From: Wietse Venema <wietse@porcupine.org>
Date: Sat, 7 Jul 2018 05:00:00 +0000 (-0500)
Subject: postfix-3.4-20180707
X-Git-Tag: v3.4.0-RC1~29
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bd077f7e8df54a41cc39dd21b260720fa9d8ec99;p=thirdparty%2Fpostfix.git

postfix-3.4-20180707
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index d57fd3152..9c98727ef 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -23594,3 +23594,30 @@ Apologies for any names omitted.
 	process limit in master.cf (this setting is provided with
 	the default master.cf file). See RELEASE_NOTES for how to
 	change the tlsproxy process limit. File: tlsproxy/tlsproxy.c.
+
+20180707
+
+	Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
+	table lookups could casefold the search string when searching
+	a regexp, pcre, tcp, or other lookup table that does not
+	use fixed-string keys, which is inconsistent with historical
+	behavior. File: util/dict_utf8.c.
+
+	Cleanup: removed unimplemented VSTRING support to enforce
+	a buffer size limit (by returning an error of sorts). In
+	practice, the limit was enforced in smtp_get(). Also made
+	the VSTRING inplementation more VSTREAM-compatible. Files:
+	util/vstring.[hc], posttls-finger/posttls-finger.c,
+	smtpstone/smtp-source.c.
+
+	Cleanup: unused variable. File: postqueue/postqueue.c.
+
+	Feature: VSTREAM support to "open" a VSTRING for read, write
+	or append mode, enabling the reuse of existing stream-based
+	code to serialize/deserialize Postfix data structures to/from
+	memory. File: vstream.[hc].
+
+	Cleanup: "make manpages" now generates a makedefs(1) manpage
+	for publication on the web. Also cleaned up some makedefs(1)
+	content. Files: man/Makefile.in, man/man1/makedefs.1,
+	html/Makefile.in, html/makedefs.1.html.
diff --git a/postfix/html/Makefile.in b/postfix/html/Makefile.in
index 5eda8f7f2..ecf0961be 100644
--- a/postfix/html/Makefile.in
+++ b/postfix/html/Makefile.in
@@ -15,7 +15,7 @@ COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
 	postqueue.1.html postsuper.1.html sendmail.1.html \
 	smtp-source.1.html smtp-sink.1.html posttls-finger.1.html \
 	qmqp-source.1.html qmqp-sink.1.html \
-	qshape.1.html postfix-tls.1.html
+	qshape.1.html postfix-tls.1.html makedefs.1.html
 CONFIG	= access.5.html aliases.5.html canonical.5.html relocated.5.html \
 	transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
 	cidr_table.5.html tcp_table.5.html header_checks.5.html \
@@ -246,6 +246,10 @@ qshape.1.html: ../auxiliary/qshape/qshape.pl
 	PATH=../mantools:$$PATH; \
 	srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
 
