From: Wietse Venema Date: Sun, 26 Apr 2009 05:00:00 +0000 (-0500) Subject: postfix-2.7-20090426 X-Git-Tag: v2.7.0-RC1~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3aa251d6158c593fee3941da0bdd556320bbed2;p=thirdparty%2Fpostfix.git postfix-2.7-20090426 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 3e37c9612..c31a01698 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15144,3 +15144,35 @@ Apologies for any names omitted. Robustness: don't re-enable SIGTERM if it is ignored in the parent. Files: postsuper/postsuper.c, postdrop/postdrop.c. + +20090422 + + Undo delivery agent change 20090415. The queue manager never + locks a queue file to read additional recipients into memory, + so if a delivery agent runs into a locked file, then something + is seriously wrong. File: global/deliver_request.c. + +20090424 + + Compatibility: the Postfix SMTP client no longer uses the + obsolete SSLv2 by default for opportunistic encryption. + This has nothing to do with security (we're willing to send + plaintext over an unauthenticated connection) but with the + loss of advanced options that give better performance. + Victor Duchovni. Files: proto/postconf.proto, global/mail_params.h. + +20090426 + + Feature: more accurate support for Milter macros {mail_addr} + and {rcpt_addr}, and new support for Milter macros {mail_host}, + {mail_mailer}, {rcpt_host}, and {rcpt_mailer}. Files: + milter/milter.[hc], smtpd/smtpd.[hc], smtpd/smtpd_milter.c, + smtpd/smtpd_resolve.c. + + Feature: new support for SMFIP_RCPT_REJ. When a recipient + is rejected, Postfix reports the event as decribed in + Sendmail 8.14.0 documentation: {rcpt_mailer} = "error", + {rcpt_host} = enhanced status code (e.g., "5.7.1"), and + {rcpt_addr} = reason to reject (e.g., "Relay access denied"). + Files: milter/milter.[hc], milter/milter8.c, smtpd/smtpd.[hc], + smtpd/smtpd_milter.c. diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index 192ed2a48..a06923e60 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -184,7 +184,8 @@ Once you're satisfied with the content filtering script: store its temporary files. * Configure Postfix to deliver mail to the content filter with the pipe(8) - delivery agent. + delivery agent (see the pipe(8) manpage for a description of the command + syntax below). /etc/postfix/master.cf: # ============================================================= @@ -192,13 +193,15 @@ Once you're satisfied with the content filtering script: # (yes) (yes) (yes) (never) (100) # ============================================================= filter unix - n n - 10 pipe - flags=Rq user=filter argv=/path/to/script -f ${sender} -- ${recipient} + flags=Rq user=filter null_sender= + argv=/path/to/script -f ${sender} -- ${recipient} This runs up to 10 content filters in parallel. Instead of a limit of 10 concurrent processes, use whatever process limit is feasible for your machine. Content inspection software can gobble up a lot of system resources, so you don't want to have too much of it running at the same - time. + time. The empty null_sender feature is both necessary and available with + Postfix 2.3 and later. * To turn on content filtering for mail arriving via SMTP only, append "- o content_filter=filter:dummy" to the master.cf entry that defines the diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index 469144924..fc99ce813 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -365,8 +365,21 @@ Sendmail. See the workarounds section below for solutions. |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |{mail_addr} |MAIL |Sender address | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{mail_host} |MAIL (Postfix >= 2.6) |Sender next-hop | + | | |destination | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{mail_mailer} |MAIL (Postfix >= 2.6) |Sender mail delivery | + | | |transport | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |{rcpt_addr} |RCPT |Recipient address | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{rcpt_host} |RCPT (Postfix >= 2.6) |Recipient next-hop | + | | |destination | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Recipient mail delivery | + |{rcpt_mailer} |RCPT (Postfix >= 2.6) |transport, "error" for | + | | |rejected recipient. | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |{tls_version} |HELO, MAIL, DATA, EOH, |TLS protocol version | | |EOM | | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index a408a86c5..9102c6a48 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -1692,7 +1692,7 @@ Example: smtp_tls_mandatory_protocols = !SSLv2 # Also available with Postfix >= 2.6: smtp_tls_ciphers = export - smtp_tls_protocols = + smtp_tls_protocols = !SSLv2 CClliieenntt--ssiiddee SSMMTTPPSS ssuuppppoorrtt diff --git a/postfix/html/FILTER_README.html b/postfix/html/FILTER_README.html index 0bb4332d0..5cc68299c 100644 --- a/postfix/html/FILTER_README.html +++ b/postfix/html/FILTER_README.html @@ -356,7 +356,8 @@ to the "filter" user. This is where the content filtering script is supposed to store its temporary files.

  • Configure Postfix to deliver mail to the content filter -with the pipe(8) delivery agent.

    +with the pipe(8) delivery agent (see the pipe(8) manpage for a +description of the command syntax below). 

     /etc/postfix/master.cf:
@@ -365,14 +366,16 @@ with the pipe(8) delivery agent. 
    
   #               (yes)   (yes)   (yes)   (never) (100)
   # =============================================================
   filter    unix  -       n       n       -       10      pipe
-    flags=Rq user=filter argv=/path/to/script -f ${sender} -- ${recipient}
+    flags=Rq user=filter null_sender=
+    argv=/path/to/script -f ${sender} -- ${recipient}

    This runs up to 10 content filters in parallel. Instead of a limit of 10 concurrent processes, use whatever process limit is feasible for your machine. Content inspection software can gobble up a lot of system resources, so you don't want to have too much -of it running at the same time.

    +of it running at the same time. The empty null_sender feature is +both necessary and available with Postfix 2.3 and later.

  • To turn on content filtering for mail arriving via SMTP only, append "-o content_filter=filter:dummy" to the master.cf diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html index c8539c523..9909e85f2 100644 --- a/postfix/html/MILTER_README.html +++ b/postfix/html/MILTER_README.html @@ -580,11 +580,24 @@ cipher {mail_addr} MAIL Sender address + {mail_host} MAIL (Postfix ≥ 2.6) +Sender next-hop destination + + {mail_mailer} MAIL (Postfix ≥ 2.6) + Sender mail delivery transport + {rcpt_addr} RCPT Recipient address - {tls_version} HELO, MAIL, DATA, EOH, EOM -TLS protocol version + {rcpt_host} RCPT (Postfix ≥ 2.6) +Recipient next-hop destination + + {rcpt_mailer} RCPT (Postfix ≥ 2.6) + Recipient mail delivery transport, "error" for rejected +recipient. + + {tls_version} HELO, MAIL, DATA, EOH, EOM + TLS protocol version v Always value of milter_macro_v diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index f056f12db..fa6571940 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -2277,7 +2277,7 @@ the SSL/TLS protocols used with opportunistic TLS.

    smtp_tls_mandatory_protocols = !SSLv2 # Also available with Postfix ≥ 2.6: smtp_tls_ciphers = export - smtp_tls_protocols = + smtp_tls_protocols = !SSLv2 diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index f435276cb..f6e9232a9 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -517,7 +517,7 @@ SMTP(8) SMTP(8) Available in Postfix version 2.6 and later: - smtp_tls_protocols (empty) + smtp_tls_protocols (!SSLv2) List of TLS protocols that the Postfix SMTP client will exclude or include with opportunistic TLS encryption. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 9ba2d0d9f..1777b2787 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -9533,8 +9533,8 @@ introduced in Postfix 2.3. Starting with Postfix 2.3, and independently of how the policy is specified, the smtp_tls_mandatory_ciphers and smtp_tls_mandatory_protocols parameters apply when TLS encryption is mandatory. Connections for which encryption is optional typically -enable all "export" grade and better ciphers and all SSL/TLS protocols -(see smtp_tls_ciphers and smtp_tls_protocols).

    +enable all "export" grade and better ciphers (see smtp_tls_ciphers +and smtp_tls_protocols).

    As long as no secure DNS lookup mechanism is available, false hostnames in MX or CNAME responses can change the server hostname @@ -9689,12 +9689,12 @@ configurations in environments where DNS security is not assured.

    smtp_tls_protocols -(default: empty)
    +(default: !SSLv2)
    -

    List of TLS protocols that the Postfix SMTP client will exclude -or include with opportunistic TLS encryption. This parameter SHOULD be -left at its default empty value, allowing all protocols to be used with -opportunistic TLS.

    +

    List of TLS protocols that the Postfix SMTP client will exclude or +include with opportunistic TLS encryption. Starting with Postfix 2.6, +the Postfix SMTP client will by default only use SSLv3 and TLSv1, the +SSLv2 protocol is insecure and obsolete.

    In main.cf the values are separated by whitespace, commas or colons. In the policy table (see smtp_tls_policy_maps) the only valid @@ -9713,7 +9713,8 @@ they cannot be excluded using either syntax.

    Example: 

    -smtp_tls_protocols = !SSLv2
+# TLSv1 only!
+smtp_tls_protocols = !SSLv2, !SSLv3

    This feature is available in Postfix 2.6 and later.

    @@ -9867,12 +9868,12 @@ Examples: # Opportunistic TLS. smtp_tls_security_level = may # Postfix ≥ 2.6: -# Do not tweak opportunistic ciphers or protocols unless it is essential +# Do not tweak opportunistic ciphers unless it is essential # to do so (if a security vulnerability is found in the SSL library that # can be mitigated by disabling a particular protocol or raising the # cipher grade from "export" to "low" or "medium"). smtp_tls_ciphers = export -smtp_tls_protocols = +smtp_tls_protocols = !SSLv2 
    diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index f435276cb..f6e9232a9 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -517,7 +517,7 @@ SMTP(8)                                                                SMTP(8)
 
        Available in Postfix version 2.6 and later:
 
-       smtp_tls_protocols (empty)
+       smtp_tls_protocols (!SSLv2)
               List of TLS protocols that the Postfix SMTP  client
               will  exclude  or  include  with  opportunistic TLS
               encryption.
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 84256e063..1cb282767 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -386,30 +386,31 @@ SMTPD(8)                                                              SMTPD(8)
               root  CAs trusted to sign either remote SMTP client
               certificates or intermediate CA certificates.
 
-       smtpd_tls_CAfile (empty)
-              A file containing (PEM format) CA  certificates  of
-              root  CAs trusted to sign either remote SMTP client
-              certificates or intermediate CA certificates.
+       smtpd_tls_CApath (empty)
+              A directory containing (PEM format) CA certificates
+              of  root  CAs  trusted  to  sign either remote SMTP
+              client certificates  or  intermediate  CA  certifi-
+              cates.
 
        smtpd_tls_always_issue_session_ids (yes)
-              Force the Postfix SMTP server to issue a  TLS  ses-
-              sion  id,  even  when TLS session caching is turned
+              Force  the  Postfix SMTP server to issue a TLS ses-
+              sion id, even when TLS session  caching  is  turned
               off (smtpd_tls_session_cache_database is empty).
 
        smtpd_tls_ask_ccert (no)
-              Ask a remote SMTP client for a client  certificate.
+              Ask  a remote SMTP client for a client certificate.
 
        smtpd_tls_auth_only (no)
               When TLS encryption is optional in the Postfix SMTP
-              server, do not announce or accept SASL  authentica-
+              server,  do not announce or accept SASL authentica-
               tion over unencrypted connections.
 
        smtpd_tls_ccert_verifydepth (9)
-              The  verification depth for remote SMTP client cer-
+              The verification depth for remote SMTP client  cer-
               tificates.
 
        smtpd_tls_cert_file (empty)
-              File with the Postfix SMTP server  RSA  certificate
+              File  with  the Postfix SMTP server RSA certificate
               in PEM format.
 
        smtpd_tls_exclude_ciphers (empty)
@@ -417,56 +418,56 @@ SMTPD(8)                                                              SMTPD(8)
               SMTP server cipher list at all TLS security levels.
 
        smtpd_tls_dcert_file (empty)
-              File  with  the Postfix SMTP server DSA certificate
+              File with the Postfix SMTP server  DSA  certificate
               in PEM format.
 
        smtpd_tls_dh1024_param_file (empty)
-              File with  DH  parameters  that  the  Postfix  SMTP
+              File  with  DH  parameters  that  the  Postfix SMTP
               server should use with EDH ciphers.
 
        smtpd_tls_dh512_param_file (empty)
-              File  with  DH  parameters  that  the  Postfix SMTP
+              File with  DH  parameters  that  the  Postfix  SMTP
               server should use with EDH ciphers.
 
        smtpd_tls_dkey_file ($smtpd_tls_dcert_file)
-              File with the Postfix SMTP server DSA  private  key
+              File  with  the Postfix SMTP server DSA private key
               in PEM format.
 
        smtpd_tls_key_file ($smtpd_tls_cert_file)
-              File  with  the Postfix SMTP server RSA private key
+              File with the Postfix SMTP server RSA  private  key
               in PEM format.
 
        smtpd_tls_loglevel (0)
-              Enable additional Postfix SMTP  server  logging  of
+              Enable  additional  Postfix  SMTP server logging of
               TLS activity.
 
        smtpd_tls_mandatory_ciphers (medium)
-              The  minimum TLS cipher grade that the Postfix SMTP
+              The minimum TLS cipher grade that the Postfix  SMTP
               server will use with mandatory TLS encryption.
 
