diff -Nru postfix-3.0.4/conf/access postfix-3.1.0/conf/access --- postfix-3.0.4/conf/access 2015-02-08 17:03:58.000000000 +0000 +++ postfix-3.1.0/conf/access 2016-02-14 01:39:25.000000000 +0000 @@ -355,10 +355,11 @@ # REDIRECT user@domain # After the message is queued, send the message to # the specified address instead of the intended -# recipient(s). +# recipient(s). When multiple REDIRECT actions fire, +# only the last one takes effect. # -# Note: this action overrides the FILTER action, and -# currently affects all recipients of the message. +# Note: this action overrides the FILTER action, and +# currently overrides all recipients of the message. # # This feature is available in Postfix 2.1 and later. # @@ -484,4 +485,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # ACCESS(5) diff -Nru postfix-3.0.4/conf/aliases postfix-3.1.0/conf/aliases --- postfix-3.0.4/conf/aliases 2012-10-15 16:49:03.000000000 +0000 +++ postfix-3.1.0/conf/aliases 2016-02-14 01:39:26.000000000 +0000 @@ -60,11 +60,11 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions. In this case, the lookups are done in a slightly -# different way as described below under "REGULAR EXPRESSION -# TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR +# EXPRESSION TABLES". # # Users can control delivery of their own mail by setting up # .forward files in their home directory. Lines in per-user @@ -254,4 +254,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # ALIASES(5) diff -Nru postfix-3.0.4/conf/canonical postfix-3.1.0/conf/canonical --- postfix-3.0.4/conf/canonical 2013-04-11 21:48:05.000000000 +0000 +++ postfix-3.1.0/conf/canonical 2016-02-14 01:39:26.000000000 +0000 @@ -27,12 +27,12 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those cases, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" -# or "TCP-BASED TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to TCP-based +# server. In those cases, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". # # By default the canonical(5) mapping affects both message # header addresses (i.e. addresses that appear inside mes- @@ -275,4 +275,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # CANONICAL(5) diff -Nru postfix-3.0.4/conf/generic postfix-3.1.0/conf/generic --- postfix-3.0.4/conf/generic 2007-03-27 00:06:04.000000000 +0000 +++ postfix-3.1.0/conf/generic 2016-02-14 01:39:26.000000000 +0000 @@ -40,12 +40,12 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those case, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" -# or "TCP-BASED TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". # # CASE FOLDING # The search string is folded to lowercase before database @@ -237,4 +237,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # GENERIC(5) diff -Nru postfix-3.0.4/conf/header_checks postfix-3.1.0/conf/header_checks --- postfix-3.0.4/conf/header_checks 2015-01-29 22:33:47.000000000 +0000 +++ postfix-3.1.0/conf/header_checks 2016-02-14 01:39:26.000000000 +0000 @@ -176,10 +176,11 @@ # case for consistency with other Postfix documentation. # # BCC user@domain -# Add the specified address as a BCC recipient. The -# address must have a local part and domain part. The -# number of BCC addresses that can be added is lim- -# ited only by the amount of available storage space. +# Add the specified address as a BCC recipient, and +# inspect the next input line. The address must have +# a local part and domain part. The number of BCC +# addresses that can be added is limited only by the +# amount of available storage space. # # Note 1: the BCC address is added as if it was spec- # ified with NOTIFY=NONE. The sender will not be @@ -197,11 +198,12 @@ # # DISCARD optional text... # Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# message. Do not inspect the remainder of the input +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. To discard only one recip- # ient without discarding the entire message, use the # transport(5) table to direct mail to the discard(8) @@ -212,43 +214,45 @@ # This feature is not supported with smtp header/body # checks. # -# DUNNO Pretend that the input line did not match any pat- -# tern, and inspect the next input line. This action +# DUNNO Pretend that the input line did not match any pat- +# tern, and inspect the next input line. This action # can be used to shorten the table search. # -# For backwards compatibility reasons, Postfix also -# accepts OK but it is (and always has been) treated +# For backwards compatibility reasons, Postfix also +# accepts OK but it is (and always has been) treated # as DUNNO. # # This feature is available in Postfix 2.1 and later. # # FILTER transport:destination -# After the message is queued, send the entire mes- -# sage through the specified external content filter. -# The transport name specifies the first field of a -# mail delivery agent definition in master.cf; the -# syntax of the next-hop destination is described in -# the manual page of the corresponding delivery -# agent. More information about external content -# filters is in the Postfix FILTER_README file. +# Override the content_filter parameter setting, and +# inspect the next input line. After the message is +# queued, send the entire message through the speci- +# fied external content filter. The transport name +# specifies the first field of a mail delivery agent +# definition in master.cf; the syntax of the next-hop +# destination is described in the manual page of the +# corresponding delivery agent. More information +# about external content filters is in the Postfix +# FILTER_README file. # -# Note 1: do not use $number regular expression sub- -# stitutions for transport or destination unless you +# Note 1: do not use $number regular expression sub- +# stitutions for transport or destination unless you # know that the information has a trusted origin. # -# Note 2: this action overrides the main.cf con- -# tent_filter setting, and affects all recipients of -# the message. In the case that multiple FILTER +# Note 2: this action overrides the main.cf con- +# tent_filter setting, and affects all recipients of +# the message. In the case that multiple FILTER # actions fire, only the last one is executed. # -# Note 3: the purpose of the FILTER command is to -# override message routing. To override the recipi- -# ent's transport but not the next-hop destination, -# specify an empty filter destination (Postfix 2.7 +# Note 3: the purpose of the FILTER command is to +# override message routing. To override the recipi- +# ent's transport but not the next-hop destination, +# specify an empty filter destination (Postfix 2.7 # and later), or specify a transport:destination that -# delivers through a different Postfix instance -# (Postfix 2.6 and earlier). Other options are using -# the recipient-dependent transport_maps or the sen- +# delivers through a different Postfix instance +# (Postfix 2.6 and earlier). Other options are using +# the recipient-dependent transport_maps or the sen- # der-dependent sender_dependent_default_transport- # _maps features. # @@ -258,23 +262,23 @@ # checks. # # HOLD optional text... -# Arrange for the message to be placed on the hold -# queue, and inspect the next input line. The mes- -# sage remains on hold until someone either deletes -# it or releases it for delivery. Log the optional +# Arrange for the message to be placed on the hold +# queue, and inspect the next input line. The mes- +# sage remains on hold until someone either deletes +# it or releases it for delivery. Log the optional # text if specified, otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: use "postsuper -r" to release mail that was -# kept on hold for a significant fraction of $maxi- +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- # mal_queue_lifetime or $bounce_queue_lifetime, or -# longer. Use "postsuper -H" only for mail that will +# longer. Use "postsuper -H" only for mail that will # not expire within a few delivery attempts. # -# Note: this action affects all recipients of the +# Note: this action affects all recipients of the # message. # # This feature is available in Postfix 2.0 and later. @@ -287,33 +291,33 @@ # # INFO optional text... # Log an "info:" record with the optional text... (or -# log a generic text), and inspect the next input -# line. This action is useful for routine logging or +# log a generic text), and inspect the next input +# line. This action is useful for routine logging or # for debugging. # # This feature is available in Postfix 2.8 and later. # # PREPEND text... -# Prepend one line with the specified text, and +# Prepend one line with the specified text, and # inspect the next input line. # # Notes: # -# o The prepended text is output on a separate +# o The prepended text is output on a separate # line, immediately before the input that # triggered the PREPEND action. # # o The prepended text is not considered part of -# the input stream: it is not subject to +# the input stream: it is not subject to # header/body checks or address rewriting, and # it does not affect the way that Postfix adds # missing message headers. # # o When prepending text before a message header -# line, the prepended text must begin with a +# line, the prepended text must begin with a # valid message header label. # -# o This action cannot be used to prepend +# o This action cannot be used to prepend # multi-line text. # # This feature is available in Postfix 2.1 and later. @@ -322,14 +326,14 @@ # ter_header_checks. # # REDIRECT user@domain -# Write a message redirection request to the queue -# file, and inspect the next input line. After the +# Write a message redirection request to the queue +# file, and inspect the next input line. After the # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- +# Note: this action overrides the FILTER action, and +# affects all recipients of the message. If multiple +# REDIRECT actions fire, only the last one is exe- # cuted. # # This feature is available in Postfix 2.1 and later. @@ -338,33 +342,34 @@ # checks. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Reply with optional -# text... when the optional text is specified, other- -# wise reply with a generic error message. +# Reject the entire message. Do not inspect the +# remainder of the input message. Reply with +# optional text... when the optional text is speci- +# fied, otherwise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -376,38 +381,38 @@ # checks. # # WARN optional text... -# Log a "warning:" record with the optional text... +# Log a "warning:" record with the optional text... # (or log a generic text), and inspect the next input -# line. This action is useful for debugging and for -# testing a pattern before applying more drastic +# line. This action is useful for debugging and for +# testing a pattern before applying more drastic # actions. # # BUGS # Empty lines never match, because some map types mis-behave -# when given a zero-length search string. This limitation -# may be removed for regular expression tables in a future +# when given a zero-length search string. This limitation +# may be removed for regular expression tables in a future # release. # -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) +# o If text in the message body is encoded (RFC 2045) # then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # @@ -415,11 +420,11 @@ # body_checks # Lookup tables with content filter rules for message # body lines. These filters see one physical line at -# a time, in chunks of at most $line_length_limit +# a time, in chunks of at most $line_length_limit # bytes. # # body_checks_size_limit -# The amount of content per message body segment +# The amount of content per message body segment # (attachment) that is subjected to $body_checks fil- # tering. # @@ -429,35 +434,35 @@ # # nested_header_checks (default: $header_checks) # Lookup tables with content filter rules for message -# header lines: respectively, these are applied to -# the initial message headers (not including MIME -# headers), to the MIME headers anywhere in the mes- -# sage, and to the initial headers of attached mes- +# header lines: respectively, these are applied to +# the initial message headers (not including MIME +# headers), to the MIME headers anywhere in the mes- +# sage, and to the initial headers of attached mes- # sages. # -# Note: these filters see one logical message header -# at a time, even when a message header spans multi- -# ple lines. Message headers that are longer than +# Note: these filters see one logical message header +# at a time, even when a message header spans multi- +# ple lines. Message headers that are longer than # $header_size_limit characters are truncated. # # disable_mime_input_processing -# While receiving mail, give no special treatment to -# MIME related message headers; all text after the +# While receiving mail, give no special treatment to +# MIME related message headers; all text after the # initial message headers is considered to be part of -# the message body. This means that header_checks is -# applied to all the initial message headers, and +# the message body. This means that header_checks is +# applied to all the initial message headers, and # that body_checks is applied to the remainder of the # message. # -# Note: when used in this manner, body_checks will -# process a multi-line message header one line at a +# Note: when used in this manner, body_checks will +# process a multi-line message header one line at a # time. # # EXAMPLES -# Header pattern to block attachments with bad file name -# extensions. For convenience, the PCRE /x flag is speci- -# fied, so that there is no need to collapse the pattern -# into a single line of text. The purpose of the +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the # [[:xdigit:]] sub-expressions is to recognize Windows CLSID # strings. # @@ -496,7 +501,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -504,7 +509,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) @@ -513,4 +518,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # HEADER_CHECKS(5) diff -Nru postfix-3.0.4/conf/main.cf postfix-3.1.0/conf/main.cf --- postfix-3.0.4/conf/main.cf 2014-10-09 23:46:44.000000000 +0000 +++ postfix-3.1.0/conf/main.cf 2015-04-01 10:56:39.000000000 +0000 @@ -153,8 +153,8 @@ # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). diff -Nru postfix-3.0.4/conf/postfix-files postfix-3.1.0/conf/postfix-files --- postfix-3.0.4/conf/postfix-files 2015-07-22 21:22:59.000000000 +0000 +++ postfix-3.1.0/conf/postfix-files 2016-02-06 20:34:18.000000000 +0000 @@ -106,6 +106,7 @@ #$daemon_directory/postfix-files:f:root:-:644:o #$daemon_directory/postfix-files.d:d:root:-:755:o $daemon_directory/postfix-script:f:root:-:755 +$daemon_directory/postfix-tls-script:f:root:-:755 $daemon_directory/postfix-wrapper:f:root:-:755 $daemon_directory/postmulti-script:f:root:-:755 $daemon_directory/postscreen:f:root:-:755 @@ -170,6 +171,7 @@ $manpage_directory/man1/postconf.1:f:root:-:644 $manpage_directory/man1/postdrop.1:f:root:-:644 $manpage_directory/man1/postfix.1:f:root:-:644 +$manpage_directory/man1/postfix-tls.1:f:root:-:644 $manpage_directory/man1/postkick.1:f:root:-:644 $manpage_directory/man1/postlock.1:f:root:-:644 $manpage_directory/man1/postlog.1:f:root:-:644 diff -Nru postfix-3.0.4/conf/postfix-script postfix-3.1.0/conf/postfix-script --- postfix-3.0.4/conf/postfix-script 2014-06-27 14:05:15.000000000 +0000 +++ postfix-3.1.0/conf/postfix-script 2016-01-31 21:05:46.000000000 +0000 @@ -356,6 +356,11 @@ $daemon_directory/post-install "$@" ;; +tls) + shift + $daemon_directory/postfix-tls-script "$@" + ;; + /*) # Currently not part of the public interface. "$@" diff -Nru postfix-3.0.4/conf/postfix-tls-script postfix-3.1.0/conf/postfix-tls-script --- postfix-3.0.4/conf/postfix-tls-script 1970-01-01 00:00:00.000000000 +0000 +++ postfix-3.1.0/conf/postfix-tls-script 2016-02-25 00:50:58.000000000 +0000 @@ -0,0 +1,1149 @@ +#!/bin/sh + +#++ +# NAME +# postfix-tls 1 +# SUMMARY +# Postfix TLS management +# SYNOPSIS +# \fBpostfix tls\fR \fIsubcommand\fR +# DESCRIPTION +# The "\fBpostfix tls \fIsubcommand\fR" feature enables +# opportunistic TLS in the Postfix SMTP client or server, and +# manages Postfix SMTP server private keys and certificates. +# +# The following subcommands are available: +# .IP "\fBenable-client\fR [\fB-r \fIrandsource\fR]" +# Enable opportunistic TLS in the Postfix SMTP client, if all +# SMTP client TLS settings are at their default values. +# Otherwise, suggest parameter settings without making any +# changes. +# .sp +# Specify \fIrandsource\fR to update the value of the +# \fBtls_random_source\fR configuration parameter (typically, +# /dev/urandom). Prepend \fBdev:\fR to device paths or +# \fBegd:\fR to EGD socket paths. +# .sp +# See also the \fBall-default-client\fR subcommand. +# .IP "\fBenable-server\fR [\fB-r \fIrandsource\fR] [\fB-a \fIalgorithm\fR] [\fB-b \fIbits\fR] [\fIhostname\fB...\fR]" +# Create a new private key and self-signed server certificate +# and enable opportunistic TLS in the Postfix SMTP server, +# if all SMTP server TLS settings are at their default values. +# Otherwise, suggest parameter settings without making any +# changes. +# .sp +# The \fIrandsource\fR parameter is as with \fBenable-client\fR +# above, and the remaining options are as with \fBnew-server-key\fR +# below. +# .sp +# See also the \fBall-default-server\fR subcommand. +# .IP "\fBnew-server-key\fR [\fB-a \fIalgorithm\fR] [\fB-b \fIbits\fR] [\fIhostname\fB...\fR]" +# Create a new private key and self-signed server certificate, +# but do not deploy them. Log and display commands to deploy +# the new key and corresponding certificate. Also log and +# display commands to output a corresponding CSR or TLSA +# records which may be needed to obtain a CA certificate or +# to update DNS before the new key can be deployed. +# .sp +# The \fIalgorithm\fR defaults to \fBrsa\fR, and \fIbits\fR +# defaults to 2048. If you choose the \fBecdsa\fR \fIalgorithm\fR +# then \fIbits\fR will be an EC curve name (by default +# \fBsecp256r1\fR, also known as prime256v1). Curves other +# than \fBsecp256r1\fR, \fBsecp384r1\fR or \fBsecp521r1\fR +# are unlikely to be widely interoperable. When generating +# EC keys, use one of these three. DSA keys are obsolete and +# are not supported. +# .sp +# Note: ECDSA support requires OpenSSL 1.0.0 or later and may +# not be available on your system. Not all client systems +# will support ECDSA, so you'll generally want to deploy both +# RSA and ECDSA certificates to make use of ECDSA with +# compatible clients and RSA with the rest. If you want to +# deploy certificate chains with intermediate CAs for both +# RSA and ECDSA, you'll want at least OpenSSL 1.0.2, as earlier +# versions may not handle multiple chain files correctly. +# .sp +# The first \fIhostname\fR argument will be the \fBCommonName\fR +# of both the subject and issuer of the self-signed certificate. +# It, and any additional \fIhostname\fR arguments, will also +# be listed as DNS alternative names in the certificate. If +# no \fIhostname\fR is provided the value of the \fBmyhostname\fR +# main.cf parameter will be used. +# .sp +# For RSA, the generated private key and certificate files +# are named \fBkey-\fIyyyymmdd-hhmmss\fB.pem\fR and +# \fBcert-\fIyyyymmdd-hhmmss\fB.pem\fR, where \fIyyyymmdd\fR +# is the calendar date and \fIhhmmss\fR is the time of day +# in UTC. For ECDSA, the file names start with \fBeckey-\fR +# and \fBeccert-\fR instead of \fBkey-\fR and \fBcert-\fR +# respectively. +# .sp +# Before deploying the new key and certificate with DANE, +# update the DNS with new DANE TLSA records, then wait for +# secondary nameservers to update and then for stale records +# in remote DNS caches to expire. +# .sp +# Before deploying a new CA certificate make sure to include +# all the required intermediate issuing CA certificates in +# the certificate chain file. The server certificate must +# be the first certificate in the chain file. Overwrite and +# deploy the file with the original self-signed certificate +# that was generated together with the key. +# .IP "\fBnew-server-cert\fR [\fB-a \fIalgorithm\fR] [\fB-b \fIbits\fR] [\fIhostname\fB...\fR]" +# This is just like \fBnew-server-key\fR except that, rather +# than generating a new private key, any currently deployed +# private key is copied to the new key file. Thus if you're +# publishing DANE TLSA "3 1 1" or "3 1 2" records, there is +# no need to update DNS records. The \fIalgorithm\fR and +# \fIbits\fR arguments are used only if no key of the same +# algorithm is already configured. +# .sp +# This command is rarely needed, because the self-signed +# certificates generated have a 100-year nominal expiration +# time. The underlying public key algorithms may well be +# obsoleted by quantum computers long before then. +# .sp +# The most plausible reason for using this command is when +# the system hostname changes, and you'd like the name in the +# certificate to match the new hostname (not required for +# DANE "3 1 1", but some needlessly picky non-DANE opportunistic +# TLS clients may log warnings or even refuse to communicate). +# .IP "\fBdeploy-server-cert \fIcertfile\fB \fIkeyfile\fR" +# This subcommand deploys the certificates in \fIcertfile\fR +# and private key in \fIkeyfile\fR (which are typically +# generated by the commands above, which will also log and +# display the full command needed to deploy the generated key +# and certificate). After the new certificate and key are +# deployed any obsolete keys and certificates may be removed +# by hand. The \fIkeyfile\fR and \fIcertfile\fR filenames +# may be relative to the Postfix configuration directory. +# .IP "\fBoutput-server-csr\fR [\fB-k \fIkeyfile\fR] [\fIhostname\fB...\fR]" +# Write to stdout a certificate signing request (CSR) for the +# specified \fIkeyfile\fR. +# .sp +# Instead of an absolute pathname or a pathname relative to +# $config_directory, \fIkeyfile\fR may specify one of the +# supported key algorithm names (see "\fBpostconf -T +# public-key-algorithms\fR"). In that case, the corresponding +# setting from main.cf is used to locate the \fIkeyfile\fR. +# The default \fIkeyfile\fR value is \fBrsa\fR. +# .sp +# Zero or more \fIhostname\fR values can be specified. The +# default \fIhostname\fR is the value of \fBmyhostname\fR +# main.cf parameter. +# .IP "\fBoutput-server-tlsa\fR [\fB-h \fIhostname\fR] [\fIkeyfile\fB...\fR]" +# Write to stdout a DANE TLSA RRset suitable for a port 25 +# SMTP server on host \fIhostname\fR with keys from any of +# the specified \fIkeyfile\fR values. The default \fIhostname\fR +# is the value of the \fBmyhostname\fR main.cf parameter. +# .sp +# Instead of absolute pathnames or pathnames relative to +# $config_directory, the \fIkeyfile\fR list may specify +# names of supported public key algorithms (see "\fBpostconf +# -T public-key-algorithms\fR"). In that case, the actual +# \fIkeyfile\fR list uses the values of the corresponding +# Postfix server TLS key file parameters. If a parameter +# value is empty or equal to \fBnone\fR, then no TLSA record +# is output for that algorithm. +# .sp +# The default \fIkeyfile\fR list consists of the two supported +# algorithms \fBrsa\fR and \fBecdsa\fR. +# AUXILIARY COMMANDS +# .IP "\fBall-default-client\fR" +# Exit with status 0 (success) if all SMTP client TLS settings are +# at their default values. Otherwise, exit with a non-zero status. +# This is typically used as follows: +# .sp +# \fBpostfix tls all-default-client && +# postfix tls enable-tls-client\fR +# .IP "\fBall-default-server\fR" +# Exit with status 0 (success) if all SMTP server TLS settings are +# at their default values. Otherwise, exit with a non-zero status. +# This is typically used as follows: +# .sp +# \fBpostfix tls all-default-server && +# postfix tls enable-tls-server\fR +# CONFIGURATION PARAMETERS +# .ad +# .fi +# The "\fBpostfix tls \fIsubcommand\fR" feature reads +# or updates the following configuration parameters. +# .IP "\fBcommand_directory (see 'postconf -d' output)\fR" +# The location of all postfix administrative commands. +# .IP "\fBconfig_directory (see 'postconf -d' output)\fR" +# The default location of the Postfix main.cf and master.cf +# configuration files. +# .IP "\fBopenssl_path (openssl)\fR" +# The location of the OpenSSL command line program \fBopenssl\fR(1). +# .IP "\fBsmtp_tls_loglevel (0)\fR" +# Enable additional Postfix SMTP client logging of TLS activity. +# .IP "\fBsmtp_tls_security_level (empty)\fR" +# The default SMTP TLS security level for the Postfix SMTP client; +# when a non-empty value is specified, this overrides the obsolete +# parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +# .IP "\fBsmtp_tls_session_cache_database (empty)\fR" +# Name of the file containing the optional Postfix SMTP client +# TLS session cache. +# .IP "\fBsmtpd_tls_cert_file (empty)\fR" +# File with the Postfix SMTP server RSA certificate in PEM format. +# .IP "\fBsmtpd_tls_eccert_file (empty)\fR" +# File with the Postfix SMTP server ECDSA certificate in PEM format. +# .IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR" +# File with the Postfix SMTP server ECDSA private key in PEM format. +# .IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR" +# File with the Postfix SMTP server RSA private key in PEM format. +# .IP "\fBsmtpd_tls_loglevel (0)\fR" +# Enable additional Postfix SMTP server logging of TLS activity. +# .IP "\fBsmtpd_tls_received_header (no)\fR" +# Request that the Postfix SMTP server produces Received: message +# headers that include information about the protocol and cipher used, +# as well as the remote SMTP client CommonName and client certificate issuer +# CommonName. +# .IP "\fBsmtpd_tls_security_level (empty)\fR" +# The SMTP TLS security level for the Postfix SMTP server; when +# a non-empty value is specified, this overrides the obsolete parameters +# smtpd_use_tls and smtpd_enforce_tls. +# .IP "\fBtls_random_source (see 'postconf -d' output)\fR" +# The external entropy source for the in-memory \fBtlsmgr\fR(8) pseudo +# random number generator (PRNG) pool. +# SEE ALSO +# master(8) Postfix master program +# postfix(1) Postfix administrative interface +# README FILES +# .ad +# .fi +# Use "\fBpostconf readme_directory\fR" or +# "\fBpostconf html_directory\fR" to locate this information. +# .na +# .nf +# TLS_README, Postfix TLS configuration and operation +# LICENSE +# .ad +# .fi +# The Secure Mailer license must be distributed with this software. +# HISTORY +# The "\fBpostfix tls\fR" command was introduced with Postfix +# version 3.1. +# AUTHOR(S) +# Viktor Dukhovni +#-- + +RSA_BITS=2048 # default +EC_CURVE=secp256r1 # default + +case $daemon_directory in +"") echo This script must be run by the postfix command. 1>&2 + echo Do not run directly. 1>&2 + exit 1;; +esac + +umask 022 +SHELL=/bin/sh + +postconf=$command_directory/postconf +LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-tls-script" +INFO="$LOGGER -p info" +WARN="$LOGGER -p warn" +ERROR="$LOGGER -p error" +FATAL="$LOGGER -p fatal" + +# Overwrite SMTP client and server settings only when these are at defaults. +client_settings=" + smtp_use_tls + smtp_enforce_tls + smtp_tls_enforce_peername + smtp_tls_security_level + smtp_tls_cert_file + smtp_tls_dcert_file + smtp_tls_eccert_file +" + +server_settings=" + smtpd_use_tls + smtpd_enforce_tls + smtpd_tls_security_level + smtpd_tls_cert_file + smtpd_tls_dcert_file + smtpd_tls_eccert_file +" + +# +# Can't do much without these in place. +# +cd $command_directory || { + # Let's hope there's a "postlog" somewhere else on the PATH + FATAL="postlog -p fatal -t $MAIL_LOGTAG/postfix-tls-script" + msg="no Postfix command directory '${command_directory}'" + $FATAL "$msg" || { echo "$msg" >&2; sleep 1; } + exit 1 +} + +check_getopt() { + OPTIND=1 + a= + b= + c= + set -- -a 1 -b 2 -c -- -pos + while getopts :a:b:c o + do + case $o in + a) a="${OPTARG}";; + b) b="${OPTARG}";; + c) c=3;; + *) return 1;; + esac + done + shift `expr ${OPTIND} - 1` + if [ "${a}" != "1" -o "${b}" != 2 -o "${c}" != 3 \ + -o "${OPTIND}" -ne 7 -o "$1" != "-pos" ]; then + return 1 + fi +} + +check_getopt || { + $FATAL "/bin/sh does not implement a compatible 'getopts' built-in" + exit 1 +} + +# ----- BEGIN OpenSSL-specific ----- + +# No need to set the location of the OpenSSL command in each Postfix instance, +# the value from the default instance is used for all instances. +# +default_config_directory=`$postconf -dh config_directory` +openssl=`$postconf -c $default_config_directory -xh openssl_path` +"$openssl" version >/dev/null 2>&1 || { + $FATAL "No working openssl(1) command found with 'openssl_path = $openssl'" + exit 1 +} + +# ----- END OpenSSL-specific ----- + +test -n "$config_directory" -a -d "$config_directory" || { + $FATAL no Postfix configuration directory $config_directory! + exit 1 +} + +# Do we support TLS and if so which algorithms? +# +$postconf -T compile-version | grep . >/dev/null || { + mail_version=`$postconf -dh mail_version` + $FATAL "Postfix $mail_version is not compiled with TLS support" + exit 1 +} +rsa= +ecdsa= +for _algo in `$postconf -T public-key-algorithms | egrep '^(rsa|ecdsa)$'` +do + eval $_algo=$_algo +done + +# ----- BEGIN OpenSSL-specific ----- + +if [ -n "${ecdsa}" ]; then + $openssl ecparam -name secp256r1 >/dev/null 2>&1 || { + cat <<-EOM | $WARN + Postfix supports ECDSA, but the $openssl command does not. Consider + setting the openssl_path parameter to a more capable version of the + command-line utility than $openssl (with PATH=$PATH). + EOM + ecdsa= + } +fi +if [ -n "${rsa}" ]; then + DEFALG=rsa +elif [ -n "${ecdsa}" ]; then + DEFALG=ecdsa +else + mail_version=`$postconf -dh mail_version` + $FATAL "Postfix $mail_version does not support either RSA or ECDSA" + exit 1 +fi + +# Make sure stdin is open when testing +if [ -r /dev/stdin ] < /dev/null; then + stdin=/dev/stdin +elif [ -r /dev/fd/0 ] /dev/null` +if [ "${tmp}" != "${null256}" ]; then + cat <&2 +Your $openssl does not support the SHA2-256 digest algorithm. To enable +'postfix tls', install an OpenSSL that does. Install its openssl(1) command +at /usr/local/bin/openssl or other suitable location, and set the +'openssl_path' parameter in $default_config_directory/main.cf accordingly. +EOF + $FATAL "No 'postfix tls' support when openssl(1) is obsolete" + exit 1 +fi + +read_key() { + [ -n "$1" -a -f "$1" ] || return 1 + + # Old OpenSSL versions return success even for unsupported sub-commands! + # So we inspect the output instead. Don't prompt if the key is password + # protected. + # + while read cmd key_algo key_param cert_param; do + $openssl $cmd -passin "pass:umask 077" -in "$1" | + grep . && return 0 + done 2>/dev/null <<-EOF + rsa rsa smtpd_tls_key_file smtpd_tls_cert_file + ec ecdsa smtpd_tls_eckey_file smtpd_tls_eccert_file + EOF + return 1 +} + +pubkey_dgst() { + [ -n "$1" -a -f "$1" ] || return 1 + + # Old OpenSSL versions return success even for unsupported sub-commands! + # So we inspect the output instead. + # + for cmd in ec rsa; do + $openssl $cmd -passin "pass:umask 077" -in "$1" -pubout | + $openssl $cmd -pubin -outform DER | + hex_sha256 | egrep -v "${null256}" && return 0 + done 2>/dev/null + return 1 +} + +cert_pubkey_dgst() { + [ -n "$1" -a -f "$1" ] || return 1 + + # Old OpenSSL versions return success even for unsupported sub-commands! + # So we inspect the output instead. + # + for cmd in ec rsa; do + $openssl x509 -pubkey -noout -in "$1" | + $openssl $cmd -pubin -outform DER | + hex_sha256 | egrep -v "${null256}" && return 0 + done 2>/dev/null + return 1 +} + +copy_key() { + _algo=$1; shift + _bits=$1; shift + _fold=$1; shift + _fnew=$1; shift + _umask=`umask` + + umask 077 + read_key "${_fold}" > "${_fnew}" # sets key_algo of current key + _ret=$? + umask "${_umask}" + + if [ "${_ret}" -ne 0 ]; then + $FATAL "Error copying private key from '${_fold}' to '${_fnew}'" + return 1 + fi + if [ "${key_algo}" != "${_algo}" ]; then + $FATAL "Key algorithm '$key_algo' of '${_fold}' is not '${_algo}'" + return 1 + fi + # XXX: We'd need C-code in postconf to portably check for compatible "bits" +} + +create_key() { + _algo=$1 + _bits=$2 + _fnew=$3 + _umask=`umask` + + case $_algo in + "") $FATAL "Internal error: empty algorithm"; return 1;; + $rsa) set -- "${openssl}" genrsa -out "${_fnew}" "${_bits}";; + $ecdsa) set -- "${openssl}" ecparam -param_enc named_curve -genkey \ + -out "${_fnew}" -name "${_bits}";; + *) $FATAL "Internal error: bad algorithm '${_algo}'" + return 1;; + esac + + umask 077 + _err=`"$@" 2>&1` + _ret=$? + umask "${_umask}" + + if [ "${_ret}" -ne 0 ]; then + echo "${_err}" | $WARN + $FATAL "error generating new ${_algo} ${_bits} private key" + return 1 + fi +} + +create_cert() { + _k=$1; shift + _c=$1; shift + set_fqdn "$1" + if [ $# -gt 0 ]; then shift; fi + set -- "$fqdn" "$@" + + if [ -r "${_c}" ]; then + $FATAL "New certificate file already exists: ${_c}" + return 1 + fi + + # Generate a new self-signed (~100 year) certificate + # + ( + echo "default_md = sha256" + echo "x509_extensions = v3" + echo "prompt = yes" + echo "distinguished_name = dn" + echo "[dn]" + echo "[v3]" + echo "basicConstraints = CA:false" + echo "subjectKeyIdentifier = hash" + echo "extendedKeyUsage = serverAuth, clientAuth" + echo "subjectAltName = @alts" + echo "[alts]" + i=1; for dns in "$@"; do + # XXX map empty to $myhostname + echo "DNS.$i = $dns" + i=`expr $i + 1` + done + ) | $openssl req -x509 -config $stdin -new -key "${_k}" \ + -subj "/CN=$fqdn" -days 36525 -out "${_c}" || { + rm -f "${_c}" "${_k}" + $FATAL "error generating self-signed SSL certificate" + return 1 + } +} + +output_server_csr() { + set_keyfile "$1" || return 1 + shift + set_fqdn "$1" || return 1 + shift + set -- "$fqdn" "$@" + ( + echo "default_md = sha256" + echo "req_extensions = v3" + echo "prompt = yes" + echo "distinguished_name = dn" + echo "[dn]" + echo "[v3]" + echo "subjectKeyIdentifier = hash" + echo "extendedKeyUsage = serverAuth, clientAuth" + echo "subjectAltName = @alts" + echo "[alts]" + i=1; for dns in "$@"; do + echo "DNS.$i = $dns" + i=`expr $i + 1` + done + ) | $openssl req -config $stdin -new -key "$keyfile" -subj / +} + +# ----- END OpenSSL-specific ----- + +info_enable_client() { + cat <<-EOM + *** Non-default SMTP client TLS settings detected, no changes made. + For opportunistic TLS in the Postfix SMTP client, the below settings + are typical: + smtp_tls_security_level = may + smtp_tls_loglevel = 1 + EOM + if get_cache_db_type dbtype + then + echo " smtp_tls_session_cache_database = ${dbtype}:\${data_directory}/smtp_scache" + fi +} + +info_client_deployed() { + cat <<-EOM + Enabled opportunistic TLS in the Postfix SMTP client. + Run the command: + # postfix reload + if you want the new settings to take effect immediately. + EOM +} + +info_enable_server() { + cat <<-EOM + *** Non-default SMTP server TLS settings detected, no changes made. + For opportunistic TLS in the Postfix SMTP server, the below settings + are typical: + smtpd_tls_security_level = may + smtpd_tls_loglevel = 1 + You can use "postfix tls new-server-cert" to create a new certificate. + Or, "postfix tls new-server-key" to also force a new private key. + If you publish DANE TLSA records, see: + https://tools.ietf.org/html/rfc7671#section-8 + https://tools.ietf.org/html/rfc7671#section-5.1 + https://tools.ietf.org/html/rfc7671#section-5.2 + https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022 + EOM +} + +# args: certfile keyfile deploy +info_created() { + cat <<-EOM + New private key and self-signed certificate created. To deploy run: + # postfix tls deploy-server-cert $1 $2 + EOM +} + +# args: certfile keyfile deploy +info_server_deployed() { + if [ "$3" = "enable" ]; then + echo "Enabled opportunistic TLS in the Postfix SMTP server" + fi + cat <<-EOM + New TLS private key and certificate deployed. + Run the command: + # postfix reload + if you want the new settings to take effect immediately. + EOM +} + +# args: certfile keyfile deploy +info_csr() { + cat <<-EOM + To generate a CSR run: + # postfix tls output-server-csr -k $2 [ ...] + EOM + if [ -z "$3" ]; then + echo "Save the signed certificate chain in $1, and deploy as above." + else + echo "Save the signed certificate chain in $1." + fi +} + +# args: certfile keyfile deploy +info_tlsa() { + # If already deployed, info for how to show all the deployed keys. + # Otherwise, just the new keys, so that TLSA records can be updated + # first. + if [ -n "$3" ]; then shift $#; fi + cat <<-EOM + To generate TLSA records run: + # postfix tls output-server-tlsa [-h ] $2 + EOM +} + +# args: certfile keyfile deploy +info_dane_dns() { + # If already deployed, too late to wait, otherwise advise updating TLSA + # RRs before deployment. + if [ -n "$3" ]; then + cat <<-EOM + (If you have DANE TLSA RRs, update them as soon as possible to match + the newly deployed keys). + EOM + else + cat <<-EOM + (deploy after updating the DNS and waiting for stale RRs to expire). + EOM + fi +} + +set_fqdn() { + if [ -n "$1" ]; then fqdn=$1; return 0; fi + fqdn=`$postconf -xh myhostname` || return 1 + case $fqdn in /*) fqdn=`cat "${fqdn}"` || return 1;; esac +} + +set_keyfile() { + keyfile=$1 + case $keyfile in + rsa) if [ -n "${rsa}" ]; then + keyfile=`$postconf -nxh smtpd_tls_key_file` + else + keyfile= + fi + ;; + ecdsa) if [ -n "${ecdsa}" ]; then + keyfile=`$postconf -nxh smtpd_tls_eckey_file` + else + keyfile= + fi + ;; + "") : empty ok;; + none) : see below;; + /*) ;; + *) # User-specified key pathnames are relative to the configuration + # directory + keyfile="${config_directory}/${keyfile}";; + esac + if [ "${keyfile}" = "none" ]; then keyfile= ; fi +} + +check_key() { + read_key "$1" >/dev/null && return 0 + $FATAL "no private key found in file: $1" + return 1 +} + +# Create new key or copy existing if specified. +# +ensure_key() { + _algo=$1; shift + _bits=$1; shift + stamp=`TZ=UTC date +%Y%m%d-%H%M%S` + + case $_algo in + "") $FATAL "Internal error: empty algorithm "; return 1;; + $rsa) keyfile="${config_directory}/key-${stamp}.pem" + certfile="${config_directory}/cert-${stamp}.pem";; + $ecdsa) keyfile="${config_directory}/eckey-${stamp}.pem" + certfile="${config_directory}/eccert-${stamp}.pem";; + *) $FATAL "Internal error: bad algorithm '${_algo}'" + return 1;; + esac + + if [ -r "${keyfile}" ]; then + $FATAL "New private key file already exists: ${keyfile}" + return 1 + fi + if [ -r "${certfile}" ]; then + $FATAL "New certificate file already exists: ${certfile}" + return 1 + fi + + if [ -n "$1" ]; then + copy_key "${_algo}" "${_bits}" "$1" "${keyfile}" && return 0 + else + create_key "${_algo}" "${_bits}" "${keyfile}" && return 0 + fi + rm -f "${keyfile}" + return 1 +} + +init_random_source() { + tls_random_source=$1 + + if [ -z "${tls_random_source}" ]; then + tls_random_source=`$postconf -xh tls_random_source` + fi + if [ -n "${tls_random_source}" ]; then + return 0 + fi + if [ -r /dev/urandom ] + then + tls_random_source=dev:/dev/urandom + else + $FATAL no default TLS random source defined and no /dev/urandom + return 1 + fi +} + +# Don't be too clever by half. +all_default() { + for var in "$@" + do + val=`$postconf -nh "${var}"` + if [ -n "$val" ]; then return 1; fi + done + return 0 +} + +# Select read-write database type for TLS session caches. +# +get_cache_db_type() { + var=$1; shift + prio=0 + ret=1 + for _dbtype in `$postconf -m` + do + _prio=0 + case $_dbtype in + lmdb) _prio=2;; + btree) _prio=1;; + esac + if [ "$_prio" -gt "$prio" ] + then + eval "$var=\$_dbtype" + prio=$_prio + ret=0 + fi + done + return $ret +} + +deploy_server_cert() { + certfile=$1; shift + keyfile=$1; shift + deploy=$1; shift + + # Sets key_algo, key_param and cert_param + check_key "$keyfile" || return 1 + + cd=`cert_pubkey_dgst "${certfile}"` || { + $FATAL "error computing certificate public key digest" + return 1 + } + kd=`pubkey_dgst "$keyfile"` || { + $FATAL "error computing public key digest" + return 1 + } + + if [ "$cd" != "$kd" ]; then + $FATAL "Certificate in ${certfile} does not match key in ${keyfile}" + return 1 + fi + + set -- \ + "${key_param} = ${keyfile}" \ + "${cert_param} = ${certfile}" + + if [ "${deploy}" = "enable" ]; then + set -- "$@" \ + "smtpd_tls_security_level = may" \ + "smtpd_tls_received_header = yes" \ + "smtpd_tls_loglevel = 1" + fi + + if [ -n "${tls_random_source}" ]; then + set -- "$@" "tls_random_source = ${tls_random_source}" + fi + + # All in one shot, since postconf delays modifying "hot" main.cf files. + $postconf -e "$@" || return 1 +} + +# Prepare a new cert and perhaps re-use any existing private key. +# +new_server_cert() { + algo=$1; shift + bits=$1; shift + oldkey=$1; shift + deploy=$1; shift + + # resets keyfile (copy or else new) and new certfile + ensure_key "$algo" "$bits" "${oldkey}" || return 1 + create_cert "${keyfile}" "${certfile}" "$@" || return 1 + if [ -n "${deploy}" ]; then + deploy_server_cert "${certfile}" "${keyfile}" "${deploy}" || return 1 + fi + + ( + if [ -z "${deploy}" ]; then + info_created "${certfile}" "${keyfile}" "${deploy}" + else + info_server_deployed "${certfile}" "${keyfile}" "${deploy}" + fi + info_csr "${certfile}" "${keyfile}" "${deploy}" + info_tlsa "${certfile}" "${keyfile}" "${deploy}" + if [ -z "${oldkey}" ]; then + info_dane_dns "${certfile}" "${keyfile}" "${deploy}" + fi + ) | $INFO +} + +enable_client() { + if all_default ${client_settings} + then + set -- \ + "smtp_tls_security_level = may" \ + "smtp_tls_loglevel = 1" + + if get_cache_db_type dbtype + then + set -- "$@" \ + "smtp_tls_session_cache_database = ${dbtype}:${data_directory}/smtp_scache" + fi + + if [ -n "${tls_random_source}" ]; then + set -- "$@" "tls_random_source = ${tls_random_source}" + fi + + # All in one shot, since postconf delays modifying "hot" main.cf files. + $postconf -e "$@" || return 1 + info_client_deployed + else + info_enable_client + fi | $INFO +} + +enable_server() { + algo=$1; shift + bits=$1; shift + + if all_default ${server_settings} + then + # algo bits keyfile deploy [hostnames ...] + new_server_cert "${algo}" "${bits}" "" "enable" "$@" || return 1 + else + info_enable_server | $INFO + fi +} + +output_server_tlsa() { + hostname=$1 + check_key "$2" || return 1 + data=`pubkey_dgst "$2"` || return 1 + if [ -z "$data" ] + then + $FATAL error computing SHA2-256 SPKI digest of "$key" + return 1 + fi + echo "_25._tcp.$hostname. IN TLSA 3 1 1 $data" +} + +# +# Parse JCL +# +case $1 in +enable-client) + cmd=$1; shift; OPTIND=1 + rand= + while getopts :r: _opt + do + case $_opt in + r) rand="${OPTARG}";; + *) $FATAL "usage: postfix tls $cmd [-r devrandom]" + exit 1;; + esac + done + + # No positional arguments supported with enable-client + if [ $# -ge "${OPTIND}" ]; then + $FATAL "usage: postfix tls $cmd [-r devrandom]" + exit 1 + fi + # But, shift anyway + shift `expr $OPTIND - 1` + + init_random_source "${rand}" || exit 1 + enable_client || exit 1 + ;; + +enable-server) + cmd=$1; shift; OPTIND=1 + algo=$DEFALG + bits= + rand= + while getopts :a:b:r: _opt + do + case $_opt in + a) algo="${OPTARG}";; + b) bits="${OPTARG}";; + r) rand="${OPTARG}";; + *) $FATAL "usage: postfix tls $cmd [-a algorithm] [-b bits ] [-r devrandom] [hostname ...]" + exit 1;; + esac + done + + # Here positional arguments are hostnames for the new certificate, as + # many as the user wants + shift `expr $OPTIND - 1` + + case $algo in + "") $FATAL "Internal error: empty algorithm "; return 1;; + $rsa) : ${bits:=${RSA_BITS}};; + $ecdsa) : ${bits:=${EC_CURVE}};; + *) $FATAL "Unsupported private key algorithm: $algo" + exit 1;; + esac + + init_random_source "${rand}" || exit 1 + enable_server "${algo}" "${bits}" "$@" || exit 1 + ;; + +new-server-key) + cmd=$1; shift; OPTIND=1 + algo=$DEFALG + while getopts :a:b: _opt + do + case $_opt in + a) algo="${OPTARG}";; + b) bits="${OPTARG}";; + *) $FATAL "usage: postfix tls $cmd [-a algorithm] [-b bits ] [hostname ...]" + exit 1;; + esac + done + + # Here positional arguments are hostnames for the new certificate, as + # many as the user wants + shift `expr $OPTIND - 1` + + case $algo in + "") $FATAL "Internal error: empty algorithm "; return 1;; + $rsa) : ${bits:=${RSA_BITS}};; + $ecdsa) : ${bits:=${EC_CURVE}};; + *) $FATAL "Unsupported public key algorithm: $algo" + exit 1;; + esac + + # Force new key + new_server_cert "${algo}" "${bits}" "" "" "$@" || exit 1 + ;; + +new-server-cert) + cmd=$1; shift; OPTIND=1 + algo=$DEFALG + while getopts :a:b: _opt + do + case $_opt in + a) algo="${OPTARG}";; + b) bits="${OPTARG}";; + *) $FATAL "usage: postfix tls $cmd [-a algorithm] [-b bits ] [hostname ...]" + exit 1;; + esac + done + + # Here positional arguments are hostnames for the new certificate, as + # many as the user wants + shift `expr $OPTIND - 1` + + case $algo in + "") $FATAL "Invalid empty key algorithm"; exit 1;; + $rsa) : ${bits:=${RSA_BITS}};; + $ecdsa) : ${bits:=${EC_CURVE}};; + *) $FATAL "Unsupported private key algorithm: $algo" + exit 1;; + esac + + # Existing keyfile or empty + set_keyfile "${algo}" + + # Try to re-use (copy) existing key. + new_server_cert "${algo}" "${bits}" "${keyfile}" "" "$@" || exit 1 + ;; + +deploy-server-cert) + if [ $# -ne 3 ]; then + $FATAL "usage: postfix tls $1 certfile keyfile" + exit 1 + fi + shift + + # User-specified key and cert pathnames are relative to the + # configuration directory + # + case "${1}" in + /*) certfile="${1}" ;; + *) certfile="${config_directory}/${1}" ;; + esac + case "${2}" in + /*) certfile="${2}" ;; + *) certfile="${config_directory}/${2}" ;; + esac + + deploy_server_cert "${certfile}" "${keyfile}" || exit 1 + info_server_deployed "${certfile}" "${keyfile}" "deploy" | $INFO + ;; + +output-server-csr) + cmd=$1; shift; OPTIND=1 + k= + while getopts :k: _opt + do + case $_opt in + k) k="${OPTARG}";; + *) $FATAL "usage: postfix tls $cmd [-k keyfile] [hostname ...]" + exit 1;; + esac + done + + # Here positional arguments are hostnames for the new certificate, as + # many as the user wants + shift `expr $OPTIND - 1` + + if [ -n "${k}" ]; then + set_keyfile "${k}" + else + for _algo in $rsa $ecdsa + do + set_keyfile "${_algo}" + if [ -n "${keyfile}" ]; then + break + fi + done + fi + + if [ -z "${keyfile}" -o ! -r "${keyfile}" ]; then + $FATAL "No usable keyfile specified or configured" + exit 1 + fi + + # Default from $myhostname + if [ $# -eq 0 ]; then + set_fqdn + set -- "$fqdn" + fi + + # Output a CSR for the requested names + output_server_csr "$keyfile" "$@" || exit 1 + ;; + +output-server-tlsa) + cmd=$1; shift; OPTIND=1 + hostname= + while getopts :h: _opt + do + case $_opt in + h) hostname="${OPTARG}";; + *) $FATAL "usage: postfix tls $cmd [-h hostname] [keyfile ...]" + exit 1;; + esac + done + set_fqdn "${hostname}" + + # Here positional arguments are keyfiles for which we ouput "3 1 1" + # TLSA RRs, as many keyfiles as the user wants. By default the live + # RSA and/or ECDSA keys. + shift `expr $OPTIND - 1` + + if [ $# -eq 0 ]; then set -- $rsa $ecdsa; fi + + found= + for _k in "$@" + do + set_keyfile "${_k}" + if [ -z "${keyfile}" ]; then continue; fi + echo "; ${keyfile}" + output_server_tlsa "${fqdn}" "${keyfile}" || exit 1 + found=1 + done + if [ -z "${found}" ]; then + $FATAL "No usable keyfiles specified or configured" + exit 1 + fi + ;; + +all-default-client) + cmd=$1; shift; OPTIND=1 + + # No arguments for all-default-client + if [ $# -ge "${OPTIND}" ]; then + $FATAL "usage: postfix tls $cmd" + exit 1 + fi + + all_default ${client_settings} || exit 1 + ;; + +all-default-server) + cmd=$1; shift; OPTIND=1 + + # No arguments for all-default-server + if [ $# -ge "${OPTIND}" ]; then + $FATAL "usage: postfix tls $cmd" + exit 1 + fi + + all_default ${server_settings} || exit 1 + ;; + +*) + $ERROR "unknown tls command: '$1'" + $FATAL "usage: postfix tls enable-client (or enable-server, new-server-key, new-server-cert, deploy-server-cert, output-server-csr, output-server-tlsa, all-default-client, all-default-server)" + exit 1 + ;; + +esac diff -Nru postfix-3.0.4/conf/post-install postfix-3.1.0/conf/post-install --- postfix-3.0.4/conf/post-install 2015-03-29 00:31:36.000000000 +0000 +++ postfix-3.1.0/conf/post-install 2015-12-28 00:00:45.000000000 +0000 @@ -234,6 +234,8 @@ for arg do case $arg in + *[" "]*) echo $0: "Error: argument contains whitespace: '$arg'" + exit 1;; *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; create-missing) create=1;; set-perm*) create=1; set_perms=1;; diff -Nru postfix-3.0.4/conf/relocated postfix-3.1.0/conf/relocated --- postfix-3.0.4/conf/relocated 2007-03-27 12:40:58.000000000 +0000 +++ postfix-3.1.0/conf/relocated 2016-02-14 01:39:26.000000000 +0000 @@ -22,12 +22,12 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those case, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" -# or "TCP-BASED TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". # # Table lookups are case insensitive. # @@ -168,4 +168,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # RELOCATED(5) diff -Nru postfix-3.0.4/conf/transport postfix-3.1.0/conf/transport --- postfix-3.0.4/conf/transport 2009-11-22 01:22:24.000000000 +0000 +++ postfix-3.1.0/conf/transport 2016-02-14 01:39:26.000000000 +0000 @@ -12,11 +12,11 @@ # # DESCRIPTION # The optional transport(5) table specifies a mapping from -# email addresses to message delivery transports and next- -# hop destinations. Message delivery transports such as -# local or smtp are defined in the master.cf file, and next- -# hop destinations are typically hosts or domain names. The -# table is searched by the trivial-rewrite(8) daemon. +# email addresses to message delivery transports and +# next-hop destinations. Message delivery transports such +# as local or smtp are defined in the master.cf file, and +# next-hop destinations are typically hosts or domain names. +# The table is searched by the trivial-rewrite(8) daemon. # # This mapping overrides the default transport:nexthop # selection that is built into Postfix: @@ -59,12 +59,12 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those case, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" -# or "TCP-BASED TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". # # CASE FOLDING # The search string is folded to lowercase before database @@ -291,4 +291,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # TRANSPORT(5) diff -Nru postfix-3.0.4/conf/virtual postfix-3.1.0/conf/virtual --- postfix-3.0.4/conf/virtual 2013-04-11 21:48:52.000000000 +0000 +++ postfix-3.1.0/conf/virtual 2016-02-14 01:39:26.000000000 +0000 @@ -49,12 +49,12 @@ # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- -# expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those case, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" -# or "TCP-BASED TABLES". +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions, or lookups can be directed to TCP-based +# server. In those case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES" or "TCP-BASED TABLES". # # CASE FOLDING # The search string is folded to lowercase before database @@ -163,10 +163,10 @@ # types. # # /etc/postfix/virtual: -# virtual-alias.domain anything (right-hand content does not matter) -# postmaster@virtual-alias.domain postmaster -# user1@virtual-alias.domain address1 -# user2@virtual-alias.domain address2, address3 +# virtual-alias.domain anything (right-hand content does not matter) +# postmaster@virtual-alias.domain postmaster +# user1@virtual-alias.domain address1 +# user2@virtual-alias.domain address2, address3 # # The virtual-alias.domain anything entry is required for a # virtual alias domain. Without this entry, mail is rejected @@ -291,4 +291,9 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +# # VIRTUAL(5) diff -Nru postfix-3.0.4/debian/changelog postfix-3.1.0/debian/changelog --- postfix-3.0.4/debian/changelog 2016-04-05 12:51:30.000000000 +0000 +++ postfix-3.1.0/debian/changelog 2016-04-13 16:46:28.000000000 +0000 @@ -1,8 +1,58 @@ -postfix (3.0.4-5build1) xenial; urgency=medium +postfix (3.1.0-3) unstable; urgency=medium - * Rebuild against libmysqlclient20. + * By default, include $myhostname into $mydestinations. - -- Robie Basak Tue, 05 Apr 2016 12:51:30 +0000 + -- LaMont Jones Wed, 13 Apr 2016 10:21:24 -0600 + +postfix (3.1.0-2) unstable; urgency=medium + + * cleanup changelog. + * It's possible that main.cf does not exist at preinst upgrade time. + * There was a time when the initscript copied in the CA files incorrectly + and made them directories. We need to clean up after that bug better. + Closes: #815906, #815707 + + -- LaMont Jones Mon, 11 Apr 2016 08:10:55 -0600 + +postfix (3.1.0-1) unstable; urgency=medium + + [LaMont Jones] + + * Explicitly chroot services that we want chrooted in master.cf on fresh + installs. + * Convert defaults as needed for 3.0+ on upgrade to minimize compatibility + warnings. + * Build-Depend: libicu-dev for libicuuc, and therefore EAI. LP: #1561975 + Updating compatibility_level will be done in a future release. + + [Scott Kitterman] + + * Remove .pc file since trying to keep the .pc in a VCS leads to madness. + * Set debian paths in configure instead of patching src/util/sys_defs.h + + [Steve Beattie] + + * When enabling position independent executables (-pie) to get better + Address Space Layout Protection, using immediate binding (linking with + "-z now") gives better protection as well. + + [localization folks] + + * l10n: Updated Japanese debconf translations. Closes: #816180 (Kenshi Muto) + * l10n: Updated Italian debconf translations. Closes: #817149 (Dario) + * l10n: Updated Basque debconf translations. Closes: #816079 (Dooteo) + * l10n: Updated German debconf translations. Closes: #816092 (Helge + Kreutzmann) + * l10n: Updated Portuguese debconf translations. Closes: #816084 (Traduz) + * l10n: Updated Czech debconf translations. Closes: #816408 (Miroslav Kure) + * l10n: Updated Brazilian Portuguese debconf translations. Closes: #816274 + (Marcelo Santana) + * l10n: Updated Brazilian Portuguese debconf translations (Marcelo Santana) + * l10n: Updated Turkish debconf translations. Closes: #817019 (Atila KOÇ) + * l10n: Updated Dutch debconf translations. Closes: #817032 (Frans + Spiesschaert) + + -- LaMont Jones Sun, 03 Apr 2016 11:54:02 -0600 postfix (3.0.4-5) unstable; urgency=medium diff -Nru postfix-3.0.4/debian/control postfix-3.1.0/debian/control --- postfix-3.0.4/debian/control 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/control 2016-04-13 16:22:12.000000000 +0000 @@ -4,7 +4,7 @@ Maintainer: LaMont Jones Standards-Version: 3.9.1.0 Homepage: http://www.postfix.org -Build-Depends: debhelper (>= 7), po-debconf (>= 0.5.0), groff-base, patch, lsb-release, libdb-dev (>=4.6.19), libldap2-dev (>=2.1), libpcre3-dev, libmysqlclient-dev, libssl-dev (>=0.9.7), libsasl2-dev, libpq-dev, libcdb-dev, dpkg-dev (>= 1.16.1~), libsqlite3-dev, html2text +Build-Depends: debhelper (>= 7), po-debconf (>= 0.5.0), groff-base, patch, lsb-release, libdb-dev (>=4.6.19), libldap2-dev (>=2.1), libpcre3-dev, libmysqlclient-dev, libssl-dev (>=0.9.7), libsasl2-dev, libpq-dev, libcdb-dev, dpkg-dev (>= 1.16.1~), libsqlite3-dev, html2text, libicu-dev Vcs-Browser: https://git.launchpad.net/postfix Vcs-Git: git://git.launchpad.net/postfix Uploaders: Scott Kitterman diff -Nru postfix-3.0.4/debian/init.d postfix-3.1.0/debian/init.d --- postfix-3.0.4/debian/init.d 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/init.d 2016-04-13 16:22:12.000000000 +0000 @@ -137,6 +137,12 @@ *) if test -f "$ca_file"; then dest_file="$queue_dir/${ca_file#/}" + if [ -d "${dest_file}" ]; then + # There was a bug where we created the dest_file as a + # directory. Address that by removing it with + # prejudice. Debian bug #815906 + rm -rf "${dest_file}" + fi dest_dir="${dest_file%/*}" mkdir --parent "$dest_dir" cp -L "$ca_file" "$dest_dir" diff -Nru postfix-3.0.4/debian/patches/02_kfreebsd_support.diff postfix-3.1.0/debian/patches/02_kfreebsd_support.diff --- postfix-3.0.4/debian/patches/02_kfreebsd_support.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/02_kfreebsd_support.diff 2016-04-13 16:22:12.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/makedefs -+++ b/makedefs -@@ -546,8 +546,8 @@ +Index: postfix/makedefs +=================================================================== +--- postfix.orig/makedefs 2016-03-01 04:54:41.288146397 -0700 ++++ postfix/makedefs 2016-03-01 04:54:41.284146523 -0700 +@@ -552,8 +552,8 @@ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC-gcc} -shared"} ;; diff -Nru postfix-3.0.4/debian/patches/06_debian_paths.diff postfix-3.1.0/debian/patches/06_debian_paths.diff --- postfix-3.0.4/debian/patches/06_debian_paths.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/06_debian_paths.diff 2016-04-13 16:22:12.000000000 +0000 @@ -1,7 +1,7 @@ Index: postfix/conf/main.cf =================================================================== ---- postfix.orig/conf/main.cf 2016-02-20 11:04:31.849016035 -0700 -+++ postfix/conf/main.cf 2016-02-20 11:04:31.849016035 -0700 +--- postfix.orig/conf/main.cf 2016-03-01 04:55:04.391418256 -0700 ++++ postfix/conf/main.cf 2016-03-01 04:55:04.387418383 -0700 @@ -47,7 +47,7 @@ # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. @@ -33,8 +33,8 @@ # to use after processing aliases and .forward files. This parameter Index: postfix/examples/smtpd-policy/greylist.pl =================================================================== ---- postfix.orig/examples/smtpd-policy/greylist.pl 2016-02-20 11:04:31.849016035 -0700 -+++ postfix/examples/smtpd-policy/greylist.pl 2016-02-20 11:04:31.849016035 -0700 +--- postfix.orig/examples/smtpd-policy/greylist.pl 2016-03-01 04:55:04.391418256 -0700 ++++ postfix/examples/smtpd-policy/greylist.pl 2016-03-01 04:55:04.387418383 -0700 @@ -73,7 +73,7 @@ # In case of database corruption, this script saves the database as # $database_name.time(), so that the mail system does not get stuck. @@ -46,9 +46,9 @@ # Index: postfix/makedefs =================================================================== ---- postfix.orig/makedefs 2016-02-20 11:04:31.849016035 -0700 -+++ postfix/makedefs 2016-02-20 11:04:31.849016035 -0700 -@@ -447,11 +447,18 @@ +--- postfix.orig/makedefs 2016-03-01 04:55:04.391418256 -0700 ++++ postfix/makedefs 2016-03-01 04:55:04.387418383 -0700 +@@ -453,11 +453,18 @@ exit 1 fi SYSLIBS="-ldb" @@ -68,7 +68,7 @@ do test -e $lib/lib$name.a -o -e $lib/lib$name.so && { SYSLIBS="$SYSLIBS -l$name" -@@ -526,11 +533,18 @@ +@@ -532,11 +539,18 @@ exit 1 fi SYSLIBS="-ldb" @@ -88,7 +88,7 @@ do test -e $lib/lib$name.a -o -e $lib/lib$name.so && { SYSLIBS="$SYSLIBS -l$name" -@@ -564,11 +578,18 @@ +@@ -570,11 +584,18 @@ exit 1 fi SYSLIBS="-ldb" @@ -108,37 +108,3 @@ do test -e $lib/lib$name.a -o -e $lib/lib$name.so && { SYSLIBS="$SYSLIBS -l$name" -Index: postfix/src/util/sys_defs.h -=================================================================== ---- postfix.orig/src/util/sys_defs.h 2016-02-20 11:04:31.849016035 -0700 -+++ postfix/src/util/sys_defs.h 2016-02-20 11:05:14.335729540 -0700 -@@ -786,7 +786,20 @@ - #define NATIVE_MAILQ_PATH "/usr/bin/mailq" - #define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases" - #define NATIVE_COMMAND_DIR "/usr/sbin" -+#ifdef DEBIAN -+#define NATIVE_DAEMON_DIR "/usr/lib/postfix/sbin" -+#ifndef DEF_MANPAGE_DIR -+#define DEF_MANPAGE_DIR "/usr/share/man" -+#endif -+#ifndef DEF_SAMPLE_DIR -+#define DEF_SAMPLE_DIR "/usr/share/doc/postfix/examples" -+#endif -+#ifndef DEF_README_DIR -+#define DEF_README_DIR "/usr/share/doc/postfix" -+#endif -+#else - #define NATIVE_DAEMON_DIR "/usr/libexec/postfix" -+#endif - #ifdef __GLIBC_PREREQ - #define HAVE_GLIBC_API_VERSION_SUPPORT(maj, min) __GLIBC_PREREQ(maj, min) - #else -@@ -900,7 +913,7 @@ - #define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases" - #define NATIVE_COMMAND_DIR "/usr/sbin" - #ifdef DEBIAN --#define NATIVE_DAEMON_DIR "/usr/lib/postfix" -+#define NATIVE_DAEMON_DIR "/usr/lib/postfix/sbin" - #ifndef DEF_MANPAGE_DIR - #define DEF_MANPAGE_DIR "/usr/share/man" - #endif diff -Nru postfix-3.0.4/debian/patches/07_sasl_config.diff postfix-3.1.0/debian/patches/07_sasl_config.diff --- postfix-3.0.4/debian/patches/07_sasl_config.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/07_sasl_config.diff 2016-04-13 16:22:12.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/src/xsasl/xsasl_cyrus_client.c -+++ b/src/xsasl/xsasl_cyrus_client.c +Index: postfix/src/xsasl/xsasl_cyrus_client.c +=================================================================== +--- postfix.orig/src/xsasl/xsasl_cyrus_client.c 2016-03-01 04:55:11.419196788 -0700 ++++ postfix/src/xsasl/xsasl_cyrus_client.c 2016-03-01 04:55:11.419196788 -0700 @@ -224,6 +224,9 @@ */ static sasl_callback_t callbacks[] = { @@ -10,8 +12,10 @@ {SASL_CB_LIST_END, 0, 0} }; ---- a/src/xsasl/xsasl_cyrus_common.h -+++ b/src/xsasl/xsasl_cyrus_common.h +Index: postfix/src/xsasl/xsasl_cyrus_common.h +=================================================================== +--- postfix.orig/src/xsasl/xsasl_cyrus_common.h 2016-03-01 04:55:11.419196788 -0700 ++++ postfix/src/xsasl/xsasl_cyrus_common.h 2016-03-01 04:55:11.419196788 -0700 @@ -16,12 +16,18 @@ */ #if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL) @@ -31,8 +35,10 @@ #endif ---- a/src/xsasl/xsasl_cyrus_log.c -+++ b/src/xsasl/xsasl_cyrus_log.c +Index: postfix/src/xsasl/xsasl_cyrus_log.c +=================================================================== +--- postfix.orig/src/xsasl/xsasl_cyrus_log.c 2016-03-01 04:55:11.419196788 -0700 ++++ postfix/src/xsasl/xsasl_cyrus_log.c 2016-03-01 04:55:11.419196788 -0700 @@ -28,10 +28,16 @@ /* System library. */ @@ -73,9 +79,11 @@ +#endif + #endif ---- a/src/xsasl/xsasl_cyrus_server.c -+++ b/src/xsasl/xsasl_cyrus_server.c -@@ -171,6 +171,9 @@ +Index: postfix/src/xsasl/xsasl_cyrus_server.c +=================================================================== +--- postfix.orig/src/xsasl/xsasl_cyrus_server.c 2016-03-01 04:55:11.419196788 -0700 ++++ postfix/src/xsasl/xsasl_cyrus_server.c 2016-03-01 04:55:11.419196788 -0700 +@@ -176,6 +176,9 @@ static sasl_callback_t callbacks[] = { {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, NO_CALLBACK_CONTEXT}, diff -Nru postfix-3.0.4/debian/patches/08_default_hostname_fqdn.diff postfix-3.1.0/debian/patches/08_default_hostname_fqdn.diff --- postfix-3.0.4/debian/patches/08_default_hostname_fqdn.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/08_default_hostname_fqdn.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,84 +0,0 @@ ---- a/src/global/mail_params.c -+++ b/src/global/mail_params.c -@@ -179,6 +179,7 @@ - #include - #include - #include -+#include - - /* Utility library. */ - -@@ -355,7 +356,6 @@ - static const char *check_myhostname(void) - { - static const char *name; -- const char *dot; - const char *domain; - - /* -@@ -369,10 +369,17 @@ - * contents of $mydomain. Use a default domain as a final workaround. - */ - name = get_hostname(); -- if ((dot = strchr(name, '.')) == 0) { -- if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) -- domain = DEF_MYDOMAIN; -- name = concatenate(name, ".", domain, (char *) 0); -+ if (strchr(name, '.') == 0) { -+ /* This may or may not be the most intelligent possible method, -+ but it is what Debian 'hostname --fqdn' does. */ -+ struct hostent *ent = gethostbyname(name); -+ if (ent) -+ name = strdup(ent->h_name); -+ if (strchr(name, '.') == 0) { -+ if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) -+ domain = DEF_MYDOMAIN; -+ name = concatenate(name, ".", domain, (char *) 0); -+ } - } - return (name); - } ---- a/src/postconf/postconf_builtin.c -+++ b/src/postconf/postconf_builtin.c -@@ -36,6 +36,7 @@ - - #include - #include -+#include - - #ifdef USE_PATHS_H - #include -@@ -176,7 +177,6 @@ - static const char *pcf_check_myhostname(void) - { - static const char *name; -- const char *dot; - const char *domain; - - /* -@@ -187,13 +187,20 @@ - - /* - * If the local machine name is not in FQDN form, try to append the -- * contents of $mydomain. -+ * contents of $mydomain. Use a default domain as a final workaround. - */ - name = get_hostname(); -- if ((dot = strchr(name, '.')) == 0) { -- if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) -- domain = DEF_MYDOMAIN; -- name = concatenate(name, ".", domain, (char *) 0); -+ if (strchr(name, '.') == 0) { -+ /* This may or may not be the most intelligent possible method, -+ but it is what Debian 'hostname --fqdn' does. */ -+ struct hostent *ent = gethostbyname(name); -+ if (ent) -+ name = strdup(ent->h_name); -+ if (strchr(name, '.') == 0) { -+ if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) -+ domain = DEF_MYDOMAIN; -+ name = concatenate(name, ".", domain, (char *) 0); -+ } - } - return (name); - } diff -Nru postfix-3.0.4/debian/patches/10_openssl_version_check.diff postfix-3.1.0/debian/patches/10_openssl_version_check.diff --- postfix-3.0.4/debian/patches/10_openssl_version_check.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/10_openssl_version_check.diff 2016-04-13 16:22:12.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/src/tls/tls_misc.c -+++ b/src/tls/tls_misc.c -@@ -931,19 +931,7 @@ +Index: postfix/src/tls/tls_misc.c +=================================================================== +--- postfix.orig/src/tls/tls_misc.c 2016-03-01 04:59:56.674152446 -0700 ++++ postfix/src/tls/tls_misc.c 2016-03-01 05:00:55.164212970 -0700 +@@ -955,19 +955,7 @@ void tls_check_version(void) { @@ -8,7 +10,7 @@ - TLS_VINFO lib_info; - - tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info); -- tls_version_split(SSLeay(), &lib_info); +- tls_version_split(OpenSSL_version_num(), &lib_info); - - if (lib_info.major != hdr_info.major - || lib_info.minor != hdr_info.minor @@ -20,4 +22,4 @@ + /* Debian will change the soname if openssl is ever incompatible. */ } - /* tls_bug_bits - SSL bug compatibility bits for this OpenSSL version */ + /* tls_compile_version - compile-time OpenSSL version */ diff -Nru postfix-3.0.4/debian/patches/11_postmap_update.diff postfix-3.1.0/debian/patches/11_postmap_update.diff --- postfix-3.0.4/debian/patches/11_postmap_update.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/11_postmap_update.diff 2016-04-13 16:22:12.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/html/postmap.1.html -+++ b/html/postmap.1.html +Index: postfix/html/postmap.1.html +=================================================================== +--- postfix.orig/html/postmap.1.html 2016-03-01 05:01:20.999356738 -0700 ++++ postfix/html/postmap.1.html 2016-03-01 05:01:20.995356871 -0700 @@ -10,7 +10,7 @@ postmap - Postfix lookup table management @@ -20,8 +22,10 @@ -c config_dir Read the main.cf configuration file in the named directory instead of the default configuration directory. ---- a/man/man1/postmap.1 -+++ b/man/man1/postmap.1 +Index: postfix/man/man1/postmap.1 +=================================================================== +--- postfix.orig/man/man1/postmap.1 2016-03-01 05:01:20.999356738 -0700 ++++ postfix/man/man1/postmap.1 2016-03-01 05:01:20.995356871 -0700 @@ -9,7 +9,7 @@ .na .nf @@ -40,8 +44,10 @@ .IP \fB\-i\fR Incremental mode. Read entries from standard input and do not truncate an existing database. By default, \fBpostmap\fR(1) creates ---- a/src/postmap/postmap.c -+++ b/src/postmap/postmap.c +Index: postfix/src/postmap/postmap.c +=================================================================== +--- postfix.orig/src/postmap/postmap.c 2016-03-01 05:01:20.999356738 -0700 ++++ postfix/src/postmap/postmap.c 2016-03-01 05:01:20.995356871 -0700 @@ -77,6 +77,8 @@ /* syntax checks anyway. /* .sp @@ -51,7 +57,7 @@ /* .IP "\fB-c \fIconfig_dir\fR" /* Read the \fBmain.cf\fR configuration file in the named directory /* instead of the default configuration directory. -@@ -797,6 +799,21 @@ +@@ -802,6 +804,21 @@ dict_close(dict); } @@ -73,7 +79,7 @@ /* usage - explain */ static NORETURN usage(char *myname) -@@ -818,6 +835,7 @@ +@@ -823,6 +840,7 @@ int open_flags = O_RDWR | O_CREAT | O_TRUNC; int dict_flags = (DICT_FLAG_DUP_WARN | DICT_FLAG_FOLD_FIX | DICT_FLAG_UTF8_REQUEST); @@ -81,7 +87,7 @@ char *query = 0; char *delkey = 0; int sequence = 0; -@@ -868,7 +886,7 @@ +@@ -873,7 +891,7 @@ /* * Parse JCL. */ @@ -90,7 +96,7 @@ switch (ch) { default: usage(argv[0]); -@@ -877,6 +895,11 @@ +@@ -882,6 +900,11 @@ dict_flags |= DICT_FLAG_TRY1NULL; dict_flags &= ~DICT_FLAG_TRY0NULL; break; @@ -102,7 +108,7 @@ case 'b': postmap_flags |= POSTMAP_FLAG_BODY_KEY; break; -@@ -885,8 +908,8 @@ +@@ -890,8 +913,8 @@ msg_fatal("out of memory"); break; case 'd': @@ -113,7 +119,7 @@ delkey = optarg; break; case 'f': -@@ -912,8 +935,8 @@ +@@ -917,8 +940,8 @@ postmap_flags &= ~POSTMAP_FLAG_SAVE_PERM; break; case 'q': @@ -124,7 +130,7 @@ query = optarg; break; case 'r': -@@ -921,8 +944,8 @@ +@@ -926,8 +949,8 @@ dict_flags |= DICT_FLAG_DUP_REPLACE; break; case 's': @@ -135,7 +141,7 @@ sequence = 1; break; case 'u': -@@ -1008,6 +1031,21 @@ +@@ -1013,6 +1036,21 @@ exit(0); } exit(1); @@ -157,8 +163,10 @@ } else { /* create/update map(s) */ if (optind + 1 > argc) usage(argv[0]); ---- a/src/util/dict.h -+++ b/src/util/dict.h +Index: postfix/src/util/dict.h +=================================================================== +--- postfix.orig/src/util/dict.h 2016-03-01 05:01:20.999356738 -0700 ++++ postfix/src/util/dict.h 2016-03-01 05:01:20.995356871 -0700 @@ -123,6 +123,7 @@ #define DICT_FLAG_NO_UNAUTH (1<<13) /* disallow unauthenticated data */ #define DICT_FLAG_FOLD_FIX (1<<14) /* case-fold key with fixed-case map */ @@ -167,8 +175,10 @@ #define DICT_FLAG_FOLD_ANY (DICT_FLAG_FOLD_FIX | DICT_FLAG_FOLD_MUL) #define DICT_FLAG_OPEN_LOCK (1<<16) /* perm lock if not multi-writer safe */ #define DICT_FLAG_BULK_UPDATE (1<<17) /* optimize for bulk updates */ ---- a/src/util/dict_db.c -+++ b/src/util/dict_db.c +Index: postfix/src/util/dict_db.c +=================================================================== +--- postfix.orig/src/util/dict_db.c 2016-03-01 05:01:20.999356738 -0700 ++++ postfix/src/util/dict_db.c 2016-03-01 05:01:20.995356871 -0700 @@ -689,6 +689,12 @@ msg_fatal("set DB cache size %d: %m", dict_db_cache_size); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) diff -Nru postfix-3.0.4/debian/patches/12_add_bind_now_to_pie.diff postfix-3.1.0/debian/patches/12_add_bind_now_to_pie.diff --- postfix-3.0.4/debian/patches/12_add_bind_now_to_pie.diff 1970-01-01 00:00:00.000000000 +0000 +++ postfix-3.1.0/debian/patches/12_add_bind_now_to_pie.diff 2016-04-13 16:22:12.000000000 +0000 @@ -0,0 +1,23 @@ +Subject: add immediate binding when enabling position independent + executables +Author: Steve Beattie + +When enabling position independent executables (-pie) to get better +Address Space Layout Protection, using immediate binding (linking with +"-z now") gives better protection as well. + +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/makedefs ++++ b/makedefs +@@ -1167,7 +1167,7 @@ + case " $CCARGS " in + *" $CCARGS_PIE "*) CCARGS_PIE=;; + esac +- SYSLIBS_PIE="-pie";; ++ SYSLIBS_PIE="-pie -z now";; + ""|no) ;; + *) error "Specify \"pie=yes\" or \"pie=no\"";; + esac diff -Nru postfix-3.0.4/debian/patches/30_shared_libs.diff postfix-3.1.0/debian/patches/30_shared_libs.diff --- postfix-3.0.4/debian/patches/30_shared_libs.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/30_shared_libs.diff 2016-04-13 16:22:12.000000000 +0000 @@ -1,8 +1,8 @@ Index: postfix/makedefs =================================================================== ---- postfix.orig/makedefs -+++ postfix/makedefs -@@ -555,10 +555,10 @@ EOF +--- postfix.orig/makedefs 2016-03-01 05:01:28.255116315 -0700 ++++ postfix/makedefs 2016-03-01 05:01:28.251116447 -0700 +@@ -561,10 +561,10 @@ SYSLIBS="$SYSLIBS -ldl" : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} @@ -17,9 +17,9 @@ SYSTYPE=GNU0 Index: postfix/src/dns/Makefile.in =================================================================== ---- postfix.orig/src/dns/Makefile.in -+++ postfix/src/dns/Makefile.in -@@ -37,7 +37,7 @@ root_tests: +--- postfix.orig/src/dns/Makefile.in 2016-03-01 05:01:28.255116315 -0700 ++++ postfix/src/dns/Makefile.in 2016-03-01 05:01:28.251116447 -0700 +@@ -63,7 +63,7 @@ $(LIB): $(OBJS) $(AR) $(ARFL) $(LIB) $? $(RANLIB) $(LIB) @@ -30,9 +30,9 @@ cp $(LIB) $(LIB_DIR) Index: postfix/src/global/Makefile.in =================================================================== ---- postfix.orig/src/global/Makefile.in -+++ postfix/src/global/Makefile.in -@@ -142,7 +142,7 @@ test: $(TESTPROG) +--- postfix.orig/src/global/Makefile.in 2016-03-01 05:01:28.255116315 -0700 ++++ postfix/src/global/Makefile.in 2016-03-01 05:01:28.251116447 -0700 +@@ -142,7 +142,7 @@ $(LIB): $(OBJS) $(AR) $(ARFL) $(LIB) $? $(RANLIB) $(LIB) @@ -43,9 +43,9 @@ cp $(LIB) $(LIB_DIR) Index: postfix/src/master/Makefile.in =================================================================== ---- postfix.orig/src/master/Makefile.in -+++ postfix/src/master/Makefile.in -@@ -44,7 +44,8 @@ root_tests: +--- postfix.orig/src/master/Makefile.in 2016-03-01 05:01:28.255116315 -0700 ++++ postfix/src/master/Makefile.in 2016-03-01 05:01:28.251116447 -0700 +@@ -44,7 +44,8 @@ $(LIB): $(LIB_OBJ) $(AR) $(ARFL) $(LIB) $? $(RANLIB) $(LIB) @@ -57,9 +57,9 @@ cp $(LIB) $(LIB_DIR)/$(LIB) Index: postfix/src/tls/Makefile.in =================================================================== ---- postfix.orig/src/tls/Makefile.in -+++ postfix/src/tls/Makefile.in -@@ -44,7 +44,8 @@ root_tests: +--- postfix.orig/src/tls/Makefile.in 2016-03-01 05:01:28.255116315 -0700 ++++ postfix/src/tls/Makefile.in 2016-03-01 05:01:28.251116447 -0700 +@@ -44,7 +44,8 @@ $(LIB): $(OBJS) $(AR) $(ARFL) $(LIB) $? $(RANLIB) $(LIB) diff -Nru postfix-3.0.4/debian/patches/40_chroot_by_default.diff postfix-3.1.0/debian/patches/40_chroot_by_default.diff --- postfix-3.0.4/debian/patches/40_chroot_by_default.diff 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/40_chroot_by_default.diff 2016-04-13 16:22:12.000000000 +0000 @@ -10,12 +10,12 @@ -#dnsblog unix - - n - 0 dnsblog -#tlsproxy unix - - n - 0 tlsproxy -#submission inet n - n - - smtpd -+smtp inet n - - - - smtpd -+#smtp inet n - - - 1 postscreen -+#smtpd pass - - - - - smtpd -+#dnsblog unix - - - - 0 dnsblog -+#tlsproxy unix - - - - 0 tlsproxy -+#submission inet n - - - - smtpd ++smtp inet n - y - - smtpd ++#smtp inet n - y - 1 postscreen ++#smtpd pass - - y - - smtpd ++#dnsblog unix - - y - 0 dnsblog ++#tlsproxy unix - - y - 0 tlsproxy ++#submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes @@ -24,7 +24,7 @@ # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - n - - smtpd -+#smtps inet n - - - - smtpd ++#smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes @@ -35,9 +35,9 @@ -#628 inet n - n - - qmqpd -pickup unix n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -+#628 inet n - - - - qmqpd -+pickup unix n - - 60 1 pickup -+cleanup unix n - - - 0 cleanup ++#628 inet n - y - - qmqpd ++pickup unix n - y 60 1 pickup ++cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr @@ -47,36 +47,36 @@ -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -+tlsmgr unix - - - 1000? 1 tlsmgr -+rewrite unix - - - - - trivial-rewrite -+bounce unix - - - - 0 bounce -+defer unix - - - - 0 bounce -+trace unix - - - - 0 bounce -+verify unix - - - - 1 verify -+flush unix n - - 1000? 0 flush ++tlsmgr unix - - y 1000? 1 tlsmgr ++rewrite unix - - y - - trivial-rewrite ++bounce unix - - y - 0 bounce ++defer unix - - y - 0 bounce ++trace unix - - y - 0 bounce ++verify unix - - y - 1 verify ++flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap -smtp unix - - n - - smtp -relay unix - - n - - smtp -+smtp unix - - - - - smtp -+relay unix - - - - - smtp ++smtp unix - - y - - smtp ++relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - n - - showq -error unix - - n - - error -retry unix - - n - - error -discard unix - - n - - discard -+showq unix n - - - - showq -+error unix - - - - - error -+retry unix - - - - - error -+discard unix - - - - - discard ++showq unix n - y - - showq ++error unix - - y - - error ++retry unix - - y - - error ++discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual -lmtp unix - - n - - lmtp -anvil unix - - n - 1 anvil -scache unix - - n - 1 scache -+lmtp unix - - - - - lmtp -+anvil unix - - - - 1 anvil -+scache unix - - - - 1 scache ++lmtp unix - - y - - lmtp ++anvil unix - - y - 1 anvil ++scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual diff -Nru postfix-3.0.4/debian/patches/series postfix-3.1.0/debian/patches/series --- postfix-3.0.4/debian/patches/series 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/patches/series 2016-04-13 16:22:12.000000000 +0000 @@ -4,10 +4,10 @@ 05_debian_defaults.diff 06_debian_paths.diff 07_sasl_config.diff -08_default_hostname_fqdn.diff 09_quiet_startup.diff 10_openssl_version_check.diff 11_postmap_update.diff +12_add_bind_now_to_pie.diff 30_shared_libs.diff 40_chroot_by_default.diff 41_rmail.diff diff -Nru postfix-3.0.4/debian/po/cs.po postfix-3.1.0/debian/po/cs.po --- postfix-3.0.4/debian/po/cs.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/cs.po 2016-04-13 16:22:12.000000000 +0000 @@ -91,7 +91,7 @@ #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "ZmÄ›na daemon_directory v main.cf" #. Type: boolean #. Description @@ -101,6 +101,9 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"S touto aktualizací postfixu se mÄ›ní umístÄ›ní daemonů. KonfiguraÄní " +"soubor postfixu na tomto poÄítaÄi explicitnÄ› uvádí staré umístÄ›ní. Pokud " +"tuto zmÄ›nu nepovolíte, bude instalace pÅ™eruÅ¡ena." #. Type: boolean #. Description diff -Nru postfix-3.0.4/debian/po/de.po postfix-3.1.0/debian/po/de.po --- postfix-3.0.4/debian/po/de.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/de.po 2016-04-13 16:22:12.000000000 +0000 @@ -7,7 +7,7 @@ "Project-Id-Version: postfix 3.0.3-2\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2016-02-21 19:51+0100\n" +"PO-Revision-Date: 2016-02-27 10:56+0100\n" "Last-Translator: Helge Kreutzmann \n" "Language-Team: de \n" "Language: de\n" @@ -81,7 +81,7 @@ #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "main.cf für daemon_directory-Änderungen aktualisieren" #. Type: boolean #. Description @@ -91,6 +91,9 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"Dieses Upgrade von Postfix ändert den Speicherort der Daemons. Ihre Postfix-" +"Konfiguration spezifiziert explizit den alten Ort. Die Installation wird " +"abbrechen, falls Sie der Änderung nicht zustimmen." #. Type: boolean #. Description diff -Nru postfix-3.0.4/debian/po/eu.po postfix-3.1.0/debian/po/eu.po --- postfix-3.0.4/debian/po/eu.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/eu.po 2016-04-13 16:22:12.000000000 +0000 @@ -1,25 +1,24 @@ -# translation of postfix-eu.po to Euskara -# translation of postfix debconf to Euskara -# Postfix debconf templates basque translation +# Basque translation for postfix # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # +# # Piarres Beobide , 2007, 2008, 2009. -# Iñaki Larrañaga Murgoitio , 2013. +# Iñaki Larrañaga Murgoitio , 2013, 2016. msgid "" msgstr "" "Project-Id-Version: postfix-eu\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2013-03-18 12:02+0100\n" -"Last-Translator: Iñaki Larrañaga Murgoitio \n" -"Language-Team: American English \n" +"PO-Revision-Date: 2016-02-26 21:40+0100\n" +"Last-Translator: \n" +"Language-Team: Basque \n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 1.4\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 1.5\n" #. Type: boolean #. Description @@ -87,7 +86,7 @@ #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "Eguneratu 'main.cf' fitxategia daemon_directory aldatzeko" #. Type: boolean #. Description @@ -97,17 +96,20 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"Postfix-en bertsio-berritze honek daemon-en kokalekua aldatzen du, " +"eta postfix-eko zure konfigurazioak kokaleku zaharra esplizitoki zehazten " +"dute. " +"Instalazioa bertan behera utziko da aldaketa ez baduzu baimentzen." #. Type: boolean #. Description #: ../templates:4001 msgid "Update dynamicmaps.cf for 3.0" -msgstr "" +msgstr "Eguneratu 'dynamicmaps.cf' 3.0 bertsiorako" #. Type: boolean #. Description #: ../templates:4001 -#, fuzzy #| msgid "" #| "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " #| "does not reflect that. Accept this option to add support for sqlite maps." @@ -116,17 +118,17 @@ "dynamicmaps.cf does not reflect that. Accept this option to convert " "dynamicmaps.cf to the version required for 3.0." msgstr "" -"Postfix 2.9 bertsioak 'sqlite'-ren euskarria gehitzen die mapei, baina " -"dynamicmaps.cf fitxategiak ez du halakorik adierazten. Onartu aukera hau " -"sqlite mapen euskarria gehitzeko." +"Postfix 3.0 bertsioak mapa dinamikoak nola bidaltzen diren aldatzen du, " +"baina dynamicmaps.cf fitxategiak ez du halakorik adierazten. Onartu aukera " +"hau " +"dynamicmaps.cf 3.0-ek behar duen bertsiora bihurtzeko" #. Type: boolean #. Description #: ../templates:5001 -#, fuzzy #| msgid "add 'sqlite' entry to dynamicmaps.cf?" msgid "Add 'sqlite' entry to dynamicmaps.cf?" -msgstr "gehitu 'sqlite' sarrera dynamicmaps.cf fitxategiari?" +msgstr "Gehitu 'sqlite' sarrera dynamicmaps.cf fitxategiari?" #. Type: boolean #. Description @@ -693,3 +695,4 @@ msgstr "" "Dagoeneko /etc/aliases fitxategia baduzu eta root-entzako sarrerarik ez " "badu, sarrera hau gehitu behar duzu. Utzi hutsik ez gehitzeko." + diff -Nru postfix-3.0.4/debian/po/it.po postfix-3.1.0/debian/po/it.po --- postfix-3.0.4/debian/po/it.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/it.po 2016-04-13 16:22:12.000000000 +0000 @@ -1,164 +1,140 @@ # Italian translation of the postfix debconf template # This file is distributed under the same license as the postfix package # Cristian Rigamonti , 2004, 2012. +# Dario , 2016. msgid "" msgstr "" "Project-Id-Version: postfix 2.9.1-2\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" -"POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2012-06-13 12:53+0200\n" +"POT-Creation-Date: 2016-02-20 20:56+0000\n" +"PO-Revision-Date: 2016-03-04 23:04+0100\n" "Last-Translator: Cristian Rigamonti \n" -"Language-Team: Italian \n" +"Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: boolean #. Description #: ../templates:1001 msgid "Add a 'mydomain' entry in main.cf for upgrade?" -msgstr "Aggiungere una voce 'mydomain' a main.cf per l'aggiornamento?" +msgstr "Aggiungere una voce «mydomain» a main.cf per l'aggiornamento?" #. Type: boolean #. Description #: ../templates:1001 msgid "" -"Postfix version 2.3.3-2 and later require changes in main.cf. Specifically, " -"mydomain must be specified, since hostname(1) is not a fully qualified " -"domain name (FQDN)." +"Postfix version 2.3.3-2 and later require changes in main.cf. Specifically, mydomain must " +"be specified, since hostname(1) is not a fully qualified domain name (FQDN)." msgstr "" -"Postfix a partire dalla versione 2.3.3-2 richiede delle modifiche in main." -"cf. In particolare, mydomain deve essere specificato, visto che hostname(1) " -"non è un fully qualified domain name (FQDN)." +"Postfix a partire dalla versione 2.3.3-2 richiede delle modifiche in main.cf. In " +"particolare, mydomain deve essere specificato, visto che hostname(1) non è un nome di " +"dominio pienamente qualificato (FQDN)." #. Type: boolean #. Description #: ../templates:1001 msgid "" -"Failure to fix this will result in a broken mailer. Decline this option to " -"abort the upgrade, giving you the opportunity to add this configuration " -"yourself. Accept this option to automatically set mydomain based on the FQDN " -"of the machine." -msgstr "" -"Se non si corregge questa impostazione, il programma sarà inutilizzabile. " -"Rifiutando questa proposta, l'aggiornamento verrà annullato e si potrà " -"eseguire manualmente la modifica alla configurazione. Accettando la proposta " -"il valore di mydomain sarà impostato automaticamente al FQDN del sistema." +"Failure to fix this will result in a broken mailer. Decline this option to abort the " +"upgrade, giving you the opportunity to add this configuration yourself. Accept this option " +"to automatically set mydomain based on the FQDN of the machine." +msgstr "" +"Se non si corregge questa impostazione, il programma sarà inutilizzabile. Rifiutando " +"questa proposta, l'aggiornamento verrà annullato e si potrà eseguire manualmente la " +"modifica alla configurazione. Accettando la proposta il valore di mydomain sarà impostato " +"automaticamente al FQDN del sistema." #. Type: boolean #. Description #: ../templates:2001 -#, fuzzy -#| msgid "Correct retry entry in master.cf for upgrade?" msgid "Set smtpd_relay_restrictions in main.cf for upgrade?" -msgstr "Correggere la voce retry in master.cf per l'aggiornamento?" +msgstr "Impostare smtpd_relay_restrictions nel main.cf per l'aggiornamento?" #. Type: boolean #. Description #: ../templates:2001 msgid "" -"Postfix version 2.10 adds smtpd_relay_restrictions, to separate relaying " -"restrictions from recipient restrictions, and you have a non-default value " -"for smtpd_recipient_restrictions." +"Postfix version 2.10 adds smtpd_relay_restrictions, to separate relaying restrictions from " +"recipient restrictions, and you have a non-default value for smtpd_recipient_restrictions." msgstr "" +"Postfix versione 2.10 aggiunge il parametro smtpd_relay_restrictions per separare le " +"restrizioni relative all'inoltro da quelle relative ai destinatari, ed è impostato un " +"valore non predefinito per smtpd_recipient_restrictions." #. Type: boolean #. Description #: ../templates:2001 msgid "" -"Failure to do this may result in deferred or bounced mail after the " -"upgrade. Accept this option to set smtpd_relay_restrictions equal to " -"smtpd_recipient_restrictions." +"Failure to do this may result in deferred or bounced mail after the upgrade. Accept this " +"option to set smtpd_relay_restrictions equal to smtpd_recipient_restrictions." msgstr "" +"Se questo non viene fatto, dopo l'aggiornamento si potrebbe avere posta in ritardo o " +"restituita. Accettare questa opzione per impostare il parametro " +"smtpd_recipient_restrictions uguale a smtpd_relay_restrictions." #. Type: boolean #. Description #: ../templates:3001 -msgid "Update main.cf for daemon_directory change" -msgstr "" +msgid "Update dynamicmaps.cf for 3.0" +msgstr "Aggiornamento dynamicmaps.cf per 3.0" #. Type: boolean #. Description #: ../templates:3001 msgid "" -"This upgrade of postfix changes where daemons are located, and your postfix " -"configuration explicitly specifies the old location. The install will be " -"aborted if you do not allow the change." -msgstr "" +"Postfix version 3.0 changes how dynamic maps are delivered, and your dynamicmaps.cf does " +"not reflect that. Accept this option to convert dynamicmaps.cf to the version required " +"for 3.0." +msgstr "" +"Postfix versione 3.0 cambia il modo in cui le mappe dinamiche vengono recapitate, ma " +"dynamicmaps.cf in uso non supporta tali modifiche. Accettare questa opzione per convertire " +"il file dynamicmaps.cf alla versione richiesta per 3.0." #. Type: boolean #. Description #: ../templates:4001 -msgid "Update dynamicmaps.cf for 3.0" -msgstr "" - -#. Type: boolean -#. Description -#: ../templates:4001 -#, fuzzy -#| msgid "" -#| "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " -#| "does not reflect that. Accept this option to add support for sqlite maps." -msgid "" -"Postfix version 3.0 changes how dynamic maps are delivered, and your " -"dynamicmaps.cf does not reflect that. Accept this option to convert " -"dynamicmaps.cf to the version required for 3.0." -msgstr "" -"Postfix dalla versione 2.9 supporta anche sqlite per le mappe, ma il file " -"dynamicmaps.cf in uso non contiene questa indicazione. Accettare questa " -"opzione per abilitare il supporto alle mappe sqlite." - -#. Type: boolean -#. Description -#: ../templates:5001 -#, fuzzy -#| msgid "add 'sqlite' entry to dynamicmaps.cf?" msgid "Add 'sqlite' entry to dynamicmaps.cf?" -msgstr "aggiungere la voce \"sqlite\" a dynamicmaps.cf?" +msgstr "Aggiungere la voce «sqlite» a dynamicmaps.cf?" #. Type: boolean #. Description -#: ../templates:5001 +#: ../templates:4001 msgid "" -"Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " -"does not reflect that. Accept this option to add support for sqlite maps." +"Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf does not reflect " +"that. Accept this option to add support for sqlite maps." msgstr "" -"Postfix dalla versione 2.9 supporta anche sqlite per le mappe, ma il file " -"dynamicmaps.cf in uso non contiene questa indicazione. Accettare questa " -"opzione per abilitare il supporto alle mappe sqlite." +"Postfix versione 2.9 aggiunge il supporto sqlite per le mappe, ma dynamicmaps.cf in uso " +"non supporta questa aggiunta. Accettare questa opzione per abilitare il supporto alle " +"mappe sqlite." #. Type: boolean #. Description -#: ../templates:6001 +#: ../templates:5001 msgid "Install postfix despite an unsupported kernel?" -msgstr "Installare postfix anche se il kernel non è supportato?" +msgstr "Installare postfix anche se il kernel non è supportato?" #. Type: boolean #. Description -#: ../templates:6001 +#: ../templates:5001 msgid "" -"Postfix uses features that are not found in kernels prior to 2.6. If you " -"proceed with the installation, Postfix will not run." +"Postfix uses features that are not found in kernels prior to 2.6. If you proceed with the " +"installation, Postfix will not run." msgstr "" -"Postfix usa funzionalità che non sono disponibili nelle versioni del kernel " -"precedenti alla 2.6. Se si procede con l'installazione, Postfix non verrà " -"eseguito." +"Postfix usa funzionalità che non sono disponibili nelle versioni del kernel precedenti " +"alla 2.6. Se si procede con l'installazione, Postfix non verrà eseguito." #. Type: boolean #. Description -#: ../templates:7001 +#: ../templates:6001 msgid "Correct retry entry in master.cf for upgrade?" msgstr "Correggere la voce retry in master.cf per l'aggiornamento?" #. Type: boolean #. Description -#: ../templates:7001 -msgid "" -"Postfix version 2.4 requires that the retry service be added to master.cf." -msgstr "" -"La versione 2.4 di postfix richiede di aggiungere il servizio retry a master." -"cf." +#: ../templates:6001 +msgid "Postfix version 2.4 requires that the retry service be added to master.cf." +msgstr "La versione 2.4 di postfix richiede di aggiungere il servizio retry a master.cf." # | msgid "" # | "Failure to fix this will result in a broken mailer. Decline this option " @@ -167,29 +143,28 @@ # | "cf compatible with Postfix 2.2 in this respect." #. Type: boolean #. Description -#: ../templates:7001 +#: ../templates:6001 msgid "" -"Failure to fix this will result in a broken mailer. Decline this option to " -"abort the upgrade, giving you the opportunity to add this configuration " -"yourself. Accept this option to automatically make master.cf compatible with " -"Postfix 2.4 in this respect." -msgstr "" -"Se non si corregge questa impostazione, il programma sarà inutilizzabile. " -"Rifiutando questa proposta, l'aggiornamento verrà annullato e si avrà la " -"possibilità di modificare manualmente la configurazione. Accettando la " -"proposta si renderà master.cf compatibile con Postfix 2.4 in modo automatico." +"Failure to fix this will result in a broken mailer. Decline this option to abort the " +"upgrade, giving you the opportunity to add this configuration yourself. Accept this option " +"to automatically make master.cf compatible with Postfix 2.4 in this respect." +msgstr "" +"Se non si corregge questa impostazione, il programma sarà inutilizzabile. Rifiutando " +"questa proposta, l'aggiornamento verrà annullato e si avrà la possibilità di modificare " +"manualmente la configurazione. Accettando la proposta si renderà master.cf compatibile con " +"Postfix 2.4 in modo automatico." #. Type: boolean #. Description -#: ../templates:8001 +#: ../templates:7001 msgid "Correct tlsmgr entry in master.cf for upgrade?" msgstr "Correggere la voce tlsmgr in master.cf per l'aggiornamento?" #. Type: boolean #. Description -#: ../templates:8001 +#: ../templates:7001 msgid "Postfix version 2.2 has changed the invocation of tlsmgr." -msgstr "Nella versione 2.2 di postfix è cambiata l'invocazione di tlsmgr." +msgstr "Nella versione 2.2 di postfix è cambiata l'invocazione di tlsmgr." # | msgid "" # | "Failure to fix this will result in a broken mailer. Decline this option " @@ -198,21 +173,20 @@ # | "cf compatible with Postfix 2.2 in this respect." #. Type: boolean #. Description -#: ../templates:8001 +#: ../templates:7001 msgid "" -"Failure to fix this will result in a broken mailer. Decline this option to " -"abort the upgrade, giving you the opportunity to add this configuration " -"yourself. Accept this option to automatically make master.cf compatible with " -"Postfix 2.2 in this respect." -msgstr "" -"Se non si corregge questa impostazione, il programma sarà inutilizzabile. " -"Rifiutando questa proposta, l'aggiornamento verrà annullato e si avrà la " -"possibilità di eseguire manualmente la configurazione. Accettando la " -"proposta si renderà master.cf compatibile con Postfix 2.2 in modo automatico." +"Failure to fix this will result in a broken mailer. Decline this option to abort the " +"upgrade, giving you the opportunity to add this configuration yourself. Accept this option " +"to automatically make master.cf compatible with Postfix 2.2 in this respect." +msgstr "" +"Se non si corregge questa impostazione, il programma sarà inutilizzabile. Rifiutando " +"questa proposta, l'aggiornamento verrà annullato e si avrà la possibilità di eseguire " +"manualmente la configurazione. Accettando la proposta si renderà master.cf compatibile con " +"Postfix 2.2 in modo automatico." #. Type: boolean #. Description -#: ../templates:9001 +#: ../templates:8001 msgid "Ignore incorrect hostname entry?" msgstr "Ignorare la voce hostname errata?" @@ -220,30 +194,29 @@ # | "does not follow RFC 1035 and does not appear to be a valid IP address." #. Type: boolean #. Description -#: ../templates:9001 +#: ../templates:8001 msgid "" -"The string '${enteredstring}' does not follow RFC 1035 and does not appear " -"to be a valid IP address." +"The string '${enteredstring}' does not follow RFC 1035 and does not appear to be a valid " +"IP address." msgstr "" -"La stringa \"${enteredstring}\" non è conforme alla RFC 1035 e non sembra " -"essere un indirizzo IP valido." +"La stringa «${enteredstring}» non è conforme alla RFC 1035 e non sembra essere un " +"indirizzo IP valido." #. Type: boolean #. Description -#: ../templates:9001 +#: ../templates:8001 msgid "" -"RFC 1035 states that 'each component must start with an alphanum, end with " -"an alphanum and contain only alphanums and hyphens. Components must be " -"separated by full stops.'" -msgstr "" -"La RFC 1035 richiede che ogni componente inizi e finisca con un carattere " -"alfanumerico e contenga solo caratteri alfanumerici o il trattino \"-\". Le " -"componenti devono essere separate da punti." +"RFC 1035 states that 'each component must start with an alphanum, end with an alphanum and " +"contain only alphanums and hyphens. Components must be separated by full stops.'" +msgstr "" +"La RFC 1035 richiede che ogni componente inizi e finisca con un carattere alfanumerico e " +"contenga solo caratteri alfanumerici o il trattino «-». Le componenti devono essere " +"separate da punti." # | msgid "Do you want to keep it anyway?" #. Type: boolean #. Description -#: ../templates:9001 +#: ../templates:8001 msgid "Please choose whether you want to keep that choice anyway." msgstr "Scegliere se si desidera mantenere questa scelta comunque." @@ -256,7 +229,7 @@ #. try to keep below ~71 characters. #. DO NOT USE commas (,) in Choices translations otherwise #. this will break the choices shown to users -#: ../templates:10001 +#: ../templates:9001 msgid "No configuration" msgstr "Nessuna configurazione" @@ -268,7 +241,7 @@ #. try to keep below ~71 characters. #. DO NOT USE commas (,) in Choices translations otherwise #. this will break the choices shown to users -#: ../templates:10001 +#: ../templates:9001 msgid "Internet Site" msgstr "Sito internet" @@ -280,7 +253,7 @@ #. try to keep below ~71 characters. #. DO NOT USE commas (,) in Choices translations otherwise #. this will break the choices shown to users -#: ../templates:10001 +#: ../templates:9001 msgid "Internet with smarthost" msgstr "Sito internet con smarthost" @@ -292,7 +265,7 @@ #. try to keep below ~71 characters. #. DO NOT USE commas (,) in Choices translations otherwise #. this will break the choices shown to users -#: ../templates:10001 +#: ../templates:9001 msgid "Satellite system" msgstr "Sistema satellite" @@ -304,28 +277,26 @@ #. try to keep below ~71 characters. #. DO NOT USE commas (,) in Choices translations otherwise #. this will break the choices shown to users -#: ../templates:10001 +#: ../templates:9001 msgid "Local only" msgstr "Solo locale" # | msgid "General type of configuration?" #. Type: select #. Description -#: ../templates:10002 +#: ../templates:9002 msgid "General type of mail configuration:" msgstr "Profilo generale di configurazione:" #. Type: select #. Description -#: ../templates:10002 -msgid "" -"Please select the mail server configuration type that best meets your needs." -msgstr "" -"Selezionare il tipo di configurazione del mailserver che si preferisce." +#: ../templates:9002 +msgid "Please select the mail server configuration type that best meets your needs." +msgstr "Selezionare il tipo di configurazione del server di posta che si preferisce." #. Type: select #. Description -#: ../templates:10002 +#: ../templates:9002 msgid "" " No configuration:\n" " Should be chosen to leave the current configuration unchanged.