8), and virtual(8) daemons. + Although the proxymap(8) server can run chrooted, + doing so defeats most of the purpose of having that + service in the first place. The files in the examples/chroot-setup subdirectory of the Postfix source archive describe how to set diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index dcf5b671f..e77a653f7 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -117,22 +117,26 @@ POSTALIAS(1) POSTALIAS(1) types: btree The output is a btree file, named - file_name.db. This is available only on - systems with support for db databases. + file_name.db. This is available on systems + with support for db databases. + + cdb The output is one file named file_name.cdb. + This is available on systems with support + for cdb databases. dbm The output consists of two files, named file_name.pag and file_name.dir. This is - available only on systems with support for - dbm databases. + available on systems with support for dbm + databases. hash The output is a hashed file, named - file_name.db. This is available only on - systems with support for db databases. + file_name.db. This is available on systems + with support for db databases. sdbm The output consists of two files, named file_name.pag and file_name.dir. This is - available only on systems with support for - sdbm databases. + available on systems with support for sdbm + databases. When no file_type is specified, the software uses the database type specified via the diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index 0150a6bb4..a735f34d6 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -44,8 +44,8 @@ POSTCONF(1) POSTCONF(1) flock A kernel-based advisory locking method for local files only. This locking method is - available only on systems with a BSD compat- - ible library. + available on systems with a BSD compatible + library. fcntl A kernel-based advisory locking method for local and remote files. @@ -59,93 +59,99 @@ POSTCONF(1) POSTCONF(1) were left behind after abnormal termination. -m List the names of all supported lookup table types. - Postfix lookup tables are specified as type:name, - where type is one of the types listed below. The - table name syntax depends on the lookup table type. - - btree A sorted, balanced tree structure. This is - available only on systems with support for - Berkeley DB databases. - - cidr A table that associates values with Class- - less Inter-Domain Routing (CIDR) patterns. + In Postfix configuration files, lookup tables are + specified as type:name, where type is one of the + types listed below. The table name syntax depends + on the lookup table type as described in the + DATABASE_README document. + + btree A sorted, balanced tree structure. This is + available on systems with support for Berke- + ley DB databases. + + cdb A read-optimized structure with no support + for incremental updates. This is available + on systems with support for CDB databases. + + cidr A table that associates values with Class- + less Inter-Domain Routing (CIDR) patterns. This is described in cidr_table(5). dbm An indexed file type based on hashing. This - is available only on systems with support - for DBM databases. + is available on systems with support for DBM + databases. environ The UNIX process environment array. The - lookup key is the variable name. Originally - implemented for testing, someone may find + lookup key is the variable name. Originally + implemented for testing, someone may find this useful someday. hash An indexed file type based on hashing. This - is available only on systems with support - for Berkeley DB databases. + is available on systems with support for + Berkeley DB databases. ldap (read-only) - Perform lookups using the LDAP protocol. + Perform lookups using the LDAP protocol. This is described in ldap_table(5). mysql (read-only) - Perform lookups using the MYSQL protocol. + Perform lookups using the MYSQL protocol. This is described in mysql_table(5). pcre (read-only) A lookup table based on Perl Compatible Reg- - ular Expressions. The file format is + ular Expressions. The file format is described in pcre_table(5). pgsql (read-only) - Perform lookups using the PostgreSQL proto- + Perform lookups using the PostgreSQL proto- col. This is described in pgsql_table(5). proxy (read-only) - A lookup table that is implemented via the - Postfix proxymap(8) service. The table name + A lookup table that is implemented via the + Postfix proxymap(8) service. The table name syntax is type:name. regexp (read-only) A lookup table based on regular expressions. - The file format is described in reg- + The file format is described in reg- exp_table(5). sdbm An indexed file type based on hashing. This - is available only on systems with support - for SDBM databases. + is available on systems with support for + SDBM databases. static (read-only) - A table that always returns its name as - lookup result. For example, static:foobar - always returns the string foobar as lookup + A table that always returns its name as + lookup result. For example, static:foobar + always returns the string foobar as lookup result. tcp (read-only) Perform lookups using a simple request-reply - protocol that is described in tcp_table(5). - This feature is not included with Postfix + protocol that is described in tcp_table(5). + This feature is not included with Postfix 2.1. unix (read-only) - A limited way to query the UNIX authentica- + A limited way to query the UNIX authentica- tion database. The following tables are implemented: unix:passwd.byname - The table is the UNIX password - database. The key is a login name. - The result is a password file entry + The table is the UNIX password + database. The key is a login name. + The result is a password file entry in passwd(5) format. unix:group.byname - The table is the UNIX group - database. The key is a group name. - The result is a group file entry in + The table is the UNIX group + database. The key is a group name. + The result is a group file entry in group(5) format. - Other table types may exist depending on how Postfix was + Other table types may exist depending on how Postfix was built. -n Print parameter settings that are not left at their @@ -153,7 +159,7 @@ POSTCONF(1) POSTCONF(1) specified in main.cf. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. DIAGNOSTICS @@ -164,14 +170,14 @@ POSTCONF(1) POSTCONF(1) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant + The following main.cf parameters are especially relevant to this program. - The text below provides only a parameter summary. See + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. FILES @@ -184,7 +190,7 @@ POSTCONF(1) POSTCONF(1) DATABASE_README, Postfix lookup table overview LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index e2b876ba9..2fb6be1bf 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -2093,11 +2093,29 @@ By default, mail is returned to the sender when a destination is not found, and delivery is deferred if a destination is unreachable.

    -

    -The fallback relays must be SMTP destinations. Specify a domain, +

    The fallback relays must be SMTP destinations. Specify a domain, host, host:port, [host]:port, [address] or [address]:port; the form [host] turns off MX lookups. If you specify multiple SMTP -destinations, Postfix will try them in the specified order. +destinations, Postfix will try them in the specified order.

    + +

    NOTE: Do not use the fallback_relay feature when relaying mail +for a backup or primary MX domain. Mail would loop between the +Postfix MX host and the fallback_relay host when the final destination +is unavailable.

    + +
      + +
    • In main.cf specify "relay_transport = relay", + +
    • In master.cf specify "-o fallback_relay =" at the +end of the relay entry. + +
    • In transport maps, specify "relay:nexthop..." +as the right-hand side for backup or primary MX domain entries. + +
    + +

    These are default settings in Postfix version 2.2 and later.

    @@ -3146,35 +3164,46 @@ into concurrency per domain.

    • local_header_rewrite_clients -(default: see "postconf -d" output)
    +(default: permit_inet_interfaces)

    Append the domain name in $myorigin or $mydomain to message header addresses from these clients only; either don't rewrite message headers from other clients at all, or append the domain specified with the remote_header_rewrite_domain parameter.

    +

    See the append_at_myorigin and append_dot_mydomain parameters +for details of how domain names are appended to incomplete addresses. +

    +

    Specify a list of zero or more of the following:

    +
    permit_inet_interfaces
    + +
    Append the domain name in $myorigin or $mydomain when the +client IP address matches $inet_interfaces. This is enabled by +default.
    +
    permit_mynetworks
    Append the domain name in $myorigin or $mydomain when the client IP address matches any network or network address listed in -$mynetworks. This is enabled by default.
    +$mynetworks. This setting will not prevent remote mail header +address rewriting when mail from a remote client is forwarded by +a neighboring system.

    permit_sasl_authenticated
    Append the domain name in $myorigin or $mydomain when the client is successfully authenticated via the RFC 2554 (AUTH) -protocol. This is enabled by default.
    +protocol.
    permit_tls_clientcerts
    Append the domain name in $myorigin or $mydomain when the client TLS certificate is successfully verified, and the client -certificate fingerprint is listed in $relay_clientcerts. This is -enabled by default.
    +certificate fingerprint is listed in $relay_clientcerts.
    permit_tls_all_clientcerts
    @@ -3183,45 +3212,42 @@ client TLS certificate is successfully verified, regardless of whether it is listed on the server, and regardless of the certifying authority. -
    check_address_map type:table
    +
    check_address_map type:table
    type:table
    Append the domain name in $myorigin or $mydomain when the -client IP address matches the specified lookup table. The lookup -result is ignored, and no subnet lookup is done. This is suitable -for pop-before-smtp lookup tables.
    +client IP address matches the specified lookup table. +The lookup result is ignored, and no subnet lookup is done. This +is suitable for, e.g., pop-before-smtp lookup tables.

    Examples:

    -

    The backwards compatible setting: always rewrite message headers, -and always append my own domain to incomplete header addresses.

    +

    The Postfix < 2.2 backwards compatible setting: always rewrite +message headers, and always append my own domain to incomplete +header addresses. 

         local_header_rewrite_clients = static:all
    -

    The purist setting: rewrite headers only in mail from Postfix -sendmail and in SMTP mail from this machine.

    +

    The purist (and default) setting: rewrite headers only in mail +from Postfix sendmail and in SMTP mail from this machine. 

    -    mynetworks_style = host
-    local_header_rewrite_clients = permit_mynetworks
+    local_header_rewrite_clients = permit_inet_interfaces
    -

    The default setting: rewrite headers and append my own domain -only with mail from Postfix sendmail and from local or authorized -SMTP clients.

    - -
    -    local_header_rewrite_clients = permit_mynetworks,
-        permit_sasl_authenticated permit_tls_clientcerts
-
    +

    The intermediate setting: rewrite header addresses and append +$myorigin or $mydomain information only with mail from Postfix +sendmail, from local clients, or from authorized SMTP clients.

    -

    The ISP setting: include clients that are pop-before-smtp -authenticated.

    +

    NOTE: This setting will not prevent remote mail header address +rewriting when mail from a remote client is forwarded by a neighboring +system. 

         local_header_rewrite_clients = permit_mynetworks,
@@ -6562,9 +6588,7 @@ side specify one of the following keywords:  
    
 
     NONE 
     
    Don't use TLS at all. 
    
 
 
     MAY 
     
    Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if
-TLS is already enabled via main.cf, so that the client TLS engine
-is properly initialized at program startup. 
    
+the unencrypted connection. 
 
 
     MUST 
     
    Require usage of STARTTLS, require that the
 remote SMTP server hostname matches the information in the remote
@@ -6996,6 +7020,11 @@ client network address information.
 parent domains, client IP address, or networks obtained by stripping
 least significant octets. See the access(5) manual page for details. 
    
 
+
    permit_inet_interfaces
    
+
+
    Permit the request when the client IP address matches
+$inet_interfaces. 
    
+
 
    permit_mynetworks
    
 
 
    Permit the request when the client IP address matches any
@@ -9034,6 +9063,9 @@ type must be prepended:  egd:/path/to/egd_socket for a source with
 EGD compatible socket interface, or dev:/path/to/device for a
 device file.  
    
 
+
     Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
+gives timeout errors.  
    
+
 
 
    
 
diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html
index 4c90bf051..9ab01983e 100644
--- a/postfix/html/postmap.1.html
+++ b/postfix/html/postmap.1.html
@@ -135,22 +135,26 @@ POSTMAP(1)                                             POSTMAP(1)
               types:
 
               btree  The output  file  is  a  btree  file,  named
-                     file_name.db.   This  is  available  only on
-                     systems with support for db databases.
+                     file_name.db.   This is available on systems
+                     with support for db databases.
+
+              cdb    The  output  consists  of  one  file,  named
+                     file_name.cdb.  This is available on systems
+                     with support for cdb databases.
 
               dbm    The output  consists  of  two  files,  named
                      file_name.pag  and  file_name.dir.   This is
-                     available only on systems with  support  for
-                     dbm databases.
+                     available on systems with  support  for  dbm
+                     databases.
 
               hash   The  output  file  is  a  hashed file, named
-                     file_name.db.  This  is  available  only  on
-                     systems with support for db databases.
+                     file_name.db.  This is available on  systems
+                     with support for db databases.
 
               sdbm   The  output  consists  of  two  files, named
                      file_name.pag and  file_name.dir.   This  is
-                     available  only  on systems with support for
-                     sdbm databases.
+                     available  on  systems with support for sdbm
+                     databases.
 