        smtpd_tls_mandatory_exclude_ciphers (empty)
-              Additional list  of  ciphers  or  cipher  types  to
-              exclude  from the SMTP server cipher list at manda-
+              Additional  list  of  ciphers  or  cipher  types to
+              exclude from the SMTP server cipher list at  manda-
               tory TLS security levels.
 
        smtpd_tls_mandatory_protocols (SSLv3, TLSv1)
-              The SSL/TLS protocols accepted by the Postfix  SMTP
+              The  SSL/TLS protocols accepted by the Postfix SMTP
               server with mandatory TLS encryption.
 
        smtpd_tls_received_header (no)
               Request  that  the  Postfix  SMTP  server  produces
               Received:  message headers that include information
-              about  the protocol and cipher used, as well as the
-              client CommonName  and  client  certificate  issuer
+              about the protocol and cipher used, as well as  the
+              client  CommonName  and  client  certificate issuer
               CommonName.
 
        smtpd_tls_req_ccert (no)
-              With  mandatory  TLS  encryption, require a trusted
-              remote SMTP client certificate in  order  to  allow
+              With mandatory TLS encryption,  require  a  trusted
+              remote  SMTP  client  certificate in order to allow
               TLS connections to proceed.
 
        smtpd_tls_session_cache_database (empty)
-              Name  of  the  file containing the optional Postfix
+              Name of the file containing  the  optional  Postfix
               SMTP server TLS session cache.
 
        smtpd_tls_session_cache_timeout (3600s)
@@ -474,14 +475,14 @@ SMTPD(8)                                                              SMTPD(8)
               sion cache information.
 
        smtpd_tls_wrappermode (no)
-              Run  the  Postfix  SMTP  server in the non-standard
-              "wrapper" mode, instead of using the STARTTLS  com-
+              Run the Postfix SMTP  server  in  the  non-standard
+              "wrapper"  mode, instead of using the STARTTLS com-
               mand.
 
        tls_daemon_random_bytes (32)
-              The  number  of pseudo-random bytes that an smtp(8)
-              or smtpd(8) process  requests  from  the  tlsmgr(8)
-              server  in order to seed its internal pseudo random
+              The number of pseudo-random bytes that  an  smtp(8)
+              or  smtpd(8)  process  requests  from the tlsmgr(8)
+              server in order to seed its internal pseudo  random
               number generator (PRNG).
 
        tls_high_cipherlist
@@ -493,7 +494,7 @@ SMTPD(8)                                                              SMTPD(8)
               ciphers.
 
        tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
-              The  OpenSSL  cipherlist  for "LOW" or higher grade
+              The OpenSSL cipherlist for "LOW"  or  higher  grade
               ciphers.
 
        tls_export_cipherlist (ALL:+RC4:@STRENGTH)
@@ -501,26 +502,26 @@ SMTPD(8)                                                              SMTPD(8)
               ciphers.
 
        tls_null_cipherlist (eNULL:!aNULL)
-              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
+              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
               that provide authentication without encryption.
 
        Available in Postfix version 2.5 and later:
 
        smtpd_tls_fingerprint_digest (md5)
-              The message  digest  algorithm  used  to  construct
+              The  message  digest  algorithm  used  to construct
               client-certificate         fingerprints         for
               check_ccert_access and permit_tls_clientcerts.
 
        Available in Postfix version 2.6 and later:
 
        smtpd_tls_protocols (empty)
-              List of TLS protocols that the Postfix SMTP  server
-              will  exclude  or  include  with  opportunistic TLS
+              List  of TLS protocols that the Postfix SMTP server
+              will exclude  or  include  with  opportunistic  TLS
               encryption.
 
        smtpd_tls_ciphers (export)
-              The minimum TLS cipher grade that the Postfix  SMTP
-              server  will use with opportunistic TLS encryption.
+              The  minimum TLS cipher grade that the Postfix SMTP
+              server will use with opportunistic TLS  encryption.
 
        smtpd_tls_eccert_file (empty)
               File with the Postfix SMTP server ECDSA certificate
@@ -531,7 +532,7 @@ SMTPD(8)                                                              SMTPD(8)
               in PEM format.
 
        smtpd_tls_eecdh_grade (see 'postconf -d' output)
-              The  Postfix  SMTP  server   security   grade   for
+              The   Postfix   SMTP   server  security  grade  for
               ephemeral elliptic-curve Diffie-Hellman (EECDH) key
               exchange.
 
@@ -544,18 +545,18 @@ SMTPD(8)                                                              SMTPD(8)
               imally strong ephemeral ECDH key exchange.
 
 OBSOLETE STARTTLS CONTROLS
-       The following configuration parameters exist for  compati-
+       The  following configuration parameters exist for compati-
        bility with Postfix versions before 2.3. Support for these
        will be removed in a future release.
 
        smtpd_use_tls (no)
-              Opportunistic TLS:  announce  STARTTLS  support  to
-              SMTP  clients,  but do not require that clients use
+              Opportunistic  TLS:  announce  STARTTLS  support to
+              SMTP clients, but do not require that  clients  use
               TLS encryption.
 
        smtpd_enforce_tls (no)
-              Mandatory TLS: announce STARTTLS  support  to  SMTP
-              clients,  and  require that clients use TLS encryp-
+              Mandatory  TLS:  announce  STARTTLS support to SMTP
+              clients, and require that clients use  TLS  encryp-
               tion.
 
        smtpd_tls_cipherlist (empty)
@@ -563,64 +564,64 @@ SMTPD(8)                                                              SMTPD(8)
               server TLS cipher list.
 
 VERP SUPPORT CONTROLS
-       With  VERP  style  delivery,  each  recipient of a message
+       With VERP style delivery,  each  recipient  of  a  message
        receives a customized copy of the message with his/her own
-       recipient  address encoded in the envelope sender address.
+       recipient address encoded in the envelope sender  address.
        The VERP_README file describes configuration and operation
-       details  of  Postfix  support for variable envelope return
+       details of Postfix support for  variable  envelope  return
        path addresses.  VERP style delivery is requested with the
-       SMTP  XVERP command or with the "sendmail -V" command-line
-       option and is available in Postfix version 1.1 and  later.
+       SMTP XVERP command or with the "sendmail -V"  command-line
+       option  and is available in Postfix version 1.1 and later.
 
        default_verp_delimiters (+=)
               The two default VERP delimiter characters.
 
        verp_delimiter_filter (-=+)
-              The  characters  Postfix  accepts as VERP delimiter
-              characters on the Postfix sendmail(1) command  line
+              The characters Postfix accepts  as  VERP  delimiter
+              characters  on the Postfix sendmail(1) command line
               and in SMTP commands.
 
        Available in Postfix version 1.1 and 2.0:
 
        authorized_verp_clients ($mynetworks)
-              What  SMTP clients are allowed to specify the XVERP
+              What SMTP clients are allowed to specify the  XVERP
               command.
 
        Available in Postfix version 2.1 and later:
 
        smtpd_authorized_verp_clients ($authorized_verp_clients)
-              What SMTP clients are allowed to specify the  XVERP
+              What  SMTP clients are allowed to specify the XVERP
               command.
 
 TROUBLE SHOOTING CONTROLS
-       The  DEBUG_README document describes how to debug parts of
-       the Postfix mail system. The methods vary from making  the
-       software  log a lot of detail, to running some daemon pro-
+       The DEBUG_README document describes how to debug parts  of
+       the  Postfix mail system. The methods vary from making the
+       software log a lot of detail, to running some daemon  pro-
        cesses under control of a call tracer or debugger.
 
        debug_peer_level (2)
-              The increment  in  verbose  logging  level  when  a
-              remote  client  or  server matches a pattern in the
+              The  increment  in  verbose  logging  level  when a
+              remote client or server matches a  pattern  in  the
               debug_peer_list parameter.
 
        debug_peer_list (empty)
-              Optional list of remote client or  server  hostname
-              or  network address patterns that cause the verbose
-              logging level to increase by the  amount  specified
+              Optional  list  of remote client or server hostname
+              or network address patterns that cause the  verbose
+              logging  level  to increase by the amount specified
               in $debug_peer_level.
 
        error_notice_recipient (postmaster)
-              The  recipient  of  postmaster  notifications about
-              mail delivery problems that are caused  by  policy,
+              The recipient  of  postmaster  notifications  about
+              mail  delivery  problems that are caused by policy,
               resource, software or protocol errors.
 
        internal_mail_filter_classes (empty)
-              What  categories of Postfix-generated mail are sub-
-              ject  to   before-queue   content   inspection   by
+              What categories of Postfix-generated mail are  sub-
+              ject   to   before-queue   content   inspection  by
               non_smtpd_milters, header_checks and body_checks.
 
        notify_classes (resource, software)
-              The  list of error classes that are reported to the
+              The list of error classes that are reported to  the
               postmaster.
 
        soft_bounce (no)
@@ -630,22 +631,22 @@ SMTPD(8)                                                              SMTPD(8)
        Available in Postfix version 2.1 and later:
 
        smtpd_authorized_xclient_hosts (empty)
-              What  SMTP  clients  are allowed to use the XCLIENT
+              What SMTP clients are allowed to  use  the  XCLIENT
               feature.
 
 KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS
-       As of Postfix version 2.0, the SMTP  server  rejects  mail
-       for  unknown recipients. This prevents the mail queue from
-       clogging up  with  undeliverable  MAILER-DAEMON  messages.
-       Additional   information   on   this   topic   is  in  the
+       As  of  Postfix  version 2.0, the SMTP server rejects mail
+       for unknown recipients. This prevents the mail queue  from
+       clogging  up  with  undeliverable  MAILER-DAEMON messages.
+       Additional  information  on   this   topic   is   in   the
        LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents.
 
        show_user_unknown_table_name (yes)
-              Display  the  name  of  the  recipient table in the
+              Display the name of  the  recipient  table  in  the
               "User unknown" responses.
 
        canonical_maps (empty)
-              Optional address mapping lookup tables for  message
+              Optional  address mapping lookup tables for message
               headers and envelopes.
 
        recipient_canonical_maps (empty)
@@ -656,7 +657,7 @@ SMTPD(8)                                                              SMTPD(8)
 
        mydestination  ($myhostname,  localhost.$mydomain,  local-
        host)
-              The list of domains  that  are  delivered  via  the
+              The  list  of  domains  that  are delivered via the
               $local_transport mail delivery transport.
 
        inet_interfaces (all)
@@ -665,146 +666,146 @@ SMTPD(8)                                                              SMTPD(8)
 
        proxy_interfaces (empty)
               The network interface addresses that this mail sys-
-              tem  receives  mail on by way of a proxy or network
+              tem receives mail on by way of a proxy  or  network
               address translation unit.
 
        inet_protocols (ipv4)
-              The Internet protocols Postfix will attempt to  use
+              The  Internet protocols Postfix will attempt to use
               when making or accepting connections.
 
        local_recipient_maps             (proxy:unix:passwd.byname
        $alias_maps)
-              Lookup  tables with all names or addresses of local
-              recipients: a recipient address is local  when  its
-              domain  matches $mydestination, $inet_interfaces or
+              Lookup tables with all names or addresses of  local
+              recipients:  a  recipient address is local when its
+              domain matches $mydestination, $inet_interfaces  or
               $proxy_interfaces.
 
        unknown_local_recipient_reject_code (550)
-              The numerical Postfix  SMTP  server  response  code
-              when    a   recipient   address   is   local,   and
-              $local_recipient_maps specifies a  list  of  lookup
+              The  numerical  Postfix  SMTP  server response code
+              when   a   recipient   address   is   local,    and
+              $local_recipient_maps  specifies  a  list of lookup
               tables that does not match the recipient.
 
-       Parameters  concerning  known/unknown  recipients of relay
+       Parameters concerning known/unknown  recipients  of  relay
        destinations:
 
        relay_domains ($mydestination)
-              What destination domains (and  subdomains  thereof)
+              What  destination  domains (and subdomains thereof)
               this system will relay mail to.
 
        relay_recipient_maps (empty)
-              Optional  lookup tables with all valid addresses in
+              Optional lookup tables with all valid addresses  in
               the domains that match $relay_domains.
 
        unknown_relay_recipient_reject_code (550)
               The numerical Postfix SMTP server reply code when a
-              recipient   address   matches  $relay_domains,  and
-              relay_recipient_maps specifies  a  list  of  lookup
+              recipient  address  matches   $relay_domains,   and
+              relay_recipient_maps  specifies  a  list  of lookup
               tables that does not match the recipient address.
 
-       Parameters  concerning known/unknown recipients in virtual
+       Parameters concerning known/unknown recipients in  virtual
        alias domains:
 
        virtual_alias_domains ($virtual_alias_maps)
               Postfix is final destination for the specified list
-              of  virtual  alias  domains,  that  is, domains for
-              which all addresses are  aliased  to  addresses  in
+              of virtual alias  domains,  that  is,  domains  for
+              which  all  addresses  are  aliased to addresses in
               other local or remote domains.
 
        virtual_alias_maps ($virtual_maps)
-              Optional  lookup  tables  that  alias specific mail
-              addresses or  domains  to  other  local  or  remote
+              Optional lookup tables  that  alias  specific  mail
+              addresses  or  domains  to  other  local  or remote
               address.
 
        unknown_virtual_alias_reject_code (550)
               The SMTP server reply code when a recipient address
-              matches    $virtual_alias_domains,    and     $vir-
-              tual_alias_maps  specifies  a list of lookup tables
+              matches     $virtual_alias_domains,    and    $vir-
+              tual_alias_maps specifies a list of  lookup  tables
               that does not match the recipient address.
 