\n" @@ -342,23 +313,22 @@ " Nessuna configurazione:\n" " Da scegliere se non si vuole modificare la configurazione attuale.\n" " Sito internet:\n" -" La posta è inviata e ricevuta direttamente via SMTP.\n" +" La posta è inviata e ricevuta direttamente via SMTP.\n" " Sito internet con smarthost:\n" -" La posta è ricevuta direttamente via SMTP o attraverso programmi\n" -" come fetchmail. La posta in uscita è inviata a uno smarthost.\n" +" La posta è ricevuta direttamente via SMTP o attraverso programmi\n" +" come fetchmail. La posta in uscita è inviata a uno smarthost.\n" " Sistema satellite:\n" -" Tutta la posta è inviata a un altro sistema, detto \"smarthost\",\n" +" Tutta la posta è inviata a un altro sistema, detto «smarthost»,\n" " per la consegna.\n" -" Solo consegna locale:\n" -" Viene solo consegnata la posta per gli utenti locali, senza attività di " -"rete." +" Solo locale:\n" +" Viene solo consegnata la posta per gli utenti locali, senza attività di rete." # | msgid "WARNING: Postfix not configured" #. Type: error #. Description -#: ../templates:11001 +#: ../templates:10001 msgid "Postfix not configured" -msgstr "Postfix non è configurato" +msgstr "Postfix non è configurato" # | msgid "" # | "You have chosen \"No Configuration\" - Postfix will not be configured and " @@ -366,41 +336,39 @@ # | "a later date, or configure it yourself by:" #. Type: error #. Description -#: ../templates:11001 +#: ../templates:10001 msgid "" -"You have chosen 'No Configuration'. Postfix will not be configured and will " -"not be started by default. Please run 'dpkg-reconfigure postfix' at a later " -"date, or configure it yourself by:\n" +"You have chosen 'No Configuration'. Postfix will not be configured and will not be started " +"by default. Please run 'dpkg-reconfigure postfix' at a later date, or configure it " +"yourself by:\n" " - Editing /etc/postfix/main.cf to your liking;\n" " - Running '/etc/init.d/postfix start'." msgstr "" -"Si è scelto \"Nessuna configurazione\". Postfix non sarà configurato e non " -"sarà avviato automaticamente. Si prega di eseguire \"dpkg-reconfigure postfix" -"\" in seguito, o di eseguire le seguenti operazioni:\n" -" - Modificare /etc/postfix/main.cf a piacimento;\n" -" - Eseguire /etc/init.d/postfix start." +"Si è scelto «Nessuna configurazione». Postfix non sarà configurato e non sarà avviato " +"automaticamente. Si esegua «dpkg-reconfigure postfix» successivamente, o si configuri " +"manualmente:\n" +" - editare /etc/postfix/main.cf a piacimento;\n" +" - eseguire «/etc/init.d/postfix start»." # | msgid "/etc/mailname" #. Type: string #. Description -#: ../templates:12001 +#: ../templates:11001 msgid "System mail name:" msgstr "Nome del sistema per la posta:" #. Type: string #. Description -#: ../templates:12001 +#: ../templates:11001 msgid "" -"The \"mail name\" is the domain name used to \"qualify\" _ALL_ mail " -"addresses without a domain name. This includes mail to and from : " -"please do not make your machine send out mail from root@example.org unless " -"root@example.org has told you to." -msgstr "" -"Il \"mail name\" è il nome di dominio usato per \"qualificare\" _TUTTI_ gli " -"indirizzi di posta che non contengono un nome di dominio. Questo comprende " -"anche i messaggi da e per : evitate che il vostro sistema spedisca " -"posta con mittente root@example.org a meno che root@example.org non ve " -"l'abbia chiesto." +"The \"mail name\" is the domain name used to \"qualify\" _ALL_ mail addresses without a " +"domain name. This includes mail to and from : please do not make your machine send " +"out mail from root@example.org unless root@example.org has told you to." +msgstr "" +"Il «mail name» è il nome di dominio usato per «qualificare» _TUTTI_ gli indirizzi di posta " +"che non contengono un nome di dominio. Questo comprende anche i messaggi da e per : " +"evitare che il proprio sistema spedisca posta con mittente root@example.org a meno che " +"root@example.org non lo abbia chiesto." # | msgid "" # | "This name will be used by other programs besides Postfix; it should be " @@ -408,34 +376,32 @@ # | "originate." #. Type: string #. Description -#: ../templates:12001 +#: ../templates:11001 msgid "" -"This name will also be used by other programs. It should be the single, " -"fully qualified domain name (FQDN)." +"This name will also be used by other programs. It should be the single, fully qualified " +"domain name (FQDN)." msgstr "" -"Questo nome verrà usato anche da altri programmi. Dovrebbe essere un fully " -"qualified domain name (FQDN)." +"Questo nome verrà usato anche da altri programmi. Dovrebbe essere l'unico nome di dominio " +"pienamente qualificato (FQDN)." #. Type: string #. Description #. Translators, please do NOT translate 'example.org' whch is registered #. as a domain name reserved for documentation as per RFC 2606 -#: ../templates:12001 +#: ../templates:11001 msgid "" -"Thus, if a mail address on the local host is foo@example.org, the correct " -"value for this option would be example.org." +"Thus, if a mail address on the local host is foo@example.org, the correct value for this " +"option would be example.org." msgstr "" -"Ad esempio, se un indirizzo di posta sul sistema locale è foo@example.org, " -"il valore corretto per questo parametro sarebbe example.org." +"Ad esempio, se un indirizzo di posta sul sistema locale è foo@example.org, il valore " +"corretto per questo parametro sarebbe example.org." # | msgid "Other destinations to accept mail for? (blank for none)" #. Type: string #. Description -#: ../templates:13001 +#: ../templates:12001 msgid "Other destinations to accept mail for (blank for none):" -msgstr "" -"Altre destinazioni per cui accettare posta (lasciare in bianco se non ce ne " -"sono):" +msgstr "Altre destinazioni per cui accettare posta (lasciare in bianco se non ce ne sono):" # | msgid "" # | "Give a comma-separated list of domains that this machine should consider " @@ -443,21 +409,20 @@ # | "probably want to include the top-level domain." #. Type: string #. Description -#: ../templates:13001 +#: ../templates:12001 msgid "" -"Please give a comma-separated list of domains for which this machine should " -"consider itself the final destination. If this is a mail domain gateway, you " -"probably want to include the top-level domain." -msgstr "" -"Indicare una lista (separata da virgole) di domini per cui questo sistema si " -"deve considerare come la destinazione finale. Se il sistema è un gateway di " -"posta per un intero dominio, è consigliabile includere anche il top-level " -"domain." +"Please give a comma-separated list of domains for which this machine should consider " +"itself the final destination. If this is a mail domain gateway, you probably want to " +"include the top-level domain." +msgstr "" +"Indicare una lista (separata da virgole) di domini per cui questo sistema si deve " +"considerare come la destinazione finale. Se il sistema è un gateway di posta per un intero " +"dominio, è consigliabile includere anche il dominio di livello più alto." # | msgid "SMTP relay host? (blank for none)" #. Type: string #. Description -#: ../templates:14001 +#: ../templates:13001 msgid "SMTP relay host (blank for none):" msgstr "Host da usare come relay SMTP (lasciare in bianco se non viene usato):" @@ -467,21 +432,20 @@ # | "host." #. Type: string #. Description -#: ../templates:14001 +#: ../templates:13001 msgid "" -"Please specify a domain, host, host:port, [address] or [address]:port. Use " -"the form [destination] to turn off MX lookups. Leave this blank for no relay " -"host." -msgstr "" -"Indicare un dominio, host, host:porta, [indirizzo] o [indirizzo]:porta. " -"Usando la forma [destinazione] vengono disabilitate le ricerche MX. Lasciare " -"in bianco se non si usa alcun relay." +"Please specify a domain, host, host:port, [address] or [address]:port. Use the form " +"[destination] to turn off MX lookups. Leave this blank for no relay host." +msgstr "" +"Indicare un dominio, host, host:porta, [indirizzo] o [indirizzo]:porta. Usando la forma " +"[destinazione] vengono disabilitate le ricerche MX. Lasciare in bianco se non si usa alcun " +"relay." #. Type: string #. Description -#: ../templates:14001 +#: ../templates:13001 msgid "Do not specify more than one host." -msgstr "Non specificare più di un host." +msgstr "Non specificare più di un host." # | msgid "" # | "The relayhost parameter specifies the default host to send mail to when " @@ -489,79 +453,77 @@ # | "is given, mail is routed directly to the destination." #. Type: string #. Description -#: ../templates:14001 +#: ../templates:13001 msgid "" -"The relayhost parameter specifies the default host to send mail to when no " -"entry is matched in the optional transport(5) table. When no relay host is " -"given, mail is routed directly to the destination." -msgstr "" -"Il parametro \"relayhost\" indica l'host a cui inviare la posta quando non " -"viene trovata alcuna corrispondenza nella tabella opzionale transport(5). Se " -"non viene indicato, la posta è instradata direttamente alla destinazione." +"The relayhost parameter specifies the default host to send mail to when no entry is " +"matched in the optional transport(5) table. When no relay host is given, mail is routed " +"directly to the destination." +msgstr "" +"Il parametro «relayhost» indica l'host predefinito a cui inviare la posta quando non viene " +"trovata alcuna corrispondenza nella tabella opzionale transport(5). Se non viene indicato, " +"la posta è instradata direttamente alla destinazione." #. Type: boolean #. Description -#: ../templates:15001 +#: ../templates:14001 msgid "Use procmail for local delivery?" msgstr "Usare procmail per la consegna locale?" # | msgid "Do you want to use procmail to deliver local mail?" #. Type: boolean #. Description -#: ../templates:15001 +#: ../templates:14001 msgid "Please choose whether you want to use procmail to deliver local mail." msgstr "Indicare se si vuole usare procmail per consegnare la posta locale." #. Type: boolean #. Description -#: ../templates:15001 +#: ../templates:14001 msgid "" -"Note that if you use procmail to deliver mail system-wide, you should set up " -"an alias that forwards mail for root to a real user." +"Note that if you use procmail to deliver mail system-wide, you should set up an alias that " +"forwards mail for root to a real user." msgstr "" -"Nota: se si usa procmail per consegnare la posta di tutto il sistema, è " -"consigliabile impostare un alias per inoltrare a un altro utente la posta " -"diretta a root." +"Nota: se si usa procmail per consegnare la posta di tutto il sistema, è consigliabile " +"impostare un alias per inoltrare a un altro utente la posta diretta a root." #. Type: select #. Choices -#: ../templates:16001 +#: ../templates:15001 msgid "all" msgstr "tutti" #. Type: select #. Choices -#: ../templates:16001 +#: ../templates:15001 msgid "ipv6" msgstr "ipv6" #. Type: select #. Choices -#: ../templates:16001 +#: ../templates:15001 msgid "ipv4" msgstr "ipv4" #. Type: select #. Description -#: ../templates:16002 +#: ../templates:15002 msgid "Internet protocols to use:" msgstr "Protocolli internet da usare:" #. Type: select #. Description -#: ../templates:16002 +#: ../templates:15002 msgid "" -"By default, whichever Internet protocols are enabled on the system at " -"installation time will be used. You may override this default with any of " -"the following:" +"By default, whichever Internet protocols are enabled on the system at installation time " +"will be used. You may override this default with any of the following:" msgstr "" -"Per impostazione predefinita vengono usati tutti i protocolli internet " -"attivi sul sistema al momento dell'installazione. È possibile sovrascrivere " -"questa impostazione usando i valori seguenti:" +"Per impostazione predefinita vengono usati tutti i protocolli internet attivi sul sistema " +"al momento dell'installazione. È possibile sovrascrivere questa impostazione usando i " +"valori seguenti:" #. Type: select #. Description -#: ../templates:16002 +#: ../templates:15002 msgid "" " all : use both IPv4 and IPv6 addresses;\n" " ipv6: listen only on IPv6 addresses;\n" @@ -574,49 +536,44 @@ # | msgid "Local address extension character?" #. Type: string #. Description -#: ../templates:17001 +#: ../templates:16001 msgid "Local address extension character:" msgstr "Carattere per le estensioni degli indirizzi locali:" # | msgid "What character defines a local address extension?" #. Type: string #. Description -#: ../templates:17001 -msgid "" -"Please choose the character that will be used to define a local address " -"extension." -msgstr "" -"Scegliere il carattere da usare per definire le estensioni degli indirizzi " -"locali." +#: ../templates:16001 +msgid "Please choose the character that will be used to define a local address extension." +msgstr "Scegliere il carattere da usare per definire le estensioni degli indirizzi locali." #. Type: string #. Description -#: ../templates:17001 +#: ../templates:16001 msgid "To not use address extensions, leave the string blank." msgstr "Per non usare le estensioni degli indirizzi, lasciare in bianco." #. Type: error #. Description -#: ../templates:18001 +#: ../templates:17001 msgid "Bad recipient delimiter" -msgstr "Delimitatore errato." +msgstr "Delimitatore destinatario errato." # | msgid "" # | "The recipient delimiter is a single character, you entered too many " # | "characters. Please try again." #. Type: error #. Description -#: ../templates:18001 +#: ../templates:17001 msgid "" -"The recipient delimiter must be a single character. '${enteredstring}' is " -"what you entered." +"The recipient delimiter must be a single character. '${enteredstring}' is what you entered." msgstr "" -"Il delimitatore dei destinatari deve essere un carattere singolo, ma è stata " -"immessa la stringa \"${enteredstring}\"." +"Il delimitatore destinatario deve essere un carattere singolo, ma è stata immessa la " +"stringa «${enteredstring}»." #. Type: boolean #. Description -#: ../templates:19001 +#: ../templates:18001 msgid "Force synchronous updates on mail queue?" msgstr "Forzare gli aggiornamenti sincroni della coda di posta?" @@ -627,23 +584,21 @@ # | "a journaled filesystem (such as ext3)." #. Type: boolean #. Description -#: ../templates:19001 +#: ../templates:18001 msgid "" -"If synchronous updates are forced, then mail is processed more slowly. If " -"not forced, then there is a remote chance of losing some mail if the system " -"crashes at an inopportune time, and you are not using a journaled filesystem " -"(such as ext3)." -msgstr "" -"Se viene forzato l'uso degli aggiornamenti sincroni, la posta verrà " -"processata più lentamente. In caso contrario, potrebbe esserci una remota " -"possibilità di perdere dei messaggi, nel caso il sistema cada in un momento " -"particolarmente inopportuno e non si usi un filesystem journaling (come " -"ext3)." +"If synchronous updates are forced, then mail is processed more slowly. If not forced, then " +"there is a remote chance of losing some mail if the system crashes at an inopportune time, " +"and you are not using a journaled filesystem (such as ext3)." +msgstr "" +"Se viene forzato l'uso degli aggiornamenti sincroni, la posta verrà elaborata più " +"lentamente. In caso contrario, potrebbe esserci una remota possibilità di perdere dei " +"messaggi, nel caso il sistema cada in un momento particolarmente inopportuno e non si usi " +"un file system journaling (come ext3)." # | msgid "Local networks?" #. Type: string #. Description -#: ../templates:20001 +#: ../templates:19001 msgid "Local networks:" msgstr "Reti locali:" @@ -652,50 +607,48 @@ # | "just the local host, which is needed by some mail user agents." #. Type: string #. Description -#: ../templates:20001 +#: ../templates:19001 msgid "" -"Please specify the network blocks for which this host should relay mail. The " -"default is just the local host, which is needed by some mail user agents. " -"The default includes local host for both IPv4 and IPv6. If just connecting " -"via one IP version, the unused value(s) may be removed." -msgstr "" -"Specificare per quali blocchi di rete questo computer deve fare da relay. Il " -"valore predefinito è solo l'host locale, che può essere richiesto da alcuni " -"client di posta. Sono compresi sia gli indirizzi IPv4 che IPv6: se si " -"utilizza solo uno dei due protocolli, è possibile rimuovere i valori non " -"utilizzati." +"Please specify the network blocks for which this host should relay mail. The default is " +"just the local host, which is needed by some mail user agents. The default includes local " +"host for both IPv4 and IPv6. If just connecting via one IP version, the unused value(s) " +"may be removed." +msgstr "" +"Specificare per quali blocchi di rete questo computer deve fare da relay. Il valore " +"predefinito è solo l'host locale, che puಠessere richiesto da alcuni client di posta. " +"Sono compresi sia gli indirizzi IPv4 che IPv6: se si utilizza solo uno dei due protocolli, " +"è possibile rimuovere i valori non utilizzati." # | msgid "" # | "If this is a smarthost for a block of machines, you need to specify the " # | "netblocks here, or mail will be rejected rather than relayed." #. Type: string #. Description -#: ../templates:20001 +#: ../templates:19001 msgid "" -"If this host is a smarthost for a block of machines, you need to specify the " -"netblocks here, or mail will be rejected rather than relayed." +"If this host is a smarthost for a block of machines, you need to specify the netblocks " +"here, or mail will be rejected rather than relayed." msgstr "" -"Se questo sistema deve fare da \"smarthost\" per un gruppo di altri sistemi, " -"occorre indicare il blocco di rete opportuno, altrimenti la posta verrà " -"rifiutata invece di essere inoltrata." +"Se questo sistema deve fare da «smarthost» per un gruppo di altri sistemi, occorre " +"indicare il blocco di reti opportuno, altrimenti la posta verrà rifiutata invece di essere " +"inoltrata." # | msgid "" # | "To use the postfix default (which is based on connected networks), enter " # | "an empty string." #. Type: string #. Description -#: ../templates:20001 +#: ../templates:19001 msgid "" -"To use the postfix default (which is based on the connected subnets), leave " -"this blank." +"To use the postfix default (which is based on the connected subnets), leave this blank." msgstr "" -"Per usare il valore predefinito di postfix (che è basato sulle reti a cui il " -"computer è connesso), lasciare in bianco." +"Per usare il valore predefinito di postfix (che è basato sulle sottoreti a cui il computer " +"è connesso), lasciare in bianco." # | msgid "Mailbox size limit" #. Type: string #. Description -#: ../templates:21001 +#: ../templates:20001 msgid "Mailbox size limit (bytes):" msgstr "Limite di dimensione delle mailbox (byte):" @@ -705,57 +658,53 @@ # | "default is 51200000.)" #. Type: string #. Description -#: ../templates:21001 +#: ../templates:20001 msgid "" -"Please specify the limit that Postfix should place on mailbox files to " -"prevent runaway software errors. A value of zero (0) means no limit. The " -"upstream default is 51200000." +"Please specify the limit that Postfix should place on mailbox files to prevent runaway " +"software errors. A value of zero (0) means no limit. The upstream default is 51200000." msgstr "" -"Specificare il limite che deve essere imposto da Postfix alla dimensione dei " -"file delle mailbox per prevenire errori causati da processi incontrollabili. " -"Il valore zero (0) indica nessun limite. Il valore predefinito nella " -"distribuzione originale di Postfix è 51200000." +"Specificare il limite che deve essere imposto da Postfix alla dimensione dei file delle " +"mailbox per prevenire errori causati da processi incontrollabili. Il valore zero (0) " +"indica nessun limite. Il valore predefinito nella distribuzione originale di Postfix è " +"51200000." #. Type: string #. Description -#: ../templates:22001 +#: ../templates:21001 msgid "Root and postmaster mail recipient:" msgstr "Destinatario della posta diretta a root e postmaster:" #. Type: string #. Description -#: ../templates:22001 +#: ../templates:21001 msgid "" -"Mail for the 'postmaster', 'root', and other system accounts needs to be " -"redirected to the user account of the actual system administrator." +"Mail for the 'postmaster', 'root', and other system accounts needs to be redirected to the " +"user account of the actual system administrator." msgstr "" -"La posta diretta agli utenti \"postmaster\", \"root\", e ad altri utenti di " -"sistema deve essere rediretta all'utente effettivo usato dall'amministratore " -"del sistema." +"La posta diretta agli utenti «postmaster», «root», e ad altri utenti di sistema deve " +"essere rediretta all'utente effettivo usato dall'amministratore del sistema." #. Type: string #. Description -#: ../templates:22001 +#: ../templates:21001 msgid "" -"If this value is left empty, such mail will be saved in /var/mail/nobody, " -"which is not recommended." +"If this value is left empty, such mail will be saved in /var/mail/nobody, which is not " +"recommended." msgstr "" -"Lasciando in bianco, la posta verrà salvata in /var/mail/nobody, cosa non " -"raccomandabile." +"Lasciando in bianco, la posta verrà salvata in /var/mail/nobody, cosa non raccomandabile." #. Type: string #. Description -#: ../templates:22001 +#: ../templates:21001 msgid "Mail is not delivered to external delivery agents as root." -msgstr "" -"La posta non viene consegnata ad agenti di consegna esterni come utente root." +msgstr "La posta non viene consegnata ad agenti di consegna esterni come utente root." #. Type: string #. Description -#: ../templates:22001 +#: ../templates:21001 msgid "" -"If you already have a /etc/aliases file and it does not have an entry for " -"root, then you should add this entry. Leave this blank to not add one." +"If you already have a /etc/aliases file and it does not have an entry for root, then you " +"should add this entry. Leave this blank to not add one." msgstr "" -"Se si ha già un file /etc/aliases che non contiene una voce per root, " -"occorre aggiungerla. Lasciando in bianco non ne verrà aggiunta alcuna." +"Se si ha già un file /etc/aliases che non contiene una voce per root, occorre aggiungerla. " +"Lasciando in bianco non ne verrà aggiunta alcuna." diff -Nru postfix-3.0.4/debian/po/ja.po postfix-3.1.0/debian/po/ja.po --- postfix-3.0.4/debian/po/ja.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/ja.po 2016-04-13 16:22:12.000000000 +0000 @@ -13,10 +13,10 @@ # msgid "" msgstr "" -"Project-Id-Version: postfix 2.10.0-2\n" +"Project-Id-Version: postfix 3.0.4-3\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2013-03-16 21:17+0900\n" +"PO-Revision-Date: 2016-02-28 21:23+0900\n" "Last-Translator: Kenshi Muto \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -80,16 +80,13 @@ "Failure to do this may result in deferred or bounced mail after the " "upgrade. Accept this option to set smtpd_relay_restrictions equal to " "smtpd_recipient_restrictions." -msgstr "" -"ã“ã‚Œã¯ã€æ›´æ–°å¾Œã«ã€ãƒ¡ãƒ¼ãƒ«ã‚’é…延ã¾ãŸã¯è¿”å´ã—ã¦ã—ã¾ã†çµæžœã¨ãªã‚‹æã‚ŒãŒã‚ã‚Šã¾ã™ã€‚" -"smtpd_relay_restrictions ã‚’ smtpd_recipient_restrictions ã¨ç­‰ä¾¡ã«ãªã‚‹ã‚ˆã†è¨­å®š" -"ã™ã‚‹ã«ã¯ã€ã“ã®é¸æŠžè‚¢ã«ã€Œã¯ã„ã€ã¨ç­”ãˆã¦ãã ã•ã„。" +msgstr "ã“ã‚Œã¯ã€æ›´æ–°å¾Œã«ã€ãƒ¡ãƒ¼ãƒ«ã‚’é…延ã¾ãŸã¯è¿”å´ã—ã¦ã—ã¾ã†çµæžœã¨ãªã‚‹æã‚ŒãŒã‚ã‚Šã¾ã™ã€‚smtpd_relay_restrictions ã‚’ smtpd_recipient_restrictions ã¨ç­‰ä¾¡ã«ãªã‚‹ã‚ˆã†è¨­å®šã™ã‚‹ã«ã¯ã€ã“ã®é¸æŠžè‚¢ã‚’é¸ã‚“ã§ãã ã•ã„。" #. Type: boolean #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "daemon_directory ã®å¤‰æ›´ã«ä¼´ã„ main.cf ã‚’æ›´æ–°ã—ã¾ã™" #. Type: boolean #. Description @@ -98,35 +95,26 @@ "This upgrade of postfix changes where daemons are located, and your postfix " "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." -msgstr "" +msgstr "postfix ã®ä»Šå›žã®æ›´æ–°ã§ã¯ãƒ‡ãƒ¼ãƒ¢ãƒ³ã®ç½®ã‹ã‚Œã‚‹ä½ç½®ãŒå¤‰æ›´ã•ã‚Œã¦ã„ã¾ã™ãŒã€ç¾çŠ¶ã® postfix 設定ã§ã¯ä»¥å‰ã®ä½ç½®ã‚’明示的ã«æŒ‡å®šã—ã¦ã„ã¾ã™ã€‚ã“ã®å¤‰æ›´ã‚’å—ã‘入れãªã„å ´åˆã¯ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚’中止ã—ã¾ã™ã€‚" #. Type: boolean #. Description #: ../templates:4001 msgid "Update dynamicmaps.cf for 3.0" -msgstr "" +msgstr "dynamicmaps.cf ã‚’ 3.0 用ã«æ›´æ–°ã—ã¾ã™" #. Type: boolean #. Description #: ../templates:4001 -#, fuzzy -#| msgid "" -#| "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " -#| "does not reflect that. Accept this option to add support for sqlite maps." msgid "" "Postfix version 3.0 changes how dynamic maps are delivered, and your " "dynamicmaps.cf does not reflect that. Accept this option to convert " "dynamicmaps.cf to the version required for 3.0." -msgstr "" -"Postfix ãƒãƒ¼ã‚¸ãƒ§ãƒ³ 2.9 ã§ã¯ sqlite ã®ã‚µãƒãƒ¼ãƒˆã‚’マップã«è¿½åŠ ã—ã¦ã„ã¾ã™ãŒã€ã‚ãª" -"ãŸã® dynamicmaps.cf ã«ã¯ãã‚ŒãŒå映ã•ã‚Œã¦ã„ã¾ã›ã‚“。sqlite マップã®ã‚µãƒãƒ¼ãƒˆã‚’追" -"加ã™ã‚‹ã«ã¯ã€ã“ã®é¸æŠžè‚¢ã«ã€Œã¯ã„ã€ã¨ç­”ãˆã¦ãã ã•ã„。" +msgstr "Postfix ãƒãƒ¼ã‚¸ãƒ§ãƒ³ 3.0 ã§ã¯å‹•çš„割り当ã¦ã®è¨­å®šã«å¤‰æ›´ãŒã‚ã‚Šã¾ã™ãŒã€ç¾çŠ¶ã® dynamicmaps.cf ã¯ãã®å¤‰æ›´ã‚’å映ã—ãŸå½¢å¼ã«ãªã£ã¦ã„ã¾ã›ã‚“。ã“ã®é¸æŠžã‚’å—ã‘入れるã¨ã€dynamicmaps.cf ã‚’ 3.0 ã§è¦æ±‚ã•ã‚Œã‚‹å½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚" #. Type: boolean #. Description #: ../templates:5001 -#, fuzzy -#| msgid "add 'sqlite' entry to dynamicmaps.cf?" msgid "Add 'sqlite' entry to dynamicmaps.cf?" msgstr "'sqlite' エントリを dynamicmaps.cf ã«è¿½åŠ ã—ã¾ã™ã‹?" diff -Nru postfix-3.0.4/debian/po/nl.po postfix-3.1.0/debian/po/nl.po --- postfix-3.0.4/debian/po/nl.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/nl.po 2016-04-13 16:22:12.000000000 +0000 @@ -3,14 +3,14 @@ # This file is distributed under the same license as the postfix package. # Bart Cornelis , 2008. # Jeroen Schot , 2012. -# Frans Spiesschaert , 2014. +# Frans Spiesschaert , 2014, 2016. # msgid "" msgstr "" -"Project-Id-Version: postfix 2.9.1-2\n" +"Project-Id-Version: postfix 3.0.4-3\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2014-09-23 18:51+0200\n" +"PO-Revision-Date: 2016-02-28 12:57+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" "Language: nl\n" @@ -18,6 +18,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Gtranslator 2.91.6\n" #. Type: boolean #. Description @@ -35,7 +36,7 @@ "domain name (FQDN)." msgstr "" "Postfix-versie 2.3.3-2 en later vereisen aanpassingen in main.cf. Specifiek " -"dient mydomain aangegeven te zijn, aangezien hostname(1) geen Volledig " +"dient mydomain aangegeven te zijn, aangezien hostname(1) geen volledig " "gekwalificeerde domeinnaam (FQDN) is." # Description @@ -48,11 +49,11 @@ "yourself. Accept this option to automatically set mydomain based on the FQDN " "of the machine." msgstr "" -"Als u nalaat om dit te in te stellen resulteert dit in een niet-werkend e-" -"mail-systeem. Als u de opwaardering wilt afbreken dient u hier te weigeren, " -"u kunt de configuratie dan zelf toevoegen. Als u wilt dat mydomain " -"automatisch ingesteld wordt afgaande op de FQDN van deze machine dient u dit " -"te aanvaarden." +"Als u nalaat om dit in te stellen resulteert dit in een niet-werkend e-mail-" +"systeem. Als u de opwaardering wilt afbreken dient u hier te weigeren, u " +"kunt de configuratie dan zelf toevoegen. Als u wilt dat mydomain automatisch " +"ingesteld wordt afgaande op de FQDN van deze machine dient u dit te " +"aanvaarden." #. Type: boolean #. Description @@ -70,7 +71,7 @@ "for smtpd_recipient_restrictions." msgstr "" "Postfix-versie 2.10 introduceert smtpd_relay_restrictions, om een " -"onderscheid te maken tussen restricties van toepassing op gerelayeerde e-" +"onderscheid te maken tussen restricties van toepassing op doorgestuurde e-" "mail en restricties van toepassing op e-mail bij eindbestemming, en u heeft " "een waarde voor smtpd_recipient_restrictions die afwijkt van de standaard." @@ -90,7 +91,7 @@ #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "Werk main.cf bij voor een wijziging van daemon_directory" #. Type: boolean #. Description @@ -100,17 +101,20 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"Deze opwaardering van postfix wijzigt de plaats waar achtergronddiensten " +"zich bevinden en uw configuratie van postfix vermeldt expliciet de oude " +"locatie. De installatie zal afgebroken worden als u de wijziging niet " +"toestaat." #. Type: boolean #. Description #: ../templates:4001 msgid "Update dynamicmaps.cf for 3.0" -msgstr "" +msgstr "Werk dynamicmaps.cf bij voor 3.0" #. Type: boolean #. Description #: ../templates:4001 -#, fuzzy #| msgid "" #| "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " #| "does not reflect that. Accept this option to add support for sqlite maps." @@ -119,17 +123,17 @@ "dynamicmaps.cf does not reflect that. Accept this option to convert " "dynamicmaps.cf to the version required for 3.0." msgstr "" -"Postfix versie 2.9 voegt sqlite-ondersteuning toe aan maps, maar dit staat " -"niet in uw dynamicmaps.cf. Accepteer deze optie on ondersteuning voor sqlite-" -"maps toe te voegen." +"Postfix versie 3.0 wijzigt de manier waarop post aan dynamisch omgezette " +"adressen wordt afgeleverd en uw dynamicmaps.cf reflecteert dat niet. " +"Accepteer deze optie om dynamicmaps.cf te converteren naar de versie die " +"voor 3.0 vereist is." #. Type: boolean #. Description #: ../templates:5001 -#, fuzzy #| msgid "add 'sqlite' entry to dynamicmaps.cf?" msgid "Add 'sqlite' entry to dynamicmaps.cf?" -msgstr "een 'sqlite'-ingang toevoegen aan dynamicmaps.cf?" +msgstr "Een 'sqlite'-item toevoegen aan dynamicmaps.cf?" #. Type: boolean #. Description @@ -138,9 +142,9 @@ "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " "does not reflect that. Accept this option to add support for sqlite maps." msgstr "" -"Postfix versie 2.9 voegt sqlite-ondersteuning toe aan maps, maar dit staat " -"niet in uw dynamicmaps.cf. Accepteer deze optie on ondersteuning voor sqlite-" -"maps toe te voegen." +"Postfix versie 2.9 voegt sqlite-ondersteuning toe aan adresomzettingen, maar " +"dit staat niet in uw dynamicmaps.cf. Accepteer deze optie om ondersteuning " +"voor sqlite-adresomzetting toe te voegen." #. Type: boolean #. Description @@ -157,15 +161,16 @@ "Postfix uses features that are not found in kernels prior to 2.6. If you " "proceed with the installation, Postfix will not run." msgstr "" -"Postfix maakt gebruik van features die in kernelversies kleiner dan 2.6 niet " -"beschikbaar zijn. Als u doorgaat met de installatie zal Postfix niet werken." +"Postfix maakt gebruik van functionaliteit die in kernelversies kleiner dan " +"2.6 niet beschikbaar is. Als u doorgaat met de installatie zal Postfix niet " +"werken." #. Type: boolean #. Description #: ../templates:7001 msgid "Correct retry entry in master.cf for upgrade?" msgstr "" -"Wilt u dat de 'retry'-ingang in master.cf verbeterd wordt voor de " +"Wilt u dat het 'retry'-item in master.cf verbeterd wordt voor de " "opwaardering?" #. Type: boolean @@ -175,7 +180,7 @@ "Postfix version 2.4 requires that the retry service be added to master.cf." msgstr "" "De 2.4 versie van Postfix vereist dat de 'retry'-dienst toegevoegd wordt aan " -"master.cf ." +"master.cf." # Description #. Type: boolean @@ -187,25 +192,25 @@ "yourself. Accept this option to automatically make master.cf compatible with " "Postfix 2.4 in this respect." msgstr "" -"Als u nalaat om dit te in te stellen resulteert dit in een niet-werkend e-" -"mail-systeem. Als u de opwaardering wilt afbreken dient u hier te weigeren, " -"u kunt de configuratie vervolgens zelf toevoegen. Om master.cf , in dit " -"opzicht, automatisch compatibel te maken met Postfix 2.4 dient u deze optie " -"te kiezen." +"Als u nalaat om dit in te stellen resulteert dit in een niet-werkend e-mail-" +"systeem. Als u de opwaardering wilt afbreken dient u hier te weigeren. U " +"kunt deze configuratie vervolgens zelf toevoegen. Om master.cf in dit " +"verband automatisch compatibel te maken met Postfix 2.4 dient u deze optie " +"te aanvaarden." #. Type: boolean #. Description #: ../templates:8001 msgid "Correct tlsmgr entry in master.cf for upgrade?" msgstr "" -"Wilt u dat de 'tlsmgr'-ingang in master.cf verbeterd wordt voor de " +"Wilt u dat het 'tlsmgr'-item in master.cf verbeterd wordt voor de " "opwaardering?" #. Type: boolean #. Description #: ../templates:8001 msgid "Postfix version 2.2 has changed the invocation of tlsmgr." -msgstr "De 2.2 versie van Postfix heeft de aanroep van tlsmgr veranderd." +msgstr "De 2.2 versie van Postfix heeft het inroepen van tlsmgr veranderd." # Description #. Type: boolean @@ -217,10 +222,10 @@ "yourself. Accept this option to automatically make master.cf compatible with " "Postfix 2.2 in this respect." msgstr "" -"Als u nalaat om dit te in te stellen resulteert dit in een niet-werkend e-" -"mail-systeem. Als u de opwaardering wilt afbreken dient u hier te weigeren, " -"u kunt de configuratie dan zelf toevoegen. Aanvaard dit voorstel om master." -"cf in dit opzicht automatisch compatibel te maken met Postfix 2.2." +"Als u nalaat om dit in te stellen resulteert dit in een niet-werkend e-mail-" +"systeem. Als u de opwaardering wilt afbreken dient u hier te weigeren. U " +"kunt deze configuratie dan zelf toevoegen. Aanvaard deze optie om master.cf " +"in dit verband automatisch compatibel te maken met Postfix 2.2." #. Type: boolean #. Description @@ -235,8 +240,8 @@ "The string '${enteredstring}' does not follow RFC 1035 and does not appear " "to be a valid IP address." msgstr "" -"De ingevoerde strings '${enteredstring}' voldoet niet aan RFC 1035, en lijkt " -"ook geen geldig IP-adres te zijn." +"De ingevoerde tekenreeks '${enteredstring}' voldoet niet aan RFC 1035 en " +"lijkt ook geen geldig IP-adres te zijn." #. Type: boolean #. Description @@ -246,9 +251,10 @@ "an alphanum and contain only alphanums and hyphens. Components must be " "separated by full stops.'" msgstr "" -"RFC 1035 stelt dat 'Elk onderdeel dient te starten met een alfanumeriek " -"karakter, en mag slechts alfanumerieke karakters en koppeltekens bevatten. " -"Onderdelen dienen van elkaar gescheiden te worden met punten.'." +"RFC 1035 stelt dat 'elk onderdeel dient te starten met een alfanumeriek " +"teken, moet eindigen met een alfanumeriek teken en slechts alfanumerieke " +"tekens en koppeltekens mag bevatten. Onderdelen dienen van elkaar gescheiden " +"te worden met punten.'" #. Type: boolean #. Description @@ -327,8 +333,7 @@ #: ../templates:10002 msgid "" "Please select the mail server configuration type that best meets your needs." -msgstr "" -"Wat voor e-mail-serverconfiguratie komt het best met uw wensen overeen?" +msgstr "Wat voor e-mail-serverconfiguratie komt het best met uw noden overeen?" #. Type: select #. Description @@ -349,7 +354,7 @@ "Geen configuratie:\n" " Kies dit als u de huidige configuratie wilt laten zoals ze is.\n" "Internetsite:\n" -" E-mail wordt rechtstreeks via SMTP verstuurd.\n" +" E-mail wordt rechtstreeks via SMTP verstuurd en ontvangen.\n" "Internet met smarthost:\n" " E-mail wordt rechtstreeks via SMTP of via een hulpprogramma\n" " zoals fetchmail ontvangen. Uitgaande mail wordt via een\n" @@ -381,8 +386,8 @@ "geconfigureerd en zal standaard niet gestart worden. U kunt dit later " "instellen via het commando 'dpkg-reconfigure postfix', of dit handmatig " "configureren door:\n" -"- /etc/postfix/main.cf naar wensen in te stellen;\n" -"- het commando '/etc/init.d/postfix start' uit te voeren." +" - /etc/postfix/main.cf naar uw wensen in te stellen;\n" +" - het commando '/etc/init.d/postfix start' uit te voeren." #. Type: string #. Description @@ -459,7 +464,7 @@ "the form [destination] to turn off MX lookups. Leave this blank for no relay " "host." msgstr "" -"Gelieve een domein, computer, computer:poort, [adres] of [adres:poort] op te " +"Gelieve een domein, computer, computer:poort, [adres] of [adres]:poort op te " "geven. Gebruik de vorm [bestemming] om MX-opzoekingen te vermijden. Laat dit " "leeg als er geen doorvoerserver gebruikt wordt." @@ -477,10 +482,11 @@ "entry is matched in the optional transport(5) table. When no relay host is " "given, mail is routed directly to the destination." msgstr "" -"De 'relayhost'-parameter geeft een standaard server op waarnaar e-mail " -"gestuurd word indien geen enkele ingang in de optionele overzettabel " -"(transport(5)) overeenkomt. Indien er geen doorvoerserver opgegeven is wordt " -"e-mail rechtstreeks naar de bestemming gestuurd." +"De 'relayhost'-parameter (doorvoerserver-parameter) geeft een standaard " +"server op waarnaar e-mail gestuurd wordt indien geen enkel item in de " +"facultatieve overzettabel (transport(5)) een overeenkomst oplevert. Indien " +"er geen doorvoerserver opgegeven is, wordt e-mail rechtstreeks naar de " +"bestemming gestuurd." #. Type: boolean #. Description @@ -538,8 +544,8 @@ "the following:" msgstr "" "Standaard wordt er geluisterd op alle tijdens de installatie actieve " -"internetprotocollen. U kunt de standaardwaarde aan de kant zetten door één " -"van het volgende te doen:" +"internetprotocollen. U kunt de standaardwaarde vervangen door één van de " +"volgende:" #. Type: select #. Description @@ -549,9 +555,9 @@ " ipv6: listen only on IPv6 addresses;\n" " ipv4: listen only on IPv4 addresses." msgstr "" -"alle: gebruik zowel IPv4 als IPv6 adressen;\n" -"ipv6: luister enkel op IPv6 adressen;\n" -"ipv4: luister enkel op IPv4 adressen." +" alle: gebruik zowel IPv4 als IPv6 adressen;\n" +" ipv6: luister enkel op IPv6 adressen;\n" +" ipv4: luister enkel op IPv4 adressen." #. Type: string #. Description @@ -566,7 +572,7 @@ "Please choose the character that will be used to define a local address " "extension." msgstr "" -"Welk karakter zal gebruikt worden om een lokale adres-uitbreiding aan te " +"Welk letterteken zal gebruikt worden om een lokale adres-uitbreiding aan te " "geven?" #. Type: string @@ -588,7 +594,7 @@ "The recipient delimiter must be a single character. '${enteredstring}' is " "what you entered." msgstr "" -"Het ontvanger-scheidingsteken is een enkel karakter, u heeft " +"Het ontvanger-scheidingsteken is een enkel letterteken, u heeft " "'${enteredstring}' ingevoerd." #. Type: boolean @@ -607,7 +613,7 @@ "(such as ext3)." msgstr "" "Wanneer synchrone bijwerking afgedwongen wordt, verloopt het verwerken van " -"berichten trager. Wanner dit niet afgedwongen wordt is het mogelijk (maar " +"berichten trager. Wanneer dit niet afgedwongen wordt is het mogelijk (maar " "onwaarschijnlijk) dat er berichten verloren gaan als het systeem op het " "verkeerde moment vastloopt en u geen gebruik maakt van een \"journalling\"-" "bestandssysteem (zoals ext3)." @@ -628,10 +634,10 @@ "via one IP version, the unused value(s) may be removed." msgstr "" "Voor welke netwerkblokken dient deze machine e-mail door te geven? Standaard " -"is dit enkel de lokale computer, wat noodzakelijk is voor sommige e-mail-" -"gebruikersagenten. De standaardwaarde omvat zowel IPv4 als IPv6 voor de " -"lokale computer. Als u enkel via één IP-versie verbinding maakt kunt u de " -"niet-gebruikte waarden verwijderen." +"is dit enkel de lokale computer, wat noodzakelijk is voor sommige e-" +"mailclients. De standaardwaarde omvat zowel IPv4 als IPv6 voor de lokale " +"computer. Als u enkel via één IP-versie verbinding maakt kunt u de niet-" +"gebruikte waarden verwijderen." #. Type: string #. Description diff -Nru postfix-3.0.4/debian/po/pt_BR.po postfix-3.1.0/debian/po/pt_BR.po --- postfix-3.0.4/debian/po/pt_BR.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/pt_BR.po 2016-04-13 16:22:12.000000000 +0000 @@ -6,10 +6,10 @@ # msgid "" msgstr "" -"Project-Id-Version: postfix 3.0.3-2\n" +"Project-Id-Version: postfix 3.0.4-3\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2016-02-24 09:35-0300\n" +"PO-Revision-Date: 2016-02-27 02:28-0300\n" "Last-Translator: Marcelo Gomes de Santana \n" "Language-Team: Brazilian Portuguese \n" @@ -85,7 +85,7 @@ #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "Atualizar o main.cf para a mudança daemon_directory?" #. Type: boolean #. Description @@ -95,6 +95,9 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"Esta atualização do postfix muda a localização dos daemons, e sua " +"configuração do postfix especifica explicitamente a antiga localização. A " +"instalação será cancelada caso você não permita a mudança." #. Type: boolean #. Description @@ -1017,3 +1020,4 @@ #~ "seus arquivos db continuem precisando ser convertidos. Se você responder " #~ "sim, todos os mapas hash e btree usados pelo Postfix serão reconstruídos " #~ "antes que o Postfix seja reiniciado." + diff -Nru postfix-3.0.4/debian/po/pt.po postfix-3.1.0/debian/po/pt.po --- postfix-3.0.4/debian/po/pt.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/pt.po 2016-04-13 16:22:12.000000000 +0000 @@ -8,7 +8,7 @@ "Project-Id-Version: postfix\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2016-02-21 17:19+0000\n" +"PO-Revision-Date: 2016-02-27 10:14+0000\n" "Last-Translator: Miguel Figueiredo \n" "Language-Team: Portuguese \n" "Language: pt\n" @@ -82,7 +82,7 @@ #. Description #: ../templates:3001 msgid "Update main.cf for daemon_directory change" -msgstr "" +msgstr "Actualizar o main.cf para a alteração daemon_directory" #. Type: boolean #. Description @@ -92,6 +92,9 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"Esta actualização do postfix altera onde estão localizados os daemons, e a " +"sua configuração do postfix especifica explicitamente a antiga localização. " +"A instalação será abortada se não permitir a alteração." #. Type: boolean #. Description diff -Nru postfix-3.0.4/debian/po/tr.po postfix-3.1.0/debian/po/tr.po --- postfix-3.0.4/debian/po/tr.po 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/po/tr.po 2016-04-13 16:22:12.000000000 +0000 @@ -1,20 +1,21 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. -# Atila KOÇ , 2012, 2014. +# Atila KOÇ , 2012, 2014, 2016. # msgid "" msgstr "" "Project-Id-Version: postfix\n" "Report-Msgid-Bugs-To: postfix@packages.debian.org\n" "POT-Creation-Date: 2016-02-26 08:05-0700\n" -"PO-Revision-Date: 2014-11-29 01:49+0200\n" +"PO-Revision-Date: 2016-03-03 10:03+0200\n" "Last-Translator: Atila KOÇ \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" #. Type: boolean #. Description @@ -77,7 +78,7 @@ "smtpd_recipient_restrictions." msgstr "" "'smtpd_relay_restrictions' girdisini 'smtpd_recipient_restrictions' girdisi " -"ile aynı yapmak için bu seçeneÄŸi kabul ediniz. Aksi durumda, yükseltme " +"ile aynı yapmak için bu seçeneÄŸi kabul edin. Aksi durumda, yükseltme " "sonrasında geciken ya da geri dönen postalar olabilir." #. Type: boolean @@ -85,6 +86,7 @@ #: ../templates:3001 msgid "Update main.cf for daemon_directory change" msgstr "" +"main.cf dosyası 'daemon_directory' girdisi deÄŸiÅŸikliÄŸi için güncellensin mi?" #. Type: boolean #. Description @@ -94,17 +96,19 @@ "configuration explicitly specifies the old location. The install will be " "aborted if you do not allow the change." msgstr "" +"Postfix'in bu yükseltmesi alan adlarının saklandığı konumu deÄŸiÅŸtiriyor ve " +"sizin Postfix yapılandırmanız eski konumu gösteriyor. DeÄŸiÅŸikliÄŸe izin " +"vermezseniz, kurulumdan çıkılacaktır." #. Type: boolean #. Description #: ../templates:4001 msgid "Update dynamicmaps.cf for 3.0" -msgstr "" +msgstr "dynamicmaps.cf dosyası 3.0 sürümü için güncellensin mi?" #. Type: boolean #. Description #: ../templates:4001 -#, fuzzy #| msgid "" #| "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " #| "does not reflect that. Accept this option to add support for sqlite maps." @@ -113,14 +117,13 @@ "dynamicmaps.cf does not reflect that. Accept this option to convert " "dynamicmaps.cf to the version required for 3.0." msgstr "" -"Postfix'in 2.9 sürümü eÅŸlemlemelere sqlite desteÄŸi ekleyebilmektedir. Fakat " -"sizin dynamicmaps.cf dosyanız bunu yansıtmamaktadır. Bu seçeneÄŸi seçerek " -"sqlite eÅŸlemleme desteÄŸini ekleyiniz." +"Postfix'in 3.0 sürümü dinamik eÅŸlemelerin dağıtılma ÅŸeklini deÄŸiÅŸtirmektedir " +"ve sizin dynamicmaps.cf dosyanız bunu yansıtmamaktadır. Bu seçeneÄŸi seçerek " +"dynamicmaps.cf dosyanızı 3.0 sürümü gereklerine dönüştürün." #. Type: boolean #. Description #: ../templates:5001 -#, fuzzy #| msgid "add 'sqlite' entry to dynamicmaps.cf?" msgid "Add 'sqlite' entry to dynamicmaps.cf?" msgstr "dynamicmaps.cf dosyasına 'sqlite' girdisi eklensin mi?" @@ -132,9 +135,9 @@ "Postfix version 2.9 adds sqlite support to maps, but your dynamicmaps.cf " "does not reflect that. Accept this option to add support for sqlite maps." msgstr "" -"Postfix'in 2.9 sürümü eÅŸlemlemelere sqlite desteÄŸi ekleyebilmektedir. Fakat " +"Postfix'in 2.9 sürümü eÅŸlemelere sqlite desteÄŸi ekleyebilmektedir. Fakat " "sizin dynamicmaps.cf dosyanız bunu yansıtmamaktadır. Bu seçeneÄŸi seçerek " -"sqlite eÅŸlemleme desteÄŸini ekleyiniz." +"sqlite eÅŸleme desteÄŸini ekleyin." #. Type: boolean #. Description @@ -316,7 +319,7 @@ #: ../templates:10002 msgid "" "Please select the mail server configuration type that best meets your needs." -msgstr "Kullanım amacınıza en uygun posta sunucu yapılandırmasını seçiniz." +msgstr "Kullanım amacınıza en uygun posta sunucu yapılandırmasını seçin." #. Type: select #. Description @@ -389,7 +392,7 @@ "kullanılacak aÄŸ alan adıdır. Bu tutum kullanıcısına gelecek ya da " "ondan gidecek tüm postaları da kapsar: root@example.org kullanıcısı sizden " "aksini istemedikçe makinenizin root@example.org adresinden posta " -"göndermesini saÄŸlamayınız." +"göndermesini saÄŸlamayın." #. Type: string #. Description @@ -430,14 +433,14 @@ "probably want to include the top-level domain." msgstr "" "Bu makinenin kendisini alış noktası varsayacağı alan adlarının virgül ile " -"ayrılmış listesini giriniz. EÄŸer bu makine bir posta aÄŸ geçidi ise, büyük " +"ayrılmış listesini girin. EÄŸer bu makine bir posta aÄŸ geçidi ise, büyük " "olasılıkla üst seviye etki alanını da girmek isteyeceksiniz." #. Type: string #. Description #: ../templates:14001 msgid "SMTP relay host (blank for none):" -msgstr "SMTP aktarım sunucusu (yok ise boÅŸ bırakınız):" +msgstr "SMTP aktarım sunucusu (yok ise boÅŸ bırakın):" #. Type: string #. Description @@ -449,13 +452,13 @@ msgstr "" "Bir etki alanı, sunucu, sunucu:port, [adres] ya da [adres]:port seçiniz. MX " "aramalarını kapatmak için [varış noktası] yapısını kullanınız. Sunucunuz " -"aktarım yapmayacaksa boÅŸ bırakınız." +"aktarım yapmayacaksa boÅŸ bırakın." #. Type: string #. Description #: ../templates:14001 msgid "Do not specify more than one host." -msgstr "Birden fazla sunucu girmeyiniz." +msgstr "Birden fazla sunucu girmeyin." #. Type: string #. Description @@ -556,13 +559,13 @@ "Please choose the character that will be used to define a local address " "extension." msgstr "" -"Yerel bir adres uzantısı tanımlamak için kullanılacak olan karakteri seçiniz." +"Yerel bir adres uzantısı tanımlamak için kullanılacak olan karakteri seçin." #. Type: string #. Description #: ../templates:17001 msgid "To not use address extensions, leave the string blank." -msgstr "Adres uzantısı kullanmamak için bu dizgeyi boÅŸ bırakınız." +msgstr "Adres uzantısı kullanmamak için bu dizgeyi boÅŸ bırakın." #. Type: error #. Description @@ -639,7 +642,7 @@ "this blank." msgstr "" "Postfix öntanımlı deÄŸerini (baÄŸlı bulunan alt aÄŸlara göre temel alınan) " -"kullanmak için bu alanı boÅŸ bırakınız." +"kullanmak için bu alanı boÅŸ bırakın." #. Type: string #. Description @@ -656,7 +659,7 @@ "upstream default is 51200000." msgstr "" "Postfix'in denetimsiz yazılım hatalarının önüne geçmek için posta kutusu " -"dosyalarına getireceÄŸi sınırlamayı belirleyiniz. (0) deÄŸeri sınırlandırma " +"dosyalarına getireceÄŸi sınırlamayı belirleyin. (0) deÄŸeri sınırlandırma " "olmadığı anlamına gelir. Yukarı yönde öntanımlı deÄŸer 51200000'dir." #. Type: string @@ -700,5 +703,4 @@ "root, then you should add this entry. Leave this blank to not add one." msgstr "" "EÄŸer hazırda bir /etc/aliases dosyanız varsa ve bu dosyada 'root' girdisi " -"yoksa, bu girdiyi eklemeniz gerekebilir. Girdi eklemeyecekseniz boÅŸ " -"bırakınız." +"yoksa, bu girdiyi eklemeniz gerekebilir. Girdi eklemeyecekseniz boÅŸ bırakın." diff -Nru postfix-3.0.4/debian/postfix.config postfix-3.1.0/debian/postfix.config --- postfix-3.0.4/debian/postfix.config 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/postfix.config 2016-04-13 16:22:12.000000000 +0000 @@ -225,14 +225,14 @@ } else { if ($mailertype eq "Internet Site") { if ($mailname eq $hostname) { - $destinations = join ", ",($mailname, "localhost." . $domain, ", localhost"); + $destinations = join ", ",("\$myhostname", $mailname, "localhost." . $domain, ", localhost"); } else { - $destinations = join ", ",($mailname, $hostname, "localhost." . $domain . ", localhost"); + $destinations = join ", ",("\$myhostname", $mailname, $hostname, "localhost." . $domain . ", localhost"); } } else { # don't accept mail for $mailname by default if we have a relayhost or local only mail, # unless the mailname bears no resemblance to $myorigin. - $destinations = join ", ",($hostname, "localhost." . $domain . ", localhost" ); + $destinations = join ", ",("\$myhostname", $hostname, "localhost." . $domain . ", localhost" ); unless ( $hostname =~ m/(^|[\.])$mailname$/ ) { $destinations = $mailname . ", " . $destinations; } diff -Nru postfix-3.0.4/debian/postfix.postinst postfix-3.1.0/debian/postfix.postinst --- postfix-3.0.4/debian/postfix.postinst 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/postfix.postinst 2016-04-13 16:22:12.000000000 +0000 @@ -30,6 +30,28 @@ chmod 1730 $MAILDROP } +myfqdn() { + myhostname=$(hostname --fqdn 2>/dev/null || echo "") + # If we don't have a name with a dot (which includes ""), then we have work. + if [ $myhostname = ${myhostname%.*} ]; then + # If it's empty, and we have /etc/hostname, try that. + if [ -z $myhostname ] && [ -r /etc/hostname ]; then + myhostname=$(cat /etc/hostname) + fi + # If we are still lacking a domain component, then try resolv.conf. + if [ $myhostname = ${myhostname%.*} ]; then + if [ -f /etc/resolv.conf ]; then + # The resolver uses the last one found, and ignores the rest + mydom=$(sed -n 's/^search[[:space:]]*\([^[:space:]]*\).*/\1/p;s/^domain[[:space:]]*\([^[:space:]]*\).*/\1/p' /etc/resolv.conf | tail -1) + myhostname="$myhostname${mydom:+.$mydom}" + else + myhostname="$myhostname.UNKNOWN" + fi + fi + fi + echo $myhostname +} + fset_all_changed() { db_fset postfix/main_mailer_type changed $1 db_fset postfix/root_address changed $1 @@ -294,22 +316,24 @@ fi if [ "$mailer" != "No configuration" ]; then # [ - myhostname=$(hostname --fqdn 2>/dev/null || echo "") - if [ -z "$myhostname" ]; then - if [ -r /etc/hostname ];then - myhostname=$(cat /etc/hostname) - if [ $myhostname = ${myhostname%.*} -a -f /etc/resolv.conf ]; then - # The resolver uses the last one found, and ignores the rest - mydom=$(awk '/^(search|domain)/ {x=$2;} END {print x}' \ - /etc/resolv.conf) - myhostname="$myhostname${mydom:+.$mydom}" - fi - else - myhostname="UNKNOWN" - fi - fi + myhostname=$(myfqdn) mydomain=${myhostname#*.} + # Fix master.cf for compat changes in 3.0. See Debian bug #816172 + # Also fix myhostname if needed. + for dir in /etc/postfix $(postconf -hn multi_instance_directories); do + hname=$(postconf -h -c "$dir" myhostname) + if [ ${hname} = ${hname%.*} ]; then + echo "setting myhostname=$myhostname in ${dir}" + set_postconf -c "$dir" myhostname=$myhostname + fi + SRV=$(postconf -c "$dir" -F '*/*/chroot'| sed -n '/ = -$/s/ =.*$//p') + for SERVICE in $SRV; do + echo "setting explicit chroot on ${dir}:$SERVICE" + set_postconf -F -c "$dir" $SERVICE=y + done + done + if [ -n "$NEWCONF" ]; then fset_all_changed true alias_maps=hash:/etc/aliases diff -Nru postfix-3.0.4/debian/postfix.preinst postfix-3.1.0/debian/postfix.preinst --- postfix-3.0.4/debian/postfix.preinst 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/postfix.preinst 2016-04-13 16:22:12.000000000 +0000 @@ -17,6 +17,33 @@ MASTER=/etc/postfix/master.cf POSTDROP=/usr/sbin/postdrop +compat_conversion_warning() { + if [ -n "$DEBCONF" ]; then + db_input medium postfix/compat_conversion_warning || true + db_go || true + db_get postfix/compat_conversion_warning + if [ "$RET" = "false" ]; then + echo "aborting postfix install" + exit 1 + fi + else + cat << EOF +This upgrade of postfix changes some default values in the configuration. As +part of this upgrade, the following will be changed: (1) chrooted components +will be changed from '-' to 'y' in master.cf, and (2) myhostname will be set +to a fully-qualified domain name if it is not already such. The install will +be aborted if you do not allow the change. +EOF + echo -n "Shall I make the change? " + read line + case ${line} in + [nN]*) echo "aborting postfix install" + exit 1;; + *) ;; + esac + fi +} + main_cf_conversion_warning() { if [ -n "$DEBCONF" ]; then db_input medium postfix/main_cf_conversion_warning || true @@ -247,31 +274,32 @@ tlsmgr_warning fi - if dpkg --compare-versions $version lt 2.3.5-1; then - # droping 10hostname.dpatch forces cleanup. - if [ -z "$(postconf -n mydomain 2>/dev/null || true)" ]; then - myhost=$(hostname 2>/dev/null) - if [ "X${myhost%.*}" = "X${myhost}" ]; then - mydomain_warning - touch /var/spool/postfix/mydomain-upgrade - fi - fi + if dpkg --compare-versions $version lt 3.1.0-1; then + # check on compatibility warning issues and warn as appropriate. + # even default myhostname needs to be checked to make sure it has a '.'. + for dir in /etc/postfix $(postconf -hn multi_instance_directories 2>/dev/null || true); do + if [ ! -f "${dir}/main.cf" ] || dpkg --compare-versions $version lt 2.11; then + # Just assume that there are issues with the chroot status, + # since postconf -F didn't exist before 2.11 + compat_conversion_warning + break + fi + SRV=$(postconf -c "$dir" -F '*/*/chroot'| sed -n '/ = -$/s/ =.*$//p') + if [ -n "$SRV" ] || \ + postconf -c "$dir" -h myhostname | grep -qv '\.'; then + compat_conversion_warning + break + fi + done fi - - if dpkg --compare-versions $version lt 3.0.4-5; then + if [ -f /etc/postfix/main.cf ] && dpkg --compare-versions $version lt 3.0.4-5; then # if daemon_directory is specifically set, and wrong, then we need # to fix it. - DD=$(postconf -hn daemon_directory) - warned=n - if [ "X${DD}" = X/usr/lib/postfix ]; then - main_cf_conversion_warning - warned=y - fi - for dir in $(postconf -hn multi_instance_directories); do + for dir in /etc/postfix $(postconf -hn multi_instance_directories); do DD=$(postconf -c "$dir" -hn daemon_directory) - if [ $warned = n ] && [ "X${DD}" = X/usr/lib/postfix ]; then + if [ "X${DD}" = X/usr/lib/postfix ]; then main_cf_conversion_warning - warned=y + break fi done fi diff -Nru postfix-3.0.4/debian/rules postfix-3.1.0/debian/rules --- postfix-3.0.4/debian/rules 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/rules 2016-04-13 16:22:12.000000000 +0000 @@ -78,7 +78,11 @@ AUXLIBS_PCRE="-lpcre -L../../lib -L. -lpostfix-util" \ AUXLIBS_PGSQL="-lpq -L../../lib -L. -lpostfix-util -lpostfix-global" \ AUXLIBS_SQLITE="-lsqlite3 -L../../lib -L. -lpostfix-util -lpostfix-global -lpthread" \ - shared=yes dynamicmaps=yes SHLIB_SUFFIX=.so.1.0.1 daemon_directory=${CUR_DIR}/usr/lib/postfix/sbin + shared=yes pie=yes dynamicmaps=yes SHLIB_SUFFIX=.so.1.0.1 \ + daemon_directory=${CUR_DIR}/usr/lib/postfix/sbin \ + shlibs_directory=${CUR_DIR}/usr/lib/postfix manpage_directory=/usr/share/man \ + sample_directory=/usr/share/doc/postfix-doc/examples readme_directory=/usr/share/doc/postfix \ + html_directory=/usr/share/doc/postfix/html cd lib && for i in dns global master tls util ; do \ ln -sf libpostfix-$${i}.so.1.0.1 libpostfix-$${i}.so.1; \ ln -sf libpostfix-$${i}.so.1.0.1 libpostfix-$${i}.so; \ diff -Nru postfix-3.0.4/debian/templates postfix-3.1.0/debian/templates --- postfix-3.0.4/debian/templates 2016-02-27 01:52:02.000000000 +0000 +++ postfix-3.1.0/debian/templates 2016-04-13 16:22:12.000000000 +0000 @@ -22,6 +22,16 @@ upgrade. Accept this option to set smtpd_relay_restrictions equal to smtpd_recipient_restrictions. +Template: postfix/compat_conversion_warning +Type: boolean +Default: true +_Description: Update configuration to avoid compatibility warnings + This upgrade of postfix changes some default values in the configuration. As + part of this upgrade, the following will be changed: (1) chrooted components + will be changed from '-' to 'y' in master.cf, and (2) myhostname will be set + to a fully-qualified domain name if it is not already such. The install will + be aborted if you do not allow the change. + Template: postfix/main_cf_conversion_warning Type: boolean Default: true diff -Nru postfix-3.0.4/HISTORY postfix-3.1.0/HISTORY --- postfix-3.0.4/HISTORY 2016-02-21 16:57:24.000000000 +0000 +++ postfix-3.1.0/HISTORY 2016-02-15 17:34:05.000000000 +0000 @@ -21594,16 +21594,53 @@ part of the stable release. Files: smtpd/smtpd_check.c, proto/acces. +20150210 + + Cleanup: socketmap documentation. File: proto/socketmap_table. + 20150211 Cleanup: strncasecmp_utf8() streamlining. Files: util/stringops.h, util/allascii.c, util/strcasecmp_utf8.c. +20150212 + + Cleanup: in code after reading main.cf, removed bogus guard + before re-evaluating the mail_task() syslog prefix. File: + postlog/postlog.c. + 20150214 Bugfix (introduced: Postfix 3.0): missing #ifdef USE_TLS - inside #ifdef USE_SASL_AUTH. Viktor Dukhovni. File: - smtpd/smtpd.c. + inside #ifdef USE_SASL_AUTH broke the build. Viktor Dukhovni. + File: smtpd/smtpd.c. + + Cleanup: missing errno logging in bounce daemon clients. + This made troubleshooting significantly more difficult. + File: global/mail_command_client.c. + +20150216 + + Cleanup: documented that mail_connect() produces no errno + logging. The functions that call it should log the error + (and the majority does). File: global/mail_connect.c. + + Cleanup: added errno logging after mail_connect() failure. + Files: global/post_mail.c, local/forward.c. + + Cleanup: in code after reading main.cf, removed bogus guard + before re-evaluating the mail_task() syslog prefix. Files: + postalias/postalias.c, postdrop/postdrop.c, postmap/postmap.c, + postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c. + +20150218 + + Documentation: header/body_checks additional text about whether + an action stops further inspection of the input stream. File: + proto/header_checks. + + Robustness: reject installation pathnames with whitespace. + File: postfix-install. 20150217 @@ -21622,6 +21659,15 @@ postscreen_dnsbl_timeout. Quanah Gibson-Mount. File: postscreen/postscreen.c. +20150320 + + Cleanup: better sorting order for the default tls_*_cipherlist + settings. OpenSSL does not order "ALL" quite right: some + MEDIUM ciphers (SEED and IDEA) sneak up above some 128-bit + HIGH ciphers. Also previously, when we prefer "aNULL" we + moved MEDIUM with aNULL above same bit-length HIGH but not + aNULL. Viktor Dukhovni. File: global/mail_params.h. + 20150324 Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps @@ -21633,6 +21679,15 @@ together in once place so that it is easier to maintain. File: trivial-rewrite/resolve.c. +20150326 + + Feature: lmtp_fallback_relay, limited to TCP destinations + only. Viktor Dukhovni. Wietse updated the postlink, smtp.c, + and smtp-only files, and added a warning when lmtp_fallback_relay + is specified for a non-TCP destination. Files: mantools/postlink, + smtp/smtp.c, smtp/smtp-only, smtp/smtp_connect.c, + smtp/smtp_params.c, global/mail_params.h, proto/postconf.proto. + 20150328 Bugfix (introduced: Postfix 1.1.0): post-install expanded @@ -21646,11 +21701,143 @@ Bitrot: prepare for future changes in OpenSSL API. Viktor Dukhovni. File: tls_dane.c. + Safety: instead of bouncing mail, report a soft error when + SASL infrastucture breaks. Viktor Dukhovni, Emmanuel Fuste. + Files: smtpd/smtpd_sasl_glue.c, xsasl/xsasl.h, + xsasl/xsasl_cyrus_server.c, xsasl/xsasl_dovecot_server.c. + +20150401 + + Documentation: update the mydestination default value in + the stock main.cf file. File: conf/main.cf. + +20150404 + + Documentation: add "postconf -m" output to problem reports. File: + proto/DEBUG_README.html. + +20150418 + + Portability: use the icu-config utility to locate the ICU + include and library files. With this, Postfix builds out + of the box on MacOS X. File: makedefs. + +20150421 + + Bugfix (introduced: 19970309): reset errno before calling + readdir(), in order to distinguish between end-of-directory and + an error condition. File: scandir.c. + +20150426 + + Cleanup: when transmitting an attribute-value sequence + between Postfix processes, a hash table may now appear at + any position instead of only at the end. Files: + util/attr_scan{0,64,plain}.c, util/attr_print{0,64,plain}.c, + util/attr_scan{0,64,plain}.ref. + + Feature: milter_macro_defaults, an optional list of macro + name=value pairs that specify default values for Milter + macros. When a macro is to be sent to a Milter application, + Postfix will send its default value when no value is available + from the mail delivery context. For example, with + "milter_macro_defaults = auth_type=TLS", Postfix will send + an auth_type of "TLS" unless a remote client authenticates + with SASL. Files: mantools/postlink, proto/MILTER_README.html, + proto/postconf.proto, cleanup/cleanup.c, cleanup/cleanup_init.c, + cleanup/cleanup_milter.c, global/mail_params.h, milter/milter.c, + milter/milter.h, smtpd/smtpd.c, smtpd/smtpd_milter.c. + 20150501 Support for Linux 4.*, and some simplification for future makedefs files. Files: makedefs, util/sys_defs.h. +20150502 + + Cleanup: updated the examples in MILTER_README. File: + proto/MILTER_README.html + +20150529 + + Support for DNS reply TTL values in dnsblog and postscreen. + Files: dnsblog/dnsblog.c, postscreen/postscreen_early.c, + postscreen/postscreen_dnsbl.c. + +20150607 + + Support for DNS reply TTL values for "not found" responses + (negative reply caching). The postscreen daemon needs this to + accurately whitelist an SMTP client that is not found on any + DNSBL. Files: dns/dns_lookup.c, dns/dns_strrecord.c, dns/dns.h, + dns/test_dns_lookup.c. + +20150615 + + Two new parameters to limit how long a DNSBL or DNSWL lookup + result remains valid: postscreen_dnsbl_max_ttl is an upper + limit for the TTL from a DNS query, and postscreen_dnsbl_min_ttl + is a lower limit. The old postscreen_dnsbl_ttl provides a + backwards-compatible default for postscreen_dnsbl_max_ttl. + Files: global/mail_params.h, postscreen/postscreen.c, + postscreen/postscreen_early.c, mantools/postlink, + proto/postconf.proto. + +20150616 + + Refinement: the postscreen daemon now computes two combined + DNS reply TTLs: one combined TTL for replies that the client + should be blocked, and one combined TTL for replies that the + client should be allowed. This is more conservative than + simply combining all reply TTLs into one number. File: + postscreen/postscreen_dnsbl.c. + +20150621 + + Feature: default_transport_rate_delay (and the transport-specific + *transport*_transport_rate_delay) to enforce a destination- + independent rate limit on deliveries. Files: mantools/postlink, + proto/postconf.proto, *qmgr/qmgr.h, *qmgr/qmgr_transport.c, + *qmgr/qmgr_deliver.c, *qmgr/qmgr.c. + +20150707 + + Workaround: some DNS servers reply with NXDOMAIN for type + NS queries with names that actually have an A record. This + broke check_mumble_ns_access. File: smtpd/smtpd_check.c. + +20150711 + + Workaround: conditional time default value can result in + multiple time unit suffixes. Files: global/conv_time.c + global/mail_conf_time.c. + +20150712 + + Cleanup: configurable workaround (dns_ncache_ttl_fix_enable) + in case some future libc change breaks a promise made by + current resolver(3) documentation. Files: global/mail_params.[hc]. + + Cleanup: removed unused libdns dependencies. No-one remembers + why they were introduced. Files: postscreen/Makefile.in, + qmqpd/Makefile.in, smtpd/Makefile.in, tlsmgr/Makefile.in. + + Cleanup: code indentation. Viktor Dukhovni. File: + smtp/smtp_addr.c. + + Workaround: With Solaris10, write_wait() hangs in poll() + until timeout, when invoked after peekfd() has received an + ECONNRESET error indication. This happens when a client + sends QUIT and closes the connection immediately. File: + util/peekfd.c. + +20150715 + + Security: updated default Diffie-Hellman export (512 bit) + primes and non-export (from 1024 to 2048 bit) primes, and + updated text on non-export DH primes. Viktor Dukhovni. + Files: tls/tls_dh.c, proto/FORWARD_SECRECY_README.html. + 20150718 Security: opportunistic TLS by default uses "medium" or @@ -21668,8 +21855,31 @@ 20150722 - The COMPATIBILITY_README text and HTML files were not - installed. File: conf/postfix-files. + Cleanup: the COMPATIBILITY_README* files were not installed. + File: conf/postfix-files. + +20150726 + + Cleanup: some lost edits for the SASL_README file. File: + proto/SASL_README.html. + +20150816 + + Workaround: updated the 20150707 fix for DNS servers that + reply with NXDOMAIN for type NS queries instead of (NOERROR, + zero answers). File: smtpd/smtpd_check.c. + +20150829 + + Documentation: TLS session tickets are preferred over the + local server-side smtpd_tls_session_cache_database storage. + TLS session tickets are supported as of OpenSSL 0.9.8h (May + 2008). Files: mantools/postlink, proto/TLS_README.html, + proto/postconf.proto. + +20150831 + + Cleanup: obsolete comments in Makefile.init. 20150903 @@ -21678,6 +21888,40 @@ defining the "ad" bit. Viktor Dukhovni. Files: makedefs, proto/INSTALL.html, dns/dns.h. +20150912 + + Future-proofing and code cleanup: exploit GCC and Clang + "warn_unused_result" feature to flag missing error checks. + Files: util/sys_defs.h, util/attr.h, util/edit_file.h, + util/listen.h, util/lstat_as.h, util/mac_expand.h, + util/mac_parse.h, util/myaddrinfo.h, util/myflock.h, + util/sane_fsops.h, util/sane_socketpair.h, util/stat_as.h, + util/base32_code.h, util/base64_code.h, util/hex_code.h, + util/timed_wait.h, util/vstream.h, src/util/vstring_vstream.h. + + Cleanup: incomplete error check. Found with WARN_UNUSED_RESULT + check. File: util/recv_pass_attr.c. + + Future-proofing: added type mis-match detection for + ATTR_TYPE_FUNC function-pointer arguments. File: util/attr.h. + + Cleanup: don't ignore seek-to-end-of-file errors. File: + global/record.c. + + Cleanup: use vstream_fpurge() to purge VSTREAM buffers, + instead of calling vstream_fseek() and ignoring ESPIPE + errors. File: smtpstone/qmqp-sink.c. + +20150913 + + Feature: SMTPD policy service "policy_context" attribute + and smtpd_policy_service_policy_context main.cf parameter. + Originally, to share the same SMTPD policy service endpoint + among multiple check_policy_service clients. Markus Benning. + Files: mantools/postlink, proto/SMTPD_POLICY_README.html, + proto/postconf.proto, global/mail_params.h, global/mail_proto.h, + smtpd/smtpd.c, smtpd/smtpd_check.c. + 20150923 Bugfix (introduced: 20120531-617): the Postfix SMTP server @@ -21688,6 +21932,11 @@ 20150924 + Cleanup (introduced: 20060510, exposed 20150912): eliminated + a harmless warning message "seek error after reading END + record: Illegal seek" from the cleanup server after a + check_sender_access DISCARD action. File: cleanup/cleanup.c. + Bugfix (introduced: 20090216-24): incorrect postmulti error message. Reported by Patrik Koetter. Fix by Viktor Dukhovni. File: postmulti/postmulti.c. @@ -21696,13 +21945,6 @@ main.cf and master.cf files are missing, as happens on Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script. -20150925 - - Bugfix (introduced: 19970309, fixed 20150421 in development - release): reset errno before calling readdir(), in order - to distinguish between an end-of-directory and an error - condition. File: scandir.c. - 20150930 Bugfix (introduced: 20040124): Milter client panic while @@ -21712,7 +21954,7 @@ Bugfix (introduced: 20031128): xtext_unquote() did not propagate error reports from xtext_unquote_append(), causing - the decoder to return partial ouput, instead of rejecting + the decoder to return partial output, instead of rejecting malformed input. Fix by Krzysztof Wojta. File: global/xtext.c. 20151003 @@ -21723,19 +21965,224 @@ malformed input. Found by searching the code for similar error patterns as with xtext_unquote(). File: global/uxtext.c. - Bugfix (introduced: 20141130, fixed around 20150607 in - development release): the DNS multi-query clients forgot - to save and restore h_errno when evaluating the aggregate - result. File: dns/dns_lookup.c. + Cleanup: added missing "negative" unit tests. Files: + global/xtext.c, global/uxtext.c. + +20151004 + + Future proofing: use a real VSTRING in the 20150930 header + PREPEND fix. File: cleanup/cleanup_message.c. + + Future proofing: make vstring_import() consistent with + vstring_alloc(). The alternative would be to remove the + function as it is unused and exists only for symmetry with + vstring_export(). File: usr/vstring.c. + +20151010 + + Cleanup: the 20150903 workaround for AIX DNSSEC used the + wrong name in #ifdef. File: dns/dns.h. + +20151011 + + Cleanup: in the PCRE client, turn fatal lookup errors into + warnings, and skip the failing pattern as in dict_regexp.c. + Also, fixed the error text when running into the matcher's + backtracking limit. File: util/dict_pcre.c. + +20151017 + + Feature: smtpd_client_auth_rate_limit enforces a rate + limit on the number of AUTH commands per client IP address. + mantools/postlink, proto/postconf.proto, anvil/anvil.c, + global/anvil_clnt.c, global/anvil_clnt.h, global/mail_params.h, + smtpd/smtpd.c. + +20151018 + + Added RFC 7672 (SMTP security via opportunistic DANE TLS) + and RFC 7505 ("Null MX" No Service Resource Record) to the + lists of supported RFCs in manpages. Viktor Dukhovni. Files: + smtp/smtp.c, smtpd/smtpd.c. + +20151031 + + Bitrot: OpenSSL API cleanups. Viktor Dukhovni. Files: + .indent.pro, tls/tls.h, tls/tls_dane.c, tls/tls_fprint.c, + tls/tls_misc.c, tls/tls_server.c, tls/tls_verify.c. 20151124 Bugfix (introduced: Postfix 3.0): don't throttle a destination - after opportunistic TLS failure. Viktor Dukhovni. File: - smtp/smtp_proto.c. + after opportunistic TLS failure. Viktor Dukhovni and Wietse. + Files: smtp/smtp_proto.c, smtp/smtp.h, smtp/smtp_trouble.c. + +20151128 + + Feature: JSON-formatted queue listing with "postqueue -j". + Output is a stream of JSON objects, one per queue file. To + simplify stream-mode parsing, each JSON object is followed by + a newline character. Files: postqueue/postqueue.c, + postqueue/postqueue.h, postqueue/showq_compat.c, + postqueue/showq_json.c, showq/showq.c. + +20151216 + + Bugfix (introduced: 20151128) bogus queue file parsing error. + File: showq/showq.c. + +20151226 + + Cleanup: postlog(1) now pauses for 1s after reporting a + fatal or panic error. This makes behavior of scripts such + as postfix-script consistent with built-in error messages. + File: postlog/postlog.c. + +20151227 + + Robustness: don't allow for whitespace in command-line + arguments. Files; postfix-install, conf/post-install. + + Robustness: added a comment to discourage people who keep + adding code that calls gethostbyname() to determine the + default myhostname setting. This is a mistake: all Postfix + programs will hang when the DNS is unavailable. File: + global/mail_params.c. + + Safety: a limit on the number of address verification probes + in the active queue (address_verify_pending_request_limit), + by default 1/4 of the active queue maximum size. The queue + manager tempfails probe messages that exceed the limit. + Files: mantools/postlink, proto/postconf.proto, cleanup/cleanup.h, + cleanup/cleanup_envelope.c, cleanup/cleanup_out_recipient.c, + cleanup/cleanup_state.c, global/mail_params.h, global/post_mail.c, + global/post_mail.h, global/verify.c, oqmgr/qmgr.c, oqmgr/qmgr.h, + oqmgr/qmgr_message.c, qmgr/qmgr.c, qmgr/qmgr.h, + qmgr/qmgr_message.c, verify/verify.c. + +20160102 + + Workaround: MacOS/X 10.11.x /bin/sh unsets DYLD_LIBRARY_PATH, + which breaks the build and install. Viktor Dukhovni and + Wietse. Files: makedefs, postfix-install, Makefile.in. + + Bitrot: OpenSSL 1.1.0-dev drops support for EXPORT ciphers + and ephemeral RSA. Viktor Dukhovni. Files: tls/tls_client.c, + tls/tls_rsa.c, tls/tls_server.c. + + Bugfix: memory leak in tls_set_eecdh_curve(). Viktor Dukhovni. + File: tls/tls_dh.c. + + Bugfix (introduced 20150326): when lmtp_fallback_relay + support was added, the code that generates lmtp_mumble + parameters from smtp_mumble parameters wasn't updated. File: + smtp/smtp-only. + + Bugfix (introduced 20151017): the smtpd_client_auth_rate_limit + implementation was not guarded with #ifdef USE_SASL_AUTH. + File: smtpd/smtpd.c. + +20160103 + + Feature: enable DANE policies when an MX host has a secure + TLSA DNS record, even if the MX DNS record was obtained + with insecure lookups. The existence of a secure TLSA record + implies that the host wants to talk TLS and not plaintext. + This behavior is controlled with smtp_tls_dane_insecure_mx_policy + (default: "dane", other settings: "encrypt" and "may"; the + latter is backwards-compatible with earlier Postfix releases). + Viktor Dukhovni. Files: mantools/postlink, proto/postconf.proto, + src/global/mail_params.h, src/posttls-finger/posttls-finger.c, + src/smtp/smtp-only, src/smtp/smtp.c, src/smtp/smtp.h, + src/smtp/smtp_addr.c, src/smtp/smtp_params.c, + src/smtp/smtp_tls_policy.c, src/tls/tls.h, src/tls/tls_client.c. + +20160104 + + Cleanup: distinct TLS levels for "full" DANE and for DANE + with insecure MX records. Viktor Dukhovni. Files: + posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c, + tls/tls.h, tls/tls_client.c, tls/tls_level.c. + +20160108 + + Cleanup: smtp_reply_footer() now restores state in case of + input error; unit tests that cover most if not all error + and non-error cases. Files: global/smtp_reply_footer.c, + global/smtp_reply_footer.ref. + +20160110 + + Bitrot: const-ification for OpenSSL 1.1.0. Viktor Dukhovni. + File: tls/tls_misc.c. + +20160116 + + "postconf -H" support (show names without the =value). + Initial use case: mass reversal of TLS-related main.cf + parameters (postconf -nH | grep _tls_ | xargs postconf -X). + This flag also works with "postconf -F" and "postconf -P". + Added missing documentation that -h works with "postconf + -F" and "postconf -P". Files: postconf.c, postconf.h, + postconf_master.c, postconf_main.c. + + Robustness: force html2text to produce ASCII output. File: + mantools/html2readme. + + Feature: "postfix tls" commands to enable opportunistic TLS + in the Postfix SMTP client or server, or generate or replace + Postfix SMTP server TLS private keys and server certificates. + Viktor Dukhovni, Wietse. Files: conf/postfix-files, + conf/postfix-script, conf/postfix-tls-script, makedefs, + proto/INSTALL.html, proto/postconf.proto, global/mail_params.h, + postfix/postfix.c, tls/tls_misc.c. + + Portability: added a tls_random_source default setting for + MacOS X. Viktor Dukhovni. File: util/sys_defs.h. + +20150118 + + Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new + security levels ranging from 0 to 5. Level "0" is backwards + compatible, and other levels are increasingly restrictive. + Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c. + +20161205 + + Portability: Postfix TLS support uses /dev/urandom if + available and no system-specific setting exists in sys_defs.h. + Files: makedefs, util/sys_defs.h. + +20160208 + + Cleanup: building the INSTALL file had failed, added + hyperlinks for "postfix tls". Files: mantools/postlink. + +20160210 + + Feature: all-default-client and all-default-server subcommands. + Eray Aslan. File: conf/postfix-tls-script. + + Bugfix: the postqueue(1) JSON formatter wrote a spurious + comma after the delay reason. Reported by Christian Roessner. + File: postqueue/showq_json.c. + +20160212 + + Cleanup: Bold/Italic cleanup in manpages. + +20160213 + + Added Google credits to external manpages. + +20160214 + + More manpage cleanups. Viktor, Wietse. -20160204 +20160215 - Documentation (introduced: Postfix 3.0): wrong paramester - name in lmtp_address_verify_target description. File: - proto/posconf.proto + Cleanup: "match_list_match: permit_mynetworks: no match" after + a SUCCESSFUL permit_mynetworks match of a client IP address was + complicating troubleshooting. The fix is to log additional + context to clarify that this "no match" condition is for + smtpd_log_access_permit_actions. File: smtpd/smtpd_check.c. diff -Nru postfix-3.0.4/html/access.5.html postfix-3.1.0/html/access.5.html --- postfix-3.0.4/html/access.5.html 2015-02-08 17:03:58.000000000 +0000 +++ postfix-3.1.0/html/access.5.html 2016-02-14 01:39:26.000000000 +0000 @@ -326,83 +326,84 @@ REDIRECT user@domain After the message is queued, send the message to the specified - address instead of the intended recipient(s). + address instead of the intended recipient(s). When multiple RE- + DIRECT actions fire, only the last one takes effect. - Note: this action overrides the FILTER action, and currently - affects all recipients of the message. + Note: this action overrides the FILTER action, and currently + overrides all recipients of the message. This feature is available in Postfix 2.1 and later. INFO optional text... - Log an informational record with the optional text, together - with client information and if available, with helo, sender, + Log an informational record with the optional text, together + with client information and if available, with helo, sender, recipient and protocol information. This feature is available in Postfix 3.0 and later. WARN optional text... - Log a warning with the optional text, together with client - information and if available, with helo, sender, recipient and + Log a warning with the optional text, together with client + information and if available, with helo, sender, recipient and protocol information. This feature is available in Postfix 2.1 and later. ENHANCED STATUS CODES - Postfix version 2.3 and later support enhanced status codes as defined - in RFC 3463. When an enhanced status code is specified in an access + Postfix version 2.3 and later support enhanced status codes as defined + in RFC 3463. When an enhanced status code is specified in an access table, it is subject to modification. The following transformations are - needed when the same access table is used for client, helo, sender, or - recipient access restrictions; they happen regardless of whether Post- + needed when the same access table is used for client, helo, sender, or + recipient access restrictions; they happen regardless of whether Post- fix replies to a MAIL FROM, RCPT TO or other SMTP command. - o When a sender address matches a REJECT action, the Postfix SMTP + o When a sender address matches a REJECT action, the Postfix SMTP server will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the corresponding sender DSN status, and vice versa. - o When non-address information matches a REJECT action (such as - the HELO command argument or the client hostname/address), the - Postfix SMTP server will transform a sender or recipient DSN + o When non-address information matches a REJECT action (such as + the HELO command argument or the client hostname/address), the + Postfix SMTP server will transform a sender or recipient DSN status into a generic non-address DSN status (e.g., 4.0.0). REGULAR EXPRESSION TABLES - This section describes how the table lookups change when the table is - given in the form of regular expressions. For a description of regular + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to the entire + Each pattern is a regular expression that is applied to the entire string being looked up. Depending on the application, that string is an - entire client hostname, an entire client IP address, or an entire mail - address. Thus, no parent domain or parent network search is done, - user@domain mail addresses are not broken up into their user@ and - domain constituent parts, nor is user+foo broken up into user and foo. + entire client hostname, an entire client IP address, or an entire mail + address. Thus, no parent domain or parent network search is done, + user@domain mail addresses are not broken up into their user@ and + domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the table, until a + Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. - Actions are the same as with indexed file lookups, with the additional - feature that parenthesized substrings from the pattern can be interpo- + Actions are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when lookups are - directed to a TCP-based server. For a description of the TCP - client/server lookup protocol, see tcp_table(5). This feature is not + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not available up to and including Postfix version 2.4. - Each lookup operation uses the entire query string once. Depending on - the application, that string is an entire client hostname, an entire - client IP address, or an entire mail address. Thus, no parent domain - or parent network search is done, user@domain mail addresses are not - broken up into their user@ and domain constituent parts, nor is + Each lookup operation uses the entire query string once. Depending on + the application, that string is an entire client hostname, an entire + client IP address, or an entire mail address. Thus, no parent domain + or parent network search is done, user@domain mail addresses are not + broken up into their user@ and domain constituent parts, nor is user+foo broken up into user and foo. Actions are the same as with indexed file lookups. EXAMPLE - The following example uses an indexed file, so that the order of table - entries does not matter. The example permits access by the client at + The following example uses an indexed file, so that the order of table + entries does not matter. The example permits access by the client at address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of - hash lookup tables, some systems use dbm. Use the command "postconf + hash lookup tables, some systems use dbm. Use the command "postconf -m" to find out what lookup tables Postfix supports on your system. /etc/postfix/main.cf: @@ -413,7 +414,7 @@ 1.2.3 REJECT 1.2.3.4 OK - Execute the command "postmap /etc/postfix/access" after editing the + Execute the command "postmap /etc/postfix/access" after editing the file. BUGS @@ -438,5 +439,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + ACCESS(5) diff -Nru postfix-3.0.4/html/aliases.5.html postfix-3.1.0/html/aliases.5.html --- postfix-3.0.4/html/aliases.5.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/aliases.5.html 2016-02-14 01:39:26.000000000 +0000 @@ -194,5 +194,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + ALIASES(5) diff -Nru postfix-3.0.4/html/anvil.8.html postfix-3.1.0/html/anvil.8.html --- postfix-3.0.4/html/anvil.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/anvil.8.html 2016-02-14 01:32:50.000000000 +0000 @@ -106,6 +106,19 @@ status=0 rate=number +AUTH RATE CONTROL + To register an AUTH request send the following request to the anvil(8) + server: + + request=auth + ident=string + + The anvil(8) server answers with the number of auth requests per unit + time for the (service, client) combination specified with ident: + + status=0 + rate=number + SECURITY The anvil(8) server does not talk to the network or to local users, and can run chrooted at fixed low privilege. @@ -216,5 +229,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + ANVIL(8) diff -Nru postfix-3.0.4/html/BASIC_CONFIGURATION_README.html postfix-3.1.0/html/BASIC_CONFIGURATION_README.html --- postfix-3.0.4/html/BASIC_CONFIGURATION_README.html 2013-11-22 13:47:37.000000000 +0000 +++ postfix-3.1.0/html/BASIC_CONFIGURATION_README.html 2016-02-12 11:29:10.000000000 +0000 @@ -254,9 +254,10 @@

