From: Wietse Venema <wietse@porcupine.org>
Date: Fri, 30 Mar 2012 05:00:00 +0000 (-0500)
Subject: postfix-2.10-20120330
X-Git-Tag: v2.10.0-RC1~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99ff75430d5c908879caffc1125680ed68019021;p=thirdparty%2Fpostfix.git

postfix-2.10-20120330
---

diff --git a/postfix/.indent.pro b/postfix/.indent.pro
index 74d52d46f..634794f72 100644
--- a/postfix/.indent.pro
+++ b/postfix/.indent.pro
@@ -98,6 +98,7 @@
 -TDICT_REGEXP_PRESCAN_CONTEXT
 -TDICT_REGEXP_RULE
 -TDICT_SDBM
+-TDICT_SOCKMAP
 -TDICT_SQLITE
 -TDICT_STACK
 -TDICT_SURROGATE
diff --git a/postfix/HISTORY b/postfix/HISTORY
index 4a35978d6..cd821774e 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -17684,3 +17684,16 @@ Apologies for any names omitted.
 	postconf -X option to exclude parameters from main.cf
 	(require two-finger action, because this is irreversible).
 	Files: postconf/postconf.[hc], postconf/postconf_edit.c.
+
+20120317
+
+	Feature: Sendmail-style socketmap.  Files: util/dict_sockmap.[hc],
+	util/netstring.[hc], proto/DATABASE_README.html,
+	postconf/postconf.c.
+
+20120330
+
+	Workaround: specify "\c" at the start of an smtp_reject_footer
+	template to suppress the line break between the reply text
+	and the footer text. Files: global/smtp_reply_footer.c,
+	proto/postconf.proto.
diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README
index 18e898250..79181be35 100644
--- a/postfix/README_FILES/DATABASE_README
+++ b/postfix/README_FILES/DATABASE_README
@@ -246,6 +246,11 @@ To find out what database types your Postfix system supports, use the "ppooss
         with the postmap(1) or postalias(1) command. The lookup table name as
         used in "sdbm:table" is the database file name without the ".dir" or
         ".pag" suffix.
+    ssoocckkeettmmaapp (read-only)
+        Query a Sendmail-style socketmap server. The name of the table
+        specifies iinneett:host:port:socketmap-name for a TCP-based server, or
+        uunniixx:pathname:socketmap-name for a UNIX-domain server. In both cases
+        socketmap-name is the name of the socketmap.
     ssqqlliittee (read-only)
         Perform SQLite database lookups. Configuration details are given in
         sqlite_table(5).
diff --git a/postfix/README_FILES/POSTSCREEN_README b/postfix/README_FILES/POSTSCREEN_README
index fee091a25..650114a71 100644
--- a/postfix/README_FILES/POSTSCREEN_README
+++ b/postfix/README_FILES/POSTSCREEN_README
@@ -190,16 +190,23 @@ whitelist, postscreen(8) can implement a number of whitelist tests, before it
 grants the client a temporary whitelist status that allows it to talk to a
 Postfix SMTP server process.
 
-By listening on both primary and backup MX addresses, postscreen(8) can deny
-the temporary whitelist status to clients that connect only to backup MX hosts
-(an old spammer trick to take advantage of backup MX hosts with weaker anti-
-spam policies than primary MX hosts).
+When postscreen(8) is configured to monitor all primary and backup MX
+addresses, it can refuse to whitelist clients that connect to a backup MX
+address only (an old spammer trick to take advantage of backup MX hosts with
+weaker anti-spam policies than primary MX hosts).
+
+    NOTE: The following solution is for small sites. Larger sites would have to
+    share the postscreen(8) cache between primary and backup MTAs, which would
+    introduce a common point of failure.
 
   * First, configure the host to listen on both primary and backup MX
     addresses. Use the appropriate ifconfig command for the local operating
     system, or update the appropriate configuration files and "refresh" the
     network protocol stack.
 
+    Second, configure Postfix to listen on the new IP address (this step is
+    needed when you have specified inet_interfaces in main.cf).
+
   * Then, configure postscreen(8) to deny the temporary whitelist status on the
     backup MX address(es). An example for Wietse's server is:
 
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 51cc7d047..177c81f0e 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -5,7 +5,15 @@ Wish list:
 	Remove this file from the stable release.
 
 	Things to do after the stable release:
+
+	Connection cache protocol: avoid mixing mail streams
+	with different source IP address reputations. For example,
+	allow additional tags upon store operations that can be
+	specified in requests.
  
+	smtpd: make implicit sender/recipient checks play along
+	with defer_if_reject.
+
 	postscreen: in the dummy SMTP engine, log the protocol state
 	at time of violation (like smtpd, set state->where initially
 	to CONNECT, then update it with the name of the last "known"
diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf
index dfc3eb002..849f1599b 100644
--- a/postfix/conf/master.cf
+++ b/postfix/conf/master.cf
@@ -17,13 +17,21 @@ smtp      inet  n       -       n       -       -       smtpd
 #  -o syslog_name=postfix/submission
 #  -o smtpd_tls_security_level=encrypt
 #  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 #smtps     inet  n       -       n       -       -       smtpd
 #  -o syslog_name=postfix/smtps
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 #628       inet  n       -       n       -       -       qmqpd
 pickup    fifo  n       -       n       60      1       pickup
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html
index 20cd53acf..bf1447b01 100644
--- a/postfix/html/DATABASE_README.html
+++ b/postfix/html/DATABASE_README.html
@@ -370,6 +370,15 @@ created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1
 table name as used in "sdbm:table" is the database file name without
 the ".dir" or ".pag" suffix.  </dd>
 
+<dt> <b>socketmap</b> (read-only) </dt>
+
+<dd> Query a Sendmail-style socketmap server. The name of the table
+specifies <b>inet</b>:<i>host</i>:<i>port</i>:<i>socketmap-name</i>
+for a TCP-based server, or
+<b>unix</b>:<i>pathname</i>:<i>socketmap-name</i> for a UNIX-domain
+server. In both cases <i>socketmap-name</i> is the name of the
+socketmap. </dd>
+
 <dt> <b>sqlite</b> (read-only) </dt>
 
 <dd> Perform SQLite database lookups. Configuration details are given
diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html
index 1718f0e2d..d60f5aeff 100644
--- a/postfix/html/POSTSCREEN_README.html
+++ b/postfix/html/POSTSCREEN_README.html
@@ -249,12 +249,17 @@ or temporary whitelist, <a href="postscreen.8.html">postscreen(8)</a> can implem
 whitelist tests, before it grants the client a temporary whitelist
 status that allows it to talk to a Postfix SMTP server process. </p>
 
-<p> By listening on both primary and backup MX addresses, <a href="postscreen.8.html">postscreen(8)</a>
-can deny the temporary whitelist status to clients that connect
-only to backup MX hosts (an old spammer trick to take advantage of
-backup MX hosts with weaker anti-spam policies than primary MX
+<p> When <a href="postscreen.8.html">postscreen(8)</a> is configured to monitor all primary and
+backup MX addresses, it can refuse to whitelist clients that connect
+to a backup MX address only (an old spammer trick to take advantage
+of backup MX hosts with weaker anti-spam policies than primary MX
 hosts). </p>
 
+<blockquote> <p> NOTE: The following solution is for small sites.
+Larger sites would have to share the <a href="postscreen.8.html">postscreen(8)</a> cache between
+primary and backup MTAs, which would introduce a common point of
+failure.  </p> </blockquote>
+
 <ul>
 
 <li> <p> First, configure the host to listen on both primary and
@@ -262,6 +267,10 @@ backup MX addresses. Use the appropriate <tt>ifconfig</tt> command
 for the local operating system, or update the appropriate configuration
 files and "refresh" the network protocol stack. </p>
 
+<p> <p> Second, configure Postfix to listen on the new IP address
+(this step is needed when you have specified <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in
+<a href="postconf.5.html">main.cf</a>). </p>
+
 <li> <p> Then, configure <a href="postscreen.8.html">postscreen(8)</a> to deny the temporary whitelist
 status on the backup MX address(es).  An example for Wietse's
 server is: </p>
diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html
index 3b6255593..619941b8f 100644
--- a/postfix/html/mailq.1.html
+++ b/postfix/html/mailq.1.html
@@ -184,72 +184,73 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               <i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
 
        <b>-O</b> <i>option=value</i> (ignored)
-              Backwards compatibility.
+              Set  the  named <i>option</i> to <i>value</i>. Use the equivalent
+              configuration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
 
        <b>-o7</b> (ignored)
 
        <b>-o8</b> (ignored)
               To send 8-bit or binary content, use an appropriate
-              MIME encapsulation and specify the  appropriate  <b>-B</b>
+              MIME  encapsulation  and specify the appropriate <b>-B</b>
               command-line option.
 
-       <b>-oi</b>    When  reading  a message from standard input, don't
-              treat a line with only a <b>.</b> character as the end  of
+       <b>-oi</b>    When reading a message from standard  input,  don't
+              treat  a line with only a <b>.</b> character as the end of
               input.
 
        <b>-om</b> (ignored)
-              The  sender  is  never  eliminated  from alias etc.
+              The sender is  never  eliminated  from  alias  etc.
               expansions.
 
        <b>-o</b> <i>x value</i> (ignored)
-              Set option <i>x</i> to <i>value</i>. Use the equivalent  configu-
+              Set  option <i>x</i> to <i>value</i>. Use the equivalent configu-
               ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
 
        <b>-r</b> <i>sender</i>
               Set  the  envelope  sender  address.  This  is  the
-              address where delivery problems are sent  to.  With
+              address  where  delivery problems are sent to. With
               Postfix versions before 2.1, the <b>Errors-To:</b> message
               header overrides the error return address.
 
        <b>-R</b> <i>return</i><b>_</b><i>limit</i> (ignored)
-              Limit  the  size   of   bounced   mail.   Use   the
-              <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b>  configuration parameter instead.
+              Limit   the   size   of   bounced   mail.  Use  the
+              <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b> configuration parameter  instead.
 
-       <b>-q</b>     Attempt to deliver all queued mail. This is  imple-
+       <b>-q</b>     Attempt  to deliver all queued mail. This is imple-
               mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
 
               Warning:  flushing  undeliverable  mail  frequently
-              will result in poor  delivery  performance  of  all
+              will  result  in  poor  delivery performance of all
               other mail.
 
        <b>-q</b><i>interval</i> (ignored)
-              The   interval   between   queue   runs.   Use  the
+              The  interval   between   queue   runs.   Use   the
               <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
 
        <b>-qI</b><i>queueid</i>
               Schedule immediate delivery of mail with the speci-
-              fied  queue ID.  This option is implemented by exe-
-              cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and  is  available
+              fied queue ID.  This option is implemented by  exe-
+              cuting  the  <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
               with Postfix version 2.4 and later.
 
        <b>-qR</b><i>site</i>
-              Schedule  immediate  delivery  of  all mail that is
+              Schedule immediate delivery of  all  mail  that  is
               queued for the named <i>site</i>. This option accepts only
-              <i>site</i>  names  that are eligible for the "fast flush"
-              service,  and  is  implemented  by  executing   the
+              <i>site</i> names that are eligible for the  "fast  flush"
+              service,   and  is  implemented  by  executing  the
               <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.  See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
               mation about the "fast flush" service.
 
        <b>-qS</b><i>site</i>
-              This command is not  implemented.  Use  the  slower
+              This  command  is  not  implemented. Use the slower
               "<b>sendmail -q</b>" command instead.
 
-       <b>-t</b>     Extract  recipients from message headers. These are
-              added to any recipients specified  on  the  command
+       <b>-t</b>     Extract recipients from message headers. These  are
+              added  to  any  recipients specified on the command
               line.
 
-              With  Postfix  versions  prior  to 2.1, this option
-              requires that no recipient addresses are  specified
+              With Postfix versions prior  to  2.1,  this  option
+              requires  that no recipient addresses are specified
               on the command line.
 
        <b>-U</b> (ignored)
@@ -262,41 +263,41 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               This feature is available in Postfix 2.3 and later.
 
        <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
-              Variable  Envelope  Return  Path. Given an envelope
-              sender address of the  form  <i>owner-listname</i>@<i>origin</i>,
-              each  recipient  <i>user</i>@<i>domain</i>  receives  mail with a
+              Variable Envelope Return Path.  Given  an  envelope
+              sender  address  of the form <i>owner-listname</i>@<i>origin</i>,
+              each recipient <i>user</i>@<i>domain</i>  receives  mail  with  a
               personalized envelope sender address.
 