-       Parameters concerning known/unknown recipients in  virtual
+       Parameters  concerning known/unknown recipients in virtual
        mailbox domains:
 
        virtual_mailbox_domains ($virtual_mailbox_maps)
               Postfix is final destination for the specified list
-              of  domains;  mail  is  delivered  via  the   $vir-
+              of   domains;  mail  is  delivered  via  the  $vir-
               tual_transport mail delivery transport.
 
        virtual_mailbox_maps (empty)
-              Optional  lookup tables with all valid addresses in
+              Optional lookup tables with all valid addresses  in
               the domains that match $virtual_mailbox_domains.
 
        unknown_virtual_mailbox_reject_code (550)
               The SMTP server reply code when a recipient address
-              matches    $virtual_mailbox_domains,    and   $vir-
+              matches   $virtual_mailbox_domains,    and    $vir-
               tual_mailbox_maps specifies a list of lookup tables
               that does not match the recipient address.
 
 RESOURCE AND RATE CONTROLS
-       The  following parameters limit resource usage by the SMTP
+       The following parameters limit resource usage by the  SMTP
        server and/or control client request rates.
 
        line_length_limit (2048)
-              Upon input, long lines are chopped up  into  pieces
-              of  at  most this length; upon delivery, long lines
+              Upon  input,  long lines are chopped up into pieces
+              of at most this length; upon delivery,  long  lines
               are reconstructed.
 
        queue_minfree (0)
-              The minimal amount of free space in  bytes  in  the
+              The  minimal  amount  of free space in bytes in the
               queue file system that is needed to receive mail.
 
        message_size_limit (10240000)
-              The  maximal  size in bytes of a message, including
+              The maximal size in bytes of a  message,  including
               envelope information.
 
        smtpd_recipient_limit (1000)
-              The maximal number of recipients that  the  Postfix
+              The  maximal  number of recipients that the Postfix
               SMTP server accepts per message delivery request.
 
        smtpd_timeout (normal: 300s, stress: 10s)
-              The  time  limit  for sending a Postfix SMTP server
-              response and for receiving  a  remote  SMTP  client
+              The time limit for sending a  Postfix  SMTP  server
+              response  and  for  receiving  a remote SMTP client
               request.
 
        smtpd_history_flush_threshold (100)
-              The  maximal  number  of  lines in the Postfix SMTP
-              server command history before it  is  flushed  upon
+              The maximal number of lines  in  the  Postfix  SMTP
+              server  command  history  before it is flushed upon
               receipt of EHLO, RSET, or end of DATA.
 
        Available in Postfix version 2.3 and later:
 
        smtpd_peername_lookup (yes)
               Attempt to look up the remote SMTP client hostname,
-              and verify that the  name  matches  the  client  IP
+              and  verify  that  the  name  matches the client IP
               address.
 
        The per SMTP client connection count and request rate lim-
        its are implemented in co-operation with the anvil(8) ser-
-       vice,  and are available in Postfix version 2.2 and later.
+       vice, and are available in Postfix version 2.2 and  later.
 
        smtpd_client_connection_count_limit (50)
-              How many simultaneous  connections  any  client  is
+              How  many  simultaneous  connections  any client is
               allowed to make to this service.
 
        smtpd_client_connection_rate_limit (0)
               The  maximal  number  of  connection  attempts  any
-              client is allowed to make to this service per  time
+              client  is allowed to make to this service per time
               unit.
 
        smtpd_client_message_rate_limit (0)
-              The  maximal  number  of  message delivery requests
-              that any client is allowed to make to this  service
+              The maximal number  of  message  delivery  requests
+              that  any client is allowed to make to this service
               per time unit, regardless of whether or not Postfix
               actually accepts those messages.
 
        smtpd_client_recipient_rate_limit (0)
-              The maximal number of recipient addresses that  any
-              client  is allowed to send to this service per time
+              The  maximal number of recipient addresses that any
+              client is allowed to send to this service per  time
               unit, regardless of whether or not Postfix actually
               accepts those recipients.
 
        smtpd_client_event_limit_exceptions ($mynetworks)
-              Clients  that  are  excluded from connection count,
+              Clients that are excluded  from  connection  count,
               connection rate, or SMTP request rate restrictions.
 
        Available in Postfix version 2.3 and later:
@@ -815,52 +816,52 @@ SMTPD(8)                                                              SMTPD(8)
               tiate with this service per time unit.
 
 TARPIT CONTROLS
-       When  a  remote SMTP client makes errors, the Postfix SMTP
-       server can insert delays before responding. This can  help
-       to  slow  down  run-away  software.   The behavior is con-
-       trolled by an error counter  that  counts  the  number  of
-       errors  within an SMTP session that a client makes without
+       When a remote SMTP client makes errors, the  Postfix  SMTP
+       server  can insert delays before responding. This can help
+       to slow down run-away  software.   The  behavior  is  con-
+       trolled  by  an  error  counter  that counts the number of
+       errors within an SMTP session that a client makes  without
        delivering mail.
 
        smtpd_error_sleep_time (1s)
               With Postfix version 2.1 and later: the SMTP server
-              response  delay  after  a client has made more than
-              $smtpd_soft_error_limit  errors,  and  fewer   than
-              $smtpd_hard_error_limit  errors, without delivering
+              response delay after a client has  made  more  than
+              $smtpd_soft_error_limit   errors,  and  fewer  than
+              $smtpd_hard_error_limit errors, without  delivering
               mail.
 
        smtpd_soft_error_limit (10)
-              The number  of  errors  a  remote  SMTP  client  is
-              allowed  to make without delivering mail before the
+              The  number  of  errors  a  remote  SMTP  client is
+              allowed to make without delivering mail before  the
               Postfix SMTP server slows down all its responses.
 
        smtpd_hard_error_limit (normal: 20, stress: 1)
-              The maximal number of errors a remote  SMTP  client
+              The  maximal  number of errors a remote SMTP client
               is allowed to make without delivering mail.
 
        smtpd_junk_command_limit (normal: 100, stress: 1)
-              The  number  of  junk commands (NOOP, VRFY, ETRN or
+              The number of junk commands (NOOP,  VRFY,  ETRN  or
               RSET) that a remote SMTP client can send before the
-              Postfix  SMTP  server starts to increment the error
+              Postfix SMTP server starts to increment  the  error
               counter with each junk command.
 
        Available in Postfix version 2.1 and later:
 
        smtpd_recipient_overshoot_limit (1000)
-              The number of recipients that a remote SMTP  client
-              can  send  in  excess  of  the limit specified with
+              The  number of recipients that a remote SMTP client
+              can send in excess  of  the  limit  specified  with
               $smtpd_recipient_limit,  before  the  Postfix  SMTP
-              server  increments  the per-session error count for
+              server increments the per-session error  count  for
               each excess recipient.
 
 ACCESS POLICY DELEGATION CONTROLS
-       As of version 2.1, Postfix can be configured  to  delegate
-       access  policy  decisions  to an external server that runs
-       outside Postfix.  See  the  file  SMTPD_POLICY_README  for
+       As  of  version 2.1, Postfix can be configured to delegate
+       access policy decisions to an external  server  that  runs
+       outside  Postfix.   See  the  file SMTPD_POLICY_README for
        more information.
 
        smtpd_policy_service_max_idle (300s)
-              The  time  after which an idle SMTPD policy service
+              The time after which an idle SMTPD  policy  service
               connection is closed.
 
        smtpd_policy_service_max_ttl (1000s)
@@ -868,150 +869,150 @@ SMTPD(8)                                                              SMTPD(8)
               connection is closed.
 
        smtpd_policy_service_timeout (100s)
-              The  time  limit  for  connecting to, writing to or
+              The time limit for connecting  to,  writing  to  or
               receiving from a delegated SMTPD policy server.
 
 ACCESS CONTROLS
-       The SMTPD_ACCESS_README document gives an introduction  to
+       The  SMTPD_ACCESS_README document gives an introduction to
        all the SMTP server access control features.
 
        smtpd_delay_reject (yes)
-              Wait  until  the  RCPT TO command before evaluating
+              Wait until the RCPT TO  command  before  evaluating
               $smtpd_client_restrictions,    $smtpd_helo_restric-
               tions and $smtpd_sender_restrictions, or wait until
-              the     ETRN     command     before      evaluating
+              the      ETRN     command     before     evaluating
               $smtpd_client_restrictions and $smtpd_helo_restric-
               tions.
 
-       parent_domain_matches_subdomains (see 'postconf  -d'  out-
+       parent_domain_matches_subdomains  (see  'postconf -d' out-
        put)
               What   Postfix   features   match   subdomains   of
               "domain.tld" automatically, instead of requiring an
               explicit ".domain.tld" pattern.
 
        smtpd_client_restrictions (empty)
-              Optional SMTP server  access  restrictions  in  the
+              Optional  SMTP  server  access  restrictions in the
               context of a client SMTP connection request.
 
        smtpd_helo_required (no)
               Require that a remote SMTP client introduces itself
-              at the beginning of an SMTP session with  the  HELO
+              at  the  beginning of an SMTP session with the HELO
               or EHLO command.
 
        smtpd_helo_restrictions (empty)
-              Optional  restrictions that the Postfix SMTP server
+              Optional restrictions that the Postfix SMTP  server
               applies in the context of the SMTP HELO command.
 
        smtpd_sender_restrictions (empty)
-              Optional restrictions that the Postfix SMTP  server
+              Optional  restrictions that the Postfix SMTP server
               applies in the context of the MAIL FROM command.
 
        smtpd_recipient_restrictions           (permit_mynetworks,
        reject_unauth_destination)
               The  access  restrictions  that  the  Postfix  SMTP
-              server applies in the context of the RCPT  TO  com-
+              server  applies  in the context of the RCPT TO com-
               mand.
 
        smtpd_etrn_restrictions (empty)
-              Optional  SMTP  server  access  restrictions in the
+              Optional SMTP server  access  restrictions  in  the
               context of a client ETRN request.
 
        allow_untrusted_routing (no)
-              Forward   mail   with   sender-specified    routing
-              (user[@%!]remote[@%!]site)  from  untrusted clients
+              Forward    mail   with   sender-specified   routing
+              (user[@%!]remote[@%!]site) from  untrusted  clients
               to destinations matching $relay_domains.
 
        smtpd_restriction_classes (empty)
-              User-defined aliases for groups of access  restric-
+              User-defined  aliases for groups of access restric-
               tions.
 
        smtpd_null_access_lookup_key (<>)
-              The  lookup key to be used in SMTP access(5) tables
+              The lookup key to be used in SMTP access(5)  tables
               instead of the null sender address.
 
        permit_mx_backup_networks (empty)
               Restrict  the  use  of  the  permit_mx_backup  SMTP
-              access  feature  to  only  domains whose primary MX
+              access feature to only  domains  whose  primary  MX
               hosts match the listed networks.
 
        Available in Postfix version 2.0 and later:
 
        smtpd_data_restrictions (empty)
-              Optional access restrictions that the Postfix  SMTP
+              Optional  access restrictions that the Postfix SMTP
               server applies in the context of the SMTP DATA com-
               mand.
 
        smtpd_expansion_filter (see 'postconf -d' output)
-              What characters are allowed in $name expansions  of
+              What  characters are allowed in $name expansions of
               RBL reply templates.
 
        Available in Postfix version 2.1 and later:
 
        smtpd_reject_unlisted_sender (no)
-              Request  that  the Postfix SMTP server rejects mail
-              from  unknown  sender  addresses,  even   when   no
-              explicit  reject_unlisted_sender access restriction
+              Request that the Postfix SMTP server  rejects  mail
+              from   unknown   sender  addresses,  even  when  no
+              explicit reject_unlisted_sender access  restriction
               is specified.
 
        smtpd_reject_unlisted_recipient (yes)
-              Request that the Postfix SMTP server  rejects  mail
+              Request  that  the Postfix SMTP server rejects mail
               for  unknown  recipient  addresses,  even  when  no
-              explicit reject_unlisted_recipient access  restric-
+              explicit  reject_unlisted_recipient access restric-
               tion is specified.
 
        Available in Postfix version 2.2 and later:
 
        smtpd_end_of_data_restrictions (empty)
-              Optional  access restrictions that the Postfix SMTP
-              server applies in the context of the  SMTP  END-OF-
+              Optional access restrictions that the Postfix  SMTP
+              server  applies  in the context of the SMTP END-OF-
               DATA command.
 
 SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS
-       Postfix   version  2.1  introduces  sender  and  recipient
-       address verification.   This  feature  is  implemented  by
-       sending  probe email messages that are not actually deliv-
-       ered.  This feature is requested  via  the  reject_unveri-
-       fied_sender    and    reject_unverified_recipient   access
-       restrictions.  The status of verification probes is  main-
+       Postfix  version  2.1  introduces  sender  and   recipient
+       address  verification.   This  feature  is  implemented by
+       sending probe email messages that are not actually  deliv-
+       ered.   This  feature  is requested via the reject_unveri-
+       fied_sender   and    reject_unverified_recipient    access
+       restrictions.   The status of verification probes is main-
        tained by the verify(8) server.  See the file ADDRESS_VER-
-       IFICATION_README for information about  how  to  configure
+       IFICATION_README  for  information  about how to configure
        and operate the Postfix sender/recipient address verifica-
        tion service.
 
        address_verify_poll_count (3)
-              How many times to query the verify(8)  service  for
-              the  completion  of an address verification request
+              How  many  times to query the verify(8) service for
+              the completion of an address  verification  request
               in progress.
 
        address_verify_poll_delay (3s)
-              The delay between queries for the completion of  an
+              The  delay between queries for the completion of an
               address verification request in progress.
 
        address_verify_sender ($double_bounce_sender)
-              The  sender  address to use in address verification
+              The sender address to use in  address  verification
               probes; prior to Postfix 2.5 the default was "post-
               master".
 
        unverified_sender_reject_code (450)
-              The  numerical  Postfix  SMTP  server response code
-              when  a  recipient  address  is  rejected  by   the
+              The numerical Postfix  SMTP  server  response  code
+              when   a  recipient  address  is  rejected  by  the
               reject_unverified_sender restriction.
 
        unverified_recipient_reject_code (450)
-              The  numerical  Postfix SMTP server response when a
+              The numerical Postfix SMTP server response  when  a
               recipient address is rejected by the reject_unveri-
               fied_recipient restriction.
 
        Available in Postfix version 2.6 and later:
 
        unverified_sender_defer_code (450)
-              The  numerical  Postfix  SMTP  server response code
-              when a sender address probe fails due to  a  tempo-
+              The numerical Postfix  SMTP  server  response  code
+              when  a  sender address probe fails due to a tempo-
               rary error condition.
 
        unverified_recipient_defer_code (450)
-              The  numerical  Postfix SMTP server response when a
-              recipient address probe fails due  to  a  temporary
+              The numerical Postfix SMTP server response  when  a
+              recipient  address  probe  fails due to a temporary
               error condition.
 
        unverified_sender_reject_reason (empty)
@@ -1025,7 +1026,7 @@ SMTPD(8)                                                              SMTPD(8)
        unverified_sender_tempfail_action           ($reject_temp-
        fail_action)
               The Postfix SMTP server's action when reject_unver-
-              ified_sender fails due to a temporary error  condi-
+              ified_sender  fails due to a temporary error condi-
               tion.
 
        unverified_recipient_tempfail_action        ($reject_temp-
@@ -1035,7 +1036,7 @@ SMTPD(8)                                                              SMTPD(8)
               dition.
 
 ACCESS CONTROL RESPONSES
-       The  following  parameters  control  numerical  SMTP reply
+       The following  parameters  control  numerical  SMTP  reply
        codes and/or text responses.
 
        access_map_reject_code (554)
@@ -1043,18 +1044,18 @@ SMTPD(8)                                                              SMTPD(8)
               an access(5) map "reject" action.
 
        defer_code (450)
-              The  numerical  Postfix  SMTP  server response code
-              when a remote SMTP client request  is  rejected  by
+              The numerical Postfix  SMTP  server  response  code
+              when  a  remote  SMTP client request is rejected by
               the "defer" restriction.
 
        invalid_hostname_reject_code (501)
-              The  numerical  Postfix  SMTP  server response code
-              when the client HELO or EHLO command  parameter  is
-              rejected    by   the   reject_invalid_helo_hostname
+              The numerical Postfix  SMTP  server  response  code
+              when  the  client HELO or EHLO command parameter is
+              rejected   by   the    reject_invalid_helo_hostname
               restriction.
 
        maps_rbl_reject_code (554)
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
               when a remote SMTP client request is blocked by the
               reject_rbl_client,             reject_rhsbl_client,
               reject_rhsbl_sender    or    reject_rhsbl_recipient
@@ -1062,53 +1063,53 @@ SMTPD(8)                                                              SMTPD(8)
 
        non_fqdn_reject_code (504)
               The numerical Postfix SMTP server reply code when a
-              client     request     is     rejected    by    the
+              client    request    is     rejected     by     the
               reject_non_fqdn_helo_hostname,
               reject_non_fqdn_sender or reject_non_fqdn_recipient
               restriction.
 
        plaintext_reject_code (450)
-              The numerical Postfix  SMTP  server  response  code
-              when  a  request  is  rejected by the reject_plain-
+              The  numerical  Postfix  SMTP  server response code
+              when a request is  rejected  by  the  reject_plain-
               text_session restriction.
 
        reject_code (554)
-              The numerical Postfix  SMTP  server  response  code
-              when  a  remote  SMTP client request is rejected by
+              The  numerical  Postfix  SMTP  server response code
+              when a remote SMTP client request  is  rejected  by
               the "reject" restriction.
 
        relay_domains_reject_code (554)
-              The numerical Postfix  SMTP  server  response  code
-              when   a   client   request   is  rejected  by  the
+              The  numerical  Postfix  SMTP  server response code
+              when  a  client  request   is   rejected   by   the
               reject_unauth_destination recipient restriction.
 
        unknown_address_reject_code (450)
-              The numerical Postfix  SMTP  server  response  code
-              when  a  sender or recipient address is rejected by
+              The  numerical  Postfix  SMTP  server response code
+              when a sender or recipient address is  rejected  by
               the         reject_unknown_sender_domain         or
               reject_unknown_recipient_domain restriction.
 
        unknown_client_reject_code (450)
-              The  numerical  Postfix  SMTP  server response code
-              when a client without valid address <=>  name  map-
+              The numerical Postfix  SMTP  server  response  code
+              when  a  client without valid address <=> name map-
               ping is rejected by the reject_unknown_client_host-
               name restriction.
 
        unknown_hostname_reject_code (450)
-              The numerical Postfix  SMTP  server  response  code
-              when  the  hostname specified with the HELO or EHLO
-              command       is       rejected       by        the
+              The  numerical  Postfix  SMTP  server response code
+              when the hostname specified with the HELO  or  EHLO
+              command        is       rejected       by       the
               reject_unknown_helo_hostname restriction.
 
        Available in Postfix version 2.0 and later:
 
        default_rbl_reply (see 'postconf -d' output)
-              The  default  SMTP  server  response template for a
-              request that is rejected by an  RBL-based  restric-
+              The default SMTP server  response  template  for  a
+              request  that  is rejected by an RBL-based restric-
               tion.
 
        multi_recipient_bounce_reject_code (550)
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
               when a remote SMTP client request is blocked by the
               reject_multi_recipient_bounce restriction.
 
@@ -1119,38 +1120,38 @@ SMTPD(8)                                                              SMTPD(8)
 
        access_map_defer_code (450)
               The numerical Postfix SMTP server response code for
-              an   access(5)   map   "defer"   action,  including
+              an  access(5)   map   "defer"   action,   including
               "defer_if_permit" or "defer_if_reject".
 
        reject_tempfail_action (defer_if_permit)
               The Postfix SMTP server's action when a reject-type
-              restriction  fails  due to a temporary error condi-
+              restriction fails due to a temporary  error  condi-
               tion.
 
        unknown_helo_hostname_tempfail_action       ($reject_temp-
        fail_action)
-              The   Postfix    SMTP    server's    action    when
+              The    Postfix    SMTP    server's    action   when
               reject_unknown_helo_hostname fails due to an tempo-
               rary error condition.
 
        unknown_address_tempfail_action ($reject_tempfail_action)
-              The   Postfix    SMTP    server's    action    when
+              The    Postfix    SMTP    server's    action   when
               reject_unknown_sender_domain                     or
-              reject_unknown_recipient_domain fail due to a  tem-
+              reject_unknown_recipient_domain  fail due to a tem-
               porary error condition.
 
 MISCELLANEOUS CONTROLS
        config_directory (see 'postconf -d' output)
-              The  default  location  of  the Postfix main.cf and
+              The default location of  the  Postfix  main.cf  and
               master.cf configuration files.
 
        daemon_timeout (18000s)
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        command_directory (see 'postconf -d' output)
-              The location of  all  postfix  administrative  com-
+              The  location  of  all  postfix administrative com-
               mands.
 
        double_bounce_sender (double-bounce)
@@ -1171,37 +1172,37 @@ SMTPD(8)                                                              SMTPD(8)
               and most Postfix daemon processes.
 
        max_idle (100s)
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits  for  an incoming connection
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits  for  an  incoming  connection
               before terminating voluntarily.
 
        max_use (100)
-              The maximal number of incoming connections  that  a
-              Postfix  daemon  process will service before termi-
+              The  maximal  number of incoming connections that a
+              Postfix daemon process will service  before  termi-
               nating voluntarily.
 
        myhostname (see 'postconf -d' output)
               The internet hostname of this mail system.
 
        mynetworks (see 'postconf -d' output)
-              The list of "trusted" SMTP clients that  have  more
+              The  list  of "trusted" SMTP clients that have more
               privileges than "strangers".
 
        myorigin ($myhostname)
               The domain name that locally-posted mail appears to
-              come from, and that locally posted mail  is  deliv-
+              come  from,  and that locally posted mail is deliv-
               ered to.
 
        process_id (read-only)
-              The  process  ID  of  a  Postfix  command or daemon
+              The process ID  of  a  Postfix  command  or  daemon
               process.
 
        process_name (read-only)
-              The process name of a  Postfix  command  or  daemon
+              The  process  name  of  a Postfix command or daemon
               process.
 
        queue_directory (see 'postconf -d' output)
-              The  location of the Postfix top-level queue direc-
+              The location of the Postfix top-level queue  direc-
               tory.
 
        recipient_delimiter (empty)
@@ -1209,28 +1210,28 @@ SMTPD(8)                                                              SMTPD(8)
               sions (user+foo).
 
        smtpd_banner ($myhostname ESMTP $mail_name)
-              The  text  that  follows the 220 status code in the
+              The text that follows the 220 status  code  in  the
               SMTP greeting banner.
 
        syslog_facility (mail)
               The syslog facility of Postfix logging.
 
        syslog_name (see 'postconf -d' output)
-              The mail system  name  that  is  prepended  to  the
-              process  name  in  syslog  records, so that "smtpd"
+              The  mail  system  name  that  is  prepended to the
+              process name in syslog  records,  so  that  "smtpd"
               becomes, for example, "postfix/smtpd".
 
        Available in Postfix version 2.2 and later:
 
        smtpd_forbidden_commands (CONNECT, GET, POST)
-              List of  commands  that  causes  the  Postfix  SMTP
-              server  to immediately terminate the session with a
+              List  of  commands  that  causes  the  Postfix SMTP
+              server to immediately terminate the session with  a
               221 code.
 
        Available in Postfix version 2.5 and later:
 
        smtpd_client_port_logging (no)
-              Enable logging of the remote SMTP  client  port  in
+              Enable  logging  of  the remote SMTP client port in
               addition to the hostname and IP address.
 
 SEE ALSO
@@ -1260,7 +1261,7 @@ SMTPD(8)                                                              SMTPD(8)
        XFORWARD_README, Postfix XFORWARD extension
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 6ad3b76fe..290b269a9 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -5617,8 +5617,8 @@ introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
 of how the policy is specified, the smtp_tls_mandatory_ciphers and
 smtp_tls_mandatory_protocols parameters apply when TLS encryption
 is mandatory. Connections for which encryption is optional typically
-enable all "export" grade and better ciphers and all SSL/TLS protocols
-(see smtp_tls_ciphers and smtp_tls_protocols).
+enable all "export" grade and better ciphers (see smtp_tls_ciphers
+and smtp_tls_protocols).
 .PP
 As long as no secure DNS lookup mechanism is available, false
 hostnames in MX or CNAME responses can change the server hostname
@@ -5761,11 +5761,11 @@ DNS forgery. Do not use the \fBhostname\fR strategy for secure-channel
 configurations in environments where DNS security is not assured.
 .PP
 This feature is available in Postfix 2.3 and later.
-.SH smtp_tls_protocols (default: empty)
-List of TLS protocols that the Postfix SMTP client will exclude
-or include with opportunistic TLS encryption. This parameter SHOULD be
-left at its default empty value, allowing all protocols to be used with
-opportunistic TLS.
+.SH smtp_tls_protocols (default: !SSLv2)
+List of TLS protocols that the Postfix SMTP client will exclude or
+include with opportunistic TLS encryption. Starting with Postfix 2.6,
+the Postfix SMTP client will by default only use SSLv3 and TLSv1, the
+SSLv2 protocol is insecure and obsolete.
 .PP
 In main.cf the values are separated by whitespace, commas or
 colons. In the policy table (see smtp_tls_policy_maps) the only valid
@@ -5786,7 +5786,8 @@ Example:
 .nf
 .na
 .ft C
-smtp_tls_protocols = !SSLv2
+# TLSv1 only!
+smtp_tls_protocols = !SSLv2, !SSLv3
 .fi
 .ad
 .ft R
@@ -5926,12 +5927,12 @@ smtp_tls_security_level = none
 # Opportunistic TLS.
 smtp_tls_security_level = may
 # Postfix >= 2.6:
-# Do not tweak opportunistic ciphers or protocols unless it is essential
+# Do not tweak opportunistic ciphers unless it is essential
 # to do so (if a security vulnerability is found in the SSL library that
 # can be mitigated by disabling a particular protocol or raising the
 # cipher grade from "export" to "low" or "medium").
 smtp_tls_ciphers = export
-smtp_tls_protocols =
+smtp_tls_protocols = !SSLv2
 .fi
 .ad
 .ft R
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index c3baf168b..4fc471b79 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -420,9 +420,9 @@ The message digest algorithm used to construct remote SMTP server
 certificate fingerprints.
 .PP
 Available in Postfix version 2.6 and later:
-.IP "\fBsmtp_tls_protocols (empty)\fR"
-List of TLS protocols that the Postfix SMTP client will exclude
-or include with opportunistic TLS encryption.
+.IP "\fBsmtp_tls_protocols (!SSLv2)\fR"
+List of TLS protocols that the Postfix SMTP client will exclude or
+include with opportunistic TLS encryption.
 .IP "\fBsmtp_tls_ciphers (export)\fR"
 The minimum TLS cipher grade that the Postfix SMTP client
 will use with opportunistic TLS encryption.
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 9439ff6e6..36525066d 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -340,9 +340,9 @@ during TLS startup and shutdown handshake procedures.
 A file containing (PEM format) CA certificates of root CAs trusted
 to sign either remote SMTP client certificates or intermediate CA
 certificates.
-.IP "\fBsmtpd_tls_CAfile (empty)\fR"
-A file containing (PEM format) CA certificates of root CAs trusted
-to sign either remote SMTP client certificates or intermediate CA
+.IP "\fBsmtpd_tls_CApath (empty)\fR"
+A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate CA
 certificates.
 .IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
 Force the Postfix SMTP server to issue a TLS session id, even
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 7d4d59e52..3d01af7c5 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -667,6 +667,7 @@ while (<>) {
     s;\btls_eecdh_ultra_curve\b;$&;g;
  
     s;\bfrozen_delivered_to\b;$&;g;
+    s;\bfrozen_owner_alias\b;$&;g;
 