               When no file_type is specified, the  software  uses
               the     database    type    specified    via    the
diff --git a/postfix/html/proxymap.8.html b/postfix/html/proxymap.8.html
index 2a5f6f486..ceb8ff7df 100644
--- a/postfix/html/proxymap.8.html
+++ b/postfix/html/proxymap.8.html
@@ -79,6 +79,12 @@ PROXYMAP(8)                                           PROXYMAP(8)
        user or group IDs, mailbox file/directory names or  exter-
        nal commands.
 
+       In Postfix version 2.2 and later, the proxymap client rec-
+       ognizes requests to access a table for  security-sensitive
+       purposes,  and  opens  the table directly. This allows the
+       same main.cf setting to be used by sensitive and  non-sen-
+       sitive processes.
+
 DIAGNOSTICS
        Problems and transactions are logged to syslogd(8).
 
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 6a23546df..0b373dc35 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -129,7 +129,7 @@ SMTPD(8)                                                 SMTPD(8)
 
        Available in Postfix version 2.2 and later:
 
-       local_header_rewrite_clients (see 'postconf -d' output)
+       local_header_rewrite_clients (permit_inet_interfaces)
               Append the domain name in $myorigin or $mydomain to
               message  header  addresses from these clients only;
               either don't rewrite  message  headers  from  other
diff --git a/postfix/html/tlsmgr.8.html b/postfix/html/tlsmgr.8.html
index 0c6c12630..4c5dba186 100644
--- a/postfix/html/tlsmgr.8.html
+++ b/postfix/html/tlsmgr.8.html
@@ -13,38 +13,39 @@ TLSMGR(8)                                               TLSMGR(8)
        tlsmgr [generic Postfix daemon options]
 
 DESCRIPTION
-       The tlsmgr(8) maintains the TLS session caches for Postfix
-       SMTP client and server processes.  It periodically removes
-       entries  that have expired, and entries that are no longer
-       compatible with the currently running Postfix version.
-
-       The tlsmgr(8) also maintains the PRNG (pseudo random  num-
-       ber  generator)  pool. This is queried by the smtpd(8) and
+       The  tlsmgr(8)  manages the TLS session caches for Postfix
+       SMTP client and server processes.  It stores and retrieves
+       cache  entries  on  request  by  smtpd(8) and smtp(8) pro-
+       cesses,  and  periodically  removes  entries   that   have
+       expired.
+
+       The  tlsmgr(8) also manages the PRNG (pseudo random number
+       generator) pool. It answers queries by  the  smtpd(8)  and
        smtp(8) processes to seed their internal PRNG pools.
 
-       The tlsmgr(8)'s internal PRNG  pool  is  initially  seeded
-       from  an  external  source  (EGD, /dev/urandom, or regular
-       file).  It is updated at configurable pseudo-random inter-
-       vals  with  data  from  the external source. It is updated
-       periodically with data from TLS session cache entries  and
-       with  the time of day, and is updated with the time of day
-       whenever a process requests tlsmgr(8) service.
+       The  tlsmgr(8)'s  PRNG  pool  is  initially seeded from an
+       external source (EGD, /dev/urandom, or regular file).   It
+       is  updated  at  configurable pseudo-random intervals with
+       data from the external source. It is updated  periodically
+       with data from TLS session cache entries and with the time
+       of day, and is updated with the time  of  day  whenever  a
+       process requests tlsmgr(8) service.
 
-       The tlsmgr(8) saves the PRNG state  to  an  exchange  file
-       periodically  and  when  the process terminates, and reads
+       The  tlsmgr(8)  saves  the  PRNG state to an exchange file
+       periodically and when the process  terminates,  and  reads
        the exchange file when initializing its PRNG.
 
 SECURITY
-       tlsmgr(8) is not security-sensitive. The code  that  main-
-       tains  the  external  and  internal  PRNG  pools  does not
-       "trust" the data that it manipulates, and  the  code  that
-       maintains  the  TLS  session cache does not touch the con-
+       tlsmgr(8)  is  not security-sensitive. The code that main-
+       tains the  external  and  internal  PRNG  pools  does  not
+       "trust"  the  data  that it manipulates, and the code that
+       maintains the TLS session cache does not  touch  the  con-
        tents of the cached entries, except for seeding its inter-
        nal PRNG pool.
 
-       The  tlsmgr(8) can be run chrooted and with reduced privi-
-       leges.  At process startup  it  connects  to  the  entropy
-       source  and  exchange  file,  and creates or truncates the
+       The tlsmgr(8) can be run chrooted and with reduced  privi-
+       leges.   At  process  startup  it  connects to the entropy
+       source and exchange file, and  creates  or  truncates  the
        optional TLS session cache files.
 
 DIAGNOSTICS
@@ -60,12 +61,12 @@ TLSMGR(8)                                               TLSMGR(8)
        because tlsmgr(8) is a persistent processes.  Use the com-
        mand "postfix reload" after a configuration change.
 
-       The  text  below  provides  only  a parameter summary. See
+       The text below provides  only  a  parameter  summary.  See
        postconf(5) for more details including examples.
 
 TLS SESSION CACHE
        smtpd_tls_session_cache_database (empty)
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
               SMTP server TLS session cache.
 
        smtpd_tls_session_cache_timeout (3600s)
@@ -73,7 +74,7 @@ TLSMGR(8)                                               TLSMGR(8)
               sion cache information.
 
        smtp_tls_session_cache_database (empty)
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
               SMTP client TLS session cache.
 
        smtp_tls_session_cache_timeout (3600s)
@@ -83,52 +84,52 @@ TLSMGR(8)                                               TLSMGR(8)
 PSEUDO RANDOM NUMBER GENERATOR
        tls_random_source (see 'postconf -d' output)
               The  external  entropy  source  for  the  in-memory
-              tlsmgr(8)  pseudo  random  number  generator (PRNG)
+              tlsmgr(8) pseudo  random  number  generator  (PRNG)
               pool.
 
        tls_random_bytes (32)
-              The number  of  bytes  that  tlsmgr(8)  reads  from
-              $tls_random_source  when  (re)seeding the in-memory
+              The  number  of  bytes  that  tlsmgr(8)  reads from
+              $tls_random_source when (re)seeding  the  in-memory
               pseudo random number generator (PRNG) pool.
 
        tls_random_exchange_name (${config_directory}/prng_exch)
-              Name of the pseudo random number  generator  (PRNG)
+              Name  of  the pseudo random number generator (PRNG)
               state file that is maintained by tlsmgr(8).
 
        tls_random_prng_update_period (3600s)
-              The  time between attempts by tlsmgr(8) to save the
-              state of the pseudo random number generator  (PRNG)
+              The time between attempts by tlsmgr(8) to save  the
+              state  of the pseudo random number generator (PRNG)
               to    the    file    specified    with    $tls_ran-
               dom_exchange_name.
 
        tls_random_reseed_period (3600s)
-              The maximal time between attempts by  tlsmgr(8)  to
-              re-seed  the in-memory pseudo random number genera-
+              The  maximal  time between attempts by tlsmgr(8) to
+              re-seed the in-memory pseudo random number  genera-
               tor (PRNG) pool from external sources.
 
 MISCELLANEOUS CONTROLS
        config_directory (see 'postconf -d' output)
-              The default location of  the  Postfix  main.cf  and
+              The  default  location  of  the Postfix main.cf and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How  much time a Postfix daemon process may take to
-              handle a request  before  it  is  terminated  by  a
+              How much time a Postfix daemon process may take  to
+              handle  a  request  before  it  is  terminated by a
               built-in watchdog timer.
 
        process_id (read-only)
-              The  process ID of a Postfix command or daemon pro-
+              The process ID of a Postfix command or daemon  pro-
               cess.
 
        process_name (read-only)
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
               process.
 
        syslog_facility (mail)
               The syslog facility of Postfix logging.
 
        syslog_name (postfix)
-              The  mail system name that is prepended to the pro-
+              The mail system name that is prepended to the  pro-
               cess  name  in  syslog  records,  so  that  "smtpd"
               becomes, for example, "postfix/smtpd".
 
@@ -144,7 +145,7 @@ TLSMGR(8)                                               TLSMGR(8)
        TLS_README, Postfix TLS configuration and operation
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
diff --git a/postfix/makedefs b/postfix/makedefs
index c5c60467a..5aaaa9fab 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -25,11 +25,13 @@
 #	\fIinclude\fR directory.
 #	The following directives are special:
 # .RS
-# .IP "\fB-DUSE_TLS\fR (default)"
+# .IP \fB-DUSE_TLS\f
 #	Build with TLS (transport level security) support. This
 #	requires that OpenSSL is installed.
 # .IP \fB-DNO_TLS\fR
 #	Do not build with TLS support.
+# .IP \fB-DNO_IPV6\fR
+#	Do not build with IPv6 support.
 # .IP \fB-DHAS_PCRE\fR
 #	Build with PCRE (Perl-compatible regular expression) support.
 #	By default, PCRE support is enabled when the \fBpcre-config\fR
@@ -155,11 +157,11 @@ case "$SYSTEM.$RELEASE" in
 		esac
 		# Solaris 8 added IPv6
 		case $RELEASE in
-		    5.[0-7]) CCARGS="$CCARGS -DNO_IPV6";;
+		    5.[0-7]|5.[0-7].*) CCARGS="$CCARGS -DNO_IPV6";;
 		esac
 		# Solaris 9 added closefrom() and /dev/*random
 		case $RELEASE in
-		    5.[0-8]) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM";;
+		    5.[0-8]|5.[0-8].*) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM";;
 		esac
 		# Work around broken str*casecmp(). Do it all here instead
 		# of having half the solution in the sys_defs.h file.
diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1
index 80062697c..1cb0b5365 100644
--- a/postfix/man/man1/postalias.1
+++ b/postfix/man/man1/postalias.1
@@ -101,18 +101,21 @@ but it can create only the following file types:
 .RS
 .IP \fBbtree\fR
 The output is a btree file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBcdb\fR
+The output is one file named \fIfile_name\fB.cdb\fR.
+This is available on systems with support for \fBcdb\fR databases.
 .IP \fBdbm\fR
 The output consists of two files, named \fIfile_name\fB.pag\fR and
 \fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBdbm\fR databases.
+This is available on systems with support for \fBdbm\fR databases.
 .IP \fBhash\fR
 The output is a hashed file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
 .IP \fBsdbm\fR
 The output consists of two files, named \fIfile_name\fB.pag\fR and
 \fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBsdbm\fR databases.
+This is available on systems with support for \fBsdbm\fR databases.
 .PP
 When no \fIfile_type\fR is specified, the software uses the database
 type specified via the \fBdefault_database_type\fR configuration
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index 24d2114b5..6b8fe66f3 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -42,7 +42,7 @@ Postfix supports the following methods:
 .RS
 .IP \fBflock\fR
 A kernel-based advisory locking method for local files only.
-This locking method is available only on systems with a BSD
+This locking method is available on systems with a BSD
 compatible library.
 .IP \fBfcntl\fR
 A kernel-based advisory locking method for local and remote files.
@@ -53,28 +53,33 @@ The application is expected to remove its own lock file, as well as
 stale lock files that were left behind after abnormal termination.
 .RE
 .IP \fB-m\fR
-List the names of all supported lookup table types. Postfix
+List the names of all supported lookup table types. In Postfix
+configuration files,
 lookup tables are specified as \fItype\fB:\fIname\fR, where
 \fItype\fR is one of the types listed below. The table \fIname\fR
-syntax depends on the lookup table type.
+syntax depends on the lookup table type as described in the
+DATABASE_README document.
 .RS
 .IP \fBbtree\fR
 A sorted, balanced tree structure.
-This is available only on systems with support for Berkeley DB
+This is available on systems with support for Berkeley DB
 databases.
+.IP \fBcdb\fR
+A read-optimized structure with no support for incremental updates.
+This is available on systems with support for CDB databases.
 .IP \fBcidr\fR
 A table that associates values with Classless Inter-Domain Routing
 (CIDR) patterns. This is described in \fBcidr_table\fR(5).
 .IP \fBdbm\fR
 An indexed file type based on hashing.
-This is available only on systems with support for DBM databases.
+This is available on systems with support for DBM databases.
 .IP \fBenviron\fR
 The UNIX process environment array. The lookup key is the variable
 name. Originally implemented for testing, someone may find this
 useful someday.
 .IP \fBhash\fR
 An indexed file type based on hashing.
-This is available only on systems with support for Berkeley DB
+This is available on systems with support for Berkeley DB
 databases.
 .IP "\fBldap\fR (read-only)"
 Perform lookups using the LDAP protocol. This is described
@@ -97,7 +102,7 @@ A lookup table based on regular expressions. The file format is
 described in \fBregexp_table\fR(5).
 .IP \fBsdbm\fR
 An indexed file type based on hashing.
-This is available only on systems with support for SDBM databases.
+This is available on systems with support for SDBM databases.
 .IP "\fBstatic\fR (read-only)"
 A table that always returns its name as lookup result. For example,
 \fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1
index 2466df2c3..76bc922ec 100644
--- a/postfix/man/man1/postmap.1
+++ b/postfix/man/man1/postmap.1
@@ -126,18 +126,21 @@ but it can create only the following file types:
 .RS
 .IP \fBbtree\fR
 The output file is a btree file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBcdb\fR
+The output consists of one file, named \fIfile_name\fB.cdb\fR.
+This is available on systems with support for \fBcdb\fR databases.
 .IP \fBdbm\fR
 The output consists of two files, named \fIfile_name\fB.pag\fR and
 \fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBdbm\fR databases.
+This is available on systems with support for \fBdbm\fR databases.
 .IP \fBhash\fR
 The output file is a hashed file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
 .IP \fBsdbm\fR
 The output consists of two files, named \fIfile_name\fB.pag\fR and
 \fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBsdbm\fR databases.
+This is available on systems with support for \fBsdbm\fR databases.
 .PP
 When no \fIfile_type\fR is specified, the software uses the database
 type specified via the \fBdefault_database_type\fR configuration
diff --git a/postfix/man/man5/cidr_table.5 b/postfix/man/man5/cidr_table.5
index 7428a468d..b764ad515 100644
--- a/postfix/man/man5/cidr_table.5
+++ b/postfix/man/man5/cidr_table.5
@@ -36,6 +36,14 @@ use the corresponding \fIresult\fR value. Specify
 0.0.0.0/0 to match every IPv4 address, and ::/0 to match
 every IPv6 address.
 