-              By  default,  the  personalized   envelope   sender
-              address  is  <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
-              default <b>+</b> and <b>=</b> characters  are  configurable  with
-              the  <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration parame-
+              By   default,   the  personalized  envelope  sender
+              address is  <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>.  The
+              default  <b>+</b>  and  <b>=</b> characters are configurable with
+              the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration  parame-
               ter.
 
        <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
-              As <b>-XV</b>, but uses <i>x</i> and  <i>y</i>  as  the  VERP  delimiter
-              characters,  instead  of  the  characters specified
-              with  the   <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>   configuration
+              As  <b>-XV</b>,  but  uses  <i>x</i>  and <i>y</i> as the VERP delimiter
+              characters, instead  of  the  characters  specified
+              with   the   <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration
               parameter.
 
-       <b>-v</b>     Send  an email report of the first delivery attempt
-              (Postfix versions 2.1  and  later).  Mail  delivery
-              always  happens in the background. When multiple <b>-v</b>
+       <b>-v</b>     Send an email report of the first delivery  attempt
+              (Postfix  versions  2.1  and  later). Mail delivery
+              always happens in the background. When multiple  <b>-v</b>
               options  are  given,  enable  verbose  logging  for
               debugging purposes.
 
        <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
-              Log  mailer  traffic.  Use  the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
-              <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters  instead.
+              Log mailer traffic.  Use  the  <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b>  and
+              <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>  configuration parameters instead.
 
 <b>SECURITY</b>
-       By  design,  this  program  is not set-user (or group) id.
-       However, it must  handle  data  from  untrusted,  possibly
-       remote,  users.   Thus,  the  usual precautions need to be
+       By design, this program is not  set-user  (or  group)  id.
+       However,  it  must  handle  data  from untrusted, possibly
+       remote, users.  Thus, the usual  precautions  need  to  be
        taken against malicious inputs.
 
 <b>DIAGNOSTICS</b>
-       Problems are logged to  <b>syslogd</b>(8)  and  to  the  standard
+       Problems  are  logged  to  <b>syslogd</b>(8)  and to the standard
        error stream.
 
 <b>ENVIRONMENT</b>
@@ -308,29 +309,29 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
        <b>MAIL_DEBUG</b> (value does not matter)
               Enable debugging with an external command, as spec-
-              ified  with  the   <b><a href="postconf.5.html#debugger_command">debugger_command</a></b>   configuration
+              ified   with   the  <b><a href="postconf.5.html#debugger_command">debugger_command</a></b>  configuration
               parameter.
 
-       <b>NAME</b>   The  sender  full name. This is used only with mes-
-              sages that have no <b>From:</b> message header.  See  also
+       <b>NAME</b>   The sender full name. This is used only  with  mes-
+              sages  that  have no <b>From:</b> message header. See also
               the <b>-F</b> option above.
 
 <b>CONFIGURATION PARAMETERS</b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are  especially  relevant
        to this program.  The text below provides only a parameter
-       summary.  See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
+       summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including  exam-
        ples.
 
 <b>COMPATIBILITY CONTROLS</b>
        Available with Postfix 2.9 and later:
 
        <b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
-              Controls how the Postfix sendmail command  converts
-              email  message line endings from &lt;CR&gt;&lt;LF&gt; into UNIX
+              Controls  how the Postfix sendmail command converts
+              email message line endings from &lt;CR&gt;&lt;LF&gt; into  UNIX
               format (&lt;LF&gt;).
 
 <b>TROUBLE SHOOTING CONTROLS</b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples  of  how  to  trouble
+       The  <a href="DEBUG_README.html">DEBUG_README</a>  file  gives  examples of how to trouble
        shoot a Postfix system.
 
        <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
@@ -338,29 +339,29 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               mon program is invoked with the -D option.
 
        <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment  in  verbose  logging  level  when  a
-              remote  client  or  server matches a pattern in the
+              The  increment  in  verbose  logging  level  when a
+              remote client or server matches a  pattern  in  the
               <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
 
        <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of remote client or  server  hostname
-              or  network address patterns that cause the verbose
-              logging level to increase by the  amount  specified
+              Optional  list  of remote client or server hostname
+              or network address patterns that cause the  verbose
+              logging  level  to increase by the amount specified
               in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 
 <b>ACCESS CONTROLS</b>
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users  who  are  authorized  to flush the
+              List of users  who  are  authorized  to  flush  the
               queue.
 
        <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
               List of users who are authorized to view the queue.
 
        <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users  who  are authorized to submit mail
-              with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with  the  privi-
+              List of users who are  authorized  to  submit  mail
+              with  the  <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
               leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
 
 <b>RESOURCE AND RATE CONTROLS</b>
@@ -369,7 +370,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               sent in a non-delivery notification.
 
        <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
-              The maximal number of attempts to  fork()  a  child
+              The  maximal  number  of attempts to fork() a child
               process.
 
        <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
@@ -377,11 +378,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               process.
 
        <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
-              The maximal number of  Received:   message  headers
+              The  maximal  number  of Received:  message headers
               that is allowed in the primary message headers.
 
        <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The  time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
+              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the  queue
               manager; prior to Postfix 2.4 the default value was
               1000s.
 
@@ -391,37 +392,37 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
        <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
               Optional list of destinations that are eligible for
-              per-destination  logfiles  with mail that is queued
+              per-destination logfiles with mail that  is  queued
               to those destinations.
 
 <b>VERP CONTROLS</b>
        The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
-       details  of  Postfix  support for variable envelope return
+       details of Postfix support for  variable  envelope  return
        path addresses.
 
        <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
               The two default VERP delimiter characters.
 
        <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The characters Postfix accepts  as  VERP  delimiter
-              characters  on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+              The  characters  Postfix  accepts as VERP delimiter
+              characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command  line
               and in SMTP commands.
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
-              The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that  are
+              The  alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
               updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
 
        <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The  location  of  all  postfix administrative com-
+              The location of  all  postfix  administrative  com-
               mands.
 
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
-              The  directory  with  Postfix  support programs and
+              The directory with  Postfix  support  programs  and
               daemon programs.
 
        <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
@@ -429,16 +430,16 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               <a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
 
        <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
-              The  time  after which the sender receives the mes-
+              The time after which the sender receives  the  mes-
               sage headers of mail that is still queued.
 
        <b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
-              Report mail delivery errors to the  address  speci-
-              fied   with  the  non-standard  Errors-To:  message
-              header, instead  of  the  envelope  sender  address
-              (this  feature is removed with Postfix version 2.2,
-              is turned off by default with Postfix version  2.1,
-              and  is  always  turned  on with older Postfix ver-
+              Report  mail  delivery errors to the address speci-
+              fied  with  the  non-standard  Errors-To:   message
+              header,  instead  of  the  envelope  sender address
+              (this feature is removed with Postfix version  2.2,
+              is  turned off by default with Postfix version 2.1,
+              and is always turned on  with  older  Postfix  ver-
               sions).
 
        <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@@ -446,21 +447,21 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               and most Postfix daemon processes.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
-              Don't rewrite message headers from  remote  clients
+              Don't  rewrite  message headers from remote clients
               at all when this parameter is empty; otherwise, re-
-              write message  headers  and  append  the  specified
+              write  message  headers  and  append  the specified
               domain name to incomplete addresses.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>FILES</b>
@@ -485,7 +486,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
        <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html
index 3b6255593..619941b8f 100644
--- a/postfix/html/newaliases.1.html
+++ b/postfix/html/newaliases.1.html
@@ -184,72 +184,73 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               <i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
 
        <b>-O</b> <i>option=value</i> (ignored)
-              Backwards compatibility.
+              Set  the  named <i>option</i> to <i>value</i>. Use the equivalent
+              configuration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
 
        <b>-o7</b> (ignored)
 
        <b>-o8</b> (ignored)
               To send 8-bit or binary content, use an appropriate
-              MIME encapsulation and specify the  appropriate  <b>-B</b>
+              MIME  encapsulation  and specify the appropriate <b>-B</b>
               command-line option.
 
-       <b>-oi</b>    When  reading  a message from standard input, don't
-              treat a line with only a <b>.</b> character as the end  of
+       <b>-oi</b>    When reading a message from standard  input,  don't
+              treat  a line with only a <b>.</b> character as the end of
               input.
 
        <b>-om</b> (ignored)
-              The  sender  is  never  eliminated  from alias etc.
+              The sender is  never  eliminated  from  alias  etc.
               expansions.
 
        <b>-o</b> <i>x value</i> (ignored)
-              Set option <i>x</i> to <i>value</i>. Use the equivalent  configu-
+              Set  option <i>x</i> to <i>value</i>. Use the equivalent configu-
               ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
 
        <b>-r</b> <i>sender</i>
               Set  the  envelope  sender  address.  This  is  the
-              address where delivery problems are sent  to.  With
+              address  where  delivery problems are sent to. With
               Postfix versions before 2.1, the <b>Errors-To:</b> message
               header overrides the error return address.
 
        <b>-R</b> <i>return</i><b>_</b><i>limit</i> (ignored)
-              Limit  the  size   of   bounced   mail.   Use   the
-              <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b>  configuration parameter instead.
+              Limit   the   size   of   bounced   mail.  Use  the
+              <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b> configuration parameter  instead.
 
-       <b>-q</b>     Attempt to deliver all queued mail. This is  imple-
+       <b>-q</b>     Attempt  to deliver all queued mail. This is imple-
               mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
 
               Warning:  flushing  undeliverable  mail  frequently
-              will result in poor  delivery  performance  of  all
+              will  result  in  poor  delivery performance of all
               other mail.
 
        <b>-q</b><i>interval</i> (ignored)
-              The   interval   between   queue   runs.   Use  the
+              The  interval   between   queue   runs.   Use   the
               <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
 
        <b>-qI</b><i>queueid</i>
               Schedule immediate delivery of mail with the speci-
-              fied  queue ID.  This option is implemented by exe-
-              cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and  is  available
+              fied queue ID.  This option is implemented by  exe-
+              cuting  the  <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
               with Postfix version 2.4 and later.
 
        <b>-qR</b><i>site</i>
-              Schedule  immediate  delivery  of  all mail that is
+              Schedule immediate delivery of  all  mail  that  is
               queued for the named <i>site</i>. This option accepts only
-              <i>site</i>  names  that are eligible for the "fast flush"
-              service,  and  is  implemented  by  executing   the
+              <i>site</i> names that are eligible for the  "fast  flush"
+              service,   and  is  implemented  by  executing  the
               <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.  See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
               mation about the "fast flush" service.
 
        <b>-qS</b><i>site</i>
-              This command is not  implemented.  Use  the  slower
+              This  command  is  not  implemented. Use the slower
               "<b>sendmail -q</b>" command instead.
 
-       <b>-t</b>     Extract  recipients from message headers. These are
-              added to any recipients specified  on  the  command
+       <b>-t</b>     Extract recipients from message headers. These  are
+              added  to  any  recipients specified on the command
               line.
 
-              With  Postfix  versions  prior  to 2.1, this option
-              requires that no recipient addresses are  specified
+              With Postfix versions prior  to  2.1,  this  option
+              requires  that no recipient addresses are specified
               on the command line.
 
        <b>-U</b> (ignored)
@@ -262,41 +263,41 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               This feature is available in Postfix 2.3 and later.
 
        <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
-              Variable  Envelope  Return  Path. Given an envelope
-              sender address of the  form  <i>owner-listname</i>@<i>origin</i>,
-              each  recipient  <i>user</i>@<i>domain</i>  receives  mail with a
+              Variable Envelope Return Path.  Given  an  envelope
+              sender  address  of the form <i>owner-listname</i>@<i>origin</i>,
+              each recipient <i>user</i>@<i>domain</i>  receives  mail  with  a
               personalized envelope sender address.
 
-              By  default,  the  personalized   envelope   sender
-              address  is  <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
-              default <b>+</b> and <b>=</b> characters  are  configurable  with
-              the  <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration parame-
+              By   default,   the  personalized  envelope  sender
+              address is  <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>.  The
+              default  <b>+</b>  and  <b>=</b> characters are configurable with
+              the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration  parame-
               ter.
 
        <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
-              As <b>-XV</b>, but uses <i>x</i> and  <i>y</i>  as  the  VERP  delimiter
-              characters,  instead  of  the  characters specified
-              with  the   <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>   configuration
+              As  <b>-XV</b>,  but  uses  <i>x</i>  and <i>y</i> as the VERP delimiter
+              characters, instead  of  the  characters  specified
+              with   the   <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration
               parameter.
 
-       <b>-v</b>     Send  an email report of the first delivery attempt
-              (Postfix versions 2.1  and  later).  Mail  delivery
-              always  happens in the background. When multiple <b>-v</b>
+       <b>-v</b>     Send an email report of the first delivery  attempt
+              (Postfix  versions  2.1  and  later). Mail delivery
+              always happens in the background. When multiple  <b>-v</b>
               options  are  given,  enable  verbose  logging  for
               debugging purposes.
 