     # Transport-dependent magical parameters.
 
diff --git a/postfix/proto/FILTER_README.html b/postfix/proto/FILTER_README.html
index 9f036b1cb..7ee33f665 100644
--- a/postfix/proto/FILTER_README.html
+++ b/postfix/proto/FILTER_README.html
@@ -356,7 +356,8 @@ to the "filter" user. This is where the content filtering script
 is supposed to store its temporary files. 
    
 
 
  •  
     Configure Postfix to deliver mail to the content filter
-with the pipe(8) delivery agent. 
    
+with the pipe(8) delivery agent (see the pipe(8) manpage for a
+description of the command syntax below). 
    
 
 
     /etc/postfix/master.cf:
@@ -365,14 +366,16 @@ with the pipe(8) delivery agent. 
    
   #               (yes)   (yes)   (yes)   (never) (100)
   # =============================================================
   filter    unix  -       n       n       -       10      pipe
-    flags=Rq user=filter argv=/path/to/script -f ${sender} -- ${recipient}
+    flags=Rq user=filter null_sender=
+    argv=/path/to/script -f ${sender} -- ${recipient}
 
    
 
 
     This runs up to 10 content filters in parallel. Instead of a
 limit of 10 concurrent processes, use whatever process limit is
 feasible for your machine.  Content inspection software can gobble
 up a lot of system resources, so you don't want to have too much
-of it running at the same time. 
    
+of it running at the same time. The empty null_sender feature is
+both necessary and available with Postfix 2.3 and later. 
    
 
 
  •  
     To turn on content filtering for mail arriving via SMTP
 only, append "-o content_filter=filter:dummy" to the master.cf
diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html
index b88a88493..34fd0791b 100644
--- a/postfix/proto/MILTER_README.html
+++ b/postfix/proto/MILTER_README.html
@@ -580,11 +580,24 @@ milter_macro_daemon_name  
   {mail_addr}   MAIL   Sender address
  
 
+  {mail_host}   MAIL (Postfix ≥ 2.6)  
+Sender next-hop destination  
+
+  {mail_mailer}   MAIL (Postfix ≥ 2.6) 
+ Sender mail delivery transport  
+
   {rcpt_addr}   RCPT   Recipient address
  
 
-  {tls_version}   HELO, MAIL, DATA, EOH, EOM  
-TLS protocol version  
+  {rcpt_host}   RCPT (Postfix ≥ 2.6)  
+Recipient next-hop destination  
+
+  {rcpt_mailer}   RCPT (Postfix ≥ 2.6) 
+ Recipient mail delivery transport, "error" for rejected
+recipient.   
+
+  {tls_version}   HELO, MAIL, DATA, EOH, EOM 
+ TLS protocol version  
 
   v   Always   value of milter_macro_v
  
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index c2d999b50..f42bee9c6 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -2277,7 +2277,7 @@ the SSL/TLS protocols used with opportunistic TLS. 
    
     smtp_tls_mandatory_protocols = !SSLv2
     # Also available with Postfix ≥ 2.6:
     smtp_tls_ciphers = export
-    smtp_tls_protocols =
+    smtp_tls_protocols = !SSLv2
    • diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 1848dd3b3..f46e246cc 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -9121,8 +9121,8 @@ introduced in Postfix 2.3. Starting with Postfix 2.3, and independently of how the policy is specified, the smtp_tls_mandatory_ciphers and smtp_tls_mandatory_protocols parameters apply when TLS encryption is mandatory. Connections for which encryption is optional typically -enable all "export" grade and better ciphers and all SSL/TLS protocols -(see smtp_tls_ciphers and smtp_tls_protocols).

    +enable all "export" grade and better ciphers (see smtp_tls_ciphers +and smtp_tls_protocols).

    As long as no secure DNS lookup mechanism is available, false hostnames in MX or CNAME responses can change the server hostname @@ -10389,12 +10389,12 @@ smtp_tls_security_level = none # Opportunistic TLS. smtp_tls_security_level = may # Postfix ≥ 2.6: -# Do not tweak opportunistic ciphers or protocols unless it is essential +# Do not tweak opportunistic ciphers unless it is essential # to do so (if a security vulnerability is found in the SSL library that # can be mitigated by disabling a particular protocol or raising the # cipher grade from "export" to "low" or "medium"). smtp_tls_ciphers = export -smtp_tls_protocols = +smtp_tls_protocols = !SSLv2 

    @@ -11284,12 +11284,12 @@ the hostname and IP address. The logging format is "host[address]:port".
 
 
     This feature is available in Postfix 2.5 and later. 
    
 
-%PARAM smtp_tls_protocols
+%PARAM smtp_tls_protocols !SSLv2
 
-
     List of TLS protocols that the Postfix SMTP client will exclude
-or include with opportunistic TLS encryption. This parameter SHOULD be
-left at its default empty value, allowing all protocols to be used with
-opportunistic TLS. 
    
+
     List of TLS protocols that the Postfix SMTP client will exclude or
+include with opportunistic TLS encryption. Starting with Postfix 2.6,
+the Postfix SMTP client will by default only use SSLv3 and TLSv1, the
+SSLv2 protocol is insecure and obsolete. 
    
 
 
     In main.cf the values are separated by whitespace, commas or
 colons. In the policy table (see smtp_tls_policy_maps) the only valid
@@ -11308,7 +11308,8 @@ they cannot be excluded using either syntax. 
    
 
 
     Example: 
    
 
    -smtp_tls_protocols = !SSLv2
+# TLSv1 only!
+smtp_tls_protocols = !SSLv2, !SSLv3
 
    
 
 
     This feature is available in Postfix 2.6 and later. 
    
diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c
index def810f14..b80d53020 100644
--- a/postfix/src/cleanup/cleanup_milter.c
+++ b/postfix/src/cleanup/cleanup_milter.c
@@ -1608,7 +1608,7 @@ void    cleanup_milter_emul_rcpt(CLEANUP_STATE *state,
 	vstring_strcpy(state->milter_ext_rcpt, addr);
     argv[0] = STR(state->milter_ext_rcpt);
     argv[1] = 0;
-    if ((resp = milter_rcpt_event(milters, argv)) != 0
+    if ((resp = milter_rcpt_event(milters, MILTER_FLAG_NONE, argv)) != 0
 	&& cleanup_milter_apply(state, "RCPT", resp) != 0) {
 	msg_warn("%s: milter configuration error: can't reject recipient "
 		 "in non-smtpd(8) submission", state->queue_id);
diff --git a/postfix/src/global/deliver_request.c b/postfix/src/global/deliver_request.c
index 05c074380..060c04f90 100644
--- a/postfix/src/global/deliver_request.c
+++ b/postfix/src/global/deliver_request.c
@@ -207,7 +207,6 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request)
     static RCPT_BUF *rcpt_buf;
     int     rcpt_count;
     int     dsn_ret;
-    int     lock_tries;
 
     /*
      * Initialize. For some reason I wanted to allow for multiple instances
@@ -319,6 +318,14 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request)
      * duplicate deliveries when the queue is flushed immediately after queue
      * manager restart.
      * 
+     * The queue manager locks the file exclusively when it enters the active
+     * queue, and releases the lock before starting deliveries from that
+     * file. The queue manager does not lock the file again when reading more
+     * recipients into memory. When the queue manager is restarted, the new
+     * process moves files from the active queue to the incoming queue to cool
+     * off for a while. Delivery agents should therefore never try to open a
+     * file that is locked by a queue manager process.
+     * 
      * Opening the queue file can fail for a variety of reasons, such as the
      * system running out of resources. Instead of throwing away mail, we're
      * raising a fatal error which forces the mail system to back off, and
@@ -336,21 +343,8 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request)
     }
     if (msg_verbose)
 	msg_info("%s: file %s", myname, VSTREAM_PATH(request->fp));
-
-    /*
-     * XXX Originally, the queue manager would read new recipients AFTER all
-     * the in-memory recipients were processed. either the queue manager held
-     * an exclusive lock or delivery agents held a shared lock. Now we try a
-     * few times.
-     */
-    for (lock_tries = 0; /* see below */; lock_tries++) {
-	if (myflock(vstream_fileno(request->fp), INTERNAL_LOCK, DELIVER_LOCK_MODE) == 0)
-	    break;
-	if (lock_tries < 5)
-	    sleep(1);
-	else
-	    msg_fatal("shared lock %s: %m", VSTREAM_PATH(request->fp));
-    }
+    if (myflock(vstream_fileno(request->fp), INTERNAL_LOCK, DELIVER_LOCK_MODE) < 0)
+	msg_fatal("shared lock %s: %m", VSTREAM_PATH(request->fp));
     close_on_exec(vstream_fileno(request->fp), CLOSE_ON_EXEC);
 
     return (0);
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index d2b4c20f8..6ab988d57 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -1428,9 +1428,9 @@ extern int var_lmtp_tls_scache_timeout;
 extern char *var_smtp_tls_policy;
 
 #define VAR_SMTP_TLS_PROTO	"smtp_tls_protocols"
-#define DEF_SMTP_TLS_PROTO	""
+#define DEF_SMTP_TLS_PROTO	"!SSLv2"
 #define VAR_LMTP_TLS_PROTO	"lmtp_tls_protocols"
-#define DEF_LMTP_TLS_PROTO	""
+#define DEF_LMTP_TLS_PROTO	"!SSLv2"
 extern char *var_smtp_tls_proto;
 
 #define VAR_SMTP_TLS_MAND_PROTO	"smtp_tls_mandatory_protocols"
@@ -2929,11 +2929,13 @@ extern char *var_milt_helo_macros;
 
 #define VAR_MILT_MAIL_MACROS		"milter_mail_macros"
 #define DEF_MILT_MAIL_MACROS		"i {auth_type} {auth_authen}" \
-					" {auth_author} {mail_addr}"
+					" {auth_author} {mail_addr}" \
+					" {mail_host} {mail_mailer}"
 extern char *var_milt_mail_macros;
 
 #define VAR_MILT_RCPT_MACROS		"milter_rcpt_macros"
-#define DEF_MILT_RCPT_MACROS		"i {rcpt_addr}"
+#define DEF_MILT_RCPT_MACROS		"i {rcpt_addr} {rcpt_host}" \
+					" {rcpt_mailer}"
 extern char *var_milt_rcpt_macros;
 
 #define VAR_MILT_DATA_MACROS		"milter_data_macros"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 7a9b37f19..80c6d4906 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20090419"
+#define MAIL_RELEASE_DATE	"20090426"
 #define MAIL_VERSION_NUMBER	"2.7"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c
index 6854b358c..718940445 100644
--- a/postfix/src/milter/milter.c
+++ b/postfix/src/milter/milter.c
@@ -67,8 +67,9 @@
 /*	MILTERS	*milters;
 /*	const char **argv;
 /*
-/*	const char *milter_rcpt_event(milters, argv)
+/*	const char *milter_rcpt_event(milters, flags, argv)
 /*	MILTERS	*milters;
+/*	int	flags;
 /*	const char **argv;
 /*
 /*	const char *milter_data_event(milters)
@@ -159,8 +160,13 @@
 /*
 /*	milter_rcpt_event() reports an RCPT TO event to the specified
 /*	milter instances, after sending the macros that were specified
-/*	with the milter_create() rcpt_macros argument.
-/*
+/*	with the milter_create() rcpt_macros argument. When the flags
+/*	argument is non-zero, it selects only milter instances that
+/*	have at least one of the specificed flags. Known flags are:
+/* .IP MILTER_FLAG_WANT_RCPT_REJ
+/*	This milter expects to receive rejected recipients with the
+/*	{rcpt_mailer} macro set to "error".
+/* .PP
 /*	milter_data_event() reports a DATA event to the specified
 /*	milter instances, after sending the macros that were specified
 /*	with the milter_create() data_macros argument.
@@ -382,7 +388,7 @@ const char *milter_mail_event(MILTERS *milters, const char **argv)
 