+makedefs.1.html: ../makedefs
+	PATH=../mantools:$$PATH; \
+	srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
 access.5.html: ../proto/access
 	PATH=../mantools:$$PATH; \
 	srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
diff --git a/postfix/html/makedefs.1.html b/postfix/html/makedefs.1.html
new file mode 100644
index 000000000..40726d4a3
--- /dev/null
+++ b/postfix/html/makedefs.1.html
@@ -0,0 +1,212 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+        "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - makedefs(1) </title>
+</head> <body> <pre>
+MAKEDEFS(1)                                                        MAKEDEFS(1)
+
+<b>NAME</b>
+       makedefs - Postfix makefile configuration utility
+
+<b>SYNOPSIS</b>
+       <b>make makefiles</b> <i>name=value...</i>
+
+<b>DESCRIPTION</b>
+       The  <b>makedefs</b> command identifies the compilation environment, and emits
+       macro definitions on the standard output stream that can  be  prepended
+       to  template  Makefiles.   These macros implement an internal interface
+       and are subject to change without notice.
+
+       Default settings can be overruled by  specifying  them  as  environment
+       variables  (or  as  name=value  pairs  on the "make" command line). Use
+       quotes if variables contain whitespace or shell meta characters.
+
+       The command "<b>make makefiles  name=value...</b>"  will  replace  the  string
+       <b>MAIL_VERSION</b>   at   the  end  of  a  value  with  the  Postfix  version
+       (<i>major.minor.patchlevel</i> for a stable release,  <i>major.minor-date</i>  for  a
+       development  release).  Do not try to specify something like <b>$<a href="postconf.5.html#mail_version">mail_ver</a>-</b>
+       <b><a href="postconf.5.html#mail_version">sion</a></b>: that produces inconsistent results with different implementations
+       of the make(1) command.
+
+       <b>AUXLIBS=</b><i>object</i><b>_</b><i>library...</i>
+              Specifies one or more non-default object libraries. Postfix 2.12
+              and later specify some of their  database  library  dependencies
+              with  <a href="CDB_README.html">AUXLIBS_CDB</a>,  <a href="LDAP_README.html">AUXLIBS_LDAP</a>,  <a href="LMDB_README.html">AUXLIBS_LMDB</a>,  <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>,
+              <a href="PCRE_README.html">AUXLIBS_PCRE</a>, <a href="PGSQL_README.html">AUXLIBS_PGSQL</a>, <a href="SDBM_README.html">AUXLIBS_SDBM</a>,  and  <a href="SQLITE_README.html">AUXLIBS_SQLITE</a>,
+              respectively.
+
+       <b>CC=</b><i>compiler</i><b>_</b><i>command</i>
+              Specifies  a  non-default compiler. On many systems, the default
+              is <b>gcc</b>.
+
+       <b>CCARGS=</b><i>compiler</i><b>_</b><i>arguments</i>
+              Specifies  non-default  compiler  arguments,  for   example,   a
+              non-default  <i>include</i>  directory.   The  following directives are
+              special:
+
+              <b>-DNO_DB</b>
+                     Do not build with Berkeley DB support.
+
+              <b>-DNO_DEVPOLL</b>
+                     Do not build with Solaris /dev/poll support.  By default,
+                     /dev/poll  support  is  compiled in on platforms that are
+                     known to support it.
+
+              <b>-DNO_DNSSEC</b>
+                     Do not build with DNSSEC support, even  if  the  resolver
+                     library appears to support it.
+
+              <b>-DNO_EPOLL</b>
+                     Do not build with Linux EPOLL support.  By default, EPOLL
+                     support is compiled in on platforms  that  are  known  to
+                     support it.
+
+              <b>-DNO_EAI</b>
+                     Do not build with EAI (SMTPUTF8) support. By default, EAI
+                     support is compiled in when the "icu-config"  command  is
+                     found.
+
+              <b>-DNO_INLINE</b>
+                     Do  not  require  support  for  C99  "inline"  functions.
+                     Instead,    implement     argument     typechecks     for
+                     non-(printf/scanf)-like  functions with ternary operators
+                     and unreachable code.
+
+              <b>-DNO_IPV6</b>
+                     Do not build with IPv6 support.  By default, IPv6 support
+                     is  compiled  in on platforms that are known to have IPv6
+                     support.
+
+                     Note: this directive is for debugging and  testing  only.
+                     It  is  not  guaranteed  to work on all platforms. If you
+                     don't want IPv6 support, set "<a href="postconf.5.html#inet_protocols">inet_protocols</a> =  ipv4"  in
+                     <a href="postconf.5.html">main.cf</a>.
+
+              <b>-DNO_IP_CYRUS_SASL_AUTH</b>
+                     Don't  pass remote SMTP client and Postfix SMTP server IP
+                     address and port information to the Cyrus  SASL  library.
+                     This is compatible with Postfix &lt; 3.2.
+
+              <b>-DNO_KQUEUE</b>
+                     Do  not  build  with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE
+                     support.  By default, KQUEUE support is  compiled  in  on
+                     platforms that are known to support it.
+
+              <b>-DNO_NIS</b>
+                     Do not build with NIS or NISPLUS support. Support for NIS
+                     is unavailable on some recent Linux distributions.
+
+              <b>-DNO_NISPLUS</b>
+                     Do not build with NISPLUS support. Support for NISPLUS is
+                     unavailable on some recent Solaris distributions.
+
+              <b>-DNO_PCRE</b>
+                     Do not build with PCRE support.  By default, PCRE support
+                     is compiled in when the <b>pcre-config</b> utility is installed.
+
+              <b>-DNO_POSIX_GETPW_R</b>
+                     Disable support for POSIX getpwnam_r/getpwuid_r.
+
+              <b>-DNO_SIGSETJMP</b>
+                     Use   setjmp()/longjmp()   instead   of  sigsetjmp()/sig-
+                     longjmp().  By  default,  Postfix  uses  sigsetjmp()/sig-
+                     longjmp() when they appear to work.
+
+              <b>-DNO_SNPRINTF</b>
+                     Use  sprintf() instead of snprintf(). By default, Postfix
+                     uses snprintf() except on ancient systems.
+
+       <b>DEBUG=</b><i>debug</i><b>_</b><i>level</i>