        <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
-              Log  mailer  traffic.  Use  the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
-              <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters  instead.
+              Log mailer traffic.  Use  the  <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b>  and
+              <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>  configuration parameters instead.
 
 <b>SECURITY</b>
-       By  design,  this  program  is not set-user (or group) id.
-       However, it must  handle  data  from  untrusted,  possibly
-       remote,  users.   Thus,  the  usual precautions need to be
+       By design, this program is not  set-user  (or  group)  id.
+       However,  it  must  handle  data  from untrusted, possibly
+       remote, users.  Thus, the usual  precautions  need  to  be
        taken against malicious inputs.
 
 <b>DIAGNOSTICS</b>
-       Problems are logged to  <b>syslogd</b>(8)  and  to  the  standard
+       Problems  are  logged  to  <b>syslogd</b>(8)  and to the standard
        error stream.
 
 <b>ENVIRONMENT</b>
@@ -308,29 +309,29 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
        <b>MAIL_DEBUG</b> (value does not matter)
               Enable debugging with an external command, as spec-
-              ified  with  the   <b><a href="postconf.5.html#debugger_command">debugger_command</a></b>   configuration
+              ified   with   the  <b><a href="postconf.5.html#debugger_command">debugger_command</a></b>  configuration
               parameter.
 
-       <b>NAME</b>   The  sender  full name. This is used only with mes-
-              sages that have no <b>From:</b> message header.  See  also
+       <b>NAME</b>   The sender full name. This is used only  with  mes-
+              sages  that  have no <b>From:</b> message header. See also
               the <b>-F</b> option above.
 
 <b>CONFIGURATION PARAMETERS</b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are  especially  relevant
        to this program.  The text below provides only a parameter
-       summary.  See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
+       summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including  exam-
        ples.
 
 <b>COMPATIBILITY CONTROLS</b>
        Available with Postfix 2.9 and later:
 
        <b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
-              Controls how the Postfix sendmail command  converts
-              email  message line endings from &lt;CR&gt;&lt;LF&gt; into UNIX
+              Controls  how the Postfix sendmail command converts
+              email message line endings from &lt;CR&gt;&lt;LF&gt; into  UNIX
               format (&lt;LF&gt;).
 
 <b>TROUBLE SHOOTING CONTROLS</b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples  of  how  to  trouble
+       The  <a href="DEBUG_README.html">DEBUG_README</a>  file  gives  examples of how to trouble
        shoot a Postfix system.
 
        <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
@@ -338,29 +339,29 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               mon program is invoked with the -D option.
 
        <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment  in  verbose  logging  level  when  a
-              remote  client  or  server matches a pattern in the
+              The  increment  in  verbose  logging  level  when a
+              remote client or server matches a  pattern  in  the
               <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
 
        <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of remote client or  server  hostname
-              or  network address patterns that cause the verbose
-              logging level to increase by the  amount  specified
+              Optional  list  of remote client or server hostname
+              or network address patterns that cause the  verbose
+              logging  level  to increase by the amount specified
               in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 
 <b>ACCESS CONTROLS</b>
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users  who  are  authorized  to flush the
+              List of users  who  are  authorized  to  flush  the
               queue.
 
        <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
               List of users who are authorized to view the queue.
 
        <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users  who  are authorized to submit mail
-              with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with  the  privi-
+              List of users who are  authorized  to  submit  mail
+              with  the  <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
               leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
 
 <b>RESOURCE AND RATE CONTROLS</b>
@@ -369,7 +370,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               sent in a non-delivery notification.
 
        <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
-              The maximal number of attempts to  fork()  a  child
+              The  maximal  number  of attempts to fork() a child
               process.
 
        <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
@@ -377,11 +378,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               process.
 
        <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
-              The maximal number of  Received:   message  headers
+              The  maximal  number  of Received:  message headers
               that is allowed in the primary message headers.
 
        <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The  time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
+              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the  queue
               manager; prior to Postfix 2.4 the default value was
               1000s.
 
@@ -391,37 +392,37 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
        <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
               Optional list of destinations that are eligible for
-              per-destination  logfiles  with mail that is queued
+              per-destination logfiles with mail that  is  queued
               to those destinations.
 
 <b>VERP CONTROLS</b>
        The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
-       details  of  Postfix  support for variable envelope return
+       details of Postfix support for  variable  envelope  return
        path addresses.
 
        <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
               The two default VERP delimiter characters.
 
        <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The characters Postfix accepts  as  VERP  delimiter
-              characters  on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+              The  characters  Postfix  accepts as VERP delimiter
+              characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command  line
               and in SMTP commands.
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
-              The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that  are
+              The  alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
               updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
 
        <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The  location  of  all  postfix administrative com-
+              The location of  all  postfix  administrative  com-
               mands.
 
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
-              The  directory  with  Postfix  support programs and
+              The directory with  Postfix  support  programs  and
               daemon programs.
 
        <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
@@ -429,16 +430,16 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               <a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
 
        <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
-              The  time  after which the sender receives the mes-
+              The time after which the sender receives  the  mes-
               sage headers of mail that is still queued.
 
        <b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
-              Report mail delivery errors to the  address  speci-
-              fied   with  the  non-standard  Errors-To:  message
-              header, instead  of  the  envelope  sender  address
-              (this  feature is removed with Postfix version 2.2,
-              is turned off by default with Postfix version  2.1,
-              and  is  always  turned  on with older Postfix ver-
+              Report  mail  delivery errors to the address speci-
+              fied  with  the  non-standard  Errors-To:   message
+              header,  instead  of  the  envelope  sender address
+              (this feature is removed with Postfix version  2.2,
+              is  turned off by default with Postfix version 2.1,
+              and is always turned on  with  older  Postfix  ver-
               sions).
 
        <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@@ -446,21 +447,21 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               and most Postfix daemon processes.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
-              Don't rewrite message headers from  remote  clients
+              Don't  rewrite  message headers from remote clients
               at all when this parameter is empty; otherwise, re-
-              write message  headers  and  append  the  specified
+              write  message  headers  and  append  the specified
               domain name to incomplete addresses.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>FILES</b>
@@ -485,7 +486,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
        <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index 783d5b45d..d9f66d353 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -228,6 +228,15 @@ POSTCONF(1)                                                        POSTCONF(1)
                      is  available  on  systems  with support for
                      SDBM databases.
 
+              <b>socketmap</b> (read-only)
+                     Query a Sendmail-style socketmap server. The
+                     name      of     the     table     specifies
+                     <b>inet</b>:<i>host</i>:<i>port</i>:<i>socketmap-name</i>  for  a   TCP-
+                     based  server,  or  <b>unix</b>:<i>pathname</i>:<i>socketmap-</i>
+                     <i>name</i>  for  a  UNIX-domain  server.  In  both
+                     cases,  <i>socketmap-name</i>  is  the  name of the
+                     socketmap.
+
               <b>sqlite</b> (read-only)
                      Perform lookups from SQLite database  files.
                      This is described in <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
@@ -313,23 +322,23 @@ POSTCONF(1)                                                        POSTCONF(1)
               verbose.
 
        <b>-X</b>     Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the
-              parameters given on the <a href="postconf.1.html"><b>postconf</b>(1)</a>  command  line.
+              parameters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a>  command  line.
               The file is copied to a temporary file then renamed
               into place.  Specify a list of parameter names, not
-              <i>name</i>=<i>value</i>  pairs.  There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command
-              to perform the reverse operation.
+              "<i>name</i>=<i>value</i>"  pairs.   There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> com-
+              mand to perform the reverse operation.
 
               This feature is available  with  Postfix  2.10  and
               later.
 
        <b>-#</b>     Edit  the  <a href="postconf.5.html"><b>main.cf</b></a>  configuration file, and comment
-              out the parameters given on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
+              out the parameters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
               line,  so  that  those  parameters  revert to their
               default values.  The file is copied to a  temporary
               file  then  renamed  into place.  Specify a list of
-              parameter names, not <i>name</i>=<i>value</i> pairs.  There is no
-              <a href="postconf.1.html"><b>postconf</b>(1)</a>  command  to perform the reverse opera-
-              tion.
+              parameter names, not "<i>name</i>=<i>value</i>" pairs.  There  is
+              no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse oper-
+              ation.
 
               This feature is  available  with  Postfix  2.6  and
               later.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index ea666f671..11696d673 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -13536,11 +13536,13 @@ Example:
 server
 4XX or 5XX response. </p>
 
-<p> Example: </p>
+<p> The following example uses "\c" at the start of the template
+(supported in Postfix 2.10 and later) to suppress the line break
+between the reply text and the footer text. </p>
 
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
-    <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = For assistance, call 800-555-0101.
+    <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = \c. For assistance, call 800-555-0101.
      Please provide the following information in your problem report:
      time ($localtime), client ($client_address) and server
      ($server_name).
@@ -13549,8 +13551,8 @@ server
 <p> Server response: </p>
 
 <pre>
-    550-5.5.1 &lt;user@example&gt; Recipient address rejected: User unknown
-    550 5.5.1 For assistance, call 800-555-0101. Please provide the
+    550-5.5.1 &lt;user@example&gt; Recipient address rejected: User
+    unknown. For assistance, call 800-555-0101. Please provide the
     following information in your problem report: time (Jan 4 15:42:00),
     client (192.168.1.248) and server (mail1.example.com).
 </pre>
@@ -13604,6 +13606,11 @@ after each line break the three-digit SMTP reply code (and optional
 enhanced status code) from the original Postfix reject message.
 </p>
 
+<p> To work around mail software that mis-handles multi-line replies,
+specify the two-character sequence \c at the start of the template.
+This suppresses the line break between the reply text and the footer
+text (Postfix 2.10 and later).  </p>
+
 <p> This feature is available in Postfix 2.8 and later. </p>
 
 
diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html
index d3636546c..036211a01 100644
--- a/postfix/html/postscreen.8.html
+++ b/postfix/html/postscreen.8.html
@@ -160,95 +160,94 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
               <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.
 
 <b>MAIL EXCHANGER POLICY TESTS</b>
-       When a remote SMTP client is not on the  permanent  access
-       list,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  can  implement a number of whitelist
-       tests before it grants the client  a  temporary  whitelist
-       status to talk to a Postfix SMTP server process.
-
-       By  listening  on  both  primary  and backup MX addresses,
-       <a href="postscreen.8.html"><b>postscreen</b>(8)</a> can deny the temporary whitelist  status  to
-       clients that connect only to backup MX hosts.
+       When <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to  monitor  all  primary
+       and  backup  MX  addresses,  it  can  refuse  to whitelist
+       clients that connect to a  backup  MX  address  only.  For
+       small  sites, this requires configuring primary and backup
+       MX addresses on the same MTA. Larger sites would  have  to
+       share  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache between primary and backup
+       MTAs, which would introduce a common point of failure.
 
        <b><a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
-              A  list  of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses
-              where a  non-whitelisted  remote  SMTP  client  can
-              obtain  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s temporary whitelist status.
+              A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server  IP  addresses
+              where  a  non-whitelisted  remote  SMTP  client can
+              obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s temporary whitelist  status.
 
 <b>BEFORE-GREETING TESTS</b>
-       These tests are executed before  the  remote  SMTP  client
+       These  tests  are  executed  before the remote SMTP client
        receives the "220 servername" greeting. If no tests remain
-       after the successful completion of this phase, the  client
-       will  be  handed  off immediately to a Postfix SMTP server
+       after  the successful completion of this phase, the client
+       will be handed off immediately to a  Postfix  SMTP  server
        process.
 
        <b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
-              The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service  entry  in  mas-
+              The  name  of  the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in mas-
               ter.cf.
 
        <b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
-              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
-              SMTP client's combined DNSBL score is equal  to  or
-              greater  than  a  threshold  (as  defined  with the
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
+              SMTP  client's  combined DNSBL score is equal to or
+              greater than  a  threshold  (as  defined  with  the
               <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
               <a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).
 
        <b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
-              A  mapping  from  actual  DNSBL  domain  name which
-              includes a secret password,  to  the  DNSBL  domain
+              A mapping  from  actual  DNSBL  domain  name  which
+              includes  a  secret  password,  to the DNSBL domain
               name  that  postscreen  will  reply  with  when  it
               rejects mail.
 
        <b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
-              Optional list of DNS white/blacklist domains,  fil-
+              Optional  list of DNS white/blacklist domains, fil-
               ters and weight factors.
 