By default, Postfix will forward mail from clients in authorized network blocks to any destination. Authorized networks are defined -with the mynetworks configuration parameter. The default is to -authorize all clients in the IP subnetworks that the local machine -is attached to.

+with the mynetworks configuration parameter. The current default is to +authorize the local machine only. Prior to Postfix 3.0, the default +was to authorize all clients in the IP subnetworks that the local +machine is attached to.

Postfix can also be configured to relay mail from "mobile" clients that send mail from outside an authorized network block. diff -Nru postfix-3.0.4/html/bounce.5.html postfix-3.1.0/html/bounce.5.html --- postfix-3.0.4/html/bounce.5.html 2015-01-29 22:33:50.000000000 +0000 +++ postfix-3.1.0/html/bounce.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -196,5 +196,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + BOUNCE(5) diff -Nru postfix-3.0.4/html/bounce.8.html postfix-3.1.0/html/bounce.8.html --- postfix-3.0.4/html/bounce.8.html 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/html/bounce.8.html 2016-02-14 01:32:48.000000000 +0000 @@ -171,5 +171,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + BOUNCE(8) diff -Nru postfix-3.0.4/html/canonical.5.html postfix-3.1.0/html/canonical.5.html --- postfix-3.0.4/html/canonical.5.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/canonical.5.html 2016-02-14 01:39:26.000000000 +0000 @@ -253,5 +253,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + CANONICAL(5) diff -Nru postfix-3.0.4/html/cidr_table.5.html postfix-3.1.0/html/cidr_table.5.html --- postfix-3.0.4/html/cidr_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/cidr_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -101,5 +101,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + CIDR_TABLE(5) diff -Nru postfix-3.0.4/html/cleanup.8.html postfix-3.1.0/html/cleanup.8.html --- postfix-3.0.4/html/cleanup.8.html 2015-10-10 13:33:46.000000000 +0000 +++ postfix-3.1.0/html/cleanup.8.html 2016-02-06 20:38:29.000000000 +0000 @@ -224,6 +224,13 @@ Optional lookup tables for content inspection of message headers that are produced by Milter applications. + Available in Postfix version 3.1 and later: + + milter_macro_defaults (empty) + Optional list of name=value pairs that specify default values + for arbitrary macros that Postfix may send to Milter applica- + tions. + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: @@ -498,5 +505,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + CLEANUP(8) diff -Nru postfix-3.0.4/html/COMPATIBILITY_README.html postfix-3.1.0/html/COMPATIBILITY_README.html --- postfix-3.0.4/html/COMPATIBILITY_README.html 2015-01-29 22:33:47.000000000 +0000 +++ postfix-3.1.0/html/COMPATIBILITY_README.html 2015-02-20 21:43:51.000000000 +0000 @@ -267,10 +267,15 @@ setting smtputf8_enable=no

The smtputf8_enable default value has changed from "no" to "yes. -As long as the smtputf8_enable parameter is left at its implicit +With the new "yes" setting, the Postfix SMTP server rejects non-ASCII +addresses from clients that don't request SMTPUTF8 support. With +the old "no" setting, Postfix will accept such addresses, even if +such addresses are not permitted by traditional SMTP standards.

+ +

As long as the smtputf8_enable parameter is left at its implicit default value, and the backwards-compatible default setting is turned on, Postfix logs a warning each time an SMTP command uses a -non-ASCII address localpart:

+non-ASCII address localpart without requesting SMTPUTF8 support: 

diff -Nru postfix-3.0.4/html/DATABASE_README.html postfix-3.1.0/html/DATABASE_README.html
--- postfix-3.0.4/html/DATABASE_README.html	2014-11-26 23:33:48.000000000 +0000
+++ postfix-3.1.0/html/DATABASE_README.html	2015-10-10 13:21:58.000000000 +0000
@@ -313,7 +313,7 @@
 name as used in "hash:table" is the database file name without the
 ".db" suffix.  
 
-
 inline (read-only) 

+
 inline (read-only) 

 
 
 A non-shared, in-memory lookup table. Example: "inline:{
 key=value, { key = text with whitespace or comma }}".
diff -Nru postfix-3.0.4/html/DEBUG_README.html postfix-3.1.0/html/DEBUG_README.html
--- postfix-3.0.4/html/DEBUG_README.html	2011-10-14 17:55:59.000000000 +0000
+++ postfix-3.1.0/html/DEBUG_README.html	2015-04-04 22:44:42.000000000 +0000
@@ -554,8 +554,16 @@
 by "D" so that the helpers can still recognize syntactical errors.
 

 
-
  •  
     Output from "postconf -n". Please do not send your
-main.cf file, or 500+ lines of postconf output. 
    
+
  •  
     Command output from:
    
+
+
      
+
+
    •  
       "postconf -n". Please do not send your main.cf file,
+or 1000+ lines of postconf command output. 
      
+
+
    •  
       "postconf -Mf" (Postfix 2.9 or later). 
      
+
+
    
 
 
  •  
     Better, provide output from the postfinger tool.
 This can be found at http://ftp.wl0.org/SOURCES/postfinger.  
    
diff -Nru postfix-3.0.4/html/defer.8.html postfix-3.1.0/html/defer.8.html
--- postfix-3.0.4/html/defer.8.html	2015-01-29 22:21:01.000000000 +0000
+++ postfix-3.1.0/html/defer.8.html	2016-02-14 01:32:48.000000000 +0000
@@ -171,5 +171,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                      BOUNCE(8)
    • diff -Nru postfix-3.0.4/html/discard.8.html postfix-3.1.0/html/discard.8.html --- postfix-3.0.4/html/discard.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/discard.8.html 2016-02-14 01:32:50.000000000 +0000 @@ -119,5 +119,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + DISCARD(8) diff -Nru postfix-3.0.4/html/dnsblog.8.html postfix-3.1.0/html/dnsblog.8.html --- postfix-3.0.4/html/dnsblog.8.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/dnsblog.8.html 2015-07-12 00:12:57.000000000 +0000 @@ -22,9 +22,10 @@ list domain name, an IP address, and an ID. If the IP address is listed under the DNS white/blacklist, the dnsblog(8) server logs the match and replies with the query arguments plus an address list with - the resulting IP addresses separated by whitespace. Otherwise it - replies with the query arguments plus an empty address list. Finally, - The dnsblog(8) server closes the connection. + the resulting IP addresses, separated by whitespace, and the reply TTL. + Otherwise it replies with the query arguments plus an empty address + list and the reply TTL (-1 if unavailable). Finally, The dnsblog(8) + server closes the connection. DIAGNOSTICS Problems and transactions are logged to syslogd(8). @@ -34,15 +35,15 @@ run for only a limited amount of time. Use the command "postfix reload" to speed up a change. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. postscreen_dnsbl_sites (empty) @@ -50,7 +51,7 @@ factors. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. process_id (read-only) @@ -66,8 +67,8 @@ The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". SEE ALSO @@ -87,5 +88,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + DNSBLOG(8) diff -Nru postfix-3.0.4/html/error.8.html postfix-3.1.0/html/error.8.html --- postfix-3.0.4/html/error.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/error.8.html 2016-02-14 01:32:48.000000000 +0000 @@ -125,5 +125,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + ERROR(8) diff -Nru postfix-3.0.4/html/flush.8.html postfix-3.1.0/html/flush.8.html --- postfix-3.0.4/html/flush.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/flush.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -165,5 +165,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + FLUSH(8) diff -Nru postfix-3.0.4/html/FORWARD_SECRECY_README.html postfix-3.1.0/html/FORWARD_SECRECY_README.html --- postfix-3.0.4/html/FORWARD_SECRECY_README.html 2014-01-27 22:18:47.000000000 +0000 +++ postfix-3.1.0/html/FORWARD_SECRECY_README.html 2015-07-21 22:46:51.000000000 +0000 @@ -180,7 +180,8 @@ with no additional configuration, but you may want to override the default prime to be 2048 bits long, and you may want to regenerate your primes periodically. See the quick-start -section for details.

    +section for details. With Postfix ≥ 3.1 the out of the box +(compiled-in) EDH prime size is 2048 bits.

    With prime-field EDH, OpenSSL wants the server to provide two explicitly-selected (prime, generator) combinations. One for @@ -195,7 +196,9 @@ "export" ciphers. To use a non-default prime, generate a 512-bit DH parameter file and set smtpd_tls_dh512_param_file to the filename (see the quick-start section for details). -

    +With Postfix releases after the middle of 2015 the default opportunistic +TLS cipher grade (smtpd_tls_ciphers) is "medium" or stronger, and +export ciphers are no longer used.

  • The non-export EDH parameters are used for all other EDH cipher suites. To use a non-default prime, generate a 1024-bit or @@ -207,10 +210,11 @@ -

    It turns out that (inadvisably-patched in some Debian releases) -Exim SMTP clients require a ≥ 2048-bit length for the non-export -prime. See the quick-start section for -the recommended configuration to work around this issue.

    +

    As of mid-2015, SMTP clients are starting to reject TLS +handshakes with primes smaller than 2048 bits. Each site needs to +determine which prime size works best for the majority of its +clients. See the quick-start section +for the recommended configuration to work around this issue.

    EECDH Server support

    @@ -266,15 +270,16 @@

    The default Postfix SMTP client cipher lists are correctly ordered to prefer EECDH and EDH cipher suites ahead of similar cipher suites that don't implement forward secrecy. Administrators -are strongly discouraged from changing the cipher list definitions. -It is likely safe to set "smtp_tls_ciphers = medium" if you wish -to disable the obsolete "export" and "low" grade ciphers even with -opportunistic TLS. Setting a minimum strength does not change the -preference -order. Note that strengths higher than "medium" exclude Exchange -2003 and likely other widely used MTAs, thus "high" grade ciphers -should only be used on a case-by-case basis via the TLS policy table.

    +are strongly discouraged from changing the cipher list definitions.

    + +

    The default minimum cipher grade for opportunistic TLS is +"medium" for Postfix releases after the middle of 2015, "export" +for older releases. Changing the minimum cipher grade does not +change the cipher preference order. Note that cipher grades higher +than "medium" exclude Exchange 2003 and likely other MTAs, thus a +"high" cipher grade should be chosen only on a case-by-case basis +via the TLS policy +table.

    Getting started, quick and dirty

    @@ -351,7 +356,10 @@ /etc/postfix/master.cf: submission inet n - n - - smtpd # Some submission clients may not yet do 2048-bit EDH, if such - # clients use your MSA, configure 1024-bit EDH instead: + # clients use your MSA, configure 1024-bit EDH instead. However, + # as of mid-2015, many submission clients no longer accept primes + # with less than 2048-bits. Each site needs to determine which + # type of client is more important to support. -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes @@ -551,8 +559,8 @@

    Postfix SMTP server: The status is never "Verified", because the Postfix SMTP server never verifies the remote SMTP client name against the names in the client certificate, and because -the Postfix SMTP does not expect a specific fingerprint in the -client public key or certificate.