+              Specifies a non-default debugging  level.  The  default  is  <b>-g</b>.
+              Specify <b>DEBUG=</b> to turn off debugging.
+
+       <b>OPT=</b><i>optimization</i><b>_</b><i>level</i>
+              Specifies  a  non-default optimization level. The default is <b>-O</b>.
+              Specify <b>OPT=</b> to turn off optimization.
+
+       <b>POSTFIX_INSTALL_OPTS=</b><i>-option...</i>
+              Specifies options for the postfix-install command, separated  by
+              whitespace.    Currently,   the   only   supported   option   is
+              <b>-keep-build-mtime</b>.
+
+       <b>SHLIB_CFLAGS=</b><i>flags</i>
+              Override the compiler flags  (typically,  "-fPIC")  for  Postfix
+              dynamically-linked libraries and database plugins.
+
+              This feature was introduced with Postfix 3.0.
+
+       <b>SHLIB_RPATH=</b><i>rpath</i>
+              Override  the  runpath  (typically, "'-Wl,-rpath,${SHLIB_DIR}'")
+              for Postfix dynamically-linked libraries.
+
+              This feature was introduced with Postfix 3.0.
+
+       <b>SHLIB_SUFFIX=</b><i>suffix</i>
+              Override the filename  suffix  (typically,  ".so")  for  Postfix
+              dynamically-linked libraries and database plugins.
+
+              This feature was introduced with Postfix 3.0.
+
+       <b>shared=yes</b>
+
+       <b>shared=no</b>
+              Enable   (disable)   Postfix   builds   with  dynamically-linked
+              libraries typically named $<a href="postconf.5.html#shlib_directory">shlib_directory</a>/libpostfix-*.so.*.
+
+              This feature was introduced with Postfix 3.0.
+
+       <b>dynamicmaps=yes</b>
+
+       <b>dynamicmaps=no</b>
+              Enable (disable) Postfix  builds  with  the  configuration  file
+              $<a href="postconf.5.html#meta_directory">meta_directory</a>/dynamicmaps.cf and dynamically-loadable database
+              plugins typically named  postfix-*.so.*.   The  setting  "dynam-
+              icmaps=yes"   implicitly   enables   Postfix  dynamically-linked
+              libraries.
+
+              This feature was introduced with Postfix 3.0.
+
+       <b>pie=yes</b>
+
+       <b>pie=no</b> Enable (disable) Postfix builds with  position-independent  exe-
+              cutables, on platforms where this is supported.
+
+              This feature was introduced with Postfix 3.0.
+
+       <i>installation</i><b>_</b><i>parameter</i><b>=</b><i>value</i>...
+              Override  the compiled-in default value of the specified instal-
+              lation parameter(s). The following parameters are  supported  in
+              this context:
+
+              <a href="postconf.5.html#command_directory">command_directory</a>  <a href="postconf.5.html#config_directory">config_directory</a> <a href="postconf.5.html#daemon_directory">daemon_directory</a> <a href="postconf.5.html#data_directory">data_direc</a>-
+              <a href="postconf.5.html#data_directory">tory</a> <a href="postconf.5.html#default_database_type">default_database_type</a>  <a href="postconf.5.html#html_directory">html_directory</a>  <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>
+              <a href="postconf.5.html#mailq_path">mailq_path</a>   <a href="postconf.5.html#manpage_directory">manpage_directory</a>   <a href="postconf.5.html#meta_directory">meta_directory</a>  <a href="postconf.5.html#newaliases_path">newaliases_path</a>
+              <a href="postconf.5.html#queue_directory">queue_directory</a> <a href="postconf.5.html#readme_directory">readme_directory</a>  <a href="postconf.5.html#sendmail_path">sendmail_path</a>  <a href="postconf.5.html#shlib_directory">shlib_directory</a>
+              <a href="postconf.5.html#openssl_path">openssl_path</a>
+
+              See  the  <a href="postconf.5.html">postconf(5)</a> manpage for a description of these parame-
+              ters.
+
+              This feature was introduced with Postfix 3.0.
+
+       <b>WARN=</b><i>warning</i><b>_</b><i>flags</i>
+              Specifies non-default gcc compiler warning options for use  when
+              "make" is invoked in a source subdirectory only.
+
+<b>LICENSE</b>
+       The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
+                                                                   MAKEDEFS(1)
+</pre> </body> </html>
diff --git a/postfix/makedefs b/postfix/makedefs
index 5449732b0..945a6360b 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -22,15 +22,16 @@
 #	command line). Use quotes if variables contain whitespace
 #	or shell meta characters.
 #
-#	The command "make makefiles name=value..." will replace the
-#	string MAIL_VERSION at the end of a parameter value with
-#	the Postfix release version. Do not try to specify something
-#	like $mail_version on this command line. This produces
-#	inconsistent results with different versions of the make(1)
-#	command.
+#	The command "\fBmake makefiles name=value...\fR" will replace
+#	the string \fBMAIL_VERSION\fR at the end of a value with the
+#	Postfix version (\fImajor.minor.patchlevel\fR for a stable
+#	release, \fImajor.minor-date\fR for a development release).
+#	Do not try to specify something like \fB$mail_version\fR:
+#	that produces inconsistent results with different implementations
+#	of the make(1) command.
 # .IP \fBAUXLIBS=\fIobject_library...\fR
 #	Specifies one or more non-default object libraries. Postfix
-#	2,12 and later specify some of their database library
+#	2.12 and later specify some of their database library
 #	dependencies with AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB,
 #	AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, AUXLIBS_SDBM,
 #	and AUXLIBS_SQLITE, respectively.
@@ -141,7 +142,6 @@
 #	This feature was introduced with Postfix 3.0.
 # .IP \fBpie=yes\fR
 # .IP \fBpie=no\fR
-#
 #	Enable (disable) Postfix builds with position-independent
 #	executables, on platforms where this is supported.
 #
diff --git a/postfix/man/Makefile.in b/postfix/man/Makefile.in
index cd70044e7..4fba8b61d 100644
--- a/postfix/man/Makefile.in
+++ b/postfix/man/Makefile.in
@@ -22,7 +22,8 @@ CONFIG	= man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \
 	man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5 \
 	man5/sqlite_table.5 man5/socketmap_table.5
 TOOLS	= man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \
-	man1/qmqp-source.1 man1/qshape.1 man1/posttls-finger.1
+	man1/qmqp-source.1 man1/qshape.1 man1/posttls-finger.1 \
+	man1/makedefs.1
 