        <b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
-              The  inclusive  lower  bound  for blocking a remote
-              SMTP client, based on its combined DNSBL  score  as
-              defined  with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
+              The inclusive lower bound  for  blocking  a  remote
+              SMTP  client,  based on its combined DNSBL score as
+              defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>  parameter.
 
        <b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
-              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
-              SMTP  client speaks before its turn within the time
+              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
+              SMTP client speaks before its turn within the  time
               specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
 
        <b><a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> ($<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b>
               The  <i>text</i>  in  the  optional  "220-<i>text</i>..."  server
               response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
               Postfix SMTP server's "220 text..." response, in an
-              attempt to confuse bad SMTP clients  so  that  they
+              attempt  to  confuse  bad SMTP clients so that they
               speak before their turn (pre-greet).
 
        <b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
               The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
-              an SMTP client to send a command before  its  turn,
-              and  for  DNS  blocklist  lookup  results to arrive
-              (default: up to 2 seconds under  stress,  up  to  6
+              an  SMTP  client to send a command before its turn,
+              and for DNS  blocklist  lookup  results  to  arrive
+              (default:  up  to  2  seconds under stress, up to 6
               seconds otherwise).
 
        <b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
-              The  internal  service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off
+              The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  hands  off
               allowed connections to.
 
 <b>AFTER-GREETING TESTS</b>
-       These tests are executed  after  the  remote  SMTP  client
+       These  tests  are  executed  after  the remote SMTP client
        receives the "220 servername" greeting. If a client passes
-       all tests  during  this  phase,  it  will  receive  a  4XX
-       response  to  RCPT  TO commands until the client hangs up.
+       all  tests  during  this  phase,  it  will  receive  a 4XX
+       response to RCPT TO commands until the  client  hangs  up.
        After this, the client will be allowed to talk directly to
        a Postfix SMTP server process.
 
        <b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
-              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
-              SMTP client sends a bare  newline  character,  that
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
+              SMTP  client  sends  a bare newline character, that
               is, a newline not preceded by carriage return.
 
        <b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
-              Enable  "bare  newline"  SMTP protocol tests in the
+              Enable "bare newline" SMTP protocol  tests  in  the
               <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
 
        <b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
-              Disable the SMTP VRFY command in the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+              Disable  the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
               daemon.
 
        <b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
@@ -256,159 +255,159 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
               siders in violation of the SMTP protocol.
 
        <b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
-              Require that a remote SMTP  client  sends  HELO  or
+              Require  that  a  remote  SMTP client sends HELO or
               EHLO before commencing a MAIL transaction.
 
        <b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
-              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
-              SMTP client sends non-SMTP  commands  as  specified
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
+              SMTP  client  sends  non-SMTP commands as specified
               with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.
 
        <b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
-              Enable    "non-SMTP    command"    tests   in   the
+              Enable   "non-SMTP   command"    tests    in    the
               <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
 
        <b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
-              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when  a  remote
-              SMTP  client  sends  multiple  commands  instead of
-              sending one command and waiting for the  server  to
+              The  action  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
+              SMTP client  sends  multiple  commands  instead  of
+              sending  one  command and waiting for the server to
               respond.
 
        <b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
-              Enable  "pipelining"  SMTP  protocol  tests  in the
+              Enable "pipelining"  SMTP  protocol  tests  in  the
               <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
 
 <b>CACHE CONTROLS</b>
        <b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
-              The amount  of  time  between  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  cache
+              The  amount  of  time  between  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
               cleanup runs.
 
        <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>                   (btree:$data_direc-</b>
        <b>tory/postscreen_cache)</b>
-              Persistent  storage  for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
+              Persistent storage  for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  server
               decisions.
 
        <b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
               The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
-              expired  temporary  whitelist  entry  before  it is
+              expired temporary  whitelist  entry  before  it  is
               removed.
 
        <b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
               result from a successful "bare newline" SMTP proto-
               col test.
 
        <b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
               result from a successful DNS blocklist test.
 
        <b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
-              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
               result from a successful PREGREET test.
 
        <b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
-              result  from  a  successful "non_smtp_command" SMTP
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+              result from a  successful  "non_smtp_command"  SMTP
               protocol test.
 
        <b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
               result from a successful "pipelining" SMTP protocol
               test.
 
 <b>RESOURCE CONTROLS</b>
        <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
-              Upon input, long lines are chopped up  into  pieces
-              of  at  most this length; upon delivery, long lines
+              Upon  input,  long lines are chopped up into pieces
+              of at most this length; upon delivery,  long  lines
               are reconstructed.
 
        <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
        <b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
-              How many simultaneous connections any  remote  SMTP
-              client  is  allowed  to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+              How  many  simultaneous connections any remote SMTP
+              client is allowed to have  with  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
               daemon.
 
        <b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
-              The limit on the total number of commands per  SMTP
-              session  for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
+              The  limit on the total number of commands per SMTP
+              session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP  protocol
               engine.
 
        <b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
-              The time limit to read an entire command line  with
+              The  time limit to read an entire command line with
               <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
 
        <b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
-              The  number of clients that can be waiting for ser-
+              The number of clients that can be waiting for  ser-
               vice from a real Postfix SMTP server process.
 
        <b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
-              The number of non-whitelisted clients that  can  be
-              waiting  for  a  decision whether they will receive
+              The  number  of non-whitelisted clients that can be
+              waiting for a decision whether  they  will  receive
               service from a real Postfix SMTP server process.
 
        <b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
-              How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may  take  to
-              respond  to a remote SMTP client command or to per-
+              How  much  time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
+              respond to a remote SMTP client command or to  per-
               form a cache operation before it is terminated by a
               built-in watchdog timer.
 
 <b>STARTTLS CONTROLS</b>
        <b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
-              The  SMTP  TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
-              server; when a non-empty value is  specified,  this
+              The SMTP TLS security level for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+              server;  when  a non-empty value is specified, this
               overrides       the       obsolete       parameters
               <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
 
        <b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
-              The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry  in  mas-
+              The  name  of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in mas-
               ter.cf.
 
 <b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
-       These  parameters  are  supported  for  compatibility with
+       These parameters  are  supported  for  compatibility  with
        <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.
 
        <b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
-              Opportunistic TLS:  announce  STARTTLS  support  to
+              Opportunistic  TLS:  announce  STARTTLS  support to
               remote  SMTP  clients,  but  do  not  require  that
               clients use TLS encryption.
 
        <b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
-              Mandatory TLS: announce STARTTLS support to  remote
-              SMTP  clients,  and  require  that  clients use TLS
+              Mandatory  TLS: announce STARTTLS support to remote
+              SMTP clients, and  require  that  clients  use  TLS
               encryption.
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The  maximal  number  of  digits  after the decimal
+              The maximal number  of  digits  after  the  decimal
               point when logging sub-second delay values.
 
        <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The location of  all  postfix  administrative  com-
+              The  location  of  all  postfix administrative com-
               mands.
 
        <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The  maximum  amount  of  time that an idle Postfix
-              daemon process waits  for  an  incoming  connection
+              The maximum amount of time  that  an  idle  Postfix
+              daemon  process  waits  for  an incoming connection
               before terminating voluntarily.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
               process.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>SEE ALSO</b>
@@ -421,14 +420,14 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
        <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>HISTORY</b>
        This service was introduced with Postfix version 2.8.
 
-       Many  ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
-       by Michael Tokarev, in OpenBSD spamd, and in  MailChannels
+       Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier  work
+       by  Michael Tokarev, in OpenBSD spamd, and in MailChannels
        Traffic Control.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/proxymap.8.html b/postfix/html/proxymap.8.html
index 8b674a85d..0b8561aac 100644
--- a/postfix/html/proxymap.8.html
+++ b/postfix/html/proxymap.8.html
@@ -115,7 +115,7 @@ PROXYMAP(8)                                                        PROXYMAP(8)
 
        The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  is not a trusted daemon process,
        and must not be used to look up sensitive information such
-       as  user  or  group  IDs,  mailbox file/directory names or
+       as UNIX user or group IDs, mailbox file/directory names or
        external commands.
 
        In Postfix version 2.2 and later, the proxymap client rec-
diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html
index 3b6255593..619941b8f 100644
--- a/postfix/html/sendmail.1.html
+++ b/postfix/html/sendmail.1.html
@@ -184,72 +184,73 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               <i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
 
        <b>-O</b> <i>option=value</i> (ignored)
-              Backwards compatibility.
+              Set  the  named <i>option</i> to <i>value</i>. Use the equivalent
+              configuration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
 
        <b>-o7</b> (ignored)
 
        <b>-o8</b> (ignored)
               To send 8-bit or binary content, use an appropriate
-              MIME encapsulation and specify the  appropriate  <b>-B</b>
+              MIME  encapsulation  and specify the appropriate <b>-B</b>
               command-line option.
 
-       <b>-oi</b>    When  reading  a message from standard input, don't
-              treat a line with only a <b>.</b> character as the end  of
+       <b>-oi</b>    When reading a message from standard  input,  don't
+              treat  a line with only a <b>.</b> character as the end of
               input.
 
        <b>-om</b> (ignored)
-              The  sender  is  never  eliminated  from alias etc.
+              The sender is  never  eliminated  from  alias  etc.
               expansions.
 
        <b>-o</b> <i>x value</i> (ignored)
-              Set option <i>x</i> to <i>value</i>. Use the equivalent  configu-
+              Set  option <i>x</i> to <i>value</i>. Use the equivalent configu-
               ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
 
        <b>-r</b> <i>sender</i>
               Set  the  envelope  sender  address.  This  is  the
-              address where delivery problems are sent  to.  With
+              address  where  delivery problems are sent to. With
               Postfix versions before 2.1, the <b>Errors-To:</b> message
               header overrides the error return address.
 
        <b>-R</b> <i>return</i><b>_</b><i>limit</i> (ignored)
-              Limit  the  size   of   bounced   mail.   Use   the
-              <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b>  configuration parameter instead.
+              Limit   the   size   of   bounced   mail.  Use  the
+              <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b> configuration parameter  instead.
 
-       <b>-q</b>     Attempt to deliver all queued mail. This is  imple-
+       <b>-q</b>     Attempt  to deliver all queued mail. This is imple-
               mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
 
               Warning:  flushing  undeliverable  mail  frequently
-              will result in poor  delivery  performance  of  all
+              will  result  in  poor  delivery performance of all
               other mail.
 
        <b>-q</b><i>interval</i> (ignored)
-              The   interval   between   queue   runs.   Use  the
+              The  interval   between   queue   runs.   Use   the
               <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
 
        <b>-qI</b><i>queueid</i>
               Schedule immediate delivery of mail with the speci-
-              fied  queue ID.  This option is implemented by exe-
-              cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and  is  available
+              fied queue ID.  This option is implemented by  exe-
+              cuting  the  <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
               with Postfix version 2.4 and later.
 
        <b>-qR</b><i>site</i>
-              Schedule  immediate  delivery  of  all mail that is
+              Schedule immediate delivery of  all  mail  that  is
               queued for the named <i>site</i>. This option accepts only
-              <i>site</i>  names  that are eligible for the "fast flush"
-              service,  and  is  implemented  by  executing   the
+              <i>site</i> names that are eligible for the  "fast  flush"
+              service,   and  is  implemented  by  executing  the
               <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.  See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
               mation about the "fast flush" service.
 
        <b>-qS</b><i>site</i>
-              This command is not  implemented.  Use  the  slower
+              This  command  is  not  implemented. Use the slower
               "<b>sendmail -q</b>" command instead.
 
-       <b>-t</b>     Extract  recipients from message headers. These are
-              added to any recipients specified  on  the  command
+       <b>-t</b>     Extract recipients from message headers. These  are
+              added  to  any  recipients specified on the command
               line.
 
-              With  Postfix  versions  prior  to 2.1, this option
-              requires that no recipient addresses are  specified
+              With Postfix versions prior  to  2.1,  this  option
+              requires  that no recipient addresses are specified
               on the command line.
 
        <b>-U</b> (ignored)
@@ -262,41 +263,41 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               This feature is available in Postfix 2.3 and later.
 
        <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
-              Variable  Envelope  Return  Path. Given an envelope
-              sender address of the  form  <i>owner-listname</i>@<i>origin</i>,
-              each  recipient  <i>user</i>@<i>domain</i>  receives  mail with a
+              Variable Envelope Return Path.  Given  an  envelope
+              sender  address  of the form <i>owner-listname</i>@<i>origin</i>,
+              each recipient <i>user</i>@<i>domain</i>  receives  mail  with  a
               personalized envelope sender address.
 