    +the Postfix SMTP server does not expect a specific fingerprint in +the client public key or certificate.

    diff -Nru postfix-3.0.4/html/generic.5.html postfix-3.1.0/html/generic.5.html --- postfix-3.0.4/html/generic.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/generic.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -219,5 +219,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + GENERIC(5) diff -Nru postfix-3.0.4/html/header_checks.5.html postfix-3.1.0/html/header_checks.5.html --- postfix-3.0.4/html/header_checks.5.html 2015-01-29 22:33:50.000000000 +0000 +++ postfix-3.1.0/html/header_checks.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -165,10 +165,10 @@ consistency with other Postfix documentation. BCC user@domain - Add the specified address as a BCC recipient. The address must - have a local part and domain part. The number of BCC addresses - that can be added is limited only by the amount of available - storage space. + Add the specified address as a BCC recipient, and inspect the + next input line. The address must have a local part and domain + part. The number of BCC addresses that can be added is limited + only by the amount of available storage space. Note 1: the BCC address is added as if it was specified with NOTIFY=NONE. The sender will not be notified when the BCC @@ -183,8 +183,9 @@ This feature is not supported with smtp header/body checks. DISCARD optional text... - Claim successful delivery and silently discard the message. Log - the optional text if specified, otherwise log a generic message. + Claim successful delivery and silently discard the message. Do + not inspect the remainder of the input message. Log the + optional text if specified, otherwise log a generic message. Note: this action disables further header or body_checks inspec- tion of the current message and affects all recipients. To dis- @@ -206,30 +207,31 @@ This feature is available in Postfix 2.1 and later. FILTER transport:destination - After the message is queued, send the entire message through the - specified external content filter. The transport name specifies - the first field of a mail delivery agent definition in mas- - ter.cf; the syntax of the next-hop destination is described in - the manual page of the corresponding delivery agent. More - information about external content filters is in the Postfix - FILTER_README file. + Override the content_filter parameter setting, and inspect the + next input line. After the message is queued, send the entire + message through the specified external content filter. The + transport name specifies the first field of a mail delivery + agent definition in master.cf; the syntax of the next-hop desti- + nation is described in the manual page of the corresponding + delivery agent. More information about external content filters + is in the Postfix FILTER_README file. - Note 1: do not use $number regular expression substitutions for - transport or destination unless you know that the information + Note 1: do not use $number regular expression substitutions for + transport or destination unless you know that the information has a trusted origin. - Note 2: this action overrides the main.cf content_filter set- - ting, and affects all recipients of the message. In the case - that multiple FILTER actions fire, only the last one is exe- + Note 2: this action overrides the main.cf content_filter set- + ting, and affects all recipients of the message. In the case + that multiple FILTER actions fire, only the last one is exe- cuted. Note 3: the purpose of the FILTER command is to override message - routing. To override the recipient's transport but not the + routing. To override the recipient's transport but not the next-hop destination, specify an empty filter destination (Post- - fix 2.7 and later), or specify a transport:destination that - delivers through a different Postfix instance (Postfix 2.6 and + fix 2.7 and later), or specify a transport:destination that + delivers through a different Postfix instance (Postfix 2.6 and earlier). Other options are using the recipient-dependent trans- - port_maps or the sender-dependent sender_dependent_default- + port_maps or the sender-dependent sender_dependent_default- _transport_maps features. This feature is available in Postfix 2.0 and later. @@ -237,18 +239,18 @@ This feature is not supported with smtp header/body checks. HOLD optional text... - Arrange for the message to be placed on the hold queue, and - inspect the next input line. The message remains on hold until - someone either deletes it or releases it for delivery. Log the + Arrange for the message to be placed on the hold queue, and + inspect the next input line. The message remains on hold until + someone either deletes it or releases it for delivery. Log the optional text if specified, otherwise log a generic message. - Mail that is placed on hold can be examined with the postcat(1) - command, and can be destroyed or released with the postsuper(1) + Mail that is placed on hold can be examined with the postcat(1) + command, and can be destroyed or released with the postsuper(1) command. - Note: use "postsuper -r" to release mail that was kept on hold - for a significant fraction of $maximal_queue_lifetime or - $bounce_queue_lifetime, or longer. Use "postsuper -H" only for + Note: use "postsuper -r" to release mail that was kept on hold + for a significant fraction of $maximal_queue_lifetime or + $bounce_queue_lifetime, or longer. Use "postsuper -H" only for mail that will not expire within a few delivery attempts. Note: this action affects all recipients of the message. @@ -257,32 +259,32 @@ This feature is not supported with smtp header/body checks. - IGNORE Delete the current line from the input, and inspect the next + IGNORE Delete the current line from the input, and inspect the next input line. INFO optional text... - Log an "info:" record with the optional text... (or log a - generic text), and inspect the next input line. This action is + Log an "info:" record with the optional text... (or log a + generic text), and inspect the next input line. This action is useful for routine logging or for debugging. This feature is available in Postfix 2.8 and later. PREPEND text... - Prepend one line with the specified text, and inspect the next + Prepend one line with the specified text, and inspect the next input line. Notes: - o The prepended text is output on a separate line, immedi- + o The prepended text is output on a separate line, immedi- ately before the input that triggered the PREPEND action. - o The prepended text is not considered part of the input - stream: it is not subject to header/body checks or - address rewriting, and it does not affect the way that + o The prepended text is not considered part of the input + stream: it is not subject to header/body checks or + address rewriting, and it does not affect the way that Postfix adds missing message headers. - o When prepending text before a message header line, the - prepended text must begin with a valid message header + o When prepending text before a message header line, the + prepended text must begin with a valid message header label. o This action cannot be used to prepend multi-line text. @@ -292,13 +294,13 @@ This feature is not supported with milter_header_checks. REDIRECT user@domain - Write a message redirection request to the queue file, and - inspect the next input line. After the message is queued, it - will be sent to the specified address instead of the intended + Write a message redirection request to the queue file, and + inspect the next input line. After the message is queued, it + will be sent to the specified address instead of the intended recipient(s). - Note: this action overrides the FILTER action, and affects all - recipients of the message. If multiple REDIRECT actions fire, + Note: this action overrides the FILTER action, and affects all + recipients of the message. If multiple REDIRECT actions fire, only the last one is executed. This feature is available in Postfix 2.1 and later. @@ -306,7 +308,7 @@ This feature is not supported with smtp header/body checks. REPLACE text... - Replace the current line with the specified text, and inspect + Replace the current line with the specified text, and inspect the next input line. This feature is available in Postfix 2.2 and later. The descrip- @@ -314,19 +316,19 @@ Notes: - o When replacing a message header line, the replacement + o When replacing a message header line, the replacement text must begin with a valid header label. - o The replaced text remains part of the input stream. - Unlike the result from the PREPEND action, a replaced - message header may be subject to address rewriting and - may affect the way that Postfix adds missing message + o The replaced text remains part of the input stream. + Unlike the result from the PREPEND action, a replaced + message header may be subject to address rewriting and + may affect the way that Postfix adds missing message headers. REJECT optional text... - Reject the entire message. Reply with optional text... when the - optional text is specified, otherwise reply with a generic error - message. + Reject the entire message. Do not inspect the remainder of the + input message. Reply with optional text... when the optional + text is specified, otherwise reply with a generic error message. Note: this action disables further header or body_checks inspec- tion of the current message and affects all recipients. @@ -459,5 +461,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + HEADER_CHECKS(5) diff -Nru postfix-3.0.4/html/INSTALL.html postfix-3.1.0/html/INSTALL.html --- postfix-3.0.4/html/INSTALL.html 2015-10-10 13:49:29.000000000 +0000 +++ postfix-3.1.0/html/INSTALL.html 2016-02-05 22:15:44.000000000 +0000 @@ -686,6 +686,8 @@ newaliases_path /usr/bin/newaliases + openssl_path openssl + queue_directory /var/spool/postfix readme_directory no diff -Nru postfix-3.0.4/html/lmdb_table.5.html postfix-3.1.0/html/lmdb_table.5.html --- postfix-3.0.4/html/lmdb_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/lmdb_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -103,5 +103,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + LMDB_TABLE(5) diff -Nru postfix-3.0.4/html/lmtp.8.html postfix-3.1.0/html/lmtp.8.html --- postfix-3.0.4/html/lmtp.8.html 2015-07-19 22:34:32.000000000 +0000 +++ postfix-3.1.0/html/lmtp.8.html 2016-02-14 01:09:40.000000000 +0000 @@ -109,6 +109,7 @@ RFC 5321 (SMTP protocol) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) + RFC 7672 (SMTP security via opportunistic DANE TLS) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Corrupted message @@ -327,8 +328,8 @@ smtp_sasl_password_maps (empty) Optional Postfix SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, or sender - address when sender-dependent authentication is enabled. + name:password entry per sender, remote hostname or next-hop + domain. smtp_sasl_security_options (noplaintext, noanonymous) Postfix SMTP client SASL security options; as of Postfix 2.3 the @@ -473,17 +474,17 @@ process requests from the tlsmgr(8) server in order to seed its internal pseudo random number generator (PRNG). - tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) - The OpenSSL cipherlist for "HIGH" grade ciphers. + tls_high_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "high" grade ciphers. - tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) - The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. + tls_medium_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "medium" or higher grade ciphers. - tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade ciphers. + tls_low_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "low" or higher grade ciphers. - tls_export_cipherlist (ALL:+RC4:@STRENGTH) - The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. + tls_export_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "export" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) The OpenSSL cipherlist for "NULL" grade ciphers that provide @@ -561,6 +562,13 @@ Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command. + Available in Postfix version 3.1 and later: + + smtp_tls_dane_insecure_mx_policy (dane) + The TLS policy for MX hosts with "secure" TLSA records when the + nexthop destination security level is dane, but the MX record + was found via an "insecure" MX lookup. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a @@ -845,6 +853,12 @@ In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. + Available with Postfix 3.1 and later: + + lmtp_fallback_relay (empty) + Optional list of relay hosts for LMTP destinations that can't be + found or that are unreachable. + SEE ALSO generic(5), output address rewriting header_checks(5), message header content inspection @@ -871,6 +885,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + Command pipelining in cooperation with: Jon Ribbens Oaktree Internet Solutions Ltd., diff -Nru postfix-3.0.4/html/local.8.html postfix-3.1.0/html/local.8.html --- postfix-3.0.4/html/local.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/local.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -594,5 +594,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + LOCAL(8) diff -Nru postfix-3.0.4/html/mailq.1.html postfix-3.1.0/html/mailq.1.html --- postfix-3.0.4/html/mailq.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/mailq.1.html 2016-02-14 15:29:27.000000000 +0000 @@ -452,5 +452,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SENDMAIL(1) diff -Nru postfix-3.0.4/html/Makefile.in postfix-3.1.0/html/Makefile.in --- postfix-3.0.4/html/Makefile.in 2014-09-28 19:45:30.000000000 +0000 +++ postfix-3.1.0/html/Makefile.in 2016-02-06 23:00:44.000000000 +0000 @@ -15,7 +15,7 @@ postqueue.1.html postsuper.1.html sendmail.1.html \ smtp-source.1.html smtp-sink.1.html posttls-finger.1.html \ qmqp-source.1.html qmqp-sink.1.html \ - qshape.1.html + qshape.1.html postfix-tls.1.html CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \ transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \ cidr_table.5.html tcp_table.5.html header_checks.5.html \ @@ -177,6 +177,10 @@ PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@ +postfix-tls.1.html: ../conf/postfix-tls-script + PATH=../mantools:$$PATH; \ + srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@ + postkick.1.html: ../src/postkick/postkick.c PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@ diff -Nru postfix-3.0.4/html/master.5.html postfix-3.1.0/html/master.5.html --- postfix-3.0.4/html/master.5.html 2015-01-29 22:33:50.000000000 +0000 +++ postfix-3.1.0/html/master.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -241,5 +241,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + MASTER(5) diff -Nru postfix-3.0.4/html/master.8.html postfix-3.1.0/html/master.8.html --- postfix-3.0.4/html/master.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/master.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -192,5 +192,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + MASTER(8) diff -Nru postfix-3.0.4/html/memcache_table.5.html postfix-3.1.0/html/memcache_table.5.html --- postfix-3.0.4/html/memcache_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/memcache_table.5.html 2016-02-14 01:09:41.000000000 +0000 @@ -214,5 +214,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + MEMCACHE_TABLE(5) diff -Nru postfix-3.0.4/html/MILTER_README.html postfix-3.1.0/html/MILTER_README.html --- postfix-3.0.4/html/MILTER_README.html 2015-01-29 22:33:47.000000000 +0000 +++ postfix-3.1.0/html/MILTER_README.html 2015-05-24 00:39:48.000000000 +0000 @@ -28,16 +28,10 @@

    The reason for adding Milter support to Postfix is that there exists a large collection of applications, not only to block unwanted mail, but also to verify authenticity (examples: OpenDKIM, DomainKeys -Identified Mail (DKIM), SenderID+SPF and -DomainKeys) -or to digitally sign mail (examples: OpenDKIM, DomainKeys -Identified Mail (DKIM), DomainKeys). +href="http://www.opendkim.org/">OpenDKIM and DMARC ) +or to digitally sign mail (example: OpenDKIM). Having yet another Postfix-specific version of all that software is a poor use of human and system resources.

    @@ -206,17 +200,14 @@ Postfix currently does not provide such a library, but Sendmail does.

    -
      - -

    • The first option is to use a pre-compiled library. Some +

      Some systems install the Sendmail libmilter library by default. With other systems, libmilter may be provided by a package (called "sendmail-devel" on some Linux systems).

      Once libmilter is installed, applications such as OpenDKIM, dkim-milter and -sid-milter +href="http://www.opendkim.org/">OpenDKIM and +OpenDMARC build out of the box without requiring any tinkering:

      @@ -230,44 +221,6 @@
      -
      -
      -$ gzcat dkim-milter-x.y.z.tar.gz | tar xf -
-$ cd dkim-milter-x.y.z
-$ make
-[...lots of output omitted...]
-
      -
      - -

    • The other option is to build the libmilter library from -Sendmail source code:

      - -
      -
      -$ gzcat sendmail-x.y.z.tar.gz | tar xf -
-$ cd sendmail-x.y.z/libmilter
-$ make
-[...lots of output omitted...]
-
      -
      - -

      After building your own libmilter library, follow the installation -instructions in the Milter application source distribution to specify -the location of the libmilter include files and object library. -Typically, these settings are configured in a file named -sid-filter/Makefile.m4 or similar: - -

      -
      -APPENDDEF(`confINCDIRS', `-I/some/where/sendmail-x.y.z/include')
-APPENDDEF(`confLIBDIRS', `-L/some/where/sendmail-x.y.z/obj.systemtype/libmilter')
-
      -
      - -

      Then build the Milter application.

      - -
    -

    Running Milter applications

    To run a Milter application, see the documentation of the filter @@ -275,7 +228,7 @@ 

    -# /some/where/dkim-filter -u userid -p inet:portnumber@localhost ...other options...
+# /some/where/opendkim -l -u userid -p inet:portnumber@localhost ...other options...
    @@ -308,6 +261,8 @@
  • Sendmail macro emulation +
  • What macros will Postfix send to Milters? +

    SMTP-Only Milter applications

    @@ -318,11 +273,12 @@ that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters that are described in the next section.

    -

    NOTE: Do not use the header_checks(5) IGNORE action to remove +

    NOTE for Postfix versions that have a mail_release_date +before 20141018: do not use the header_checks(5) IGNORE action to remove Postfix's own Received: message header. This causes problems with mail signing filters. Instead, keep Postfix's own Received: message header and use the header_checks(5) REPLACE action to sanitize -information.

    +information.

    You specify SMTP-only Milter applications (there can be more than one) with the smtpd_milters parameter. Each Milter application @@ -596,7 +552,9 @@

  • Line 3: The remainder of the list contains per-Milter settings. These settings override global main.cf parameters, and have the same name as those parameters, without the "milter_" prefix. -

    +The per-Milter settings that are supported as of Postfix 3.0 are +command_timeout, connect_timeout, content_timeout, default_action, +and protocol.

    @@ -706,9 +664,11 @@
    • +

    What macros will Postfix send to Milters?

    +

    Postfix sends specific sets of macros at different Milter protocol -stages. The sets are configured with the parameters as described -in the table (EOH = end of headers; EOM = end of message). The +stages. The sets are configured with the parameters as shown in the +table below (EOH = end of headers; EOM = end of message). The protocol version is a number that Postfix sends at the beginning of the Milter protocol handshake.

    @@ -752,6 +712,17 @@ +

    By default, Postfix will send only macros whose values have been +updated with information from main.cf or master.cf, from an SMTP session +(for example; SASL login, or TLS certificates) or from a Mail delivery +transaction (for example; queue ID, sender, or recipient).

    + +

    To force a macro to be sent even when its value has not been updated, +you may specify macro default values with the milter_macro_defaults +parameter. Specify zero or more name=value pairs separated by +comma or whitespace; you may even specify macro names that Postfix does +know about!

    +

    Workarounds

      diff -Nru postfix-3.0.4/html/newaliases.1.html postfix-3.1.0/html/newaliases.1.html --- postfix-3.0.4/html/newaliases.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/newaliases.1.html 2016-02-14 15:29:27.000000000 +0000 @@ -452,5 +452,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SENDMAIL(1) diff -Nru postfix-3.0.4/html/nisplus_table.5.html postfix-3.1.0/html/nisplus_table.5.html --- postfix-3.0.4/html/nisplus_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/nisplus_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -78,5 +78,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + NISPLUS_TABLE(5) diff -Nru postfix-3.0.4/html/oqmgr.8.html postfix-3.1.0/html/oqmgr.8.html --- postfix-3.0.4/html/oqmgr.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/oqmgr.8.html 2016-02-14 15:29:27.000000000 +0000 @@ -295,6 +295,16 @@ transport_destination_rate_delay $default_destination_rate_delay Idem, for delivery via the named message transport. + Available in Postfix version 3.1 and later: + + default_transport_rate_delay (0s) + The default amount of delay that is inserted between individual + deliveries over the same message delivery transport, regardless + of destination. + + transport_transport_rate_delay $default_transport_rate_delay + Idem, for delivery via the named message transport. + SAFETY CONTROLS qmgr_daemon_timeout (1000s) How much time a Postfix queue manager process may take to handle @@ -304,9 +314,15 @@ The time limit for the queue manager to send or receive informa- tion over an internal communication channel. + Available in Postfix version 3.1 and later: + + address_verify_pending_request_limit (see 'postconf -d' output) + A safety limit that prevents address verification requests from + overwhelming the Postfix queue. + MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. defer_transports (empty) @@ -314,11 +330,11 @@ mail unless someone issues "sendmail -q" or equivalent. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. helpful_warnings (yes) - Log warnings about problematic configuration settings, and pro- + Log warnings about problematic configuration settings, and pro- vide helpful suggestions. process_id (read-only) @@ -334,14 +350,14 @@ The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available in Postfix version 3.0 and later: confirm_delay_cleared (no) - After sending a "your message is delayed" notification, inform + After sending a "your message is delayed" notification, inform the sender when the delay clears up. FILES @@ -372,5 +388,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + OQMGR(8) diff -Nru postfix-3.0.4/html/pcre_table.5.html postfix-3.1.0/html/pcre_table.5.html --- postfix-3.0.4/html/pcre_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/pcre_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -211,5 +211,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + PCRE_TABLE(5) diff -Nru postfix-3.0.4/html/pickup.8.html postfix-3.1.0/html/pickup.8.html --- postfix-3.0.4/html/pickup.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/pickup.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -111,5 +111,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + PICKUP(8) diff -Nru postfix-3.0.4/html/pipe.8.html postfix-3.1.0/html/pipe.8.html --- postfix-3.0.4/html/pipe.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/pipe.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -481,5 +481,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + PIPE(8) diff -Nru postfix-3.0.4/html/postalias.1.html postfix-3.1.0/html/postalias.1.html --- postfix-3.0.4/html/postalias.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postalias.1.html 2016-02-14 01:32:50.000000000 +0000 @@ -223,5 +223,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTALIAS(1) diff -Nru postfix-3.0.4/html/postcat.1.html postfix-3.1.0/html/postcat.1.html --- postfix-3.0.4/html/postcat.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postcat.1.html 2016-02-14 01:32:50.000000000 +0000 @@ -92,5 +92,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTCAT(1) diff -Nru postfix-3.0.4/html/postconf.1.html postfix-3.1.0/html/postconf.1.html --- postfix-3.0.4/html/postconf.1.html 2015-01-31 21:23:18.000000000 +0000 +++ postfix-3.1.0/html/postconf.1.html 2016-02-14 21:33:05.000000000 +0000 @@ -10,9 +10,9 @@ postconf - Postfix configuration utility SYNOPSIS - Managing main.cf: + Managing main.cf: - postconf [-dfhnopvx] [-c config_dir] [-C class,...] [parameter ...] + postconf [-dfhHnopvx] [-c config_dir] [-C class,...] [parameter ...] postconf [-epv] [-c config_dir] parameter=value ... @@ -20,7 +20,7 @@ postconf -X [-pv] [-c config_dir] parameter ... - Managing master.cf service entries: + Managing master.cf service entries: postconf -M [-fovx] [-c config_dir] [service[/type] ...] @@ -30,74 +30,78 @@ postconf -MX [-v] [-c config_dir] service/type ... - Managing master.cf service fields: + Managing master.cf service fields: - postconf -F [-fovx] [-c config_dir] [service[/type[/field]] ...] + postconf -F [-fhHovx] [-c config_dir] [service[/type[/field]] ...] postconf -F [-ev] [-c config_dir] service/type/field=value ... - Managing master.cf service parameters: + Managing master.cf service parameters: - postconf -P [-fovx] [-c config_dir] [service[/type[/parameter]] ...] + postconf -P [-fhHovx] [-c config_dir] [service[/type[/parameter]] ...] postconf -P [-ev] [-c config_dir] service/type/parameter=value ... postconf -PX [-v] [-c config_dir] service/type/parameter ... - Managing bounce message templates: + Managing bounce message templates: postconf -b [-v] [-c config_dir] [template_file] postconf -t [-v] [-c config_dir] [template_file] - Managing other configuration: + Managing TLS features: + + postconf -T mode [-v] [-c config_dir] + + Managing other configuration: postconf -a|-A|-l|-m [-v] [-c config_dir] DESCRIPTION By default, the postconf(1) command displays the values of main.cf con- - figuration parameters, and warns about possible mis-typed parameter - names (Postfix 2.9 and later). It can also change main.cf configura- + figuration parameters, and warns about possible mis-typed parameter + names (Postfix 2.9 and later). It can also change main.cf configura- tion parameter values, or display other configuration information about the Postfix mail system. Options: - -a List the available SASL server plug-in types. The SASL plug-in - type is selected with the smtpd_sasl_type configuration parame- + -a List the available SASL server plug-in types. The SASL plug-in + type is selected with the smtpd_sasl_type configuration parame- ter by specifying one of the names listed below. - cyrus This server plug-in is available when Postfix is built + cyrus This server plug-in is available when Postfix is built with Cyrus SASL support. dovecot This server plug-in uses the Dovecot authentication - server, and is available when Postfix is built with any + server, and is available when Postfix is built with any form of SASL support. This feature is available with Postfix 2.3 and later. - -A List the available SASL client plug-in types. The SASL plug-in - type is selected with the smtp_sasl_type or lmtp_sasl_type con- - figuration parameters by specifying one of the names listed + -A List the available SASL client plug-in types. The SASL plug-in + type is selected with the smtp_sasl_type or lmtp_sasl_type con- + figuration parameters by specifying one of the names listed below. - cyrus This client plug-in is available when Postfix is built + cyrus This client plug-in is available when Postfix is built with Cyrus SASL support. This feature is available with Postfix 2.3 and later. -b [template_file] Display the message text that appears at the beginning of deliv- - ery status notification (DSN) messages, replacing $name expres- + ery status notification (DSN) messages, replacing $name expres- sions with actual values as described in bounce(5). To override the built-in templates, specify a template file name - at the end of the postconf(1) command line, or specify a file + at the end of the postconf(1) command line, or specify a file name in main.cf with the bounce_template_file parameter. - To force selection of the built-in templates, specify an empty - template file name on the postconf(1) command line (in shell + To force selection of the built-in templates, specify an empty + template file name on the postconf(1) command line (in shell language: ""). This feature is available with Postfix 2.3 and later. @@ -107,7 +111,7 @@ of the default configuration directory. -C class,... - When displaying main.cf parameters, select only parameters from + When displaying main.cf parameters, select only parameters from the specified class(es): builtin @@ -125,36 +129,36 @@ This feature is available with Postfix 2.9 and later. - -d Print main.cf default parameter settings instead of actual set- - tings. Specify -df to fold long lines for human readability + -d Print main.cf default parameter settings instead of actual set- + tings. Specify -df to fold long lines for human readability (Postfix 2.9 and later). - -e Edit the main.cf configuration file, and update parameter set- - tings with the "name=value" pairs on the postconf(1) command + -e Edit the main.cf configuration file, and update parameter set- + tings with the "name=value" pairs on the postconf(1) command line. - With -M, edit the master.cf configuration file, and replace one - or more service entries with new values as specified with "ser- + With -M, edit the master.cf configuration file, and replace one + or more service entries with new values as specified with "ser- vice/type=value" on the postconf(1) command line. - With -F, edit the master.cf configuration file, and replace one - or more service fields with new values as specied with "ser- - vice/type/field=value" on the postconf(1) command line. Cur- - rently, the "command" field contains the command name and com- + With -F, edit the master.cf configuration file, and replace one + or more service fields with new values as specied with "ser- + vice/type/field=value" on the postconf(1) command line. Cur- + rently, the "command" field contains the command name and com- mand arguments. this may change in the near future, so that the "command" field contains only the command name, and a new "argu- ments" pseudofield contains the command arguments. - With -P, edit the master.cf configuration file, and add or - update one or more service parameter settings (-o parame- - ter=value settings) with new values as specied with "ser- + With -P, edit the master.cf configuration file, and add or + update one or more service parameter settings (-o parame- + ter=value settings) with new values as specied with "ser- vice/type/parameter=value" on the postconf(1) command line. In all cases the file is copied to a temporary file then renamed - into place. Specify quotes to protect special characters and + into place. Specify quotes to protect special characters and whitespace on the postconf(1) command line. - The -e option is no longer needed with Postfix version 2.8 and + The -e option is no longer needed with Postfix version 2.8 and later. -f Fold long lines when printing main.cf or master.cf configuration @@ -163,19 +167,24 @@ This feature is available with Postfix 2.9 and later. -F Show master.cf per-entry field settings (by default all services - and all fields), formatted as one "service/type/field=value" per - line. Specify -Ff to fold long lines. + and all fields), formatted as "service/type/field=value", one + per line. Specify -Ff to fold long lines. - Specify one or more "service/type/field" instances on the post- - conf(1) command line to limit the output to fields of interest. - Trailing parameter name or service type fields that are omitted + Specify one or more "service/type/field" instances on the post- + conf(1) command line to limit the output to fields of interest. + Trailing parameter name or service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. - -h Show parameter or attribute values without the "name = " label + -h Show parameter or attribute values without the "name = " label that normally precedes the value. + -H Show parameter or attribute names without the " = value" that + normally follows the name. + + This feature is available with Postfix 3.1 and later. + -l List the names of all supported mailbox locking methods. Post- fix supports the following methods: @@ -281,30 +290,31 @@ ple: "randmap:{result_1, ..., result_n}". Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table - name must be "{" and "}". Within these, individual maps - are separated with comma or whitespace. + name must be "{" and "}". Within these, individual + results are separated with comma or whitespace. To give a + specific result more weight, specify it multiple times. regexp (read-only) - A lookup table based on regular expressions. The file + A lookup table based on regular expressions. The file format is described in regexp_table(5). sdbm An indexed file type based on hashing. Available on sys- tems with support for SDBM databases. socketmap (read-only) - Sendmail-style socketmap client. The table name is - inet:host:port:name for a TCP/IP server, or unix:path- - name:name for a UNIX-domain server. This is described in + Sendmail-style socketmap client. The table name is + inet:host:port:name for a TCP/IP server, or unix:path- + name:name for a UNIX-domain server. This is described in socketmap_table(5). sqlite (read-only) SQLite database. This is described in sqlite_table(5). static (read-only) - A table that always returns its name as lookup result. + A table that always returns its name as lookup result. For example, static:foobar always returns the string foo- - bar as lookup result. Specify "static:{ text with white- - space }" when the result contains whitespace; this form + bar as lookup result. Specify "static:{ text with white- + space }" when the result contains whitespace; this form ignores whitespace after "{" and before "}". See also the inline: map. @@ -312,53 +322,53 @@ TCP/IP client. The protocol is described in tcp_table(5). texthash (read-only) - Produces similar results as hash: files, except that you - don't need to run the postmap(1) command before you can - use the file, and that it does not detect changes after + Produces similar results as hash: files, except that you + don't need to run the postmap(1) command before you can + use the file, and that it does not detect changes after the file is read. unionmap (read-only) - A table that sends each query to multiple lookup tables - and that concatenates all found results, separated by + A table that sends each query to multiple lookup tables + and that concatenates all found results, separated by comma. The table name syntax is the same as for pipemap. unix (read-only) - A limited view of the UNIX authentication database. The + A limited view of the UNIX authentication database. The following tables are implemented: unix:passwd.byname - The table is the UNIX password database. The key - is a login name. The result is a password file + The table is the UNIX password database. The key + is a login name. The result is a password file entry in passwd(5) format. unix:group.byname The table is the UNIX group database. The key is a - group name. The result is a group file entry in + group name. The result is a group file entry in group(5) format. - Other table types may exist depending on how Postfix was built. + Other table types may exist depending on how Postfix was built. - -M Show master.cf file contents instead of main.cf file contents. + -M Show master.cf file contents instead of main.cf file contents. Specify -Mf to fold long lines for human readability. Specify zero or more arguments, each with a service-name or ser- - vice-name/service-type pair, where service-name is the first - field of a master.cf entry and service-type is one of (inet, + vice-name/service-type pair, where service-name is the first + field of a master.cf entry and service-type is one of (inet, unix, fifo, or pass). - If service-name or service-name/service-type is specified, only - the matching master.cf entries will be output. For example, - "postconf -Mf smtp" will output all services named "smtp", and - "postconf -Mf smtp/inet" will output only the smtp service that - listens on the network. Trailing service type fields that are + If service-name or service-name/service-type is specified, only + the matching master.cf entries will be output. For example, + "postconf -Mf smtp" will output all services named "smtp", and + "postconf -Mf smtp/inet" will output only the smtp service that + listens on the network. Trailing service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.9 and later. The syntax - was changed from "name.type" to "name/type", and "*" wildcard + was changed from "name.type" to "name/type", and "*" wildcard support was added with Postfix 2.11. -n Show only configuration parameters that have explicit name=value - settings in main.cf. Specify -nf to fold long lines for human + settings in main.cf. Specify -nf to fold long lines for human readability (Postfix 2.9 and later). -o name=value @@ -370,10 +380,9 @@ This feature is available with Postfix 2.11 and later. - -P Show master.cf service parameter settings (by default all ser- - vices and all parameters). formatted as one "ser- - vice/type/parameter=value" per line. Specify -Pf to fold long - lines. + -P Show master.cf service parameter settings (by default all ser- + vices and all parameters), formatted as "service/type/parame- + ter=value", one per line. Specify -Pf to fold long lines. Specify one or more "service/type/parameter" instances on the postconf(1) command line to limit the output to parameters of @@ -397,6 +406,27 @@ This feature is available with Postfix 2.3 and later. + -T mode + If Postfix is compiled without TLS support, the -T option pro- + duces no output. Otherwise, if an invalid mode is specified, + the -T option reports an error and exits with a non-zero status + code. The valid modes are: + + compile-version + Output the OpenSSL version that Postfix was compiled with + (i.e. the OpenSSL version in a header file). The output + format is the same as with the command "openssl version". + + run-version + Output the OpenSSL version that Postfix is linked with at + runtime (i.e. the OpenSSL version in a shared library). + + public-key-algorithms + Output the lower-case names of the supported public-key + algorithms, one per-line. + + This feature is available with Postfix 3.1 and later. + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. @@ -489,5 +519,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTCONF(1) diff -Nru postfix-3.0.4/html/postconf.5.html postfix-3.1.0/html/postconf.5.html --- postfix-3.0.4/html/postconf.5.html 2016-02-05 00:29:25.000000000 +0000 +++ postfix-3.1.0/html/postconf.5.html 2016-02-12 13:54:33.000000000 +0000 @@ -296,6 +296,23 @@ +
      address_verify_pending_request_limit +(default: see "postconf -d" output)
      + +

      A safety limit that prevents address verification requests from +overwhelming the Postfix queue. By default, the number of pending +requests is limited to 1/4 of the active queue maximum size +(qmgr_message_active_limit). The queue manager enforces the limit +by tempfailing requests that exceed the limit. This affects only +unknown addresses and inactive addresses that have expired, because +the verify(8) daemon automatically refreshes an active address +before it expires.

      + +

      This feature is available in Postfix 3.1 and later.

      + + +
      +
      address_verify_poll_count (default: normal: 3, overload: 1)
      @@ -1328,7 +1345,7 @@ (default: no)

      -Enable inter-operability with remote SMTP clients that implement an obsolete +Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0. @@ -2629,6 +2646,40 @@

      +
      default_transport_rate_delay +(default: 0s)
      + +

      The default amount of delay that is inserted between individual +deliveries over the same message delivery transport, regardless of +destination. If non-zero, all deliveries over the same message +delivery transport will happen one at a time.

      + +

      Use transport_transport_rate_delay to specify a +transport-specific override, where the initial transport is +the master.cf name of the message delivery transport.

      + +

      Example: throttle outbound SMTP mail to at most 3 deliveries +per minute.

      + +
      +/etc/postfix/main.cf:
+    smtp_transport_rate_delay = 20s
+
      + +

      To enable the delay, specify a non-zero time value (an integral +value plus an optional one-letter suffix that specifies the time +unit).

      + +

      Time units: s (seconds), m (minutes), h (hours), d (days), w +(weeks). The default time unit is s (seconds).

      + +

      NOTE: the delay is enforced by the queue manager.

      + +

      This feature is available in Postfix 3.1 and later.

      + + +
      +
      default_verp_delimiters (default: +=)
      @@ -2912,6 +2963,23 @@
      +
      dns_ncache_ttl_fix_enable +(default: no)
      + +

      Enable a workaround for future libc incompatibility. The Postfix +implementation of RFC 2308 negative reply caching relies on the +promise that res_query() and res_search() invoke res_send(), which +returns the server response in an application buffer even if the +requested record does not exist. If this promise is broken, specify +"yes" to enable a workaround for DNS reputation lookups.

      + +

      +This feature is available in Postfix 3.1 and later. +

      + + +
      +
      dnsblog_reply_delay (default: 0s)
      @@ -4403,6 +4471,29 @@
      +
      lmtp_fallback_relay +(default: empty)
      + +

      Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. In main.cf elements are separated by +whitespace or commas.

      + +

      By default, mail is returned to the sender when a destination is not +found, and delivery is deferred when a destination is unreachable.

      + +

      The fallback relays must be TCP destinations, specified without +a leading "inet:" prefix. Specify a host or host:port. Since MX +lookups do not apply with LMTP, there is no need to use the "[host]" or +"[host]:port" forms. If you specify multiple LMTP destinations, Postfix +will try them in the specified order.

      + +

      +This feature is available in Postfix 3.1 and later. +

      + + +
      +
      lmtp_generic_maps (default: empty)
      @@ -6553,6 +6644,24 @@
      +
      milter_macro_defaults +(default: empty)
      + +

      Optional list of name=value pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. These defaults are used when there is no corresponding +information from the message delivery context.

      + +

      Specify name=value or {name}=value pairs separated +by comma or whitespace. Enclose a pair in "{}" when a value contains +comma or whitespace (this form ignores whitespace after the enclosing +"{", around the "=", and before the enclosing "}").

      + +

      This feature is available in Postfix 3.1 and later.

      + + +
      +
      milter_macro_v (default: $mail_name $mail_version)
      @@ -7006,7 +7115,7 @@

    • Specify "mynetworks_style = class" when Postfix should "trust" remote SMTP clients in the same IP class A/B/C networks as the -local machine. Don't do this with a dialup site - it would cause +local machine. Caution: this may cause Postfix to "trust" your entire provider's network. Instead, specify an explicit mynetworks list by hand, as described with the mynetworks configuration parameter.

      @@ -7201,6 +7310,37 @@
      • +
      openssl_path +(default: openssl)
      + +

      +The location of the OpenSSL command line program openssl(1). This +is used by the "postfix tls" command to create private keys, +certificate signing requests, self-signed certificates, and to +compute public key digests for DANE TLSA records. In multi-instance +environments, this parameter is always determined from the configuration +of the default Postfix instance. +

      + +

      Example:

      + +
      +
      +/etc/postfix/main.cf:
+    # NetBSD pkgsrc:
+    openssl_path = /usr/pkg/bin/openssl
+    # Local build:
+    openssl_path = /usr/local/bin/openssl
+
      +
      + +

      +This feature is available in Postfix 3.1 and later. +

      + + +
      +
      owner_request_special (default: yes)
      @@ -7707,6 +7847,43 @@
      +
      postscreen_dnsbl_max_ttl +(default: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)
      + +

      The maximum amount of time that postscreen(8) will use the +result from a successful DNS-based reputation test before a +client IP address is required to pass that test again. If the DNS +reply specifies a shorter TTL value, that value will be used unless +it would be smaller than postscreen_dnsbl_min_ttl.

      + +

      Specify a non-zero time value (an integral value plus an optional +one-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks).

      + +

      This feature is available in Postfix 3.1. The default setting +is backwards-compatible with older Postfix versions.

      + + +
      + +
      postscreen_dnsbl_min_ttl +(default: 60s)
      + +

      The minimum amount of time that postscreen(8) will use the +result from a successful DNS-based reputation test before a +client IP address is required to pass that test again. If the DNS +reply specifies a larger TTL value, that value will be used unless +it would be larger than postscreen_dnsbl_max_ttl.

      + +

      Specify a non-zero time value (an integral value plus an optional +one-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks).

      + +

      This feature is available in Postfix 3.1.

      + + +
      +
      postscreen_dnsbl_reply_map (default: empty)
      @@ -7828,16 +8005,15 @@ (default: 1h)

      The amount of time that postscreen(8) will use the result from -a successful DNS blocklist test. During this time, the client IP address -is excluded from this test. The default is relatively short, because a -good client can immediately talk to a real Postfix SMTP server. -

      +a successful DNS-based reputation test before a client +IP address is required to pass that test again.

      Specify a non-zero time value (an integral value plus an optional one-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

      -

      This feature is available in Postfix 2.8.

      +

      This feature is available in Postfix 2.8-3.0. It was +replaced by postscreen_dnsbl_max_ttl in Postfix 3.1.

      @@ -9513,7 +9689,7 @@

      The non-default setting "yes" enables the behavior of older Postfix versions. These always send a SASL authzid that is equal -to the SASL authcid, but this causes inter-operability problems +to the SASL authcid, but this causes interoperability problems with some SMTP servers.

      This feature is available in Postfix 2.4.4 and later.

      @@ -9849,8 +10025,11 @@

      The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. This feature has no effect -unless the inet_protocols setting enables both IPv4 and IPv6. -With Postfix 2.8 the default is "ipv6".

      +unless the inet_protocols setting enables both IPv4 and IPv6.

      + +

      Postfix SMTP client address preference has evolved. With Postfix +2.8 the default is "ipv6"; earlier implementations are hard-coded +to prefer IPv6 over IPv4.

      Notes for mail delivery between sites that have both IPv4 and IPv6 connectivity:

      @@ -11031,7 +11210,7 @@

      A mechanism to transform replies from remote SMTP servers one line at a time. This is a last-resort tool to work around server -replies that break inter-operability with the Postfix SMTP client. +replies that break interoperability with the Postfix SMTP client. Other uses involve fault injection to test Postfix's handling of invalid responses.

      @@ -11226,11 +11405,10 @@

      Optional Postfix SMTP client lookup tables with one username:password -entry -per remote hostname or domain, or sender address when sender-dependent -authentication is enabled. If no username:password entry is found, -then the Postfix SMTP client will not -attempt to authenticate to the remote host. +entry per sender, remote hostname or next-hop domain. Per-sender +lookup is done only when sender-dependent authentication is enabled. +If no username:password entry is found, then the Postfix SMTP client +will not attempt to authenticate to the remote host.

      @@ -11615,7 +11793,7 @@

      Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy -to create inter-operability problems by choosing a non-default cipher +to create interoperability problems by choosing a non-default cipher list. Do not use a non-default TLS cipher list on hosts that deliver email to the public Internet: you will be unable to send email to servers that only support the ciphers you exclude. Using a restricted cipher list @@ -11652,6 +11830,45 @@ +

      smtp_tls_dane_insecure_mx_policy +(default: dane)
      + +

      The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is dane, but the MX +record was found via an "insecure" MX lookup. The choices are: +

      + +
      +
      may
      +
      The TLSA records will be ignored and TLS will be optional. If +the MX host does not appear to support STARTTLS, or the STARTTLS +handshake fails, mail may be sent in the clear.
      +
      encrypt
      +
      The TLSA records will signal a requirement to use TLS. While +TLS encryption will be required, authentication will not be performed. +
      +
      dane (default)
      +
      The TLSA records will be used just as with "secure" MX records. +TLS encryption will be required, and, if at least one of the TLSA +records is "usable", authentication will be required. When +authentication succeeds, it will be logged only as "Trusted", not +"Verified", because the MX host name could have been forged.
      +
      + +

      Though with "insecure" MX records an active attacker can +compromise SMTP transport security by returning forged MX records, +such attacks are "tamper-evident" since any forged MX hostnames +will be recorded in the mail logs. Attackers who place a high value +staying hidden may be deterred from forging MX records.

      + +

      +This feature is available in Postfix 3.1 and later. The may +policy is backwards-compatible with earlier Postfix versions. +

      + + +
      +
      smtp_tls_dcert_file (default: empty)
      @@ -12316,7 +12533,7 @@
      may
      Opportunistic TLS. Since sending in the clear is acceptable, demanding stronger than default TLS security merely reduces -inter-operability. The optional "ciphers", "exclude" and "protocols" +interoperability. The optional "ciphers", "exclude" and "protocols" attributes (available for opportunistic TLS with Postfix ≥ 2.6) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" configuration parameters. When opportunistic TLS @@ -12574,7 +12791,7 @@
      Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext. Since sending in the clear is acceptable, demanding stronger than default TLS -security merely reduces inter-operability. +security merely reduces interoperability. The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6) configuration parameters provide control over the protocols and cipher grade used with opportunistic TLS. With earlier releases the @@ -13112,6 +13329,37 @@
      +
      smtpd_client_auth_rate_limit +(default: 0)
      + +

      +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. The time unit is specified +with the anvil_rate_time_unit configuration parameter. +

      + +

      +By default, there is no limit on the number AUTH commands that a +client may send. +

      + +

      +To disable this feature, specify a limit of 0. +

      + +

      +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +

      + +

      +This feature is available in Postfix 3.1 and later. +

      + + +
      +
      smtpd_client_connection_count_limit (default: 50)
      @@ -13737,7 +13985,7 @@

      A mechanism to transform commands from remote SMTP clients. This is a last-resort tool to work around client commands that break -inter-operability with the Postfix SMTP server. Other uses involve +interoperability with the Postfix SMTP server. Other uses involve fault injection to test Postfix's handling of invalid commands.

      @@ -14509,6 +14757,21 @@
      +
      smtpd_policy_service_policy_context +(default: empty)
      + +

      Optional information that the Postfix SMTP server specifies in +the "policy_context" attribute of a policy service request (originally, +to share the same service endpoint among multiple check_policy_service +clients).

      + +

      +This feature is available in Postfix 3.1 and later. +

      + + +
      +
      smtpd_policy_service_request_limit (default: 0)
      @@ -15452,7 +15715,7 @@ (default: empty)

      -Optional lookup table with the SASL login names that own sender +Optional lookup table with the SASL login names that own the sender (MAIL FROM) addresses.

      @@ -15961,7 +16224,7 @@ (default: empty)

      Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS -cipher list. It is easy to create inter-operability problems by choosing +cipher list. It is easy to create interoperability problems by choosing a non-default cipher list. Do not use a non-default TLS cipherlist for MX hosts on the public Internet. Clients that begin the TLS handshake, but are unable to agree on a common cipher, may not be able to send any @@ -16066,7 +16329,10 @@ (default: empty)

      File with DH parameters that the Postfix SMTP server should -use with export-grade EDH ciphers.

      +use with export-grade EDH ciphers. The default SMTP server cipher +grade is "medium" with Postfix releases after the middle of 2015, +and as a result export-grade cipher suites are by default not used. +

      See also the discussion under the smtpd_tls_dh1024_param_file configuration parameter.

      @@ -16636,6 +16902,13 @@ under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.

      +

      As of Postfix 2.11 the preferred mechanism for session resumption +is RFC 5077 TLS session tickets, which don't require server-side +storage. Consequently, for Postfix ≥ 2.11 this parameter should +generally be left empty. TLS session tickets require an OpenSSL +library (at least version 0.9.8h) that provides full support for +this TLS extension. See also smtpd_tls_session_cache_timeout.

      +

      Example: 

      @@ -17449,9 +17722,9 @@
      tls_export_cipherlist -(default: ALL:+RC4:@STRENGTH)
      +(default: see "postconf -d" output)
      -

      The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This +

      The OpenSSL cipherlist for "export" or higher grade ciphers. This defines the meaning of the "export" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. With Postfix @@ -17466,9 +17739,9 @@

      tls_high_cipherlist -(default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)
      +(default: see "postconf -d" output)
      -

      The OpenSSL cipherlist for "HIGH" grade ciphers. This defines +

      The OpenSSL cipherlist for "high" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly @@ -17499,9 +17772,9 @@

      tls_low_cipherlist -(default: ALL:!EXPORT:+RC4:@STRENGTH)
      +(default: see "postconf -d" output)
      -

      The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines +

      The OpenSSL cipherlist for "low" or higher grade ciphers. This defines the meaning of the "low" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly @@ -17513,9 +17786,9 @@

      tls_medium_cipherlist -(default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)
      +(default: see "postconf -d" output)
      -

      The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This +

      The OpenSSL cipherlist for "medium" or higher grade ciphers. This defines the meaning of the "medium" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. This is the @@ -17661,7 +17934,7 @@

      Setting this parameter empty disables session ticket support in the Postfix SMTP server. Another way to disable session ticket -support is via the tls_ssl_options parameter.

      +support is via the tls_ssl_options parameter.

      This feature is available in Postfix 3.0 and later.

      @@ -17683,7 +17956,7 @@

      Other options are off by default, and typically enable or disable features rather than bug work-arounds. These may be turned on (with -care) via the tls_ssl_options parameter. The value is a white-space +care) via the tls_ssl_options parameter. The value is a white-space or comma separated list of named options chosen from the list below. The names are not case-sensitive, you can use lower-case if you prefer. The upper case values below match the corresponding macro @@ -17919,7 +18192,9 @@

      File with DH parameters that the Postfix tlsproxy(8) server should use with export-grade EDH ciphers. See smtpd_tls_dh512_param_file -for further details.

      +for further details. The default SMTP server cipher grade is +"medium" with Postfix releases after the middle of 2015, and as a +result export-grade cipher suites are by default not used.

      This feature is available in Postfix 2.8 and later.

      @@ -18493,6 +18768,16 @@
      + +
      transport_transport_rate_delay +(default: $default_transport_rate_delay)
      + +

      A transport-specific override for the default_transport_rate_delay +parameter value, where the initial transport in the parameter +name is the master.cf name of the message delivery transport.

      + + +
      trigger_timeout (default: 10s)
      diff -Nru postfix-3.0.4/html/postdrop.1.html postfix-3.1.0/html/postdrop.1.html --- postfix-3.0.4/html/postdrop.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postdrop.1.html 2016-02-14 01:32:50.000000000 +0000 @@ -110,5 +110,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTDROP(1) diff -Nru postfix-3.0.4/html/postfix.1.html postfix-3.1.0/html/postfix.1.html --- postfix-3.0.4/html/postfix.1.html 2015-02-08 17:38:30.000000000 +0000 +++ postfix-3.1.0/html/postfix.1.html 2016-02-14 15:29:28.000000000 +0000 @@ -60,7 +60,7 @@ status Indicate if the Postfix mail system is currently running. - set-permissions [name=value ...] + set-permissions [name=value ...] Set the ownership and permissions of Postfix related files and directories, as specified in the postfix-files file. @@ -73,7 +73,14 @@ fix 2.0 and earlier, use "$config_directory/post-install set-permissions". - upgrade-configuration [name=value ...] + tls subcommand + Enable opportunistic TLS in the Postfix SMTP client or server, + and manage Postfix SMTP server TLS private keys and certifi- + cates. See postfix-tls(1) for documentation. + + This feature is available in Postfix 3.1 and later. + + upgrade-configuration [name=value ...] Update the main.cf and master.cf files with information that Postfix needs in order to run: add or update services, and add or update configuration parameter settings. @@ -191,6 +198,11 @@ (postfix-*.so) that have a relative pathname in the dynam- icmaps.cf file. + Available in Postfix version 3.1 and later: + + openssl_path (openssl) + The location of the OpenSSL command line program openssl(1). + Other configuration parameters: import_environment (see 'postconf -d' output) @@ -250,6 +262,7 @@ postcat(1), examine Postfix queue file postconf(1), Postfix configuration utility postfix(1), Postfix control program + postfix-tls(1), Postfix TLS management postkick(1), trigger Postfix daemon postlock(1), Postfix-compatible locking postlog(1), Postfix-compatible logging @@ -339,6 +352,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TLS support by: Lutz Jaenicke Brandenburg University of Technology diff -Nru postfix-3.0.4/html/postfix-manuals.html postfix-3.1.0/html/postfix-manuals.html --- postfix-3.0.4/html/postfix-manuals.html 2015-02-08 17:38:30.000000000 +0000 +++ postfix-3.1.0/html/postfix-manuals.html 2016-02-14 15:29:28.000000000 +0000 @@ -86,6 +86,8 @@
    • postfix(1), Postfix control program +
    • postfix-tls(1), Postfix TLS management +
    • postkick(1), trigger Postfix daemon
    • postlock(1), Postfix-compatible locking diff -Nru postfix-3.0.4/html/postfix-tls.1.html postfix-3.1.0/html/postfix-tls.1.html --- postfix-3.0.4/html/postfix-tls.1.html 1970-01-01 00:00:00.000000000 +0000 +++ postfix-3.1.0/html/postfix-tls.1.html 2016-02-25 00:51:13.000000000 +0000 @@ -0,0 +1,243 @@ + + + + Postfix manual - postfix-tls(1) + 
      +POSTFIX-TLS(1)                                                  POSTFIX-TLS(1)
+
+NAME
+       postfix-tls - Postfix TLS management
+
+SYNOPSIS
+       postfix tls subcommand
+
+DESCRIPTION
+       The  "postfix  tls subcommand" feature enables opportunistic TLS in the
+       Postfix SMTP client or server, and manages Postfix SMTP server  private
+       keys and certificates.
+
+       The following subcommands are available:
+
+       enable-client [-r randsource]
+              Enable opportunistic TLS in the Postfix SMTP client, if all SMTP
+              client TLS settings are at  their  default  values.   Otherwise,
+              suggest parameter settings without making any changes.
+
+              Specify  randsource to update the value of the tls_random_source
+              configuration parameter (typically, /dev/urandom).  Prepend dev:
+              to device paths or egd: to EGD socket paths.
+
+              See also the all-default-client subcommand.
+
+       enable-server [-r randsource] [-a algorithm] [-b bits] [hostname...]
+              Create  a new private key and self-signed server certificate and
+              enable opportunistic TLS in the Postfix SMTP server, if all SMTP
+              server  TLS  settings  are  at their default values.  Otherwise,
+              suggest parameter settings without making any changes.
+
+              The randsource parameter is as with enable-client above, and the
+              remaining options are as with new-server-key below.
+
+              See also the all-default-server subcommand.
+
+       new-server-key [-a algorithm] [-b bits] [hostname...]
+              Create a new private key and self-signed server certificate, but
+              do not deploy them. Log and display commands to deploy  the  new
+              key  and  corresponding  certificate.  Also log and display com-
+              mands to output a corresponding CSR or TLSA records which may be
+              needed  to  obtain  a CA certificate or to update DNS before the
+              new key can be deployed.
+
+              The algorithm defaults to rsa, and bits defaults  to  2048.   If
+              you  choose  the  ecdsa  algorithm then bits will be an EC curve
+              name (by default secp256r1, also known as  prime256v1).   Curves
+              other  than secp256r1, secp384r1 or secp521r1 are unlikely to be
+              widely interoperable.  When generating EC keys, use one of these
+              three.  DSA keys are obsolete and are not supported.
+
+              Note:  ECDSA support requires OpenSSL 1.0.0 or later and may not
+              be available on your system.  Not all client systems  will  sup-
+              port  ECDSA,  so  you'll  generally  want to deploy both RSA and
+              ECDSA certificates to make use of ECDSA with compatible  clients
+              and  RSA with the rest. If you want to deploy certificate chains
+              with intermediate CAs for both RSA and  ECDSA,  you'll  want  at
+              least OpenSSL 1.0.2, as earlier versions may not handle multiple
+              chain files correctly.
+
+              The first hostname argument will be the CommonName of  both  the
+              subject  and issuer of the self-signed certificate.  It, and any
+              additional hostname arguments, will also be listed as DNS alter-
+              native names in the certificate.  If no hostname is provided the
+              value of the myhostname main.cf parameter will be used.
+
+              For RSA, the generated private key  and  certificate  files  are
+              named   key-yyyymmdd-hhmmss.pem   and  cert-yyyymmdd-hhmmss.pem,
+              where yyyymmdd is the calendar date and hhmmss is  the  time  of
+              day  in  UTC.   For  ECDSA, the file names start with eckey- and
+              eccert- instead of key- and cert- respectively.
+
+              Before deploying the new key and certificate with  DANE,  update
+              the  DNS  with  new  DANE  TLSA records, then wait for secondary
+              nameservers to update and then for stale records in  remote  DNS
+              caches to expire.
+
+              Before  deploying  a new CA certificate make sure to include all
+              the required intermediate issuing CA certificates  in  the  cer-
+              tificate  chain  file.  The server certificate must be the first
+              certificate in the chain file.  Overwrite and  deploy  the  file
+              with  the  original  self-signed  certificate that was generated
+              together with the key.
+
+       new-server-cert [-a algorithm] [-b bits] [hostname...]
+              This is just like new-server-key except that, rather than gener-
+              ating  a  new private key, any currently deployed private key is
+              copied to the new key file.  Thus if you're publishing DANE TLSA
+              "3  1  1"  or  "3  1  2" records, there is no need to update DNS
+              records.  The algorithm and bits arguments are used only  if  no
+              key of the same algorithm is already configured.
+
+              This  command is rarely needed, because the self-signed certifi-
+              cates generated have a 100-year nominal  expiration  time.   The
+              underlying  public key algorithms may well be obsoleted by quan-
+              tum computers long before then.
+
+              The most plausible reason for using this  command  is  when  the
+              system hostname changes, and you'd like the name in the certifi-
+              cate to match the new hostname (not required for DANE "3  1  1",
+              but some needlessly picky non-DANE opportunistic TLS clients may
+              log warnings or even refuse to communicate).
+
+       deploy-server-cert certfile keyfile
+              This subcommand deploys the certificates in certfile and private
+              key  in  keyfile  (which are typically generated by the commands
+              above, which will also log and display the full  command  needed
+              to  deploy  the  generated  key and certificate).  After the new
+              certificate and key are deployed any obsolete keys and  certifi-
+              cates  may  be removed by hand.   The keyfile and certfile file-
+              names may be relative to the Postfix configuration directory.
+
+       output-server-csr [-k keyfile] [hostname...]
+              Write to stdout a certificate  signing  request  (CSR)  for  the
+              specified keyfile.
+
+              Instead  of an absolute pathname or a pathname relative to $con-
+              fig_directory, keyfile may specify  one  of  the  supported  key
+              algorithm  names  (see  "postconf -T public-key-algorithms"). In
+              that case, the corresponding setting from  main.cf  is  used  to
+              locate the keyfile.  The default keyfile value is rsa.
+
+              Zero  or  more  hostname  values  can be specified.  The default
+              hostname is the value of myhostname main.cf parameter.
+
+       output-server-tlsa [-h hostname] [keyfile...]
+              Write to stdout a DANE TLSA RRset suitable for a  port  25  SMTP
+              server on host hostname with keys from any of the specified key-
+              file values.  The default hostname is the value of  the  myhost-
+              name main.cf parameter.
+
+              Instead  of  absolute  pathnames  or pathnames relative to $con-
+              fig_directory, the keyfile list may specify names  of  supported
+              public key algorithms (see "postconf -T public-key-algorithms").
+              In that case, the actual keyfile list uses  the  values  of  the
+              corresponding  Postfix  server  TLS  key  file parameters.  If a
+              parameter value is empty or equal to none, then no  TLSA  record
+              is output for that algorithm.
+
+              The  default  keyfile  list  consists of the two supported algo-
+              rithms rsa and ecdsa.
+
+AUXILIARY COMMANDS
+       all-default-client
+              Exit with status 0 (success) if all SMTP client TLS settings are
+              at their default values.  Otherwise, exit with a non-zero status.
+              This is typically used as follows:
+
+              postfix tls all-default-client &&
+                      postfix tls enable-tls-client
+
+       all-default-server
+              Exit with status 0 (success) if all SMTP server TLS settings are
+              at their default values.  Otherwise, exit with a non-zero status.
+              This is typically used as follows:
+
+              postfix tls all-default-server &&
+                      postfix tls enable-tls-server
+
+CONFIGURATION PARAMETERS
+       The "postfix tls subcommand" feature reads  or  updates  the  following
+       configuration parameters.
+
+       command_directory (see 'postconf -d' output)
+              The location of all postfix administrative commands.
+
+       config_directory (see 'postconf -d' output)
+              The  default  location of the Postfix main.cf and master.cf con-
+              figuration files.
+
+       openssl_path (openssl)
+              The location of the OpenSSL command line program openssl(1).
+
+       smtp_tls_loglevel (0)
+              Enable additional Postfix SMTP client logging of TLS activity.
+
+       smtp_tls_security_level (empty)
+              The default SMTP TLS security level for the Postfix SMTP client;
+              when a non-empty value is specified, this overrides the obsolete
+              parameters       smtp_use_tls,       smtp_enforce_tls,       and
+              smtp_tls_enforce_peername.
+
+       smtp_tls_session_cache_database (empty)
+              Name of the file containing the optional Postfix SMTP client TLS
+              session cache.
+
+       smtpd_tls_cert_file (empty)
+              File with the Postfix SMTP server RSA certificate in PEM format.
+
+       smtpd_tls_eccert_file (empty)
+              File  with the Postfix SMTP server ECDSA certificate in PEM for-
+              mat.
+
+       smtpd_tls_eckey_file ($smtpd_tls_eccert_file)
+              File with the Postfix SMTP server ECDSA private key in PEM  for-
+              mat.
+
+       smtpd_tls_key_file ($smtpd_tls_cert_file)
+              File with the Postfix SMTP server RSA private key in PEM format.
+
+       smtpd_tls_loglevel (0)
+              Enable additional Postfix SMTP server logging of TLS activity.
+
+       smtpd_tls_received_header (no)
+              Request that the Postfix SMTP server produces Received:  message
+              headers  that  include information about the protocol and cipher
+              used, as well as the remote SMTP client  CommonName  and  client
+              certificate issuer CommonName.
+
+       smtpd_tls_security_level (empty)
+              The  SMTP TLS security level for the Postfix SMTP server; when a
+              non-empty value is specified, this overrides the obsolete param-
+              eters smtpd_use_tls and smtpd_enforce_tls.
+
+       tls_random_source (see 'postconf -d' output)
+              The  external  entropy source for the in-memory tlsmgr(8) pseudo
+              random number generator (PRNG) pool.
+
+SEE ALSO
+       master(8) Postfix master program
+       postfix(1) Postfix administrative interface
+
+README FILES
+       TLS_README, Postfix TLS configuration and operation
+
+LICENSE
+       The Secure Mailer license must be distributed with this software.
+
+HISTORY
+       The "postfix tls" command was introduced with Postfix version 3.1.
+
+AUTHOR(S)
+       Viktor Dukhovni
+
+                                                                POSTFIX-TLS(1)
+
      diff -Nru postfix-3.0.4/html/postfix-wrapper.5.html postfix-3.1.0/html/postfix-wrapper.5.html --- postfix-3.0.4/html/postfix-wrapper.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/postfix-wrapper.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -263,5 +263,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTFIX-WRAPPER(5) diff -Nru postfix-3.0.4/html/postkick.1.html postfix-3.1.0/html/postkick.1.html --- postfix-3.0.4/html/postkick.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postkick.1.html 2016-02-14 01:32:50.000000000 +0000 @@ -82,5 +82,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTKICK(1) diff -Nru postfix-3.0.4/html/postlock.1.html postfix-3.1.0/html/postlock.1.html --- postfix-3.0.4/html/postlock.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postlock.1.html 2016-02-12 19:49:48.000000000 +0000 @@ -4,14 +4,14 @@ Postfix manual - postlock(1) 
      -POSTLOCK(1)                                                        POSTLOCK(1)
+POSTLOCK(1)                 General Commands Manual                POSTLOCK(1)
 
 NAME
        postlock - lock mail folder and execute command
 
 SYNOPSIS
-       postlock [-c config_dir] [-l lock_style]
-               [-v] file command...
+       postlock [-c config_dir] [-l lock_style]
+               [-v] file command...
 
 DESCRIPTION
        The  postlock(1)  command locks file for exclusive access, and executes
@@ -103,5 +103,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                    POSTLOCK(1)
      diff -Nru postfix-3.0.4/html/postlog.1.html postfix-3.1.0/html/postlog.1.html --- postfix-3.0.4/html/postlog.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postlog.1.html 2016-02-12 19:58:52.000000000 +0000 @@ -4,13 +4,13 @@ Postfix manual - postlog(1) 
      -POSTLOG(1)                                                          POSTLOG(1)
+POSTLOG(1)                  General Commands Manual                 POSTLOG(1)
 
 NAME
        postlog - Postfix-compatible logging utility
 
 SYNOPSIS
-       postlog [-iv] [-c config_dir] [-p priority] [-t tag] [text...]
+       postlog [-iv] [-c config_dir] [-p priority] [-t tag] [text...]
 
 DESCRIPTION
        The  postlog(1)  command implements a Postfix-compatible logging inter-
@@ -31,9 +31,11 @@
 
        -i     Include the process ID in the logging tag.
 
-       -p priority
-              Specifies the logging severity:  info  (default),  warn,  error,
-              fatal, or panic.
+       -p priority (default: info)
+              Specifies the logging severity: info,  warn,  error,  fatal,  or
+              panic.  With Postfix 3.1 and later, the program will pause for 1
+              second after reporting a fatal or  panic  condition,  just  like
+              other Postfix programs.
 