 update:	$(DAEMONS) $(COMMANDS) $(CONFIG) $(TOOLS)
 
@@ -380,6 +381,9 @@ man1/posttls-finger.1: ../src/posttls-finger/posttls-finger.c
 	    (cmp -s junk $? || mv junk $?) && rm -f junk
 	../mantools/srctoman $? >$@
 
+man1/makedefs.1: ../makedefs
+	../mantools/srctoman - $? >$@
+
 man5/tcp_table.5: ../proto/tcp_table
 	../mantools/srctoman - $? >$@
 
diff --git a/postfix/man/man1/makedefs.1 b/postfix/man/man1/makedefs.1
new file mode 100644
index 000000000..49d3e0a80
--- /dev/null
+++ b/postfix/man/man1/makedefs.1
@@ -0,0 +1,185 @@
+.TH MAKEDEFS 1 
+.ad
+.fi
+.SH NAME
+makedefs
+\-
+Postfix makefile configuration utility
+.SH "SYNOPSIS"
+.na
+.nf
+\fBmake makefiles \fIname=value...\fR
+.SH DESCRIPTION
+.ad
+.fi
+The \fBmakedefs\fR command identifies the compilation
+environment, and emits macro definitions on the standard
+output stream that can be prepended to template Makefiles.
+These macros implement an internal interface and are subject
+to change without notice.
+
+Default settings can be overruled by specifying them as
+environment variables (or as name=value pairs on the "make"
+command line). Use quotes if variables contain whitespace
+or shell meta characters.
+
+The command "\fBmake makefiles name=value...\fR" will replace
+the string \fBMAIL_VERSION\fR at the end of a value with the
+Postfix version (\fImajor.minor.patchlevel\fR for a stable
+release, \fImajor.minor\-date\fR for a development release).
+Do not try to specify something like \fB$mail_version\fR:
+that produces inconsistent results with different implementations
+of the make(1) command.
+.IP \fBAUXLIBS=\fIobject_library...\fR
+Specifies one or more non\-default object libraries. Postfix
+2.12 and later specify some of their database library
+dependencies with AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB,
+AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, AUXLIBS_SDBM,
+and AUXLIBS_SQLITE, respectively.
+.IP \fBCC=\fIcompiler_command\fR
+Specifies a non\-default compiler. On many systems, the default
+is \fBgcc\fR.
+.IP \fBCCARGS=\fIcompiler_arguments\fR
+Specifies non\-default compiler arguments, for example, a non\-default
+\fIinclude\fR directory.
+The following directives are special:
+.RS
+.IP \fB\-DNO_DB\fR
+Do not build with Berkeley DB support.
+.IP \fB\-DNO_DEVPOLL\fR
+Do not build with Solaris /dev/poll support.
+By default, /dev/poll support is compiled in on platforms that
+are known to support it.
+.IP \fB\-DNO_DNSSEC\fR
+Do not build with DNSSEC support, even if the resolver
+library appears to support it.
+.IP \fB\-DNO_EPOLL\fR
+Do not build with Linux EPOLL support.
+By default, EPOLL support is compiled in on platforms that
+are known to support it.
+.IP \fB\-DNO_EAI\fR
+Do not build with EAI (SMTPUTF8) support. By default, EAI
+support is compiled in when the "icu\-config" command is
+found.
+.IP \fB\-DNO_INLINE\fR
+Do not require support for C99 "inline" functions. Instead,
+implement argument typechecks for non\-(printf/scanf)\-like
+functions with ternary operators and unreachable code.
+.IP \fB\-DNO_IPV6\fR
+Do not build with IPv6 support.
+By default, IPv6 support is compiled in on platforms that
+are known to have IPv6 support.
+
+Note: this directive is for debugging and testing only. It
+is not guaranteed to work on all platforms. If you don't
+want IPv6 support, set "inet_protocols = ipv4" in main.cf.
+.IP \fB\-DNO_IP_CYRUS_SASL_AUTH\fR
+Don't pass remote SMTP client and Postfix SMTP server IP
+address and port information to the Cyrus SASL library.
+This is compatible with Postfix < 3.2.
+.IP \fB\-DNO_KQUEUE\fR
+Do not build with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE support.
+By default, KQUEUE support is compiled in on platforms that
+are known to support it.
+.IP \fB\-DNO_NIS\fR
+Do not build with NIS or NISPLUS support. Support for NIS
+is unavailable on some recent Linux distributions.
+.IP \fB\-DNO_NISPLUS\fR
+Do not build with NISPLUS support. Support for NISPLUS
+is unavailable on some recent Solaris distributions.
+.IP \fB\-DNO_PCRE\fR
+Do not build with PCRE support.
+By default, PCRE support is compiled in when the \fBpcre\-config\fR
+utility is installed.
+.IP \fB\-DNO_POSIX_GETPW_R\fR
+Disable support for POSIX getpwnam_r/getpwuid_r.
+.IP \fB\-DNO_SIGSETJMP\fR
+Use setjmp()/longjmp() instead of sigsetjmp()/siglongjmp().
+By default, Postfix uses sigsetjmp()/siglongjmp() when they
+appear to work.
+.IP \fB\-DNO_SNPRINTF\fR
+Use sprintf() instead of snprintf(). By default, Postfix
+uses snprintf() except on ancient systems.
+.RE
+.IP \fBDEBUG=\fIdebug_level\fR
+Specifies a non\-default debugging level. The default is \fB\-g\fR.
+Specify \fBDEBUG=\fR to turn off debugging.
+.IP \fBOPT=\fIoptimization_level\fR
+Specifies a non\-default optimization level. The default is \fB\-O\fR.
+Specify \fBOPT=\fR to turn off optimization.
+.IP \fBPOSTFIX_INSTALL_OPTS=\fI\-option...\fR
+Specifies options for the postfix\-install command, separated
+by whitespace. Currently, the only supported option is
+\fB\-keep\-build\-mtime\fR.
+.IP \fBSHLIB_CFLAGS=\fIflags\fR
+Override the compiler flags (typically, "\-fPIC") for Postfix
+dynamically\-linked libraries and database plugins.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBSHLIB_RPATH=\fIrpath\fR
+Override the runpath (typically, "'\-Wl,\-rpath,${SHLIB_DIR}'")
+for Postfix dynamically\-linked libraries.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBSHLIB_SUFFIX=\fIsuffix\fR
+Override the filename suffix (typically, ".so") for Postfix
+dynamically\-linked libraries and database plugins.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBshared=yes\fR
+.IP \fBshared=no\fR
+Enable (disable) Postfix builds with dynamically\-linked
+libraries typically named $shlib_directory/libpostfix\-*.so.*.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBdynamicmaps=yes\fR
+.IP \fBdynamicmaps=no\fR
+Enable (disable) Postfix builds with the configuration file
+$meta_directory/dynamicmaps.cf and dynamically\-loadable
+database plugins typically named postfix\-*.so.*.  The setting
+"dynamicmaps=yes" implicitly enables Postfix dynamically\-linked
+libraries.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBpie=yes\fR
+.IP \fBpie=no\fR
+Enable (disable) Postfix builds with position\-independent
+executables, on platforms where this is supported.
+
+This feature was introduced with Postfix 3.0.
+.IP \fIinstallation_parameter\fB=\fIvalue\fR...
+Override the compiled\-in default value of the specified
+installation parameter(s). The following parameters are
+supported in this context:
+
+command_directory config_directory daemon_directory
+data_directory default_database_type html_directory
+mail_spool_directory mailq_path manpage_directory meta_directory
+newaliases_path queue_directory readme_directory sendmail_path
+shlib_directory openssl_path
+
+See the postconf(5) manpage for a description of these
+parameters.
+
+This feature was introduced with Postfix 3.0.
+.IP \fBWARN=\fIwarning_flags\fR
+Specifies non\-default gcc compiler warning options for use when
+"make" is invoked in a source subdirectory only.
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
+
+Wietse Venema
+Google, Inc.
+111 8th Avenue
+New York, NY 10011, USA
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 77abb31ba..b9e0ac7fd 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -324,7 +324,7 @@ while (<>) {
     s;\bmail_owner\b;<a href="postconf.5.html#mail_owner">$&</a>;g;
     s;\bmail_release_date\b;<a href="postconf.5.html#mail_release_date">$&</a>;g;
     s;\bmail_spool_direc[-</bB>]*\n* *[<bB>]*tory\b;<a href="postconf.5.html#mail_spool_directory">$&</a>;g;
-    s;\bmail_version\b;<a href="postconf.5.html#mail_version">$&</a>;g;
+    s;\bmail_ver[-</bB>]*\n* *[<bB>]*sion\b;<a href="postconf.5.html#mail_version">$&</a>;g;
     s;\bmail[-</bB>]*\n* *[<bB>]*box_com[-</bB>]*\n* *[<bB>]*mand\b;<a href="postconf.5.html#mailbox_command">$&</a>;g;
     s;\bmail[-</bB>]*\n* *[<bB>]*box_com[-</bB>]*\n* *[<bB>]*mand_maps\b;<a href="postconf.5.html#mailbox_command_maps">$&</a>;g;
     s;\bmail[-</bB>]*\n* *[<bB>]*box_deliv[-</Bb>]*\n* *[<Bb>]*ery_lock\b;<a href="postconf.5.html#mailbox_delivery_lock">$&</a>;g;
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index f0bc7ae4d..c0c59cf3a 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180701"
+#define MAIL_RELEASE_DATE	"20180707"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/sent.c b/postfix/src/global/sent.c
index 2a3e6c23b..9a6187a38 100644
--- a/postfix/src/global/sent.c
+++ b/postfix/src/global/sent.c
@@ -16,7 +16,7 @@
 /* DESCRIPTION
 /*	sent() logs that a message was successfully delivered,
 /*	updates the address verification service, or updates a
-/*	message delivery record on request by the sender. The
+/*	sender-requested message delivery record. The
 /*	flags argument determines the action.
 /*
 /*	Arguments:
@@ -32,10 +32,10 @@
 /*	The message is a user-requested address expansion probe.
 /*	Update the message delivery record.
 /* .IP DEL_REQ_FLAG_RECORD
-/* .IP DEL_REQ_FLAG_REC_SENT
 /*	This is a normal message with logged delivery. Update the
 /*	the message delivery record.
-/* .RE .IP queue_id
+/* .RE
+/* .IP queue_id
 /*	The message queue id.
 /* .IP stats
 /*	Time stamps from different message delivery stages
diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c
index b278e040a..2cde36391 100644
--- a/postfix/src/postqueue/postqueue.c
+++ b/postfix/src/postqueue/postqueue.c
@@ -537,7 +537,6 @@ MAIL_VERSION_STAMP_DECLARE;
 int     main(int argc, char **argv)
 {
     struct stat st;
-    char   *slash;
     int     c;
     int     fd;
     int     mode = PQ_MODE_DEFAULT;
diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c
index 6162f77a9..366c97f56 100644
--- a/postfix/src/posttls-finger/posttls-finger.c
+++ b/postfix/src/posttls-finger/posttls-finger.c
@@ -531,14 +531,13 @@ static RESPONSE *response(STATE *state, int verbose)
     char   *cp;
 