+An IPv4 network address is a sequence of four decimal octets
+separated by ".", and an IPv6 network address is a sequence
+of three to eight hexadecimal octet pairs separated by ":".
+
+Before comparisons are made, lookup keys and table entries
+are converted from string to binary. Therefore table entries
+will be matched regardless of redundant zero characters.
+
 Note: address information may be enclosed inside "[]" but
 this form is not recommended.
 
diff --git a/postfix/man/man5/master.5 b/postfix/man/man5/master.5
index 6e251d80d..ca3ac5b1f 100644
--- a/postfix/man/man5/master.5
+++ b/postfix/man/man5/master.5
@@ -110,7 +110,8 @@ directory (pathname is controlled by the \fBqueue_directory\fR
 configuration variable in the main.cf file).
 .sp
 Chroot should not be used with the \fBlocal\fR(8),
-\fBpipe\fR(8) and \fBspawn\fR(8) daemons.  Although the
+\fBpipe\fR(8), \fBspawn\fR(8), and virtual(8) daemons.
+Although the
 \fBproxymap\fR(8) server can run chrooted, doing so defeats
 most of the purpose of having that service in the first
 place.
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 63395ec11..548b89e9b 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1090,6 +1090,21 @@ The fallback relays must be SMTP destinations. Specify a domain,
 host, host:port, [host]:port, [address] or [address]:port; the form
 [host] turns off MX lookups.  If you specify multiple SMTP
 destinations, Postfix will try them in the specified order.
+.PP
+NOTE: Do not use the fallback_relay feature when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable.
+.IP \(bu
+In main.cf specify "relay_transport = relay",
+.IP \(bu
+In master.cf specify "-o fallback_relay =" at the
+end of the relay entry.
+.IP \(bu
+In transport maps, specify "relay:\fInexthop...\fR"
+as the right-hand side for backup or primary MX domain entries.
+.PP
+These are default settings in Postfix version 2.2 and later.
 .SH fallback_transport (default: empty)
 Optional message delivery transport that the local(8) delivery
 agent should use for names that are not found in the aliases(5)
@@ -1634,42 +1649,52 @@ the entry in the master.cf file.
 Setting this parameter to a value > 1 changes the meaning of
 local_destination_concurrency_limit from concurrency per recipient
 into concurrency per domain.
-.SH local_header_rewrite_clients (default: see "postconf -d" output)
+.SH local_header_rewrite_clients (default: permit_inet_interfaces)
 Append the domain name in $myorigin or $mydomain to message
 header addresses from these clients only; either don't rewrite
 message headers from other clients at all, or append the domain
 specified with the remote_header_rewrite_domain parameter.
 .PP
+See the append_at_myorigin and append_dot_mydomain parameters
+for details of how domain names are appended to incomplete addresses.
+.PP
 Specify a list of zero or more of the following:
+.IP "\fB permit_inet_interfaces \fR"
+Append the domain name in $myorigin or $mydomain when the
+client IP address matches $inet_interfaces. This is enabled by
+default.
 .IP "\fB permit_mynetworks \fR"
 Append the domain name in $myorigin or $mydomain when the
 client IP address matches any network or network address listed in
-$mynetworks. This is enabled by default.
+$mynetworks. This setting will not prevent remote mail header
+address rewriting when mail from a remote client is forwarded by
+a neighboring system.
 .IP "\fB permit_sasl_authenticated \fR"
 Append the domain name in $myorigin or $mydomain when the
 client is successfully authenticated via the RFC 2554 (AUTH)
-protocol. This is enabled by default.
+protocol.
 .IP "\fB permit_tls_clientcerts \fR"
 Append the domain name in $myorigin or $mydomain when the
 client TLS certificate is successfully verified, and the client
-certificate fingerprint is listed in $relay_clientcerts. This is
-enabled by default.
+certificate fingerprint is listed in $relay_clientcerts.
 .IP "\fB permit_tls_all_clientcerts \fR"
 Append the domain name in $myorigin or $mydomain when the
 client TLS certificate is successfully verified, regardless of
 whether it is listed on the server, and regardless of the certifying
 authority.
-.IP "\fB check_address_map \fItype:table\fR \fR"
+.IP "\fB check_address_map \fItype:table\fR \fR"
 .IP "\fB \fItype:table\fR \fR"
 Append the domain name in $myorigin or $mydomain when the
-client IP address matches the specified lookup table. The lookup
-result is ignored, and no subnet lookup is done. This is suitable
-for pop-before-smtp lookup tables.
+client IP address matches the specified lookup table.
+The lookup result is ignored, and no subnet lookup is done. This
+is suitable for, e.g., pop-before-smtp lookup tables.
 .PP
 Examples:
 .PP
-The backwards compatible setting: always rewrite message headers,
-and always append my own domain to incomplete header addresses.
+The Postfix < 2.2 backwards compatible setting: always rewrite
+message headers, and always append my own domain to incomplete
+header addresses.
 .PP
 .nf
 .na
@@ -1679,33 +1704,24 @@ and always append my own domain to incomplete header addresses.
 .ad
 .ft R
 .PP
-The purist setting: rewrite headers only in mail from Postfix
-sendmail and in SMTP mail from this machine.
+The purist (and default) setting: rewrite headers only in mail
+from Postfix sendmail and in SMTP mail from this machine.
 .PP
 .nf
 .na
 .ft C
-    mynetworks_style = host
-    local_header_rewrite_clients = permit_mynetworks
+    local_header_rewrite_clients = permit_inet_interfaces
 .fi
 .ad
 .ft R
 .PP
-The default setting: rewrite headers and append my own domain
-only with mail from Postfix sendmail and from local or authorized
-SMTP clients.
-.PP
-.nf
-.na
-.ft C
-    local_header_rewrite_clients = permit_mynetworks,
-        permit_sasl_authenticated permit_tls_clientcerts
-.fi
-.ad
-.ft R
+The intermediate setting: rewrite header addresses and append
+$myorigin or $mydomain information only with mail from Postfix
+sendmail, from local clients, or from authorized SMTP clients.
 .PP
-The ISP setting: include clients that are pop-before-smtp
-authenticated.
+NOTE: This setting will not prevent remote mail header address
+rewriting when mail from a remote client is forwarded by a neighboring
+system.
 .PP
 .nf
 .na
@@ -3615,9 +3631,7 @@ side specify one of the following keywords:
 Don't use TLS at all.
 .IP "MAY"
 Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if
-TLS is already enabled via main.cf, so that the client TLS engine
-is properly initialized at program startup.
+the unencrypted connection.
 .IP "MUST"
 Require usage of STARTTLS, require that the
 remote SMTP server hostname matches the information in the remote
@@ -3888,6 +3902,9 @@ client network address information.
 Search the specified access database for the client hostname,
 parent domains, client IP address, or networks obtained by stripping
 least significant octets. See the access(5) manual page for details.
+.IP "\fBpermit_inet_interfaces\fR"
+Permit the request when the client IP address matches
+$inet_interfaces.
 .IP "\fBpermit_mynetworks\fR"
 Permit the request when the client IP address matches any
 network or network address listed in  $mynetworks.
@@ -5171,6 +5188,9 @@ source.  If this source is not a regular file, the entropy source
 type must be prepended:  egd:/path/to/egd_socket for a source with
 EGD compatible socket interface, or dev:/path/to/device for a
 device file.
+.PP
+Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
+gives timeout errors.
 .SH trace_service_name (default: trace)
 The name of the trace(8) service. This service maintains a record
 of mail deliveries and produces a mail delivery report when verbose
diff --git a/postfix/man/man8/proxymap.8 b/postfix/man/man8/proxymap.8
index ab8c99b79..5628d6cc3 100644
--- a/postfix/man/man8/proxymap.8
+++ b/postfix/man/man8/proxymap.8
@@ -80,6 +80,11 @@ usability, because it can open only chrooted tables.
 The proxymap server is not a trusted daemon process, and must
 not be used to look up sensitive information such as user or
 group IDs, mailbox file/directory names or external commands.
+
+In Postfix version 2.2 and later, the proxymap client recognizes
+requests to access a table for security-sensitive purposes,
+and opens the table directly. This allows the same main.cf
+setting to be used by sensitive and non-sensitive processes.
 .SH DIAGNOSTICS
 .ad
 .fi
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 774cbd412..d860efe5d 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -126,7 +126,7 @@ Enable or disable recipient validation, built-in content
 filtering, or address mapping.
 .PP
 Available in Postfix version 2.2 and later:
-.IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
+.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
 Append the domain name in $myorigin or $mydomain to message
 header addresses from these clients only; either don't rewrite
 message headers from other clients at all, or append the domain
diff --git a/postfix/man/man8/tlsmgr.8 b/postfix/man/man8/tlsmgr.8
index e475a2a96..331b08916 100644
--- a/postfix/man/man8/tlsmgr.8
+++ b/postfix/man/man8/tlsmgr.8
@@ -12,16 +12,16 @@ Postfix TLS session cache and PRNG manager
 .SH DESCRIPTION
 .ad
 .fi
-The tlsmgr(8) maintains the TLS session caches for Postfix
-SMTP client and server processes.  It periodically removes
-entries that have expired, and entries that are no longer
-compatible with the currently running Postfix version.
+The tlsmgr(8) manages the TLS session caches for Postfix
+SMTP client and server processes.  It stores and retrieves
+cache entries on request by smtpd(8) and smtp(8) processes,
+and periodically removes entries that have expired.
 