        -t tag Specifies  the  logging  tag, that is, the identifying name that
               appears at the beginning of each logging record. A  default  tag
@@ -78,5 +80,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                     POSTLOG(1)
      diff -Nru postfix-3.0.4/html/postmap.1.html postfix-3.1.0/html/postmap.1.html --- postfix-3.0.4/html/postmap.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postmap.1.html 2016-02-14 01:32:50.000000000 +0000 @@ -274,5 +274,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTMAP(1) diff -Nru postfix-3.0.4/html/postmulti.1.html postfix-3.1.0/html/postmulti.1.html --- postfix-3.0.4/html/postmulti.1.html 2015-10-03 23:28:25.000000000 +0000 +++ postfix-3.1.0/html/postmulti.1.html 2016-02-14 15:29:28.000000000 +0000 @@ -10,11 +10,11 @@ postmulti - Postfix multi-instance manager SYNOPSIS - ENABLING MULTI-INSTANCE MANAGEMENT: + Enabling multi-instance management: postmulti -e init [-v] - ITERATOR MODE: + Iterator mode: postmulti -l [-aRv] [-g group] [-i name] @@ -22,7 +22,7 @@ postmulti -x [-aRv] [-g group] [-i name] command... - LIFE-CYCLE MANAGEMENT: + Life-cycle management: postmulti -e create [-av] [-g group] [-i name] [-G group] [-I name] [param=value ...] diff -Nru postfix-3.0.4/html/postqueue.1.html postfix-3.1.0/html/postqueue.1.html --- postfix-3.0.4/html/postqueue.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postqueue.1.html 2016-02-14 19:55:47.000000000 +0000 @@ -10,11 +10,20 @@ postqueue - Postfix queue control SYNOPSIS + To flush the mail queue: + postqueue [-v] [-c config_dir] -f + postqueue [-v] [-c config_dir] -i queue_id - postqueue [-v] [-c config_dir] -p + postqueue [-v] [-c config_dir] -s site + To list the mail queue: + + postqueue [-v] [-c config_dir] -j + + postqueue [-v] [-c config_dir] -p + DESCRIPTION The postqueue(1) command implements the Postfix user interface for queue management. It implements operations that are traditionally @@ -46,6 +55,14 @@ This feature is available with Postfix version 2.4 and later. + -j Produce a queue listing in JSON format, based on output from the + showq(8) daemon. The result is a stream of zero or more JSON + objects, one per queue file. Each object is followed by a new- + line character to support simple streaming parsers. See "JSON + OBJECT FORMAT" below for details. + + This feature is available in Postfix 3.1 and later. + -p Produce a traditional sendmail-style queue listing. This option implements the traditional mailq command, by contacting the Postfix showq(8) daemon. @@ -78,36 +95,84 @@ options make the software increasingly verbose. As of Postfix 2.3, this option is available for the super-user only. +JSON OBJECT FORMAT + Each JSON object represents one queue file; it is emitted as a single + text line followed by a newline character. + + Object members have string values unless indicated otherwise. Programs + should ignore object members that are not listed here; the list of mem- + bers is expected to grow over time. + + queue_name + The name of the queue where the message was found. Note that + the contents of the mail queue may change while it is being + listed; some messages may appear more than once, and some mes- + sages may be missed. + + queue_id + The queue file name. The queue_id may be reused within a Postfix + instance unless "enable_long_queue_ids = true" and time is mono- + tonic. Even then, the queue_id is not expected to be unique + between different Postfix instances. Management tools that + require a unique name should combine the queue_id with the + myhostname setting of the Postfix instance. + + arrival_time + The number of seconds since the start of the UNIX epoch. + + message_size + The number of bytes in the message header and body. This number + does not include message envelope information. It is approxi- + mately equal to the number of bytes that would be transmitted + via SMTP including the <CR><LF> line endings. + + sender The envelope sender address. + + recipients + An array containing zero or more objects with members: + + address + One recipient address. + + delay_reason + If present, the reason for delayed delivery. Delayed + recipients may have no delay reason, for example, while + delivery is in progress, or after the system was stopped + before it could record the reason. + SECURITY - This program is designed to run with set-group ID privileges, so that + This program is designed to run with set-group ID privileges, so that it can connect to Postfix daemon processes. +STANDARDS + RFC 7159 (JSON notation) + DIAGNOSTICS Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT MAIL_CONFIG - Directory with the main.cf file. In order to avoid exploitation - of set-group ID privileges, a non-standard directory is allowed + Directory with the main.cf file. In order to avoid exploitation + of set-group ID privileges, a non-standard directory is allowed only if: - o The name is listed in the standard main.cf file with the + o The name is listed in the standard main.cf file with the alternate_config_directories configuration parameter. o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line, or + be specified with "-c config_directory" on the command line, or via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. command_directory (see 'postconf -d' output) @@ -118,7 +183,7 @@ tion logfiles with mail that is queued to those destinations. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix process will + The list of environment parameters that a Postfix process will import from a non-Postfix parent process. queue_directory (see 'postconf -d' output) @@ -128,12 +193,12 @@ The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix daemon (for + The time limit for sending a trigger to a Postfix daemon (for example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: @@ -169,5 +234,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTQUEUE(1) diff -Nru postfix-3.0.4/html/postscreen.8.html postfix-3.1.0/html/postscreen.8.html --- postfix-3.0.4/html/postscreen.8.html 2015-04-04 13:39:38.000000000 +0000 +++ postfix-3.1.0/html/postscreen.8.html 2015-07-12 00:10:57.000000000 +0000 @@ -34,11 +34,11 @@ Postfix SMTP server process. This minimizes the overhead for legitimate mail. - By default, postscreen(8) logs statistics and hands off every connec- - tion to a Postfix SMTP server process, while excluding clients in - mynetworks from all tests (primarily, to avoid problems with non-stan- - dard SMTP implementations in network appliances). This mode is useful - for non-destructive testing. + By default, postscreen(8) logs statistics and hands off each connection + to a Postfix SMTP server process, while excluding clients in mynetworks + from all tests (primarily, to avoid problems with non-standard SMTP + implementations in network appliances). This default mode blocks no + clients, and is useful for non-destructive testing. In a typical production setting, postscreen(8) is configured to reject mail from clients that fail one or more tests. postscreen(8) logs @@ -121,6 +121,11 @@ auth, etc.) that the postscreen(8) server will not send in the EHLO response to a remote SMTP client. + Available in Postfix version 3.1 and later: + + dns_ncache_ttl_fix_enable (no) + Enable a workaround for future libc incompatibility. + TROUBLE SHOOTING CONTROLS postscreen_expansion_filter (see 'postconf -d' output) List of characters that are permitted in @@ -292,9 +297,16 @@ The amount of time that postscreen(8) will use the result from a successful "bare newline" SMTP protocol test. - postscreen_dnsbl_ttl (1h) - The amount of time that postscreen(8) will use the result from a - successful DNS blocklist test. + postscreen_dnsbl_max_ttl + (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h) + The maximum amount of time that postscreen(8) will use the + result from a successful DNS-based reputation test before a + client IP address is required to pass that test again. + + postscreen_dnsbl_min_ttl (60s) + The minimum amount of time that postscreen(8) will use the + result from a successful DNS-based reputation test before a + client IP address is required to pass that test again. postscreen_greet_ttl (1d) The amount of time that postscreen(8) will use the result from a @@ -310,34 +322,34 @@ RESOURCE CONTROLS line_length_limit (2048) - Upon input, long lines are chopped up into pieces of at most + Upon input, long lines are chopped up into pieces of at most this length; upon delivery, long lines are reconstructed. postscreen_client_connection_count_limit ($smtpd_client_connec- tion_count_limit) - How many simultaneous connections any remote SMTP client is + How many simultaneous connections any remote SMTP client is allowed to have with the postscreen(8) daemon. postscreen_command_count_limit (20) - The limit on the total number of commands per SMTP session for + The limit on the total number of commands per SMTP session for postscreen(8)'s built-in SMTP protocol engine. postscreen_command_time_limit (normal: 300s, overload: 10s) - The time limit to read an entire command line with + The time limit to read an entire command line with postscreen(8)'s built-in SMTP protocol engine. postscreen_post_queue_limit ($default_process_limit) - The number of clients that can be waiting for service from a + The number of clients that can be waiting for service from a real Postfix SMTP server process. postscreen_pre_queue_limit ($default_process_limit) - The number of non-whitelisted clients that can be waiting for a - decision whether they will receive service from a real Postfix + The number of non-whitelisted clients that can be waiting for a + decision whether they will receive service from a real Postfix SMTP server process. postscreen_watchdog_timeout (10s) - How much time a postscreen(8) process may take to respond to a - remote SMTP client command or to perform a cache operation + How much time a postscreen(8) process may take to respond to a + remote SMTP client command or to perform a cache operation before it is terminated by a built-in watchdog timer. STARTTLS CONTROLS @@ -350,11 +362,11 @@ The name of the tlsproxy(8) service entry in master.cf. OBSOLETE STARTTLS SUPPORT CONTROLS - These parameters are supported for compatibility with smtpd(8) legacy + These parameters are supported for compatibility with smtpd(8) legacy parameters. postscreen_use_tls ($smtpd_use_tls) - Opportunistic TLS: announce STARTTLS support to remote SMTP + Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. postscreen_enforce_tls ($smtpd_enforce_tls) @@ -363,18 +375,18 @@ MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. process_id (read-only) @@ -387,8 +399,8 @@ The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". SEE ALSO @@ -406,7 +418,7 @@ HISTORY This service was introduced with Postfix version 2.8. - Many ideas in postscreen(8) were explored in earlier work by Michael + Many ideas in postscreen(8) were explored in earlier work by Michael Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control. AUTHOR(S) @@ -415,5 +427,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTSCREEN(8) diff -Nru postfix-3.0.4/html/postsuper.1.html postfix-3.1.0/html/postsuper.1.html --- postfix-3.0.4/html/postsuper.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/postsuper.1.html 2016-02-14 01:32:50.000000000 +0000 @@ -250,5 +250,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + POSTSUPER(1) diff -Nru postfix-3.0.4/html/posttls-finger.1.html postfix-3.1.0/html/posttls-finger.1.html --- postfix-3.0.4/html/posttls-finger.1.html 2015-02-02 17:46:17.000000000 +0000 +++ postfix-3.1.0/html/posttls-finger.1.html 2016-01-10 00:55:30.000000000 +0000 @@ -4,7 +4,7 @@ Postfix manual - posttls-finger(1) 
      -POSTTLS-FINGER(1)                                            POSTTLS-FINGER(1)
+POSTTLS-FINGER(1)           General Commands Manual          POSTTLS-FINGER(1)
 
 NAME
        posttls-finger - Probe the TLS properties of an ESMTP or LMTP server.
@@ -231,31 +231,37 @@
               with  these servers there will never be more than 1 reconnection
               attempt.
 
+       -M insecure_mx_policy (default: dane)
+              The TLS policy for MX hosts with "secure" TLSA records when  the
+              nexthop  destination  security  level is dane, but the MX record
+              was found via an "insecure" MX lookup.  See the main.cf documen-
+              tation for smtp_tls_insecure_mx_policy for details.
+
        -o name=value
-              Specify zero or more times to override the value of the  main.cf
-              parameter  name with value.  Possible use-cases include overrid-
-              ing the values of TLS library  parameters,  or  "myhostname"  to
+              Specify  zero or more times to override the value of the main.cf
+              parameter name with value.  Possible use-cases include  overrid-
+              ing  the  values  of  TLS library parameters, or "myhostname" to
               configure the SMTP EHLO name sent to the remote server.
 
        -p protocols (default: !SSLv2)
-              List  of  TLS  protocols  that  posttls-finger  will  exclude or
+              List of  TLS  protocols  that  posttls-finger  will  exclude  or
               include.  See smtp_tls_mandatory_protocols for details.
 
        -P CApath/ (default: none)
-              The OpenSSL CApath/  directory  (indexed  via  c_rehash(1))  for
+              The  OpenSSL  CApath/  directory  (indexed  via c_rehash(1)) for
               remote SMTP server certificate verification.  By default no CAp-
               ath is used and no public CAs are trusted.
 
        -r delay
-              With a cacheable TLS session,  disconnect  and  reconnect  after
+              With  a  cacheable  TLS  session, disconnect and reconnect after
               delay seconds. Report whether the session is re-used. Retry if a
-              new server is encountered, up to 5 times or  as  specified  with
-              the  -m  option.  By default reconnection is disabled, specify a
+              new  server  is  encountered, up to 5 times or as specified with
+              the -m option.  By default reconnection is disabled,  specify  a
               positive delay to enable this behavior.
 
-       -S     Disable SMTP; that is, connect to an LMTP  server.  The  default
-              port  for  LMTP over TCP is 24.  Alternative ports can specified
-              by appending ":servicename" or ":portnumber" to the  destination
+       -S     Disable  SMTP;  that  is, connect to an LMTP server. The default
+              port for LMTP over TCP is 24.  Alternative ports  can  specified
+              by  appending ":servicename" or ":portnumber" to the destination
               argument.
 
        -t timeout (default: 30)
@@ -263,7 +269,7 @@
               reading the remote server's 220 banner.
 
        -T timeout (default: 30)
-              The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and  QUIT.
+              The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT.
 
        -v     Enable  verbose  Postfix  logging.   Specify  more  than once to
               increase the level of verbose logging.
diff -Nru postfix-3.0.4/html/proxymap.8.html postfix-3.1.0/html/proxymap.8.html
--- postfix-3.0.4/html/proxymap.8.html	2015-01-29 22:21:02.000000000 +0000
+++ postfix-3.1.0/html/proxymap.8.html	2016-02-14 01:32:49.000000000 +0000
@@ -208,5 +208,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                    PROXYMAP(8)
      diff -Nru postfix-3.0.4/html/qmgr.8.html postfix-3.1.0/html/qmgr.8.html --- postfix-3.0.4/html/qmgr.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/qmgr.8.html 2016-02-14 15:29:27.000000000 +0000 @@ -357,6 +357,16 @@ transport_destination_rate_delay $default_destination_rate_delay Idem, for delivery via the named message transport. + Available in Postfix version 3.1 and later: + + default_transport_rate_delay (0s) + The default amount of delay that is inserted between individual + deliveries over the same message delivery transport, regardless + of destination. + + transport_transport_rate_delay $default_transport_rate_delay + Idem, for delivery via the named message transport. + SAFETY CONTROLS qmgr_daemon_timeout (1000s) How much time a Postfix queue manager process may take to handle @@ -366,9 +376,15 @@ The time limit for the queue manager to send or receive informa- tion over an internal communication channel. + Available in Postfix version 3.1 and later: + + address_verify_pending_request_limit (see 'postconf -d' output) + A safety limit that prevents address verification requests from + overwhelming the Postfix queue. + MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. defer_transports (empty) @@ -376,11 +392,11 @@ mail unless someone issues "sendmail -q" or equivalent. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. helpful_warnings (yes) - Log warnings about problematic configuration settings, and pro- + Log warnings about problematic configuration settings, and pro- vide helpful suggestions. process_id (read-only) @@ -396,14 +412,14 @@ The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available in Postfix version 3.0 and later: confirm_delay_cleared (no) - After sending a "your message is delayed" notification, inform + After sending a "your message is delayed" notification, inform the sender when the delay clears up. FILES @@ -440,5 +456,10 @@ Modra 6 155 00, Prague, Czech Republic + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + QMGR(8) diff -Nru postfix-3.0.4/html/qmqpd.8.html postfix-3.1.0/html/qmqpd.8.html --- postfix-3.0.4/html/qmqpd.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/qmqpd.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -175,5 +175,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + QMQPD(8) diff -Nru postfix-3.0.4/html/qmqp-sink.1.html postfix-3.1.0/html/qmqp-sink.1.html --- postfix-3.0.4/html/qmqp-sink.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/qmqp-sink.1.html 2016-02-14 15:29:28.000000000 +0000 @@ -55,5 +55,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + QMQP-SINK(1) diff -Nru postfix-3.0.4/html/qmqp-source.1.html postfix-3.1.0/html/qmqp-source.1.html --- postfix-3.0.4/html/qmqp-source.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/qmqp-source.1.html 2016-02-14 01:09:41.000000000 +0000 @@ -88,5 +88,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + QMQP-SOURCE(1) diff -Nru postfix-3.0.4/html/regexp_table.5.html postfix-3.1.0/html/regexp_table.5.html --- postfix-3.0.4/html/regexp_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/regexp_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -178,5 +178,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + REGEXP_TABLE(5) diff -Nru postfix-3.0.4/html/relocated.5.html postfix-3.1.0/html/relocated.5.html --- postfix-3.0.4/html/relocated.5.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/relocated.5.html 2016-02-14 01:39:26.000000000 +0000 @@ -155,5 +155,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + RELOCATED(5) diff -Nru postfix-3.0.4/html/SASL_README.html postfix-3.1.0/html/SASL_README.html --- postfix-3.0.4/html/SASL_README.html 2014-07-30 17:16:46.000000000 +0000 +++ postfix-3.1.0/html/SASL_README.html 2015-07-26 13:48:24.000000000 +0000 @@ -1659,6 +1659,8 @@ 
       /etc/postfix/main.cf:
     smtp_sasl_auth_enable = yes
+    smtp_tls_security_level = encrypt
+    smtp_sasl_tls_security_options = noanonymous
     relayhost = [mail.isp.example]
     # Alternative form:
     # relayhost = [mail.isp.example]:submission
@@ -1673,6 +1675,11 @@
 and password information in the second part of the example.
      • +

    • The smtp_tls_security_level setting ensures +that the connection to the remote smtp server will be encrypted, and +smtp_sasl_tls_security_options removes the prohibition on +plaintext passwords.

      +

    • The relayhost setting forces the Postfix SMTP to send all remote messages to the specified mail server instead of trying to deliver them directly to their destination.

      • @@ -1781,7 +1788,7 @@ 
       /etc/postfix/sasl_passwd:
     # Per-sender authentication; see also /etc/postfix/sender_relay.
-    user1@example.com               username2:password2
+    user1@example.com               username1:password1
     user2@example.net               username2:password2
     # Login information for the default relayhost.
     [mail.isp.example]              username:password
diff -Nru postfix-3.0.4/html/scache.8.html postfix-3.1.0/html/scache.8.html
--- postfix-3.0.4/html/scache.8.html	2015-01-29 22:21:02.000000000 +0000
+++ postfix-3.1.0/html/scache.8.html	2016-02-14 01:32:50.000000000 +0000
@@ -151,5 +151,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                      SCACHE(8)
      diff -Nru postfix-3.0.4/html/sendmail.1.html postfix-3.1.0/html/sendmail.1.html --- postfix-3.0.4/html/sendmail.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/sendmail.1.html 2016-02-14 15:29:27.000000000 +0000 @@ -452,5 +452,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SENDMAIL(1) diff -Nru postfix-3.0.4/html/showq.8.html postfix-3.1.0/html/showq.8.html --- postfix-3.0.4/html/showq.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/showq.8.html 2015-12-28 00:10:33.000000000 +0000 @@ -13,17 +13,18 @@ showq [generic Postfix daemon options] DESCRIPTION - The showq(8) daemon reports the Postfix mail queue status. It is the - program that emulates the sendmail `mailq' command. + The showq(8) daemon reports the Postfix mail queue status. The output + is meant to be formatted by the postqueue(1) command, as it emulates + the Sendmail `mailq' command. - The showq(8) daemon can also be run in stand-alone mode by the supe- - ruser. This mode of operation is used to emulate the `mailq' command + The showq(8) daemon can also be run in stand-alone mode by the supe- + ruser. This mode of operation is used to emulate the `mailq' command while the Postfix mail system is down. SECURITY - The showq(8) daemon can run in a chroot jail at fixed low privilege, - and takes no input from the client. Its service port is accessible to - local untrusted users, so the service can be susceptible to denial of + The showq(8) daemon can run in a chroot jail at fixed low privilege, + and takes no input from the client. Its service port is accessible to + local untrusted users, so the service can be susceptible to denial of service attacks. STANDARDS @@ -33,19 +34,19 @@ Problems and transactions are logged to syslogd(8). CONFIGURATION PARAMETERS - Changes to main.cf are picked up automatically as showq(8) processes + Changes to main.cf are picked up automatically as showq(8) processes run for only a limited amount of time. Use the command "postfix reload" to speed up a change. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. duplicate_filter_limit (1000) @@ -57,11 +58,11 @@ The recipient of mail addressed to the null address. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -81,8 +82,8 @@ The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available in Postfix version 2.9 and later: @@ -110,5 +111,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SHOWQ(8) diff -Nru postfix-3.0.4/html/smtp.8.html postfix-3.1.0/html/smtp.8.html --- postfix-3.0.4/html/smtp.8.html 2015-07-19 22:34:32.000000000 +0000 +++ postfix-3.1.0/html/smtp.8.html 2016-02-14 01:09:40.000000000 +0000 @@ -109,6 +109,7 @@ RFC 5321 (SMTP protocol) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) + RFC 7672 (SMTP security via opportunistic DANE TLS) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Corrupted message @@ -327,8 +328,8 @@ smtp_sasl_password_maps (empty) Optional Postfix SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, or sender - address when sender-dependent authentication is enabled. + name:password entry per sender, remote hostname or next-hop + domain. smtp_sasl_security_options (noplaintext, noanonymous) Postfix SMTP client SASL security options; as of Postfix 2.3 the @@ -473,17 +474,17 @@ process requests from the tlsmgr(8) server in order to seed its internal pseudo random number generator (PRNG). - tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) - The OpenSSL cipherlist for "HIGH" grade ciphers. + tls_high_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "high" grade ciphers. - tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) - The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. + tls_medium_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "medium" or higher grade ciphers. - tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade ciphers. + tls_low_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "low" or higher grade ciphers. - tls_export_cipherlist (ALL:+RC4:@STRENGTH) - The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. + tls_export_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "export" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) The OpenSSL cipherlist for "NULL" grade ciphers that provide @@ -561,6 +562,13 @@ Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command. + Available in Postfix version 3.1 and later: + + smtp_tls_dane_insecure_mx_policy (dane) + The TLS policy for MX hosts with "secure" TLSA records when the + nexthop destination security level is dane, but the MX record + was found via an "insecure" MX lookup. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a @@ -845,6 +853,12 @@ In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. + Available with Postfix 3.1 and later: + + lmtp_fallback_relay (empty) + Optional list of relay hosts for LMTP destinations that can't be + found or that are unreachable. + SEE ALSO generic(5), output address rewriting header_checks(5), message header content inspection @@ -871,6 +885,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + Command pipelining in cooperation with: Jon Ribbens Oaktree Internet Solutions Ltd., diff -Nru postfix-3.0.4/html/smtpd.8.html postfix-3.1.0/html/smtpd.8.html --- postfix-3.0.4/html/smtpd.8.html 2015-07-19 22:34:32.000000000 +0000 +++ postfix-3.1.0/html/smtpd.8.html 2016-02-06 20:38:29.000000000 +0000 @@ -59,6 +59,7 @@ RFC 5321 (SMTP protocol) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) + RFC 7505 ("Null MX" No Service Resource Record) DIAGNOSTICS Problems and transactions are logged to syslogd(8). @@ -81,7 +82,7 @@ undesirable use. broken_sasl_auth_clients (no) - Enable inter-operability with remote SMTP clients that implement + Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). disable_vrfy_command (no) @@ -289,6 +290,13 @@ The macros that are sent to Milter (mail filter) applications after the message end-of-data. + Available in Postfix version 3.1 and later: + + milter_macro_defaults (empty) + Optional list of name=value pairs that specify default values + for arbitrary macros that Postfix may send to Milter applica- + tions. + GENERAL CONTENT INSPECTION CONTROLS The following parameters are applicable for both built-in and external content filters. @@ -316,7 +324,7 @@ details. broken_sasl_auth_clients (no) - Enable inter-operability with remote SMTP clients that implement + Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). smtpd_sasl_auth_enable (no) @@ -332,8 +340,8 @@ tation that is selected with smtpd_sasl_type. smtpd_sender_login_maps (empty) - Optional lookup table with the SASL login names that own sender - (MAIL FROM) addresses. + Optional lookup table with the SASL login names that own the + sender (MAIL FROM) addresses. Available in Postfix version 2.1 and later: @@ -476,17 +484,17 @@ process requests from the tlsmgr(8) server in order to seed its internal pseudo random number generator (PRNG). - tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) - The OpenSSL cipherlist for "HIGH" grade ciphers. + tls_high_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "high" grade ciphers. - tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) - The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. + tls_medium_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "medium" or higher grade ciphers. - tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade ciphers. + tls_low_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "low" or higher grade ciphers. - tls_export_cipherlist (ALL:+RC4:@STRENGTH) - The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. + tls_export_cipherlist (see 'postconf -d' output) + The OpenSSL cipherlist for "export" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) The OpenSSL cipherlist for "NULL" grade ciphers that provide @@ -833,6 +841,13 @@ record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). + Available in Postfix version 3.1 and later: + + smtpd_client_auth_rate_limit (0) + The maximal number of AUTH commands that any client is allowed + to send to this service per time unit, regardless of whether or + not Postfix actually accepts those commands. + TARPIT CONTROLS When a remote SMTP client makes errors, the Postfix SMTP server can insert delays before responding. This can help to slow down run-away @@ -903,62 +918,70 @@ The delay between attempts to resend a failed SMTPD policy ser- vice request. + Available in Postfix version 3.1 and later: + + smtpd_policy_service_policy_context (empty) + Optional information that the Postfix SMTP server specifies in + the "policy_context" attribute of a policy service request + (originally, to share the same service endpoint among multiple + check_policy_service clients). + ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to all the SMTP + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the ETRN command - before evaluating $smtpd_client_restrictions and + before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. parent_domain_matches_subdomains (see 'postconf -d' output) - A list of Postfix features where the pattern "example.com" also - matches subdomains of example.com, instead of requiring an + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself with the - HELO or EHLO command before sending the MAIL command or other + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server applies in - the context of a client RCPT TO command, after + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients to destina- + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina- tions matching $relay_domains. smtpd_restriction_classes (empty) User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables instead of + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP access feature to + Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: @@ -968,19 +991,19 @@ applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of RBL reply + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail from unknown - sender addresses, even when no explicit reject_unlisted_sender + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail for unknown - recipient addresses, even when no explicit + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: @@ -994,17 +1017,17 @@ smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP - server applies in the context of the RCPT TO command, before + server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica- + Postfix version 2.1 introduces sender and recipient address verifica- tion. This feature is implemented by sending probe email messages that are not actually delivered. This feature is requested via the - reject_unverified_sender and reject_unverified_recipient access - restrictions. The status of verification probes is maintained by the - verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- - mation about how to configure and operate the Postfix sender/recipient + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- + mation about how to configure and operate the Postfix sender/recipient address verification service. address_verify_poll_count (normal: 3, overload: 1) @@ -1016,7 +1039,7 @@ fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification probes; prior + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) @@ -1024,18 +1047,18 @@ address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a recipient - address is rejected by the reject_unverified_recipient restric- + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric- tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code when a sender + The numerical Postfix SMTP server response code when a sender address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a recipient + The numerical Postfix SMTP server response when a recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1047,17 +1070,17 @@ reject_unverified_recipient. unverified_sender_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_sender + The Postfix SMTP server's action when reject_unverified_sender fails due to a temporary error condition. unverified_recipient_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_recipi- + The Postfix SMTP server's action when reject_unverified_recipi- ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent portion of + The time between changes in the time-dependent portion of address verification probe sender addresses. ACCESS CONTROL RESPONSES @@ -1069,36 +1092,36 @@ map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code when the client - HELO or EHLO command parameter is rejected by the + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_rbl_client, + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a client - request is rejected by the reject_non_fqdn_helo_hostname, + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code when a request + The numerical Postfix SMTP server response code when a request is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code when a client - request is rejected by the reject_unauth_destination recipient + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) @@ -1106,24 +1129,24 @@ a sender or recipient address because its domain is unknown. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code when a client - without valid address <=> name mapping is rejected by the + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code when the host- - name specified with the HELO or EHLO command is rejected by the + The numerical Postfix SMTP server response code when the host- + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template for a request + The default Postfix SMTP server response template for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_multi_recipi- + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi- ent_bounce restriction. rbl_reply_maps (empty) @@ -1133,52 +1156,52 @@ access_map_defer_code (450) The numerical Postfix SMTP server response code for an access(5) - map "defer" action, including "defer_if_permit" or + map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type restriction + The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. unknown_helo_hostname_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unknown_helo_host- + The Postfix SMTP server's action when reject_unknown_helo_host- name fails due to an temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or reject_unknown_recipient_domain + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that are gener- + The sender address of postmaster notifications that are gener- ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: headers, in + The mail system name that is displayed in Received: headers, in the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1189,11 +1212,11 @@ The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have more privi- + The list of "trusted" remote SMTP clients that have more privi- leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -1206,26 +1229,26 @@ The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name from its - extension (example: user+foo), or a .forward file name from its + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its extension (example: .forward+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the SMTP greeting + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that cause the Postfix SMTP server to immedi- + List of commands that cause the Postfix SMTP server to immedi- ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: @@ -1269,6 +1292,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SASL support originally by: Till Franke SuSE Rhein/Main AG diff -Nru postfix-3.0.4/html/SMTPD_POLICY_README.html postfix-3.1.0/html/SMTPD_POLICY_README.html --- postfix-3.0.4/html/SMTPD_POLICY_README.html 2015-01-29 22:33:47.000000000 +0000 +++ postfix-3.1.0/html/SMTPD_POLICY_README.html 2015-09-13 16:37:24.000000000 +0000 @@ -108,6 +108,8 @@ ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40 Postfix version 3.0 and later: client_port=1234 +Postfix version 3.1 and later: +policy_context=submission [empty line] @@ -195,6 +197,10 @@

    • The "stress" attribute is either empty or "yes". See the STRESS_README document for further information.

      +

    • The "policy_context" attribute provides a way to pass + information that is not available via other attributes (Postfix + version 3.1 and later).

      +

    The following is specific to SMTPD delegated policy requests: @@ -367,6 +373,12 @@ between attempts to resend a failed SMTPD policy service request. Available with Postfix 3.0 and later.

    +

  • smtpd_policy_service_policy_context (default: empty): +Optional information that is passed in the "policy_context" attribute +of an SMTPD policy service request (originally, to share the same +SMTPD service endpoint among multiple check_policy_service clients). +Available with Postfix 3.1 and later.

    +

    Configuration parameters that control the server side of the diff -Nru postfix-3.0.4/html/smtp-sink.1.html postfix-3.1.0/html/smtp-sink.1.html --- postfix-3.0.4/html/smtp-sink.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/smtp-sink.1.html 2016-02-14 01:09:41.000000000 +0000 @@ -258,7 +258,7 @@ ware. This three-line header marks the end of the headers pro- vided by smtp-sink, and is formatted as follows: - from helo ([addr]) + from helo ([addr]) The HELO or EHLO command argument and client IP address. If the client did not send HELO or EHLO, the client IP address is used instead. @@ -283,5 +283,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SMTP-SINK(1) diff -Nru postfix-3.0.4/html/smtp-source.1.html postfix-3.1.0/html/smtp-source.1.html --- postfix-3.0.4/html/smtp-source.1.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/smtp-source.1.html 2016-02-14 01:09:41.000000000 +0000 @@ -128,5 +128,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SMTP-SOURCE(1) diff -Nru postfix-3.0.4/html/SMTPUTF8_README.html postfix-3.1.0/html/SMTPUTF8_README.html --- postfix-3.0.4/html/SMTPUTF8_README.html 2015-02-03 18:13:55.000000000 +0000 +++ postfix-3.1.0/html/SMTPUTF8_README.html 2015-02-20 21:34:08.000000000 +0000 @@ -92,7 +92,7 @@

    Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part of a backwards-compatibility safety net (see the -Postfix 3.0 RELEASE_NOTES file).

    +COMPATIBILITY_README file).

    SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in main.cf:

    diff -Nru postfix-3.0.4/html/socketmap_table.5.html postfix-3.1.0/html/socketmap_table.5.html --- postfix-3.0.4/html/socketmap_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/socketmap_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -31,20 +31,21 @@ string object. REQUEST FORMAT - The socketmap protocol supports only the lookup request. - - Postfix will not generate partial search keys such as domain names - without one or more subdomains, network addresses without one or more - least-significant octets, or email addresses without the localpart, - address extension or domain portion. This behavior is also found with - cidr:, pcre:, and regexp: tables. + The socketmap protocol supports only the lookup request. The request + has the following form: name <space> key Search the named socketmap for the specified key. + Postfix will not generate partial search keys such as domain names + without one or more subdomains, network addresses without one or more + least-significant octets, or email addresses without the localpart, + address extension or domain portion. This behavior is also found with + cidr:, pcre:, and regexp: tables. + REPLY FORMAT - The Postfix socketmap client requires that replies are not longer than - 100000 characters (not including the netstring encapsulation). Replies + The Postfix socketmap client requires that replies are not longer than + 100000 characters (not including the netstring encapsulation). Replies must have the following form: OK <space> data @@ -58,7 +59,7 @@ TIMEOUT <space> reason PERM <space> reason - The request failed. The reason, if non-empty, is descriptive + The request failed. The reason, if non-empty, is descriptive text. SECURITY @@ -91,5 +92,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SOCKETMAP_TABLE(5) diff -Nru postfix-3.0.4/html/SOHO_README.html postfix-3.1.0/html/SOHO_README.html --- postfix-3.0.4/html/SOHO_README.html 2014-07-30 17:16:46.000000000 +0000 +++ postfix-3.1.0/html/SOHO_README.html 2015-07-26 13:48:24.000000000 +0000 @@ -248,6 +248,8 @@ 
     /etc/postfix/main.cf:
     smtp_sasl_auth_enable = yes
+    smtp_tls_security_level = encrypt
+    smtp_sasl_tls_security_options = noanonymous
     relayhost = [mail.isp.example]
     # Alternative form:
     # relayhost = [mail.isp.example]:submission
@@ -262,6 +264,11 @@
 and password information in the second part of the example.
    • +

  • The smtp_tls_security_level setting ensures +that the connection to the remote smtp server will be encrypted, and +smtp_sasl_tls_security_options removes the prohibition on +plaintext passwords.

    +

  • The relayhost setting forces the Postfix SMTP to send all remote messages to the specified mail server instead of trying to deliver them directly to their destination.

    • @@ -370,7 +377,7 @@ 
     /etc/postfix/sasl_passwd:
     # Per-sender authentication; see also /etc/postfix/sender_relay.
-    user1@example.com               username2:password2
+    user1@example.com               username1:password1
     user2@example.net               username2:password2
     # Login information for the default relayhost.
     [mail.isp.example]              username:password
diff -Nru postfix-3.0.4/html/spawn.8.html postfix-3.1.0/html/spawn.8.html
--- postfix-3.0.4/html/spawn.8.html	2015-01-29 22:21:02.000000000 +0000
+++ postfix-3.1.0/html/spawn.8.html	2016-02-14 01:32:49.000000000 +0000
@@ -139,5 +139,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                       SPAWN(8)
    diff -Nru postfix-3.0.4/html/STRESS_README.html postfix-3.1.0/html/STRESS_README.html --- postfix-3.0.4/html/STRESS_README.html 2013-11-22 13:47:38.000000000 +0000 +++ postfix-3.1.0/html/STRESS_README.html 2015-11-15 16:14:45.000000000 +0000 @@ -158,16 +158,19 @@ 
    -1 smtpd_timeout = ${stress?10}${stress:300}s
-2 smtpd_hard_error_limit = ${stress?1}${stress:20}
-3 smtpd_junk_command_limit = ${stress?1}${stress:100}
+1 smtpd_timeout = ${stress?{10}:{300}}s
+2 smtpd_hard_error_limit = ${stress?{1}:{20}}
+3 smtpd_junk_command_limit = ${stress?{1}:{100}}
 4 # Parameters added after Postfix 2.6:
-5 smtpd_per_record_deadline = ${stress?yes}${stress:no}
-6 smtpd_starttls_timeout = ${stress?10}${stress:300}s
-7 address_verify_poll_count = ${stress?1}${stress:3}
+5 smtpd_per_record_deadline = ${stress?{yes}:{no}}
+6 smtpd_starttls_timeout = ${stress?{10}:{300}}s
+7 address_verify_poll_count = ${stress?{1}:{3}}
    +

    Postfix versions before 3.0 use the older form ${stress?x}${stress:y} +instead of the newer form ${stress?{x}:{y}}.

    +

    Translation:

      @@ -216,8 +219,9 @@
    -

    The syntax of ${name?value} and ${name:value} is explained at -the beginning of the postconf(5) manual page.

    +

    The syntax of ${name?{value}:{value}}, ${name?value} and +${name:value} is explained at the beginning of the postconf(5) +manual page.

    NOTE: Please keep in mind that the stress-adaptive feature is a fairly desperate measure to keep some legitimate mail diff -Nru postfix-3.0.4/html/tcp_table.5.html postfix-3.1.0/html/tcp_table.5.html --- postfix-3.0.4/html/tcp_table.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/tcp_table.5.html 2016-02-14 01:39:27.000000000 +0000 @@ -99,5 +99,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TCP_TABLE(5) diff -Nru postfix-3.0.4/html/tlsmgr.8.html postfix-3.1.0/html/tlsmgr.8.html --- postfix-3.0.4/html/tlsmgr.8.html 2015-01-29 22:21:03.000000000 +0000 +++ postfix-3.1.0/html/tlsmgr.8.html 2016-02-14 01:32:50.000000000 +0000 @@ -180,5 +180,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TLSMGR(8) diff -Nru postfix-3.0.4/html/tlsproxy.8.html postfix-3.1.0/html/tlsproxy.8.html --- postfix-3.0.4/html/tlsproxy.8.html 2015-07-19 13:13:28.000000000 +0000 +++ postfix-3.1.0/html/tlsproxy.8.html 2016-02-14 01:32:50.000000000 +0000 @@ -213,5 +213,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TLSPROXY(8) diff -Nru postfix-3.0.4/html/TLS_README.html postfix-3.1.0/html/TLS_README.html --- postfix-3.0.4/html/TLS_README.html 2015-07-20 23:00:12.000000000 +0000 +++ postfix-3.1.0/html/TLS_README.html 2016-02-08 22:24:01.000000000 +0000 @@ -630,9 +630,11 @@ valid session ticket, the server decrypts it and resumes the session, provided neither the ticket nor the session have expired. This makes it possible to resume cached sessions without allocating space -for a shared database on the server. This feature can be disabled -by setting the session cache timeout to zero, otherwise the timeout -must be at least 2 minutes and at most 100 days.

    +for a shared database on the server. Consequently, for Postfix +≥ 2.11 the smtpd_tls_session_cache_database parameter should +generally be left empty. Session caching can be disabled by setting +the session cache timeout to zero, otherwise the timeout must be +at least 2 minutes and at most 100 days.

    Note, session tickets can only be negotiated if the client disables SSLv2 and does not use the legacy SSLv2 compatible HELLO @@ -934,7 +936,7 @@ -

    With Postfix ≥ 2.11, the tls_ssl_options parameter specifies +

    With Postfix ≥ 2.11, the tls_ssl_options parameter specifies a list or bit-mask of OpenSSL options to enable. Specify one or more of the named options below, or a hexadecimal bitmask of options found in the ssl.h file corresponding to the run-time OpenSSL @@ -959,7 +961,7 @@ 

     /etc/postfix/main.cf:
-    tls_ssl_options = no_ticket, no_compression
+    tls_ssl_options = no_ticket, no_compression
    @@ -2546,7 +2548,7 @@ significantly vulnerable to the renegotiation issue in the TLS protocol.

    -

    With Postfix ≥ 2.11, the tls_ssl_options parameter specifies +

    With Postfix ≥ 2.11, the tls_ssl_options parameter specifies a list or bit-mask of OpenSSL options to enable. Specify one or more of the named options below, or a hexadecimal bitmask of options found in the ssl.h file corresponding to the run-time OpenSSL @@ -2566,7 +2568,7 @@ 

     /etc/postfix/main.cf:
-    tls_ssl_options = NO_TICKET, NO_COMPRESSION, LEGACY_SERVER_CONNECT
+    tls_ssl_options = NO_TICKET, NO_COMPRESSION, LEGACY_SERVER_CONNECT
    @@ -2685,28 +2687,128 @@ sign your own Postfix public key certificate, you get TLS encryption but no TLS authentication. This is sufficient for testing, and for exchanging email with sites that you have no trust relationship -with. For real authentication, your Postfix public key certificate -needs to be signed by a recognized Certification Authority, and -Postfix needs to be configured with a list of public key certificates -of Certification Authorities, so that Postfix can verify the public key -certificates of remote hosts.

    +with. For real authentication you need also enable DNSSEC record +signing for your domain and publish TLSA records and/or your Postfix +public key certificate needs to be signed by a recognized Certification +Authority. To authenticate the certificates of remote host you +need a DNSSEC-validating local resolver and to enable DANE authentication and/or configure +the Postfix SMTP client with a list of public key certificates of +Certification Authorities, but make sure to read about the limitations of the latter approach. +

    In the examples below, user input is shown in bold font, and a "#" prompt indicates a super-user shell.

    + +

    Quick-start TLS with Postfix ≥ 3.1

    -

  • Private Certification Authority.

    +

    Postfix 3.1 provides built-in support for enabling TLS in the +SMTP client and server and for ongoing certificate and DANE TLSA +record management. +

    +

    Quick-start TLS in the Postfix ≥ 3.1 SMTP client.

    + +

    If you are using Postfix 3.1 or later, and your SMTP client TLS +settings are in their default state, you can enable opportunistic TLS in the SMTP client as +follows:

    + +
    +
    +# postfix tls enable-client
+# postfix reload
+
    +
    + +

    If some of the Postfix SMTP client TLS settings are not in their +default state, this will not make any changes, but will instead +suggest the minimal required settings for SMTP client TLS. The +"postfix reload" command is optional, it is only needed if you want +the settings to take effect right away. Note, this does not enable +trust in any public certification authorities, and does not configure +client TLS certificates as these are largely pointless with opportunistic TLS.

    + +

    There is not yet a turn-key command for enabling DANE authentication. This is because +DANE requires changes to your resolv.conf file and a +corresponding DNSSEC-validating resolver local to the Postfix host, +these changes are difficult to automate in a portable way.

    + +

    If you're willing to revert your settings to the defaults and +switch to a "stock" opportunistic TLS configuration, then you can: +erase all the SMTP client TLS settings and then enable client TLS:

    + +
    +
    +# postconf -X `postconf -nH | egrep '^smtp(_|_enforce_|_use_)tls'`
+# postfix tls enable-client
+# postfix reload
+
    +
    + +

    Quick-start TLS in the Postfix ≥ 3.1 SMTP server.

    + +

    If you are using Postfix 3.1 or later, and your SMTP server TLS +settings are in their default state, you can enable +opportunistic TLS in the SMTP server as follows:

    + +
    +
    +# postfix tls enable-server
+# postfix reload
+
    +
    + +

    If some of the Postfix SMTP client TLS settings are not in their +default state, this will not make any changes, but will instead +suggest the minimal required settings for SMTP client TLS. The +"postfix reload" command is optional, it is only needed if you want +the settings to take effect right away. This will generate a +self-signed private key and certificate and enable TLS in the Postfix +SMTP server.

    + +

    If you're willing to revert your settings to the defaults and +switch to a "stock" server TLS configuration, then you can: erase +all the SMTP server TLS settings and then enable server TLS:

    + +
    +
    +# postconf -X `postconf -nH | egrep '^smtpd(_|_enforce_|_use_)tls'`
+# postfix tls enable-server
+# postfix reload
+
    +
    + +

    Postfix ≥ 3.1 provides additional built-in support for ongoing +management of TLS in the SMTP server, via additional "postfix tls" +sub-commands. These make it easy to generate certificate signing +requests, create and deploy new keys and certificates, and generate +DANE TLSA records. See the postfix-tls(1) documentation for details. +

    +

    Self-signed server certificate

    -

    The following commands (credits: Viktor Dukhovni) generate -and install a private key and 10-year self-signed certificate for -the local Postfix system. This requires super-user privileges.

    +

    The following commands (credits: Viktor Dukhovni) generate and +install a 2048-bit RSA private key and 10-year self-signed certificate +for the local Postfix system. This requires super-user privileges. +