-              By  default,  the  personalized   envelope   sender
-              address  is  <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
-              default <b>+</b> and <b>=</b> characters  are  configurable  with
-              the  <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration parame-
+              By   default,   the  personalized  envelope  sender
+              address is  <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>.  The
+              default  <b>+</b>  and  <b>=</b> characters are configurable with
+              the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration  parame-
               ter.
 
        <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
-              As <b>-XV</b>, but uses <i>x</i> and  <i>y</i>  as  the  VERP  delimiter
-              characters,  instead  of  the  characters specified
-              with  the   <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>   configuration
+              As  <b>-XV</b>,  but  uses  <i>x</i>  and <i>y</i> as the VERP delimiter
+              characters, instead  of  the  characters  specified
+              with   the   <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configuration
               parameter.
 
-       <b>-v</b>     Send  an email report of the first delivery attempt
-              (Postfix versions 2.1  and  later).  Mail  delivery
-              always  happens in the background. When multiple <b>-v</b>
+       <b>-v</b>     Send an email report of the first delivery  attempt
+              (Postfix  versions  2.1  and  later). Mail delivery
+              always happens in the background. When multiple  <b>-v</b>
               options  are  given,  enable  verbose  logging  for
               debugging purposes.
 
        <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
-              Log  mailer  traffic.  Use  the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
-              <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters  instead.
+              Log mailer traffic.  Use  the  <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b>  and
+              <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>  configuration parameters instead.
 
 <b>SECURITY</b>
-       By  design,  this  program  is not set-user (or group) id.
-       However, it must  handle  data  from  untrusted,  possibly
-       remote,  users.   Thus,  the  usual precautions need to be
+       By design, this program is not  set-user  (or  group)  id.
+       However,  it  must  handle  data  from untrusted, possibly
+       remote, users.  Thus, the usual  precautions  need  to  be
        taken against malicious inputs.
 
 <b>DIAGNOSTICS</b>
-       Problems are logged to  <b>syslogd</b>(8)  and  to  the  standard
+       Problems  are  logged  to  <b>syslogd</b>(8)  and to the standard
        error stream.
 
 <b>ENVIRONMENT</b>
@@ -308,29 +309,29 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
        <b>MAIL_DEBUG</b> (value does not matter)
               Enable debugging with an external command, as spec-
-              ified  with  the   <b><a href="postconf.5.html#debugger_command">debugger_command</a></b>   configuration
+              ified   with   the  <b><a href="postconf.5.html#debugger_command">debugger_command</a></b>  configuration
               parameter.
 
-       <b>NAME</b>   The  sender  full name. This is used only with mes-
-              sages that have no <b>From:</b> message header.  See  also
+       <b>NAME</b>   The sender full name. This is used only  with  mes-
+              sages  that  have no <b>From:</b> message header. See also
               the <b>-F</b> option above.
 
 <b>CONFIGURATION PARAMETERS</b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are  especially  relevant
        to this program.  The text below provides only a parameter
-       summary.  See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
+       summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including  exam-
        ples.
 
 <b>COMPATIBILITY CONTROLS</b>
        Available with Postfix 2.9 and later:
 
        <b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
-              Controls how the Postfix sendmail command  converts
-              email  message line endings from &lt;CR&gt;&lt;LF&gt; into UNIX
+              Controls  how the Postfix sendmail command converts
+              email message line endings from &lt;CR&gt;&lt;LF&gt; into  UNIX
               format (&lt;LF&gt;).
 
 <b>TROUBLE SHOOTING CONTROLS</b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples  of  how  to  trouble
+       The  <a href="DEBUG_README.html">DEBUG_README</a>  file  gives  examples of how to trouble
        shoot a Postfix system.
 
        <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
@@ -338,29 +339,29 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               mon program is invoked with the -D option.
 
        <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment  in  verbose  logging  level  when  a
-              remote  client  or  server matches a pattern in the
+              The  increment  in  verbose  logging  level  when a
+              remote client or server matches a  pattern  in  the
               <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
 
        <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of remote client or  server  hostname
-              or  network address patterns that cause the verbose
-              logging level to increase by the  amount  specified
+              Optional  list  of remote client or server hostname
+              or network address patterns that cause the  verbose
+              logging  level  to increase by the amount specified
               in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 
 <b>ACCESS CONTROLS</b>
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users  who  are  authorized  to flush the
+              List of users  who  are  authorized  to  flush  the
               queue.
 
        <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
               List of users who are authorized to view the queue.
 
        <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users  who  are authorized to submit mail
-              with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with  the  privi-
+              List of users who are  authorized  to  submit  mail
+              with  the  <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
               leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
 
 <b>RESOURCE AND RATE CONTROLS</b>
@@ -369,7 +370,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               sent in a non-delivery notification.
 
        <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
-              The maximal number of attempts to  fork()  a  child
+              The  maximal  number  of attempts to fork() a child
               process.
 
        <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
@@ -377,11 +378,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               process.
 
        <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
-              The maximal number of  Received:   message  headers
+              The  maximal  number  of Received:  message headers
               that is allowed in the primary message headers.
 
        <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The  time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
+              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the  queue
               manager; prior to Postfix 2.4 the default value was
               1000s.
 
@@ -391,37 +392,37 @@ SENDMAIL(1)                                                        SENDMAIL(1)
 
        <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
               Optional list of destinations that are eligible for
-              per-destination  logfiles  with mail that is queued
+              per-destination logfiles with mail that  is  queued
               to those destinations.
 
 <b>VERP CONTROLS</b>
        The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
-       details  of  Postfix  support for variable envelope return
+       details of Postfix support for  variable  envelope  return
        path addresses.
 
        <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
               The two default VERP delimiter characters.
 
        <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The characters Postfix accepts  as  VERP  delimiter
-              characters  on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+              The  characters  Postfix  accepts as VERP delimiter
+              characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command  line
               and in SMTP commands.
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
-              The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that  are
+              The  alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
               updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
 
        <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The  location  of  all  postfix administrative com-
+              The location of  all  postfix  administrative  com-
               mands.
 
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
-              The  directory  with  Postfix  support programs and
+              The directory with  Postfix  support  programs  and
               daemon programs.
 
        <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
@@ -429,16 +430,16 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               <a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
 
        <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
-              The  time  after which the sender receives the mes-
+              The time after which the sender receives  the  mes-
               sage headers of mail that is still queued.
 
        <b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
-              Report mail delivery errors to the  address  speci-
-              fied   with  the  non-standard  Errors-To:  message
-              header, instead  of  the  envelope  sender  address
-              (this  feature is removed with Postfix version 2.2,
-              is turned off by default with Postfix version  2.1,
-              and  is  always  turned  on with older Postfix ver-
+              Report  mail  delivery errors to the address speci-
+              fied  with  the  non-standard  Errors-To:   message
+              header,  instead  of  the  envelope  sender address
+              (this feature is removed with Postfix version  2.2,
+              is  turned off by default with Postfix version 2.1,
+              and is always turned on  with  older  Postfix  ver-
               sions).
 
        <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@@ -446,21 +447,21 @@ SENDMAIL(1)                                                        SENDMAIL(1)
               and most Postfix daemon processes.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
-              Don't rewrite message headers from  remote  clients
+              Don't  rewrite  message headers from remote clients
               at all when this parameter is empty; otherwise, re-
-              write message  headers  and  append  the  specified
+              write  message  headers  and  append  the specified
               domain name to incomplete addresses.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>FILES</b>
@@ -485,7 +486,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
        <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index 7f52555b1..ce153a374 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -207,6 +207,14 @@ described in \fBregexp_table\fR(5).
 .IP \fBsdbm\fR
 An indexed file type based on hashing.
 This is available on systems with support for SDBM databases.
+.IP "\fBsocketmap\fR (read-only)"
+Query a Sendmail-style socketmap server. The name of the
+table specifies
+\fBinet\fR:\fIhost\fR:\fIport\fR:\fIsocketmap-name\fR for
+a TCP-based server, or
+\fBunix\fR:\fIpathname\fR:\fIsocketmap-name\fR for a
+UNIX-domain server. In both cases, \fIsocketmap-name\fR is
+the name of the socketmap.
 .IP "\fBsqlite\fR (read-only)"
 Perform lookups from SQLite database files. This is described
 in \fBsqlite_table\fR(5).
@@ -275,21 +283,21 @@ Enable verbose logging for debugging purposes. Multiple \fB-v\fR
 options make the software increasingly verbose.
 .IP \fB-X\fR
 Edit the \fBmain.cf\fR configuration file, and remove
-the parameters given on the \fBpostconf\fR(1) command line.
+the parameters named on the \fBpostconf\fR(1) command line.
 The file is copied to a temporary file then renamed into
 place.
-Specify a list of parameter names, not \fIname\fR=\fIvalue\fR
+Specify a list of parameter names, not "\fIname\fR=\fIvalue\fR"
 pairs.  There is no \fBpostconf\fR(1) command to perform
 the reverse operation.
 
 This feature is available with Postfix 2.10 and later.
 .IP \fB-#\fR
 Edit the \fBmain.cf\fR configuration file, and comment out
-the parameters given on the \fBpostconf\fR(1) command line,
+the parameters named on the \fBpostconf\fR(1) command line,
 so that those parameters revert to their default values.
 The file is copied to a temporary file then renamed into
 place.
-Specify a list of parameter names, not \fIname\fR=\fIvalue\fR
+Specify a list of parameter names, not "\fIname\fR=\fIvalue\fR"
 pairs.  There is no \fBpostconf\fR(1) command to perform
 the reverse operation.
 
diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1
index 96eb34548..1c6e3ebd9 100644
--- a/postfix/man/man1/sendmail.1
+++ b/postfix/man/man1/sendmail.1
@@ -156,7 +156,8 @@ Non-default alias database. Specify \fIpathname\fR or
 \fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for
 details.
 .IP "\fB-O \fIoption=value\fR (ignored)"
-Backwards compatibility.
+Set the named \fIoption\fR to \fIvalue\fR. Use the equivalent
+configuration parameter in \fBmain.cf\fR instead.
 .IP "\fB-o7\fR (ignored)"
 .IP "\fB-o8\fR (ignored)"
 To send 8-bit or binary content, use an appropriate MIME encapsulation
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 105cbce42..f2e329bae 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -8549,13 +8549,15 @@ Optional information that is appended after each Postfix SMTP
 server
 4XX or 5XX response.
 .PP
-Example:
+The following example uses "\ec" at the start of the template
+(supported in Postfix 2.10 and later) to suppress the line break
+between the reply text and the footer text.
 .PP
 .nf
 .na
 .ft C
 /etc/postfix/main.cf:
-    smtpd_reject_footer = For assistance, call 800-555-0101.
+    smtpd_reject_footer = \ec. For assistance, call 800-555-0101.
      Please provide the following information in your problem report:
      time ($localtime), client ($client_address) and server
      ($server_name).
@@ -8568,8 +8570,8 @@ Server response:
 .nf
 .na
 .ft C
-    550-5.5.1 <user@example> Recipient address rejected: User unknown
-    550 5.5.1 For assistance, call 800-555-0101. Please provide the
+    550-5.5.1 <user@example> Recipient address rejected: User
+    unknown. For assistance, call 800-555-0101. Please provide the
     following information in your problem report: time (Jan 4 15:42:00),
     client (192.168.1.248) and server (mail1.example.com).
 .fi
@@ -8616,6 +8618,11 @@ for a line break in the footer text. Postfix automatically inserts
 after each line break the three-digit SMTP reply code (and optional
 enhanced status code) from the original Postfix reject message.
 .PP
+To work around mail software that mis-handles multi-line replies,
+specify the two-character sequence \ec at the start of the template.
+This suppresses the line break between the reply text and the footer
+text (Postfix 2.10 and later).
+.PP
 This feature is available in Postfix 2.8 and later.
 .SH smtpd_reject_unlisted_recipient (default: yes)
 Request that the Postfix SMTP server rejects mail for unknown
diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8
index 5a9b275aa..cd3a646c7 100644
--- a/postfix/man/man8/postscreen.8
+++ b/postfix/man/man8/postscreen.8
@@ -170,14 +170,13 @@ permanently blacklisted with the postscreen_access_list parameter.
 .nf
 .ad
 .fi
-When a remote SMTP client is not on the permanent access
-list, \fBpostscreen\fR(8) can implement a number of whitelist
-tests before it grants the client a temporary whitelist
-status to talk to a Postfix SMTP server process.
-
-By listening on both primary and backup MX addresses,
-\fBpostscreen\fR(8) can deny the temporary whitelist status
-to clients that connect only to backup MX hosts.
+When \fBpostscreen\fR(8) is configured to monitor all primary
+and backup MX addresses, it can refuse to whitelist clients
+that connect to a backup MX address only. For small sites,
+this requires configuring primary and backup MX addresses
+on the same MTA. Larger sites would have to share the
+\fBpostscreen\fR(8) cache between primary and backup MTAs,
+which would introduce a common point of failure.
 .IP "\fBpostscreen_whitelist_interfaces (static:all)\fR"
 A list of local \fBpostscreen\fR(8) server IP addresses where a
 non-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
diff --git a/postfix/man/man8/proxymap.8 b/postfix/man/man8/proxymap.8
index cbec8c393..4e5f48681 100644
--- a/postfix/man/man8/proxymap.8
+++ b/postfix/man/man8/proxymap.8
@@ -117,7 +117,7 @@ However, running the proxymap server chrooted severely limits
 usability, because it can open only chrooted tables.
 
 The \fBproxymap\fR(8) server is not a trusted daemon process, and must
-not be used to look up sensitive information such as user or
+not be used to look up sensitive information such as UNIX user or
 group IDs, mailbox file/directory names or external commands.
 
 In Postfix version 2.2 and later, the proxymap client recognizes
diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html
index 8cbaa7562..f19bf3124 100644
--- a/postfix/proto/DATABASE_README.html
+++ b/postfix/proto/DATABASE_README.html
@@ -370,6 +370,15 @@ created with the postmap(1) or postalias(1) command. The lookup
 table name as used in "sdbm:table" is the database file name without
 the ".dir" or ".pag" suffix.  </dd>
 
+<dt> <b>socketmap</b> (read-only) </dt>
+
+<dd> Query a Sendmail-style socketmap server. The name of the table
+specifies <b>inet</b>:<i>host</i>:<i>port</i>:<i>socketmap-name</i>
+for a TCP-based server, or
+<b>unix</b>:<i>pathname</i>:<i>socketmap-name</i> for a UNIX-domain
+server. In both cases <i>socketmap-name</i> is the name of the
+socketmap. </dd>
+
 <dt> <b>sqlite</b> (read-only) </dt>
 
 <dd> Perform SQLite database lookups. Configuration details are given
diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html
index 2deaeafd6..a3fb9d025 100644
--- a/postfix/proto/POSTSCREEN_README.html
+++ b/postfix/proto/POSTSCREEN_README.html
@@ -249,12 +249,17 @@ or temporary whitelist, postscreen(8) can implement a number of
 whitelist tests, before it grants the client a temporary whitelist
 status that allows it to talk to a Postfix SMTP server process. </p>
 
-<p> By listening on both primary and backup MX addresses, postscreen(8)
-can deny the temporary whitelist status to clients that connect
-only to backup MX hosts (an old spammer trick to take advantage of
-backup MX hosts with weaker anti-spam policies than primary MX
+<p> When postscreen(8) is configured to monitor all primary and
+backup MX addresses, it can refuse to whitelist clients that connect
+to a backup MX address only (an old spammer trick to take advantage
+of backup MX hosts with weaker anti-spam policies than primary MX
 hosts). </p>
 
+<blockquote> <p> NOTE: The following solution is for small sites.
+Larger sites would have to share the postscreen(8) cache between
+primary and backup MTAs, which would introduce a common point of
+failure.  </p> </blockquote>
+
 <ul>
 
 <li> <p> First, configure the host to listen on both primary and
@@ -262,6 +267,10 @@ backup MX addresses. Use the appropriate <tt>ifconfig</tt> command
 for the local operating system, or update the appropriate configuration
 files and "refresh" the network protocol stack. </p>
 
+<p> <p> Second, configure Postfix to listen on the new IP address
+(this step is needed when you have specified inet_interfaces in
+main.cf). </p>
+
 <li> <p> Then, configure postscreen(8) to deny the temporary whitelist
 status on the backup MX address(es).  An example for Wietse's
 server is: </p>
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 4a274ee08..cf5fdfed0 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -14156,11 +14156,13 @@ for further details. </p>
 server
 4XX or 5XX response. </p>
 
-<p> Example: </p>
+<p> The following example uses "\c" at the start of the template
+(supported in Postfix 2.10 and later) to suppress the line break
+between the reply text and the footer text. </p>
 
 <pre>
 /etc/postfix/main.cf:
-    smtpd_reject_footer = For assistance, call 800-555-0101.
+    smtpd_reject_footer = \c. For assistance, call 800-555-0101.
      Please provide the following information in your problem report:
      time ($localtime), client ($client_address) and server
      ($server_name).
@@ -14169,8 +14171,8 @@ server
 <p> Server response: </p>
 
 <pre>
-    550-5.5.1 &lt;user@example&gt; Recipient address rejected: User unknown
-    550 5.5.1 For assistance, call 800-555-0101. Please provide the
+    550-5.5.1 &lt;user@example&gt; Recipient address rejected: User
+    unknown. For assistance, call 800-555-0101. Please provide the
     following information in your problem report: time (Jan 4 15:42:00),
     client (192.168.1.248) and server (mail1.example.com).
 </pre>
@@ -14224,6 +14226,11 @@ after each line break the three-digit SMTP reply code (and optional
 enhanced status code) from the original Postfix reject message.
 </p>
 
+<p> To work around mail software that mis-handles multi-line replies,
+specify the two-character sequence \c at the start of the template.
+This suppresses the line break between the reply text and the footer
+text (Postfix 2.10 and later).  </p>
+
 <p> This feature is available in Postfix 2.8 and later. </p>
 
 %PARAM postscreen_expansion_filter see "postconf -d" output
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index c0f057eb9..8ddfcbb4c 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20120308"
+#define MAIL_RELEASE_DATE	"20120330"
 #define MAIL_VERSION_NUMBER	"2.10"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/smtp_reply_footer.c b/postfix/src/global/smtp_reply_footer.c
index 6e460f442..ffa4de617 100644
--- a/postfix/src/global/smtp_reply_footer.c
+++ b/postfix/src/global/smtp_reply_footer.c
@@ -36,6 +36,9 @@
 /*	expanded. The two-character sequence "\n" is replaced by a
 /*	line break followed by a copy of the original SMTP reply
 /*	code and optional enhanced status code.
+/*	The two-character sequence "\c" at the start of the template
+/*	suppresses the line break between the reply text and the 
+/*	template text.
 /* .IP filter
 /*	The set of characters that are allowed in attribute expansion.
 /* .IP lookup
@@ -141,16 +144,21 @@ int     smtp_reply_footer(VSTRING *buffer, ssize_t start,
 	} else {
 	    next = end;
 	}
-	/* Append a clone of the SMTP reply code. */
-	vstring_strcat(buffer, "\r\n");
-	VSTRING_SPACE(buffer, 3);
-	vstring_strncat(buffer, STR(buffer) + start, 3);
-	vstring_strcat(buffer, next != end ? "-" : " ");
-	/* Append a clone of the optional enhanced status code. */
-	if (dsn_len > 0) {
-	    VSTRING_SPACE(buffer, dsn_len);
-	    vstring_strncat(buffer, STR(buffer) + start + 4, (int) dsn_len);
-	    vstring_strcat(buffer, " ");
+	if (cp == template && strncmp(cp, "\\c", 2) == 0) {
+	    /* Handle \c at start of template. */
+	    cp += 2;
+	} else {
+	    /* Append a clone of the SMTP reply code. */
+	    vstring_strcat(buffer, "\r\n");
+	    VSTRING_SPACE(buffer, 3);
+	    vstring_strncat(buffer, STR(buffer) + start, 3);
+	    vstring_strcat(buffer, next != end ? "-" : " ");
+	    /* Append a clone of the optional enhanced status code. */
+	    if (dsn_len > 0) {
+		VSTRING_SPACE(buffer, dsn_len);
+		vstring_strncat(buffer, STR(buffer) + start + 4, (int) dsn_len);
+		vstring_strcat(buffer, " ");
+	    }
 	}
 	/* Append one line of footer text. */
 	mac_expand(buffer, cp, MAC_EXP_FLAG_APPEND, filter, lookup, context);
diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c
index be9e6d5b3..a9d5d1b2f 100644
--- a/postfix/src/master/master.c
+++ b/postfix/src/master/master.c
@@ -359,6 +359,12 @@ int     main(int argc, char **argv)
     if (argc > optind)
 	usage(argv[0]);
 
+    /*
+     * Sanity check.
+     */
+    if (test_lock && wait_flag)
+	msg_fatal("the -t and -w options cannot be used together");
+
     /*
      * Run a foreground monitor process that returns an exit status of 0 when
      * the child background process reports successful initialization as a
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index e9f0b3401..cfe9ca675 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -201,6 +201,14 @@
 /* .IP \fBsdbm\fR
 /*	An indexed file type based on hashing.
 /*	This is available on systems with support for SDBM databases.
+/* .IP "\fBsocketmap\fR (read-only)"
+/*	Query a Sendmail-style socketmap server. The name of the
+/*	table specifies
+/*	\fBinet\fR:\fIhost\fR:\fIport\fR:\fIsocketmap-name\fR for
+/*	a TCP-based server, or
+/*	\fBunix\fR:\fIpathname\fR:\fIsocketmap-name\fR for a
+/*	UNIX-domain server. In both cases, \fIsocketmap-name\fR is
+/*	the name of the socketmap.
 /* .IP "\fBsqlite\fR (read-only)"
 /*	Perform lookups from SQLite database files. This is described
 /*	in \fBsqlite_table\fR(5).
@@ -269,21 +277,21 @@
 /*	options make the software increasingly verbose.
 /* .IP \fB-X\fR
 /*	Edit the \fBmain.cf\fR configuration file, and remove
-/*	the parameters given on the \fBpostconf\fR(1) command line.
+/*	the parameters named on the \fBpostconf\fR(1) command line.
 /*	The file is copied to a temporary file then renamed into
 /*	place.
-/*	Specify a list of parameter names, not \fIname\fR=\fIvalue\fR
+/*	Specify a list of parameter names, not "\fIname\fR=\fIvalue\fR"
 /*	pairs.  There is no \fBpostconf\fR(1) command to perform
 /*	the reverse operation.
 /*
 /*	This feature is available with Postfix 2.10 and later.
 /* .IP \fB-#\fR
 /*	Edit the \fBmain.cf\fR configuration file, and comment out
-/*	the parameters given on the \fBpostconf\fR(1) command line,
+/*	the parameters named on the \fBpostconf\fR(1) command line,
 /*	so that those parameters revert to their default values.
 /*	The file is copied to a temporary file then renamed into
 /*	place.
-/*	Specify a list of parameter names, not \fIname\fR=\fIvalue\fR
+/*	Specify a list of parameter names, not "\fIname\fR=\fIvalue\fR"
 /*	pairs.  There is no \fBpostconf\fR(1) command to perform
 /*	the reverse operation.
 /*
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index b529ed392..df3b85320 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -146,14 +146,13 @@
 /* MAIL EXCHANGER POLICY TESTS
 /* .ad
 /* .fi
-/*	When a remote SMTP client is not on the permanent access
-/*	list, \fBpostscreen\fR(8) can implement a number of whitelist
-/*	tests before it grants the client a temporary whitelist
-/*	status to talk to a Postfix SMTP server process.
-/*
-/*	By listening on both primary and backup MX addresses,
-/*	\fBpostscreen\fR(8) can deny the temporary whitelist status
-/*	to clients that connect only to backup MX hosts.
+/*	When \fBpostscreen\fR(8) is configured to monitor all primary
+/*	and backup MX addresses, it can refuse to whitelist clients
+/*	that connect to a backup MX address only. For small sites,
+/*	this requires configuring primary and backup MX addresses
+/*	on the same MTA. Larger sites would have to share the
+/*	\fBpostscreen\fR(8) cache between primary and backup MTAs,
+/*	which would introduce a common point of failure.
 /* .IP "\fBpostscreen_whitelist_interfaces (static:all)\fR"
 /*	A list of local \fBpostscreen\fR(8) server IP addresses where a
 /*	non-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary
diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c
index f0d4935df..cf4e3929b 100644
--- a/postfix/src/proxymap/proxymap.c
+++ b/postfix/src/proxymap/proxymap.c
@@ -107,7 +107,7 @@
 /*	usability, because it can open only chrooted tables.
 /*
 /*	The \fBproxymap\fR(8) server is not a trusted daemon process, and must
-/*	not be used to look up sensitive information such as user or
+/*	not be used to look up sensitive information such as UNIX user or
 /*	group IDs, mailbox file/directory names or external commands.
 /*
 /*	In Postfix version 2.2 and later, the proxymap client recognizes
diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c
index 5e205a57c..05406b81b 100644
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@@ -150,7 +150,8 @@
 /*	\fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for
 /*	details.
 /* .IP "\fB-O \fIoption=value\fR (ignored)"
-/*	Backwards compatibility.
+/*	Set the named \fIoption\fR to \fIvalue\fR. Use the equivalent
+/*	configuration parameter in \fBmain.cf\fR instead.
 /* .IP "\fB-o7\fR (ignored)"
 /* .IP "\fB-o8\fR (ignored)"
 /*	To send 8-bit or binary content, use an appropriate MIME encapsulation
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index dc7a4bb43..41fe422a3 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -34,7 +34,8 @@ SRCS	= alldig.c allprint.c argv.c argv_split.c attr_clnt.c attr_print0.c \
 	unix_pass_listen.c unix_pass_trigger.c edit_file.c inet_windowsize.c \
 	unix_pass_fd_fix.c dict_cache.c valid_utf_8.c dict_thash.c \
 	ip_match.c nbbio.c stream_pass_connect.c base32_code.c dict_test.c \
-	dict_fail.c msg_rate_delay.c dict_surrogate.c warn_stat.c
+	dict_fail.c msg_rate_delay.c dict_surrogate.c warn_stat.c \
+	dict_sockmap.c
 OBJS	= alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
 	attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
 	attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
@@ -70,7 +71,8 @@ OBJS	= alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
 	unix_pass_listen.o unix_pass_trigger.o edit_file.o inet_windowsize.o \
 	unix_pass_fd_fix.o dict_cache.o valid_utf_8.o dict_thash.o \
 	ip_match.o nbbio.o stream_pass_connect.o base32_code.o dict_test.o \
-	dict_fail.o msg_rate_delay.o dict_surrogate.o warn_stat.o
+	dict_fail.o msg_rate_delay.o dict_surrogate.o warn_stat.o \
+	dict_sockmap.o
 HDRS	= argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \
 	chroot_uid.h cidr_match.h clean_env.h connect.h ctable.h dict.h \
 	dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h dict_env.h dict_ht.h \
@@ -91,7 +93,7 @@ HDRS	= argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \
 	username.h valid_hostname.h vbuf.h vbuf_print.h vstream.h vstring.h \
 	vstring_vstream.h watchdog.h format_tv.h load_file.h killme_after.h \
 	edit_file.h dict_cache.h dict_thash.h ip_match.h nbbio.h base32_code.h \
-	dict_fail.h warn_stat.h
+	dict_fail.h warn_stat.h dict_sockmap.h
 TESTSRC	= fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
 	stream_test.c dup2_pass_on_exec.c
 DEFS	= -I. -D$(SYSTYPE)
@@ -109,7 +111,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \
 	attr_scan0 host_port attr_scan_plain attr_print_plain htable \
 	unix_recv_fd unix_send_fd stream_recv_fd stream_send_fd hex_code \
 	myaddrinfo myaddrinfo4 inet_proto sane_basename format_tv \
-	valid_utf_8 ip_match base32_code msg_rate_delay
+	valid_utf_8 ip_match base32_code msg_rate_delay netstring
 