 /* milter_rcpt_event - report rcpt to event */
 
-const char *milter_rcpt_event(MILTERS *milters, const char **argv)
+const char *milter_rcpt_event(MILTERS *milters, int flags, const char **argv)
 {
     const char *resp;
     MILTER *m;
@@ -390,12 +396,16 @@ const char *milter_rcpt_event(MILTERS *milters, const char **argv)
     ARGV   *any_macros;
 
     if (msg_verbose)
-	msg_info("report recipient to all milters");
+	msg_info("report recipient to all milters (flags=0x%x)", flags);
     for (resp = 0, m = milters->milter_list; resp == 0 && m != 0; m = m->next) {
-	any_macros = MILTER_MACRO_EVAL(global_macros, m, milters, rcpt_macros);
-	resp = m->rcpt_event(m, argv, any_macros);
-	if (any_macros != global_macros)
-	    argv_free(any_macros);
+	if ((flags & MILTER_FLAG_WANT_RCPT_REJ) == 0
+	    || (m->flags & MILTER_FLAG_WANT_RCPT_REJ) != 0) {
+	    any_macros =
+		MILTER_MACRO_EVAL(global_macros, m, milters, rcpt_macros);
+	    resp = m->rcpt_event(m, argv, any_macros);
+	    if (any_macros != global_macros)
+		argv_free(any_macros);
+	}
     }
     if (global_macros)
 	argv_free(global_macros);
diff --git a/postfix/src/milter/milter.h b/postfix/src/milter/milter.h
index f27c047d8..e2cf65ce5 100644
--- a/postfix/src/milter/milter.h
+++ b/postfix/src/milter/milter.h
@@ -31,6 +31,7 @@
   */
 typedef struct MILTER {
     char   *name;			/* full name including transport */
+    int     flags;			/* see below */
     struct MILTER *next;		/* linkage */
     struct MILTERS *parent;		/* parent information */
     struct MILTER_MACROS *macros;	/* private macros */
@@ -49,6 +50,9 @@ typedef struct MILTER {
     void    (*free) (struct MILTER *);
 } MILTER;
 
+#define MILTER_FLAG_NONE		(0)
+#define MILTER_FLAG_WANT_RCPT_REJ	(1<<0)	/* see S8_RCPT_MAILER_ERROR */
+
 extern MILTER *milter8_create(const char *, int, int, int, const char *, const char *, struct MILTERS *);
 extern MILTER *milter8_receive(VSTREAM *, struct MILTERS *);
 
@@ -125,7 +129,7 @@ extern void milter_edit_callback(MILTERS *milters, MILTER_ADD_HEADER_FN,
 extern const char *milter_conn_event(MILTERS *, const char *, const char *, const char *, unsigned);
 extern const char *milter_helo_event(MILTERS *, const char *, int);
 extern const char *milter_mail_event(MILTERS *, const char **);
-extern const char *milter_rcpt_event(MILTERS *, const char **);
+extern const char *milter_rcpt_event(MILTERS *, int, const char **);
 extern const char *milter_data_event(MILTERS *);
 extern const char *milter_message(MILTERS *, VSTREAM *, off_t);
 extern const char *milter_unknown_event(MILTERS *, const char *);
@@ -181,6 +185,8 @@ extern void milter_free(MILTERS *);
 #define S8_MAC_RCPT_HOST	"{rcpt_host}"	/* recip nexthop */
 #define S8_MAC_RCPT_ADDR	"{rcpt_addr}"	/* recip address */
 
+#define S8_RCPT_MAILER_ERROR	"error"	/* see MILTER_FLAG_WANT_RCPT_REJ */
+
 /* LICENSE
 /* .ad
 /* .fi
diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c
index 3d660a4b5..9c8d44663 100644
--- a/postfix/src/milter/milter8.c
+++ b/postfix/src/milter/milter8.c
@@ -430,7 +430,7 @@ typedef struct {
 #define MILTER8_V3_PROTO_MASK	(MILTER8_V2_PROTO_MASK | SMFIP_NOUNKNOWN)
 #define MILTER8_V4_PROTO_MASK	(MILTER8_V3_PROTO_MASK | SMFIP_NODATA)
 #define MILTER8_V6_PROTO_MASK \
-	(MILTER8_V4_PROTO_MASK | SMFIP_SKIP /* | SMFIP_RCPT_REJ */ \
+	(MILTER8_V4_PROTO_MASK | SMFIP_SKIP | SMFIP_RCPT_REJ \
 	| SMFIP_NOREPLY_MASK | SMFIP_HDR_LEADSPC)
 
  /*
@@ -1720,6 +1720,8 @@ static void milter8_connect(MILTER8 *milter)
 	(void) milter8_comm_error(milter);
 	return;
     }
+    if (milter->ev_mask & SMFIP_RCPT_REJ)
+	milter->m.flags |= MILTER_FLAG_WANT_RCPT_REJ;
 
     /*
      * Initial negotiations completed.
@@ -2703,6 +2705,7 @@ static MILTER8 *milter8_alloc(const char *name, int conn_timeout,
      */
     milter = (MILTER8 *) mymalloc(sizeof(*milter));
     milter->m.name = mystrdup(name);
+    milter->m.flags = 0;
     milter->m.next = 0;
     milter->m.parent = parent;
     milter->m.macros = 0;
diff --git a/postfix/src/milter/test-milter.c b/postfix/src/milter/test-milter.c
index 8980f416e..442a69cce 100644
--- a/postfix/src/milter/test-milter.c
+++ b/postfix/src/milter/test-milter.c
@@ -22,13 +22,17 @@
 /* .IP "\fB-A address\fR"
 /*	Add the specified recipient address. Multiple -A options
 /*	are supported.
-/* .IP "\fB-d\fI level\fR"
-/*	Enable libmilter debugging at the specified level.
+/* .IP "\fB-b pathname
+/*	Replace the message body by the content of the specified file.
 /* .IP "\fB-c connect|helo|mail|rcpt|data|header|eoh|body|eom|unknown|close|abort\fR"
 /*	When to send the non-default reply specified with \fB-a\fR.
 /*	The default protocol stage is \fBconnect\fR.
+/* .IP "\fB-d\fI level\fR"
+/*	Enable libmilter debugging at the specified level.
 /* .IP "\fB-C\fI count\fR"
 /*	Terminate after \fIcount\fR connections.
+/* .IP "\fB-h \fI'index header-label header-value'\fR"
+/*	Replace the message header at the specified position.
 /* .IP "\fB-i \fI'index header-label header-value'\fR"
 /*	Insert header at specified position.
 /* .IP "\fB-l\fR"
@@ -46,10 +50,8 @@
 /*	The event for which the filter will not reply.
 /* .IP "\fB-p inet:\fIport\fB@\fIhost\fB|unix:\fIpathname\fR"
 /*	The mail filter listen endpoint.
-/* .IP "\fB-r \fI'index header-label header-value'\fR"
-/*	Replace the message header at the specified position.
-/* .IP "\fB-R pathname
-/*	Replace the message body by the content of the specified file.
+/* .IP "\fB-r\fR"
+/*	Request rejected recipients from the MTA.
 /* .IP "\fB-v\fR"
 /*	Make the program more verbose.
 /* LICENSE
@@ -153,8 +155,45 @@ static char *body_file;
 int     rcpt_count = 0;
 char   *rcpt_addr[MAX_RCPT];
 
+static const char *macro_names[] = {
+    "_",
+    "i",
+    "j",
+    "v",
+    "{auth_authen}",
+    "{auth_author}",
+    "{auth_type}",
+    "{cert_issuer}",
+    "{cert_subject}",
+    "{cipher}",
+    "{cipher_bits}",
+    "{client_addr}",
+    "{client_connections}",
+    "{client_name}",
+    "{client_port}",
+    "{client_ptr}",
+    "{client_resolve}",
+    "{daemon_name}",
+    "{if_addr}",
+    "{if_name}",
+    "{mail_addr}",
+    "{mail_host}",
+    "{mail_mailer}",
+    "{rcpt_addr}",
+    "{rcpt_host}",
+    "{rcpt_mailer}",
+    "{tls_version}",
+    0,
+};
+
 static int test_reply(SMFICTX *ctx, int code)
 {
+    const char **cpp;
+    const char *symval;
+
+    for (cpp = macro_names; *cpp; cpp++)
+	if ((symval = smfi_getsymval(ctx, (char *) *cpp)) != 0)
+	    printf("macro: %s=\"%s\"\n", *cpp, symval);
     (void) fflush(stdout);		/* In case output redirected. */
 
     if (code == SMFIR_REPLYCODE) {
@@ -478,7 +517,7 @@ int     main(int argc, char **argv)
     char   *noreply = 0;
     const struct noproto_map *np;
 
-    while ((ch = getopt(argc, argv, "a:A:c:C:d:i:lm:M:n:N:p:r:R:v")) > 0) {
+    while ((ch = getopt(argc, argv, "a:A:b:c:C:d:h:i:lm:M:n:N:p:rv")) > 0) {
 	switch (ch) {
 	case 'a':
 	    action = optarg;
@@ -490,6 +529,17 @@ int     main(int argc, char **argv)
 	    }
 	    rcpt_addr[rcpt_count++] = optarg;
 	    break;
+	case 'b':
+#ifdef SMFIR_REPLBODY
+	    if (body_file) {
+		fprintf(stderr, "too many -b options\n");
+		exit(1);
+	    }
+	    body_file = optarg;
+#else
+	    fprintf(stderr, "no libmilter support to replace body\n");
+#endif
+	    break;
 	case 'c':
 	    command = optarg;
 	    break;
@@ -499,6 +549,18 @@ int     main(int argc, char **argv)
 		exit(1);
 	    }
 	    break;
+	case 'h':
+#ifdef SMFIR_CHGHEADER
+	    if (chg_hdr) {
+		fprintf(stderr, "too many -h options\n");
+		exit(1);
+	    }
+	    parse_hdr_info(optarg, &chg_idx, &chg_hdr, &chg_val);
+#else
+	    fprintf(stderr, "no libmilter support to change header\n");
+	    exit(1);
+#endif
+	    break;
 	case 'i':
 #ifdef SMFIR_INSHEADER
 	    if (ins_hdr) {
@@ -575,15 +637,10 @@ int     main(int argc, char **argv)
 	    }
 	    break;
 	case 'r':
-#ifdef SMFIR_CHGHEADER
-	    if (chg_hdr) {
-		fprintf(stderr, "too many -r options\n");
-		exit(1);
-	    }
-	    parse_hdr_info(optarg, &chg_idx, &chg_hdr, &chg_val);
+#ifdef SMFIP_RCPT_REJ
+	    misc_mask |= SMFIP_RCPT_REJ;
 #else
-	    fprintf(stderr, "no libmilter support to change header\n");
-	    exit(1);
+	    fprintf(stderr, "no libmilter support for rejected recipients\n");
 #endif
 	    break;
 	case 'v':
@@ -592,29 +649,21 @@ int     main(int argc, char **argv)
 	case 'C':
 	    conn_count = atoi(optarg);
 	    break;
-#ifdef SMFIR_REPLBODY
-	case 'R':
-	    if (body_file) {
-		fprintf(stderr, "too many -R options\n");
-		exit(1);
-	    }
-	    body_file = optarg;
-#endif
-	    break;
 	default:
 	    fprintf(stderr,
 		    "usage: %s [-dv] \n"
 		    "\t[-a action]              non-default action\n"
+		    "\t[-b body_text]           replace body\n",
 		    "\t[-c command]             non-default action trigger\n"
+		    "\t[-h 'index label value'] replace header\n"
 		    "\t[-i 'index label value'] insert header\n"
 		    "\t[-m macro_state]		non-default macro state\n"
 		    "\t[-M macro_list]		non-default macro list\n"
 		    "\t[-n events]		don't receive these events\n"
 		  "\t[-N events]		don't reply to these events\n"
 		    "\t-p port                  milter application\n"
-		    "\t[-r 'index label value'] replace header\n"
+		    "\t-r                       request rejected recipients\n"
 		    "\t[-C conn_count]          when to exit\n",
-		    "\t[-R body_text]           replace body\n",
 		    argv[0]);
 	    exit(1);
 	}
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index c0f9f553b..d43625434 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -390,9 +390,9 @@
 /*	certificate fingerprints.
 /* .PP
 /*	Available in Postfix version 2.6 and later:
-/* .IP "\fBsmtp_tls_protocols (empty)\fR"
-/*	List of TLS protocols that the Postfix SMTP client will exclude
-/*	or include with opportunistic TLS encryption.
+/* .IP "\fBsmtp_tls_protocols (!SSLv2)\fR"
+/*	List of TLS protocols that the Postfix SMTP client will exclude or
+/*	include with opportunistic TLS encryption.
 /* .IP "\fBsmtp_tls_ciphers (export)\fR"
 /*	The minimum TLS cipher grade that the Postfix SMTP client
 /*	will use with opportunistic TLS encryption.
diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in
index 7139248f5..91a274b68 100644
--- a/postfix/src/smtpd/Makefile.in
+++ b/postfix/src/smtpd/Makefile.in
@@ -1,12 +1,13 @@
 SHELL	= /bin/sh
 SRCS	= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
 	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
-	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c
+	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c
 OBJS	= smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
 	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
-	smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o
+	smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o
 HDRS	= smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
-	smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h
+	smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
+	smtpd_resolve.h
 TESTSRC	= smtpd_token_test.c
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
 CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
@@ -34,7 +35,8 @@ update: ../../libexec/$(PROG)
 ../../libexec/$(PROG): $(PROG)
 	cp $(PROG) ../../libexec
 
-SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o smtpd_dsn_fix.o
+SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o smtpd_dsn_fix.o \
+	smtpd_resolve.o
 
 smtpd_token: smtpd_token.c $(LIBS)
 	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
@@ -170,6 +172,7 @@ smtpd.o: ../../include/off_cvt.h
 smtpd.o: ../../include/quote_822_local.h
 smtpd.o: ../../include/quote_flags.h
 smtpd.o: ../../include/rec_type.h
+smtpd.o: ../../include/recipient_list.h
 smtpd.o: ../../include/record.h
 smtpd.o: ../../include/resolve_clnt.h
 smtpd.o: ../../include/smtp_stream.h
@@ -292,6 +295,7 @@ smtpd_check.o: smtpd.h
 smtpd_check.o: smtpd_check.c
 smtpd_check.o: smtpd_check.h
 smtpd_check.o: smtpd_dsn_fix.h
+smtpd_check.o: smtpd_resolve.h
 smtpd_check.o: smtpd_sasl_glue.h
 smtpd_dsn_fix.o: ../../include/msg.h
 smtpd_dsn_fix.o: ../../include/sys_defs.h
@@ -307,6 +311,7 @@ smtpd_milter.o: ../../include/name_code.h
 smtpd_milter.o: ../../include/name_mask.h
 smtpd_milter.o: ../../include/quote_821_local.h
 smtpd_milter.o: ../../include/quote_flags.h
+smtpd_milter.o: ../../include/resolve_clnt.h
 smtpd_milter.o: ../../include/sys_defs.h
 smtpd_milter.o: ../../include/tls.h
 smtpd_milter.o: ../../include/vbuf.h
@@ -315,6 +320,7 @@ smtpd_milter.o: ../../include/vstring.h
 smtpd_milter.o: smtpd.h
 smtpd_milter.o: smtpd_milter.c
 smtpd_milter.o: smtpd_milter.h
+smtpd_milter.o: smtpd_resolve.h
 smtpd_milter.o: smtpd_sasl_glue.h
 smtpd_peer.o: ../../include/argv.h
 smtpd_peer.o: ../../include/attr.h
@@ -366,6 +372,21 @@ smtpd_proxy.o: ../../include/xtext.h
 smtpd_proxy.o: smtpd.h
 smtpd_proxy.o: smtpd_proxy.c
 smtpd_proxy.o: smtpd_proxy.h
+smtpd_resolve.o: ../../include/attr.h
+smtpd_resolve.o: ../../include/ctable.h
+smtpd_resolve.o: ../../include/iostuff.h
+smtpd_resolve.o: ../../include/mail_proto.h
+smtpd_resolve.o: ../../include/msg.h
+smtpd_resolve.o: ../../include/mymalloc.h
+smtpd_resolve.o: ../../include/resolve_clnt.h
+smtpd_resolve.o: ../../include/rewrite_clnt.h
+smtpd_resolve.o: ../../include/stringops.h
+smtpd_resolve.o: ../../include/sys_defs.h
+smtpd_resolve.o: ../../include/vbuf.h
+smtpd_resolve.o: ../../include/vstream.h
+smtpd_resolve.o: ../../include/vstring.h
+smtpd_resolve.o: smtpd_resolve.c
+smtpd_resolve.o: smtpd_resolve.h
 smtpd_sasl_glue.o: ../../include/argv.h
 smtpd_sasl_glue.o: ../../include/attr.h
 smtpd_sasl_glue.o: ../../include/mail_params.h
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index da68506ba..6078d84ea 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -308,9 +308,9 @@
 /*	A file containing (PEM format) CA certificates of root CAs trusted
 /*	to sign either remote SMTP client certificates or intermediate CA
 /*	certificates.
-/* .IP "\fBsmtpd_tls_CAfile (empty)\fR"
-/*	A file containing (PEM format) CA certificates of root CAs trusted
-/*	to sign either remote SMTP client certificates or intermediate CA
+/* .IP "\fBsmtpd_tls_CApath (empty)\fR"
+/*	A directory containing (PEM format) CA certificates of root CAs
+/*	trusted to sign either remote SMTP client certificates or intermediate CA
 /*	certificates.
 /* .IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
 /*	Force the Postfix SMTP server to issue a TLS session id, even
@@ -2341,6 +2341,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
     const char *dsn_orcpt_type = 0;
     int     dsn_notify = 0;
     const char *coded_addr;
+    const char *milter_err;
 
     /*
      * Sanity checks.
@@ -2441,24 +2442,24 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	return (-1);
     }
     if (SMTPD_STAND_ALONE(state) == 0) {
-	if ((err = smtpd_check_rcpt(state, STR(state->addr_buf))) != 0) {
-	    smtpd_chat_reply(state, "%s", err);
-	    return (-1);
-	}
+	err = smtpd_check_rcpt(state, STR(state->addr_buf));
 	if (smtpd_milters != 0
 	    && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
 	    PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf));
-	    err = milter_rcpt_event(smtpd_milters,
+	    state->milter_reject_text = err;
+	    milter_err = milter_rcpt_event(smtpd_milters,
+					   err == 0 ? MILTER_FLAG_NONE :
+					   MILTER_FLAG_WANT_RCPT_REJ,
 				    milter_argv(state, argc - 2, argv + 2));
-	    if (err != 0) {
+	    if (err == 0 && milter_err != 0) {
 		/* Log reject etc. with correct recipient information. */
-		err = check_milter_reply(state, err);
+		err = check_milter_reply(state, milter_err);
 	    }
 	    POP_STRING(saved_rcpt, state->recipient);
-	    if (err != 0) {
-		smtpd_chat_reply(state, "%s", err);
-		return (-1);
-	    }
+	}
+	if (err != 0) {
+	    smtpd_chat_reply(state, "%s", err);
+	    return (-1);
 	}
     }
 
diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h
index fc7ac56ed..3f921bcbd 100644
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@@ -176,8 +176,9 @@ typedef struct SMTPD_STATE {
     /*
      * Milter support.
      */
-    const char **milter_argv;
-    ssize_t milter_argc;
+    const char **milter_argv;		/* SMTP command vector */
+    ssize_t milter_argc;		/* SMTP command vector */
+    const char *milter_reject_text;	/* input to call-back from Milter */
 } SMTPD_STATE;
 
 #define SMTPD_FLAG_HANGUP	   (1<<0)	/* 421/521 disconnect */
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index cbe8c69ed..1a18f92e3 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -244,6 +244,7 @@
 #include "smtpd_sasl_glue.h"
 #include "smtpd_check.h"
 #include "smtpd_dsn_fix.h"
+#include "smtpd_resolve.h"
 
 #define RESTRICTION_SEPARATORS ", \t\r\n"
 
@@ -264,7 +265,6 @@ static jmp_buf smtpd_check_buf;
   * memory manager routines.
   */
 static VSTRING *error_text;
-static CTABLE *smtpd_resolve_cache;
 static CTABLE *smtpd_rbl_cache;
 
  /*
@@ -435,48 +435,6 @@ typedef struct {
     const char *txt;			/* randomly selected trimmed TXT rr */
 } SMTPD_RBL_EXPAND_CONTEXT;
 
-/* resolve_pagein - page in an address resolver result */
-
-static void *resolve_pagein(const char *addr, void *unused_context)
-{
-    static VSTRING *query;
-    RESOLVE_REPLY *reply;
-
-    /*
-     * Initialize on the fly.
-     */
-    if (query == 0)
-	query = vstring_alloc(10);
-
-    /*
-     * Initialize.
-     */
-    reply = (RESOLVE_REPLY *) mymalloc(sizeof(*reply));
-    resolve_clnt_init(reply);
-
-    /*
-     * Resolve the address.
-     */
-    rewrite_clnt_internal(MAIL_ATTR_RWR_LOCAL, addr, query);
-    resolve_clnt_query(STR(query), reply);
-    lowercase(STR(reply->recipient));
-
-    /*
-     * Save the result.
-     */
-    return ((void *) reply);
-}
-
-/* resolve_pageout - page out an address resolver result */
-
-static void resolve_pageout(void *data, void *unused_context)
-{
-    RESOLVE_REPLY *reply = (RESOLVE_REPLY *) data;
-
-    resolve_clnt_free(reply);
-    myfree((void *) reply);
-}
-
 /* policy_client_register - register policy service endpoint */
 
 static void policy_client_register(const char *name)
@@ -668,8 +626,7 @@ void    smtpd_check_init(void)
      * Initialize the resolved address cache. Note: the cache persists across
      * SMTP sessions so we cannot make it dependent on session state.
      */
-    smtpd_resolve_cache = ctable_create(100, resolve_pagein,
-					resolve_pageout, (void *) 0);
+    smtpd_resolve_init(100);
 
     /*
      * Initialize the RBL lookup cache. Note: the cache persists across SMTP
@@ -1351,8 +1308,7 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
     /*
      * Resolve the address.
      */
-    reply = (const RESOLVE_REPLY *)
-	ctable_locate(smtpd_resolve_cache, recipient);
+    reply = smtpd_resolve_addr(recipient);
     if (reply->flags & RESOLVE_FLAG_FAIL)
 	reject_dict_retry(state, recipient);
 
@@ -1625,8 +1581,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
     /*
      * Resolve the address.
      */
-    reply = (const RESOLVE_REPLY *)
-	ctable_locate(smtpd_resolve_cache, recipient);
+    reply = smtpd_resolve_addr(recipient);
     if (reply->flags & RESOLVE_FLAG_FAIL)
 	reject_dict_retry(state, recipient);
 
@@ -1794,7 +1749,7 @@ static int reject_unknown_address(SMTPD_STATE *state, const char *addr,
     /*
      * Resolve the address.
      */
-    reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
+    reply = smtpd_resolve_addr(addr);
     if (reply->flags & RESOLVE_FLAG_FAIL)
 	reject_dict_retry(state, addr);
 
@@ -2733,7 +2688,7 @@ static int check_mail_access(SMTPD_STATE *state, const char *table,
     /*
      * Resolve the address.
      */
-    reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
+    reply = smtpd_resolve_addr(addr);
     if (reply->flags & RESOLVE_FLAG_FAIL)
 	reject_dict_retry(state, addr);
 
@@ -3327,7 +3282,7 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen
      * Reject if the client is logged in and does not own the sender address.
      */
     if (smtpd_sasl_is_active(state) && state->sasl_username != 0) {
-	reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
+	reply = smtpd_resolve_addr(sender);
 	if (reply->flags & RESOLVE_FLAG_FAIL)
 	    reject_dict_retry(state, sender);
 	if ((owners = check_mail_addr_find(state, sender, smtpd_sender_login_maps,
@@ -3360,7 +3315,7 @@ static int reject_unauth_sender_login_mismatch(SMTPD_STATE *state, const char *s
      * owner.
      */
     if (smtpd_sasl_is_active(state) && state->sasl_username == 0) {
-	reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
+	reply = smtpd_resolve_addr(sender);
 	if (reply->flags & RESOLVE_FLAG_FAIL)
 	    reject_dict_retry(state, sender);
 	if (check_mail_addr_find(state, sender, smtpd_sender_login_maps,
@@ -4004,8 +3959,7 @@ int     smtpd_check_addr(const char *addr)
      */
     if (addr == 0 || *addr == 0)
 	return (0);
-    resolve_reply = (const RESOLVE_REPLY *)
-	ctable_locate(smtpd_resolve_cache, addr);
+    resolve_reply = smtpd_resolve_addr(addr);
     if (resolve_reply->flags & RESOLVE_FLAG_ERROR)
 	return (-1);
     return (0);
@@ -4430,8 +4384,7 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient,
     /*
      * Resolve the address.
      */
-    reply = (const RESOLVE_REPLY *)
-	ctable_locate(smtpd_resolve_cache, recipient);
+    reply = smtpd_resolve_addr(recipient);
     if (reply->flags & RESOLVE_FLAG_FAIL)
 	reject_dict_retry(state, recipient);
 
diff --git a/postfix/src/smtpd/smtpd_milter.c b/postfix/src/smtpd/smtpd_milter.c
index 763e38e2b..b129f352a 100644
--- a/postfix/src/smtpd/smtpd_milter.c
+++ b/postfix/src/smtpd/smtpd_milter.c
@@ -33,6 +33,8 @@
 
