From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 5 Jun 2011 05:00:00 +0000 (-0500)
Subject: postfix-2.9-20110605
X-Git-Tag: v2.9.0-RC1~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4af8bc9fda126dd201e7ecb86fc4a1d448678aa;p=thirdparty%2Fpostfix.git

postfix-2.9-20110605
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 35735c497..0b653fac5 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -16804,3 +16804,27 @@ Apologies for any names omitted.
 	bouncing mail to alias) alias owner lookup. Problem reported
 	by William Ono. Files: local/command.c, local/mailbox.c,
 	local/unknown.c, local/bounce_workaround.c.
+
+20110516
+
+	Update the warning when permit_naked_ip_address is used,
+	and add permit_sasl_authenticated to the list of suggested
+	alternatives.  File: smtpd/smtpd_check.c.
+
+20110601
+
+	Bugfix (introduced Postfix 2.6 with master_service_disable)
+	loop control error when parsing a malformed master.cf file.
+	Found by Coverity. File: master/master_ent.c.
+
+20110602
+
+	Bugfix (introduced: Postfix 2.7): "sendmail -t" reported
+	"protocol error" after queue file write error.  File:
+	postdrop/postdrop.c.
+
+20110605
+
+	Cleanup: removed the PSC_STATE_FLAG_CACHE_EXPIRED flag.
+	Nothing uses this anymore. Files: postscreen/postscreen.h,
+	postscreen/postscreen_state.c, postscreen/postscreen_tests.c.
diff --git a/postfix/README_FILES/POSTSCREEN_README b/postfix/README_FILES/POSTSCREEN_README
index 71fb3eb33..999772858 100644
--- a/postfix/README_FILES/POSTSCREEN_README
+++ b/postfix/README_FILES/POSTSCREEN_README
@@ -15,7 +15,8 @@ impact on legitimate email traffic.
 
 postscreen(8) should not be used on SMTP ports that receive mail from end-user
 clients (MUAs). In a typical deployment, postscreen(8) is used on the "port 25"
-service, while MUA clients submit mail via the submission service.
+service, while MUA clients submit mail via the submission service (port 587)
+which normally requires client authentication.
 
 postscreen(8) is part of a multi-layer defense.
 
@@ -36,8 +37,8 @@ postscreen(8) is part of a multi-layer defense.
     applications.
 
 Each layer reduces the spam volume. The general strategy is to use the less
-expensive defenses first, and to use the more expensive defenses for the spam
-that remains.
+expensive defenses first, and to use the more expensive defenses only for the
+spam that remains.
 
 Topics in this document:
 
@@ -171,22 +172,14 @@ parameters. Expired entries are silently renewed if possible.
 MMXX PPoolliiccyy tteesstt
 
 When the remote SMTP client is not on the static access list or temporary
-whitelist, postscreen(8) can implement a number of whitelist tests before it
-grants the client a temporary whitelist status to talk to a Postfix SMTP server
-process.
+whitelist, postscreen(8) can implement a number of whitelist tests, before it
+grants the client a temporary whitelist status that allows it to talk to a
+Postfix SMTP server process.
 
 By listening on both primary and backup MX addresses, postscreen(8) can deny
 the temporary whitelist status to clients that connect only to backup MX hosts
-(an old trick to take advantage of backup MX hosts with weaker anti-spam
-policies).
-
-Note 1: The status of this feature is still experimental, and implementation
-details are likely to change.
-
-Note 2: MX policy enforcement is currently supported only for domains with one
-Postfix MTA. Support for domains with multiple Postfix MTAs will have to wait
-until Postfix has a database client that can update a shared postscreen(8)
-database.
+(an old spammer trick to take advantage of backup MX hosts with weaker anti-
+spam policies than primary MX hosts).
 
   * First, configure the host to listen on both primary and backup MX
     addresses. Use the appropriate ifconfig command for the local operating
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index f2a13b73f..2bc3bc716 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -8,6 +8,33 @@ Wish list:
 
 	Make the rules for how to use close-on-exec more explicit.
 
+	Trick from amavisd: save listen socket/fifo/etc state, clear
+	their close-on-exec flags, exec the same program file to
+	re-initialize (with saved socket state on command line or
+	in environment), then restore the listen socket/fifo/etc
+	close-on-exec flags.  This could be a way to mitigate the
+	impact of memory/file leaks, and to implement "postfix
+	reload" support for master(8) features that currently don't
+	support this.
+
+	postscreen: wait for DNS completion after early HANGUP
+	and log DNSBL.
+
+	Some Sendmail configurations trigger sub-optimal behavior
+	when the postscreen_whitelist_interfaces parameter lists
+	primary MX addresses only.  When postscreen's "deep protocol
+	tests" are successful on the primary MX address (i.e. they
+	result in 4XX responses to RCPT TO), some Sendmail
+	configurations keep the primary MX connection open until
+	AFTER they finish talking to the backup MX address.  The
+	problem is that the backup connection runs into a WHITELIST
+	VETO condition because the whitelisting database has not
+	yet been updated with the PASS NEW result for the primary
+	MX connection.  Unfortunately postscreen can't update the
+	whitelisting database before the primary MX connection is
+	closed, because a client may still make a mistake.
+
+
 	Don't forget Apple's code donation for fetching mail from
 	IMAP server.
 
diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html
index 6b501fdec..bd4e66677 100644
--- a/postfix/html/POSTSCREEN_README.html
+++ b/postfix/html/POSTSCREEN_README.html
@@ -31,7 +31,8 @@ pass its tests; by allowing whitelisted clients to skip tests,
 <p> <a href="postscreen.8.html">postscreen(8)</a> should not be used on SMTP ports that receive
 mail from end-user clients (MUAs). In a typical deployment,
 <a href="postscreen.8.html">postscreen(8)</a> is used on the "port 25" service, while MUA clients
-submit mail via the submission service. </p>
+submit mail via the submission service (port 587) which normally
+requires client authentication. </p>
 
 <p> <a href="postscreen.8.html">postscreen(8)</a> is part of a multi-layer defense. <p>
 
@@ -59,7 +60,7 @@ SpamAssassin, and Milter applications. </p>
 
 <p> Each layer reduces the spam volume. The general strategy is to
 use the less expensive defenses first, and to use the more expensive
-defenses for the spam that remains. </p>
+defenses only for the spam that remains. </p>
 
 <p> Topics in this document: </p>
 
@@ -233,21 +234,14 @@ parameters.  Expired entries are silently renewed if possible. </p>
 
 <p> When the remote SMTP client is not on the static access list
 or temporary whitelist, <a href="postscreen.8.html">postscreen(8)</a> can implement a number of
-whitelist tests before it grants the client a temporary whitelist
-status to talk to a Postfix SMTP server process. </p>
+whitelist tests, before it grants the client a temporary whitelist
+status that allows it to talk to a Postfix SMTP server process. </p>
 
 <p> By listening on both primary and backup MX addresses, <a href="postscreen.8.html">postscreen(8)</a>
 can deny the temporary whitelist status to clients that connect
-only to backup MX hosts (an old trick to take advantage of backup
-MX hosts with weaker anti-spam policies). </p>
-
-<p> Note 1: The status of this feature is still experimental, and
-implementation details are likely to change. </p>
-
-<p> Note 2: MX policy enforcement is currently supported only for
-domains with one Postfix MTA. Support for domains with multiple
-Postfix MTAs will have to wait until Postfix has a database client
-that can update a shared <a href="postscreen.8.html">postscreen(8)</a> database.  </p>
+only to backup MX hosts (an old spammer trick to take advantage of
+backup MX hosts with weaker anti-spam policies than primary MX
+hosts). </p>
 
 <ul>
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index a9bf5e565..44e6ebf5d 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -7568,16 +7568,19 @@ one-letter suffix that specifies the time unit).  Time units: s
 
 <p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a
 non-whitelisted SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary
-whitelist status to talk to a Postfix SMTP server process.  By
-default, a client can pass <a href="postscreen.8.html">postscreen(8)</a>'s whitelist tests on any
-local <a href="postscreen.8.html">postscreen(8)</a> server IP address. </p>
+whitelist status. This status is required before the client can
+talk to a Postfix SMTP server process.  By default, a client can
+obtain <a href="postscreen.8.html">postscreen(8)</a>'s whitelist status on any local <a href="postscreen.8.html">postscreen(8)</a>
+server IP address. </p>
 
 <p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX
 addresses, the <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> parameter can be
-used to disable whitelisting on backup MX addresses.  With this
-configuration, <a href="postscreen.8.html">postscreen(8)</a> denies whitelisting status to clients
-that connect only to backup MX addresses, and prevents them from
-talking to a Postfix SMTP server process.  </p>
+configured to give the temporary whitelist status only when a client
+connects to a primary MX address. Once a client is whitelisted it
+can talk to a Postfix SMTP server on any address. Thus, clients
+that connect only to backup MX addresses will never become whitelisted,
+and will never be allowed to talk to a Postfix SMTP server process.
+</p>
 
 <p> Example: </p>
 
diff --git a/postfix/html/postdrop.1.html b/postfix/html/postdrop.1.html
index 2756476d0..f06fa329f 100644
--- a/postfix/html/postdrop.1.html
+++ b/postfix/html/postdrop.1.html
@@ -99,7 +99,7 @@ POSTDROP(1)                                                        POSTDROP(1)
 
        Available in Postfix version 2.2 and later:
 
-       <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (static:anyone)</b>
+       <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
               List of users who are  authorized  to  submit  mail
               with  the  <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
               leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 50630574b..4aecf46e1 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4361,16 +4361,18 @@ This feature is available in Postfix 2.8.
 .SH postscreen_whitelist_interfaces (default: static:all)
 A list of local \fBpostscreen\fR(8) server IP addresses where a
 non-whitelisted SMTP client can obtain \fBpostscreen\fR(8)'s temporary
-whitelist status to talk to a Postfix SMTP server process.  By
-default, a client can pass \fBpostscreen\fR(8)'s whitelist tests on any
-local \fBpostscreen\fR(8) server IP address.
+whitelist status. This status is required before the client can
+talk to a Postfix SMTP server process.  By default, a client can
+obtain \fBpostscreen\fR(8)'s whitelist status on any local \fBpostscreen\fR(8)
+server IP address.
 .PP
 When \fBpostscreen\fR(8) listens on both primary and backup MX
 addresses, the postscreen_whitelist_interfaces parameter can be
-used to disable whitelisting on backup MX addresses.  With this
-configuration, \fBpostscreen\fR(8) denies whitelisting status to clients
-that connect only to backup MX addresses, and prevents them from
-talking to a Postfix SMTP server process.
+configured to give the temporary whitelist status only when a client
+connects to a primary MX address. Once a client is whitelisted it
+can talk to a Postfix SMTP server on any address. Thus, clients
+that connect only to backup MX addresses will never become whitelisted,
+and will never be allowed to talk to a Postfix SMTP server process.
 .PP
 Example:
 .PP
diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html
index c3249e6e8..6de1e7286 100644
--- a/postfix/proto/POSTSCREEN_README.html
+++ b/postfix/proto/POSTSCREEN_README.html
@@ -31,7 +31,8 @@ postscreen(8) minimizes its impact on legitimate email traffic.
 <p> postscreen(8) should not be used on SMTP ports that receive
 mail from end-user clients (MUAs). In a typical deployment,
 postscreen(8) is used on the "port 25" service, while MUA clients
-submit mail via the submission service. </p>
+submit mail via the submission service (port 587) which normally
+requires client authentication. </p>
 
 <p> postscreen(8) is part of a multi-layer defense. <p>
 
@@ -59,7 +60,7 @@ SpamAssassin, and Milter applications. </p>
 
 <p> Each layer reduces the spam volume. The general strategy is to
 use the less expensive defenses first, and to use the more expensive
-defenses for the spam that remains. </p>
+defenses only for the spam that remains. </p>
 
 <p> Topics in this document: </p>
 
@@ -233,21 +234,14 @@ parameters.  Expired entries are silently renewed if possible. </p>
 
 <p> When the remote SMTP client is not on the static access list
 or temporary whitelist, postscreen(8) can implement a number of
-whitelist tests before it grants the client a temporary whitelist
-status to talk to a Postfix SMTP server process. </p>
+whitelist tests, before it grants the client a temporary whitelist
+status that allows it to talk to a Postfix SMTP server process. </p>
 
 <p> By listening on both primary and backup MX addresses, postscreen(8)
 can deny the temporary whitelist status to clients that connect
-only to backup MX hosts (an old trick to take advantage of backup
-MX hosts with weaker anti-spam policies). </p>
-
-<p> Note 1: The status of this feature is still experimental, and
-implementation details are likely to change. </p>
-
-<p> Note 2: MX policy enforcement is currently supported only for
-domains with one Postfix MTA. Support for domains with multiple
-Postfix MTAs will have to wait until Postfix has a database client
-that can update a shared postscreen(8) database.  </p>
+only to backup MX hosts (an old spammer trick to take advantage of
+backup MX hosts with weaker anti-spam policies than primary MX
+hosts). </p>
 
 <ul>
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index c88ae25d9..b27389ec3 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -14084,16 +14084,19 @@ configuration parameter.  See there for details. </p>
 
 <p> A list of local postscreen(8) server IP addresses where a
 non-whitelisted SMTP client can obtain postscreen(8)'s temporary
-whitelist status to talk to a Postfix SMTP server process.  By
-default, a client can pass postscreen(8)'s whitelist tests on any
-local postscreen(8) server IP address. </p>
+whitelist status. This status is required before the client can
+talk to a Postfix SMTP server process.  By default, a client can
+obtain postscreen(8)'s whitelist status on any local postscreen(8)
+server IP address. </p>
 
 <p> When postscreen(8) listens on both primary and backup MX
 addresses, the postscreen_whitelist_interfaces parameter can be
-used to disable whitelisting on backup MX addresses.  With this
-configuration, postscreen(8) denies whitelisting status to clients
-that connect only to backup MX addresses, and prevents them from
-talking to a Postfix SMTP server process.  </p>
+configured to give the temporary whitelist status only when a client
+connects to a primary MX address. Once a client is whitelisted it
+can talk to a Postfix SMTP server on any address. Thus, clients
+that connect only to backup MX addresses will never become whitelisted,
+and will never be allowed to talk to a Postfix SMTP server process.
+</p>
 
 <p> Example: </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 6327695a6..efb44e55a 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110501"
+#define MAIL_RELEASE_DATE	"20110605"
 #define MAIL_VERSION_NUMBER	"2.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/master/master_ent.c b/postfix/src/master/master_ent.c
index 4723251bd..cc0bb56d7 100644
--- a/postfix/src/master/master_ent.c
+++ b/postfix/src/master/master_ent.c
@@ -272,7 +272,7 @@ MASTER_SERV *get_master_ent()
     /*
      * Skip blank lines and comment lines.
      */
-    do {
+    for (;;) {
 	if (readlline(buf, master_fp, &master_line) == 0) {
 	    vstring_free(buf);
 	    vstring_free(junk);
@@ -284,7 +284,9 @@ MASTER_SERV *get_master_ent()
 	name = cp;
 	transport = get_str_ent(&bufp, "transport type", (char *) 0);
 	vstring_sprintf(junk, "%s.%s", name, transport);
-    } while (match_service_match(master_disable, vstring_str(junk)) != 0);
+	if (match_service_match(master_disable, vstring_str(junk)) == 0)
+	    break;
+    }
 
     /*
      * Parse one logical line from the configuration file. Initialize service
diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c
index 34e4fdf8e..a2df01ece 100644
--- a/postfix/src/postdrop/postdrop.c
+++ b/postfix/src/postdrop/postdrop.c
@@ -235,6 +235,7 @@ int     main(int argc, char **argv)
     int     saved_errno;
     int     from_count = 0;
     int     rcpt_count = 0;
+    int     validate_input = 1;
 
     /*
      * Fingerprint executables and core dumps.
@@ -453,6 +454,7 @@ int     main(int argc, char **argv)
 		   && rec_type != REC_TYPE_EOF)
 		if (rec_type == REC_TYPE_ERROR)
 		    msg_fatal("uid=%ld: malformed input", (long) uid);
+	    validate_input = 0;
 	    errno = saved_errno;
 	    break;
 	}
@@ -478,7 +480,7 @@ int     main(int argc, char **argv)
      * the segment terminator records, there aren't any other mandatory
      * records in a Postfix submission queue file.
      */
-    if (from_count == 0 || rcpt_count == 0) {
+    if (validate_input && (from_count == 0 || rcpt_count == 0)) {
 	status = CLEANUP_STAT_BAD;
 	mail_stream_cleanup(dst);
     }
diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h
index 7a82b3697..b378aaad4 100644
--- a/postfix/src/postscreen/postscreen.h
+++ b/postfix/src/postscreen/postscreen.h
@@ -81,7 +81,7 @@ typedef struct {
 #define PSC_STATE_FLAG_NEW		(1<<3)	/* some test was never passed */
 #define PSC_STATE_FLAG_BLIST_FAIL	(1<<4)	/* blacklisted */
 #define PSC_STATE_FLAG_HANGUP		(1<<5)	/* NOT a test failure */
-#define PSC_STATE_FLAG_CACHE_EXPIRED	(1<<6)	/* cache retention expired */
+/* unused */
 #define PSC_STATE_FLAG_WLIST_FAIL	(1<<7)	/* do not whitelist */
 
  /*
diff --git a/postfix/src/postscreen/postscreen_state.c b/postfix/src/postscreen/postscreen_state.c
index 51c3bf0c9..581647b6f 100644
--- a/postfix/src/postscreen/postscreen_state.c
+++ b/postfix/src/postscreen/postscreen_state.c
@@ -255,7 +255,7 @@ const char *psc_print_state_flags(int flags, const char *context)
 	"NEW", PSC_STATE_FLAG_NEW,
 	"BLIST_FAIL", PSC_STATE_FLAG_BLIST_FAIL,
 	"HANGUP", PSC_STATE_FLAG_HANGUP,
-	"CACHE_EXPIRED", PSC_STATE_FLAG_CACHE_EXPIRED,
+	/* unused */
 	"WLIST_FAIL", PSC_STATE_FLAG_WLIST_FAIL,
 
 	"PENAL_UPDATE", PSC_STATE_FLAG_PENAL_UPDATE,
diff --git a/postfix/src/postscreen/postscreen_tests.c b/postfix/src/postscreen/postscreen_tests.c
index ccc3241ba..57bfd6999 100644
--- a/postfix/src/postscreen/postscreen_tests.c
+++ b/postfix/src/postscreen/postscreen_tests.c
@@ -215,37 +215,44 @@ void    psc_parse_tests(PSC_STATE *state,
 	state->flags |= PSC_STATE_FLAG_NEW;
 
     /*
-     * Don't flag a cache entry as expired just because some test was never
-     * passed.
-     * 
      * Don't flag disabled tests as "todo", because there would be no way to
      * make those bits go away.
      */
-    if (PSC_PREGR_TEST_ENABLE() && time_value > state->pregr_stamp) {
+    if (PSC_PREGR_TEST_ENABLE() && time_value > state->pregr_stamp)
 	state->flags |= PSC_STATE_FLAG_PREGR_TODO;
-	if (state->pregr_stamp > PSC_TIME_STAMP_DISABLED)
-	    state->flags |= PSC_STATE_FLAG_CACHE_EXPIRED;
-    }
-    if (PSC_DNSBL_TEST_ENABLE() && time_value > state->dnsbl_stamp) {
+    if (PSC_DNSBL_TEST_ENABLE() && time_value > state->dnsbl_stamp)
 	state->flags |= PSC_STATE_FLAG_DNSBL_TODO;
-	if (state->dnsbl_stamp > PSC_TIME_STAMP_DISABLED)
-	    state->flags |= PSC_STATE_FLAG_CACHE_EXPIRED;
-    }
-    if (var_psc_pipel_enable && time_value > state->pipel_stamp) {
+    if (var_psc_pipel_enable && time_value > state->pipel_stamp)
 	state->flags |= PSC_STATE_FLAG_PIPEL_TODO;
-	if (state->pipel_stamp > PSC_TIME_STAMP_DISABLED)
-	    state->flags |= PSC_STATE_FLAG_CACHE_EXPIRED;
-    }
-    if (var_psc_nsmtp_enable && time_value > state->nsmtp_stamp) {
+    if (var_psc_nsmtp_enable && time_value > state->nsmtp_stamp)
 	state->flags |= PSC_STATE_FLAG_NSMTP_TODO;
-	if (state->nsmtp_stamp > PSC_TIME_STAMP_DISABLED)
-	    state->flags |= PSC_STATE_FLAG_CACHE_EXPIRED;
-    }
-    if (var_psc_barlf_enable && time_value > state->barlf_stamp) {
+    if (var_psc_barlf_enable && time_value > state->barlf_stamp)
 	state->flags |= PSC_STATE_FLAG_BARLF_TODO;
-	if (state->barlf_stamp > PSC_TIME_STAMP_DISABLED)
-	    state->flags |= PSC_STATE_FLAG_CACHE_EXPIRED;
+
+    /*
+     * If any test has expired, proactively refresh tests that will expire
+     * soon. This can increase the occurrence of client-visible delays, but
+     * avoids questions about why a client can pass some test and then fail
+     * within seconds. The proactive refresh time is really a surrogate for
+     * the user's curiosity level, and therefore hard to choose optimally.
+     */
+#ifdef VAR_PSC_REFRESH_TIME
+    if ((state->flags & PSC_STATE_MASK_ANY_TODO) != 0
+	&& var_psc_refresh_time > 0) {
+	time_t  refresh_time = time_value + var_psc_refresh_time;
+
+	if (PSC_PREGR_TEST_ENABLE() && refresh_time > state->pregr_stamp)
+	    state->flags |= PSC_STATE_FLAG_PREGR_TODO;
+	if (PSC_DNSBL_TEST_ENABLE() && refresh_time > state->dnsbl_stamp)
+	    state->flags |= PSC_STATE_FLAG_DNSBL_TODO;
+	if (var_psc_pipel_enable && refresh_time > state->pipel_stamp)
+	    state->flags |= PSC_STATE_FLAG_PIPEL_TODO;
+	if (var_psc_nsmtp_enable && refresh_time > state->nsmtp_stamp)
+	    state->flags |= PSC_STATE_FLAG_NSMTP_TODO;
+	if (var_psc_barlf_enable && refresh_time > state->barlf_stamp)
+	    state->flags |= PSC_STATE_FLAG_BARLF_TODO;
     }
+#endif
 
     /*
      * Gratuitously make postscreen logging more useful by turning on all
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index e381a36f3..0768c61b7 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -3796,8 +3796,8 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 					 state->helo_name, SMTPD_NAME_HELO);
 	    }
 	} else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) {
-	    msg_warn("restriction %s is deprecated. Use %s instead",
-		     PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS);
+	    msg_warn("restriction %s is deprecated. Use %s or %s instead",
+		     PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS, PERMIT_SASL_AUTH);
 	    if (state->helo_name) {
 		if (state->helo_name[strspn(state->helo_name, "0123456789.:")] == 0
 		&& (status = reject_invalid_hostaddr(state, state->helo_name,