 LIB_DIR	= ../../lib
 INC_DIR	= ../../include
@@ -439,6 +441,11 @@ msg_rate_delay: $(LIB)
 	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
 	mv junk $@.o
 
+netstring: $(LIB)
+	mv $@.o junk
+	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
+	mv junk $@.o
+
 tests: valid_hostname_test mac_expand_test dict_test unescape_test \
 	hex_quote_test ctable_test inet_addr_list_test base64_code_test \
 	attr_scan64_test attr_scan0_test dict_pcre_test host_port_test \
@@ -1001,6 +1008,7 @@ dict_open.o: dict_open.c
 dict_open.o: dict_pcre.h
 dict_open.o: dict_regexp.h
 dict_open.o: dict_sdbm.h
+dict_open.o: dict_sockmap.h
 dict_open.o: dict_static.h
 dict_open.o: dict_tcp.h
 dict_open.o: dict_thash.h
@@ -1060,6 +1068,20 @@ dict_sdbm.o: vbuf.h
 dict_sdbm.o: vstream.h
 dict_sdbm.o: vstring.h
 dict_sdbm.o: warn_stat.h
+dict_sockmap.o: argv.h
+dict_sockmap.o: auto_clnt.h
+dict_sockmap.o: dict.h
+dict_sockmap.o: dict_sockmap.c
+dict_sockmap.o: dict_sockmap.h
+dict_sockmap.o: msg.h
+dict_sockmap.o: mymalloc.h
+dict_sockmap.o: netstring.h
+dict_sockmap.o: split_at.h
+dict_sockmap.o: stringops.h
+dict_sockmap.o: sys_defs.h
+dict_sockmap.o: vbuf.h
+dict_sockmap.o: vstream.h
+dict_sockmap.o: vstring.h
 dict_static.o: argv.h
 dict_static.o: dict.h
 dict_static.o: dict_static.c
diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c
index 7b7c0c56c..cd90e08b2 100644
--- a/postfix/src/util/dict_open.c
+++ b/postfix/src/util/dict_open.c
@@ -235,6 +235,7 @@
 #include <dict_cidr.h>
 #include <dict_ht.h>
 #include <dict_thash.h>
+#include <dict_sockmap.h>
 #include <dict_fail.h>
 #include <stringops.h>
 #include <split_at.h>
@@ -285,6 +286,7 @@ static const DICT_OPEN_INFO dict_open_info[] = {
     DICT_TYPE_STATIC, dict_static_open,
     DICT_TYPE_CIDR, dict_cidr_open,
     DICT_TYPE_THASH, dict_thash_open,
+    DICT_TYPE_SOCKMAP, dict_sockmap_open,
     DICT_TYPE_FAIL, dict_fail_open,
     0,
 };
diff --git a/postfix/src/util/dict_sockmap.c b/postfix/src/util/dict_sockmap.c
new file mode 100644
index 000000000..b40393939
--- /dev/null
+++ b/postfix/src/util/dict_sockmap.c
@@ -0,0 +1,338 @@
+/*++
+/* NAME
+/*	dict_sockmap 3
+/* SUMMARY
+/*	dictionary manager interface to Sendmail-style socketmap server
+/* SYNOPSIS
+/*	#include <dict_sockmap.h>
+/*
+/*	DICT	*dict_sockmap_open(map, open_flags, dict_flags)
+/*	const char *map;
+/*	int	open_flags;
+/*	int	dict_flags;
+/* DESCRIPTION
+/*	dict_sockmap_open() makes a Sendmail-style socketmap server
+/*	accessible via the generic dictionary operations described
+/*	in dict_open(3).  The only implemented operation is dictionary
+/*	lookup. This map type can be useful for simulating a dynamic
+/*	lookup table.
+/*
+/*	Postfix socketmap names have the form inet:host:port:socketmap-name
+/*	or unix:pathname:socketmap-name, where socketmap-name
+/*	specifies the socketmap name that the socketmap server uses.
+/* PROTOCOL
+/* .ad
+/* .fi
+/*	The socketmap class implements a simple protocol: the client
+/*	sends one request, and the server sends one reply.
+/* ENCODING
+/* .ad
+/* .fi
+/*	Each request and reply are sent as one netstring object.
+/* REQUEST FORMAT
+/* .ad
+/* .fi
+/* .IP "<mapname> <space> <key>"
+/*	Search the specified socketmap under the specified key.
+/* REPLY FORMAT
+/* .ad
+/* .fi
+/*	Replies must be no longer than 100000 characters (not including
+/*	the netstring encapsulation), and must have the following
+/*	form:
+/* .IP "OK <space> <data>"
+/*	The requested data was found.
+/* .IP "NOTFOUND <space>"
+/*	The requested data was not found.
+/* .IP "TEMP <space> <reason>"
+/* .IP "TIMEOUT <space> <reason>"
+/* .IP "PERM <space> <reason>"
+/*	The request failed. The reason, if non-empty, is descriptive
+/*	text.
+/* SECURITY
+/*	This map cannot be used for security-sensitive information,
+/*	because neither the connection nor the server are authenticated.
+/* SEE ALSO
+/*	dict(3) generic dictionary manager
+/*	netstring(3) netstring stream I/O support
+/* DIAGNOSTICS
+/*	Fatal errors: out of memory, unknown host or service name,
+/*	attempt to update or iterate over map.
+/* BUGS
+/*	The protocol limits are not yet configurable.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+ /*
+  * System library.
+  */
+#include <sys_defs.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+
+ /*
+  * Utility library.
+  */
+#include <mymalloc.h>
+#include <msg.h>
+#include <vstream.h>
+#include <auto_clnt.h>
+#include <netstring.h>
+#include <split_at.h>
+#include <stringops.h>
+#include <dict_sockmap.h>
+
+ /*
+  * Socket map data structure.
+  */
+typedef struct {
+    DICT    dict;			/* parent class */
+    char   *sockmap_name;		/* on-the-wire socketmap name */
+    VSTRING *rdwr_buf;			/* read/write buffer */
+} DICT_SOCKMAP;
+
+ /*
+  * Default limits.
+  */
+#define DICT_SOCKMAP_DEF_TIMEOUT	100	/* connect/read/write timeout */
+#define DICT_SOCKMAP_DEF_MAX_REPLY	100000	/* reply size limit */
+#define DICT_SOCKMAP_DEF_MAX_IDLE	10	/* close idle socket */
+#define DICT_SOCKMAP_DEF_MAX_TTL	100	/* close old socket */
+
+ /*
+  * Class variables.
+  */
+static AUTO_CLNT *dict_sockmap_clnt;	/* auto_clnt handle */
+static int dict_sockmap_refcount;	/* handle reference count */
+static int dict_sockmap_timeout = DICT_SOCKMAP_DEF_TIMEOUT;
+static int dict_sockmap_max_reply = DICT_SOCKMAP_DEF_MAX_REPLY;
+static int dict_sockmap_max_idle = DICT_SOCKMAP_DEF_MAX_IDLE;
+static int dict_sockmap_max_ttl = DICT_SOCKMAP_DEF_MAX_TTL;
+
+ /*
+  * Socketmap protocol elements.
+  */
+#define DICT_SOCKMAP_PROT_OK		"OK"
+#define DICT_SOCKMAP_PROT_NOTFOUND	"NOTFOUND"
+#define DICT_SOCKMAP_PROT_TEMP		"TEMP"
+#define DICT_SOCKMAP_PROT_TIMEOUT	"TIMEOUT"
+#define DICT_SOCKMAP_PROT_PERM		"PERM"
+
+ /*
+  * SLMs.
+  */
+#define STR(x)	vstring_str(x)
+#define LEN(x)	VSTRING_LEN(x)
+
+/* dict_sockmap_lookup - socket map lookup */
+
+static const char *dict_sockmap_lookup(DICT *dict, const char *key)
+{
+    const char *myname = "dict_sockmap_lookup";
+    DICT_SOCKMAP *dp = (DICT_SOCKMAP *) dict;
+    VSTREAM *fp;
+    int     netstring_err;
+    char   *reply_payload;
+    int     except_count;
+    const char *error_class;
+
+    if (msg_verbose)
+	msg_info("%s: key %s", myname, key);
+
+    /*
+     * Optionally fold the key.
+     */
+    if (dict->flags & DICT_FLAG_FOLD_MUL) {
+	if (dict->fold_buf == 0)
+	    dict->fold_buf = vstring_alloc(100);
+	vstring_strcpy(dict->fold_buf, key);
+	key = lowercase(STR(dict->fold_buf));
+    }
+
+    /*
+     * We retry connection-level errors once, to make server restarts
+     * transparent.
+     */
+    for (except_count = 0; /* see below */ ; except_count++) {
+
+	/*
+	 * Look up the stream.
+	 */
+	if ((fp = auto_clnt_access(dict_sockmap_clnt)) == 0) {
+	    msg_warn("table %s:%s lookup error: %m", dict->type, dict->name);
+	    dict->error = DICT_ERR_RETRY;
+	    return (0);
+	}
+
+	/*
+	 * Set up an exception handler.
+	 */
+	netstring_setup(fp, dict_sockmap_timeout);
+	if ((netstring_err = vstream_setjmp(fp)) == 0) {
+
+	    /*
+	     * Send the query. This may raise an exception.
+	     */
+	    vstring_sprintf(dp->rdwr_buf, "%s %s", dp->sockmap_name, key);
+	    NETSTRING_PUT_BUF(fp, dp->rdwr_buf);
+
+	    /*
+	     * Receive the response. This may raise an exception.
+	     */
+	    netstring_get(fp, dp->rdwr_buf, dict_sockmap_max_reply);
+
+	    /*
+	     * If we got here, then no exception was raised.
+	     */
+	    break;
+	}
+
+	/*
+	 * Handle exceptions.
+	 */
+	else {
+
+	    /*
+	     * We retry a broken connection only once.
+	     */
+	    if (except_count == 0 && netstring_err == NETSTRING_ERR_EOF
+		&& errno != ETIMEDOUT) {
+		auto_clnt_recover(dict_sockmap_clnt);
+		continue;
+	    }
+
+	    /*
+	     * We do not retry other errors.
+	     */
+	    else {
+		msg_warn("table %s:%s lookup error: %s",
+			 dict->type, dict->name,
+			 netstring_strerror(netstring_err));
+		dict->error = DICT_ERR_RETRY;
+		return (0);
+	    }
+	}
+    }
+
+    /*
+     * Parse the reply.
+     */
+    VSTRING_TERMINATE(dp->rdwr_buf);
+    reply_payload = split_at(STR(dp->rdwr_buf), ' ');
+    if (strcmp(STR(dp->rdwr_buf), DICT_SOCKMAP_PROT_OK) == 0) {
+	dict->error = 0;
+	return (reply_payload);
+    } else if (strcmp(STR(dp->rdwr_buf), DICT_SOCKMAP_PROT_NOTFOUND) == 0) {
+	dict->error = 0;
+	return (0);
+    }
+    /* We got no definitive reply. */
+    if (strcmp(STR(dp->rdwr_buf), DICT_SOCKMAP_PROT_TEMP) == 0) {
+	error_class = "temporary";
+	dict->error = DICT_ERR_RETRY;
+    } else if (strcmp(STR(dp->rdwr_buf), DICT_SOCKMAP_PROT_TIMEOUT) == 0) {
+	error_class = "timeout";
+	dict->error = DICT_ERR_RETRY;
+    } else if (strcmp(STR(dp->rdwr_buf), DICT_SOCKMAP_PROT_PERM) == 0) {
+	error_class = "permanent";
+	dict->error = DICT_ERR_CONFIG;
+    } else {
+	error_class = "unknown";
+	dict->error = DICT_ERR_RETRY;
+    }
+    while (reply_payload && ISSPACE(*reply_payload))
+	reply_payload++;
+    msg_warn("%s:%s socketmap server %s error%s%.200s",
+	     dict->type, dict->name, error_class,
+	     reply_payload && *reply_payload ? ": " : "",
+	     reply_payload && *reply_payload ?
+	     printable(reply_payload, '?') : "");
+    return (0);
+}
+
+/* dict_sockmap_close - close socket map */
+
+static void dict_sockmap_close(DICT *dict)
+{
+    DICT_SOCKMAP *dp = (DICT_SOCKMAP *) dict;
+
+    vstring_free(dp->rdwr_buf);
+    myfree(dp->sockmap_name);
+    if (--dict_sockmap_refcount == 0) {
+	auto_clnt_free(dict_sockmap_clnt);
+	dict_sockmap_clnt = 0;
+    }
+    if (dict->fold_buf)
+	vstring_free(dict->fold_buf);
+    myfree((char *) dp);
+}
+
+/* dict_sockmap_open - open socket map */
+
+DICT   *dict_sockmap_open(const char *mapname, int open_flags, int dict_flags)
+{
+    DICT_SOCKMAP *dp;
+    char   *saved_name;
+    char   *sockmap;
+
+    /*
+     * Sanity checks.
+     */
+    if (open_flags != O_RDONLY)
+	return (dict_surrogate(DICT_TYPE_SOCKMAP, mapname,
+			       open_flags, dict_flags,
+			       "%s:%s map requires O_RDONLY access mode",
+			       DICT_TYPE_SOCKMAP, mapname));
+    if (dict_flags & DICT_FLAG_NO_UNAUTH)
+	return (dict_surrogate(DICT_TYPE_SOCKMAP, mapname,
+			       open_flags, dict_flags,
+		     "%s:%s map is not allowed for security-sensitive data",
+			       DICT_TYPE_SOCKMAP, mapname));
+
+    /*
+     * Split the socketmap name off the Postfix mapname.
+     */
+    saved_name = mystrdup(mapname);
+    if ((sockmap = split_at_right(saved_name, ':')) == 0)
+	return (dict_surrogate(DICT_TYPE_SOCKMAP, mapname,
+			       open_flags, dict_flags,
+			       "%s requires server:socketmap argument",
+			       DICT_TYPE_SOCKMAP));
+
+    /*
+     * Instantiate the shared client handle.
+     * 
+     * XXX Todo: graceful degradation after endpoint syntax error.
+     */
+    if (dict_sockmap_refcount == 0)
+	dict_sockmap_clnt = auto_clnt_create(saved_name, dict_sockmap_timeout,
+			       dict_sockmap_max_idle, dict_sockmap_max_ttl);
+    dict_sockmap_refcount += 1;
+
+    /*
+     * Instantiate a socket map handle.
+     */
+    dp = (DICT_SOCKMAP *) dict_alloc(DICT_TYPE_SOCKMAP, mapname, sizeof(*dp));
+    dp->rdwr_buf = vstring_alloc(100);
+    dp->sockmap_name = mystrdup(sockmap);
+    dp->dict.lookup = dict_sockmap_lookup;
+    dp->dict.close = dict_sockmap_close;
+    /* Don't look up parent domains or network superblocks. */
+    dp->dict.flags = dict_flags | DICT_FLAG_PATTERN;
+
+    /*
+     * Clean up.
+     */
+    myfree(saved_name);
+
+    return (DICT_DEBUG (&dp->dict));
+}
diff --git a/postfix/src/util/dict_sockmap.h b/postfix/src/util/dict_sockmap.h
new file mode 100644
index 000000000..b81212aa4
--- /dev/null
+++ b/postfix/src/util/dict_sockmap.h
@@ -0,0 +1,37 @@
+#ifndef _DICT_SOCKMAP_H_INCLUDED_
+#define _DICT_SOCKMAP_H_INCLUDED_
+
+/*++
+/* NAME
+/*	dict_sockmap 3h
+/* SUMMARY
+/*	dictionary manager interface to Sendmail-stye socketmap.
+/* SYNOPSIS
+/*	#include <dict_sockmap.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+  * Utility library.
+  */
+#include <dict.h>
+
+ /*
+  * External interface.
+  */
+#define DICT_TYPE_SOCKMAP	"socketmap"
+
+extern DICT *dict_sockmap_open(const char *, int, int);
+
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
diff --git a/postfix/src/util/netstring.c b/postfix/src/util/netstring.c
index 666b56e37..467940640 100644
--- a/postfix/src/util/netstring.c
+++ b/postfix/src/util/netstring.c
@@ -14,6 +14,9 @@
 /*	VSTREAM	*stream;
 /*	int	exception;
 /*
+/*	const char *netstring_strerror(err)
+/*	int	err;
+/*
 /*	VSTRING	*netstring_get(stream, buf, limit)
 /*	VSTREAM	*stream;
 /*	VSTRING	*buf;
@@ -72,6 +75,8 @@
 /*	netstring_except() raises the specified exception on the
 /*	named stream. See the DIAGNOSTICS section below.
 /*
+/*	netstring_strerror() converts an exception number to string.
+/*
 /*	netstring_get() reads a netstring from the specified stream
 /*	and extracts its content. The limit specifies a maximal size.
 /*	Specify zero to disable the size limit. The result is not null
@@ -352,3 +357,141 @@ VSTRING *netstring_memcat(VSTRING *buf, const char *src, ssize_t len)
     VSTRING_ADDCH(buf, ',');
     return (buf);
 }
+
+/* netstring_strerror - convert error number to string */
+
+const char *netstring_strerror(int err)
+{
+    switch (err) {
+	case NETSTRING_ERR_EOF:
+	return ("unexpected disconnect");
+    case NETSTRING_ERR_TIME:
+	return ("time limit exceeded");
+    case NETSTRING_ERR_FORMAT:
+	return ("input format error");
+    case NETSTRING_ERR_SIZE:
+	return ("input exceeds size limit");
+    default:
+	return ("unknown netstring error");
+    }
+}
+
+ /*
+  * Proof-of-concept netstring encoder/decoder.
+  * 
+  * Usage: netstring command...
+  * 
+  * Run the command as a child process. Then, convert between plain strings on
+  * our own stdin/stdout, and netstrings on the child program's stdin/stdout.
+  * 
+  * Example (socketmap test server): netstring nc -l 9999
+  */
+#ifdef TEST
+#include <unistd.h>
+#include <stdlib.h>
+#include <events.h>
+
+static VSTRING *stdin_read_buf;		/* stdin line buffer */
+static VSTRING *child_read_buf;		/* child read buffer */
+static VSTREAM *child_stream;		/* child stream (full-duplex) */
+
+/* stdin_read_event - line-oriented event handler */
+
+static void stdin_read_event(int event, char *context)
+{
+    int     ch;
+
+    /*
+     * Send a netstring to the child when we have accumulated an entire line
+     * of input.
+     * 
+     * Note: the first VSTREAM_GETCHAR() call implicitly fills the VSTREAM
+     * buffer. We must drain the entire VSTREAM buffer before requesting the
+     * next read(2) event.
+     */
+    do {
+	ch = VSTREAM_GETCHAR();
+	switch (ch) {
+	default:
+	    VSTRING_ADDCH(stdin_read_buf, ch);
+	    break;
+	case '\n':
+	    NETSTRING_PUT_BUF(child_stream, stdin_read_buf);
+	    vstream_fflush(child_stream);
+	    VSTRING_RESET(stdin_read_buf);
+	    break;
+	case VSTREAM_EOF:
+	    /* Better: wait for child to terminate. */
+	    sleep(1);
+	    exit(0);
+	}
+    } while (vstream_peek(VSTREAM_IN) > 0);
+}
+
+/* child_read_event - netstring-oriented event handler */
+
+static void child_read_event(int event, char *context)
+{
+
+    /*
+     * Read an entire netstring from the child and send the result to stdout.
+     * 
+     * This is a simplistic implementation that assumes a server will not
+     * trickle its data.
+     * 
+     * Note: the first netstring_get() call implicitly fills the VSTREAM buffer.
+     * We must drain the entire VSTREAM buffer before requesting the next
+     * read(2) event.
+     */
+    do {
+	netstring_get(child_stream, child_read_buf, 10000);
+	vstream_fwrite(VSTREAM_OUT, STR(child_read_buf), LEN(child_read_buf));
+	VSTREAM_PUTC('\n', VSTREAM_OUT);
+	vstream_fflush(VSTREAM_OUT);
+    } while (vstream_peek(child_stream) > 0);
+}
+
+int     main(int argc, char **argv)
+{
+    int     err;
+
+    /*
+     * Sanity check.
+     */
+    if (argv[1] == 0)
+	msg_fatal("usage: %s command...", argv[0]);
+
+    /*
+     * Run the specified command as a child process with stdin and stdout
+     * connected to us.
+     */
+    child_stream = vstream_popen(O_RDWR, VSTREAM_POPEN_ARGV, argv + 1,
+				 VSTREAM_POPEN_END);
+    vstream_control(child_stream, VSTREAM_CTL_DOUBLE, VSTREAM_CTL_END);
+    netstring_setup(child_stream, 10);
+
+    /*
+     * Buffer plumbing.
+     */
+    stdin_read_buf = vstring_alloc(100);
+    child_read_buf = vstring_alloc(100);
+
+    /*
+     * Monitor both the child's stdout stream and our own stdin stream. If
+     * there is activity on the child stdout stream, read an entire netstring
+     * or EOF. If there is activity on stdin, send a netstring to the child
+     * when we have read an entire line, or terminate in case of EOF.
+     */
+    event_enable_read(vstream_fileno(VSTREAM_IN), stdin_read_event, (char *) 0);
+    event_enable_read(vstream_fileno(child_stream), child_read_event,
+		      (char *) 0);
+
+    if ((err = vstream_setjmp(child_stream)) == 0) {
+	for (;;)
+	    event_loop(-1);
+    } else {
+	msg_fatal("%s: %s", argv[1], netstring_strerror(err));
+    }
+}
+
+#endif
diff --git a/postfix/src/util/netstring.h b/postfix/src/util/netstring.h
index e6908792e..e8f418d25 100644
--- a/postfix/src/util/netstring.h
+++ b/postfix/src/util/netstring.h
@@ -36,6 +36,7 @@ extern void netstring_put_multi(VSTREAM *,...);
 extern void netstring_fflush(VSTREAM *);
 extern VSTRING *netstring_memcpy(VSTRING *, const char *, ssize_t);
 extern VSTRING *netstring_memcat(VSTRING *, const char *, ssize_t);
+extern const char *netstring_strerror(int);
 
 #define NETSTRING_PUT_BUF(str, buf) \
 	netstring_put((str), vstring_str(buf), VSTRING_LEN(buf))