    diff -Nru postfix-3.0.4/html/trace.8.html postfix-3.1.0/html/trace.8.html
--- postfix-3.0.4/html/trace.8.html	2015-01-29 22:21:01.000000000 +0000
+++ postfix-3.1.0/html/trace.8.html	2016-02-14 01:32:48.000000000 +0000
@@ -171,5 +171,10 @@
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
                                                                      BOUNCE(8)
    diff -Nru postfix-3.0.4/html/transport.5.html postfix-3.1.0/html/transport.5.html --- postfix-3.0.4/html/transport.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/transport.5.html 2016-02-14 01:39:26.000000000 +0000 @@ -265,5 +265,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TRANSPORT(5) diff -Nru postfix-3.0.4/html/trivial-rewrite.8.html postfix-3.1.0/html/trivial-rewrite.8.html --- postfix-3.0.4/html/trivial-rewrite.8.html 2015-01-30 00:55:20.000000000 +0000 +++ postfix-3.1.0/html/trivial-rewrite.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -319,5 +319,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TRIVIAL-REWRITE(8) diff -Nru postfix-3.0.4/html/TUNING_README.html postfix-3.1.0/html/TUNING_README.html --- postfix-3.0.4/html/TUNING_README.html 2012-09-02 23:46:23.000000000 +0000 +++ postfix-3.1.0/html/TUNING_README.html 2015-11-01 00:50:57.000000000 +0000 @@ -267,6 +267,11 @@ time interval specified with anvil_rate_time_unit (default: 60s). +
    smtpd_client_auth_rate_limit (default: no limit)
    +The maximum number of AUTH commands that an SMTP client may send +in the time interval specified with anvil_rate_time_unit (default: +60s). Available in Postfix 3.1 and later.
    +
    smtpd_client_event_limit_exceptions (default: $mynetworks)
    SMTP clients that are excluded from connection and rate limits specified above.
    diff -Nru postfix-3.0.4/html/verify.8.html postfix-3.1.0/html/verify.8.html --- postfix-3.0.4/html/verify.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/verify.8.html 2016-02-14 01:09:41.000000000 +0000 @@ -220,5 +220,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + VERIFY(8) diff -Nru postfix-3.0.4/html/virtual.5.html postfix-3.1.0/html/virtual.5.html --- postfix-3.0.4/html/virtual.5.html 2015-01-29 22:21:04.000000000 +0000 +++ postfix-3.1.0/html/virtual.5.html 2016-02-14 01:39:26.000000000 +0000 @@ -262,5 +262,10 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + VIRTUAL(5) diff -Nru postfix-3.0.4/html/virtual.8.html postfix-3.1.0/html/virtual.8.html --- postfix-3.0.4/html/virtual.8.html 2015-01-29 22:21:02.000000000 +0000 +++ postfix-3.1.0/html/virtual.8.html 2016-02-14 01:32:49.000000000 +0000 @@ -299,6 +299,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + Andrew McNamara andrewm@connect.com.au connect.com.au Pty. Ltd. diff -Nru postfix-3.0.4/.indent.pro postfix-3.1.0/.indent.pro --- postfix-3.0.4/.indent.pro 2015-01-11 13:28:18.000000000 +0000 +++ postfix-3.1.0/.indent.pro 2015-12-27 22:04:47.000000000 +0000 @@ -249,6 +249,7 @@ -TPLMYSQL -TPLPGSQL -TPOSTMAP_KEY_STATE +-TPOST_MAIL_FCLOSE_STATE -TPOST_MAIL_STATE -TPRIVATE_STR_TABLE -TPSC_CALL_BACK_ENTRY @@ -404,5 +405,4 @@ -Tssl_comp_stack_t -Ttime_t -Ttlsa_filter --Tx509_extension_stack_t -Tx509_stack_t diff -Nru postfix-3.0.4/INSTALL postfix-3.1.0/INSTALL --- postfix-3.0.4/INSTALL 2015-10-10 13:49:29.000000000 +0000 +++ postfix-3.1.0/INSTALL 2016-02-08 00:51:16.000000000 +0000 @@ -448,6 +448,8 @@ |_____________________|____________________| |newaliases_path |/usr/bin/newaliases | |_____________________|____________________| + |openssl_path |openssl | + |_____________________|____________________| |queue_directory |/var/spool/postfix | |_____________________|____________________| |readme_directory |no | diff -Nru postfix-3.0.4/makedefs postfix-3.1.0/makedefs --- postfix-3.0.4/makedefs 2015-10-10 13:40:48.000000000 +0000 +++ postfix-3.1.0/makedefs 2016-02-21 22:39:45.000000000 +0000 @@ -140,7 +140,7 @@ # data_directory default_database_type html_directory # mail_spool_directory mailq_path manpage_directory meta_directory # newaliases_path queue_directory readme_directory sendmail_path -# shlib_directory +# shlib_directory openssl_path # # See the postconf(5) manpage for a description of these # parameters. @@ -158,6 +158,11 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- # Emit system-dependent Makefile macro definitions to standard output. @@ -412,6 +417,7 @@ CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" ;; 3) SYSTYPE=AIX3 + CCARGS="$CCARGS -DNO_DNSSEC" # How embarrassing... case "$CC" in cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w";; @@ -658,7 +664,9 @@ : ${SHLIB_SUFFIX=.dylib} : ${SHLIB_LD='cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup -Wl,-install_name,@rpath/${LIB}'} : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} - : ${SHLIB_ENV="DYLD_LIBRARY_PATH=`pwd`/lib"} + # In MacOS/X 10.11.x /bin/sh unsets DYLD_LIBRARY_PATH, so we + # have export it into postfix-install indirectly! + : ${SHLIB_ENV="DYLD_LIBRARY_PATH=`pwd`/lib SHLIB_ENV_VAR=DYLD_LIBRARY_PATH SHLIB_ENV_VAL=`pwd`/lib"} : ${PLUGIN_LD='cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup'} ;; dcosx.1*) SYSTYPE=DCOSX1 @@ -739,9 +747,11 @@ # Look for the ICU library and enable unicode email if available. # case "$CCARGS" in - *-DNO_EAI*) ;; - *) trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15 - cat >makedefs.test.c <<'EOF' +*-DNO_EAI*) ;; + *) icu_cppflags=`(icu-config --cppflags) 2>/dev/null` && { + icu_ldflags=`(icu-config --ldflags) 2>/dev/null` && { + trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15 + cat >makedefs.test.c <<'EOF' #include #include @@ -761,14 +771,17 @@ &error) != 14); } EOF - ${CC-gcc} -o makedefs.test makedefs.test.c -I/usr/local/include \ - -L/usr/local/lib -licuuc >/dev/null 2>&1 - if ./makedefs.test 2>/dev/null ; then - SYSLIBS="$SYSLIBS -L/usr/local/lib -licuuc" - else - CCARGS="$CCARGS -DNO_EAI" - fi - rm -f makedefs.test makedefs.test.[co] + ${CC-gcc} -o makedefs.test makedefs.test.c $icu_cppflags \ + $icu_ldflags >/dev/null 2>&1 + if ./makedefs.test 2>/dev/null ; then + CCARGS="$CCARGS $icu_cppflags" + SYSLIBS="$SYSLIBS $icu_ldflags" + else + CCARGS="$CCARGS -DNO_EAI" + fi + rm -f makedefs.test makedefs.test.[co] + } + } || CCARGS="$CCARGS -DNO_EAI" esac # @@ -786,6 +799,11 @@ #esac # +# We don't know all systems that have /dev/urandom, so we probe. +# +test -r /dev/urandom && CCARGS="$CCARGS -DHAS_DEV_URANDOM" + +# # PCRE 3.x has a pcre-config utility so we don't have to guess. # case "$CCARGS" in @@ -912,13 +930,15 @@ queue_directory_macro=DEF_QUEUE_DIR sendmail_path_macro=DEF_SENDMAIL_PATH shlib_directory_macro=DEF_SHLIB_DIR +openssl_path_macro=DEF_OPENSSL_PATH # shlib_directory is checked here because "no" is not a good answer. # Instead, build with "dynamicmaps=no" and "shared=no" as appropriate. for parm_name in command_directory config_directory daemon_directory \ data_directory mail_spool_directory mailq_path meta_directory \ - newaliases_path queue_directory sendmail_path shlib_directory + newaliases_path queue_directory sendmail_path shlib_directory \ + openssl_path do eval parm_val=\"\$$parm_name\" eval parm_macro=\"\$${parm_name}_macro\" diff -Nru postfix-3.0.4/Makefile postfix-3.1.0/Makefile --- postfix-3.0.4/Makefile 2016-01-09 13:54:14.000000000 +0000 +++ postfix-3.1.0/Makefile 2016-02-24 00:58:04.000000000 +0000 @@ -1,7 +1,8 @@ # Usage: -# make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags] +# make makefiles [name=value]... # -# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples: +# See makedefs for a descripton of available options. +# Examples: # # make makefiles # make makefiles CC="purify cc" diff -Nru postfix-3.0.4/Makefile.in postfix-3.1.0/Makefile.in --- postfix-3.0.4/Makefile.in 2014-09-25 19:16:29.000000000 +0000 +++ postfix-3.1.0/Makefile.in 2016-01-31 21:05:46.000000000 +0000 @@ -13,7 +13,7 @@ src/posttls-finger MANDIRS = proto man html LIBEXEC = libexec/post-install libexec/postfix-script libexec/postfix-wrapper \ - libexec/postmulti-script libexec/post-install + libexec/postmulti-script libexec/postfix-tls-script PLUGINS = meta/dynamicmaps.cf META = meta/main.cf.proto meta/master.cf.proto meta/postfix-files \ meta/makedefs.out $(PLUGINS) @@ -84,6 +84,9 @@ libexec/postfix-script: conf/postfix-script rm -f $@ && ln -f $? $@ +libexec/postfix-tls-script: conf/postfix-tls-script + rm -f $@ && ln -f $? $@ + libexec/postfix-wrapper: conf/postfix-wrapper rm -f $@ && ln -f $? $@ @@ -117,19 +120,23 @@ # shared=yes<->shared=no. install: update + SHLIB_ENV_VAR= SHLIB_ENV_VAL= \ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \ postfix-install package: update + SHLIB_ENV_VAR= SHLIB_ENV_VAL= \ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \ postfix-install -package upgrade: update + SHLIB_ENV_VAR= SHLIB_ENV_VAL= \ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \ postfix-install -non-interactive non-interactive-package: update + SHLIB_ENV_VAR= SHLIB_ENV_VAL= \ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \ postfix-install -non-interactive -package diff -Nru postfix-3.0.4/Makefile.init postfix-3.1.0/Makefile.init --- postfix-3.0.4/Makefile.init 2002-01-14 15:35:40.000000000 +0000 +++ postfix-3.1.0/Makefile.init 2015-08-31 10:49:59.000000000 +0000 @@ -1,7 +1,8 @@ # Usage: -# make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags] +# make makefiles [name=value]... # -# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples: +# See makedefs for a descripton of available options. +# Examples: # # make makefiles # make makefiles CC="purify cc" diff -Nru postfix-3.0.4/man/Makefile.in postfix-3.1.0/man/Makefile.in --- postfix-3.0.4/man/Makefile.in 2013-11-21 18:39:53.000000000 +0000 +++ postfix-3.1.0/man/Makefile.in 2016-02-06 23:25:06.000000000 +0000 @@ -12,7 +12,7 @@ COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \ man1/postkick.1 man1/postlock.1 man1/postlog.1 man1/postdrop.1 \ man1/postmap.1 man1/postmulti.1 man1/postqueue.1 man1/postsuper.1 \ - man1/sendmail.1 man1/mailq.1 man1/newaliases.1 + man1/sendmail.1 man1/mailq.1 man1/newaliases.1 man1/postfix-tls.1 CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \ man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \ man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \ @@ -201,6 +201,11 @@ (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman $? >$@ +man1/postfix-tls.1: ../conf/postfix-tls-script + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + man1/postkick.1: ../src/postkick/postkick.c ../mantools/fixman ../proto/postconf.proto $? >junk && \ (cmp -s junk $? || mv junk $?) && rm -f junk diff -Nru postfix-3.0.4/man/man1/postalias.1 postfix-3.1.0/man/man1/postalias.1 --- postfix-3.0.4/man/man1/postalias.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postalias.1 2016-02-14 01:32:48.000000000 +0000 @@ -237,3 +237,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postcat.1 postfix-3.1.0/man/man1/postcat.1 --- postfix-3.0.4/man/man1/postcat.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postcat.1 2016-02-14 01:32:48.000000000 +0000 @@ -102,3 +102,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postconf.1 postfix-3.1.0/man/man1/postconf.1 --- postfix-3.0.4/man/man1/postconf.1 2015-01-31 21:23:18.000000000 +0000 +++ postfix-3.1.0/man/man1/postconf.1 2016-02-14 21:33:05.000000000 +0000 @@ -9,9 +9,10 @@ .na .nf .fi +.ti -4 \fBManaging main.cf:\fR -\fBpostconf\fR [\fB\-dfhnopvx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR [\fB\-dfhHnopvx\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-C \fIclass,...\fR] [\fIparameter ...\fR] \fBpostconf\fR [\fB\-epv\fR] [\fB\-c \fIconfig_dir\fR] @@ -23,6 +24,7 @@ \fBpostconf\fR \fB\-X\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR] \fIparameter ...\fR +.ti -4 \fBManaging master.cf service entries:\fR \fBpostconf\fR \fB\-M\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] @@ -37,17 +39,19 @@ \fBpostconf\fR \fB\-MX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype ...\fR +.ti -4 \fBManaging master.cf service fields:\fR -\fBpostconf\fR \fB\-F\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-F\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] \fBpostconf\fR \fB\-F\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR +.ti -4 \fBManaging master.cf service parameters:\fR -\fBpostconf\fR \fB\-P\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-P\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] \fBpostconf\fR \fB\-P\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] @@ -56,6 +60,7 @@ \fBpostconf\fR \fB\-PX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fIservice\fB/\fItype\fB/\fIparameter ...\fR +.ti -4 \fBManaging bounce message templates:\fR \fBpostconf\fR \fB\-b\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] @@ -64,6 +69,12 @@ \fBpostconf\fR \fB\-t\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] [\fItemplate_file\fR] +.ti -4 +\fBManaging TLS features:\fR + +\fBpostconf\fR \fB\-T \fImode\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] + +.ti -4 \fBManaging other configuration:\fR \fBpostconf\fR \fB\-a\fR|\fB\-A\fR|\fB\-l\fR|\fB\-m\fR [\fB\-v\fR] @@ -189,9 +200,9 @@ This feature is available with Postfix 2.9 and later. .IP \fB\-F\fR Show \fBmaster.cf\fR per\-entry field settings (by default -all services and all fields), formatted as one -"\fIservice/type/field=value\fR" per line. Specify \fB\-Ff\fR -to fold long lines. +all services and all fields), formatted as +"\fIservice/type/field=value\fR", one per line. Specify +\fB\-Ff\fR to fold long lines. Specify one or more "\fIservice/type/field\fR" instances on the \fBpostconf\fR(1) command line to limit the output @@ -203,6 +214,11 @@ .IP \fB\-h\fR Show parameter or attribute values without the "\fIname\fR = " label that normally precedes the value. +.IP \fB\-H\fR +Show parameter or attribute names without the " = \fIvalue\fR" +that normally follows the name. + +This feature is available with Postfix 3.1 and later. .IP \fB\-l\fR List the names of all supported mailbox locking methods. Postfix supports the following methods: @@ -300,8 +316,9 @@ "\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table name must be -"\fB{\fR" and "\fB}\fR". Within these, individual maps are -separated with comma or whitespace. +"\fB{\fR" and "\fB}\fR". Within these, individual results +are separated with comma or whitespace. To give a specific +result more weight, specify it multiple times. .IP "\fBregexp\fR (read\-only)" A lookup table based on regular expressions. The file format is described in \fBregexp_table\fR(5). @@ -386,8 +403,8 @@ This feature is available with Postfix 2.11 and later. .IP \fB\-P\fR Show \fBmaster.cf\fR service parameter settings (by default -all services and all parameters). formatted as one -"\fIservice/type/parameter=value\fR" per line. Specify +all services and all parameters), formatted as +"\fIservice/type/parameter=value\fR", one per line. Specify \fB\-Pf\fR to fold long lines. Specify one or more "\fIservice/type/parameter\fR" instances @@ -412,6 +429,25 @@ line (in shell language: ""). This feature is available with Postfix 2.3 and later. +.IP "\fB\-T \fImode\fR" +If Postfix is compiled without TLS support, the \fB\-T\fR option +produces no output. Otherwise, if an invalid \fImode\fR is specified, +the \fB\-T\fR option reports an error and exits with a non\-zero status +code. The valid modes are: +.RS +.IP \fBcompile\-version\fR +Output the OpenSSL version that Postfix was compiled with +(i.e. the OpenSSL version in a header file). The output +format is the same as with the command "\fBopenssl version\fR". +.IP \fBrun\-version\fR +Output the OpenSSL version that Postfix is linked with at +runtime (i.e. the OpenSSL version in a shared library). +.IP \fBpublic\-key\-algorithms\fR +Output the lower\-case names of the supported public\-key +algorithms, one per\-line. +.RE +.IP +This feature is available with Postfix 3.1 and later. .IP \fB\-v\fR Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. @@ -527,3 +563,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postdrop.1 postfix-3.1.0/man/man1/postdrop.1 --- postfix-3.0.4/man/man1/postdrop.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postdrop.1 2016-02-14 01:32:48.000000000 +0000 @@ -116,3 +116,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postfix.1 postfix-3.1.0/man/man1/postfix.1 --- postfix-3.0.4/man/man1/postfix.1 2015-02-08 17:38:30.000000000 +0000 +++ postfix-3.1.0/man/man1/postfix.1 2016-02-14 15:29:27.000000000 +0000 @@ -60,7 +60,7 @@ earliest convenience. .IP \fBstatus\fR Indicate if the Postfix mail system is currently running. -.IP "\fBset\-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +.IP "\fBset\-permissions\fR [\fIname\fR=\fIvalue ...\fR]" Set the ownership and permissions of Postfix related files and directories, as specified in the \fBpostfix\-files\fR file. .sp @@ -72,7 +72,13 @@ This feature is available in Postfix 2.1 and later. With Postfix 2.0 and earlier, use "\fB$config_directory/post\-install set\-permissions\fR". -.IP "\fBupgrade\-configuration\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +.IP "\fBtls\fR \fIsubcommand\fR" +Enable opportunistic TLS in the Postfix SMTP client or +server, and manage Postfix SMTP server TLS private keys and +certificates. See postfix\-tls(1) for documentation. +.sp +This feature is available in Postfix 3.1 and later. +.IP "\fBupgrade\-configuration\fR [\fIname\fR=\fIvalue ...\fR]" Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information that Postfix needs in order to run: add or update services, and add or update configuration parameter settings. @@ -175,6 +181,10 @@ plugins (postfix\-*.so) that have a relative pathname in the dynamicmaps.cf file. .PP +Available in Postfix version 3.1 and later: +.IP "\fBopenssl_path (openssl)\fR" +The location of the OpenSSL command line program \fBopenssl\fR(1). +.PP Other configuration parameters: .IP "\fBimport_environment (see 'postconf -d' output)\fR" The list of environment parameters that a Postfix process will @@ -233,6 +243,7 @@ postcat(1), examine Postfix queue file postconf(1), Postfix configuration utility postfix(1), Postfix control program +postfix\-tls(1), Postfix TLS management postkick(1), trigger Postfix daemon postlock(1), Postfix\-compatible locking postlog(1), Postfix\-compatible logging @@ -333,6 +344,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + TLS support by: Lutz Jaenicke Brandenburg University of Technology diff -Nru postfix-3.0.4/man/man1/postfix-tls.1 postfix-3.1.0/man/man1/postfix-tls.1 --- postfix-3.0.4/man/man1/postfix-tls.1 1970-01-01 00:00:00.000000000 +0000 +++ postfix-3.1.0/man/man1/postfix-tls.1 2016-02-25 00:51:13.000000000 +0000 @@ -0,0 +1,246 @@ +.TH POSTFIX-TLS 1 +.ad +.fi +.SH NAME +postfix-tls +\- +Postfix TLS management +.SH "SYNOPSIS" +.na +.nf +\fBpostfix tls\fR \fIsubcommand\fR +.SH DESCRIPTION +.ad +.fi +The "\fBpostfix tls \fIsubcommand\fR" feature enables +opportunistic TLS in the Postfix SMTP client or server, and +manages Postfix SMTP server private keys and certificates. + +The following subcommands are available: +.IP "\fBenable\-client\fR [\fB\-r \fIrandsource\fR]" +Enable opportunistic TLS in the Postfix SMTP client, if all +SMTP client TLS settings are at their default values. +Otherwise, suggest parameter settings without making any +changes. +.sp +Specify \fIrandsource\fR to update the value of the +\fBtls_random_source\fR configuration parameter (typically, +/dev/urandom). Prepend \fBdev:\fR to device paths or +\fBegd:\fR to EGD socket paths. +.sp +See also the \fBall\-default\-client\fR subcommand. +.IP "\fBenable\-server\fR [\fB\-r \fIrandsource\fR] [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]" +Create a new private key and self\-signed server certificate +and enable opportunistic TLS in the Postfix SMTP server, +if all SMTP server TLS settings are at their default values. +Otherwise, suggest parameter settings without making any +changes. +.sp +The \fIrandsource\fR parameter is as with \fBenable\-client\fR +above, and the remaining options are as with \fBnew\-server\-key\fR +below. +.sp +See also the \fBall\-default\-server\fR subcommand. +.IP "\fBnew\-server\-key\fR [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]" +Create a new private key and self\-signed server certificate, +but do not deploy them. Log and display commands to deploy +the new key and corresponding certificate. Also log and +display commands to output a corresponding CSR or TLSA +records which may be needed to obtain a CA certificate or +to update DNS before the new key can be deployed. +.sp +The \fIalgorithm\fR defaults to \fBrsa\fR, and \fIbits\fR +defaults to 2048. If you choose the \fBecdsa\fR \fIalgorithm\fR +then \fIbits\fR will be an EC curve name (by default +\fBsecp256r1\fR, also known as prime256v1). Curves other +than \fBsecp256r1\fR, \fBsecp384r1\fR or \fBsecp521r1\fR +are unlikely to be widely interoperable. When generating +EC keys, use one of these three. DSA keys are obsolete and +are not supported. +.sp +Note: ECDSA support requires OpenSSL 1.0.0 or later and may +not be available on your system. Not all client systems +will support ECDSA, so you'll generally want to deploy both +RSA and ECDSA certificates to make use of ECDSA with +compatible clients and RSA with the rest. If you want to +deploy certificate chains with intermediate CAs for both +RSA and ECDSA, you'll want at least OpenSSL 1.0.2, as earlier +versions may not handle multiple chain files correctly. +.sp +The first \fIhostname\fR argument will be the \fBCommonName\fR +of both the subject and issuer of the self\-signed certificate. +It, and any additional \fIhostname\fR arguments, will also +be listed as DNS alternative names in the certificate. If +no \fIhostname\fR is provided the value of the \fBmyhostname\fR +main.cf parameter will be used. +.sp +For RSA, the generated private key and certificate files +are named \fBkey\-\fIyyyymmdd\-hhmmss\fB.pem\fR and +\fBcert\-\fIyyyymmdd\-hhmmss\fB.pem\fR, where \fIyyyymmdd\fR +is the calendar date and \fIhhmmss\fR is the time of day +in UTC. For ECDSA, the file names start with \fBeckey\-\fR +and \fBeccert\-\fR instead of \fBkey\-\fR and \fBcert\-\fR +respectively. +.sp +Before deploying the new key and certificate with DANE, +update the DNS with new DANE TLSA records, then wait for +secondary nameservers to update and then for stale records +in remote DNS caches to expire. +.sp +Before deploying a new CA certificate make sure to include +all the required intermediate issuing CA certificates in +the certificate chain file. The server certificate must +be the first certificate in the chain file. Overwrite and +deploy the file with the original self\-signed certificate +that was generated together with the key. +.IP "\fBnew\-server\-cert\fR [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]" +This is just like \fBnew\-server\-key\fR except that, rather +than generating a new private key, any currently deployed +private key is copied to the new key file. Thus if you're +publishing DANE TLSA "3 1 1" or "3 1 2" records, there is +no need to update DNS records. The \fIalgorithm\fR and +\fIbits\fR arguments are used only if no key of the same +algorithm is already configured. +.sp +This command is rarely needed, because the self\-signed +certificates generated have a 100\-year nominal expiration +time. The underlying public key algorithms may well be +obsoleted by quantum computers long before then. +.sp +The most plausible reason for using this command is when +the system hostname changes, and you'd like the name in the +certificate to match the new hostname (not required for +DANE "3 1 1", but some needlessly picky non\-DANE opportunistic +TLS clients may log warnings or even refuse to communicate). +.IP "\fBdeploy\-server\-cert \fIcertfile\fB \fIkeyfile\fR" +This subcommand deploys the certificates in \fIcertfile\fR +and private key in \fIkeyfile\fR (which are typically +generated by the commands above, which will also log and +display the full command needed to deploy the generated key +and certificate). After the new certificate and key are +deployed any obsolete keys and certificates may be removed +by hand. The \fIkeyfile\fR and \fIcertfile\fR filenames +may be relative to the Postfix configuration directory. +.IP "\fBoutput\-server\-csr\fR [\fB\-k \fIkeyfile\fR] [\fIhostname\fB...\fR]" +Write to stdout a certificate signing request (CSR) for the +specified \fIkeyfile\fR. +.sp +Instead of an absolute pathname or a pathname relative to +$config_directory, \fIkeyfile\fR may specify one of the +supported key algorithm names (see "\fBpostconf \-T +public\-key\-algorithms\fR"). In that case, the corresponding +setting from main.cf is used to locate the \fIkeyfile\fR. +The default \fIkeyfile\fR value is \fBrsa\fR. +.sp +Zero or more \fIhostname\fR values can be specified. The +default \fIhostname\fR is the value of \fBmyhostname\fR +main.cf parameter. +.IP "\fBoutput\-server\-tlsa\fR [\fB\-h \fIhostname\fR] [\fIkeyfile\fB...\fR]" +Write to stdout a DANE TLSA RRset suitable for a port 25 +SMTP server on host \fIhostname\fR with keys from any of +the specified \fIkeyfile\fR values. The default \fIhostname\fR +is the value of the \fBmyhostname\fR main.cf parameter. +.sp +Instead of absolute pathnames or pathnames relative to +$config_directory, the \fIkeyfile\fR list may specify +names of supported public key algorithms (see "\fBpostconf +\-T public\-key\-algorithms\fR"). In that case, the actual +\fIkeyfile\fR list uses the values of the corresponding +Postfix server TLS key file parameters. If a parameter +value is empty or equal to \fBnone\fR, then no TLSA record +is output for that algorithm. +.sp +The default \fIkeyfile\fR list consists of the two supported +algorithms \fBrsa\fR and \fBecdsa\fR. +.SH "AUXILIARY COMMANDS" +.na +.nf +.IP "\fBall\-default\-client\fR" +Exit with status 0 (success) if all SMTP client TLS settings are +at their default values. Otherwise, exit with a non\-zero status. +This is typically used as follows: +.sp +\fBpostfix tls all\-default\-client && + postfix tls enable\-tls\-client\fR +.IP "\fBall\-default\-server\fR" +Exit with status 0 (success) if all SMTP server TLS settings are +at their default values. Otherwise, exit with a non\-zero status. +This is typically used as follows: +.sp +\fBpostfix tls all\-default\-server && + postfix tls enable\-tls\-server\fR +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The "\fBpostfix tls \fIsubcommand\fR" feature reads +or updates the following configuration parameters. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBopenssl_path (openssl)\fR" +The location of the OpenSSL command line program \fBopenssl\fR(1). +.IP "\fBsmtp_tls_loglevel (0)\fR" +Enable additional Postfix SMTP client logging of TLS activity. +.IP "\fBsmtp_tls_security_level (empty)\fR" +The default SMTP TLS security level for the Postfix SMTP client; +when a non\-empty value is specified, this overrides the obsolete +parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +.IP "\fBsmtp_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP client +TLS session cache. +.IP "\fBsmtpd_tls_cert_file (empty)\fR" +File with the Postfix SMTP server RSA certificate in PEM format. +.IP "\fBsmtpd_tls_eccert_file (empty)\fR" +File with the Postfix SMTP server ECDSA certificate in PEM format. +.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR" +File with the Postfix SMTP server ECDSA private key in PEM format. +.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR" +File with the Postfix SMTP server RSA private key in PEM format. +.IP "\fBsmtpd_tls_loglevel (0)\fR" +Enable additional Postfix SMTP server logging of TLS activity. +.IP "\fBsmtpd_tls_received_header (no)\fR" +Request that the Postfix SMTP server produces Received: message +headers that include information about the protocol and cipher used, +as well as the remote SMTP client CommonName and client certificate issuer +CommonName. +.IP "\fBsmtpd_tls_security_level (empty)\fR" +The SMTP TLS security level for the Postfix SMTP server; when +a non\-empty value is specified, this overrides the obsolete parameters +smtpd_use_tls and smtpd_enforce_tls. +.IP "\fBtls_random_source (see 'postconf -d' output)\fR" +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo +random number generator (PRNG) pool. +.SH "SEE ALSO" +.na +.nf +master(8) Postfix master program +postfix(1) Postfix administrative interface +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +TLS_README, Postfix TLS configuration and operation +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +The "\fBpostfix tls\fR" command was introduced with Postfix +version 3.1. +.SH "AUTHOR(S)" +.na +.nf +Viktor Dukhovni diff -Nru postfix-3.0.4/man/man1/postkick.1 postfix-3.1.0/man/man1/postkick.1 --- postfix-3.0.4/man/man1/postkick.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postkick.1 2016-02-14 01:32:48.000000000 +0000 @@ -91,3 +91,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postlock.1 postfix-3.1.0/man/man1/postlock.1 --- postfix-3.0.4/man/man1/postlock.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postlock.1 2016-02-12 19:49:48.000000000 +0000 @@ -9,7 +9,7 @@ .na .nf .fi -\fBpostlock\fR [\fB\-c \fIconfig_dir\fB] [\fB\-l \fIlock_style\fB] +\fBpostlock\fR [\fB\-c \fIconfig_dir\fR] [\fB\-l \fIlock_style\fR] [\fB\-v\fR] \fIfile command...\fR .SH DESCRIPTION .ad @@ -115,3 +115,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postlog.1 postfix-3.1.0/man/man1/postlog.1 --- postfix-3.0.4/man/man1/postlog.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postlog.1 2016-02-12 19:58:52.000000000 +0000 @@ -11,7 +11,7 @@ .fi .ad \fBpostlog\fR [\fB\-iv\fR] [\fB\-c \fIconfig_dir\fR] -[\fB\-p \fIpriority\fB] [\fB\-t \fItag\fR] [\fItext...\fR] +[\fB\-p \fIpriority\fR] [\fB\-t \fItag\fR] [\fItext...\fR] .SH DESCRIPTION .ad .fi @@ -32,9 +32,12 @@ instead of the default configuration directory. .IP \fB\-i\fR Include the process ID in the logging tag. -.IP "\fB\-p \fIpriority\fR" -Specifies the logging severity: \fBinfo\fR (default), \fBwarn\fR, -\fBerror\fR, \fBfatal\fR, or \fBpanic\fR. +.IP "\fB\-p \fIpriority\fR (default: \fBinfo\fR)" +Specifies the logging severity: \fBinfo\fR, \fBwarn\fR, +\fBerror\fR, \fBfatal\fR, or \fBpanic\fR. With Postfix 3.1 +and later, the program will pause for 1 second after reporting +a \fBfatal\fR or \fBpanic\fR condition, just like other +Postfix programs. .IP "\fB\-t \fItag\fR" Specifies the logging tag, that is, the identifying name that appears at the beginning of each logging record. A default tag @@ -85,3 +88,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postmap.1 postfix-3.1.0/man/man1/postmap.1 --- postfix-3.0.4/man/man1/postmap.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postmap.1 2016-02-14 01:32:48.000000000 +0000 @@ -300,3 +300,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postmulti.1 postfix-3.1.0/man/man1/postmulti.1 --- postfix-3.0.4/man/man1/postmulti.1 2015-10-03 23:28:15.000000000 +0000 +++ postfix-3.1.0/man/man1/postmulti.1 2016-02-14 15:29:27.000000000 +0000 @@ -9,11 +9,13 @@ .na .nf .fi -\fBENABLING MULTI\-INSTANCE MANAGEMENT:\fR +.ti -4 +\fBEnabling multi\-instance management:\fR \fBpostmulti\fR \fB\-e init\fR [\fB\-v\fR] -\fBITERATOR MODE:\fR +.ti -4 +\fBIterator mode:\fR \fBpostmulti\fR \fB\-l\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] @@ -24,7 +26,8 @@ \fBpostmulti\fR \fB\-x\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] \fIcommand...\fR -\fBLIFE\-CYCLE MANAGEMENT:\fR +.ti -4 +\fBLife\-cycle management:\fR \fBpostmulti\fR \fB\-e create\fR [\fB\-av\fR] [\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR] @@ -400,9 +403,9 @@ .nf .na MULTI_INSTANCE_README, Postfix multi\-instance management -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The \fBpostmulti\fR(1) command was introduced with Postfix diff -Nru postfix-3.0.4/man/man1/postqueue.1 postfix-3.1.0/man/man1/postqueue.1 --- postfix-3.0.4/man/man1/postqueue.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postqueue.1 2016-02-14 19:55:47.000000000 +0000 @@ -8,13 +8,21 @@ .SH "SYNOPSIS" .na .nf +.ti -4 +\fBTo flush the mail queue\fR: + \fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-f\fR -.br + \fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-i \fIqueue_id\fR -.br -\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-p\fR -.br + \fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-s \fIsite\fR + +.ti -4 +\fBTo list the mail queue\fR: + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-j\fR + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-p\fR .SH DESCRIPTION .ad .fi @@ -46,6 +54,14 @@ command, by contacting the \fBflush\fR(8) server. This feature is available with Postfix version 2.4 and later. +.IP "\fB\-j\fR" +Produce a queue listing in JSON format, based on output +from the showq(8) daemon. The result is a stream of zero +or more JSON objects, one per queue file. Each object is +followed by a newline character to support simple streaming +parsers. See "\fBJSON OBJECT FORMAT\fR" below for details. + +This feature is available in Postfix 3.1 and later. .IP \fB\-p\fR Produce a traditional sendmail\-style queue listing. This option implements the traditional \fBmailq\fR command, @@ -78,6 +94,49 @@ Enable verbose logging for debugging purposes. Multiple \fB\-v\fR options make the software increasingly verbose. As of Postfix 2.3, this option is available for the super\-user only. +.SH "JSON OBJECT FORMAT" +.na +.nf +.ad +.fi +Each JSON object represents one queue file; it is emitted +as a single text line followed by a newline character. + +Object members have string values unless indicated otherwise. +Programs should ignore object members that are not listed +here; the list of members is expected to grow over time. +.IP \fBqueue_name\fR +The name of the queue where the message was found. Note +that the contents of the mail queue may change while it is +being listed; some messages may appear more than once, and +some messages may be missed. +.IP \fBqueue_id\fR +The queue file name. The queue_id may be reused within a +Postfix instance unless "enable_long_queue_ids = true" and +time is monotonic. Even then, the queue_id is not expected +to be unique between different Postfix instances. Management +tools that require a unique name should combine the queue_id +with the myhostname setting of the Postfix instance. +.IP \fBarrival_time\fR +The number of seconds since the start of the UNIX epoch. +.IP \fBmessage_size\fR +The number of bytes in the message header and body. This +number does not include message envelope information. It +is approximately equal to the number of bytes that would +be transmitted via SMTP including the line endings. +.IP \fBsender\fR +The envelope sender address. +.IP \fBrecipients\fR +An array containing zero or more objects with members: +.RS +.IP \fBaddress\fR +One recipient address. +.IP \fBdelay_reason\fR +If present, the reason for delayed delivery. Delayed +recipients may have no delay reason, for example, while +delivery is in progress, or after the system was stopped +before it could record the reason. +.RE .SH "SECURITY" .na .nf @@ -85,6 +144,10 @@ .fi This program is designed to run with set\-group ID privileges, so that it can connect to Postfix daemon processes. +.SH "STANDARDS" +.na +.nf +RFC 7159 (JSON notation) .SH DIAGNOSTICS .ad .fi @@ -174,9 +237,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The postqueue command was introduced with Postfix version 1.1. @@ -187,3 +250,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/postsuper.1 postfix-3.1.0/man/man1/postsuper.1 --- postfix-3.0.4/man/man1/postsuper.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/postsuper.1 2016-02-14 01:32:48.000000000 +0000 @@ -271,3 +271,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/posttls-finger.1 postfix-3.1.0/man/man1/posttls-finger.1 --- postfix-3.0.4/man/man1/posttls-finger.1 2015-02-02 17:46:17.000000000 +0000 +++ postfix-3.1.0/man/man1/posttls-finger.1 2016-01-10 00:55:29.000000000 +0000 @@ -209,6 +209,11 @@ don't expose the underlying server identity in their EHLO response; with these servers there will never be more than 1 reconnection attempt. +.IP "\fB\-M \fIinsecure_mx_policy\fR (default: \fBdane\fR)" +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. See the main.cf +documentation for smtp_tls_insecure_mx_policy for details. .IP "\fB\-o \fIname=value\fR" Specify zero or more times to override the value of the main.cf parameter \fIname\fR with \fIvalue\fR. Possible use\-cases include diff -Nru postfix-3.0.4/man/man1/qmqp-sink.1 postfix-3.1.0/man/man1/qmqp-sink.1 --- postfix-3.0.4/man/man1/qmqp-sink.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/qmqp-sink.1 2016-02-14 15:29:27.000000000 +0000 @@ -42,7 +42,7 @@ .IP \fB\-v\fR Increase verbosity. Specify \fB\-v \-v\fR to see some of the QMQP conversation. -.IP "\fB\-x \fItime\fR +.IP "\fB\-x \fItime\fR" Terminate after \fItime\fR seconds. This is to facilitate memory leak testing. .SH "SEE ALSO" @@ -62,3 +62,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/qmqp-source.1 postfix-3.1.0/man/man1/qmqp-source.1 --- postfix-3.0.4/man/man1/qmqp-source.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/qmqp-source.1 2016-02-14 01:09:40.000000000 +0000 @@ -83,3 +83,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/sendmail.1 postfix-3.1.0/man/man1/sendmail.1 --- postfix-3.0.4/man/man1/sendmail.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/sendmail.1 2016-02-14 15:29:27.000000000 +0000 @@ -116,7 +116,7 @@ With all Postfix versions, you can specify a directory pathname with the MAIL_CONFIG environment variable to override the location of configuration files. -.IP "\fB\-F \fIfull_name\fR +.IP "\fB\-F \fIfull_name\fR" Set the sender full name. This overrides the NAME environment variable, and is used only with messages that have no \fBFrom:\fR message header. @@ -445,3 +445,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/smtp-sink.1 postfix-3.1.0/man/man1/smtp-sink.1 --- postfix-3.0.4/man/man1/smtp-sink.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/smtp-sink.1 2016-02-14 01:09:40.000000000 +0000 @@ -241,7 +241,7 @@ software. This three\-line header marks the end of the headers provided by \fBsmtp\-sink\fR, and is formatted as follows: .RS -.IP "\fBfrom \fIhelo\fB ([\fIaddr\fB])\fR" +.IP "\fBfrom \fIhelo\fR ([\fIaddr\fR])" The HELO or EHLO command argument and client IP address. If the client did not send HELO or EHLO, the client IP address is used instead. @@ -269,3 +269,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man1/smtp-source.1 postfix-3.1.0/man/man1/smtp-source.1 --- postfix-3.0.4/man/man1/smtp-source.1 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man1/smtp-source.1 2016-02-14 01:09:40.000000000 +0000 @@ -120,3 +120,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/access.5 postfix-3.1.0/man/man5/access.5 --- postfix-3.0.4/man/man5/access.5 2015-02-08 17:03:58.000000000 +0000 +++ postfix-3.1.0/man/man5/access.5 2016-02-14 01:39:26.000000000 +0000 @@ -335,10 +335,11 @@ This feature is available in Postfix 2.1 and later. .IP "\fBREDIRECT \fIuser@domain\fR" After the message is queued, send the message to the specified -address instead of the intended recipient(s). +address instead of the intended recipient(s). When multiple +\fBREDIRECT\fR actions fire, only the last one takes effect. .sp -Note: this action overrides the FILTER action, and currently affects -all recipients of the message. +Note: this action overrides the FILTER action, and currently +overrides all recipients of the message. .sp This feature is available in Postfix 2.1 and later. .IP "\fBINFO \fIoptional text...\fR @@ -481,3 +482,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/aliases.5 postfix-3.1.0/man/man5/aliases.5 --- postfix-3.0.4/man/man5/aliases.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/aliases.5 2016-02-14 01:39:26.000000000 +0000 @@ -221,3 +221,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/bounce.5 postfix-3.1.0/man/man5/bounce.5 --- postfix-3.0.4/man/man5/bounce.5 2015-01-29 22:33:49.000000000 +0000 +++ postfix-3.1.0/man/man5/bounce.5 2016-02-14 01:39:26.000000000 +0000 @@ -214,9 +214,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The Postfix bounce template format was originally developed by @@ -228,3 +228,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/canonical.5 postfix-3.1.0/man/man5/canonical.5 --- postfix-3.0.4/man/man5/canonical.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/canonical.5 2016-02-14 01:39:26.000000000 +0000 @@ -274,3 +274,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/cidr_table.5 postfix-3.1.0/man/man5/cidr_table.5 --- postfix-3.0.4/man/man5/cidr_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/cidr_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -99,9 +99,9 @@ .na .nf DATABASE_README, Postfix lookup table overview -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi CIDR table support was introduced with Postfix version 2.1. .SH "AUTHOR(S)" .na @@ -117,3 +117,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/generic.5 postfix-3.1.0/man/man5/generic.5 --- postfix-3.0.4/man/man5/generic.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/generic.5 2016-02-14 01:39:26.000000000 +0000 @@ -247,9 +247,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi A genericstable feature appears in the Sendmail MTA. This feature is available in Postfix 2.2 and later. @@ -260,3 +260,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/header_checks.5 postfix-3.1.0/man/man5/header_checks.5 --- postfix-3.0.4/man/man5/header_checks.5 2015-01-29 22:33:49.000000000 +0000 +++ postfix-3.1.0/man/man5/header_checks.5 2016-02-14 01:39:26.000000000 +0000 @@ -185,7 +185,8 @@ Action names are case insensitive. They are shown in upper case for consistency with other Postfix documentation. .IP "\fBBCC \fIuser@domain\fR" -Add the specified address as a BCC recipient. The address +Add the specified address as a BCC recipient, and inspect +the next input line. The address must have a local part and domain part. The number of BCC addresses that can be added is limited only by the amount of available storage space. @@ -203,6 +204,7 @@ This feature is not supported with smtp header/body checks. .IP "\fBDISCARD \fIoptional text...\fR" Claim successful delivery and silently discard the message. +Do not inspect the remainder of the input message. Log the optional text if specified, otherwise log a generic message. .sp @@ -223,6 +225,8 @@ .sp This feature is available in Postfix 2.1 and later. .IP "\fBFILTER \fItransport:destination\fR" +Override the content_filter parameter setting, and inspect +the next input line. After the message is queued, send the entire message through the specified external content filter. The \fItransport\fR name specifies the first field of a mail delivery agent @@ -341,9 +345,10 @@ the way that Postfix adds missing message headers. .RE .IP "\fBREJECT \fIoptional text...\fR -Reject the entire message. Reply with \fIoptional text...\fR when -the optional text is specified, otherwise reply with a generic error -message. +Reject the entire message. Do not inspect the remainder of +the input message. Reply with \fIoptional text...\fR when +the optional text is specified, otherwise reply with a +generic error message. .sp Note: this action disables further header or body_checks inspection of the current message and affects all recipients. @@ -497,3 +502,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/ldap_table.5 postfix-3.1.0/man/man5/ldap_table.5 --- postfix-3.0.4/man/man5/ldap_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/ldap_table.5 2016-02-14 00:57:59.000000000 +0000 @@ -160,30 +160,30 @@ With Postfix 2.2 and later this parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the input key. RFC 2253 quoting is used to make sure that the input key does not add unexpected metacharacters. -.IP "\fB\fB%u\fR\fR" +.IP "\fB%u\fR" When the input key is an address of the form user@domain, \fB%u\fR is replaced by the (RFC 2253) quoted local part of the address. Otherwise, \fB%u\fR is replaced by the entire search string. If the localpart is empty, the search is suppressed and returns no results. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When the input key is an address of the form user@domain, \fB%d\fR is replaced by the (RFC 2253) quoted domain part of the address. Otherwise, the search is suppressed and returns no results. -.IP "\fB\fB%[SUD]\fR\fR" +.IP "\fB%[SUD]\fR" For the \fBsearch_base\fR parameter, the upper\-case equivalents of the above expansions behave identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (previously called \fBresult_filter\fR see the COMPATIBILITY section and below), they expand to the corresponding components of input key rather than the result value. -.IP "\fB\fB%[1\-9]\fR\fR" +.IP "\fB%[1\-9]\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -203,23 +203,23 @@ This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. (Postfix 2.2 and later). -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the input key. RFC 2254 quoting is used to make sure that the input key does not add unexpected metacharacters. -.IP "\fB\fB%u\fR\fR" +.IP "\fB%u\fR" When the input key is an address of the form user@domain, \fB%u\fR is replaced by the (RFC 2254) quoted local part of the address. Otherwise, \fB%u\fR is replaced by the entire search string. If the localpart is empty, the search is suppressed and returns no results. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When the input key is an address of the form user@domain, \fB%d\fR is replaced by the (RFC 2254) quoted domain part of the address. Otherwise, the search is suppressed and returns no results. -.IP "\fB\fB%[SUD]\fR\fR" +.IP "\fB%[SUD]\fR" The upper\-case equivalents of the above expansions behave in the \fBquery_filter\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (previously @@ -229,7 +229,7 @@ .IP The above %S, %U and %D expansions are available with Postfix 2.2 and later. -.IP "\fB\fB%[1\-9]\fR\fR" +.IP "\fB%[1\-9]\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -255,21 +255,21 @@ to append (or prepend) text to the result. This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. (Postfix 2.2 and later). -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the value of the result attribute. When result is empty it is skipped. .IP "\fB%u\fR When the result attribute value is an address of the form user@domain, \fB%u\fR is replaced by the local part of the address. When the result has an empty localpart it is skipped. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1\-9]\fR\fB" +.IP "\fB%[SUD1\-9]\fR" The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery_filter\fR, diff -Nru postfix-3.0.4/man/man5/lmdb_table.5 postfix-3.1.0/man/man5/lmdb_table.5 --- postfix-3.0.4/man/man5/lmdb_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/lmdb_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -121,9 +121,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi LMDB support was introduced with Postfix version 2.11. .SH "AUTHOR(S)" .na @@ -135,3 +135,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/master.5 postfix-3.1.0/man/man5/master.5 --- postfix-3.0.4/man/man5/master.5 2015-01-29 22:33:49.000000000 +0000 +++ postfix-3.1.0/man/man5/master.5 2016-02-14 01:39:26.000000000 +0000 @@ -254,3 +254,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/memcache_table.5 postfix-3.1.0/man/man5/memcache_table.5 --- postfix-3.0.4/man/man5/memcache_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/memcache_table.5 2016-02-14 01:09:40.000000000 +0000 @@ -138,27 +138,27 @@ The \fBkey_format\fR parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the memcache client input key. -.IP "\fB\fB%u\fR\fR" +.IP "\fB%u\fR" When the input key is an address of the form user@domain, \fB%u\fR is replaced by the SQL quoted local part of the address. Otherwise, \fB%u\fR is replaced by the entire search string. If the localpart is empty, a lookup is silently suppressed and returns no results (an update is skipped with a warning). -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When the input key is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the address. Otherwise, a lookup is silently suppressed and returns no results (an update is skipped with a warning). -.IP "\fB\fB%[SUD]\fR\fR" +.IP "\fB%[SUD]\fR" The upper\-case equivalents of the above expansions behave in the \fBkey_format\fR parameter identically to their lower\-case counter\-parts. -.IP "\fB\fB%[1\-9]\fR\fR" +.IP "\fB%[1\-9]\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is @@ -239,9 +239,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi Memcache support was introduced with Postfix version 2.9. @@ -252,3 +252,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/mysql_table.5 postfix-3.1.0/man/man5/mysql_table.5 --- postfix-3.0.4/man/man5/mysql_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/mysql_table.5 2016-02-14 00:57:59.000000000 +0000 @@ -134,28 +134,28 @@ This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the input key. SQL quoting is used to make sure that the input key does not add unexpected metacharacters. -.IP "\fB\fB%u\fR\fR" +.IP "\fB%u\fR" When the input key is an address of the form user@domain, \fB%u\fR is replaced by the SQL quoted local part of the address. Otherwise, \fB%u\fR is replaced by the entire search string. If the localpart is empty, the query is suppressed and returns no results. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When the input key is an address of the form user@domain, \fB%d\fR is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. -.IP "\fB\fB%[SUD]\fR\fR" +.IP "\fB%[SUD]\fR" The upper\-case equivalents of the above expansions behave in the \fBquery\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (see below), they expand the input key rather than the result value. -.IP "\fB\fB%[1\-9]\fR\fR" +.IP "\fB%[1\-9]\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -194,21 +194,21 @@ to append (or prepend) text to the result. This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the value of the result attribute. When result is empty it is skipped. .IP "\fB%u\fR When the result attribute value is an address of the form user@domain, \fB%u\fR is replaced by the local part of the address. When the result has an empty localpart it is skipped. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1\-9]\fR\fB" +.IP "\fB%[SUD1\-9]\fR" The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery\fR, @@ -359,9 +359,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi MySQL support was introduced with Postfix version 1.0. .SH "AUTHOR(S)" .na diff -Nru postfix-3.0.4/man/man5/nisplus_table.5 postfix-3.1.0/man/man5/nisplus_table.5 --- postfix-3.0.4/man/man5/nisplus_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/nisplus_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -99,3 +99,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/pcre_table.5 postfix-3.1.0/man/man5/pcre_table.5 --- postfix-3.0.4/man/man5/pcre_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/pcre_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -228,3 +228,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/pgsql_table.5 postfix-3.1.0/man/man5/pgsql_table.5 --- postfix-3.0.4/man/man5/pgsql_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/pgsql_table.5 2016-02-14 00:57:59.000000000 +0000 @@ -139,23 +139,23 @@ This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. (Postfix 2.2 and later) -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the input key. SQL quoting is used to make sure that the input key does not add unexpected metacharacters. -.IP "\fB\fB%u\fR\fR" +.IP "\fB%u\fR" When the input key is an address of the form user@domain, \fB%u\fR is replaced by the SQL quoted local part of the address. Otherwise, \fB%u\fR is replaced by the entire search string. If the localpart is empty, the query is suppressed and returns no results. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When the input key is an address of the form user@domain, \fB%d\fR is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. -.IP "\fB\fB%[SUD]\fR\fR" +.IP "\fB%[SUD]\fR" The upper\-case equivalents of the above expansions behave in the \fBquery\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (see below), they expand the @@ -163,7 +163,7 @@ .IP The above %S, %U and %D expansions are available with Postfix 2.2 and later -.IP "\fB\fB%[1\-9]\fR\fR" +.IP "\fB%[1\-9]\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -195,21 +195,21 @@ to append (or prepend) text to the result. This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the value of the result attribute. When result is empty it is skipped. .IP "\fB%u\fR When the result attribute value is an address of the form user@domain, \fB%u\fR is replaced by the local part of the address. When the result has an empty localpart it is skipped. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1\-9]\fR\fB" +.IP "\fB%[SUD1\-9]\fR" The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery\fR, @@ -348,9 +348,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi PgSQL support was introduced with Postfix version 2.1. .SH "AUTHOR(S)" .na diff -Nru postfix-3.0.4/man/man5/postconf.5 postfix-3.1.0/man/man5/postconf.5 --- postfix-3.0.4/man/man5/postconf.5 2016-02-05 00:29:25.000000000 +0000 +++ postfix-3.1.0/man/man5/postconf.5 2016-02-12 13:54:33.000000000 +0000 @@ -177,6 +177,17 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP This feature is available in Postfix 2.1 and later. +.SH address_verify_pending_request_limit (default: see "postconf \-d" output) +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. By default, the number of pending +requests is limited to 1/4 of the active queue maximum size +(qmgr_message_active_limit). The queue manager enforces the limit +by tempfailing requests that exceed the limit. This affects only +unknown addresses and inactive addresses that have expired, because +the \fBverify\fR(8) daemon automatically refreshes an active address +before it expires. +.PP +This feature is available in Postfix 3.1 and later. .SH address_verify_poll_count (default: normal: 3, overload: 1) How many times to query the \fBverify\fR(8) service for the completion of an address verification request in progress. @@ -764,7 +775,7 @@ .PP This feature is available in Postfix 2.3 and later. .SH broken_sasl_auth_clients (default: no) -Enable inter\-operability with remote SMTP clients that implement an obsolete +Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0. @@ -1676,6 +1687,38 @@ .fi .ad .ft R +.SH default_transport_rate_delay (default: 0s) +The default amount of delay that is inserted between individual +deliveries over the same message delivery transport, regardless of +destination. If non\-zero, all deliveries over the same message +delivery transport will happen one at a time. +.PP +Use \fItransport\fR_transport_rate_delay to specify a +transport\-specific override, where the initial \fItransport\fR is +the master.cf name of the message delivery transport. +.PP +Example: throttle outbound SMTP mail to at most 3 deliveries +per minute. +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_transport_rate_delay = 20s +.fi +.ad +.ft R +.PP +To enable the delay, specify a non\-zero time value (an integral +value plus an optional one\-letter suffix that specifies the time +unit). +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w +(weeks). The default time unit is s (seconds). +.PP +NOTE: the delay is enforced by the queue manager. +.PP +This feature is available in Postfix 3.1 and later. .SH default_verp_delimiters (default: +=) The two default VERP delimiter characters. These are used when no explicit delimiters are specified with the SMTP XVERP command @@ -1812,6 +1855,15 @@ .fi .ad .ft R +.SH dns_ncache_ttl_fix_enable (default: no) +Enable a workaround for future libc incompatibility. The Postfix +implementation of RFC 2308 negative reply caching relies on the +promise that res_query() and res_search() invoke res_send(), which +returns the server response in an application buffer even if the +requested record does not exist. If this promise is broken, specify +"yes" to enable a workaround for DNS reputation lookups. +.PP +This feature is available in Postfix 3.1 and later. .SH dnsblog_reply_delay (default: 0s) A debugging aid to artificially delay DNS responses. .PP @@ -2673,6 +2725,21 @@ parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. +.SH lmtp_fallback_relay (default: empty) +Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. In main.cf elements are separated by +whitespace or commas. +.PP +By default, mail is returned to the sender when a destination is not +found, and delivery is deferred when a destination is unreachable. +.PP +The fallback relays must be TCP destinations, specified without +a leading "inet:" prefix. Specify a host or host:port. Since MX +lookups do not apply with LMTP, there is no need to use the "[host]" or +"[host]:port" forms. If you specify multiple LMTP destinations, Postfix +will try them in the specified order. +.PP +This feature is available in Postfix 3.1 and later. .SH lmtp_generic_maps (default: empty) The LMTP\-specific version of the smtp_generic_maps configuration parameter. See there for details. @@ -3944,6 +4011,18 @@ meanings. .PP This feature is available in Postfix 2.3 and later. +.SH milter_macro_defaults (default: empty) +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. These defaults are used when there is no corresponding +information from the message delivery context. +.PP +Specify \fIname=value\fR or \fI{name}=value\fR pairs separated +by comma or whitespace. Enclose a pair in "{}" when a value contains +comma or whitespace (this form ignores whitespace after the enclosing +"{", around the "=", and before the enclosing "}"). +.PP +This feature is available in Postfix 3.1 and later. .SH milter_macro_v (default: $mail_name $mail_version) The {v} macro value for Milter (mail filter) applications. See MILTER_README for a list of available macro names and their @@ -4239,7 +4318,7 @@ .IP \(bu Specify "mynetworks_style = class" when Postfix should "trust" remote SMTP clients in the same IP class A/B/C networks as the -local machine. Don't do this with a dialup site \- it would cause +local machine. Caution: this may cause Postfix to "trust" your entire provider's network. Instead, specify an explicit mynetworks list by hand, as described with the mynetworks configuration parameter. @@ -4365,6 +4444,31 @@ and reject_unknown_recipient_domain. .PP This feature is available in Postfix 3.0 and later. +.SH openssl_path (default: openssl) +The location of the OpenSSL command line program \fBopenssl\fR(1). This +is used by the "\fBpostfix tls\fR" command to create private keys, +certificate signing requests, self\-signed certificates, and to +compute public key digests for DANE TLSA records. In multi\-instance +environments, this parameter is always determined from the configuration +of the default Postfix instance. +.PP +Example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + # NetBSD pkgsrc: + openssl_path = /usr/pkg/bin/openssl + # Local build: + openssl_path = /usr/local/bin/openssl +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 3.1 and later. .SH owner_request_special (default: yes) Give special treatment to owner\-listname and listname\-request address localparts: don't split such addresses when the @@ -4692,6 +4796,31 @@ .br .PP This feature is available in Postfix 2.8. +.SH postscreen_dnsbl_max_ttl (default: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h) +The maximum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. If the DNS +reply specifies a shorter TTL value, that value will be used unless +it would be smaller than postscreen_dnsbl_min_ttl. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +.PP +This feature is available in Postfix 3.1. The default setting +is backwards\-compatible with older Postfix versions. +.SH postscreen_dnsbl_min_ttl (default: 60s) +The minimum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. If the DNS +reply specifies a larger TTL value, that value will be used unless +it would be larger than postscreen_dnsbl_max_ttl. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +.PP +This feature is available in Postfix 3.1. .SH postscreen_dnsbl_reply_map (default: empty) A mapping from actual DNSBL domain name which includes a secret password, to the DNSBL domain name that postscreen will reply with @@ -4798,15 +4927,15 @@ This feature is available in Postfix 3.0. .SH postscreen_dnsbl_ttl (default: 1h) The amount of time that \fBpostscreen\fR(8) will use the result from -a successful DNS blocklist test. During this time, the client IP address -is excluded from this test. The default is relatively short, because a -good client can immediately talk to a real Postfix SMTP server. +a successful DNS\-based reputation test before a client +IP address is required to pass that test again. .PP Specify a non\-zero time value (an integral value plus an optional one\-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). .PP -This feature is available in Postfix 2.8. +This feature is available in Postfix 2.8\-3.0. It was +replaced by postscreen_dnsbl_max_ttl in Postfix 3.1. .SH postscreen_dnsbl_whitelist_threshold (default: 0) Allow a remote SMTP client to skip "before" and "after 220 greeting" protocol tests, based on its combined DNSBL score as @@ -5871,7 +6000,7 @@ .PP The non\-default setting "yes" enables the behavior of older Postfix versions. These always send a SASL authzid that is equal -to the SASL authcid, but this causes inter\-operability problems +to the SASL authcid, but this causes interoperability problems with some SMTP servers. .PP This feature is available in Postfix 2.4.4 and later. @@ -6077,7 +6206,10 @@ SMTP client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. This feature has no effect unless the inet_protocols setting enables both IPv4 and IPv6. -With Postfix 2.8 the default is "ipv6". +.PP +Postfix SMTP client address preference has evolved. With Postfix +2.8 the default is "ipv6"; earlier implementations are hard\-coded +to prefer IPv6 over IPv4. .PP Notes for mail delivery between sites that have both IPv4 and IPv6 connectivity: @@ -6871,7 +7003,7 @@ .SH smtp_reply_filter (default: empty) A mechanism to transform replies from remote SMTP servers one line at a time. This is a last\-resort tool to work around server -replies that break inter\-operability with the Postfix SMTP client. +replies that break interoperability with the Postfix SMTP client. Other uses involve fault injection to test Postfix's handling of invalid responses. .PP @@ -7035,11 +7167,10 @@ .ft R .SH smtp_sasl_password_maps (default: empty) Optional Postfix SMTP client lookup tables with one username:password -entry -per remote hostname or domain, or sender address when sender\-dependent -authentication is enabled. If no username:password entry is found, -then the Postfix SMTP client will not -attempt to authenticate to the remote host. +entry per sender, remote hostname or next\-hop domain. Per\-sender +lookup is done only when sender\-dependent authentication is enabled. +If no username:password entry is found, then the Postfix SMTP client +will not attempt to authenticate to the remote host. .PP The Postfix SMTP client opens the lookup table before going to chroot jail, so you can leave the password file in /etc/postfix. @@ -7304,7 +7435,7 @@ .SH smtp_tls_cipherlist (default: empty) Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy -to create inter\-operability problems by choosing a non\-default cipher +to create interoperability problems by choosing a non\-default cipher list. Do not use a non\-default TLS cipher list on hosts that deliver email to the public Internet: you will be unable to send email to servers that only support the ciphers you exclude. Using a restricted cipher list @@ -7331,6 +7462,35 @@ This feature is available in Postfix 2.6 and later. With earlier Postfix releases only the smtp_tls_mandatory_ciphers parameter is implemented, and opportunistic TLS always uses "export" or better (i.e. all) ciphers. +.SH smtp_tls_dane_insecure_mx_policy (default: dane) +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. The choices are: +.IP "\fBmay\fR" +The TLSA records will be ignored and TLS will be optional. If +the MX host does not appear to support STARTTLS, or the STARTTLS +handshake fails, mail may be sent in the clear. +.br +.IP "\fBencrypt\fR" +The TLSA records will signal a requirement to use TLS. While +TLS encryption will be required, authentication will not be performed. +.br +.IP "\fBdane\fR (default)" +The TLSA records will be used just as with "secure" MX records. +TLS encryption will be required, and, if at least one of the TLSA +records is "usable", authentication will be required. When +authentication succeeds, it will be logged only as "Trusted", not +"Verified", because the MX host name could have been forged. +.br +.br +Though with "insecure" MX records an active attacker can +compromise SMTP transport security by returning forged MX records, +such attacks are "tamper\-evident" since any forged MX hostnames +will be recorded in the mail logs. Attackers who place a high value +staying hidden may be deterred from forging MX records. +.PP +This feature is available in Postfix 3.1 and later. The \fBmay\fR +policy is backwards\-compatible with earlier Postfix versions. .SH smtp_tls_dcert_file (default: empty) File with the Postfix SMTP client DSA certificate in PEM format. This file may also contain the Postfix SMTP client private DSA key. @@ -7944,7 +8104,7 @@ .IP "\fBmay\fR" Opportunistic TLS. Since sending in the clear is acceptable, demanding stronger than default TLS security merely reduces -inter\-operability. The optional "ciphers", "exclude" and "protocols" +interoperability. The optional "ciphers", "exclude" and "protocols" attributes (available for opportunistic TLS with Postfix >= 2.6) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" configuration parameters. When opportunistic TLS @@ -8191,7 +8351,7 @@ Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext. Since sending in the clear is acceptable, demanding stronger than default TLS -security merely reduces inter\-operability. +security merely reduces interoperability. The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6) configuration parameters provide control over the protocols and cipher grade used with opportunistic TLS. With earlier releases the @@ -8669,6 +8829,21 @@ .fi .ad .ft R +.SH smtpd_client_auth_rate_limit (default: 0) +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. The time unit is specified +with the anvil_rate_time_unit configuration parameter. +.PP +By default, there is no limit on the number AUTH commands that a +client may send. +.PP +To disable this feature, specify a limit of 0. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 3.1 and later. .SH smtpd_client_connection_count_limit (default: 50) How many simultaneous connections any client is allowed to make to this service. By default, the limit is set to half @@ -9168,7 +9343,7 @@ .SH smtpd_command_filter (default: empty) A mechanism to transform commands from remote SMTP clients. This is a last\-resort tool to work around client commands that break -inter\-operability with the Postfix SMTP server. Other uses involve +interoperability with the Postfix SMTP server. Other uses involve fault injection to test Postfix's handling of invalid commands. .PP Specify the name of a "type:table" lookup table. The search @@ -9715,6 +9890,13 @@ closed. .PP This feature is available in Postfix 2.1 and later. +.SH smtpd_policy_service_policy_context (default: empty) +Optional information that the Postfix SMTP server specifies in +the "policy_context" attribute of a policy service request (originally, +to share the same service endpoint among multiple check_policy_service +clients). +.PP +This feature is available in Postfix 3.1 and later. .SH smtpd_policy_service_request_limit (default: 0) The maximal number of requests per SMTPD policy service connection, or zero (no limit). Once a connection reaches this limit, the @@ -10420,7 +10602,7 @@ .PP This feature is available in Postfix 2.3 and later. .SH smtpd_sender_login_maps (default: empty) -Optional lookup table with the SASL login names that own sender +Optional lookup table with the SASL login names that own the sender (MAIL FROM) addresses. .PP Specify zero or more "type:name" lookup tables, separated by @@ -10829,7 +11011,7 @@ This feature is available in Postfix 2.2 and later. .SH smtpd_tls_cipherlist (default: empty) Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS -cipher list. It is easy to create inter\-operability problems by choosing +cipher list. It is easy to create interoperability problems by choosing a non\-default cipher list. Do not use a non\-default TLS cipherlist for MX hosts on the public Internet. Clients that begin the TLS handshake, but are unable to agree on a common cipher, may not be able to send any @@ -10918,7 +11100,9 @@ This feature is available with Postfix version 2.2. .SH smtpd_tls_dh512_param_file (default: empty) File with DH parameters that the Postfix SMTP server should -use with export\-grade EDH ciphers. +use with export\-grade EDH ciphers. The default SMTP server cipher +grade is "medium" with Postfix releases after the middle of 2015, +and as a result export\-grade cipher suites are by default not used. .PP See also the discussion under the smtpd_tls_dh1024_param_file configuration parameter. @@ -11432,6 +11616,13 @@ under a non\-Postfix directory is redirected to the Postfix\-owned data_directory, and a warning is logged. .PP +As of Postfix 2.11 the preferred mechanism for session resumption +is RFC 5077 TLS session tickets, which don't require server\-side +storage. Consequently, for Postfix >= 2.11 this parameter should +generally be left empty. TLS session tickets require an OpenSSL +library (at least version 0.9.8h) that provides full support for +this TLS extension. See also smtpd_tls_session_cache_timeout. +.PP Example: .PP .nf @@ -12026,8 +12217,8 @@ This feature is available in Postfix 2.6 and later, when it is compiled and linked with OpenSSL 1.0.0 or later on platforms where EC algorithms have not been disabled by the vendor. -.SH tls_export_cipherlist (default: ALL:+RC4:@STRENGTH) -The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This +.SH tls_export_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "export" or higher grade ciphers. This defines the meaning of the "export" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. With Postfix @@ -12037,8 +12228,8 @@ encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. -.SH tls_high_cipherlist (default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) -The OpenSSL cipherlist for "HIGH" grade ciphers. This defines +.SH tls_high_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "high" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly @@ -12058,16 +12249,16 @@ certificate public\-key fingerprints, see TLS_README. .PP This feature is available in Postfix 2.9.6 and later. -.SH tls_low_cipherlist (default: ALL:!EXPORT:+RC4:@STRENGTH) -The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines +.SH tls_low_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "low" or higher grade ciphers. This defines the meaning of the "low" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. -.SH tls_medium_cipherlist (default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH) -The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This +.SH tls_medium_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "medium" or higher grade ciphers. This defines the meaning of the "medium" setting in smtpd_tls_ciphers, smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. This is the @@ -12332,7 +12523,9 @@ .SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file) File with DH parameters that the Postfix \fBtlsproxy\fR(8) server should use with export\-grade EDH ciphers. See smtpd_tls_dh512_param_file -for further details. +for further details. The default SMTP server cipher grade is +"medium" with Postfix releases after the middle of 2015, and as a +result export\-grade cipher suites are by default not used. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dkey_file (default: $smtpd_tls_dkey_file) @@ -12675,6 +12868,10 @@ limitation applies to many parameters whose name is a combination of a master.cf service name and a built\-in suffix (in this case: "_time_limit"). +.SH transport_transport_rate_delay (default: $default_transport_rate_delay) +A transport\-specific override for the default_transport_rate_delay +parameter value, where the initial \fItransport\fR in the parameter +name is the master.cf name of the message delivery transport. .SH trigger_timeout (default: 10s) The time limit for sending a trigger to a Postfix daemon (for example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). This time limit prevents @@ -13174,3 +13371,10 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA +.sp +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA +.sp +Viktor Dukhovni diff -Nru postfix-3.0.4/man/man5/postfix-wrapper.5 postfix-3.1.0/man/man5/postfix-wrapper.5 --- postfix-3.0.4/man/man5/postfix-wrapper.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/postfix-wrapper.5 2016-02-14 01:39:26.000000000 +0000 @@ -310,3 +310,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/regexp_table.5 postfix-3.1.0/man/man5/regexp_table.5 --- postfix-3.0.4/man/man5/regexp_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/regexp_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -196,3 +196,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/relocated.5 postfix-3.1.0/man/man5/relocated.5 --- postfix-3.0.4/man/man5/relocated.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/relocated.5 2016-02-14 01:39:26.000000000 +0000 @@ -185,3 +185,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/socketmap_table.5 postfix-3.1.0/man/man5/socketmap_table.5 --- postfix-3.0.4/man/man5/socketmap_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/socketmap_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -40,15 +40,17 @@ .ad .fi The socketmap protocol supports only the lookup request. +The request has the following form: +.IP "\fB\fIname\fB \fIkey\fR" +Search the named socketmap for the specified key. +.PP Postfix will not generate partial search keys such as domain names without one or more subdomains, network addresses without one or more least\-significant octets, or email addresses without the localpart, address extension or domain portion. This behavior is also found with cidr:, pcre:, and regexp: tables. -.IP "\fB\fIname\fB \fIkey\fR" -Search the named socketmap for the specified key. .SH "REPLY FORMAT" .na .nf @@ -100,9 +102,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi Socketmap support was introduced with Postfix version 2.10. .SH "AUTHOR(S)" .na @@ -111,3 +113,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/sqlite_table.5 postfix-3.1.0/man/man5/sqlite_table.5 --- postfix-3.0.4/man/man5/sqlite_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/sqlite_table.5 2016-02-14 00:57:59.000000000 +0000 @@ -101,28 +101,28 @@ This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the input key. SQL quoting is used to make sure that the input key does not add unexpected metacharacters. -.IP "\fB\fB%u\fR\fR" +.IP "\fB%u\fR" When the input key is an address of the form user@domain, \fB%u\fR is replaced by the SQL quoted local part of the address. Otherwise, \fB%u\fR is replaced by the entire search string. If the localpart is empty, the query is suppressed and returns no results. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When the input key is an address of the form user@domain, \fB%d\fR is replaced by the SQL quoted domain part of the address. Otherwise, the query is suppressed and returns no results. -.IP "\fB\fB%[SUD]\fR\fR" +.IP "\fB%[SUD]\fR" The upper\-case equivalents of the above expansions behave in the \fBquery\fR parameter identically to their lower\-case counter\-parts. With the \fBresult_format\fR parameter (see below), they expand the input key rather than the result value. -.IP "\fB\fB%[1\-9]\fR\fR" +.IP "\fB%[1\-9]\fR" The patterns %1, %2, ... %9 are replaced by the corresponding most significant component of the input key's domain. If the input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -161,21 +161,21 @@ to append (or prepend) text to the result. This parameter supports the following '%' expansions: .RS -.IP "\fB\fB%%\fR\fR" +.IP "\fB%%\fR" This is replaced by a literal '%' character. -.IP "\fB\fB%s\fR\fR" +.IP "\fB%s\fR" This is replaced by the value of the result attribute. When result is empty it is skipped. .IP "\fB%u\fR When the result attribute value is an address of the form user@domain, \fB%u\fR is replaced by the local part of the address. When the result has an empty localpart it is skipped. -.IP "\fB\fB%d\fR\fR" +.IP "\fB%d\fR" When a result attribute value is an address of the form user@domain, \fB%d\fR is replaced by the domain part of the attribute value. When the result is unqualified it is skipped. -.IP "\fB\fB%[SUD1\-9]\fR\fB" +.IP "\fB%[SUD1\-9]\fR" The upper\-case and decimal digit expansions interpolate the parts of the input key rather than the result. Their behavior is identical to that described with \fBquery\fR, @@ -293,9 +293,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi SQLite support was introduced with Postfix version 2.8. .SH "AUTHOR(S)" .na diff -Nru postfix-3.0.4/man/man5/tcp_table.5 postfix-3.1.0/man/man5/tcp_table.5 --- postfix-3.0.4/man/man5/tcp_table.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/tcp_table.5 2016-02-14 01:39:26.000000000 +0000 @@ -122,3 +122,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/transport.5 postfix-3.1.0/man/man5/transport.5 --- postfix-3.0.4/man/man5/transport.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/transport.5 2016-02-14 01:39:26.000000000 +0000 @@ -311,3 +311,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man5/virtual.5 postfix-3.1.0/man/man5/virtual.5 --- postfix-3.0.4/man/man5/virtual.5 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man5/virtual.5 2016-02-14 01:39:26.000000000 +0000 @@ -303,3 +303,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/anvil.8 postfix-3.1.0/man/man8/anvil.8 --- postfix-3.0.4/man/man8/anvil.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/anvil.8 2016-02-14 01:32:48.000000000 +0000 @@ -144,6 +144,27 @@ \fBstatus=0\fR \fBrate=\fInumber\fR .fi +.SH "AUTH RATE CONTROL" +.na +.nf +.ad +.fi +To register an AUTH request send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=auth\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of auth +requests per unit time for the (service, client) combination +specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi .SH "SECURITY" .na .nf @@ -256,9 +277,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The anvil service is available in Postfix 2.2 and later. @@ -269,3 +290,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/bounce.8 postfix-3.1.0/man/man8/bounce.8 --- postfix-3.0.4/man/man8/bounce.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/bounce.8 2016-02-14 01:32:47.000000000 +0000 @@ -159,3 +159,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/cleanup.8 postfix-3.1.0/man/man8/cleanup.8 --- postfix-3.0.4/man/man8/cleanup.8 2015-10-10 13:33:46.000000000 +0000 +++ postfix-3.1.0/man/man8/cleanup.8 2016-02-06 20:38:29.000000000 +0000 @@ -209,6 +209,12 @@ .IP "\fBmilter_header_checks (empty)\fR" Optional lookup tables for content inspection of message headers that are produced by Milter applications. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBmilter_macro_defaults (empty)\fR" +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. .SH "MIME PROCESSING CONTROLS" .na .nf @@ -455,3 +461,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/discard.8 postfix-3.1.0/man/man8/discard.8 --- postfix-3.0.4/man/man8/discard.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/discard.8 2016-02-14 01:32:48.000000000 +0000 @@ -106,9 +106,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi This service was introduced with Postfix version 2.2. .SH "AUTHOR(S)" .na @@ -121,3 +121,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/dnsblog.8 postfix-3.1.0/man/man8/dnsblog.8 --- postfix-3.0.4/man/man8/dnsblog.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/dnsblog.8 2015-07-12 00:12:57.000000000 +0000 @@ -26,8 +26,9 @@ If the IP address is listed under the DNS white/blacklist, the \fBdnsblog\fR(8) server logs the match and replies with the query arguments plus an address list with the resulting IP -addresses separated by whitespace. Otherwise it replies -with the query arguments plus an empty address list. Finally, +addresses, separated by whitespace, and the reply TTL. +Otherwise it replies with the query arguments plus an empty +address list and the reply TTL (\-1 if unavailable). Finally, The \fBdnsblog\fR(8) server closes the connection. .SH DIAGNOSTICS .ad @@ -93,3 +94,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/error.8 postfix-3.1.0/man/man8/error.8 --- postfix-3.0.4/man/man8/error.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/error.8 2016-02-14 01:32:47.000000000 +0000 @@ -123,3 +123,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/flush.8 postfix-3.1.0/man/man8/flush.8 --- postfix-3.0.4/man/man8/flush.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/flush.8 2016-02-14 01:32:48.000000000 +0000 @@ -159,9 +159,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi This service was introduced with Postfix version 1.0. .SH "AUTHOR(S)" .na @@ -170,3 +170,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/local.8 postfix-3.1.0/man/man8/local.8 --- postfix-3.0.4/man/man8/local.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/local.8 2016-02-14 01:32:47.000000000 +0000 @@ -616,9 +616,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR @@ -633,3 +633,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/master.8 postfix-3.1.0/man/man8/master.8 --- postfix-3.0.4/man/man8/master.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/master.8 2016-02-14 01:32:47.000000000 +0000 @@ -195,3 +195,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/oqmgr.8 postfix-3.1.0/man/man8/oqmgr.8 --- postfix-3.0.4/man/man8/oqmgr.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/oqmgr.8 2016-02-14 15:29:27.000000000 +0000 @@ -85,7 +85,7 @@ .IP "\fBslow start\fR" This strategy eliminates "thundering herd" problems by slowly adjusting the number of parallel deliveries to the same destination. -.IP "\fBround robin\fR +.IP "\fBround robin\fR" The queue manager sorts delivery requests by destination. Round\-robin selection prevents one destination from dominating deliveries to other destinations. @@ -287,7 +287,15 @@ The default amount of delay that is inserted between individual deliveries to the same destination; the resulting behavior depends on the value of the corresponding per\-destination recipient limit. -.IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay +.IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay\fR" +Idem, for delivery via the named message \fItransport\fR. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdefault_transport_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +deliveries over the same message delivery transport, regardless of +destination. +.IP "\fItransport\fB_transport_rate_delay $default_transport_rate_delay\fR" Idem, for delivery via the named message \fItransport\fR. .SH "SAFETY CONTROLS" .na @@ -300,6 +308,11 @@ .IP "\fBqmgr_ipc_timeout (60s)\fR" The time limit for the queue manager to send or receive information over an internal communication channel. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR" +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. .SH "MISCELLANEOUS CONTROLS" .na .nf @@ -374,3 +387,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/pickup.8 postfix-3.1.0/man/man8/pickup.8 --- postfix-3.0.4/man/man8/pickup.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/pickup.8 2016-02-14 01:32:47.000000000 +0000 @@ -123,3 +123,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/pipe.8 postfix-3.1.0/man/man8/pipe.8 --- postfix-3.0.4/man/man8/pipe.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/pipe.8 2016-02-14 01:32:47.000000000 +0000 @@ -462,3 +462,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/postscreen.8 postfix-3.1.0/man/man8/postscreen.8 --- postfix-3.0.4/man/man8/postscreen.8 2015-04-04 13:39:38.000000000 +0000 +++ postfix-3.1.0/man/man8/postscreen.8 2015-07-12 00:10:57.000000000 +0000 @@ -36,11 +36,11 @@ process. This minimizes the overhead for legitimate mail. By default, \fBpostscreen\fR(8) logs statistics and hands -off every connection to a Postfix SMTP server process, while +off each connection to a Postfix SMTP server process, while excluding clients in mynetworks from all tests (primarily, to avoid problems with non\-standard SMTP implementations -in network appliances). This mode is useful for non\-destructive -testing. +in network appliances). This default mode blocks no clients, +and is useful for non\-destructive testing. In a typical production setting, \fBpostscreen\fR(8) is configured to reject mail from clients that fail one or @@ -139,6 +139,10 @@ A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response to a remote SMTP client. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdns_ncache_ttl_fix_enable (no)\fR" +Enable a workaround for future libc incompatibility. .SH "TROUBLE SHOOTING CONTROLS" .na .nf @@ -307,9 +311,14 @@ .IP "\fBpostscreen_bare_newline_ttl (30d)\fR" The amount of time that \fBpostscreen\fR(8) will use the result from a successful "bare newline" SMTP protocol test. -.IP "\fBpostscreen_dnsbl_ttl (1h)\fR" -The amount of time that \fBpostscreen\fR(8) will use the result from -a successful DNS blocklist test. +.IP "\fBpostscreen_dnsbl_max_ttl (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)\fR" +The maximum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. +.IP "\fBpostscreen_dnsbl_min_ttl (60s)\fR" +The minimum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. .IP "\fBpostscreen_greet_ttl (1d)\fR" The amount of time that \fBpostscreen\fR(8) will use the result from a successful PREGREET test. @@ -438,3 +447,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/proxymap.8 postfix-3.1.0/man/man8/proxymap.8 --- postfix-3.0.4/man/man8/proxymap.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/proxymap.8 2016-02-14 01:32:48.000000000 +0000 @@ -218,9 +218,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The proxymap service was introduced with Postfix 2.0. @@ -231,3 +231,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/qmgr.8 postfix-3.1.0/man/man8/qmgr.8 --- postfix-3.0.4/man/man8/qmgr.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/qmgr.8 2016-02-14 15:29:27.000000000 +0000 @@ -85,7 +85,7 @@ .IP "\fBslow start\fR" This strategy eliminates "thundering herd" problems by slowly adjusting the number of parallel deliveries to the same destination. -.IP "\fBround robin\fR +.IP "\fBround robin\fR" The queue manager sorts delivery requests by destination. Round\-robin selection prevents one destination from dominating deliveries to other destinations. @@ -335,7 +335,15 @@ The default amount of delay that is inserted between individual deliveries to the same destination; the resulting behavior depends on the value of the corresponding per\-destination recipient limit. -.IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay +.IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay\fR" +Idem, for delivery via the named message \fItransport\fR. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdefault_transport_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +deliveries over the same message delivery transport, regardless of +destination. +.IP "\fItransport\fB_transport_rate_delay $default_transport_rate_delay\fR" Idem, for delivery via the named message \fItransport\fR. .SH "SAFETY CONTROLS" .na @@ -348,6 +356,11 @@ .IP "\fBqmgr_ipc_timeout (60s)\fR" The time limit for the queue manager to send or receive information over an internal communication channel. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR" +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. .SH "MISCELLANEOUS CONTROLS" .na .nf @@ -428,3 +441,8 @@ Patrik Rak Modra 6 155 00, Prague, Czech Republic + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/qmqpd.8 postfix-3.1.0/man/man8/qmqpd.8 --- postfix-3.0.4/man/man8/qmqpd.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/qmqpd.8 2016-02-14 01:32:48.000000000 +0000 @@ -181,9 +181,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi The qmqpd service was introduced with Postfix version 1.1. @@ -194,3 +194,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/scache.8 postfix-3.1.0/man/man8/scache.8 --- postfix-3.0.4/man/man8/scache.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/scache.8 2016-02-14 01:32:48.000000000 +0000 @@ -154,9 +154,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi This service was introduced with Postfix version 2.2. .SH "AUTHOR(S)" .na @@ -165,3 +165,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/showq.8 postfix-3.1.0/man/man8/showq.8 --- postfix-3.0.4/man/man8/showq.8 2015-01-29 22:21:00.000000000 +0000 +++ postfix-3.1.0/man/man8/showq.8 2015-12-28 00:10:33.000000000 +0000 @@ -13,7 +13,8 @@ .ad .fi The \fBshowq\fR(8) daemon reports the Postfix mail queue status. -It is the program that emulates the sendmail `mailq' command. +The output is meant to be formatted by the postqueue(1) command, +as it emulates the Sendmail `mailq' command. The \fBshowq\fR(8) daemon can also be run in stand\-alone mode by the superuser. This mode of operation is used to emulate @@ -111,3 +112,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/smtp.8 postfix-3.1.0/man/man8/smtp.8 --- postfix-3.0.4/man/man8/smtp.8 2015-07-19 22:34:32.000000000 +0000 +++ postfix-3.1.0/man/man8/smtp.8 2016-02-14 01:09:40.000000000 +0000 @@ -112,6 +112,7 @@ RFC 5321 (SMTP protocol) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) +RFC 7672 (SMTP security via opportunistic DANE TLS) .SH DIAGNOSTICS .ad .fi @@ -314,9 +315,7 @@ Enable SASL authentication in the Postfix SMTP client. .IP "\fBsmtp_sasl_password_maps (empty)\fR" Optional Postfix SMTP client lookup tables with one username:password -entry -per remote hostname or domain, or sender address when sender\-dependent -authentication is enabled. +entry per sender, remote hostname or next\-hop domain. .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" Postfix SMTP client SASL security options; as of Postfix 2.3 the list of available @@ -434,14 +433,14 @@ The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). -.IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "HIGH" grade ciphers. -.IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. -.IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "LOW" or higher grade ciphers. -.IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. @@ -499,6 +498,12 @@ .IP "\fBsmtp_tls_wrappermode (no)\fR" Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf @@ -735,6 +740,11 @@ .IP "\fBsmtp_address_verify_target (rcpt)\fR" In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. +.PP +Available with Postfix 3.1 and later: +.IP "\fBlmtp_fallback_relay (empty)\fR" +Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. .SH "SEE ALSO" .na .nf @@ -774,6 +784,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + Command pipelining in cooperation with: Jon Ribbens Oaktree Internet Solutions Ltd., diff -Nru postfix-3.0.4/man/man8/smtpd.8 postfix-3.1.0/man/man8/smtpd.8 --- postfix-3.0.4/man/man8/smtpd.8 2015-07-19 22:34:32.000000000 +0000 +++ postfix-3.1.0/man/man8/smtpd.8 2016-02-06 20:38:29.000000000 +0000 @@ -65,6 +65,7 @@ RFC 5321 (SMTP protocol) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) +RFC 7505 ("Null MX" No Service Resource Record) .SH DIAGNOSTICS .ad .fi @@ -95,7 +96,7 @@ .ad .fi .IP "\fBbroken_sasl_auth_clients (no)\fR" -Enable inter\-operability with remote SMTP clients that implement an obsolete +Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). .IP "\fBdisable_vrfy_command (no)\fR" Disable the SMTP VRFY command. @@ -277,6 +278,12 @@ .IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" The macros that are sent to Milter (mail filter) applications after the message end\-of\-data. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBmilter_macro_defaults (empty)\fR" +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. .SH "GENERAL CONTENT INSPECTION CONTROLS" .na .nf @@ -310,7 +317,7 @@ Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. .IP "\fBbroken_sasl_auth_clients (no)\fR" -Enable inter\-operability with remote SMTP clients that implement an obsolete +Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). .IP "\fBsmtpd_sasl_auth_enable (no)\fR" Enable SASL authentication in the Postfix SMTP server. @@ -323,7 +330,7 @@ features depends on the SASL server implementation that is selected with \fBsmtpd_sasl_type\fR. .IP "\fBsmtpd_sender_login_maps (empty)\fR" -Optional lookup table with the SASL login names that own sender +Optional lookup table with the SASL login names that own the sender (MAIL FROM) addresses. .PP Available in Postfix version 2.1 and later: @@ -438,14 +445,14 @@ The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). -.IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "HIGH" grade ciphers. -.IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. -.IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "LOW" or higher grade ciphers. -.IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" -The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. @@ -739,6 +746,12 @@ time limit per read or write system call, to a time limit to send or receive a complete record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtpd_client_auth_rate_limit (0)\fR" +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. .SH "TARPIT CONTROLS" .na .nf @@ -801,6 +814,13 @@ .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR" The delay between attempts to resend a failed SMTPD policy service request. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtpd_policy_service_policy_context (empty)\fR" +Optional information that the Postfix SMTP server specifies in +the "policy_context" attribute of a policy service request (originally, +to share the same service endpoint among multiple check_policy_service +clients). .SH "ACCESS CONTROLS" .na .nf @@ -1119,6 +1139,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + SASL support originally by: Till Franke SuSE Rhein/Main AG diff -Nru postfix-3.0.4/man/man8/spawn.8 postfix-3.1.0/man/man8/spawn.8 --- postfix-3.0.4/man/man8/spawn.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/spawn.8 2016-02-14 01:32:48.000000000 +0000 @@ -147,3 +147,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/tlsmgr.8 postfix-3.1.0/man/man8/tlsmgr.8 --- postfix-3.0.4/man/man8/tlsmgr.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/tlsmgr.8 2016-02-14 01:32:48.000000000 +0000 @@ -177,9 +177,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi This service was introduced with Postfix version 2.2. .SH "AUTHOR(S)" .na @@ -195,3 +195,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/tlsproxy.8 postfix-3.1.0/man/man8/tlsproxy.8 --- postfix-3.0.4/man/man8/tlsproxy.8 2015-07-19 13:13:28.000000000 +0000 +++ postfix-3.1.0/man/man8/tlsproxy.8 2016-02-14 01:32:48.000000000 +0000 @@ -203,9 +203,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi This service was introduced with Postfix version 2.8. @@ -216,3 +216,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/trivial-rewrite.8 postfix-3.1.0/man/man8/trivial-rewrite.8 --- postfix-3.0.4/man/man8/trivial-rewrite.8 2015-01-30 00:55:20.000000000 +0000 +++ postfix-3.1.0/man/man8/trivial-rewrite.8 2016-02-14 01:32:48.000000000 +0000 @@ -313,3 +313,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/verify.8 postfix-3.1.0/man/man8/verify.8 --- postfix-3.0.4/man/man8/verify.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/verify.8 2016-02-14 01:09:40.000000000 +0000 @@ -225,9 +225,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi This service was introduced with Postfix version 2.1. @@ -238,3 +238,8 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff -Nru postfix-3.0.4/man/man8/virtual.8 postfix-3.1.0/man/man8/virtual.8 --- postfix-3.0.4/man/man8/virtual.8 2015-01-29 22:21:01.000000000 +0000 +++ postfix-3.1.0/man/man8/virtual.8 2016-02-14 01:32:48.000000000 +0000 @@ -306,9 +306,9 @@ .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi This delivery agent was originally based on the Postfix local delivery @@ -329,6 +329,11 @@ P.O. Box 704 Yorktown Heights, NY 10598, USA +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + Andrew McNamara andrewm@connect.com.au connect.com.au Pty. Ltd. diff -Nru postfix-3.0.4/mantools/html2readme postfix-3.1.0/mantools/html2readme --- postfix-3.0.4/mantools/html2readme 2014-10-09 17:33:59.000000000 +0000 +++ postfix-3.1.0/mantools/html2readme 2016-01-16 23:44:07.000000000 +0000 @@ -1,6 +1,6 @@ #!/bin/sh -HTML2TEXT="html2text -style pretty -rcfile html2text.rc" +HTML2TEXT="html2text -ascii -style pretty -rcfile html2text.rc" #case $# in # 0) $HTML2TEXT;; diff -Nru postfix-3.0.4/mantools/postlink postfix-3.1.0/mantools/postlink --- postfix-3.0.4/mantools/postlink 2015-01-18 00:06:00.000000000 +0000 +++ postfix-3.1.0/mantools/postlink 2016-02-08 22:34:51.000000000 +0000 @@ -89,6 +89,7 @@ s;\baddress_verify_service_name\b;$&;g; s;\baddress_verify_transport_maps\b;$&;g; s;\baddress_verify_virtual_transport\b;$&;g; + s;\baddress_verify_pending_request_limit\b;$&;g; s;\bsmtp_address_verify_target\b;$&;g; s;\blmtp_address_verify_target\b;$&;g; s;\balias_database\b;$&;g; @@ -360,6 +361,7 @@ s;\bnewaliases_path\b;$&;g; s;\bnon_fqdn_reject_code\b;$&;g; s;\bnotify_classes\b;$&;g; + s;\bopenssl_path\b;$&;g; s;\bowner_request_special\b;$&;g; s;\bpar[-]*\n* *[]*ent_domain_matches_subdomains\b;$&;g; s;\bpermit_mx_backup_networks\b;$&;g; @@ -394,6 +396,7 @@ s;\bdefault_desti[-]*\n* *[]*na[-]*\n* *[]*tion_con[-]*\n* *[]*currency_failed_cohort_limit\b;$&;g; s;\bdestination_concurrency_feedback_debug\b;$&;g; s;\bdefault_destina[-]*\n* *[]*tion_rate_delay\b;$&;g; + s;\bdefault_trans[-<\/bB>]*\n*[ ]*port_rate_delay\b;$&;g; s;\bmeta_directory\b;$&;g; s;\bqmqpd_client_port_logging\b;$&;g; @@ -520,6 +523,7 @@ s;\bsmtpd_autho[-]*\n*[ ]*rized_xclient_hosts\b;$&;g; s;\bsmtpd_autho[-]*\n*[ ]*rized_xforward_hosts\b;$&;g; s;\bsmtpd_ban[-]*\n*[ ]*ner\b;$&;g; + s;\bsmtpd_client_auth_rate_limit\b;$&;g; s;\bsmtpd_client_connec[-]*\n*[ ]*tion_count_limit\b;$&;g; s;\bsmtpd_client_event_limit_exceptions\b;$&;g; s;\bsmtpd_client_connec[-]*\n*[ ]*tion_rate_limit\b;$&;g; @@ -556,6 +560,7 @@ s;\bsmtpd_policy_service_default_action\b;$&;g; s;\bsmtpd_policy_service_try_limit\b;$&;g; s;\bsmtpd_policy_service_retry_delay\b;$&;g; + s;\bsmtpd_policy_service_policy_context\b;$&;g; s;\bsmtpd_proxy_ehlo\b;$&;g; s;\bsmtpd_proxy_filter\b;$&;g; s;\bsmtpd_proxy_timeout\b;$&;g; @@ -633,6 +638,7 @@ s;\bsmtp_enforce_tls\b;$&;g; s;\bsmtp_fallback_relay\b;$&;g; + s;\blmtp_fallback_relay\b;$&;g; s;\bsmtp_[-]*\n* *[]*sasl_[-]*\n* *[]*tls_[-]*\n* *[]*secu[-]*\n* *[]*rity_options\b;$&;g; s;\bsmtp_sasl_tls_verified_secu[-]*\n* *[]*rity_options\b;$&;g; s;\bsmtp_sasl_type\b;$&;g; @@ -667,6 +673,7 @@ s;\bsmtp_tls_session_cache_database\b;$&;g; s;\bsmtp_tls_session_cache_timeout\b;$&;g; s;\bsmtp_tls_block_early_mail_reply\b;$&;g; + s;\bsmtp_tls_dane_insecure_mx_policy\b;$&;g; s;\bsmtp_tls_force_insecure_host_tlsa_lookup\b;$&;g; s;\bsmtp_tls_wrappermode\b;$&;g; s;\bsmtp_use_tls\b;$&;g; @@ -740,7 +747,8 @@ s;\btls_dane_digests\b;$&;g; s;\btls_wildcard_matches_multiple_labels\b;$&;g; s;\btls_session_ticket_cipher\b;$&;g; - + s;\btls_ssl_options\b;$&;g; + s;\bfrozen_delivered_to\b;$&;g; s;\breset_owner_alias\b;$&;g; s;\benable_long_queue_ids\b;$&;g; @@ -763,6 +771,7 @@ s;(transport)()?(_recipient_refill_limit)\b;$2$1$3;g; s;(transport)()?(_time_limit)\b;$2$1$3;g; s;(transport)()?(_destination_rate_delay)\b;$2$1$3;g; + s;(transport)()?(_transport_rate_delay)\b;$2$1$3;g; # Undo hyperlinks of manual pages with the same name as parameters. @@ -807,6 +816,7 @@ s/[]*post[-<\/bB>]*\n*[ ]*conf[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*postdrop[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*post[-<\/bB>]*\n* *[]*fix[<\/bB>]*\(1\)/$&<\/a>/g; + s/[]*post[-<\/bB>]*\n* *[]*fix-tls[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*postkick[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*postlock[<\/bB>]*\(1\)/$&<\/a>/g; s/[]*postlog[<\/bB>]*\(1\)/$&<\/a>/g; @@ -969,6 +979,7 @@ s;\bmilter_end_of_data_macros\b;$&;g; s;\bmilter_end_of_header_macros\b;$&;g; s;\bmilter_header_checks\b;$&;g; + s;\bmilter_macro_defaults\b;$&;g; # Multi-instance support s;\bmulti_instance_directo[-]*\n*[ ]*ries\b;$&;g; @@ -978,6 +989,7 @@ s;\bmulti_instance_enable\b;$&;g; # postscreen + s;\bdns_ncache_ttl_fix_enable\b;$&;g; s;\bdnsblog_reply_delay\b;$&;g; s;\bpostscreen_cache_map\b;$&;g; s;\bpostscreen_cache_cleanup_interval\b;$&;g; @@ -1002,6 +1014,8 @@ s;\bpostscreen_dnsbl_thresh[-]*\n* *[]*old\b;$&;g; s;\bpostscreen_dnsbl_whitelist_thresh[-]*\n* *[]*old\b;$&;g; s;\bpostscreen_dnsbl_action\b;$&;g; + s;\bpostscreen_dnsbl_max_ttl\b;$&;g; + s;\bpostscreen_dnsbl_min_ttl\b;$&;g; s;\bpostscreen_dnsbl_ttl\b;$&;g; s;\bpostscreen_dnsbl_timeout\b;$&;g; s;\bpostscreen_for[-]*\n*[ ]*bid[-]*\n* *[]*den_commands\b;$&;g; @@ -1119,6 +1133,7 @@ s/\b"*deferred"* *queues*\b/$&<\/a>/; s/\b"*hold"* *queues*\b/$&<\/a>/; s/\b("*hold"*),/$1<\/a>,/; + s/\b(postfix *tls)\b/$1<\/a>/; # Hyperlink map types. diff -Nru postfix-3.0.4/mantools/srctoman postfix-3.1.0/mantools/srctoman --- postfix-3.0.4/mantools/srctoman 2015-01-26 23:02:12.000000000 +0000 +++ postfix-3.1.0/mantools/srctoman 2016-02-07 01:03:01.000000000 +0000 @@ -87,6 +87,9 @@ /^DIAGNOSTICS/s//.SH &\ .ad\ .fi/ + /^HISTORY/s//.SH &\ +.ad\ +.fi/ /^[A-Z][A-Z][A-Z][^a-z]*$/s//.SH "&"\ .na\ .nf/ diff -Nru postfix-3.0.4/postfix-install postfix-3.1.0/postfix-install --- postfix-3.0.4/postfix-install 2015-01-29 22:15:30.000000000 +0000 +++ postfix-3.1.0/postfix-install 2016-01-03 00:25:23.000000000 +0000 @@ -183,6 +183,11 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- # Initialize. @@ -199,6 +204,11 @@ # Override all LC_* settings and LANG for robustness. LC_ALL=C; export LC_ALL +if [ -n "$SHLIB_ENV_VAR" ]; then + junk="${SHLIB_ENV_VAL}" + eval export "$SHLIB_ENV_VAR=\$junk" +fi + USAGE="Usage: $0 [name=value] [option] -non-interactive Do not ask for installation parameters. -package Build a ready-to-install package. @@ -211,10 +221,11 @@ for arg do case $arg in - *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; --non-int*) non_interactive=1;; - -package) need_install_root=install_root;; - *) echo "$0: Error: $USAGE" 1>&2; exit 1;; +*[" "]*) echo "$0: Error: argument contains whitespace: '$arg'"; exit 1;; + *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; + -non-int*) non_interactive=1;; + -package) need_install_root=install_root;; + *) echo "$0: Error: $USAGE" 1>&2; exit 1;; esac shift done @@ -592,6 +603,17 @@ esac done +# Don't allow space or tab in parameter settings. + +for name in $CONFIG_PARAMS sample_directory +do + eval junk=\$$name + case "$junk" in +*"[ ]"*) echo "$0: Error: $name value contains whitespace: '$junk'" 1>&2 + exit 1;; + esac +done + test -d $tempdir || mkdir -p $tempdir || exit 1 trap "rm -f $tempdir/junk" 0 1 2 3 15 diff -Nru postfix-3.0.4/proto/access postfix-3.1.0/proto/access --- postfix-3.0.4/proto/access 2015-02-08 17:03:39.000000000 +0000 +++ postfix-3.1.0/proto/access 2016-02-14 01:38:56.000000000 +0000 @@ -340,10 +340,11 @@ # This feature is available in Postfix 2.1 and later. # .IP "\fBREDIRECT \fIuser@domain\fR" # After the message is queued, send the message to the specified -# address instead of the intended recipient(s). +# address instead of the intended recipient(s). When multiple +# \fBREDIRECT\fR actions fire, only the last one takes effect. # .sp -# Note: this action overrides the FILTER action, and currently affects -# all recipients of the message. +# Note: this action overrides the FILTER action, and currently +# overrides all recipients of the message. # .sp # This feature is available in Postfix 2.1 and later. # .IP "\fBINFO \fIoptional text...\fR @@ -468,4 +469,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/aliases postfix-3.1.0/proto/aliases --- postfix-3.0.4/proto/aliases 2012-10-15 16:49:01.000000000 +0000 +++ postfix-3.1.0/proto/aliases 2016-02-14 01:38:56.000000000 +0000 @@ -195,4 +195,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/BASIC_CONFIGURATION_README.html postfix-3.1.0/proto/BASIC_CONFIGURATION_README.html --- postfix-3.0.4/proto/BASIC_CONFIGURATION_README.html 2011-10-01 00:51:52.000000000 +0000 +++ postfix-3.1.0/proto/BASIC_CONFIGURATION_README.html 2016-02-12 11:29:04.000000000 +0000 @@ -254,9 +254,10 @@

    By default, Postfix will forward mail from clients in authorized network blocks to any destination. Authorized networks are defined -with the mynetworks configuration parameter. The default is to -authorize all clients in the IP subnetworks that the local machine -is attached to.