     /*
-     * Initialize the response data buffer. Defend against a denial of
-     * service attack by limiting the amount of multi-line text that we are
+     * Initialize the response data buffer. smtp_get() defends against a
+     * denial of service attack by limiting the amount of single-line text,
+     * and the loop below limits the amount of multi-line text that we are
      * willing to store.
      */
-    if (rdata.buf == 0) {
+    if (rdata.buf == 0)
 	rdata.buf = vstring_alloc(100);
-	vstring_ctl(rdata.buf, CA_VSTRING_CTL_MAXLEN(var_line_limit), 0);
-    }
 
     /*
      * Censor out non-printable characters in server responses. Concatenate
@@ -562,10 +561,12 @@ static RESPONSE *response(STATE *state, int verbose)
 	    cp++;
 	while (ISSPACE(*cp))
 	    cp++;
-	vstring_strcat(rdata.buf, cp);
+	if (VSTRING_LEN(rdata.buf) < var_line_limit)
+	    vstring_strcat(rdata.buf, cp);
 	if (more == 0)
 	    break;
-	VSTRING_ADDCH(rdata.buf, '\n');
+	if (VSTRING_LEN(rdata.buf) < var_line_limit)
+	    VSTRING_ADDCH(rdata.buf, '\n');
     }
     VSTRING_TERMINATE(rdata.buf);
     rdata.str = vstring_str(rdata.buf);
@@ -1616,11 +1617,10 @@ static int finger(STATE *state)
     int     err;
 
     /*
-     * Make sure the SMTP server cannot run us out of memory by sending
-     * never-ending lines of text.
+     * smtp_get() makes sure the SMTP server cannot run us out of memory by
+     * sending never-ending lines of text.
      */
     state->buffer = vstring_alloc(100);
-    vstring_ctl(state->buffer, CA_VSTRING_CTL_MAXLEN(var_line_limit), 0);
     state->why = dsb_create();
 
     if (!(err = connect_dest(state))) {
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index d319f693c..073310a47 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -73,16 +73,19 @@
 /* .IP reverse_name_status
 /*	The reverse_name_status result field specifies how the
 /*	reverse_name information should be interpreted:
-/* .RS .IP 2
+/* .RS
+/* .IP 2
 /*	The address->name lookup succeeded.
 /* .IP 4
 /*	The address->name lookup failed with a recoverable error.
 /* .IP 5
 /*	The address->name lookup failed with an unrecoverable error.
-/* .RE .IP forward_name_status
+/* .RE
+/* .IP forward_name_status
 /*	The forward_name_status result field specifies how the
 /*	forward_name information should be interpreted:
-/* .RS .IP 2
+/* .RS
+/* .IP 2
 /*	The address->name and name->address lookup succeeded.
 /* .IP 4
 /*	The address->name lookup or name->address failed with a
diff --git a/postfix/src/smtpstone/smtp-source.c b/postfix/src/smtpstone/smtp-source.c
index b56d5bb37..be388d614 100644
--- a/postfix/src/smtpstone/smtp-source.c
+++ b/postfix/src/smtpstone/smtp-source.c
@@ -304,14 +304,13 @@ static RESPONSE *response(VSTREAM *stream, VSTRING *buf)
     char   *cp;
 
     /*
-     * Initialize the response data buffer. Defend against a denial of
-     * service attack by limiting the amount of multi-line text that we are
+     * Initialize the response data buffer. smtp_get() defends against a
+     * denial of service attack by limiting the amount of single-line text,
+     * and the loop below limits the amount of multi-line text that we are
      * willing to store.
      */
-    if (rdata.buf == 0) {
+    if (rdata.buf == 0)
 	rdata.buf = vstring_alloc(100);
-	vstring_ctl(rdata.buf, CA_VSTRING_CTL_MAXLEN(var_line_limit), 0);
-    }
 
     /*
      * Censor out non-printable characters in server responses. Concatenate
@@ -335,10 +334,12 @@ static RESPONSE *response(VSTREAM *stream, VSTRING *buf)
 	    cp++;
 	while (ISSPACE(*cp))
 	    cp++;
-	vstring_strcat(rdata.buf, cp);
+	if (VSTRING_LEN(rdata.buf) < var_line_limit)
+	    vstring_strcat(rdata.buf, cp);
 	if (more == 0)
 	    break;
-	VSTRING_ADDCH(rdata.buf, '\n');
+	if (VSTRING_LEN(rdata.buf) < var_line_limit)
+	    VSTRING_ADDCH(rdata.buf, '\n');
     }
     VSTRING_TERMINATE(rdata.buf);
     rdata.str = vstring_str(rdata.buf);
@@ -1142,13 +1143,11 @@ int     main(int argc, char **argv)
     }
 
     /*
-     * Make sure the SMTP server cannot run us out of memory by sending
-     * never-ending lines of text.
+     * smtp_get() makes sure the SMTP server cannot run us out of memory by
+     * sending never-ending lines of text.
      */
-    if (buffer == 0) {
+    if (buffer == 0)
 	buffer = vstring_alloc(100);
-	vstring_ctl(buffer, CA_VSTRING_CTL_MAXLEN(var_line_limit), 0);
-    }
 
     /*
      * Make sure we have sender and recipient addresses.
diff --git a/postfix/src/util/dict_utf8.c b/postfix/src/util/dict_utf8.c
index 1a31f12a2..c0e37a05a 100644
--- a/postfix/src/util/dict_utf8.c
+++ b/postfix/src/util/dict_utf8.c
@@ -104,8 +104,9 @@ static char *dict_utf8_check_fold(DICT *dict, const char *string,
     /*
      * Casefold UTF-8.
      */
-    if (fold_flag != 0 && (fold_flag & (dict->flags & DICT_FLAG_FIXED) ?
-			   DICT_FLAG_FOLD_FIX : DICT_FLAG_FOLD_MUL)) {
+    if (fold_flag != 0
+	&& (fold_flag & ((dict->flags & DICT_FLAG_FIXED) ?
+			 DICT_FLAG_FOLD_FIX : DICT_FLAG_FOLD_MUL))) {
 	if (dict->fold_buf == 0)
 	    dict->fold_buf = vstring_alloc(10);
 	return (casefold(dict->fold_buf, string));
diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c
index 39cfd06f2..26c1ad6e5 100644
--- a/postfix/src/util/vstream.c
+++ b/postfix/src/util/vstream.c
@@ -15,6 +15,10 @@
 /*	int	fd;
 /*	int	flags;
 /*
+/*	VSTREAM	*vstream_memopen(string, flags)
+/*	VSTRING	*string;
+/*	int	flags;
+/*
 /*	int	vstream_fclose(stream)
 /*	VSTREAM	*stream;
 /*
@@ -190,6 +194,14 @@
 /*	stream with it. The \fIflags\fR argument specifies how the file
 /*	was opened. vstream_fdopen() either succeeds or never returns.
 /*
+/*	vstream_memopen() opens a VSTRING as a stream. The \fIflags\fR
+/*	argument must specify one of O_RDONLY, O_WRONLY, or O_APPEND.
+/*	vstream_memopen() either succeeds or never returns. Streams
+/*	opened with vstream_memopen() have limitations: they can't
+/*	be opened in read/write mode, they can't seek beyond the
+/*	end of the VSTRING, and they support none of the methods
+/*	that require a file descriptor.
+/*
 /*	vstream_fclose() closes the named buffered stream. The result
 /*	is 0 in case of success, VSTREAM_EOF in case of problems.
 /*	vstream_fclose() reports the same errors as vstream_ferror().
@@ -986,7 +998,7 @@ static int vstream_buf_space(VBUF *bp, ssize_t want)
     if (bp->put_ready == 0)
 	msg_panic("%s: read-only stream", myname);
     if (want < 0)
-        msg_panic("%s: bad length %ld", myname, (long) want);
+	msg_panic("%s: bad length %ld", myname, (long) want);
     switch (bp->flags & (VSTREAM_FLAG_READ | VSTREAM_FLAG_WRITE)) {
     case VSTREAM_FLAG_READ:			/* change direction */
 	bp->flags &= ~VSTREAM_FLAG_READ;
@@ -1095,6 +1107,14 @@ off_t   vstream_fseek(VSTREAM *stream, off_t offset, int whence)
     const char *myname = "vstream_fseek";
     VBUF   *bp = &stream->buf;
 
+    /*
+     * TODO: fseek/ftell for memory buffer.
+     */
+    if (stream->buf.flags & VSTREAM_FLAG_MEMORY) {
+	stream->buf.flags |= VSTREAM_FLAG_ERR;
+	return (-1);
+    }
+
     /*
      * Flush any unwritten output. Discard any unread input. Position the
      * buffer at the end, so that the next GET or PUT operation triggers a
@@ -1158,6 +1178,14 @@ off_t   vstream_ftell(VSTREAM *stream)
 {
     VBUF   *bp = &stream->buf;
 
+    /*
+     * TODO: fseek/ftell for memory buffer.
+     */
+    if (stream->buf.flags & VSTREAM_FLAG_MEMORY) {
+	stream->buf.flags |= VSTREAM_FLAG_ERR;
+	return (-1);
+    }
+
     /*
      * Shave an unnecessary syscall.
      */
@@ -1199,6 +1227,28 @@ off_t   vstream_ftell(VSTREAM *stream)
     return (stream->offset);
 }
 
+/* vstream_subopen - initialize everything except buffers and I/O handlers */
+
+static VSTREAM *vstream_subopen(void)
+{
+    VSTREAM *stream;
+
+    /* Note: memset() is not a portable way to initialize non-integer types. */
+    stream = (VSTREAM *) mymalloc(sizeof(*stream));
+    stream->offset = 0;
+    stream->path = 0;
+    stream->pid = 0;
+    stream->waitpid_fn = 0;
+    stream->timeout = 0;
+    stream->context = 0;
+    stream->jbuf = 0;
+    stream->iotime.tv_sec = stream->iotime.tv_usec = 0;
+    stream->time_limit.tv_sec = stream->time_limit.tv_usec = 0;
+    stream->req_bufsize = 0;
+    stream->vstring = 0;
+    return (stream);
+}
+
 /* vstream_fdopen - add buffering to pre-opened stream */
 
 VSTREAM *vstream_fdopen(int fd, int flags)
@@ -1218,21 +1268,11 @@ VSTREAM *vstream_fdopen(int fd, int flags)
      * have a really ugly interface with lots of mostly-unused arguments (can
      * you say VMS?).
      */
-    stream = (VSTREAM *) mymalloc(sizeof(*stream));
+    stream = vstream_subopen();
     stream->fd = fd;
     stream->read_fn = VSTREAM_CAN_READ(flags) ? (VSTREAM_RW_FN) timed_read : 0;
     stream->write_fn = VSTREAM_CAN_WRITE(flags) ? (VSTREAM_RW_FN) timed_write : 0;
     vstream_buf_init(&stream->buf, flags);
-    stream->offset = 0;
-    stream->path = 0;
-    stream->pid = 0;
-    stream->waitpid_fn = 0;
-    stream->timeout = 0;
-    stream->context = 0;
-    stream->jbuf = 0;
-    stream->iotime.tv_sec = stream->iotime.tv_usec = 0;
-    stream->time_limit.tv_sec = stream->time_limit.tv_usec = 0;
-    stream->req_bufsize = 0;
     return (stream);
 }
 
@@ -1256,6 +1296,11 @@ VSTREAM *vstream_fopen(const char *path, int flags, mode_t mode)
 
 int     vstream_fflush(VSTREAM *stream)
 {
+    if (stream->buf.flags & VSTREAM_FLAG_MEMORY) {
+	if (stream->buf.flags & VSTREAM_FLAG_WRITE)
+	    memcpy(&stream->vstring->vbuf, &stream->buf, sizeof(stream->buf));
+	return (0);
+    }
     if ((stream->buf.flags & VSTREAM_FLAG_READ_DOUBLE)
 	== VSTREAM_FLAG_READ_DOUBLE
 	&& stream->write_buf.len > stream->write_buf.cnt)
@@ -1293,7 +1338,8 @@ int     vstream_fclose(VSTREAM *stream)
     } else {
 	if (stream->fd >= 0)
 	    err |= close(stream->fd);
-	vstream_buf_wipe(&stream->buf);
+	if ((stream->buf.flags & VSTREAM_FLAG_MEMORY) == 0)
+	    vstream_buf_wipe(&stream->buf);
     }
     if (stream->path)
 	myfree(stream->path);
@@ -1397,6 +1443,9 @@ void    vstream_control(VSTREAM *stream, int name,...)
 	    stream->path = mystrdup(va_arg(ap, char *));
 	    break;
 	case VSTREAM_CTL_DOUBLE:
+	    if (stream->buf.flags & VSTREAM_FLAG_MEMORY)
+		msg_panic("%s: memory stream does not support double buffering",
+			  VSTREAM_PATH(stream));
 	    if ((stream->buf.flags & VSTREAM_FLAG_DOUBLE) == 0) {
 		stream->buf.flags |= VSTREAM_FLAG_DOUBLE;
 		if (stream->buf.flags & VSTREAM_FLAG_READ) {
@@ -1601,6 +1650,40 @@ const char *vstream_peek_data(VSTREAM *vp)
     }
 }
 
+/* vstream_memopen - open a VSTRING */
+
+VSTREAM *vstream_memopen(VSTRING *string, int flags)
+{
+    VSTREAM *stream;
+
+    stream = vstream_subopen();
+    stream->fd = -1;
+    stream->read_fn = 0;
+    stream->write_fn = 0;
+    stream->vstring = string;
+    memcpy(&stream->buf, &stream->vstring->vbuf, sizeof(stream->buf));
+    stream->buf.flags |= (flags | VSTREAM_FLAG_MEMORY);
+    switch (VSTREAM_ACC_MASK(flags)) {
+    case O_RDONLY:
+	stream->buf.flags |= VSTREAM_FLAG_READ;
+	stream->buf.len = stream->buf.ptr - stream->buf.data;
+	VSTREAM_BUF_AT_OFFSET(&stream->buf, 0);
+	break;
+    case O_WRONLY:
+	stream->buf.flags |= VSTREAM_FLAG_WRITE;
+	VSTREAM_BUF_AT_OFFSET(&stream->buf, 0);
+	break;
+    case O_APPEND:
+	stream->buf.flags |= VSTREAM_FLAG_WRITE;
+	VSTREAM_BUF_AT_END(&stream->buf);
+	break;
+    default:
+	msg_panic("vstream_memopen: flags must be one of "
+		  "O_RDONLY, O_WRONLY, or O_APPEND");
+    }
+    return (stream);
+}
+
 #ifdef TEST
 
 static void copy_line(ssize_t bufsize)
@@ -1623,6 +1706,31 @@ static void printf_number(void)
     vstream_fflush(VSTREAM_OUT);
 }
 
+static void do_memory_stream(void)
+{
+    VSTRING *buf = vstring_alloc(1);
+    VSTREAM *fp = vstream_memopen(buf, O_WRONLY);
+    int     ch;
+
+    vstream_fprintf(fp, "hello world\n");
+    if (vstream_fflush(fp))
+	msg_fatal("vstream_fflush: %m");
+    vstream_fclose(fp);
+    VSTRING_TERMINATE(buf);
+
+    vstream_printf("content of buffer[%ld]: %s",
+		   (long) VSTRING_LEN(buf), vstring_str(buf));
+    vstream_fflush(VSTREAM_OUT);
+
+    vstream_printf("read from buffer[%ld]: ", (long) VSTRING_LEN(buf));
+    fp = vstream_memopen(buf, O_RDONLY);
+    while ((ch = VSTREAM_GETC(fp)) != VSTREAM_EOF)
+	VSTREAM_PUTCHAR(ch);
+    vstream_fflush(VSTREAM_OUT);
+    vstream_fclose(fp);
+    vstring_free(buf);
+}
+
  /*
   * Exercise some of the features.
   */
@@ -1637,6 +1745,8 @@ int     main(int argc, char **argv)
     copy_line(2);				/* two-byte read/write */
     copy_line(1);				/* two-byte read/write */
     printf_number();				/* multi-byte write */
+    do_memory_stream();
+
     exit(0);
 }
 
diff --git a/postfix/src/util/vstream.h b/postfix/src/util/vstream.h
index 9ee33325f..ac6b02ca5 100644
--- a/postfix/src/util/vstream.h
+++ b/postfix/src/util/vstream.h
@@ -44,7 +44,7 @@ typedef struct VSTREAM {
     VBUF    buf;			/* generic intelligent buffer */
     int     fd;				/* file handle, no 256 limit */
     VSTREAM_RW_FN read_fn;		/* buffer fill action */
-    VSTREAM_RW_FN write_fn;		/* buffer fill action */
+    VSTREAM_RW_FN write_fn;		/* buffer flush action */
     ssize_t req_bufsize;		/* requested read/write buffer size */
     void   *context;			/* application context */
     off_t   offset;			/* cached seek info */
@@ -59,6 +59,7 @@ typedef struct VSTREAM {
     VSTREAM_JMP_BUF *jbuf;		/* exception handling */
     struct timeval iotime;		/* time of last fill/flush */
     struct timeval time_limit;		/* read/write time limit */
+    struct VSTRING *vstring;		/* memory-backed stream */
 } VSTREAM;
 
 extern VSTREAM vstream_fstd[];		/* pre-defined streams */
@@ -78,12 +79,14 @@ extern VSTREAM vstream_fstd[];		/* pre-defined streams */
 #define VSTREAM_FLAG_FIXED	VBUF_FLAG_FIXED	/* fixed-size buffer */
 #define VSTREAM_FLAG_BAD	VBUF_FLAG_BAD
 
+/* Flags 1<<24 and above are reserved for VSTRING. */
 #define VSTREAM_FLAG_READ	(1<<8)	/* read buffer */
 #define VSTREAM_FLAG_WRITE	(1<<9)	/* write buffer */
 #define VSTREAM_FLAG_SEEK	(1<<10)	/* seek info valid */
 #define VSTREAM_FLAG_NSEEK	(1<<11)	/* can't seek this file */
 #define VSTREAM_FLAG_DOUBLE	(1<<12)	/* double buffer */
 #define VSTREAM_FLAG_DEADLINE	(1<<13)	/* deadline active */
+#define VSTREAM_FLAG_MEMORY	(1<<14)	/* internal stream */
 
 #define VSTREAM_PURGE_READ	(1<<0)	/* flush unread data */
 #define VSTREAM_PURGE_WRITE	(1<<1)	/* flush unwritten data */
@@ -257,6 +260,11 @@ extern int vstream_tweak_tcp(VSTREAM *);
 
 #define vstream_flags(stream) ((const int) (stream)->buf.flags)
 
+ /*
+  * Read/write VSTRING memory.
+  */
+VSTREAM *vstream_memopen(struct VSTRING *, int);
+
 /* LICENSE
 /* .ad
 /* .fi
diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c
index fa1586e3e..8fc0a9beb 100644
--- a/postfix/src/util/vstring.c
+++ b/postfix/src/util/vstring.c
@@ -324,7 +324,7 @@ static void vstring_extend(VBUF *bp, ssize_t incr)
 
 static int vstring_buf_get_ready(VBUF *unused_buf)
 {
-    msg_panic("vstring_buf_get: write-only buffer");
+    return (VBUF_EOF);			/* be VSTREAM-friendly */
 }
 
 /* vstring_buf_put_ready - vbuf callback for write buffer full condition */
@@ -371,7 +371,6 @@ VSTRING *vstring_alloc(ssize_t len)
     vp->vbuf.get_ready = vstring_buf_get_ready;
     vp->vbuf.put_ready = vstring_buf_put_ready;
     vp->vbuf.space = vstring_buf_space;
-    vp->maxlen = 0;
     return (vp);
 }
 
@@ -397,11 +396,6 @@ void    vstring_ctl(VSTRING *vp,...)
 	switch (code) {
 	default:
 	    msg_panic("vstring_ctl: unknown code: %d", code);
-	case VSTRING_CTL_MAXLEN:
-	    vp->maxlen = va_arg(ap, ssize_t);
-	    if (vp->maxlen < 0)
-		msg_panic("vstring_ctl: bad max length %ld", (long) vp->maxlen);
-	    break;
 	case VSTRING_CTL_EXACT:
 	    vp->vbuf.flags |= VSTRING_FLAG_EXACT;
 	    break;
@@ -593,7 +587,6 @@ VSTRING *vstring_import(char *str)
     vp->vbuf.get_ready = vstring_buf_get_ready;
     vp->vbuf.put_ready = vstring_buf_put_ready;
     vp->vbuf.space = vstring_buf_space;
-    vp->maxlen = 0;
     return (vp);
 }
 
diff --git a/postfix/src/util/vstring.h b/postfix/src/util/vstring.h
index f71ad77f2..c12649173 100644
--- a/postfix/src/util/vstring.h
+++ b/postfix/src/util/vstring.h
@@ -28,7 +28,6 @@
   */
 typedef struct VSTRING {
     VBUF    vbuf;
-    ssize_t maxlen;
 } VSTRING;
 
 extern VSTRING *vstring_alloc(ssize_t);
@@ -51,18 +50,17 @@ extern char *vstring_export(VSTRING *);
 extern VSTRING *vstring_import(char *);
 
 /* Legacy API: constant plus type-unchecked argument. */
-#define VSTRING_CTL_MAXLEN	1
 #define VSTRING_CTL_EXACT	2
 #define VSTRING_CTL_END		0
 
 /* Safer API: type-checked arguments. */
 #define CA_VSTRING_CTL_END		VSTRING_CTL_END
 #define CA_VSTRING_CTL_EXACT		VSTRING_CTL_EXACT
-#define CA_VSTRING_CTL_MAXLEN(val)	VSTRING_CTL_MAXLEN, CHECK_VAL(VSTRING_CTL, ssize_t, (val))
 
 CHECK_VAL_HELPER_DCL(VSTRING_CTL, ssize_t);
 
-#define VSTRING_FLAG_EXACT	(1<<8)	/* exact allocation for tests */
+/* Flags 24..31 are reserved for VSTRING. */
+#define VSTRING_FLAG_EXACT	(1<<24)	/* exact allocation for tests */
 
  /*
   * Macros. Unsafe macros have UPPERCASE names.