-The tlsmgr(8) also maintains the PRNG (pseudo random number
-generator) pool. This is queried by the smtpd(8) and smtp(8)
+The tlsmgr(8) also manages the PRNG (pseudo random number
+generator) pool. It answers queries by the smtpd(8) and smtp(8)
 processes to seed their internal PRNG pools.
 
-The tlsmgr(8)'s internal PRNG pool is initially seeded from
+The tlsmgr(8)'s PRNG pool is initially seeded from
 an external source (EGD, /dev/urandom, or regular file).
 It is updated at configurable pseudo-random intervals with
 data from the external source. It is updated periodically
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index dca9e60ed..1d33914c6 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -595,6 +595,7 @@ while (<>) {
     # Access restrictions - client
 
     s;\bcheck_client_access\b;$&;g;
+    s;\bpermit_inet_interfaces\b;$&;g;
     s;\bpermit_mynetworks\b;$&;g;
     s;\bpermit_sasl_authenticated\b;$&;g;
     s;\bpermit_tls_clientcerts\b;$&;g;
diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html
index 4a0dc865a..3453b933d 100644
--- a/postfix/proto/ADDRESS_REWRITING_README.html
+++ b/postfix/proto/ADDRESS_REWRITING_README.html
@@ -63,7 +63,7 @@ tables. 
    
 
 
 
-
      To rewrite or not to rewrite, or to label
+
      To rewrite message headers or not, or to label
 as invalid  
    
 
 
     Postfix versions 2.1 and earlier always rewrite message header
-addresses, and append Postfix's own domain information to incomplete
-addresses.  While rewriting message headers is OK for mail with a
-local origin, it is undesirable for remote mail: 
    
+addresses, and append Postfix's own domain information to addresses
+that Postfix considers incomplete.  While rewriting message header
+addresses is OK for mail with a local origin, it is undesirable
+for remote mail: 
    
 
 
      
 
-
    •  Header mangling is frowned upon by mail standards,
+
    •  Message header address rewriting is frowned upon by mail standards,
 
-
    •  Appending Postfix's own domain information produces incorrect
-results with remote incomplete addresses,
+
    •  Appending Postfix's own domain produces incorrect results with
+some incomplete addresses,
 
-
    •  Appending Postfix's own domain information sometimes creates
-the appearance that spam is sent by local users.
+
    •  Appending Postfix's own domain sometimes creates the appearance
+that spam is sent by local users.
 
 
    
 
@@ -133,21 +134,24 @@ how it works:  
    
 
 
      
 
-
    •  Postfix does not rewrite message headers from remote SMTP
-clients at all when the remote_header_rewrite_domain parameter
-value is empty.
+
    •  Postfix always rewrites message header addresses from local
+SMTP clients, and from the Postfix sendmail command.  The
+local_header_rewrite_clients parameter controls what SMTP clients
+Postfix considers local (by default, only local network interface
+addresses).
 
-
    •  Otherwise, Postfix appends the specified domain name to
-incomplete addresses in message headers from remote SMTP clients.
-This feature can be used to append a reserved domain such as
-"domain.invalid", so that incomplete addresses cannot be mistaken
+
    •  Postfix never rewrites message header addresses from remote
+SMTP clients when the remote_header_rewrite_domain parameter value
+is empty (the default setting).
+
+
    •  Otherwise, Postfix appends the remote_header_rewrite_domain
+value to incomplete message header addresses from remote SMTP
+clients.  This feature can be used to append a reserved domain such
+as "domain.invalid", so that incomplete addresses cannot be mistaken
 for local addresses.
 
 
    
 
-
     The local_header_rewrite_clients parameter controls what SMTP
-clients Postfix considers local instead of remote. 
    
-
 
      Postfix address rewriting overview  
    
 
 
     The figure below zooms in on those parts of Postfix that are most
diff --git a/postfix/proto/DEBUG_README.html b/postfix/proto/DEBUG_README.html
index 803e71072..84ce6db06 100644
--- a/postfix/proto/DEBUG_README.html
+++ b/postfix/proto/DEBUG_README.html
@@ -499,7 +499,9 @@ document to find out where logging is stored. Please do not frustrate
 the helpers by word wrapping the logging. 
    
 
 
  •  
     Output from "postconf -n". Please do not send your main.cf
-file.  Or better, provide output from the "postfinger" tool.  
    
+file.  Or better, provide output from the "postfinger" tool. This
+tool is bundled with Postfix 2.2 and later source code, and can be
+found at http://ftp.wl0.org/SOURCES/postfinger.  
    
 
 
  •  
     If the problem is about too much mail in the queue, consider
 including output from the qshape tool, as described in the
diff --git a/postfix/proto/OVERVIEW.html b/postfix/proto/OVERVIEW.html
index 64e12f11a..7429f6ece 100644
--- a/postfix/proto/OVERVIEW.html
+++ b/postfix/proto/OVERVIEW.html
@@ -445,7 +445,8 @@ postfix-script(1)  
 
 
 
-
  •  
     The anvil(8) server implements client connection and rate
+
  •  
     The anvil(8) server implements client connection and
+request rate
 limiting for all smtpd(8) servers.  The TUNING_README document
 provides guidance for dealing with mis-behaving SMTP clients. The
 anvil(8) service is not included with Postfix version 2.1 or earlier.
@@ -538,22 +539,26 @@ table among multiple processes. 
    
 
 
  •  
     The scache(8) server maintains the connection cache for
 the Postfix smtp(8) client. When connection caching is enabled for
-selected
-destinations, the smtp(8) client does not disconnect immediately
-after a mail transaction, but gives the connection to the connection
-cache server.  The smtp(8) client continues with some other mail
-delivery request. Meanwhile, the connection cache server keeps the
-connection open for a limited amount of time.  During that time,
-any smtp(8) process can ask the scache(8) server for that cached
-connection and use it for mail delivery.  
    
+selected destinations, the smtp(8) client does not disconnect
+immediately after a mail transaction, but gives the connection to
+the connection cache server which keeps the connection open for a
+limited amount of time.  The smtp(8) client continues with some
+other mail delivery request. Meanwhile, any smtp(8) process can
+ask the scache(8) server for that cached connection and reuse it
+for mail delivery. As a safety measure, Postfix limits the number
+of times that a connection may be reused.  
    
+
+
     When delivering mail to a destination with multiple mail servers,
+connection caching can help to skip over a non-responding server,
+and thus dramatically speed up delivery.  
    
 
 
 
-
+
       
     smtp(8) 
    		   ->     
     scache(8) 
           		   ->
-    
     smtp(8)
-
       
      
     smtp(8) 
    		   <->    
     scache(8) 
           		  
+<->    
    
+smtp(8) 
           		
 
 
    
 
@@ -579,6 +584,53 @@ with the client connected via socket or FIFO to the command's
 standard input, output and error streams. You can find examples of
 its use in the SMTPD_POLICY_README document.  
    
 
+
  •  
     The tlsmgr(8) server runs when TLS (Transport Layer
+Security, formerly known as SSL) is turned on in the Postfix smtp(8)
+client or smtpd(8) server. This process has two duties: 
    
+
+
      
+
+
    •  
       Maintain the pseudo-random number generator (PRNG) that
+is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8)
+server processes.  The state of this PRNG is saved periodically to
+a file, and is read when tlsmgr(8) starts up. 
      
+
+
    •  
       Maintain the optional Postfix smtp(8) client or smtpd(8)
+server caches with TLS session keys. Saved keys can improve
+performance by reducing the amount of computation at the start of
+a TLS session. 
      
+
+
    
+
+
     TLS support is available in Postfix version 2.2 and later.
+Information about the Postfix TLS implementation is in the TLS_README
+document. 
    
+
+
+
+
+
+
+
+
+
+
+
+
     Network->    
     smtpd(8) 
           		 
+ <---seed---

    <-session->          		  
     tlsmgr(8) 
           		  ---seed--->
     
    <-session->
+         		  
     smtp(8) 
    		   ->Network  
        
     
     
+  /  
     
      /    
     
    
+    		  |
     |    		  
+
+
      \    
     
        \ 
     
         		   
       
+smtpd
     session
     cache     		    PRNG
     state 
    file     		    smtp
     session
     cache     		  
    
+
+
 
  •  
     The verify(8) server verifies that a sender or recipient
 address is deliverable before the smtpd(8) server accepts it.  The
 verify(8) server injects probe messages into the Postfix queue and
diff --git a/postfix/proto/PCRE_README.html b/postfix/proto/PCRE_README.html
index 2e5adec65..e00af3ed2 100644
--- a/postfix/proto/PCRE_README.html
+++ b/postfix/proto/PCRE_README.html
@@ -61,7 +61,7 @@ make -f Makefile.init makefiles \
    • -

    Solaris may need run-time path information:

    +

    Solaris needs run-time path information too: 

    diff --git a/postfix/proto/STANDARD_CONFIGURATION_README.html b/postfix/proto/STANDARD_CONFIGURATION_README.html
index c3999645e..c06e37764 100644
--- a/postfix/proto/STANDARD_CONFIGURATION_README.html
+++ b/postfix/proto/STANDARD_CONFIGURATION_README.html
@@ -577,8 +577,28 @@ table. 
    
 dbm files instead of db files. To find out what lookup
 tables Postfix supports, use the command "postconf -m". 
    
 
-
     Execute the command "postmap /etc/postfix/transport" whenever
-you change the transport table. 
    
+
     Execute the command "postmap /etc/postfix/transport"
+whenever you change the transport table. 
    
+
+
     NOTE: Do not use the fallback_relay feature when relaying mail 
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable. 
    
+ 
+
      
+
+
    •  In main.cf specify "relay_transport = relay",
+
+
    •  In master.cf specify "-o fallback_relay =" at the    
+end of the relay entry.
+
+
    •  In transport maps, specify "relay:nexthop..."
+as the right-hand side for backup or primary MX domain entries.
+
+
    
+
+
     These are default settings in Postfix version 2.2 and later.
+
    
 
 
    Postfix on a dialup machine
    
 
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index c29e8e9e5..395ea4e6a 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -27,13 +27,63 @@ code.  Assuming that OpenSSL is written as carefully as Wietse's
 own code, every 1000 lines introduce one additional bug into
 Postfix.  
    
 
-
     Purpose of this document 
    
+
     Introduction 
    
 
-
     This document describes how to build Postfix with Transport
-Layer Security (TLS) support in the Postfix SMTP client and Postfix
-SMTP server, and how to configure the TLS manager daemon that
-maintains the Pseudo Random Number Generator (PRNG) pool and the
-TLS session cache information. 
    
+
     This document requires Postfix version 2.2 or later. 
    
+
+
     Postfix may be built with Transport Layer Security (TLS, formerly
+called SSL) protocol support as described in RFC 3207. This provides
+certificate-based authentication, and encrypted sessions.  An
+encrypted session protects the information that is transmitted with
+SMTP mail or with SASL authentication.  The main elements of the
+Postfix TLS architecture are:  
    
+
+
      
+
+
    •  
       The smtpd(8) server implements the SMTP over TLS server
+side. 
      
+
+
    •  
       The smtp(8) client implements the SMTP over TLS client
+side. 
      
+
+
    •  
       The tlsmgr(8) server maintains the pseudo-random number
+generator (PRNG) that seeds the TLS engines in the smtpd(8) server
+and smtp(8) client processes, and maintains the TLS session cache
+files with TLS session keys. 
      
+
+
    
+
+
     The following diagram shows the relationship between these
+architecture elements. 
    
+
+
+
+
+
+
+
+
+
+
+
+
+
     Network->    
     smtpd(8) 
           		 
+
+ <---seed---

    <-session->          		  
     tlsmgr(8) 
           		  ---seed--->
     
    <-session->
+
+         		  
     smtp(8) 
    		   ->Network  
        
     
     
+
+  /  
     
      /    
     
    
+    		  |
     |    		  
+
+
+
      \    
     
        \ 
     
         		   
       
+smtpd
     session
     cache     		    PRNG
     state 
    file     		    smtp
     session
     cache     		  
    
 
 
     Topics covered in this document: 
    
 
@@ -67,7 +117,7 @@ TLS session cache information. 
    
 
 
     To build Postfix with TLS support, first we need to generate
 the make(1) files with the necessary definitions. This is
-done by invoking the command "make makefiles in the Postfix
+done by invoking the command "make makefiles" in the Postfix
 top-level directory and with arguments as shown next. 
    
 
 
      
@@ -97,6 +147,16 @@ are in directory /usr/local/lib:
    +

    On Solaris, specify the -R option as shown below: + +

    +
    +% make tidy # if you have left-over files from a previous build
+% make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+    AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" 
+
    +
    +

    If you need to apply other customizations (such as Berkeley DB @@ -973,9 +1033,7 @@ specify one of the following keywords:

    NONE
    Don't use TLS at all.
    MAY
    Try to use STARTTLS if offered, otherwise use -the unencrypted connection. NOTE: STARTTLS can be used only if TLS -is already enabled via main.cf, so that the client TLS engine is -properly initialized at program startup.
    +the unencrypted connection.
    MUST
    Require usage of STARTTLS, require that the remote SMTP server hostname matches the information in the remote @@ -1124,7 +1182,9 @@ session key.

    In order to feed its in-memory PRNG pool, the tlsmgr(8) reads entropy from an external source, both at startup and during run-time. Specify a good entropy source, like EGD or /dev/urandom; be sure -to only use non-blocking sources. If the entropy source is not a +to only use non-blocking sources (on OpenBSD, use /dev/arandom +when tlsmgr(8) complains about /dev/urandom timeout errors). +If the entropy source is not a regular file, you must prepend the source type to the source name: "dev:" for a device special file, or "egd:" for a source with EGD compatible socket interface.

    diff --git a/postfix/proto/TUNING_README.html b/postfix/proto/TUNING_README.html index cba1e046d..43eb87784 100644 --- a/postfix/proto/TUNING_README.html +++ b/postfix/proto/TUNING_README.html @@ -284,7 +284,7 @@ across the upstream network link.

  • Reduce the smtp_connect_timeout and smtp_helo_timeout values so that Postfix does not waste lots of time connecting -to non-responding smtpd(8) servers.

    +to non-responding remote SMTP servers.

  • Use a dedicated mail delivery transport for problematic destinations, with reduced timeouts and with adjusted concurrency. diff --git a/postfix/proto/XFORWARD_README.html b/postfix/proto/XFORWARD_README.html index a748447fa..f8b14793f 100644 --- a/postfix/proto/XFORWARD_README.html +++ b/postfix/proto/XFORWARD_README.html @@ -96,10 +96,12 @@ names are shown in upper case, they are in fact case insensitive.

  • The SOURCE attribute specifies LOCAL when the message was received from a source that is local with respect to the - up-stream host, REMOTE for mail from a remote source, or - [UNAVAILABLE] when the information is unavailable. The down-stream - MTA may decide to enable header munging and address qualification - with mail from local sources.

    + up-stream host (for example, the message originated from the + up-stream host itself), REMOTE for all other mail, or [UNAVAILABLE] + when the information is unavailable. The down-stream MTA may + decide to enable features such as header munging or address + qualification with mail from local sources but not other sources. +

    diff --git a/postfix/proto/cidr_table b/postfix/proto/cidr_table index 50e3a1e38..7e9cef1a9 100644 --- a/postfix/proto/cidr_table +++ b/postfix/proto/cidr_table @@ -9,8 +9,8 @@ # \fBpostmap -q - cidr:/etc/postfix/\fIfilename\fR <\fIinputfile\fR # DESCRIPTION # The Postfix mail system uses optional lookup tables. -# These tables are usually in \fBdbm\fR or \fBdb\fR format. -# Alternatively, lookup tables can be specified in CIDR +# These tables are usually in \fBdbm\fR or \fBdb\fR format. +# Alternatively, lookup tables can be specified in CIDR # (Classless Inter-Domain Routing) form. # # To find out what types of lookup tables your Postfix system @@ -28,6 +28,14 @@ # 0.0.0.0/0 to match every IPv4 address, and ::/0 to match # every IPv6 address. # +# An IPv4 network address is a sequence of four decimal octets +# separated by ".", and an IPv6 network address is a sequence +# of three to eight hexadecimal octet pairs separated by ":". +# +# Before comparisons are made, lookup keys and table entries +# are converted from string to binary. Therefore table entries +# will be matched regardless of redundant zero characters. +# # Note: address information may be enclosed inside "[]" but # this form is not recommended. # diff --git a/postfix/proto/master b/postfix/proto/master index b317c718f..2ea8235ba 100644 --- a/postfix/proto/master +++ b/postfix/proto/master @@ -104,7 +104,8 @@ # configuration variable in the main.cf file). # .sp # Chroot should not be used with the \fBlocal\fR(8), -# \fBpipe\fR(8) and \fBspawn\fR(8) daemons. Although the +# \fBpipe\fR(8), \fBspawn\fR(8), and virtual(8) daemons. +# Although the # \fBproxymap\fR(8) server can run chrooted, doing so defeats # most of the purpose of having that service in the first # place. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 2fb5fcb45..61b2edb1b 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -1163,11 +1163,29 @@ By default, mail is returned to the sender when a destination is not found, and delivery is deferred if a destination is unreachable.

    -

    -The fallback relays must be SMTP destinations. Specify a domain, +

    The fallback relays must be SMTP destinations. Specify a domain, host, host:port, [host]:port, [address] or [address]:port; the form [host] turns off MX lookups. If you specify multiple SMTP -destinations, Postfix will try them in the specified order. +destinations, Postfix will try them in the specified order.

    + +

    NOTE: Do not use the fallback_relay feature when relaying mail +for a backup or primary MX domain. Mail would loop between the +Postfix MX host and the fallback_relay host when the final destination +is unavailable.

    + +
      + +
    • In main.cf specify "relay_transport = relay", + +
    • In master.cf specify "-o fallback_relay =" at the +end of the relay entry. + +
    • In transport maps, specify "relay:nexthop..." +as the right-hand side for backup or primary MX domain entries. + +
    + +

    These are default settings in Postfix version 2.2 and later.

    %PARAM fast_flush_domains $relay_domains @@ -4284,6 +4302,11 @@ client network address information. parent domains, client IP address, or networks obtained by stripping least significant octets. See the access(5) manual page for details.
    • +
    permit_inet_interfaces
    + +
    Permit the request when the client IP address matches +$inet_interfaces.
    +
    permit_mynetworks
    Permit the request when the client IP address matches any @@ -7481,35 +7504,46 @@ clients at all.

    remote_header_rewrite_domain = -%PARAM local_header_rewrite_clients see "postconf -d" output +%PARAM local_header_rewrite_clients permit_inet_interfaces

    Append the domain name in $myorigin or $mydomain to message header addresses from these clients only; either don't rewrite message headers from other clients at all, or append the domain specified with the remote_header_rewrite_domain parameter.

    +

    See the append_at_myorigin and append_dot_mydomain parameters +for details of how domain names are appended to incomplete addresses. +

    +

    Specify a list of zero or more of the following:

    +
    permit_inet_interfaces
    + +
    Append the domain name in $myorigin or $mydomain when the +client IP address matches $inet_interfaces. This is enabled by +default.
    +
    permit_mynetworks
    Append the domain name in $myorigin or $mydomain when the client IP address matches any network or network address listed in -$mynetworks. This is enabled by default.
    +$mynetworks. This setting will not prevent remote mail header +address rewriting when mail from a remote client is forwarded by +a neighboring system.

    permit_sasl_authenticated
    Append the domain name in $myorigin or $mydomain when the client is successfully authenticated via the RFC 2554 (AUTH) -protocol. This is enabled by default.
    +protocol.
    permit_tls_clientcerts
    Append the domain name in $myorigin or $mydomain when the client TLS certificate is successfully verified, and the client -certificate fingerprint is listed in $relay_clientcerts. This is -enabled by default.
    +certificate fingerprint is listed in $relay_clientcerts.
    permit_tls_all_clientcerts
    @@ -7518,45 +7552,42 @@ client TLS certificate is successfully verified, regardless of whether it is listed on the server, and regardless of the certifying authority. -
    check_address_map type:table
    +
    check_address_map type:table
    type:table
    Append the domain name in $myorigin or $mydomain when the -client IP address matches the specified lookup table. The lookup -result is ignored, and no subnet lookup is done. This is suitable -for pop-before-smtp lookup tables.
    +client IP address matches the specified lookup table. +The lookup result is ignored, and no subnet lookup is done. This +is suitable for, e.g., pop-before-smtp lookup tables.

    Examples:

    -

    The backwards compatible setting: always rewrite message headers, -and always append my own domain to incomplete header addresses.

    +

    The Postfix < 2.2 backwards compatible setting: always rewrite +message headers, and always append my own domain to incomplete +header addresses. 

     
     local_header_rewrite_clients = static:all
    -

    The purist setting: rewrite headers only in mail from Postfix -sendmail and in SMTP mail from this machine.

    +

    The purist (and default) setting: rewrite headers only in mail +from Postfix sendmail and in SMTP mail from this machine. 

    -    mynetworks_style = host
-    local_header_rewrite_clients = permit_mynetworks
+    local_header_rewrite_clients = permit_inet_interfaces
    -

    The default setting: rewrite headers and append my own domain -only with mail from Postfix sendmail and from local or authorized -SMTP clients.

    +

    The intermediate setting: rewrite header addresses and append +$myorigin or $mydomain information only with mail from Postfix +sendmail, from local clients, or from authorized SMTP clients.

    -
    -    local_header_rewrite_clients = permit_mynetworks, 
-        permit_sasl_authenticated permit_tls_clientcerts
-
    - -

    The ISP setting: include clients that are pop-before-smtp -authenticated.

    +

    NOTE: This setting will not prevent remote mail header address +rewriting when mail from a remote client is forwarded by a neighboring +system. 

         local_header_rewrite_clients = permit_mynetworks, 
@@ -8042,9 +8073,7 @@ side specify one of the following keywords:  
    
 
     NONE 
     
    Don't use TLS at all. 
    
 
 
     MAY 
     
    Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if
-TLS is already enabled via main.cf, so that the client TLS engine
-is properly initialized at program startup. 
    
+the unencrypted connection. 
 
 
     MUST 
     
    Require usage of STARTTLS, require that the
 remote SMTP server hostname matches the information in the remote
@@ -8137,6 +8166,9 @@ type must be prepended:  egd:/path/to/egd_socket for a source with
 EGD compatible socket interface, or dev:/path/to/device for a
 device file.  
    
 
+
     Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
+gives timeout errors.  
    
+
 %PARAM tls_random_bytes 32
 
 
     The number of bytes that tlsmgr(8) reads from $tls_random_source
diff --git a/postfix/src/dns/test_dns_lookup.c b/postfix/src/dns/test_dns_lookup.c
index 8d32387e8..a5388f009 100644
--- a/postfix/src/dns/test_dns_lookup.c
+++ b/postfix/src/dns/test_dns_lookup.c
@@ -33,6 +33,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 /* Application-specific. */
 
@@ -77,26 +79,35 @@ static void print_rr(DNS_RR *rr)
 
 int     main(int argc, char **argv)
 {
-    int     type;
+    ARGV   *types_argv;
+    int    *types;
     char   *name;
     VSTRING *fqdn = vstring_alloc(100);
     VSTRING *why = vstring_alloc(100);
     DNS_RR *rr;
+    int     i;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
     if (argc != 3)
-	msg_fatal("usage: %s type name", argv[0]);
-    if ((type = dns_type(argv[1])) == 0)
-	msg_fatal("invalid query type: %s", argv[1]);
+	msg_fatal("usage: %s types name", argv[0]);
+    types_argv = argv_split(argv[1], ", \t\r\n");
+    types = (int *) mymalloc(sizeof(*types) * (types_argv->argc + 1));
+    for (i = 0; i < types_argv->argc; i++)
+	if ((types[i] = dns_type(types_argv->argv[i])) == 0)
+	    msg_fatal("invalid query type: %s", types_argv->argv[i]);
+    types[i] = 0;
+    argv_free(types_argv);
     name = argv[2];
     msg_verbose = 1;
-    switch (dns_lookup_l(name, RES_DEFNAMES | RES_DEBUG, &rr, fqdn, why,
-			 DNS_REQ_FLAG_ALL, type, 0)) {
+    switch (dns_lookup_v(name, RES_DEFNAMES | RES_DEBUG, &rr, fqdn, why,
+			 DNS_REQ_FLAG_ALL, types)) {
     default:
 	msg_fatal("%s", vstring_str(why));
     case DNS_OK:
 	printf("%s: fqdn: %s\n", name, vstring_str(fqdn));
 	print_rr(rr);
+	dns_rr_free(rr);
     }
+    myfree((char *) types);
     exit(0);
 }
diff --git a/postfix/src/global/input_transp.c b/postfix/src/global/input_transp.c
index 54742ab64..426ba2203 100644
--- a/postfix/src/global/input_transp.c
+++ b/postfix/src/global/input_transp.c
@@ -9,6 +9,10 @@
 /*	int	input_transp_mask(param_name, pattern)
 /*	const char *param_name;
 /*	const char *pattern;
+/*
+/*	int	input_transp_cleanup(cleanup_flags, transp_mask)
+/*	int	cleanup_flags; 
+/*	int	transp_mask;
 /* DESCRIPTION
 /*	This module controls how much processing happens before mail is
 /*	written to the Postfix queue. Each transparency option is either
@@ -27,6 +31,10 @@
 /*	address masquerading, and automatic BCC recipients.
 /* .IP "no_header_body_checkss (INPUT_TRANSP_HEADER_BODY)
 /*	Disable header/body_checks.
+/*
+/*	input_transp_cleanup() takes a bunch of cleanup processing
+/*	flags and updates them according to the settings in the
+/*	specified input transparency mask.
 /* DIAGNOSTICS
 /*	Panic: inappropriate use.
 /* LICENSE
@@ -51,6 +59,7 @@
 /* Global library. */
 
 #include 
+#include 
 #include 
 
 /* input_transp_mask - compute mail receive transparency mask */
@@ -60,9 +69,20 @@ int     input_transp_mask(const char *param_name, const char *pattern)
     static NAME_MASK table[] = {
 	"no_unknown_recipient_checks", INPUT_TRANSP_UNKNOWN_RCPT,
 	"no_address_mappings", INPUT_TRANSP_ADDRESS_MAPPING,
- 	"no_header_body_checks", INPUT_TRANSP_HEADER_BODY,
+	"no_header_body_checks", INPUT_TRANSP_HEADER_BODY,
 	0,
     };
 
     return (name_mask(param_name, table, pattern));
 }
+
+/* input_transp_cleanup - adjust cleanup options */
+
+int     input_transp_cleanup(int cleanup_flags, int transp_mask)
+{
+    if (transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
+	cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
+    if (transp_mask & INPUT_TRANSP_HEADER_BODY)
+	cleanup_flags &= ~CLEANUP_FLAG_FILTER;
+    return (cleanup_flags);
+}
diff --git a/postfix/src/global/input_transp.h b/postfix/src/global/input_transp.h
index 48d5d6390..e324d4422 100644
--- a/postfix/src/global/input_transp.h
+++ b/postfix/src/global/input_transp.h
@@ -19,6 +19,7 @@
 #define INPUT_TRANSP_HEADER_BODY	(1<<2)
 
 extern int input_transp_mask(const char *, const char *);
+extern int input_transp_cleanup(int, int);
 
 /* LICENSE
 /* .ad
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 170ddfbc5..9b2bdfdde 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -1579,6 +1579,8 @@ extern int var_defer_code;
 #define DEF_UNK_CLIENT_CODE	450
 extern int var_unk_client_code;
 
+#define PERMIT_INET_INTERFACES	"permit_inet_interfaces"
+
 #define PERMIT_MYNETWORKS	"permit_mynetworks"
 
 #define PERMIT_NAKED_IP_ADDR	"permit_naked_ip_address"
@@ -2315,12 +2317,7 @@ extern char *var_remote_rwr_domain;
 #define CHECK_ADDR_MAP			"check_address_map"
 
 #define VAR_LOC_RWR_CLIENTS		"local_header_rewrite_clients"
-#ifdef USE_TLS
-#define DEF_LOC_RWR_CLIENTS		PERMIT_MYNETWORKS " " PERMIT_SASL_AUTH \
-					" " PERMIT_TLS_CLIENTCERTS
-#else
-#define DEF_LOC_RWR_CLIENTS		PERMIT_MYNETWORKS " " PERMIT_SASL_AUTH
-#endif
+#define DEF_LOC_RWR_CLIENTS		PERMIT_INET_INTERFACES
 extern char *var_local_rwr_clients;
 
  /*
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 8d5651d90..d69fd6ef3 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only.
   */
-#define MAIL_RELEASE_DATE	"20050119"
+#define MAIL_RELEASE_DATE	"20050131"
 #define MAIL_VERSION_NUMBER	"2.2"
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/local/command.c b/postfix/src/local/command.c
index 8241ff0ac..7d7ea4e50 100644
--- a/postfix/src/local/command.c
+++ b/postfix/src/local/command.c
@@ -106,7 +106,8 @@ int     deliver_command(LOCAL_STATE state, USER_ATTR usr_attr, const char *comma
      * 
      * Skip this command if it was already delivered to as this user.
      */
-    if (been_here(state.dup_filter, "command %ld %s", (long) usr_attr.uid, command))
+    if (been_here(state.dup_filter, "command %s:%ld %s",
+		  state.msg_attr.user, (long) usr_attr.uid, command))
 	return (0);
 
     /*
diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c
index 086f502be..86337b919 100644
--- a/postfix/src/local/local.c
+++ b/postfix/src/local/local.c
@@ -841,5 +841,6 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_PRE_INIT, pre_init,
 		       MAIL_SERVER_POST_INIT, post_init,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
+		       MAIL_SERVER_PRIVILEGED,
 		       0);
 }
diff --git a/postfix/src/master/mail_server.h b/postfix/src/master/mail_server.h
index 4800cbc32..1c69877b1 100644
--- a/postfix/src/master/mail_server.h
+++ b/postfix/src/master/mail_server.h
@@ -30,6 +30,7 @@
 #define MAIL_SERVER_SOLITARY	15
 #define MAIL_SERVER_UNLIMITED	16
 #define MAIL_SERVER_PRE_DISCONN	17
+#define MAIL_SERVER_PRIVILEGED	18
 
 #define MAIL_SERVER_IN_FLOW_DELAY	20
 
diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c
index f6f873f3c..2ac116a11 100644
--- a/postfix/src/master/multi_server.c
+++ b/postfix/src/master/multi_server.c
@@ -107,6 +107,8 @@
 /*	This service must be configured with process limit of 1.
 /* .IP MAIL_SERVER_UNLIMITED
 /*	This service must be configured with process limit of 0.
+/* .IP MAIL_SERVER_PRIVILEGED
+/*	This service must be configured as privileged.
 /* .PP
 /*	multi_server_disconnect() should be called by the application
 /*	when a client disconnects.
@@ -567,6 +569,11 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
 		msg_fatal("service %s requires a process limit of 0",
 			  service_name);
 	    break;
+	case MAIL_SERVER_PRIVILEGED:
+	    if (user_name)
+		msg_fatal("service %s requires privileged operation",
+			  service_name);
+	    break;
 	default:
 	    msg_panic("%s: unknown argument type: %d", myname, key);
 	}
diff --git a/postfix/src/master/single_server.c b/postfix/src/master/single_server.c
index 11c045317..41efe9ad5 100644
--- a/postfix/src/master/single_server.c
+++ b/postfix/src/master/single_server.c
@@ -99,6 +99,8 @@
 /*	This service must be configured with process limit of 1.
 /* .IP MAIL_SERVER_UNLIMITED
 /*	This service must be configured with process limit of 0.
+/* .IP MAIL_SERVER_PRIVILEGED
+/*	This service must be configured as privileged.
 /* .PP
 /*	The var_use_limit variable limits the number of clients that
 /*	a server can service before it commits suicide.
@@ -510,6 +512,11 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...)
 		msg_fatal("service %s requires a process limit of 0",
 			  service_name);
 	    break;
+	case MAIL_SERVER_PRIVILEGED:
+	    if (user_name)
+		msg_fatal("service %s requires privileged operation",
+			  service_name);
+	    break;
 	default:
 	    msg_panic("%s: unknown argument type: %d", myname, key);
 	}
diff --git a/postfix/src/master/trigger_server.c b/postfix/src/master/trigger_server.c
index 3681fbd74..ce6c5f225 100644
--- a/postfix/src/master/trigger_server.c
+++ b/postfix/src/master/trigger_server.c
@@ -106,6 +106,8 @@
 /*	This service must be configured with process limit of 1.
 /* .IP MAIL_SERVER_UNLIMITED
 /*	This service must be configured with process limit of 0.
+/* .IP MAIL_SERVER_PRIVILEGED
+/*	This service must be configured as privileged.
 /* .PP
 /*	The var_use_limit variable limits the number of clients that
 /*	a server can service before it commits suicide.
@@ -506,6 +508,11 @@ NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,..
 		msg_fatal("service %s requires a process limit of 0",
 			  service_name);
 	    break;
+	case MAIL_SERVER_PRIVILEGED:
+	    if (user_name)
+		msg_fatal("service %s requires privileged operation",
+			  service_name);
+	    break;
 	default:
 	    msg_panic("%s: unknown argument type: %d", myname, key);
 	}
diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c
index 84c8e4cc2..145eb8165 100644
--- a/postfix/src/pickup/pickup.c
+++ b/postfix/src/pickup/pickup.c
@@ -406,11 +406,9 @@ static int pickup_file(PICKUP_INFO *info)
      * easier to implement the many possible error exits without forgetting
      * to close files, or to release memory.
      */
-    cleanup_flags = (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_EXTERNAL);
-    if (pickup_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
-	cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
-    if (pickup_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
-	cleanup_flags &= ~CLEANUP_FLAG_FILTER;
+    cleanup_flags =
+	input_transp_cleanup(CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_EXTERNAL,
+			     pickup_input_transp_mask);
 
     cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
     if (attr_scan(cleanup, ATTR_FLAG_STRICT,
diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c
index c518f66e1..ef304c256 100644
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -1131,5 +1131,6 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_PRE_INIT, pre_init,
 		       MAIL_SERVER_POST_INIT, drop_privileges,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
+		       MAIL_SERVER_PRIVILEGED,
 		       0);
 }
diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c
index c71ab750a..c0b1c725c 100644
--- a/postfix/src/postalias/postalias.c
+++ b/postfix/src/postalias/postalias.c
@@ -95,18 +95,21 @@
 /* .RS
 /* .IP \fBbtree\fR
 /*	The output is a btree file, named \fIfile_name\fB.db\fR.
-/*	This is available only on systems with support for \fBdb\fR databases.
+/*	This is available on systems with support for \fBdb\fR databases.
+/* .IP \fBcdb\fR
+/*	The output is one file named \fIfile_name\fB.cdb\fR.
+/*	This is available on systems with support for \fBcdb\fR databases.
 /* .IP \fBdbm\fR
 /*	The output consists of two files, named \fIfile_name\fB.pag\fR and
 /*	\fIfile_name\fB.dir\fR.
-/*	This is available only on systems with support for \fBdbm\fR databases.
+/*	This is available on systems with support for \fBdbm\fR databases.
 /* .IP \fBhash\fR
 /*	The output is a hashed file, named \fIfile_name\fB.db\fR.
-/*	This is available only on systems with support for \fBdb\fR databases.
+/*	This is available on systems with support for \fBdb\fR databases.
 /* .IP \fBsdbm\fR
 /*	The output consists of two files, named \fIfile_name\fB.pag\fR and
 /*	\fIfile_name\fB.dir\fR.
-/*	This is available only on systems with support for \fBsdbm\fR databases.
+/*	This is available on systems with support for \fBsdbm\fR databases.
 /* .PP
 /*	When no \fIfile_type\fR is specified, the software uses the database
 /*	type specified via the \fBdefault_database_type\fR configuration
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index 9d59dfcc9..feb7f3ab5 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -36,7 +36,7 @@
 /* .RS
 /* .IP \fBflock\fR
 /*	A kernel-based advisory locking method for local files only.
-/*	This locking method is available only on systems with a BSD
+/*	This locking method is available on systems with a BSD
 /*	compatible library.
 /* .IP \fBfcntl\fR
 /*	A kernel-based advisory locking method for local and remote files.
@@ -47,28 +47,33 @@
 /*	stale lock files that were left behind after abnormal termination.
 /* .RE
 /* .IP \fB-m\fR
-/*	List the names of all supported lookup table types. Postfix
+/*	List the names of all supported lookup table types. In Postfix
+/*	configuration files,
 /*	lookup tables are specified as \fItype\fB:\fIname\fR, where
 /*	\fItype\fR is one of the types listed below. The table \fIname\fR
-/*	syntax depends on the lookup table type.
+/*	syntax depends on the lookup table type as described in the
+/*	DATABASE_README document.
 /* .RS
 /* .IP \fBbtree\fR
 /*	A sorted, balanced tree structure.
-/*	This is available only on systems with support for Berkeley DB
+/*	This is available on systems with support for Berkeley DB
 /*	databases.
+/* .IP \fBcdb\fR
+/*	A read-optimized structure with no support for incremental updates.
+/*	This is available on systems with support for CDB databases.
 /* .IP \fBcidr\fR
 /*	A table that associates values with Classless Inter-Domain Routing
 /*	(CIDR) patterns. This is described in \fBcidr_table\fR(5).
 /* .IP \fBdbm\fR
 /*	An indexed file type based on hashing.
-/*	This is available only on systems with support for DBM databases.
+/*	This is available on systems with support for DBM databases.
 /* .IP \fBenviron\fR
 /*	The UNIX process environment array. The lookup key is the variable
 /*	name. Originally implemented for testing, someone may find this
 /*	useful someday.
 /* .IP \fBhash\fR
 /*	An indexed file type based on hashing.
-/*	This is available only on systems with support for Berkeley DB
+/*	This is available on systems with support for Berkeley DB
 /*	databases.
 /* .IP "\fBldap\fR (read-only)"
 /*	Perform lookups using the LDAP protocol. This is described
@@ -91,7 +96,7 @@
 /*	described in \fBregexp_table\fR(5).
 /* .IP \fBsdbm\fR
 /*	An indexed file type based on hashing.
-/*	This is available only on systems with support for SDBM databases.
+/*	This is available on systems with support for SDBM databases.
 /* .IP "\fBstatic\fR (read-only)"
 /*	A table that always returns its name as lookup result. For example,
 /*	\fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c
index e8d3187a9..0d3ad44c2 100644
--- a/postfix/src/postmap/postmap.c
+++ b/postfix/src/postmap/postmap.c
@@ -116,18 +116,21 @@
 /* .RS
 /* .IP \fBbtree\fR
 /*	The output file is a btree file, named \fIfile_name\fB.db\fR.
-/*	This is available only on systems with support for \fBdb\fR databases.
+/*	This is available on systems with support for \fBdb\fR databases.
+/* .IP \fBcdb\fR
+/*	The output consists of one file, named \fIfile_name\fB.cdb\fR.
+/*	This is available on systems with support for \fBcdb\fR databases.
 /* .IP \fBdbm\fR
 /*	The output consists of two files, named \fIfile_name\fB.pag\fR and
 /*	\fIfile_name\fB.dir\fR.
-/*	This is available only on systems with support for \fBdbm\fR databases.
+/*	This is available on systems with support for \fBdbm\fR databases.
 /* .IP \fBhash\fR
 /*	The output file is a hashed file, named \fIfile_name\fB.db\fR.
-/*	This is available only on systems with support for \fBdb\fR databases.
+/*	This is available on systems with support for \fBdb\fR databases.
 /* .IP \fBsdbm\fR
 /*	The output consists of two files, named \fIfile_name\fB.pag\fR and
 /*	\fIfile_name\fB.dir\fR.
-/*	This is available only on systems with support for \fBsdbm\fR databases.
+/*	This is available on systems with support for \fBsdbm\fR databases.
 /* .PP
 /*	When no \fIfile_type\fR is specified, the software uses the database
 /*	type specified via the \fBdefault_database_type\fR configuration
diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c
index 5ca342ad5..75c802219 100644
--- a/postfix/src/proxymap/proxymap.c
+++ b/postfix/src/proxymap/proxymap.c
@@ -70,6 +70,11 @@
 /*	The proxymap server is not a trusted daemon process, and must
 /*	not be used to look up sensitive information such as user or
 /*	group IDs, mailbox file/directory names or external commands.
+/*
+/*	In Postfix version 2.2 and later, the proxymap client recognizes
+/*	requests to access a table for security-sensitive purposes,
+/*	and opens the table directly. This allows the same main.cf
+/*	setting to be used by sensitive and non-sensitive processes.
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
 /* BUGS
diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c
index f86355f5e..76fdceaf1 100644
--- a/postfix/src/qmqpd/qmqpd.c
+++ b/postfix/src/qmqpd/qmqpd.c
@@ -234,12 +234,8 @@ static void qmqpd_open_file(QMQPD_STATE *state)
     /*
      * Connect to the cleanup server. Log client name/address with queue ID.
      */
-    cleanup_flags = CLEANUP_FLAG_MASK_EXTERNAL;
-    if (qmqpd_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
-	cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
-    if (qmqpd_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
-	cleanup_flags &= ~CLEANUP_FLAG_FILTER;
-
+    cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_MASK_EXTERNAL,
+					 qmqpd_input_transp_mask);
     state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, var_cleanup_service);
     if (state->dest == 0
 	|| attr_print(state->dest->stream, ATTR_FLAG_NONE,
diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c
index 8c47a6e59..ec73b7577 100644
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -479,6 +479,7 @@ static void output_header(void *context, int header_class,
     char   *start;
     char   *line;
     char   *next_line;
+    int     len;
 
     /*
      * Parse the header line, and save copies of recipient addresses in the
@@ -507,12 +508,23 @@ static void output_header(void *context, int header_class,
 
     /*
      * Pipe the unmodified message header through the header line folding
-     * routine.
+     * routine, and ensure that long lines are chopped appropriately.
      */
     for (line = start = STR(buf); line; line = next_line) {
 	next_line = split_at(line, '\n');
-	output_text(context, REC_TYPE_NORM, line, next_line ?
-		    next_line - line - 1 : strlen(line), offset);
+	len = next_line ? next_line - line - 1 : strlen(line);
+	do {
+	    if (len > var_line_limit) {
+		output_text(context, REC_TYPE_CONT, line, var_line_limit, offset);
+		line += var_line_limit;
+		len -= var_line_limit;
+		offset += var_line_limit;
+	    } else {
+		output_text(context, REC_TYPE_NORM, line, len, offset);
+		break;
+	    }
+	} while (len > 0);
+	offset += 1;
     }
 }
 
diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index 477fe710e..5bdc493d7 100644
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -6,10 +6,11 @@
 /* SYNOPSIS
 /*	#include "smtp_addr.h"
 /*
-/*	DNS_RR *smtp_domain_addr(name, misc_flags, why)
+/*	DNS_RR *smtp_domain_addr(name, misc_flags, why, found_myself)
 /*	char	*name;
 /*	int	misc_flags;
 /*	VSTRING	*why;
+/*	int	*found_myself;
 /*
 /*	DNS_RR *smtp_host_addr(name, misc_flags, why)
 /*	char	*name;
@@ -26,7 +27,9 @@
 /*	exchanger hosts listed for the named domain. Addresses are
 /*	returned in most-preferred first order. The result is truncated
 /*	so that it contains only hosts that are more preferred than the
-/*	local mail server itself.
+/*	local mail server itself. The found_myself result parameter
+/*	is updated when the local MTA is MX host for the specified
+/*	destination.
 /*
 /*	When no mail exchanger is listed in the DNS for \fIname\fR, the
 /*	request is passed to smtp_host_addr().
@@ -330,7 +333,8 @@ static int smtp_compare_pref(DNS_RR *a, DNS_RR *b)
 
 /* smtp_domain_addr - mail exchanger address lookup */
 
-DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why)
+DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why,
+			         int *found_myself)
 {
     DNS_RR *mx_names;
     DNS_RR *addr_list = 0;
@@ -446,6 +450,7 @@ DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why)
     /*
      * Clean up.
      */
+    *found_myself |= (self != 0);
     return (addr_list);
 }
 
diff --git a/postfix/src/smtp/smtp_addr.h b/postfix/src/smtp/smtp_addr.h
index 06706892c..6e211fe33 100644
--- a/postfix/src/smtp/smtp_addr.h
+++ b/postfix/src/smtp/smtp_addr.h
@@ -17,7 +17,7 @@
   * Internal interfaces.
   */
 extern DNS_RR *smtp_host_addr(char *, int, VSTRING *);
-extern DNS_RR *smtp_domain_addr(char *, int, VSTRING *);
+extern DNS_RR *smtp_domain_addr(char *, int, VSTRING *, int *);
 
 /* LICENSE
 /* .ad
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index e2661e487..7a38ada45 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -487,6 +487,8 @@ int     smtp_connect(SMTP_STATE *state)
     int     lookup_mx;
     unsigned domain_best_pref;
     int     sess_flags = SMTP_SESS_FLAG_NONE;
+    int     i_am_mx = 0;
+    int     non_fallback_sites;
 
     /*
      * First try to deliver to the indicated destination, then try to deliver
@@ -499,6 +501,7 @@ int     smtp_connect(SMTP_STATE *state)
     argv_add(sites, request->nexthop, (char *) 0);
     if (sites->argc == 0)
 	msg_panic("null destination: \"%s\"", request->nexthop);
+    non_fallback_sites = sites->argc;
     argv_split_append(sites, var_fallback_relay, ", \t\r\n");
 
     /*
@@ -517,7 +520,12 @@ int     smtp_connect(SMTP_STATE *state)
      * then is to build this into the pre-existing SMTP client without
      * getting lost in the complexity.
      */
+#define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
+	    ((cpp) >= (sites)->argv + (non_fallback_sites))
+
     for (cpp = sites->argv; SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; cpp++) {
+	if (i_am_mx && IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites))
+	    break;
 	state->final_server = (cpp[1] == 0);
 
 	/*
@@ -540,8 +548,9 @@ int     smtp_connect(SMTP_STATE *state)
 	lookup_mx = (var_disable_dns == 0 && *dest != '[');
 	if (!lookup_mx) {
 	    addr_list = smtp_host_addr(domain, misc_flags, why);
+	    /* XXX We could be an MX host for this destination... */
 	} else {
-	    addr_list = smtp_domain_addr(domain, misc_flags, why);
+	    addr_list = smtp_domain_addr(domain, misc_flags, why, &i_am_mx);
 	}
 
 	/*
@@ -667,7 +676,7 @@ int     smtp_connect(SMTP_STATE *state)
 	     * The fall-back destination did not resolve as expected, or it
 	     * is refusing to talk to us, or mail for it loops back to us.
 	     */
-	    if (sites->argc > 1 && cpp > sites->argv) {
+	    if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) {
 		msg_warn("%s configuration problem", VAR_FALLBACK_RELAY);
 		smtp_errno = SMTP_ERR_RETRY;
 	    }
diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in
index 39ae9b1c2..ea4aba913 100644
--- a/postfix/src/smtpd/Makefile.in
+++ b/postfix/src/smtpd/Makefile.in
@@ -159,6 +159,7 @@ smtpd.o: ../../include/valid_mailhost_addr.h
 smtpd.o: ../../include/mail_server.h
 smtpd.o: smtpd_token.h
 smtpd.o: smtpd.h
+smtpd.o: ../../include/myaddrinfo.h
 smtpd.o: ../../include/tls.h
 smtpd.o: smtpd_check.h
 smtpd.o: smtpd_chat.h
@@ -188,6 +189,7 @@ smtpd_chat.o: ../../include/cleanup_user.h
 smtpd_chat.o: ../../include/mail_error.h
 smtpd_chat.o: ../../include/name_mask.h
 smtpd_chat.o: smtpd.h
+smtpd_chat.o: ../../include/myaddrinfo.h
 smtpd_chat.o: ../../include/mail_stream.h
 smtpd_chat.o: ../../include/tls.h
 smtpd_chat.o: smtpd_chat.h
@@ -290,6 +292,7 @@ smtpd_proxy.o: ../../include/mail_proto.h
 smtpd_proxy.o: ../../include/attr.h
 smtpd_proxy.o: smtpd.h
 smtpd_proxy.o: ../../include/argv.h
+smtpd_proxy.o: ../../include/myaddrinfo.h
 smtpd_proxy.o: ../../include/mail_stream.h
 smtpd_proxy.o: ../../include/tls.h
 smtpd_proxy.o: smtpd_proxy.h
@@ -308,6 +311,7 @@ smtpd_sasl_glue.o: ../../include/vbuf.h
 smtpd_sasl_glue.o: ../../include/vstream.h
 smtpd_sasl_glue.o: smtpd.h
 smtpd_sasl_glue.o: ../../include/argv.h
+smtpd_sasl_glue.o: ../../include/myaddrinfo.h
 smtpd_sasl_glue.o: ../../include/mail_stream.h
 smtpd_sasl_glue.o: ../../include/tls.h
 smtpd_sasl_glue.o: smtpd_sasl_glue.h
@@ -328,6 +332,7 @@ smtpd_sasl_proto.o: ../../include/mail_error.h
 smtpd_sasl_proto.o: ../../include/name_mask.h
 smtpd_sasl_proto.o: smtpd.h
 smtpd_sasl_proto.o: ../../include/argv.h
+smtpd_sasl_proto.o: ../../include/myaddrinfo.h
 smtpd_sasl_proto.o: ../../include/mail_stream.h
 smtpd_sasl_proto.o: ../../include/tls.h
 smtpd_sasl_proto.o: smtpd_token.h
@@ -351,6 +356,7 @@ smtpd_state.o: ../../include/attr.h
 smtpd_state.o: smtpd.h
 smtpd_state.o: ../../include/vstring.h
 smtpd_state.o: ../../include/argv.h
+smtpd_state.o: ../../include/myaddrinfo.h
 smtpd_state.o: ../../include/mail_stream.h
 smtpd_state.o: ../../include/tls.h
 smtpd_state.o: smtpd_chat.h
@@ -374,5 +380,6 @@ smtpd_xforward.o: ../../include/attr.h
 smtpd_xforward.o: smtpd.h
 smtpd_xforward.o: ../../include/vstring.h
 smtpd_xforward.o: ../../include/argv.h
+smtpd_xforward.o: ../../include/myaddrinfo.h
 smtpd_xforward.o: ../../include/mail_stream.h
 smtpd_xforward.o: ../../include/tls.h
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index b338e3287..caeb1bd0e 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -108,7 +108,7 @@
 /*	filtering, or address mapping.
 /* .PP
 /*	Available in Postfix version 2.2 and later:
-/* .IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
+/* .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
 /*	Append the domain name in $myorigin or $mydomain to message
 /*	header addresses from these clients only; either don't rewrite
 /*	message headers from other clients at all, or append the domain
@@ -1253,11 +1253,8 @@ static void mail_open_stream(SMTPD_STATE *state)
      * If running from the master or from inetd, connect to the cleanup
      * service.
      */
-    cleanup_flags = CLEANUP_FLAG_MASK_EXTERNAL;
-    if (smtpd_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
-	cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
-    if (smtpd_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
-	cleanup_flags &= ~CLEANUP_FLAG_FILTER;
+    cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_MASK_EXTERNAL,
+					 smtpd_input_transp_mask);
 
     if (SMTPD_STAND_ALONE(state) == 0) {
 	state->dest = mail_stream_service(MAIL_CLASS_PUBLIC,
diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h
index a789fb7b3..c17a5ba46 100644
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 
  /*
   * Global library.
@@ -74,6 +75,7 @@ typedef struct SMTPD_STATE {
     char   *addr;			/* client host address string */
     char   *namaddr;			/* combined name and address */
     char   *rfc_addr;			/* address for RFC 2821 */
+    struct sockaddr_storage sockaddr;	/* binary client endpoint */
     int     peer_code;			/* 2=ok, 4=soft, 5=hard */
     int     error_count;		/* reset after DOT */
     int     error_mask;			/* client errors */
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index cc3e901ec..26c1f16bd 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -909,6 +909,20 @@ static int reject_unknown_client(SMTPD_STATE *state)
     return (SMTPD_CHECK_DUNNO);
 }
 
+/* permit_inet_interfaces - succeed if client my own address */
+
+static int permit_inet_interfaces(SMTPD_STATE *state)
+{
+    char   *myname = "permit_inet_interfaces";
+
+    if (msg_verbose)
+	msg_info("%s: %s %s", myname, state->name, state->addr);
+
+    if (own_inet_addr((struct sockaddr *) & (state->sockaddr)))
+	return (SMTPD_CHECK_OK);
+    return (SMTPD_CHECK_DUNNO);
+}
+
 /* permit_mynetworks - succeed if client is in a trusted network */
 
 static int permit_mynetworks(SMTPD_STATE *state)
@@ -3153,6 +3167,8 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 	 */
 	else if (strcasecmp(name, REJECT_UNKNOWN_CLIENT) == 0) {
 	    status = reject_unknown_client(state);
+	} else if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) {
+	    status = permit_inet_interfaces(state);
 	} else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
 	    status = permit_mynetworks(state);
 	} else if (is_map_command(state, name, CHECK_CLIENT_ACL, &cpp)) {
@@ -3502,7 +3518,9 @@ void    smtpd_check_rewrite(SMTPD_STATE *state)
 	    name = CHECK_ADDR_MAP;
 	    cpp -= 1;
 	}
-	if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
+	if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) {
+	    status = permit_inet_interfaces(state);
+	} else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
 	    status = permit_mynetworks(state);
 	} else if (is_map_command(state, name, CHECK_ADDR_MAP, &cpp)) {
 	    if ((dict = dict_handle(*cpp)) == 0)
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index 41f627d1d..fd4c84724 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -86,13 +86,12 @@
 void    smtpd_peer_init(SMTPD_STATE *state)
 {
     char   *myname = "smtpd_peer_init";
-    struct sockaddr_storage ss;
     SOCKADDR_SIZE sa_len;
     struct sockaddr *sa;
     INET_PROTO_INFO *proto_info = inet_proto_info();
 
-    sa = (struct sockaddr *) & ss;
-    sa_len = sizeof(ss);
+    sa = (struct sockaddr *) & (state->sockaddr);
+    sa_len = sizeof(state->sockaddr);
 
     /*
      * Look up the peer address information.
diff --git a/postfix/src/spawn/spawn.c b/postfix/src/spawn/spawn.c
index 09b6bb877..f60ef39ec 100644
--- a/postfix/src/spawn/spawn.c
+++ b/postfix/src/spawn/spawn.c
@@ -344,5 +344,6 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_TIME_TABLE, time_table,
 		       MAIL_SERVER_POST_INIT, drop_privileges,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
+		       MAIL_SERVER_PRIVILEGED,
 		       0);
 }
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index c17c87c00..2828f3008 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -127,7 +127,7 @@ void    tls_info_callback(const SSL *s, int where, int ret)
 	str = "unknown";
 
     if (where & SSL_CB_LOOP) {
-	msg_info("%s:%s", str, SSL_state_string_long(s));
+	msg_info("%s:%s", str, SSL_state_string_long((SSL *) s));
     } else if (where & SSL_CB_ALERT) {
 	str = (where & SSL_CB_READ) ? "read" : "write";
 	if ((ret & 0xff) != SSL3_AD_CLOSE_NOTIFY)
@@ -137,10 +137,10 @@ void    tls_info_callback(const SSL *s, int where, int ret)
     } else if (where & SSL_CB_EXIT) {
 	if (ret == 0)
 	    msg_info("%s:failed in %s",
-		     str, SSL_state_string_long(s));
+		     str, SSL_state_string_long((SSL *) s));
 	else if (ret < 0) {
 	    msg_info("%s:error in %s",
-		     str, SSL_state_string_long(s));
+		     str, SSL_state_string_long((SSL *) s));
 	}
     }
 }
diff --git a/postfix/src/tlsmgr/tlsmgr.c b/postfix/src/tlsmgr/tlsmgr.c
index 8afb68426..365bb9098 100644
--- a/postfix/src/tlsmgr/tlsmgr.c
+++ b/postfix/src/tlsmgr/tlsmgr.c
@@ -6,16 +6,16 @@
 /* SYNOPSIS
 /*	\fBtlsmgr\fR [generic Postfix daemon options]
 /* DESCRIPTION
-/*	The tlsmgr(8) maintains the TLS session caches for Postfix
-/*	SMTP client and server processes.  It periodically removes
-/*	entries that have expired, and entries that are no longer
-/*	compatible with the currently running Postfix version.
+/*	The tlsmgr(8) manages the TLS session caches for Postfix
+/*	SMTP client and server processes.  It stores and retrieves
+/*	cache entries on request by smtpd(8) and smtp(8) processes,
+/*	and periodically removes entries that have expired.
 /*
-/*	The tlsmgr(8) also maintains the PRNG (pseudo random number
-/*	generator) pool. This is queried by the smtpd(8) and smtp(8)
+/*	The tlsmgr(8) also manages the PRNG (pseudo random number
+/*	generator) pool. It answers queries by the smtpd(8) and smtp(8)
 /*	processes to seed their internal PRNG pools.
 /*
-/*	The tlsmgr(8)'s internal PRNG pool is initially seeded from
+/*	The tlsmgr(8)'s PRNG pool is initially seeded from
 /*	an external source (EGD, /dev/urandom, or regular file).
 /*	It is updated at configurable pseudo-random intervals with
 /*	data from the external source. It is updated periodically
diff --git a/postfix/src/util/myaddrinfo.c b/postfix/src/util/myaddrinfo.c
index 2307979c3..afb610652 100644
--- a/postfix/src/util/myaddrinfo.c
+++ b/postfix/src/util/myaddrinfo.c
@@ -200,11 +200,6 @@ struct ipv4addrinfo {
     struct sockaddr_in sin;
 };
 
- /*
-  * Make nulls more descriptive.
-  */
-#define NO_SERVICE	((char *) 0)
-
  /*
   * When we're not interested in service ports, we must pick a socket type
   * otherwise getaddrinfo() will give us duplicate results: one set for TCP,