    +with the mynetworks configuration parameter. The current default is to +authorize the local machine only. Prior to Postfix 3.0, the default +was to authorize all clients in the IP subnetworks that the local +machine is attached to.

    Postfix can also be configured to relay mail from "mobile" clients that send mail from outside an authorized network block. diff -Nru postfix-3.0.4/proto/bounce postfix-3.1.0/proto/bounce --- postfix-3.0.4/proto/bounce 2015-01-29 22:33:24.000000000 +0000 +++ postfix-3.1.0/proto/bounce 2016-02-14 01:38:56.000000000 +0000 @@ -206,4 +206,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/canonical postfix-3.1.0/proto/canonical --- postfix-3.0.4/proto/canonical 2013-04-11 21:47:32.000000000 +0000 +++ postfix-3.1.0/proto/canonical 2016-02-14 01:38:56.000000000 +0000 @@ -242,4 +242,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/cidr_table postfix-3.1.0/proto/cidr_table --- postfix-3.0.4/proto/cidr_table 2013-11-19 14:09:02.000000000 +0000 +++ postfix-3.1.0/proto/cidr_table 2016-02-14 01:38:56.000000000 +0000 @@ -97,4 +97,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/COMPATIBILITY_README.html postfix-3.1.0/proto/COMPATIBILITY_README.html --- postfix-3.0.4/proto/COMPATIBILITY_README.html 2015-01-29 22:33:24.000000000 +0000 +++ postfix-3.1.0/proto/COMPATIBILITY_README.html 2015-02-20 21:43:45.000000000 +0000 @@ -267,10 +267,15 @@ setting smtputf8_enable=no

    The smtputf8_enable default value has changed from "no" to "yes. -As long as the smtputf8_enable parameter is left at its implicit +With the new "yes" setting, the Postfix SMTP server rejects non-ASCII +addresses from clients that don't request SMTPUTF8 support. With +the old "no" setting, Postfix will accept such addresses, even if +such addresses are not permitted by traditional SMTP standards.

    + +

    As long as the smtputf8_enable parameter is left at its implicit default value, and the backwards-compatible default setting is turned on, Postfix logs a warning each time an SMTP command uses a -non-ASCII address localpart:

    +non-ASCII address localpart without requesting SMTPUTF8 support: 

    diff -Nru postfix-3.0.4/proto/DATABASE_README.html postfix-3.1.0/proto/DATABASE_README.html
--- postfix-3.0.4/proto/DATABASE_README.html	2014-11-26 23:32:58.000000000 +0000
+++ postfix-3.1.0/proto/DATABASE_README.html	2015-10-10 13:21:48.000000000 +0000
@@ -313,7 +313,7 @@
 name as used in "hash:table" is the database file name without the
 ".db" suffix.  
 
-
     inline (read-only) 
    
+
     inline (read-only) 
    
 
 
     A non-shared, in-memory lookup table. Example: "inline:{
 key=value, { key = text with whitespace or comma }}".
diff -Nru postfix-3.0.4/proto/DEBUG_README.html postfix-3.1.0/proto/DEBUG_README.html
--- postfix-3.0.4/proto/DEBUG_README.html	2011-10-13 18:33:32.000000000 +0000
+++ postfix-3.1.0/proto/DEBUG_README.html	2015-04-04 22:44:40.000000000 +0000
@@ -554,8 +554,16 @@
 by "D" so that the helpers can still recognize syntactical errors.
 
    
 
-
  •  
     Output from "postconf -n". Please do not send your
-main.cf file, or 500+ lines of postconf output. 
    
+
  •  
     Command output from:
    
+
+
      
+
+
    •  
       "postconf -n". Please do not send your main.cf file,
+or 1000+ lines of postconf command output. 
      
+
+
    •  
       "postconf -Mf" (Postfix 2.9 or later). 
      
+
+
    
 
 
  •  
     Better, provide output from the postfinger tool.
 This can be found at http://ftp.wl0.org/SOURCES/postfinger.  
    
diff -Nru postfix-3.0.4/proto/FORWARD_SECRECY_README.html postfix-3.1.0/proto/FORWARD_SECRECY_README.html
--- postfix-3.0.4/proto/FORWARD_SECRECY_README.html	2014-01-27 22:17:03.000000000 +0000
+++ postfix-3.1.0/proto/FORWARD_SECRECY_README.html	2015-07-21 22:46:51.000000000 +0000
@@ -180,7 +180,8 @@
 with no additional configuration, but you may want to override the
 default prime to be 2048 bits long, and you may want to regenerate
 your primes periodically. See the quick-start
-section for details.  
    
+section for details.  With Postfix ≥ 3.1 the out of the box
+(compiled-in) EDH prime size is 2048 bits.  
    
 
 
     With prime-field EDH, OpenSSL wants the server to provide
 two explicitly-selected (prime, generator) combinations.  One for
@@ -195,7 +196,9 @@
 "export" ciphers.  To use a non-default prime, generate a 512-bit
 DH parameter file and set smtpd_tls_dh512_param_file to the filename
 (see the quick-start section for details).
-
    
+With Postfix releases after the middle of 2015 the default opportunistic
+TLS cipher grade (smtpd_tls_ciphers) is "medium" or stronger, and
+export ciphers are no longer used.  
    
 
 
  •  
     The non-export EDH parameters are used for all other EDH
 cipher suites.  To use a non-default prime, generate a 1024-bit or
@@ -207,10 +210,11 @@
 
 
 
-
     It turns out that (inadvisably-patched in some Debian releases)
-Exim SMTP clients require a ≥ 2048-bit length for the non-export
-prime.  See the quick-start section for
-the recommended configuration to work around this issue.  
    
+
     As of mid-2015, SMTP clients are starting to reject TLS
+handshakes with primes smaller than 2048 bits.  Each site needs to
+determine which prime size works best for the majority of its
+clients.  See the quick-start section
+for the recommended configuration to work around this issue.  
    
 
 
     EECDH Server support 
    
 
@@ -266,15 +270,16 @@
 
     The default Postfix SMTP client cipher lists are correctly
 ordered to prefer EECDH and EDH cipher suites ahead of similar
 cipher suites that don't implement forward secrecy.  Administrators
-are strongly discouraged from changing the cipher list definitions.
-It is likely safe to set "smtp_tls_ciphers = medium" if you wish
-to disable the obsolete "export" and "low" grade ciphers even with
-opportunistic TLS.  Setting a minimum strength does not change the
-preference
-order.  Note that strengths higher than "medium" exclude Exchange
-2003 and likely other widely used MTAs, thus "high" grade ciphers
-should only be used on a case-by-case basis via the TLS policy table. 
    
+are strongly discouraged from changing the cipher list definitions. 
    
+
+
     The default minimum cipher grade for opportunistic TLS is
+"medium" for Postfix releases after the middle of 2015, "export"
+for older releases. Changing the minimum cipher grade does not
+change the cipher preference order.  Note that cipher grades higher
+than "medium" exclude Exchange 2003 and likely other MTAs, thus a
+"high" cipher grade should be chosen only on a case-by-case basis
+via the TLS policy
+table. 
    
 
 
    Getting started, quick and dirty
    
 
@@ -351,7 +356,10 @@
 /etc/postfix/master.cf:
     submission inet n       -       n       -       -       smtpd
 	# Some submission clients may not yet do 2048-bit EDH, if such
-	# clients use your MSA, configure 1024-bit EDH instead:
+	# clients use your MSA, configure 1024-bit EDH instead.  However,
+	# as of mid-2015, many submission clients no longer accept primes
+	# with less than 2048-bits.  Each site needs to determine which
+	# type of client is more important to support.
 	-o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
 	-o smtpd_tls_security_level=encrypt
 	-o smtpd_sasl_auth_enable=yes
@@ -551,8 +559,8 @@
 
      Postfix SMTP server: The status is never "Verified",
 because the Postfix SMTP server never verifies the remote SMTP
 client name against the names in the client certificate, and because
-the Postfix SMTP does not expect a specific fingerprint in the
-client public key or certificate.  
    
+the Postfix SMTP server does not expect a specific fingerprint in
+the client public key or certificate.  
    
 
 
    • 
 
diff -Nru postfix-3.0.4/proto/generic postfix-3.1.0/proto/generic
--- postfix-3.0.4/proto/generic	2007-03-26 23:29:12.000000000 +0000
+++ postfix-3.1.0/proto/generic	2016-02-14 01:38:56.000000000 +0000
@@ -224,4 +224,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/header_checks postfix-3.1.0/proto/header_checks
--- postfix-3.0.4/proto/header_checks	2015-01-29 22:33:24.000000000 +0000
+++ postfix-3.1.0/proto/header_checks	2016-02-14 01:38:56.000000000 +0000
@@ -163,7 +163,8 @@
 #	Action names are case insensitive. They are shown in upper case
 #	for consistency with other Postfix documentation.
 # .IP "\fBBCC \fIuser@domain\fR"
-#	Add the specified address as a BCC recipient. The address
+#	Add the specified address as a BCC recipient, and inspect
+#	the next input line. The address
 #	must have a local part and domain part. The number of BCC
 #	addresses that can be added is limited only by the amount
 #	of available storage space.
@@ -208,6 +209,7 @@
 # \"	This feature is available in Postfix 2.3 and later.
 # .IP "\fBDISCARD \fIoptional text...\fR"
 #	Claim successful delivery and silently discard the message.
+#	Do not inspect the remainder of the input message.
 #	Log the optional text if specified, otherwise log a generic
 #	message.
 # .sp
@@ -228,6 +230,8 @@
 # .sp
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBFILTER \fItransport:destination\fR"
+#	Override the content_filter parameter setting, and inspect
+#	the next input line.
 #	After the message is queued, send the entire message through
 #	the specified external content filter. The \fItransport\fR
 #	name specifies the first field of a mail delivery agent
@@ -346,9 +350,10 @@
 #	the way that Postfix adds missing message headers.
 # .RE
 # .IP "\fBREJECT \fIoptional text...\fR
-#	Reject the entire message. Reply with \fIoptional text...\fR when
-#	the optional text is specified, otherwise reply with a generic error
-#	message.
+#	Reject the entire message. Do not inspect the remainder of
+#	the input message.  Reply with \fIoptional text...\fR when
+#	the optional text is specified, otherwise reply with a
+#	generic error message.
 # .sp
 #	Note: this action disables further header or body_checks inspection
 #	of the current message and affects all recipients.
@@ -488,4 +493,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/INSTALL.html postfix-3.1.0/proto/INSTALL.html
--- postfix-3.0.4/proto/INSTALL.html	2015-10-10 13:49:16.000000000 +0000
+++ postfix-3.1.0/proto/INSTALL.html	2016-01-31 21:05:46.000000000 +0000
@@ -686,6 +686,8 @@
 
  newaliases_path /usr/bin/newaliases 
 
+ openssl_path openssl 
+
  queue_directory /var/spool/postfix 
 
  readme_directory no 
diff -Nru postfix-3.0.4/proto/ldap_table postfix-3.1.0/proto/ldap_table
--- postfix-3.0.4/proto/ldap_table	2015-01-29 12:16:38.000000000 +0000
+++ postfix-3.1.0/proto/ldap_table	2016-02-12 20:24:44.000000000 +0000
@@ -148,30 +148,30 @@
 #	With Postfix 2.2 and later this parameter supports the
 #	following '%' expansions:
 # .RS
-# .IP "\fB\fB%%\fR\fR"
+# .IP "\fB%%\fR"
 #	This is replaced by a literal '%' character.
-# .IP "\fB\fB%s\fR\fR"
+# .IP "\fB%s\fR"
 #	This is replaced by the input key.
 #	RFC 2253 quoting is used to make sure that the input key
 #	does not add unexpected metacharacters.
-# .IP "\fB\fB%u\fR\fR"
+# .IP "\fB%u\fR"
 #	When the input key is an address of the form user@domain, \fB%u\fR
 #	is replaced by the (RFC 2253) quoted local part of the address.
 #	Otherwise, \fB%u\fR is replaced by the entire search string.
 #	If the localpart is empty, the search is suppressed and returns
 #	no results.
-# .IP "\fB\fB%d\fR\fR"
+# .IP "\fB%d\fR"
 #	When the input key is an address of the form user@domain, \fB%d\fR
 #	is replaced by the (RFC 2253) quoted domain part of the address.
 #	Otherwise, the search is suppressed and returns no results.
-# .IP "\fB\fB%[SUD]\fR\fR"
+# .IP "\fB%[SUD]\fR"
 #	For the \fBsearch_base\fR parameter, the upper-case equivalents
 #	of the above expansions behave identically to their lower-case
 #	counter-parts. With the \fBresult_format\fR parameter (previously
 #	called \fBresult_filter\fR see the COMPATIBILITY section and below),
 #	they expand to the corresponding components of input key rather
 #	than the result value.
-# .IP "\fB\fB%[1-9]\fR\fR"
+# .IP "\fB%[1-9]\fR"
 #	The patterns %1, %2, ... %9 are replaced by the corresponding
 #	most significant component of the input key's domain. If the
 #	input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
@@ -191,23 +191,23 @@
 #
 #	This parameter supports the following '%' expansions:
 # .RS
-# .IP "\fB\fB%%\fR\fR"
+# .IP "\fB%%\fR"
 #	This is replaced by a literal '%' character. (Postfix 2.2 and later).
-# .IP "\fB\fB%s\fR\fR"
+# .IP "\fB%s\fR"
 #	This is replaced by the input key.
 #	RFC 2254 quoting is used to make sure that the input key
 #	does not add unexpected metacharacters.
-# .IP "\fB\fB%u\fR\fR"
+# .IP "\fB%u\fR"
 #	When the input key is an address of the form user@domain, \fB%u\fR
 #	is replaced by the (RFC 2254) quoted local part of the address.
 #	Otherwise, \fB%u\fR is replaced by the entire search string.
 #	If the localpart is empty, the search is suppressed and returns
 #	no results.
-# .IP "\fB\fB%d\fR\fR"
+# .IP "\fB%d\fR"
 #	When the input key is an address of the form user@domain, \fB%d\fR
 #	is replaced by the (RFC 2254) quoted domain part of the address.
 #	Otherwise, the search is suppressed and returns no results.
-# .IP "\fB\fB%[SUD]\fR\fR"
+# .IP "\fB%[SUD]\fR"
 #	The upper-case equivalents of the above expansions behave in the
 #	\fBquery_filter\fR parameter identically to their lower-case
 #	counter-parts. With the \fBresult_format\fR parameter (previously
@@ -217,7 +217,7 @@
 # .IP
 #	The above %S, %U and %D expansions are available with Postfix 2.2
 #	and later.
-# .IP "\fB\fB%[1-9]\fR\fR"
+# .IP "\fB%[1-9]\fR"
 #	The patterns %1, %2, ... %9 are replaced by the corresponding
 #	most significant component of the input key's domain. If the
 #	input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
@@ -243,21 +243,21 @@
 #	to append (or prepend) text to the result. This parameter supports
 #	the following '%' expansions:
 # .RS
-# .IP "\fB\fB%%\fR\fR"
+# .IP "\fB%%\fR"
 #	This is replaced by a literal '%' character. (Postfix 2.2 and later).
-# .IP "\fB\fB%s\fR\fR"
+# .IP "\fB%s\fR"
 #	This is replaced by the value of the result attribute. When
 #	result is empty it is skipped.
 # .IP "\fB%u\fR
 #	When the result attribute value is an address of the form
 #	user@domain, \fB%u\fR is replaced by the local part of the
 #	address. When the result has an empty localpart it is skipped.
-# .IP "\fB\fB%d\fR\fR"
+# .IP "\fB%d\fR"
 #	When a result attribute value is an address of the form
 #	user@domain, \fB%d\fR is replaced by the domain part of
 #	the attribute value. When the result is unqualified it
 #	is skipped.
-# .IP "\fB\fB%[SUD1-9]\fR\fB"
+# .IP "\fB%[SUD1-9]\fR"
 #	The upper-case and decimal digit expansions interpolate
 #	the parts of the input key rather than the result. Their
 #	behavior is identical to that described with \fBquery_filter\fR,
diff -Nru postfix-3.0.4/proto/lmdb_table postfix-3.1.0/proto/lmdb_table
--- postfix-3.0.4/proto/lmdb_table	2015-01-28 19:30:59.000000000 +0000
+++ postfix-3.1.0/proto/lmdb_table	2016-02-14 01:38:56.000000000 +0000
@@ -111,4 +111,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/master postfix-3.1.0/proto/master
--- postfix-3.0.4/proto/master	2015-01-29 22:33:24.000000000 +0000
+++ postfix-3.1.0/proto/master	2016-02-14 01:38:56.000000000 +0000
@@ -240,4 +240,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/memcache_table postfix-3.1.0/proto/memcache_table
--- postfix-3.0.4/proto/memcache_table	2013-11-19 14:09:16.000000000 +0000
+++ postfix-3.1.0/proto/memcache_table	2016-02-14 01:06:18.000000000 +0000
@@ -128,27 +128,27 @@
 #	The \fBkey_format\fR parameter supports the following '%'
 #	expansions:
 # .RS 
-# .IP "\fB\fB%%\fR\fR"
+# .IP "\fB%%\fR"
 #	This is replaced by a literal '%' character.
-# .IP "\fB\fB%s\fR\fR"
+# .IP "\fB%s\fR"
 #	This is replaced by the memcache client input key.
-# .IP "\fB\fB%u\fR\fR"
+# .IP "\fB%u\fR"
 #	When the input key is an address of the form user@domain,
 #	\fB%u\fR is replaced by the SQL quoted local part of the
 #	address.  Otherwise, \fB%u\fR is replaced by the entire
 #	search string.  If the localpart is empty, a lookup is
 #	silently suppressed and returns no results (an update is
 #	skipped with a warning).
-# .IP "\fB\fB%d\fR\fR"
+# .IP "\fB%d\fR"
 #	When the input key is an address of the form user@domain,
 #	\fB%d\fR is replaced by the domain part of the address.
 #	Otherwise, a lookup is silently suppressed and returns no
 #	results (an update is skipped with a warning).
-# .IP "\fB\fB%[SUD]\fR\fR"
+# .IP "\fB%[SUD]\fR"
 #	The upper-case equivalents of the above expansions behave
 #	in the \fBkey_format\fR parameter identically to their
 #	lower-case counter-parts.
-# .IP "\fB\fB%[1-9]\fR\fR"
+# .IP "\fB%[1-9]\fR"
 #	The patterns %1, %2, ... %9 are replaced by the corresponding
 #	most significant component of the input key's domain. If
 #	the input key is \fIuser@mail.example.com\fR, then %1 is
@@ -228,4 +228,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/MILTER_README.html postfix-3.1.0/proto/MILTER_README.html
--- postfix-3.0.4/proto/MILTER_README.html	2015-01-29 22:33:24.000000000 +0000
+++ postfix-3.1.0/proto/MILTER_README.html	2015-05-24 00:27:06.000000000 +0000
@@ -28,16 +28,10 @@
 
     The reason for adding Milter support to Postfix is that there
 exists a large collection of applications, not only to block unwanted
 mail, but also to verify authenticity (examples: OpenDKIM, DomainKeys
-Identified Mail (DKIM), SenderID+SPF and
-DomainKeys)
-or to digitally sign mail (examples: OpenDKIM, DomainKeys
-Identified Mail (DKIM), DomainKeys).
+href="http://www.opendkim.org/">OpenDKIM and DMARC )
+or to digitally sign mail (example: OpenDKIM).
 Having yet another Postfix-specific version of all that software
 is a poor use of human and system resources. 
    
 
@@ -206,17 +200,14 @@
 Postfix currently does not provide such a library, but Sendmail
 does. 
    
 
-
      
-
-
    •  
       The first option is to use a pre-compiled library. Some
+
       Some
 systems install the Sendmail libmilter library by default.  With
 other systems, libmilter may be provided by a package (called
 "sendmail-devel" on some Linux systems).  
      
 
 
       Once libmilter is installed, applications such as OpenDKIM, dkim-milter and
-sid-milter
+href="http://www.opendkim.org/">OpenDKIM and
+OpenDMARC
 build out of the box without requiring any tinkering:
      
 
 
      
@@ -230,44 +221,6 @@
    -
    -
    -$ gzcat dkim-milter-x.y.z.tar.gz | tar xf -
-$ cd dkim-milter-x.y.z
-$ make
-[...lots of output omitted...]
-
    -
    - -

  • The other option is to build the libmilter library from -Sendmail source code:

    - -
    -
    -$ gzcat sendmail-x.y.z.tar.gz | tar xf -
-$ cd sendmail-x.y.z/libmilter
-$ make
-[...lots of output omitted...]
-
    -
    - -

    After building your own libmilter library, follow the installation -instructions in the Milter application source distribution to specify -the location of the libmilter include files and object library. -Typically, these settings are configured in a file named -sid-filter/Makefile.m4 or similar: - -

    -
    -APPENDDEF(`confINCDIRS', `-I/some/where/sendmail-x.y.z/include')
-APPENDDEF(`confLIBDIRS', `-L/some/where/sendmail-x.y.z/obj.systemtype/libmilter')
-
    -
    - -

    Then build the Milter application.

    - - -

    Running Milter applications

    To run a Milter application, see the documentation of the filter @@ -275,7 +228,7 @@ 

    -# /some/where/dkim-filter -u userid -p inet:portnumber@localhost ...other options...
+# /some/where/opendkim -l -u userid -p inet:portnumber@localhost ...other options...
    @@ -308,6 +261,8 @@
  • Sendmail macro emulation +
  • What macros will Postfix send to Milters? +

    SMTP-Only Milter applications

    @@ -318,11 +273,12 @@ that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP filters that are described in the next section.

    -

    NOTE: Do not use the header_checks(5) IGNORE action to remove +

    NOTE for Postfix versions that have a mail_release_date +before 20141018: do not use the header_checks(5) IGNORE action to remove Postfix's own Received: message header. This causes problems with mail signing filters. Instead, keep Postfix's own Received: message header and use the header_checks(5) REPLACE action to sanitize -information.

    +information.

    You specify SMTP-only Milter applications (there can be more than one) with the smtpd_milters parameter. Each Milter application @@ -596,7 +552,9 @@

  • Line 3: The remainder of the list contains per-Milter settings. These settings override global main.cf parameters, and have the same name as those parameters, without the "milter_" prefix. -

    +The per-Milter settings that are supported as of Postfix 3.0 are +command_timeout, connect_timeout, content_timeout, default_action, +and protocol.

    @@ -706,9 +664,11 @@
    • +

    What macros will Postfix send to Milters?

    +

    Postfix sends specific sets of macros at different Milter protocol -stages. The sets are configured with the parameters as described -in the table (EOH = end of headers; EOM = end of message). The +stages. The sets are configured with the parameters as shown in the +table below (EOH = end of headers; EOM = end of message). The protocol version is a number that Postfix sends at the beginning of the Milter protocol handshake.

    @@ -752,6 +712,17 @@ +

    By default, Postfix will send only macros whose values have been +updated with information from main.cf or master.cf, from an SMTP session +(for example; SASL login, or TLS certificates) or from a Mail delivery +transaction (for example; queue ID, sender, or recipient).

    + +

    To force a macro to be sent even when its value has not been updated, +you may specify macro default values with the milter_macro_defaults +parameter. Specify zero or more name=value pairs separated by +comma or whitespace; you may even specify macro names that Postfix does +know about!

    +

    Workarounds

      diff -Nru postfix-3.0.4/proto/mysql_table postfix-3.1.0/proto/mysql_table --- postfix-3.0.4/proto/mysql_table 2015-01-29 12:16:38.000000000 +0000 +++ postfix-3.1.0/proto/mysql_table 2016-02-12 20:25:01.000000000 +0000 @@ -122,28 +122,28 @@ # # This parameter supports the following '%' expansions: # .RS -# .IP "\fB\fB%%\fR\fR" +# .IP "\fB%%\fR" # This is replaced by a literal '%' character. -# .IP "\fB\fB%s\fR\fR" +# .IP "\fB%s\fR" # This is replaced by the input key. # SQL quoting is used to make sure that the input key does not # add unexpected metacharacters. -# .IP "\fB\fB%u\fR\fR" +# .IP "\fB%u\fR" # When the input key is an address of the form user@domain, \fB%u\fR # is replaced by the SQL quoted local part of the address. # Otherwise, \fB%u\fR is replaced by the entire search string. # If the localpart is empty, the query is suppressed and returns # no results. -# .IP "\fB\fB%d\fR\fR" +# .IP "\fB%d\fR" # When the input key is an address of the form user@domain, \fB%d\fR # is replaced by the SQL quoted domain part of the address. # Otherwise, the query is suppressed and returns no results. -# .IP "\fB\fB%[SUD]\fR\fR" +# .IP "\fB%[SUD]\fR" # The upper-case equivalents of the above expansions behave in the # \fBquery\fR parameter identically to their lower-case counter-parts. # With the \fBresult_format\fR parameter (see below), they expand the # input key rather than the result value. -# .IP "\fB\fB%[1-9]\fR\fR" +# .IP "\fB%[1-9]\fR" # The patterns %1, %2, ... %9 are replaced by the corresponding # most significant component of the input key's domain. If the # input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -182,21 +182,21 @@ # to append (or prepend) text to the result. This parameter supports # the following '%' expansions: # .RS -# .IP "\fB\fB%%\fR\fR" +# .IP "\fB%%\fR" # This is replaced by a literal '%' character. -# .IP "\fB\fB%s\fR\fR" +# .IP "\fB%s\fR" # This is replaced by the value of the result attribute. When # result is empty it is skipped. # .IP "\fB%u\fR # When the result attribute value is an address of the form # user@domain, \fB%u\fR is replaced by the local part of the # address. When the result has an empty localpart it is skipped. -# .IP "\fB\fB%d\fR\fR" +# .IP "\fB%d\fR" # When a result attribute value is an address of the form # user@domain, \fB%d\fR is replaced by the domain part of # the attribute value. When the result is unqualified it # is skipped. -# .IP "\fB\fB%[SUD1-9]\fR\fB" +# .IP "\fB%[SUD1-9]\fR" # The upper-case and decimal digit expansions interpolate # the parts of the input key rather than the result. Their # behavior is identical to that described with \fBquery\fR, diff -Nru postfix-3.0.4/proto/nisplus_table postfix-3.1.0/proto/nisplus_table --- postfix-3.0.4/proto/nisplus_table 2013-11-19 14:09:38.000000000 +0000 +++ postfix-3.1.0/proto/nisplus_table 2016-02-14 01:38:56.000000000 +0000 @@ -81,4 +81,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/pcre_table postfix-3.1.0/proto/pcre_table --- postfix-3.0.4/proto/pcre_table 2014-09-25 12:59:26.000000000 +0000 +++ postfix-3.1.0/proto/pcre_table 2016-02-14 01:38:56.000000000 +0000 @@ -202,4 +202,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/pgsql_table postfix-3.1.0/proto/pgsql_table --- postfix-3.0.4/proto/pgsql_table 2013-11-19 14:09:52.000000000 +0000 +++ postfix-3.1.0/proto/pgsql_table 2016-02-12 20:25:17.000000000 +0000 @@ -127,23 +127,23 @@ # # This parameter supports the following '%' expansions: # .RS -# .IP "\fB\fB%%\fR\fR" +# .IP "\fB%%\fR" # This is replaced by a literal '%' character. (Postfix 2.2 and later) -# .IP "\fB\fB%s\fR\fR" +# .IP "\fB%s\fR" # This is replaced by the input key. # SQL quoting is used to make sure that the input key does not # add unexpected metacharacters. -# .IP "\fB\fB%u\fR\fR" +# .IP "\fB%u\fR" # When the input key is an address of the form user@domain, \fB%u\fR # is replaced by the SQL quoted local part of the address. # Otherwise, \fB%u\fR is replaced by the entire search string. # If the localpart is empty, the query is suppressed and returns # no results. -# .IP "\fB\fB%d\fR\fR" +# .IP "\fB%d\fR" # When the input key is an address of the form user@domain, \fB%d\fR # is replaced by the SQL quoted domain part of the address. # Otherwise, the query is suppressed and returns no results. -# .IP "\fB\fB%[SUD]\fR\fR" +# .IP "\fB%[SUD]\fR" # The upper-case equivalents of the above expansions behave in the # \fBquery\fR parameter identically to their lower-case counter-parts. # With the \fBresult_format\fR parameter (see below), they expand the @@ -151,7 +151,7 @@ # .IP # The above %S, %U and %D expansions are available with Postfix 2.2 # and later -# .IP "\fB\fB%[1-9]\fR\fR" +# .IP "\fB%[1-9]\fR" # The patterns %1, %2, ... %9 are replaced by the corresponding # most significant component of the input key's domain. If the # input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -183,21 +183,21 @@ # to append (or prepend) text to the result. This parameter supports # the following '%' expansions: # .RS -# .IP "\fB\fB%%\fR\fR" +# .IP "\fB%%\fR" # This is replaced by a literal '%' character. -# .IP "\fB\fB%s\fR\fR" +# .IP "\fB%s\fR" # This is replaced by the value of the result attribute. When # result is empty it is skipped. # .IP "\fB%u\fR # When the result attribute value is an address of the form # user@domain, \fB%u\fR is replaced by the local part of the # address. When the result has an empty localpart it is skipped. -# .IP "\fB\fB%d\fR\fR" +# .IP "\fB%d\fR" # When a result attribute value is an address of the form # user@domain, \fB%d\fR is replaced by the domain part of # the attribute value. When the result is unqualified it # is skipped. -# .IP "\fB\fB%[SUD1-9]\fR\fB" +# .IP "\fB%[SUD1-9]\fR" # The upper-case and decimal digit expansions interpolate # the parts of the input key rather than the result. Their # behavior is identical to that described with \fBquery\fR, diff -Nru postfix-3.0.4/proto/postconf.man.epilog postfix-3.1.0/proto/postconf.man.epilog --- postfix-3.0.4/proto/postconf.man.epilog 2005-02-05 00:40:37.000000000 +0000 +++ postfix-3.1.0/proto/postconf.man.epilog 2016-01-16 23:53:22.000000000 +0000 @@ -14,3 +14,10 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA +.sp +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA +.sp +Viktor Dukhovni diff -Nru postfix-3.0.4/proto/postconf.proto postfix-3.1.0/proto/postconf.proto --- postfix-3.0.4/proto/postconf.proto 2016-02-05 00:29:11.000000000 +0000 +++ postfix-3.1.0/proto/postconf.proto 2016-02-12 13:53:59.000000000 +0000 @@ -1509,6 +1509,25 @@ for destinations that it is MX host for.

      +%PARAM lmtp_fallback_relay + +

      Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. In main.cf elements are separated by +whitespace or commas.

      + +

      By default, mail is returned to the sender when a destination is not +found, and delivery is deferred when a destination is unreachable.

      + +

      The fallback relays must be TCP destinations, specified without +a leading "inet:" prefix. Specify a host or host:port. Since MX +lookups do not apply with LMTP, there is no need to use the "[host]" or +"[host]:port" forms. If you specify multiple LMTP destinations, Postfix +will try them in the specified order.

      + +

      +This feature is available in Postfix 3.1 and later. +

      + %PARAM fast_flush_domains $relay_domains

      @@ -4493,11 +4512,10 @@

      Optional Postfix SMTP client lookup tables with one username:password -entry -per remote hostname or domain, or sender address when sender-dependent -authentication is enabled. If no username:password entry is found, -then the Postfix SMTP client will not -attempt to authenticate to the remote host. +entry per sender, remote hostname or next-hop domain. Per-sender +lookup is done only when sender-dependent authentication is enabled. +If no username:password entry is found, then the Postfix SMTP client +will not attempt to authenticate to the remote host.

      @@ -5004,6 +5022,33 @@ smtpd_client_new_tls_session_rate_limit = 100 +%PARAM smtpd_client_auth_rate_limit 0 + +

      +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. The time unit is specified +with the anvil_rate_time_unit configuration parameter. +

      + +

      +By default, there is no limit on the number AUTH commands that a +client may send. +

      + +

      +To disable this feature, specify a limit of 0. +

      + +

      +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +

      + +

      +This feature is available in Postfix 3.1 and later. +

      + %PARAM smtpd_client_restrictions

      @@ -6368,7 +6413,7 @@ %PARAM smtpd_sender_login_maps

      -Optional lookup table with the SASL login names that own sender +Optional lookup table with the SASL login names that own the sender (MAIL FROM) addresses.

      @@ -7300,7 +7345,7 @@ %PARAM broken_sasl_auth_clients no

      -Enable inter-operability with remote SMTP clients that implement an obsolete +Enable interoperability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0. @@ -7947,7 +7992,7 @@

    • Specify "mynetworks_style = class" when Postfix should "trust" remote SMTP clients in the same IP class A/B/C networks as the -local machine. Don't do this with a dialup site - it would cause +local machine. Caution: this may cause Postfix to "trust" your entire provider's network. Instead, specify an explicit mynetworks list by hand, as described with the mynetworks configuration parameter.

      @@ -9518,6 +9563,14 @@ under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged.

      + +

      As of Postfix 2.11 the preferred mechanism for session resumption +is RFC 5077 TLS session tickets, which don't require server-side +storage. Consequently, for Postfix ≥ 2.11 this parameter should +generally be left empty. TLS session tickets require an OpenSSL +library (at least version 0.9.8h) that provides full support for +this TLS extension. See also smtpd_tls_session_cache_timeout.

      +

      Example: 

      @@ -9579,7 +9632,7 @@
 %PARAM smtpd_tls_cipherlist
 
 
       Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
-cipher list. It is easy to create inter-operability problems by choosing
+cipher list. It is easy to create interoperability problems by choosing
 a non-default cipher list. Do not use a non-default TLS cipherlist for
 MX hosts on the public Internet. Clients that begin the TLS handshake,
 but are unable to agree on a common cipher, may not be able to send any
@@ -9635,7 +9688,10 @@
 %PARAM smtpd_tls_dh512_param_file
 
 
       File with DH parameters that the Postfix SMTP server should
-use with export-grade EDH ciphers. 
      
+use with export-grade EDH ciphers.  The default SMTP server cipher
+grade is "medium" with Postfix releases after the middle of 2015,
+and as a result export-grade cipher suites are by default not used.
+
      
 
 
       See also the discussion under the smtpd_tls_dh1024_param_file
 configuration parameter.  
      
@@ -10025,7 +10081,7 @@
 
 
       Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
 cipher list. As this feature applies to all TLS security levels, it is easy
-to create inter-operability problems by choosing a non-default cipher
+to create interoperability problems by choosing a non-default cipher
 list. Do not use a non-default TLS cipher list on hosts that deliver email
 to the public Internet: you will be unable to send email to servers that
 only support the ciphers you exclude. Using a restricted cipher list
@@ -10932,7 +10988,7 @@
 
      may
      
 
      Opportunistic TLS. Since sending in the clear is acceptable,
 demanding stronger than default TLS security merely reduces
-inter-operability. The optional "ciphers", "exclude" and "protocols"
+interoperability. The optional "ciphers", "exclude" and "protocols"
 attributes (available for opportunistic TLS with Postfix ≥ 2.6)
 override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and
 "smtp_tls_protocols" configuration parameters. When opportunistic TLS
@@ -11318,7 +11374,7 @@
 
       Opportunistic TLS. Use TLS if this is supported by the remote
 SMTP server, otherwise use plaintext. Since
 sending in the clear is acceptable, demanding stronger than default TLS
-security merely reduces inter-operability.
+security merely reduces interoperability.
 The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6)
 configuration parameters provide control over the protocols and
 cipher grade used with opportunistic TLS.  With earlier releases the
@@ -11654,6 +11710,20 @@
 
 
       This feature is available in Postfix 2.3 and later. 
      
 
+%PARAM milter_macro_defaults
+
+
       Optional list of name=value pairs that specify default
+values for arbitrary macros that Postfix may send to Milter
+applications.  These defaults are used when there is no corresponding
+information from the message delivery context. 
      
+
+
       Specify name=value or {name}=value pairs separated
+by comma or whitespace.  Enclose a pair in "{}" when a value contains
+comma or whitespace (this form ignores whitespace after the enclosing
+"{", around the "=", and before the enclosing "}"). 
      
+
+
       This feature is available in Postfix 3.1 and later.  
      
+
 %PARAM milter_macro_v $mail_name $mail_version
 
 
       The {v} macro value for Milter (mail filter) applications.
@@ -11878,9 +11948,9 @@
 
 
       This feature is available in Postfix 2.3 and later. 
      
 
-%PARAM tls_high_cipherlist ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
+%PARAM tls_high_cipherlist see "postconf -d" output
 
-
       The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
+
       The OpenSSL cipherlist for "high" grade ciphers. This defines
 the meaning of the "high" setting in smtpd_tls_ciphers,
 smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
 lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly
@@ -11888,9 +11958,9 @@
 
 
       This feature is available in Postfix 2.3 and later. 
      
 
-%PARAM tls_medium_cipherlist ALL:!EXPORT:!LOW:+RC4:@STRENGTH
+%PARAM tls_medium_cipherlist see "postconf -d" output
 
-
       The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
+
       The OpenSSL cipherlist for "medium" or higher grade ciphers. This
 defines the meaning of the "medium" setting in smtpd_tls_ciphers,
 smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
 lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers.  This is the
@@ -11902,9 +11972,9 @@
 
 
       This feature is available in Postfix 2.3 and later. 
      
 
-%PARAM tls_low_cipherlist ALL:!EXPORT:+RC4:@STRENGTH
+%PARAM tls_low_cipherlist see "postconf -d" output
 
-
       The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
+
       The OpenSSL cipherlist for "low" or higher grade ciphers. This defines
 the meaning of the "low" setting in smtpd_tls_ciphers,
 smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
 lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly
@@ -11912,9 +11982,9 @@
 
 
       This feature is available in Postfix 2.3 and later. 
      
 
-%PARAM tls_export_cipherlist ALL:+RC4:@STRENGTH
+%PARAM tls_export_cipherlist see "postconf -d" output
 
-
       The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
+
       The OpenSSL cipherlist for "export" or higher grade ciphers. This
 defines the meaning of the "export" setting in smtpd_tls_ciphers,
 smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers,
 lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers.  With Postfix
@@ -12378,7 +12448,7 @@
 
 
       The non-default setting "yes" enables the behavior of older
 Postfix versions.  These always send a SASL authzid that is equal
-to the SASL authcid, but this causes inter-operability problems
+to the SASL authcid, but this causes interoperability problems
 with some SMTP servers. 
      
 
 
       This feature is available in Postfix 2.4.4 and later. 
      
@@ -13093,6 +13163,42 @@
 
 
       This feature is available in Postfix 2.4 and later. 
      
 
+%PARAM default_transport_rate_delay 0s
+
+
       The default amount of delay that is inserted between individual
+deliveries over the same message delivery transport, regardless of
+destination. If non-zero, all deliveries over the same message
+delivery transport will happen one at a time. 
      
+
+
      Use transport_transport_rate_delay to specify a
+transport-specific override, where the initial transport is
+the master.cf name of the message delivery transport. 
      
+
+
       Example: throttle outbound SMTP mail to at most 3 deliveries
+per minute. 
      
+
+
      +/etc/postfix/main.cf:
+    smtp_transport_rate_delay = 20s
+
      
+
+
       To enable the delay, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit). 
      
+ 
+
       Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds). 
      
+
+
       NOTE: the delay is enforced by the queue manager. 
      
+
+
       This feature is available in Postfix 3.1 and later. 
      
+
+%PARAM transport_transport_rate_delay $default_transport_rate_delay
+
+
       A transport-specific override for the default_transport_rate_delay
+parameter value, where the initial transport in the parameter
+name is the master.cf name of the message delivery transport. 
      
+
 %PARAM default_destination_rate_delay 0s
 
 
       The default amount of delay that is inserted between individual
@@ -13942,7 +14048,7 @@
 
 
       A mechanism to transform commands from remote SMTP clients.
 This is a last-resort tool to work around client commands that break
-inter-operability with the Postfix SMTP server.  Other uses involve
+interoperability with the Postfix SMTP server.  Other uses involve
 fault injection to test Postfix's handling of invalid commands.
 
      
 
@@ -14015,7 +14121,7 @@
 
 
       A mechanism to transform replies from remote SMTP servers one
 line at a time.  This is a last-resort tool to work around server
-replies that break inter-operability with the Postfix SMTP client.
+replies that break interoperability with the Postfix SMTP client.
 Other uses involve fault injection to test Postfix's handling of
 invalid responses. 
      
 
@@ -14140,8 +14246,11 @@
 
       The address type ("ipv6", "ipv4" or "any") that the Postfix
 SMTP client will try first, when a destination has IPv6 and IPv4
 addresses with equal MX preference. This feature has no effect
-unless the inet_protocols setting enables both IPv4 and IPv6.
-With Postfix 2.8 the default is "ipv6".  
      
+unless the inet_protocols setting enables both IPv4 and IPv6. 
      
+
+
       Postfix SMTP client address preference has evolved. With Postfix
+2.8 the default is "ipv6"; earlier implementations are hard-coded
+to prefer IPv6 over IPv4. 
      
 
 
       Notes for mail delivery between sites that have both IPv4 and
 IPv6 connectivity: 
      
@@ -14242,16 +14351,44 @@
 %PARAM postscreen_dnsbl_ttl 1h
 
 
       The amount of time that postscreen(8) will use the result from
-a successful DNS blocklist test. During this time, the client IP address
-is excluded from this test. The default is relatively short, because a
-good client can immediately talk to a real Postfix SMTP server.
-
      
+a successful DNS-based reputation test before a client
+IP address is required to pass that test again.  
      
 
 
       Specify a non-zero time value (an integral value plus an optional
 one-letter suffix that specifies the time unit).  Time units: s
 (seconds), m (minutes), h (hours), d (days), w (weeks).  
      
 
-
       This feature is available in Postfix 2.8.  
      
+
       This feature is available in Postfix 2.8-3.0. It was 
+replaced by postscreen_dnsbl_max_ttl in Postfix 3.1.  
      
+
+%PARAM postscreen_dnsbl_min_ttl 60s
+
+
       The minimum amount of time that postscreen(8) will use the
+result from a successful DNS-based reputation test before a
+client IP address is required to pass that test again. If the DNS
+reply specifies a larger TTL value, that value will be used unless
+it would be larger than postscreen_dnsbl_max_ttl.  
      
+
+
       Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit).  Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).  
      
+
+
       This feature is available in Postfix 3.1. 
      
+
+%PARAM postscreen_dnsbl_max_ttl ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
+
+
       The maximum amount of time that postscreen(8) will use the
+result from a successful DNS-based reputation test before a
+client IP address is required to pass that test again. If the DNS
+reply specifies a shorter TTL value, that value will be used unless
+it would be smaller than postscreen_dnsbl_min_ttl.  
      
+
+
       Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit).  Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).  
      
+
+
       This feature is available in Postfix 3.1. The default setting
+is backwards-compatible with older Postfix versions. 
      
 
 %PARAM postscreen_pipelining_action enforce
 
@@ -14849,7 +14986,9 @@
 
 
       File with DH parameters that the Postfix tlsproxy(8) server
 should use with export-grade EDH ciphers. See smtpd_tls_dh512_param_file
-for further details.  
      
+for further details.  The default SMTP server cipher grade is
+"medium" with Postfix releases after the middle of 2015, and as a
+result export-grade cipher suites are by default not used.  
      
 
 
       This feature is available in Postfix 2.8 and later. 
      
 
@@ -16430,4 +16569,101 @@
 This feature is available in Postfix 3.0 and later.
 
      
 
+%PARAM dns_ncache_ttl_fix_enable no
+
+
       Enable a workaround for future libc incompatibility. The Postfix
+implementation of RFC 2308 negative reply caching relies on the
+promise that res_query() and res_search() invoke res_send(), which
+returns the server response in an application buffer even if the
+requested record does not exist. If this promise is broken, specify
+"yes" to enable a  workaround for DNS reputation lookups. 
      
+
+
      
+This feature is available in Postfix 3.1 and later.
+
      
+
+%PARAM smtpd_policy_service_policy_context
+
+
       Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).  
      
+
+
      
+This feature is available in Postfix 3.1 and later.
+
      
+
+%PARAM smtp_tls_dane_insecure_mx_policy dane
+
+
       The TLS policy for MX hosts with "secure" TLSA records when the
+nexthop destination security level is dane, but the MX
+record was found via an "insecure" MX lookup.  The choices are:
+
      
+
+
      
+
      may
      
+
       The TLSA records will be ignored and TLS will be optional.  If
+the MX host does not appear to support STARTTLS, or the STARTTLS
+handshake fails, mail may be sent in the clear. 
      
+
      encrypt
      
+
       The TLSA records will signal a requirement to use TLS.  While
+TLS encryption will be required, authentication will not be performed.
+
      
+
      dane (default)
      
+
      The TLSA records will be used just as with "secure" MX records.
+TLS encryption will be required, and, if at least one of the TLSA
+records is "usable", authentication will be required.  When
+authentication succeeds, it will be logged only as "Trusted", not
+"Verified", because the MX host name could have been forged.  
      
+
      
+
+
       Though with "insecure" MX records an active attacker can
+compromise SMTP transport security by returning forged MX records,
+such attacks are "tamper-evident" since any forged MX hostnames
+will be recorded in the mail logs.  Attackers who place a high value
+staying hidden may be deterred from forging MX records. 
      
+
+
      
+This feature is available in Postfix 3.1 and later. The may
+policy is backwards-compatible with earlier Postfix versions.
+
      
+
+%PARAM openssl_path openssl
+
+
      
+The location of the OpenSSL command line program openssl(1).  This
+is used by the "postfix tls" command to create private keys,
+certificate signing requests, self-signed certificates, and to
+compute public key digests for DANE TLSA records.  In multi-instance
+environments, this parameter is always determined from the configuration
+of the default Postfix instance.
+
      
+
+
       Example: 
      
+
+
      
+
      +/etc/postfix/main.cf:
+    # NetBSD pkgsrc:
+    openssl_path = /usr/pkg/bin/openssl
+    # Local build:
+    openssl_path = /usr/local/bin/openssl
+
      
+
      
+
+
      
+This feature is available in Postfix 3.1 and later.
+
      
+
+%PARAM address_verify_pending_request_limit see "postconf -d" output
+
+
       A safety limit that prevents address verification requests from
+overwhelming the Postfix queue. By default, the number of pending
+requests is limited to 1/4 of the active queue maximum size
+(qmgr_message_active_limit). The queue manager enforces the limit
+by tempfailing requests that exceed the limit. This affects only
+unknown addresses and inactive addresses that have expired, because
+the verify(8) daemon automatically refreshes an active address
+before it expires. 
      
 
+
       This feature is available in Postfix 3.1 and later.  
      
diff -Nru postfix-3.0.4/proto/postfix-wrapper postfix-3.1.0/proto/postfix-wrapper
--- postfix-3.0.4/proto/postfix-wrapper	2009-05-23 23:23:29.000000000 +0000
+++ postfix-3.1.0/proto/postfix-wrapper	2016-02-14 01:38:56.000000000 +0000
@@ -282,4 +282,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/regexp_table postfix-3.1.0/proto/regexp_table
--- postfix-3.0.4/proto/regexp_table	2014-09-25 13:00:35.000000000 +0000
+++ postfix-3.1.0/proto/regexp_table	2016-02-14 01:38:56.000000000 +0000
@@ -170,4 +170,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/relocated postfix-3.1.0/proto/relocated
--- postfix-3.0.4/proto/relocated	2007-03-27 12:40:54.000000000 +0000
+++ postfix-3.1.0/proto/relocated	2016-02-14 01:38:56.000000000 +0000
@@ -155,4 +155,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/SASL_README.html postfix-3.1.0/proto/SASL_README.html
--- postfix-3.0.4/proto/SASL_README.html	2014-07-30 17:16:45.000000000 +0000
+++ postfix-3.1.0/proto/SASL_README.html	2015-07-26 13:44:36.000000000 +0000
@@ -1659,6 +1659,8 @@
 
       /etc/postfix/main.cf:
     smtp_sasl_auth_enable = yes
+    smtp_tls_security_level = encrypt
+    smtp_sasl_tls_security_options = noanonymous
     relayhost = [mail.isp.example]
     # Alternative form:
     # relayhost = [mail.isp.example]:submission
@@ -1673,6 +1675,11 @@
 and password information in the second part of the example.
      • +

    • The smtp_tls_security_level setting ensures +that the connection to the remote smtp server will be encrypted, and +smtp_sasl_tls_security_options removes the prohibition on +plaintext passwords.

      +

    • The relayhost setting forces the Postfix SMTP to send all remote messages to the specified mail server instead of trying to deliver them directly to their destination.

      • @@ -1781,7 +1788,7 @@ 
       /etc/postfix/sasl_passwd:
     # Per-sender authentication; see also /etc/postfix/sender_relay.
-    user1@example.com               username2:password2
+    user1@example.com               username1:password1
     user2@example.net               username2:password2
     # Login information for the default relayhost.
     [mail.isp.example]              username:password
diff -Nru postfix-3.0.4/proto/SMTPD_POLICY_README.html postfix-3.1.0/proto/SMTPD_POLICY_README.html
--- postfix-3.0.4/proto/SMTPD_POLICY_README.html	2015-01-29 22:33:24.000000000 +0000
+++ postfix-3.1.0/proto/SMTPD_POLICY_README.html	2015-09-13 16:36:51.000000000 +0000
@@ -108,6 +108,8 @@
 ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
 Postfix version 3.0 and later:
 client_port=1234
+Postfix version 3.1 and later:
+policy_context=submission
 [empty line]
      @@ -195,6 +197,10 @@

    • The "stress" attribute is either empty or "yes". See the STRESS_README document for further information.

      +

    • The "policy_context" attribute provides a way to pass + information that is not available via other attributes (Postfix + version 3.1 and later).

      +

    The following is specific to SMTPD delegated policy requests: @@ -367,6 +373,12 @@ between attempts to resend a failed SMTPD policy service request. Available with Postfix 3.0 and later.

    +

  • smtpd_policy_service_policy_context (default: empty): +Optional information that is passed in the "policy_context" attribute +of an SMTPD policy service request (originally, to share the same +SMTPD service endpoint among multiple check_policy_service clients). +Available with Postfix 3.1 and later.

    +

    Configuration parameters that control the server side of the diff -Nru postfix-3.0.4/proto/SMTPUTF8_README.html postfix-3.1.0/proto/SMTPUTF8_README.html --- postfix-3.0.4/proto/SMTPUTF8_README.html 2015-02-03 18:13:45.000000000 +0000 +++ postfix-3.1.0/proto/SMTPUTF8_README.html 2015-02-20 21:34:01.000000000 +0000 @@ -92,7 +92,7 @@

    Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part of a backwards-compatibility safety net (see the -Postfix 3.0 RELEASE_NOTES file).

    +COMPATIBILITY_README file).

    SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in main.cf:

    diff -Nru postfix-3.0.4/proto/socketmap_table postfix-3.1.0/proto/socketmap_table --- postfix-3.0.4/proto/socketmap_table 2015-01-28 19:32:32.000000000 +0000 +++ postfix-3.1.0/proto/socketmap_table 2016-02-14 01:38:56.000000000 +0000 @@ -30,15 +30,17 @@ # .ad # .fi # The socketmap protocol supports only the lookup request. +# The request has the following form: # +# .IP "\fB\fIname\fB \fIkey\fR" +# Search the named socketmap for the specified key. +# .PP # Postfix will not generate partial search keys such as domain # names without one or more subdomains, network addresses # without one or more least-significant octets, or email # addresses without the localpart, address extension or domain # portion. This behavior is also found with cidr:, pcre:, and # regexp: tables. -# .IP "\fB\fIname\fB \fIkey\fR" -# Search the named socketmap for the specified key. # REPLY FORMAT # .ad # .fi @@ -85,5 +87,10 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #-- diff -Nru postfix-3.0.4/proto/sqlite_table postfix-3.1.0/proto/sqlite_table --- postfix-3.0.4/proto/sqlite_table 2013-11-19 14:10:00.000000000 +0000 +++ postfix-3.1.0/proto/sqlite_table 2016-02-12 20:25:26.000000000 +0000 @@ -89,28 +89,28 @@ # # This parameter supports the following '%' expansions: # .RS -# .IP "\fB\fB%%\fR\fR" +# .IP "\fB%%\fR" # This is replaced by a literal '%' character. -# .IP "\fB\fB%s\fR\fR" +# .IP "\fB%s\fR" # This is replaced by the input key. # SQL quoting is used to make sure that the input key does not # add unexpected metacharacters. -# .IP "\fB\fB%u\fR\fR" +# .IP "\fB%u\fR" # When the input key is an address of the form user@domain, \fB%u\fR # is replaced by the SQL quoted local part of the address. # Otherwise, \fB%u\fR is replaced by the entire search string. # If the localpart is empty, the query is suppressed and returns # no results. -# .IP "\fB\fB%d\fR\fR" +# .IP "\fB%d\fR" # When the input key is an address of the form user@domain, \fB%d\fR # is replaced by the SQL quoted domain part of the address. # Otherwise, the query is suppressed and returns no results. -# .IP "\fB\fB%[SUD]\fR\fR" +# .IP "\fB%[SUD]\fR" # The upper-case equivalents of the above expansions behave in the # \fBquery\fR parameter identically to their lower-case counter-parts. # With the \fBresult_format\fR parameter (see below), they expand the # input key rather than the result value. -# .IP "\fB\fB%[1-9]\fR\fR" +# .IP "\fB%[1-9]\fR" # The patterns %1, %2, ... %9 are replaced by the corresponding # most significant component of the input key's domain. If the # input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, @@ -149,21 +149,21 @@ # to append (or prepend) text to the result. This parameter supports # the following '%' expansions: # .RS -# .IP "\fB\fB%%\fR\fR" +# .IP "\fB%%\fR" # This is replaced by a literal '%' character. -# .IP "\fB\fB%s\fR\fR" +# .IP "\fB%s\fR" # This is replaced by the value of the result attribute. When # result is empty it is skipped. # .IP "\fB%u\fR # When the result attribute value is an address of the form # user@domain, \fB%u\fR is replaced by the local part of the # address. When the result has an empty localpart it is skipped. -# .IP "\fB\fB%d\fR\fR" +# .IP "\fB%d\fR" # When a result attribute value is an address of the form # user@domain, \fB%d\fR is replaced by the domain part of # the attribute value. When the result is unqualified it # is skipped. -# .IP "\fB\fB%[SUD1-9]\fR\fB" +# .IP "\fB%[SUD1-9]\fR" # The upper-case and decimal digit expansions interpolate # the parts of the input key rather than the result. Their # behavior is identical to that described with \fBquery\fR, diff -Nru postfix-3.0.4/proto/stop postfix-3.1.0/proto/stop --- postfix-3.0.4/proto/stop 2014-05-30 13:51:44.000000000 +0000 +++ postfix-3.1.0/proto/stop 2016-01-04 23:04:07.000000000 +0000 @@ -1333,3 +1333,201 @@ versioned DNSWL cbc +ADDRCPT +Ae +AES +Arnt +ASLR +authz +authzTo +autodetect +autodetection +backend +backends +backscatter +BACKSCATTER +balancer +byname +cakey +casefold +casefolding +caseless +Centos +CFLAGS +changetype +characterset +CHGFROM +cmusaslsecretMECHNAME +CNNIC +concurrencies +cryptanalytic +cryptographic +cryptographically +customizations +cyrus +DB's +de +decrypts +deinstall +dev +DMARC +EAI +EDH +encodings +ENHANCEDSTATUSCODES +environ +esac +etcetera +exchanger +executables +Executables +filename +filenames +fPIC +fred +genrsa +GSSAPI +Gulbrandsen +Gulbrandsen's +helpdesk +icu +icuuc +imap +infeasible +interoperability +interoperable +invasiveness +jetmore +Jetmore +KERBEROS +kern +launchd +ldapadd +ldapdb +ldapmodify +libc +libicu +liblogin +libplain +libsasl +libsasl's +login +Login +LOGIN +logins +lookup +Lookup +lookups +Makefile +makefiles +Makefiles +mary +matcher +maxprocperuid +mdash +MECHNAME +Memcache +Mf +milter +Milter +misconfigured +multi +mux +namen +nameserver +nameserver's +ndash +ne +newkey +nicke's +NOOP +nroff +ntlm +NTLM +Ok +opendkim +OpenDKIM +OpenDMARC +optimizations +ou +outform +pam +param +pathname +pathnames +performant +pipelined +pipelining +PIPELINING +pipemap +Plaintext +postfix +Postfix +POSTSCREEN +Pre +prepend +PREPEND +PROTO +proxyuser +randmap +rc +REJ +REPLBODY +resultn +Rhein +RHEL +rimap +rpath +RPATH +runpath +runtime +SASLv +scalable +scanf +sha +SHA +SMFIC +SMFIP +SMFIR +SMTP +smtputf +SMTPUTF +socketdir +socketmap +startup +subdirectory +subnet +subnetworks +substring +sys +SYS +sysconfig +TCP +testsaslauthd +Timo +tradeoff +typechecks +typen +ulimit +undeliverable +Unencrypted +unionmap +uniqueIdentifier +unpatched +untrusted +Untrusted +unvailable +uri +userPassword +UTF +uucp +UUCP +wakeup +Westchester +whitespace +Wl +xFFFFFFFF +xn +xyy +xzz +ymd diff -Nru postfix-3.0.4/proto/STRESS_README.html postfix-3.1.0/proto/STRESS_README.html --- postfix-3.0.4/proto/STRESS_README.html 2013-09-16 21:54:32.000000000 +0000 +++ postfix-3.1.0/proto/STRESS_README.html 2015-11-15 16:14:43.000000000 +0000 @@ -158,16 +158,19 @@ 
    -1 smtpd_timeout = ${stress?10}${stress:300}s
-2 smtpd_hard_error_limit = ${stress?1}${stress:20}
-3 smtpd_junk_command_limit = ${stress?1}${stress:100}
+1 smtpd_timeout = ${stress?{10}:{300}}s
+2 smtpd_hard_error_limit = ${stress?{1}:{20}}
+3 smtpd_junk_command_limit = ${stress?{1}:{100}}
 4 # Parameters added after Postfix 2.6:
-5 smtpd_per_record_deadline = ${stress?yes}${stress:no}
-6 smtpd_starttls_timeout = ${stress?10}${stress:300}s
-7 address_verify_poll_count = ${stress?1}${stress:3}
+5 smtpd_per_record_deadline = ${stress?{yes}:{no}}
+6 smtpd_starttls_timeout = ${stress?{10}:{300}}s
+7 address_verify_poll_count = ${stress?{1}:{3}}
    +

    Postfix versions before 3.0 use the older form ${stress?x}${stress:y} +instead of the newer form ${stress?{x}:{y}}.

    +

    Translation:

      @@ -216,8 +219,9 @@
    -

    The syntax of ${name?value} and ${name:value} is explained at -the beginning of the postconf(5) manual page.

    +

    The syntax of ${name?{value}:{value}}, ${name?value} and +${name:value} is explained at the beginning of the postconf(5) +manual page.

    NOTE: Please keep in mind that the stress-adaptive feature is a fairly desperate measure to keep some legitimate mail diff -Nru postfix-3.0.4/proto/tcp_table postfix-3.1.0/proto/tcp_table --- postfix-3.0.4/proto/tcp_table 2013-11-19 14:10:04.000000000 +0000 +++ postfix-3.1.0/proto/tcp_table 2016-02-14 01:38:56.000000000 +0000 @@ -96,4 +96,9 @@ # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA #--*/ diff -Nru postfix-3.0.4/proto/TLS_README.html postfix-3.1.0/proto/TLS_README.html --- postfix-3.0.4/proto/TLS_README.html 2015-07-20 23:00:12.000000000 +0000 +++ postfix-3.1.0/proto/TLS_README.html 2016-02-08 22:23:46.000000000 +0000 @@ -630,9 +630,11 @@ valid session ticket, the server decrypts it and resumes the session, provided neither the ticket nor the session have expired. This makes it possible to resume cached sessions without allocating space -for a shared database on the server. This feature can be disabled -by setting the session cache timeout to zero, otherwise the timeout -must be at least 2 minutes and at most 100 days.

    +for a shared database on the server. Consequently, for Postfix +≥ 2.11 the smtpd_tls_session_cache_database parameter should +generally be left empty. Session caching can be disabled by setting +the session cache timeout to zero, otherwise the timeout must be +at least 2 minutes and at most 100 days.

    Note, session tickets can only be negotiated if the client disables SSLv2 and does not use the legacy SSLv2 compatible HELLO @@ -2685,28 +2687,128 @@ sign your own Postfix public key certificate, you get TLS encryption but no TLS authentication. This is sufficient for testing, and for exchanging email with sites that you have no trust relationship -with. For real authentication, your Postfix public key certificate -needs to be signed by a recognized Certification Authority, and -Postfix needs to be configured with a list of public key certificates -of Certification Authorities, so that Postfix can verify the public key -certificates of remote hosts.

    +with. For real authentication you need also enable DNSSEC record +signing for your domain and publish TLSA records and/or your Postfix +public key certificate needs to be signed by a recognized Certification +Authority. To authenticate the certificates of remote host you +need a DNSSEC-validating local resolver and to enable DANE authentication and/or configure +the Postfix SMTP client with a list of public key certificates of +Certification Authorities, but make sure to read about the limitations of the latter approach. +

    In the examples below, user input is shown in bold font, and a "#" prompt indicates a super-user shell.

    + +

    Quick-start TLS with Postfix ≥ 3.1

    -

  • Private Certification Authority.

    +

    Postfix 3.1 provides built-in support for enabling TLS in the +SMTP client and server and for ongoing certificate and DANE TLSA +record management. +

    +

    Quick-start TLS in the Postfix ≥ 3.1 SMTP client.

    + +

    If you are using Postfix 3.1 or later, and your SMTP client TLS +settings are in their default state, you can enable opportunistic TLS in the SMTP client as +follows:

    + +
    +
    +# postfix tls enable-client
+# postfix reload
+
    +
    + +

    If some of the Postfix SMTP client TLS settings are not in their +default state, this will not make any changes, but will instead +suggest the minimal required settings for SMTP client TLS. The +"postfix reload" command is optional, it is only needed if you want +the settings to take effect right away. Note, this does not enable +trust in any public certification authorities, and does not configure +client TLS certificates as these are largely pointless with opportunistic TLS.

    + +

    There is not yet a turn-key command for enabling DANE authentication. This is because +DANE requires changes to your resolv.conf file and a +corresponding DNSSEC-validating resolver local to the Postfix host, +these changes are difficult to automate in a portable way.

    + +

    If you're willing to revert your settings to the defaults and +switch to a "stock" opportunistic TLS configuration, then you can: +erase all the SMTP client TLS settings and then enable client TLS:

    + +
    +
    +# postconf -X `postconf -nH | egrep '^smtp(_|_enforce_|_use_)tls'`
+# postfix tls enable-client
+# postfix reload
+
    +
    + +

    Quick-start TLS in the Postfix ≥ 3.1 SMTP server.