 /* Utility library. */
 
+#include 
+
 /* Global library. */
 
 #include 
@@ -46,6 +48,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
  /*
@@ -58,13 +61,19 @@
 const char *smtpd_milter_eval(const char *name, void *ptr)
 {
     SMTPD_STATE *state = (SMTPD_STATE *) ptr;
+    const RESOLVE_REPLY *reply;
+    char   *cp;
+
+    /*
+     * On-the-fly initialization.
+     */
+    if (state->expand_buf == 0)
+	state->expand_buf = vstring_alloc(10);
 
     /*
      * Canonicalize the name.
      */
     if (*name != '{') {				/* } */
-	if (state->expand_buf == 0)
-	    state->expand_buf = vstring_alloc(10);
 	vstring_sprintf(state->expand_buf, "{%s}", name);
 	name = STR(state->expand_buf);
     }
@@ -81,8 +90,6 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
      * Connect macros.
      */
     if (strcmp(name, S8_MAC__) == 0) {
-	if (state->expand_buf == 0)
-	    state->expand_buf = vstring_alloc(10);
 	vstring_sprintf(state->expand_buf, "%s [%s]",
 			state->reverse_name, state->addr);
 	if (strcasecmp(state->name, state->reverse_name) != 0)
@@ -96,8 +103,6 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
     if (strcmp(name, S8_MAC_CLIENT_PORT) == 0)
 	return (strcmp(state->port, CLIENT_PORT_UNKNOWN) ? state->port : "0");
     if (strcmp(name, S8_MAC_CLIENT_CONN) == 0) {
-	if (state->expand_buf == 0)
-	    state->expand_buf = vstring_alloc(10);
 	vstring_sprintf(state->expand_buf, "%d", state->conn_count);
 	return (STR(state->expand_buf));
     }
@@ -124,8 +129,6 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
     if (strcmp(name, S8_MAC_CIPHER_BITS) == 0) {
 	if (state->tls_context == 0)
 	    return (0);
-	if (state->expand_buf == 0)
-	    state->expand_buf = vstring_alloc(10);
 	vstring_sprintf(state->expand_buf, "%d",
 			IF_ENCRYPTED(state->tls_context->cipher_usebits));
 	return (STR(state->expand_buf));
@@ -154,15 +157,28 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
     if (strcmp(name, S8_MAC_MAIL_ADDR) == 0) {
 	if (state->sender == 0)
 	    return (0);
-	if (state->expand_buf == 0)
-	    state->expand_buf = vstring_alloc(10);
+	if (state->sender[0] == 0)
+	    return ("");
+	reply = smtpd_resolve_addr(state->sender);
 	/* Sendmail 8.13 does not externalize the null string. */
-	if (state->sender[0])
-	    quote_821_local(state->expand_buf, state->sender);
+	if (STR(reply->recipient)[0])
+	    quote_821_local(state->expand_buf, STR(reply->recipient));
 	else
-	    vstring_strcpy(state->expand_buf, state->sender);
+	    vstring_strcpy(state->expand_buf, STR(reply->recipient));
 	return (STR(state->expand_buf));
     }
+    if (strcmp(name, S8_MAC_MAIL_HOST) == 0) {
+	if (state->sender == 0)
+	    return (0);
+	reply = smtpd_resolve_addr(state->sender);
+	return (STR(reply->nexthop));
+    }
+    if (strcmp(name, S8_MAC_MAIL_MAILER) == 0) {
+	if (state->sender == 0)
+	    return (0);
+	reply = smtpd_resolve_addr(state->sender);
+	return (STR(reply->transport));
+    }
 
     /*
      * RCPT TO macros.
@@ -170,14 +186,39 @@ const char *smtpd_milter_eval(const char *name, void *ptr)
     if (strcmp(name, S8_MAC_RCPT_ADDR) == 0) {
 	if (state->recipient == 0)
 	    return (0);
-	if (state->expand_buf == 0)
-	    state->expand_buf = vstring_alloc(10);
+	if (state->recipient[0] == 0)
+	    return ("");
+	if (state->milter_reject_text) {
+	    vstring_strcpy(state->expand_buf, state->milter_reject_text + 4);
+	    cp = split_at(STR(state->expand_buf), ' ');
+	    return (cp ? split_at(cp, ' ') : cp);
+	}
+	reply = smtpd_resolve_addr(state->recipient);
 	/* Sendmail 8.13 does not externalize the null string. */
-	if (state->recipient[0])
-	    quote_821_local(state->expand_buf, state->recipient);
+	if (STR(reply->recipient)[0])
+	    quote_821_local(state->expand_buf, STR(reply->recipient));
 	else
-	    vstring_strcpy(state->expand_buf, state->recipient);
+	    vstring_strcpy(state->expand_buf, STR(reply->recipient));
 	return (STR(state->expand_buf));
     }
+    if (strcmp(name, S8_MAC_RCPT_HOST) == 0) {
+	if (state->recipient == 0)
+	    return (0);
+	if (state->milter_reject_text) {
+	    vstring_strcpy(state->expand_buf, state->milter_reject_text + 4);
+	    (void) split_at(STR(state->expand_buf), ' ');
+	    return (STR(state->expand_buf));
+	}
+	reply = smtpd_resolve_addr(state->recipient);
+	return (STR(reply->nexthop));
+    }
+    if (strcmp(name, S8_MAC_RCPT_MAILER) == 0) {
+	if (state->recipient == 0)
+	    return (0);
+	if (state->milter_reject_text)
+	    return (S8_RCPT_MAILER_ERROR);
+	reply = smtpd_resolve_addr(state->recipient);
+	return (STR(reply->transport));
+    }
     return (0);
 }
diff --git a/postfix/src/smtpd/smtpd_resolve.c b/postfix/src/smtpd/smtpd_resolve.c
new file mode 100644
index 000000000..2166ebb34
--- /dev/null
+++ b/postfix/src/smtpd/smtpd_resolve.c
@@ -0,0 +1,149 @@
+/*++
+/* NAME
+/*	smtpd_resolve 3
+/* SUMMARY
+/*	caching resolve client
+/* SYNOPSIS
+/*	#include 
+/*
+/*	void	smtpd_resolve_init(cache_size)
+/*	int	cache_size;
+/*
+/*	const RESOLVE_REPLY *smtpd_resolve_addr(addr)
+/*	const char *addr;
+/* DESCRIPTION
+/*	This module maintains a resolve client cache that persists
+/*	across SMTP sessions (not process life times). Addresses
+/*	are always resolved in local rewriting context.
+/*
+/*	smtpd_resolve_init() initializes the cache and must
+/*	called once before the cache can be used.
+/*
+/*	smtpd_resolve_addr() resolves one address or returns
+/*	a known result from cache.
+/*
+/*	Arguments:
+/* .IP cache_size
+/*	The requested cache size.
+/* .IP addr
+/*	The address to resolve.
+/* DIAGNOSTICS
+/*	All errors are fatal.
+/* BUGS
+/*	The recipient address is always case folded to lowercase.
+/*	Changing this requires great care, since the address is used
+/*	for policy lookups.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include 
+
+/* Utility library. */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Global library. */
+
+#include 
+#include 
+#include 
+
+/* Application-specific. */
+
+#include 
+
+static CTABLE *smtpd_resolve_cache;
+
+#define STR(x) vstring_str(x)
+
+/* resolve_pagein - page in an address resolver result */
+
+static void *resolve_pagein(const char *addr, void *unused_context)
+{
+    static VSTRING *query;
+    RESOLVE_REPLY *reply;
+
+    /*
+     * Initialize on the fly.
+     */
+    if (query == 0)
+	query = vstring_alloc(10);
+
+    /*
+     * Initialize.
+     */
+    reply = (RESOLVE_REPLY *) mymalloc(sizeof(*reply));
+    resolve_clnt_init(reply);
+
+    /*
+     * Resolve the address.
+     */
+    rewrite_clnt_internal(MAIL_ATTR_RWR_LOCAL, addr, query);
+    resolve_clnt_query(STR(query), reply);
+    lowercase(STR(reply->recipient));		/* XXX */
+
+    /*
+     * Save the result.
+     */
+    return ((void *) reply);
+}
+
+/* resolve_pageout - page out an address resolver result */
+
+static void resolve_pageout(void *data, void *unused_context)
+{
+    RESOLVE_REPLY *reply = (RESOLVE_REPLY *) data;
+
+    resolve_clnt_free(reply);
+    myfree((void *) reply);
+}
+
+/* smtpd_resolve_init - set up global cache */
+
+void    smtpd_resolve_init(int cache_size)
+{
+
+    /*
+     * Sanity check.
+     */
+    if (smtpd_resolve_cache)
+	msg_panic("smtpd_resolve_init: multiple initialization");
+
+    /*
+     * Initialize the resolved address cache. Note: the cache persists across
+     * SMTP sessions so we cannot make it dependent on session state.
+     */
+    smtpd_resolve_cache = ctable_create(cache_size, resolve_pagein,
+					resolve_pageout, (void *) 0);
+}
+
+/* smtpd_resolve_addr - resolve cached addres */
+
+const RESOLVE_REPLY *smtpd_resolve_addr(const char *addr)
+{
+
+    /*
+     * Sanity check.
+     */
+    if (smtpd_resolve_cache == 0)
+	msg_panic("smtpd_resolve_addr: missing initialization");
+
+    /*
+     * Reply from the read-through cache.
+     */
+    return (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
+}
diff --git a/postfix/src/smtpd/smtpd_resolve.h b/postfix/src/smtpd/smtpd_resolve.h
new file mode 100644
index 000000000..bfbc494da
--- /dev/null
+++ b/postfix/src/smtpd/smtpd_resolve.h
@@ -0,0 +1,38 @@
+/*++
+/* NAME
+/*	smtpd_resolve 3h
+/* SUMMARY
+/*	caching resolve client
+/* SYNOPSIS
+/*	include 
+/* DESCRIPTION
+/* .nf
+
+ /*
+  * Global library.
+  */
+#include 
+
+ /*
+  * External interface.
+  */
+extern void smtpd_resolve_init(int);
+extern const RESOLVE_REPLY *smtpd_resolve_addr(const char *);
+
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*
+/*	TLS support originally by:
+/*	Lutz Jaenicke
+/*	BTU Cottbus
+/*	Allgemeine Elektrotechnik
+/*	Universitaetsplatz 3-4
+/*	D-03044 Cottbus, Germany
+/*--*/
diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c
index 4883d097e..3ad1c74b5 100644
--- a/postfix/src/xsasl/xsasl_dovecot_server.c
+++ b/postfix/src/xsasl/xsasl_dovecot_server.c
@@ -282,6 +282,7 @@ static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
 		    VSTREAM_CTL_TIMEOUT, AUTH_TIMEOUT,
 		    VSTREAM_CTL_END);
 
+	/* XXX Encapsulate for logging. */
     vstream_fprintf(sasl_stream,
 		    "VERSION\t%u\t%u\n"
 		    "CPID\t%u\n",
@@ -294,6 +295,7 @@ static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
     }
     success = 0;
     line_str = vstring_alloc(256);
+	/* XXX Encapsulate for logging. */
     while (vstring_get_nonl(line_str, sasl_stream) != VSTREAM_EOF) {
 	line = vstring_str(line_str);
 
@@ -543,6 +545,7 @@ static int xsasl_dovecot_handle_reply(XSASL_DOVECOT_SERVER *server,
     const char *myname = "xsasl_dovecot_handle_reply";
     char   *line, *cmd;
 
+	/* XXX Encapsulate for logging. */
     while (vstring_get_nonl(server->sasl_line,
 			    server->impl->sasl_stream) != VSTREAM_EOF) {
 	line = vstring_str(server->sasl_line);
@@ -637,12 +640,14 @@ int     xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method,
 	}
 	/* send the request */
 	server->last_request_id = ++server->impl->request_id_counter;
+	/* XXX Encapsulate for logging. */
 	vstream_fprintf(server->impl->sasl_stream,
 			"AUTH\t%u\t%s\tservice=%s\tnologin\tlip=%s\trip=%s",
 			server->last_request_id, sasl_method,
 			server->service, server->server_addr,
 			server->client_addr);
 	if (server->tls_flag)
+	/* XXX Encapsulate for logging. */
 	    vstream_fputs("\tsecured", server->impl->sasl_stream);
 	if (init_response) {
 
@@ -650,9 +655,11 @@ int     xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method,
 	     * initial response is already base64 encoded, so we can send it
 	     * directly.
 	     */
+	/* XXX Encapsulate for logging. */
 	    vstream_fprintf(server->impl->sasl_stream,
 			    "\tresp=%s", init_response);
 	}
+	/* XXX Encapsulate for logging. */
 	VSTREAM_PUTC('\n', server->impl->sasl_stream);
 
 	if (vstream_fflush(server->impl->sasl_stream) != VSTREAM_EOF)
@@ -683,6 +690,7 @@ static int xsasl_dovecot_server_next(XSASL_SERVER *xp, const char *request,
 	vstring_strcpy(reply, "Invalid base64 data in continued response");
 	return XSASL_AUTH_FAIL;
     }
+	/* XXX Encapsulate for logging. */
     vstream_fprintf(server->impl->sasl_stream,
 		    "CONT\t%u\t%s\n", server->last_request_id, request);
     if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {