From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 21 Feb 2016 05:00:00 +0000 (-0500)
Subject: postfix-3.0.4
X-Git-Tag: v3.0.4^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f148e99cecb770779a25ad398fe607394c15a14e;p=thirdparty%2Fpostfix.git

postfix-3.0.4
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index aa689f90d..201080f78 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -21727,3 +21727,15 @@ Apologies for any names omitted.
 	development release): the DNS multi-query clients forgot
 	to save and restore h_errno when evaluating the aggregate
 	result. File: dns/dns_lookup.c.
+
+20151124
+
+	Bugfix (introduced: Postfix 3.0): don't throttle a destination
+	after opportunistic TLS failure. Viktor Dukhovni. File:
+	smtp/smtp_proto.c.
+
+20160204
+
+	Documentation (introduced: Postfix 3.0): wrong paramester
+	name in lmtp_address_verify_target description. File:
+	proto/posconf.proto
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index ee7aea9ce..958e8de67 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -4026,7 +4026,7 @@ configuration parameter.  See there for details. </p>
 <DT><b><a name="lmtp_address_verify_target">lmtp_address_verify_target</a>
 (default: rcpt)</b></DT><DD>
 
-<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a>
 configuration parameter.  See there for details. </p>
 
 <p> This feature is available in Postfix 3.0 and later.  </p>
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 4c0309161..285d323c2 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2473,7 +2473,7 @@ configuration parameter.  See there for details.
 .PP
 This feature is available in Postfix 2.8 and later.
 .SH lmtp_address_verify_target (default: rcpt)
-The LMTP\-specific version of the smtp_dns_support_level
+The LMTP\-specific version of the smtp_address_verify_target
 configuration parameter.  See there for details.
 .PP
 This feature is available in Postfix 3.0 and later.
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index e8f20662e..004588afa 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -15432,7 +15432,7 @@ SMTP/LMTP servers. </p>
 
 %PARAM lmtp_address_verify_target rcpt
 
-<p> The LMTP-specific version of the smtp_dns_support_level
+<p> The LMTP-specific version of the smtp_address_verify_target
 configuration parameter.  See there for details. </p>
 
 <p> This feature is available in Postfix 3.0 and later.  </p>
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 2a7aca542..33bca0029 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20151010"
-#define MAIL_VERSION_NUMBER	"3.0.3"
+#define MAIL_RELEASE_DATE	"20160221"
+#define MAIL_VERSION_NUMBER	"3.0.4"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c
index e55110895..43d8359b9 100644
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@@ -935,12 +935,23 @@ static int smtp_start_tls(SMTP_STATE *state)
 	 * authentication. If the server doesn't announce SASL support over
 	 * plaintext connections, then we don't want delivery to fail with
 	 * "relay access denied".
+	 * 
+	 * If TLS is opportunistic, don't throttle the destination, otherwise if
+	 * the mail is volume is high enough we may have difficulty ever
+	 * draining even the deferred mail, as new mail provides a constant
+	 * stream of negative feedback.
 	 */
 	if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
 	    RETRY_AS_PLAINTEXT;
-	return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
-			       SMTP_RESP_FAKE(&fake, "4.7.5"),
-			       "Cannot start TLS: handshake failure"));
+	if (state->tls->level == TLS_LEV_MAY) {
+	    return (smtp_mesg_fail(state, DSN_BY_LOCAL_MTA,
+				   SMTP_RESP_FAKE(&fake, "4.7.5"),
+				   "Cannot start TLS: handshake failure"));
+	} else {
+	    return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
+				   SMTP_RESP_FAKE(&fake, "4.7.5"),
+				   "Cannot start TLS: handshake failure"));
+	}
     }
 
     /*