    + +

    If you are using Postfix 3.1 or later, and your SMTP server TLS +settings are in their default state, you can enable +opportunistic TLS in the SMTP server as follows:

    + +
    +
    +# postfix tls enable-server
+# postfix reload
+
    +
    + +

    If some of the Postfix SMTP client TLS settings are not in their +default state, this will not make any changes, but will instead +suggest the minimal required settings for SMTP client TLS. The +"postfix reload" command is optional, it is only needed if you want +the settings to take effect right away. This will generate a +self-signed private key and certificate and enable TLS in the Postfix +SMTP server.

    + +

    If you're willing to revert your settings to the defaults and +switch to a "stock" server TLS configuration, then you can: erase +all the SMTP server TLS settings and then enable server TLS:

    + +
    +
    +# postconf -X `postconf -nH | egrep '^smtpd(_|_enforce_|_use_)tls'`
+# postfix tls enable-server
+# postfix reload
+
    +
    + +

    Postfix ≥ 3.1 provides additional built-in support for ongoing +management of TLS in the SMTP server, via additional "postfix tls" +sub-commands. These make it easy to generate certificate signing +requests, create and deploy new keys and certificates, and generate +DANE TLSA records. See the postfix-tls(1) documentation for details. +

    +

    Self-signed server certificate

    -

    The following commands (credits: Viktor Dukhovni) generate -and install a private key and 10-year self-signed certificate for -the local Postfix system. This requires super-user privileges.

    +

    The following commands (credits: Viktor Dukhovni) generate and +install a 2048-bit RSA private key and 10-year self-signed certificate +for the local Postfix system. This requires super-user privileges. +

    diff -Nru postfix-3.0.4/proto/transport postfix-3.1.0/proto/transport
--- postfix-3.0.4/proto/transport	2009-11-22 01:22:23.000000000 +0000
+++ postfix-3.1.0/proto/transport	2016-02-14 01:38:56.000000000 +0000
@@ -281,4 +281,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/proto/TUNING_README.html postfix-3.1.0/proto/TUNING_README.html
--- postfix-3.0.4/proto/TUNING_README.html	2012-09-02 23:46:21.000000000 +0000
+++ postfix-3.1.0/proto/TUNING_README.html	2015-11-01 00:50:49.000000000 +0000
@@ -267,6 +267,11 @@
 time interval specified with anvil_rate_time_unit (default: 60s).
 
 
+
     smtpd_client_auth_rate_limit (default: no limit) 
     
    
+The maximum number of AUTH commands that an SMTP client may send
+in the time interval specified with anvil_rate_time_unit (default:
+60s). Available in Postfix 3.1 and later. 
    
+
 
     smtpd_client_event_limit_exceptions (default: $mynetworks)
 
     
     SMTP clients that are excluded from connection and rate
 limits specified above. 
    
diff -Nru postfix-3.0.4/proto/virtual postfix-3.1.0/proto/virtual
--- postfix-3.0.4/proto/virtual	2013-04-11 21:48:48.000000000 +0000
+++ postfix-3.1.0/proto/virtual	2016-02-14 01:38:56.000000000 +0000
@@ -269,4 +269,9 @@
 #	IBM T.J. Watson Research
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
+#
+#	Wietse Venema
+#	Google, Inc.
+#	111 8th Avenue
+#	New York, NY 10011, USA
 #--
diff -Nru postfix-3.0.4/README_FILES/BASIC_CONFIGURATION_README postfix-3.1.0/README_FILES/BASIC_CONFIGURATION_README
--- postfix-3.0.4/README_FILES/BASIC_CONFIGURATION_README	2011-10-01 00:52:01.000000000 +0000
+++ postfix-3.1.0/README_FILES/BASIC_CONFIGURATION_README	2016-02-12 11:29:10.000000000 +0000
@@ -164,7 +164,8 @@
 
 By default, Postfix will forward mail from clients in authorized network blocks
 to any destination. Authorized networks are defined with the mynetworks
-configuration parameter. The default is to authorize all clients in the IP
+configuration parameter. The current default is to authorize the local machine
+only. Prior to Postfix 3.0, the default was to authorize all clients in the IP
 subnetworks that the local machine is attached to.
 
 Postfix can also be configured to relay mail from "mobile" clients that send
diff -Nru postfix-3.0.4/README_FILES/COMPATIBILITY_README postfix-3.1.0/README_FILES/COMPATIBILITY_README
--- postfix-3.0.4/README_FILES/COMPATIBILITY_README	2015-01-29 22:33:49.000000000 +0000
+++ postfix-3.1.0/README_FILES/COMPATIBILITY_README	2015-02-20 21:43:51.000000000 +0000
@@ -161,10 +161,16 @@
 
 UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo
 
-The smtputf8_enable default value has changed from "no" to "yes. As long as the
-smtputf8_enable parameter is left at its implicit default value, and the
-backwards-compatible default setting is turned on, Postfix logs a warning each
-time an SMTP command uses a non-ASCII address localpart:
+The smtputf8_enable default value has changed from "no" to "yes. With the new
+"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
+that don't request SMTPUTF8 support. With the old "no" setting, Postfix will
+accept such addresses, even if such addresses are not permitted by traditional
+SMTP standards.
+
+As long as the smtputf8_enable parameter is left at its implicit default value,
+and the backwards-compatible default setting is turned on, Postfix logs a
+warning each time an SMTP command uses a non-ASCII address localpart without
+requesting SMTPUTF8 support:
 
     postfix/smtpd[27560]: using backwards-compatible default setting
         smtputf8_enable=no to accept non-ASCII sender address
diff -Nru postfix-3.0.4/README_FILES/DATABASE_README postfix-3.1.0/README_FILES/DATABASE_README
--- postfix-3.0.4/README_FILES/DATABASE_README	2014-11-26 23:33:48.000000000 +0000
+++ postfix-3.1.0/README_FILES/DATABASE_README	2015-10-10 13:21:58.000000000 +0000
@@ -212,7 +212,7 @@
         are created with the postmap(1) or postalias(1) command, and private
         databases are maintained by Postfix daemons. The database name as used
         in "hash:table" is the database file name without the ".db" suffix.
-    inline (read-only)
+    iinnlliinnee (read-only)
         A non-shared, in-memory lookup table. Example: "inline:{ key=value,
         { key = text with whitespace or comma }}". Key-value pairs are
         separated by whitespace or comma; whitespace after "{" and before "}"
diff -Nru postfix-3.0.4/README_FILES/DEBUG_README postfix-3.1.0/README_FILES/DEBUG_README
--- postfix-3.0.4/README_FILES/DEBUG_README	2011-10-14 17:56:01.000000000 +0000
+++ postfix-3.1.0/README_FILES/DEBUG_README	2015-04-04 22:44:42.000000000 +0000
@@ -373,8 +373,12 @@
     host names consistently. Replace each letter by "A", each digit by "D" so
     that the helpers can still recognize syntactical errors.
 
-  * Output from "ppoossttccoonnff --nn". Please do not send your main.cf file, or 500+
-    lines of ppoossttccoonnff output.
+  * Command output from:
+
+      o "ppoossttccoonnff --nn". Please do not send your main.cf file, or 1000+ lines of
+        ppoossttccoonnff command output.
+
+      o "ppoossttccoonnff --MMff" (Postfix 2.9 or later).
 
   * Better, provide output from the ppoossttffiinnggeerr tool. This can be found at http:
     //ftp.wl0.org/SOURCES/postfinger.
diff -Nru postfix-3.0.4/README_FILES/FORWARD_SECRECY_README postfix-3.1.0/README_FILES/FORWARD_SECRECY_README
--- postfix-3.0.4/README_FILES/FORWARD_SECRECY_README	2014-01-27 22:18:47.000000000 +0000
+++ postfix-3.1.0/README_FILES/FORWARD_SECRECY_README	2015-07-21 22:46:51.000000000 +0000
@@ -124,7 +124,8 @@
 Postfix >= 2.2 support 1024-bit-prime EDH out of the box, with no additional
 configuration, but you may want to override the default prime to be 2048 bits
 long, and you may want to regenerate your primes periodically. See the quick-
-start section for details.
+start section for details. With Postfix >= 3.1 the out of the box (compiled-in)
+EDH prime size is 2048 bits.
 
 With prime-field EDH, OpenSSL wants the server to provide two explicitly-
 selected (prime, generator) combinations. One for the now long-obsolete
@@ -135,7 +136,9 @@
   * The "export" EDH parameters are used only with the obsolete "export"
     ciphers. To use a non-default prime, generate a 512-bit DH parameter file
     and set smtpd_tls_dh512_param_file to the filename (see the quick-start
-    section for details).
+    section for details). With Postfix releases after the middle of 2015 the
+    default opportunistic TLS cipher grade (smtpd_tls_ciphers) is "medium" or
+    stronger, and export ciphers are no longer used.
 
   * The non-export EDH parameters are used for all other EDH cipher suites. To
     use a non-default prime, generate a 1024-bit or 2048-bit DH parameter file
@@ -143,9 +146,10 @@
     is simply the non-export parameter file and the prime need not actually be
     1024 bits long (see the quick-start section for details).
 
-It turns out that (inadvisably-patched in some Debian releases) Exim SMTP
-clients require a >= 2048-bit length for the non-export prime. See the quick-
-start section for the recommended configuration to work around this issue.
+As of mid-2015, SMTP clients are starting to reject TLS handshakes with primes
+smaller than 2048 bits. Each site needs to determine which prime size works
+best for the majority of its clients. See the quick-start section for the
+recommended configuration to work around this issue.
 
 EEEECCDDHH SSeerrvveerr ssuuppppoorrtt
 
@@ -192,12 +196,14 @@
 The default Postfix SMTP client cipher lists are correctly ordered to prefer
 EECDH and EDH cipher suites ahead of similar cipher suites that don't implement
 forward secrecy. Administrators are strongly discouraged from changing the
-cipher list definitions. It is likely safe to set "smtp_tls_ciphers = medium"
-if you wish to disable the obsolete "export" and "low" grade ciphers even with
-opportunistic TLS. Setting a minimum strength does not change the preference
-order. Note that strengths higher than "medium" exclude Exchange 2003 and
-likely other widely used MTAs, thus "high" grade ciphers should only be used on
-a case-by-case basis via the TLS policy table.
+cipher list definitions.
+
+The default minimum cipher grade for opportunistic TLS is "medium" for Postfix
+releases after the middle of 2015, "export" for older releases. Changing the
+minimum cipher grade does not change the cipher preference order. Note that
+cipher grades higher than "medium" exclude Exchange 2003 and likely other MTAs,
+thus a "high" cipher grade should be chosen only on a case-by-case basis via
+the TLS policy table.
 
 GGeettttiinngg ssttaarrtteedd,, qquuiicckk aanndd ddiirrttyy
 
@@ -256,7 +262,10 @@
     /etc/postfix/master.cf:
         submission inet n       -       n       -       -       smtpd
             # Some submission clients may not yet do 2048-bit EDH, if such
-            # clients use your MSA, configure 1024-bit EDH instead:
+            # clients use your MSA, configure 1024-bit EDH instead.  However,
+            # as of mid-2015, many submission clients no longer accept primes
+            # with less than 2048-bits.  Each site needs to determine which
+            # type of client is more important to support.
             -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
             -o smtpd_tls_security_level=encrypt
             -o smtpd_sasl_auth_enable=yes
@@ -407,8 +416,8 @@
 
     PPoossttffiixx SSMMTTPP sseerrvveerr:: The status is never "Verified", because the Postfix
     SMTP server never verifies the remote SMTP client name against the names in
-    the client certificate, and because the Postfix SMTP does not expect a
-    specific fingerprint in the client public key or certificate.
+    the client certificate, and because the Postfix SMTP server does not expect
+    a specific fingerprint in the client public key or certificate.
 
 CCrreeddiittss
 
diff -Nru postfix-3.0.4/README_FILES/INSTALL postfix-3.1.0/README_FILES/INSTALL
--- postfix-3.0.4/README_FILES/INSTALL	2015-10-10 13:49:29.000000000 +0000
+++ postfix-3.1.0/README_FILES/INSTALL	2016-02-08 00:51:16.000000000 +0000
@@ -448,6 +448,8 @@
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |newaliases_path      |/usr/bin/newaliases |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |openssl_path         |openssl             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |queue_directory      |/var/spool/postfix  |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
     |readme_directory     |no                  |
diff -Nru postfix-3.0.4/README_FILES/MILTER_README postfix-3.1.0/README_FILES/MILTER_README
--- postfix-3.0.4/README_FILES/MILTER_README	2015-01-29 22:33:49.000000000 +0000
+++ postfix-3.1.0/README_FILES/MILTER_README	2015-05-24 00:39:48.000000000 +0000
@@ -12,11 +12,9 @@
 
 The reason for adding Milter support to Postfix is that there exists a large
 collection of applications, not only to block unwanted mail, but also to verify
-authenticity (examples: OpenDKIM, DomainKeys Identified Mail (DKIM),
-SenderID+SPF and DomainKeys) or to digitally sign mail (examples: OpenDKIM,
-DomainKeys Identified Mail (DKIM), DomainKeys). Having yet another Postfix-
-specific version of all that software is a poor use of human and system
-resources.
+authenticity (examples: OpenDKIM and DMARC) or to digitally sign mail (example:
+OpenDKIM). Having yet another Postfix-specific version of all that software is
+a poor use of human and system resources.
 
 The Milter protocol has evolved over time, and different Postfix versions
 implement different feature sets. See the workarounds and limitations sections
@@ -89,51 +87,26 @@
 implements the Sendmail 8 Milter protocol. Postfix currently does not provide
 such a library, but Sendmail does.
 
-  * The first option is to use a pre-compiled library. Some systems install the
-    Sendmail libmilter library by default. With other systems, libmilter may be
-    provided by a package (called "sendmail-devel" on some Linux systems).
-
-    Once libmilter is installed, applications such as OpenDKIM, dkim-milter and
-    sid-milter build out of the box without requiring any tinkering:
-
-        $ ggzzccaatt ooppeennddkkiimm--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
-        $ ccdd ooppeennddkkiimm--xx..yy..zz
-        $ ..//ccoonnffiigguurree ......ooppttiioonnss......
-        $ mmaakkee
-        [...lots of output omitted...]
-        $ mmaakkee iinnssttaallll
-
-        $ ggzzccaatt ddkkiimm--mmiilltteerr--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
-        $ ccdd ddkkiimm--mmiilltteerr--xx..yy..zz
-        $ mmaakkee
-        [...lots of output omitted...]
-
-  * The other option is to build the libmilter library from Sendmail source
-    code:
-
-        $ ggzzccaatt sseennddmmaaiill--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
-        $ ccdd sseennddmmaaiill--xx..yy..zz//lliibbmmiilltteerr
-        $ mmaakkee
-        [...lots of output omitted...]
-
-    After building your own libmilter library, follow the installation
-    instructions in the Milter application source distribution to specify the
-    location of the libmilter include files and object library. Typically,
-    these settings are configured in a file named sid-filter/Makefile.m4 or
-    similar:
-
-        APPENDDEF(`confINCDIRS', `-I/some/where/sendmail-x.y.z/include')
-        APPENDDEF(`confLIBDIRS', `-L/some/where/sendmail-x.y.z/obj.systemtype/
-        libmilter')
-
-    Then build the Milter application.
+Some systems install the Sendmail libmilter library by default. With other
+systems, libmilter may be provided by a package (called "sendmail-devel" on
+some Linux systems).
+
+Once libmilter is installed, applications such as OpenDKIM and OpenDMARC build
+out of the box without requiring any tinkering:
+
+    $ ggzzccaatt ooppeennddkkiimm--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
+    $ ccdd ooppeennddkkiimm--xx..yy..zz
+    $ ..//ccoonnffiigguurree ......ooppttiioonnss......
+    $ mmaakkee
+    [...lots of output omitted...]
+    $ mmaakkee iinnssttaallll
 
 RRuunnnniinngg MMiilltteerr aapppplliiccaattiioonnss
 
 To run a Milter application, see the documentation of the filter for options. A
 typical command looks like this:
 
-    # //ssoommee//wwhheerree//ddkkiimm--ffiilltteerr --uu uusseerriidd --pp iinneett::ppoorrttnnuummbbeerr@@llooccaallhhoosstt ......ootthheerr
+    # //ssoommee//wwhheerree//ooppeennddkkiimm --ll --uu uusseerriidd --pp iinneett::ppoorrttnnuummbbeerr@@llooccaallhhoosstt ......ootthheerr
     ooppttiioonnss......
 
 Please specify a userid value that isn't used for other applications (not
@@ -155,6 +128,7 @@
   * Milter protocol timeouts
   * Different settings for different Milter applications
   * Sendmail macro emulation
+  * What macros will Postfix send to Milters?
 
 SSMMTTPP--OOnnllyy MMiilltteerr aapppplliiccaattiioonnss
 
@@ -164,10 +138,11 @@
 server is not filtered by the non-SMTP filters that are described in the next
 section.
 
-NOTE: Do not use the header_checks(5) IGNORE action to remove Postfix's own
-Received: message header. This causes problems with mail signing filters.
-Instead, keep Postfix's own Received: message header and use the header_checks
-(5) REPLACE action to sanitize information.
+    NOTE for Postfix versions that have a mail_release_date before 20141018: do
+    not use the header_checks(5) IGNORE action to remove Postfix's own
+    Received: message header. This causes problems with mail signing filters.
+    Instead, keep Postfix's own Received: message header and use the
+    header_checks(5) REPLACE action to sanitize information.
 
 You specify SMTP-only Milter applications (there can be more than one) with the
 smtpd_milters parameter. Each Milter application is identified by the name of
@@ -365,7 +340,9 @@
 
   * Line 3: The remainder of the list contains per-Milter settings. These
     settings override global main.cf parameters, and have the same name as
-    those parameters, without the "milter_" prefix.
+    those parameters, without the "milter_" prefix. The per-Milter settings
+    that are supported as of Postfix 3.0 are command_timeout, connect_timeout,
+    content_timeout, default_action, and protocol.
 
 Inside the list, syntax is similar to what we already know from main.cf: items
 separated by space or comma. There is one difference: yyoouu mmuusstt eenncclloossee aa
@@ -462,10 +439,12 @@
     |v                   |Always                   |value of milter_macro_v   |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 
+WWhhaatt mmaaccrrooss wwiillll PPoossttffiixx sseenndd ttoo MMiilltteerrss??
+
 Postfix sends specific sets of macros at different Milter protocol stages. The
-sets are configured with the parameters as described in the table (EOH = end of
-headers; EOM = end of message). The protocol version is a number that Postfix
-sends at the beginning of the Milter protocol handshake.
+sets are configured with the parameters as shown in the table below (EOH = end
+of headers; EOM = end of message). The protocol version is a number that
+Postfix sends at the beginning of the Milter protocol handshake.
 
 As of Sendmail 8.14.0, Milter applications can specify what macros they want to
 receive at different Milter protocol stages. An application-specified list
@@ -492,6 +471,16 @@
     |milter_unknown_command_macros|3 or higher    |unknown command      |
     |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 
+By default, Postfix will send only macros whose values have been updated with
+information from main.cf or master.cf, from an SMTP session (for example; SASL
+login, or TLS certificates) or from a Mail delivery transaction (for example;
+queue ID, sender, or recipient).
+
+To force a macro to be sent even when its value has not been updated, you may
+specify macro default values with the milter_macro_defaults parameter. Specify
+zero or more name=value pairs separated by comma or whitespace; you may even
+specify macro names that Postfix does know about!
+
 WWoorrkkaarroouunnddss
 
   * To avoid breaking DKIM etc. signatures with an SMTP-based content filter,
diff -Nru postfix-3.0.4/README_FILES/RELEASE_NOTES postfix-3.1.0/README_FILES/RELEASE_NOTES
--- postfix-3.0.4/README_FILES/RELEASE_NOTES	2015-07-19 22:24:25.000000000 +0000
+++ postfix-3.1.0/README_FILES/RELEASE_NOTES	2016-02-22 23:10:22.000000000 +0000
@@ -1,664 +1,186 @@
-This is the Postfix 3.0 (stable) release.
+This is the Postfix 3.1 (stable) release.
 
-The stable Postfix release is called postfix-3.0.x where 3=major
-release number, 0=minor release number, x=patchlevel.  The stable
+The stable Postfix release is called postfix-3.1.x where 3=major
+release number, 1=minor release number, x=patchlevel.  The stable
 release never changes except for patches that address bugs or
 emergencies. Patches change the patchlevel and the release date.
 
 New features are developed in snapshot releases. These are called
-postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-3.2-yyyymmdd where yyyymmdd is the release date (yyyy=year,
 mm=month, dd=day).  Patches are never issued for snapshot releases;
 instead, a new snapshot is released.
 
 The mail_release_date configuration parameter (format: yyyymmdd)
 specifies the release date of a stable release or snapshot release.
 
-If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
+If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
 before proceeding.
 
-Incompatible change with Postfix 3.0.2
---------------------------------------
+Major changes - address verification safety
+-------------------------------------------
 
-As of the middle of 2015, all supported Postfix releases no longer
-enable "export" grade ciphers for opportunistic TLS, and no longer
-use the deprecated SSLv2 and SSLv3 protocols for mandatory or
-opportunistic TLS.
+[Feature 20151227] The new address_verify_pending_request_limit
+parameter introduces a safety limit for the number of address
+verification probes in the active queue.  The default limit is 1/4
+of the active queue maximum size. The queue manager enforces the
+limit by tempfailing probe messages that exceed the limit. This
+design avoids dependencies on global counters that get out of sync
+after a process or system crash.
+
+Tempfailing verify requests is not as bad as one might think.  The
+Postfix verify cache proactively updates active addresses weeks
+before they expire. The address_verify_pending_request_limit affects
+only unknown addresses, and inactive addresses that have expired
+from the address verify cache (by default, after 31 days).
+
+Major changes - json support
+----------------------------
+
+[Feature 20151129] Machine-readable, JSON-formatted queue listing
+with "postqueue -j" (no "mailq" equivalent).  The output is a stream
+of JSON objects, one per queue file.  To simplify parsing, each
+JSON object is formatted as one text line followed by one newline
+character. See the postqueue(1) manpage for a detailed description
+of the output format.
 
-These changes are very unlikely to cause problems with server-to-server
-communication over the Internet, but they may result in interoperability
-problems with ancient client or server implementations on internal
-networks.  To address this problem, you can revert the changes with:
-
-Postfix SMTP client settings:
-
-    lmtp_tls_ciphers = export
-    smtp_tls_ciphers = export
-    lmtp_tls_protocols = !SSLv2
-    smtp_tls_protocols = !SSLv2
-    lmtp_tls_mandatory_protocols = !SSLv2
-    smtp_tls_mandatory_protocols = !SSLv2
-
-Postfix SMTP server settings:
-
-    smtpd_tls_ciphers = export
-    smtpd_tls_protocols =
-    smtpd_tls_mandatory_protocols = !SSLv2
-
-These settings, if put in main.cf, affect all Postfix SMTP client
-or server communication, which may be undesirable. To be more
-selective, use "-o name=value" parameter overrides on specific
-services in master.cf. Execute the command "postfix reload" to make
-the changes effective.
-
-Notes for distribution maintainers
-----------------------------------
-
-* New backwards-compatibility safety net.
-
-With NEW Postfix installs, you MUST install a main.cf file with
-the setting "compatibility_level = 2". See conf/main.cf for an
-example.
-
-With UPGRADES of existing Postfix systems, you MUST NOT change the
-main.cf compatibility_level setting, nor add this setting if it
-does not exist.
-
-Several Postfix default settings have changed with Postfix 3.0.  To
-avoid massive frustration with existing Postfix installations,
-Postfix 3.0 comes with a safety net that forces Postfix to keep
-running with backwards-compatible main.cf and master.cf default
-settings. This safety net depends on the main.cf compatibility_level
-setting (default: 0). Details are in COMPATIBILITY_README.
-
-* New Postfix build system.
-
-The Postfix build/install procedure has changed to support Postfix
-dynamically-linked libraries and database plugins. These must not
-be "shared" with non-Postfix programs, and therefore must not be
-installed in a public directory.
-
-To avoid massive frustration due to broken patches, PLEASE BUILD
-POSTFIX FIRST WITHOUT APPLYING ANY PATCHES.  Follow the INSTALL
-instructions (see "Building with Postfix dynamically-linked libraries
-and database plugins"), and see how things work and what the
-dynamically-linked libraries, database plugin, and configuration
-files look like.  Then, go ahead and perform your platform-specific
-customizations. The INSTALL section "Tips for distribution maintainers"
-has further suggestions.
-
-Major changes - critical
-------------------------
-
-[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
-start/stop) is required. Several Postfix-internal protocols have
-been extended to support SMTPUTF8. Failure to reload or restart
-will result in mail staying queued, while Postfix daemons log
-warning messages about unexpected attributes.
-
-Major changes - default settings
---------------------------------
-
-[Incompat 20141009] The default settings have changed for relay_domains
-(new: empty, old: $mydestination) and mynetworks_style (new: host,
-old: subnet).  However the backwards-compatibility safety net will
-prevent these changes from taking effect, giving the system
-administrator the option to make an old default setting permanent
-in main.cf or to adopt the new default setting, before turning off
-backwards compatibility. See COMPATIBILITY_README for details.
-
-[Incompat 20141001] A new backwards-compatibility safety net forces
-Postfix to run with backwards-compatible main.cf and master.cf
-default settings after an upgrade to a newer but incompatible Postfix
-version. See COMPATIBILITY_README for details.
-
-While the backwards-compatible default settings are in effect,
-Postfix logs what services or what email would be affected by the
-incompatible change. Based on this the administrator can make some
-backwards-compatibility settings permanent in main.cf or master.cf,
-before turning off backwards compatibility.
-
-See postconf.5.html#compatibility_level for details.
-
-[Incompat 20141001] The default settings
-have changed for append_dot_mydomain (new: no.  old: yes), master.cf
-chroot (new: n, old: y), and smtputf8 (new: yes, old: no).
-
-Major changes - access control
+Major changes - milter support
 ------------------------------
 
-[Feature 20141119] Support for BCC actions in header/body_checks
-and milter_header_checks.  There is no limit on the number of BCC
-actions that may be specified, other than the implicit limit due
-to finite storage. BCC support will not be implemented in Postfix
-delivery agent header/body_checks.
-
-It works in the same way as always_bcc and sender/recipient_bcc_maps:
-there can be only one address per action, recipients are added with
-the NOTIFY=NONE delivery status notification option, and duplicate
-recipients are ignored (with the same delivery status notification
-options).
-
-[Incompat 20141009] The default settings have changed for relay_domains
-(new: empty, old: $mydestination) and mynetworks_style (new: host,
-old: subnet).  However the backwards-compatibility safety net will
-prevent these changes from taking effect, giving the system
-administrator the option to make an old default setting permanent
-in main.cf or to adopt the new default setting, before turning off
-backwards compatibility. See COMPATIBILITY_README for details.
-
-[Feature 20140618] New INFO action in access(5) tables, for consistency
-with header/body_checks.
-
-[Feature 20140620] New check_xxx_a_access (for xxx in client,
-reverse_client, helo, sender, recipient) implements access control
-on all A and AAAA IP addresses for respectively the client hostname,
-helo parameter, sender domain or recipient domain. This complements
-the existing check_xxx_mx_access and check_xxx_ns_access features.
-
-Major changes - address rewriting
----------------------------------
-
-[Incompat 20141001] The default settings have changed for
-append_dot_mydomain (new: no.  old: yes), master.cf chroot (new:
-n, old: y), and smtputf8 (new: yes, old: no).
-
-Major changes - address verification
-------------------------------------
-
-[Feature 20141227] The new smtp_address_verify_target parameter
-(default: rcpt) specifies what protocol stage decides if a recipient
-is valid. Specify "data" for servers that reject invalid recipients
-in response to the DATA command.
-
-Major changes - database support
---------------------------------
+[Feature 20150523] The milter_macro_defaults feature provides an
+optional list of macro name=value pairs. These specify default
+values for Milter macros when no value is available from the SMTP
+session context.
+
+For example, with "milter_macro_defaults = auth_type=TLS", the
+Postfix SMTP server will send an auth_type of "TLS" to a Milter,
+unless the remote client authenticates with SASL.
+
+This feature was originally implemented for a submission service
+that may authenticate clients with a TLS certificate, without having
+to make changes to the code that implements TLS support.
 
-[Feature 20140512] Support for Berkeley DB version 6.
-
-[Feature 20140618] The "randmap" lookup table performs random
-selection. This may be used to implement load balancing, for example:
-
-/etc/postfix/transport:
-    # Deliver my own domain as usual.
-    example.com :
-    .example.com :
-
-/etc/postfix/main.cf:
-    transport_maps = 
-        # Deliver my own domain as usual.
-        hash:/etc/postfix/transport 
-        # Deliver other domains via randomly-selected relayhosts
-        randmap:{smtp:smtp0.example.com, smtp:smtp1.example.com}
-
-A variant of this can randomly select SMTP clients with different
-smtp_bind_address settings.
-
-To implement different weights, specify lookup results multiple
-times. For example, to choose smtp:smtp1.example.com twice as often
-as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice.
-
-A future version may support randmap:/path/to/file to load a list
-of results from file.
-
-[Feature 20140618] As the name suggests, the "pipemap" table
-implements a pipeline of lookup tables. The name of the table
-specifies the pipeline as a sequence of tables. For example, the
-following prevents SMTP mail to system accounts that have "nologin"
-as their login shell:
-
-    /etc/postfix/main.cf:
-        local_recipient_maps = 
-            pipemap:{unix:passwd.byname, pcre:/etc/postfix/no-nologin.pcre}
-            alias_maps
-
-    /etc/postfix/no-nologin.pcre:
-        !/nologin/      whatever
-
-Each "pipemap:" query is given to the first table. Each table
-lookup result becomes the query for the next table in the pipeline,
-and the last table produces the final result.  When any table lookup
-produces no result, the entire pipeline produces no result.
-
-A future version may support pipemap:/path/to/file to load a list
-of lookup tables from file.
-
-[Feature 20140924] Support for unionmap, with the same syntax as
-pipemap.  This sends a query to all tables, and concatenates non-empty
-results, separated by comma.
-
-[Feature 20131121] The "static" lookup table now supports whitespace
-when invoked as "static:{ text with whitespace }", so that it can
-be used, for example, at the end of smtpd_mumble_restrictions as
-"check_mumble_access static:{reject text...}".
-
-[Feature 20141126] "inline:{key=value, { key = text with comma/space}}"
-avoids the need to create a database for just a few entries.
-
-Major changes - delivery status notifications
----------------------------------------------
-
-[Feature 20140321] Delivery status filter support, to replace the
-delivery status codes and explanatory text of successful or
-unsuccessful deliveries by Postfix mail delivery agents.
-
-This was originally implemented for sites that want to turn certain
-soft delivery errors into hard delivery errors, but it can also be
-used to censor out information from delivery confirmation reports.
-
-This feature is implemented as a filter that replaces the three-number
-enhanced status code and descriptive text in Postfix delivery agent
-success, bounce, or defer messages. Note: this will not override
-"soft_bounce=yes", and this will not change a successful delivery
-status into an unsuccessful status or vice versa.
-
-The first example turns specific soft TLS errors into hard
-errors, by overriding the first number in the enhanced status code.
+Major changes - output rate control
+-----------------------------------
 
-/etc/postfix/main.cf:
-    smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
+[Feature 20150710] Destination-independent delivery rate delay
 
-/etc/postfix/smtp_dsn_filter:
-    /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1
-    /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1
-
-The second example removes the destination command name and file
-name from local(8) successful delivery reports, so that they will
-not be reported when a sender requests confirmation of delivery.
+Support to enforce a destination-independent delay between email
+deliveries.  The following example inserts 20 seconds of delay
+between all deliveries with the SMTP transport, limiting the delivery
+rate to at most three messages per minute.
 
 /etc/postfix/main.cf:
-    local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
-
-/etc/postfix/local_dsn_filter:
-    /^(2\S+ delivered to file).+/    $1
-    /^(2\S+ delivered to command).+/ $1
-
-This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8)
-and virtual(8) delivery agents. That is, all delivery agents that
-actually deliver mail.  It will not be implemented in the error and
-retry pseudo-delivery agents.
-
-The new main.cf parameters and default values are:
-
-    default_delivery_status_filter =
-    lmtp_delivery_status_filter = $default_delivery_status_filter
-    local_delivery_status_filter = $default_delivery_status_filter
-    pipe_delivery_status_filter = $default_delivery_status_filter
-    smtp_delivery_status_filter = $default_delivery_status_filter
-    virtual_delivery_status_filter = $default_delivery_status_filter
-
-See the postconf(5) manpage for more details.
-
-[Incompat 20140618] The pipe(8) delivery agent will now log a limited
-amount of command output upon successful delivery, and will report
-that output in "SUCCESS" delivery status reports. This is another
-good reason to disable inbound DSN requests at the Internet perimeter.
-
-[Feature 20140907] With "confirm_delay_cleared = yes", Postfix
-informs the sender when delayed mail leaves the queue (this is in
-addition to the delay_warning_time feature that warns when mail is
-still queued).  This feature is disabled by default, because it can
-result in a sudden burst of notifications when the queue drains at
-the end of a prolonged network outage.
-
-Major changes - dns
--------------------
+    smtp_transport_rate_delay = 20s
 
-[Feature 20141128] Support for DNS server reply filters in the
-Postfix SMTP/LMTP client and SMTP server. This helps to work around
-mail delivery problems with sites that have incorrect DNS information.
-Note: this has no effect on the implicit DNS lookups that are made
-by nsswitch.conf or equivalent mechanisms.
-
-This feature renders each lookup result as one line of text in
-standard zone-file format as shown below. The class field is always
-"IN", the preference field exists only for MX records, the names
-of hosts, domains, etc. end in ".", and those names are in ASCII
-form (xn--mumble form for internationalized domain names).
-
-    name         ttl   class type preference value
-    ---------------------------------------------------------
-    postfix.org. 86400 IN    MX   10         mail.cloud9.net.
-
-Typically, one would match this text with a regexp: or pcre: table.
-When a match is found, the table lookup result specifies an action.
-By default, the table query and the action name are case-insensitive.
-Currently, only the IGNORE action is implemented.
-
-For safety reasons, Postfix logs a warning or defers mail delivery
-when a DNS reply filter removes all lookup results from a successful
-query.
-
-The Postfix SMTP/LMTP client uses the smtp_dns_reply_filter and
-lmtp_dns_reply_filter features only for Postfix SMTP client lookups
-of MX, A, and AAAAA records to locate a remote SMTP or LMTP server,
-including lookups that implement the features reject_unverified_sender
-and reject_unverified_recipient. The filters are not used for lookups
-made through nsswitch.conf and similar mechanisms.
-
-The Postfix SMTP server uses the smtpd_dns_reply_filter feature
-only for Postfix SMTP server lookups of MX, A, AAAAA, and TXT records
-to implement the features reject_unknown_helo_hostname,
-reject_unknown_sender_domain, reject_unknown_recipient_domain,
-reject_rbl_*, and reject_rhsbl_*. The filter is not used for lookups
-made through nsswitch.conf and similar mechanisms, such as lookups
-of the remote SMTP client name.
-
-[Feature 20141126] Nullmx support (MX records with a null hostname).
-This change affects error messages only.  The Postfix SMTP client
-already bounced mail for such domains, and the Postfix SMTP server
-already rejected such domains with reject_unknown_sender/recipient_domain.
-This feature introduces a new SMTP server configuration parameter
-nullmx_reject_code (default: 556).
-
-Major changes - dynamic linking
--------------------------------
-
-[Feature 20140530] Support to build Postfix with Postfix
-dynamically-linked libraries, and with dynamically-loadable database
-clients. These MUST NOT be used by non-Postfix programs. Postfix
-dynamically-linked libraries introduce minor runtime overhead and
-result in smaller Postfix executable files. Dynamically-loadable
-database clients are useful when you distribute or install pre-compiled
-packages.  Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB,
-MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients.
-
-This implementation is based on Debian code by LaMont Jones, initially
-ported by Viktor Dukhovni. Currently, support exists for recent
-versions of Linux, FreeBSD, MacOS X, and for the ancient Solaris 9.
-
-To support Postfix dynamically-linked libraries and dynamically-loadable
-database clients, the Postfix build procedure had to be changed
-(specifically, the files makedefs and Makefile.in, and the files
-postfix-install and post-install that install or update Postfix).
-
-[Incompat 20140530] The Postfix 3.0 build procedure expects that
-you specify database library dependencies with variables named
-AUXLIBS_CDB, AUXLIBS_LDAP, etc.  With Postfix 3.0 and later, the
-old AUXLIBS variable still supports building a statically-loaded
-CDB etc.  database client, but only the new AUXLIBS_CDB etc. variables
-support building a dynamically-loaded or statically-loaded CDB etc.
-database client.  See CDB_README, LDAP_README, etc. for details.
-
-Failure to follow this advice will defeat the purpose of dynamic
-database client loading. Every Postfix executable file will have
-database library dependencies. And that was exactly what dynamic
-database client loading was meant to avoid.
-
-Major changes - future proofing
--------------------------------
-
-[Cleanup 20141224] The changes described here have no visible effect
-on Postfix behavior, but they make Postfix code easier to maintain,
-and therefore make new functionality easier to add.
-
-* Compile-time argument typechecks of non-printf/scanf-like variadic
-  function argument lists.
-
-* Deprecating the use of "char *" for non-text purposes such as
-  memory allocation and pointers to application context for call-back
-  functions. This dates from long-past days before void * became
-  universally available.
-
-* Replace integer types for counters and sizes with size_t or ssize_t
-  equivalents.  This eliminates some wasteful 64<->32bit conversions
-  on 64-bit systems.
-
-Major changes - installation pathnames
---------------------------------------
-
-[Incompat 20140625] For compliance with file system policies, some
-non-executable files have been moved from $daemon_directory to the
-directory specified with the new meta_directory configuration
-parameter which has the same default value as the config_directory
-parameter. This change affects non-executable files that are shared
-between multiple Postfix instances such as postfix-files, dynamicmaps.cf,
-and multi-instance template files.
-
-For backwards compatibility with Postfix 2.6 .. 2.11, specify
-"meta_directory = $daemon_directory" in main.cf before installing
-or upgrading Postfix, or specify "meta_directory = /path/name" on
-the "make makefiles", "make install" or "make upgrade" command line.
-
-Major changes - milter
-----------------------
-
-[Feature 20140928] Support for per-Milter settings that override
-main.cf parameters.  For details see the section "Advanced policy
-client configuration" in the SMTPD_POLICY_README document.
-
-Here is an example that uses both old and new syntax:
-
-    smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
-        inet:127.0.0.1:port2, ...
-
-The supported attribute names are: command_timeout, connect_timeout,
-content_timeout, default_action, and protocol. These have the same
-names as the corresponding main.cf parameters, without the "milter_"
-prefix.
-
-The per-milter settings are specified as attribute=value pairs
-separated by comma or space; specify { name = value } to allow
-spaces around the "=" or within an attribute value.
-
-[Feature 20141018] DMARC compatibility: when a Milter inserts a
-header ABOVE Postfix's own Received: header, Postfix no longer
-exposes its own Received: header to Milters (violating protocol)
-and Postfix no longer hides the Milter-inserted header from Milters
-(wtf).
+For details, see the description of default_transport_rate_delay
+and transport_transport_rate_delay in the postconf(5) manpage.
 
-Major changes - parameter syntax
+Major changes - postscreen dnsbl
 --------------------------------
 
-[Feature 20140921] In preparation for configurable mail headers and
-logging, new main.cf support for if-then-else expressions:
-
-    ${name?{text1}:{text2}}
-
-and for logical expressions: 
-
-    ${{text1}=={text2}?{text3}:{text4}}
-    ${{text1}!={text2}?{text3}:{text4}}
-
-Whitespace before and after {text} is ignored. This can help to
-make complex expressions more readable.  See the postconf(5) manpage
-for further details.
-
-[Feature 20140928] Support for whitespace in daemon command-line
-arguments. For details, see the "Command name + arguments" section
-in the master(5) manpage.  Example:
-
-    smtpd -o { parameter = value containing whitespace } ...
-
-The { ... } form is also available for non-option command-line
-arguments in master.cf, for example:
-
-    pipe ... argv=command { argument containing whitespace } ...
-
-In both cases, whitespace immediately after "{" and before "}"
-is ignored.
+[Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL
+lookup results
 
-[Feature 20141005] Postfix import_environment and export_environment
-now allow "{ name=value }" to protect whitespace in attribute values.
+Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
+that a "not found" result from a DNSBL server will be valid for one
+hour.  This may have been adequate five years ago when postscreen
+was first implemented, but nowadays, that one hour can result in
+missed opportunities to block new spambots.
 
-[Feature 20141006] The new message_drop_header parameter replaces
-a hard-coded table that specifies what message headers the cleanup
-daemon will remove.  The list of supported header names covers RFC
-5321, 5322, MIME RFCs, and some historical names.
+To address this, postscreen now respects the TTL of DNSBL "not
+found" replies, as well as the TTL of DNSWL replies (both "found"
+and "not found").  The TTL for a "not found" reply is determined
+according to RFC 2308 (the TTL of an SOA record in the reply).
 
-Major changes - pipe daemon
----------------------------
+Support for DNSBL or DNSWL reply TTL values is controlled by two
+configuration parameters:
 
-[Incompat 20140618] The pipe(8) delivery agent will now log a limited
-amount of command output upon successful delivery, and will report
-that output in "SUCCESS" delivery status reports. This is another
-good reason to disable inbound DSN requests at the Internet perimeter.
+postscreen_dnsbl_min_ttl (default: 60 seconds).
 
-Major changes - policy client
------------------------------
+    This parameter specifies a minimum for the amount of time that
+    a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
+    This prevents an excessive number of postscreen cache updates
+    when a DNSBL or DNSWL server specifies a very small reply TTL.
 
-[Feature 20140703] This release introduces three new configuration
-parameters that control error recovery for failed SMTPD policy
-requests.
+postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
 
-  * smtpd_policy_service_default_action (default: 451 4.3.5 Server
-    configuration problem): The default action when an SMTPD policy
-    service request fails.
+    This parameter specifies a maximum for the amount of time that
+    a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
+    This prevents cache pollution when a DNSBL or DNSWL server
+    specifies a very large reply TTL.
 
-  * smtpd_policy_service_try_limit (default: 2): The maximal number
-    of attempts to send an SMTPD policy service request before
-    giving up. This must be a number greater than zero.
+The postscreen_dnsbl_ttl parameter is now obsolete, and has become
+the default value for the new postscreen_dnsbl_max_ttl parameter.
 
-  * smtpd_policy_service_retry_delay (default: 1s): The delay between
-    attempts to resend a failed SMTPD policy service request. This
-    must be a number greater than zero.
-
-See postconf(5) for details and limitations.
-
-[Feature 20140928] Support for per-policy service settings that
-override main.cf parameters.  For details see the section "Different
-settings for different Milter applications" in the MILTER_README
-document.
-
-Here is an example that uses both old and new syntax:
-
-smtpd_recipient_restrictions = ...
-    check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO }
-    check_policy_service inet:127.0.0.1:port4
-    ...
-
-The per-policy service settings are specified as attribute=value pairs
-separated by comma or space; specify { name = value } to allow
-spaces around the "=" or within an attribute value.
-
-The supported attribute names are: default_action, max_idle, max_ttl,
-request_limit, retry_delay, timeout, try_limit. These have the same
-names as the corresponding main.cf parameters, without the
-"smtpd_policy_service_" prefix.
-
-[Feature 20140505] A client port attribute was added to the policy
-delegation protocol.
-
-[Feature 20140630] New smtpd_policy_service_request_limit feature to
-limit the number of requests per Postfix SMTP server policy connection.
-This is a workaround to avoid error-recovery delays with policy
-servers that cannot maintain a persistent connection.
-
-Major changes - position-independent executables
-------------------------------------------------
-
-[Feature 20150205] Preliminary support for building position-independent
-executables (PIE), tested on Fedora Core 20, Ubuntu 14.04, FreeBSD
-9 and 10, and NetBSD 6. Specify:
-
-$ make makefiles pie=yes ...other arguments...
-
-On some systems, PIE is used by the ASLR exploit mitigation technique
-(ASLR = Address-Space Layout Randomization). Whether specifying
-"pie=yes" has any effect at all depends on the compiler.  Reportedly,
-some compilers always produce PIE executables.
-
-Major changes - postscreen
---------------------------
-
-[Feature 20140501] Configurable time limit (postscreen_dnsbl_timeout)
-for DNSBL or DNSWL lookups. This is separate from the timeouts in
-the dnsblog(8) daemon which are controlled by system resolver(3)
-routines.
-
-Major changes - session fingerprint
------------------------------------
-
-[Feature 20140801] The Postfix SMTP server now logs at the end of
-a session how many times an SMTP command was successfully invoked,
-followed by the total number of invocations if some invocations
-were unsuccessful.
-
-This logging will enough to diagnose many problems without using
-verbose logging or network sniffer.
-
-    Normal session, no TLS:
-        disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
-
-    Normal session. with TLS:
-        disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
-
-    All recipients rejected, no ESMTP command pipelining:
-        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
-
-    All recipients rejected, with ESMTP command pipelining:
-        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
-
-    Password guessing bot, hangs up without QUIT:
-        disconnect from name[addr] ehlo=1 auth=0/1
-
-    Mis-configured client trying to use TLS wrappermode on port 587:
-        disconnect from name[addr] unknown=0/1
-
-Logfile analyzers can trigger on the presence of "/". It indicates
-that Postfix rejected at least one command.
-
-[Feature 20150118] As a late addition, the SMTP server now also
-logs the total number of commands (as "commands=x/y") even when the
-client did not send any commands. This helps logfile analyzers to
-recognize sessions without commands.
-
-Major changes - smtp client
----------------------------
-
-[Feature 20141227] The new smtp_address_verify_target parameter
-(default: rcpt) determines what protocol stage decides if a recipient
-is valid. Specify "data" for servers that reject recipients after
-the DATA command.
-
-Major changes - smtputf8
-------------------------
-
-[Incompat 20141001] The default settings have changed for
-append_dot_mydomain (new: no, old: yes), master.cf chroot (new:
-n, old: y), and smtputf8 (new: yes, old: no).
+Major changes - sasl auth safety
+--------------------------------
 
-[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
-start/stop) is required. Several Postfix-internal protocols have
-been extended to support SMTPUTF8. Failure to reload or restart
-will result in mail staying queued, while Postfix daemons log
-warning messages about unexpected attributes.
+[Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to
+enforce an optional rate limit on AUTH commands per SMTP client IP
+address.  Similar to other smtpd_client_*_rate_limit features, this
+enforces a limit on the number of requests per $anvil_rate_time_unit.
+
+Major changes - smtpd policy
+----------------------------
+
+[Feature 20150913] New SMTPD policy service attribute "policy_context",
+with a corresponding "smtpd_policy_service_policy_context" configuration
+parameter.  Originally, this was implemented to share the same SMTPD
+policy service endpoint among multiple check_policy_service clients.
 
-[Feature 20140715] Support for Email Address Internationalization
-(EAI) as defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP
-sender addresses, recipient addresses, and message header values.
-The implementation is based on initial work by Arnt Gulbrandsen
-that was funded by CNNIC.
+Major changes - tls
+-------------------
 
-See SMTPUTF8_README for a description of Postfix SMTPUTF8 support.
+[Feature 20160207] A new "postfix tls" command to quickly enable
+opportunistic TLS in the Postfix SMTP client or server, and to
+manage SMTP server keys and certificates, including certificate
+signing requests and TLSA DNS records for DANE. See the postfix-tls(1)
+manpage for a detailed description.
+
+[Feature 20160103] The Postfix SMTP client by default enables DANE
+policies when an MX host has a (DNSSEC) secure TLSA DNS record,
+even if the MX DNS record was obtained with insecure lookups.  The
+existence of a secure TLSA record implies that the host wants to
+talk TLS and not plaintext. For details see the
+smtp_tls_dane_insecure_mx_policy configuration parameter.
+
+[Incompat 20150721] As of the middle of 2015, all supported Postfix
+releases no longer enable "export" grade ciphers for opportunistic
+TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for
+mandatory or opportunistic TLS.
 
-[Feature 20150112] UTF-8 Casefolding support for Postfix lookup
-tables and matchlists (mydestination, relay_domains, etc.).  This
-is enabled only with "smtpuf8 = yes".
+These changes are very unlikely to cause problems with server-to-server
+communication over the Internet, but they may result in interoperability
+problems with ancient client or server implementations on internal
+networks.  To address this problem, you can revert the changes with:
 
-[Feature 20150112] With smtputf8_enable=yes, SMTP commands with
-UTF-8 syntax errors are rejected, table lookup results with invalid
-UTF-8 syntax are handled as configuration errors, and UTF-8 syntax
-errors in policy server replies result in execution of the policy
-server's default action.
+Postfix SMTP client settings:
 
-Major changes - tls support
----------------------------
+    lmtp_tls_ciphers = export
+    smtp_tls_ciphers = export
+    lmtp_tls_protocols = !SSLv2
+    smtp_tls_protocols = !SSLv2
+    lmtp_tls_mandatory_protocols = !SSLv2
+    smtp_tls_mandatory_protocols = !SSLv2
 
-(see "Major changes - delivery status notifications" above for
-turning 4XX soft errors into 5XX bounces when a remote SMTP server
-does not offer STARTTLS support).
+Postfix SMTP server settings:
 
-[Feature 20140209] the Postfix SMTP client now also falls back to
-plaintext when TLS fails AFTER the TLS protocol handshake.
+    smtpd_tls_ciphers = export
+    smtpd_tls_protocols =
+    smtpd_tls_mandatory_protocols = !SSLv2
 
-[Feature 20140218] The Postfix SMTP client now requires that a queue
-file is older than $minimal_backoff_time, before falling back from
-failed TLS to plaintext (both during or after the TLS handshake).
+These settings, if put in main.cf, affect all Postfix SMTP client
+or server communication, which may be undesirable. To be more
+selective, use "-o name=value" parameter overrides on specific
+services in master.cf. Execute the command "postfix reload" to make
+the changes effective.
 
-[Feature 20141021] Per IETF TLS WG consensus, the tls_session_ticket_cipher
-default setting was changed from aes-128-cbc to aes-256-cbc.
+[Incompat 20150719] The default Diffie-Hellman non-export prime was
+updated from 1024 to 2048 bits, because SMTP clients are starting
+to reject TLS handshakes with primes smaller than 2048 bits.
+
+Historically, this prime size is not negotiable, and each site needs
+to determine which prime size works best for the majority of its
+clients. See FORWARD_SECRECY_README for some hints in the quick-start
+section.
 
-[Feature 20150116] TLS wrappermode support in the Postfix smtp(8)
-client (new smtp_tls_wrappermode parameter) and in posttls-finger(1)
-(new -w option). There still is life in that deprecated protocol,
-and people should not have to jump hoops with stunnel.
diff -Nru postfix-3.0.4/README_FILES/SASL_README postfix-3.1.0/README_FILES/SASL_README
--- postfix-3.0.4/README_FILES/SASL_README	2014-07-30 17:16:46.000000000 +0000
+++ postfix-3.1.0/README_FILES/SASL_README	2015-07-26 13:48:24.000000000 +0000
@@ -1029,6 +1029,8 @@
 
     /etc/postfix/main.cf:
         smtp_sasl_auth_enable = yes
+        smtp_tls_security_level = encrypt
+        smtp_sasl_tls_security_options = noanonymous
         relayhost = [mail.isp.example]
         # Alternative form:
         # relayhost = [mail.isp.example]:submission
@@ -1038,6 +1040,10 @@
     will configure the client's username and password information in the second
     part of the example.
 
+  * The smtp_tls_security_level setting ensures that the connection to the
+    remote smtp server will be encrypted, and smtp_sasl_tls_security_options
+    removes the prohibition on plaintext passwords.
+
   * The relayhost setting forces the Postfix SMTP to send all remote messages
     to the specified mail server instead of trying to deliver them directly to
     their destination.
@@ -1114,7 +1120,7 @@
 
     /etc/postfix/sasl_passwd:
         # Per-sender authentication; see also /etc/postfix/sender_relay.
-        user1@example.com               username2:password2
+        user1@example.com               username1:password1
         user2@example.net               username2:password2
         # Login information for the default relayhost.
         [mail.isp.example]              username:password
diff -Nru postfix-3.0.4/README_FILES/SMTPD_POLICY_README postfix-3.1.0/README_FILES/SMTPD_POLICY_README
--- postfix-3.0.4/README_FILES/SMTPD_POLICY_README	2015-01-29 22:33:49.000000000 +0000
+++ postfix-3.1.0/README_FILES/SMTPD_POLICY_README	2015-09-13 16:37:27.000000000 +0000
@@ -76,6 +76,8 @@
     ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
     PPoossttffiixx vveerrssiioonn 33..00 aanndd llaatteerr::
     client_port=1234
+    PPoossttffiixx vveerrssiioonn 33..11 aanndd llaatteerr::
+    policy_context=submission
     [empty line]
 
 Notes:
@@ -145,6 +147,9 @@
   * The "stress" attribute is either empty or "yes". See the STRESS_README
     document for further information.
 
+  * The "policy_context" attribute provides a way to pass information that is
+    not available via other attributes (Postfix version 3.1 and later).
+
 The following is specific to SMTPD delegated policy requests:
 
   * Protocol names are ESMTP or SMTP.
@@ -276,6 +281,12 @@
     to resend a failed SMTPD policy service request. Available with Postfix 3.0
     and later.
 
+  * smtpd_policy_service_policy_context (default: empty): Optional information
+    that is passed in the "policy_context" attribute of an SMTPD policy service
+    request (originally, to share the same SMTPD service endpoint among
+    multiple check_policy_service clients). Available with Postfix 3.1 and
+    later.
+
 Configuration parameters that control the server side of the policy delegation
 protocol:
 
diff -Nru postfix-3.0.4/README_FILES/SMTPUTF8_README postfix-3.1.0/README_FILES/SMTPUTF8_README
--- postfix-3.0.4/README_FILES/SMTPUTF8_README	2015-02-03 18:13:56.000000000 +0000
+++ postfix-3.1.0/README_FILES/SMTPUTF8_README	2015-02-20 21:34:08.000000000 +0000
@@ -52,8 +52,7 @@
 servers.
 
 Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part
-of a backwards-compatibility safety net (see the Postfix 3.0 RELEASE_NOTES
-file).
+of a backwards-compatibility safety net (see the COMPATIBILITY_README file).
 
 SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in
 main.cf:
diff -Nru postfix-3.0.4/README_FILES/SOHO_README postfix-3.1.0/README_FILES/SOHO_README
--- postfix-3.0.4/README_FILES/SOHO_README	2014-07-30 17:16:46.000000000 +0000
+++ postfix-3.1.0/README_FILES/SOHO_README	2015-07-26 13:48:24.000000000 +0000
@@ -169,6 +169,8 @@
 
     /etc/postfix/main.cf:
         smtp_sasl_auth_enable = yes
+        smtp_tls_security_level = encrypt
+        smtp_sasl_tls_security_options = noanonymous
         relayhost = [mail.isp.example]
         # Alternative form:
         # relayhost = [mail.isp.example]:submission
@@ -178,6 +180,10 @@
     will configure the client's username and password information in the second
     part of the example.
 
+  * The smtp_tls_security_level setting ensures that the connection to the
+    remote smtp server will be encrypted, and smtp_sasl_tls_security_options
+    removes the prohibition on plaintext passwords.
+
   * The relayhost setting forces the Postfix SMTP to send all remote messages
     to the specified mail server instead of trying to deliver them directly to
     their destination.
@@ -254,7 +260,7 @@
 
     /etc/postfix/sasl_passwd:
         # Per-sender authentication; see also /etc/postfix/sender_relay.
-        user1@example.com               username2:password2
+        user1@example.com               username1:password1
         user2@example.net               username2:password2
         # Login information for the default relayhost.
         [mail.isp.example]              username:password
diff -Nru postfix-3.0.4/README_FILES/STRESS_README postfix-3.1.0/README_FILES/STRESS_README
--- postfix-3.0.4/README_FILES/STRESS_README	2013-09-16 21:54:41.000000000 +0000
+++ postfix-3.1.0/README_FILES/STRESS_README	2015-11-15 16:14:45.000000000 +0000
@@ -97,13 +97,16 @@
 stress adaptive. The following settings are the default with Postfix 2.6 and
 later.
 
-    1 smtpd_timeout = ${stress?10}${stress:300}s
-    2 smtpd_hard_error_limit = ${stress?1}${stress:20}
-    3 smtpd_junk_command_limit = ${stress?1}${stress:100}
+    1 smtpd_timeout = ${stress?{10}:{300}}s
+    2 smtpd_hard_error_limit = ${stress?{1}:{20}}
+    3 smtpd_junk_command_limit = ${stress?{1}:{100}}
     4 # Parameters added after Postfix 2.6:
-    5 smtpd_per_record_deadline = ${stress?yes}${stress:no}
-    6 smtpd_starttls_timeout = ${stress?10}${stress:300}s
-    7 address_verify_poll_count = ${stress?1}${stress:3}
+    5 smtpd_per_record_deadline = ${stress?{yes}:{no}}
+    6 smtpd_starttls_timeout = ${stress?{10}:{300}}s
+    7 address_verify_poll_count = ${stress?{1}:{3}}
+
+Postfix versions before 3.0 use the older form ${stress?x}${stress:y} instead
+of the newer form ${stress?{x}:{y}}.
 
 Translation:
 
@@ -146,8 +149,8 @@
     $unverified_sender_tempfail_action. No mail should be lost, as long as this
     measure is used only temporarily.
 
-The syntax of ${name?value} and ${name:value} is explained at the beginning of
-the postconf(5) manual page.
+The syntax of ${name?{value}:{value}}, ${name?value} and ${name:value} is
+explained at the beginning of the postconf(5) manual page.
 
 NOTE: Please keep in mind that the stress-adaptive feature is a fairly
 desperate measure to keep ssoommee legitimate mail flowing under overload
diff -Nru postfix-3.0.4/README_FILES/TLS_README postfix-3.1.0/README_FILES/TLS_README
--- postfix-3.0.4/README_FILES/TLS_README	2015-07-20 23:00:12.000000000 +0000
+++ postfix-3.1.0/README_FILES/TLS_README	2016-02-09 01:04:29.000000000 +0000
@@ -55,7 +55,7 @@
 
                     <---seed----             ----seed--->
 Network-> smtpd(8)                tlsmgr(8)                 smtp(8)  ->Network
-                    <-key/cert->             <-key/cert->       
+                    <-key/cert->             <-key/cert->
 
                                 /       |    \
                                         |
@@ -429,9 +429,11 @@
 ticket returned to client for storage. When a client sends a valid session
 ticket, the server decrypts it and resumes the session, provided neither the
 ticket nor the session have expired. This makes it possible to resume cached
-sessions without allocating space for a shared database on the server. This
-feature can be disabled by setting the session cache timeout to zero, otherwise
-the timeout must be at least 2 minutes and at most 100 days.
+sessions without allocating space for a shared database on the server.
+Consequently, for Postfix >= 2.11 the smtpd_tls_session_cache_database
+parameter should generally be left empty. Session caching can be disabled by
+setting the session cache timeout to zero, otherwise the timeout must be at
+least 2 minutes and at most 100 days.
 
 Note, session tickets can only be negotiated if the client disables SSLv2 and
 does not use the legacy SSLv2 compatible HELLO message. This is true by default
@@ -1564,7 +1566,7 @@
 
 Historical note: while the documentation of these issues and many of the
 related features were new with Postfix 2.3, the issue was well understood
-before Postfix 1.0, when Lutz Jänicke was designing the first unofficial
+before Postfix 1.0, when Lutz Ja"nicke was designing the first unofficial
 Postfix TLS patch. See his original post http://www.imc.org/ietf-apps-tls/mail-
 archive/msg00304.html and the first response http://www.imc.org/ietf-apps-tls/
 mail-archive/msg00305.html. The problem is not even unique to SMTP or even TLS,
@@ -2049,24 +2051,98 @@
 The following steps will get you started quickly. Because you sign your own
 Postfix public key certificate, you get TLS encryption but no TLS
 authentication. This is sufficient for testing, and for exchanging email with
-sites that you have no trust relationship with. For real authentication, your
-Postfix public key certificate needs to be signed by a recognized Certification
-Authority, and Postfix needs to be configured with a list of public key
-certificates of Certification Authorities, so that Postfix can verify the
-public key certificates of remote hosts.
+sites that you have no trust relationship with. For real authentication you
+need also enable DNSSEC record signing for your domain and publish TLSA records
+and/or your Postfix public key certificate needs to be signed by a recognized
+Certification Authority. To authenticate the certificates of remote host you
+need a DNSSEC-validating local resolver and to enable DANE authentication and/
+or configure the Postfix SMTP client with a list of public key certificates of
+Certification Authorities, but make sure to read about the limitations of the
+latter approach.
 
 In the examples below, user input is shown in bboolldd font, and a "#" prompt
 indicates a super-user shell.
 
+  * Quick-start TLS with Postfix >= 3.1.
+
   * Self-signed server certificate.
 
   * Private Certification Authority.
 
+QQuuiicckk--ssttaarrtt TTLLSS wwiitthh PPoossttffiixx >>== 33..11
+
+Postfix 3.1 provides built-in support for enabling TLS in the SMTP client and
+server and for ongoing certificate and DANE TLSA record management.
+
+  * Quick-start TLS in the Postfix >= 3.1 SMTP client.
+
+  * Quick-start TLS in the Postfix >= 3.1 SMTP server.
+
+QQuuiicckk--ssttaarrtt TTLLSS iinn tthhee PPoossttffiixx >>== 33..11 SSMMTTPP cclliieenntt..
+
+If you are using Postfix 3.1 or later, and your SMTP client TLS settings are in
+their default state, you can enable opportunistic TLS in the SMTP client as
+follows:
+
+    # postfix tls enable-client
+    # postfix reload
+
+If some of the Postfix SMTP client TLS settings are not in their default state,
+this will not make any changes, but will instead suggest the minimal required
+settings for SMTP client TLS. The "postfix reload" command is optional, it is
+only needed if you want the settings to take effect right away. Note, this does
+not enable trust in any public certification authorities, and does not
+configure client TLS certificates as these are largely pointless with
+opportunistic TLS.
+
+There is not yet a turn-key command for enabling DANE authentication. This is
+because DANE requires changes to your rreessoollvv..ccoonnff file and a corresponding
+DNSSEC-validating resolver local to the Postfix host, these changes are
+difficult to automate in a portable way.
+
+If you're willing to revert your settings to the defaults and switch to a
+"stock" opportunistic TLS configuration, then you can: erase all the SMTP
+client TLS settings and then enable client TLS:
+
+    # postconf -X `postconf -nH | egrep '^smtp(_|_enforce_|_use_)tls'`
+    # postfix tls enable-client
+    # postfix reload
+
+QQuuiicckk--ssttaarrtt TTLLSS iinn tthhee PPoossttffiixx >>== 33..11 SSMMTTPP sseerrvveerr..
+
+If you are using Postfix 3.1 or later, and your SMTP server TLS settings are in
+their default state, you can enable opportunistic TLS in the SMTP server as
+follows:
+
+    # postfix tls enable-server
+    # postfix reload
+
+If some of the Postfix SMTP client TLS settings are not in their default state,
+this will not make any changes, but will instead suggest the minimal required
+settings for SMTP client TLS. The "postfix reload" command is optional, it is
+only needed if you want the settings to take effect right away. This will
+generate a self-signed private key and certificate and enable TLS in the
+Postfix SMTP server.
+
+If you're willing to revert your settings to the defaults and switch to a
+"stock" server TLS configuration, then you can: erase all the SMTP server TLS
+settings and then enable server TLS:
+
+    # postconf -X `postconf -nH | egrep '^smtpd(_|_enforce_|_use_)tls'`
+    # postfix tls enable-server
+    # postfix reload
+
+Postfix >= 3.1 provides additional built-in support for ongoing management of
+TLS in the SMTP server, via additional "postfix tls" sub-commands. These make
+it easy to generate certificate signing requests, create and deploy new keys
+and certificates, and generate DANE TLSA records. See the postfix-tls(1)
+documentation for details.
+
 SSeellff--ssiiggnneedd sseerrvveerr cceerrttiiffiiccaattee
 
-The following commands (credits: Viktor Dukhovni) generate and install a
-private key and 10-year self-signed certificate for the local Postfix system.
-This requires super-user privileges.
+The following commands (credits: Viktor Dukhovni) generate and install a 2048-
+bit RSA private key and 10-year self-signed certificate for the local Postfix
+system. This requires super-user privileges.
 
     # dir="$(postconf -h config_directory)"
     # fqdn=$(postconf -h myhostname)
@@ -2271,8 +2347,8 @@
 
 CCrreeddiittss
 
-  * TLS support for Postfix was originally developed by Lutz Jänicke at Cottbus
-    Technical University.
+  * TLS support for Postfix was originally developed by Lutz Ja"nicke at
+    Cottbus Technical University.
   * Wietse Venema adopted the code, did some restructuring, and compiled this
     part of the documentation from Lutz's documents.
   * Victor Duchovni was instrumental with the re-implementation of the
diff -Nru postfix-3.0.4/README_FILES/TUNING_README postfix-3.1.0/README_FILES/TUNING_README
--- postfix-3.0.4/README_FILES/TUNING_README	2012-09-02 23:46:23.000000000 +0000
+++ postfix-3.1.0/README_FILES/TUNING_README	2015-11-01 00:50:57.000000000 +0000
@@ -173,6 +173,10 @@
         The maximum number of new TLS sessions (without using the TLS session
         cache) that an SMTP client may negotiate in the time interval specified
         with anvil_rate_time_unit (default: 60s).
+    smtpd_client_auth_rate_limit (default: no limit)
+        The maximum number of AUTH commands that an SMTP client may send in the
+        time interval specified with anvil_rate_time_unit (default: 60s).
+        Available in Postfix 3.1 and later.
     smtpd_client_event_limit_exceptions (default: $mynetworks)
         SMTP clients that are excluded from connection and rate limits
         specified above.
diff -Nru postfix-3.0.4/RELEASE_NOTES postfix-3.1.0/RELEASE_NOTES
--- postfix-3.0.4/RELEASE_NOTES	2015-07-19 22:24:25.000000000 +0000
+++ postfix-3.1.0/RELEASE_NOTES	2016-02-22 23:10:22.000000000 +0000
@@ -1,664 +1,186 @@
-This is the Postfix 3.0 (stable) release.
+This is the Postfix 3.1 (stable) release.
 
-The stable Postfix release is called postfix-3.0.x where 3=major
-release number, 0=minor release number, x=patchlevel.  The stable
+The stable Postfix release is called postfix-3.1.x where 3=major
+release number, 1=minor release number, x=patchlevel.  The stable
 release never changes except for patches that address bugs or
 emergencies. Patches change the patchlevel and the release date.
 
 New features are developed in snapshot releases. These are called
-postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-3.2-yyyymmdd where yyyymmdd is the release date (yyyy=year,
 mm=month, dd=day).  Patches are never issued for snapshot releases;
 instead, a new snapshot is released.
 
 The mail_release_date configuration parameter (format: yyyymmdd)
 specifies the release date of a stable release or snapshot release.
 
-If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
+If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
 before proceeding.
 
-Incompatible change with Postfix 3.0.2
---------------------------------------
+Major changes - address verification safety
+-------------------------------------------
 
-As of the middle of 2015, all supported Postfix releases no longer
-enable "export" grade ciphers for opportunistic TLS, and no longer
-use the deprecated SSLv2 and SSLv3 protocols for mandatory or
-opportunistic TLS.
+[Feature 20151227] The new address_verify_pending_request_limit
+parameter introduces a safety limit for the number of address
+verification probes in the active queue.  The default limit is 1/4
+of the active queue maximum size. The queue manager enforces the
+limit by tempfailing probe messages that exceed the limit. This
+design avoids dependencies on global counters that get out of sync
+after a process or system crash.
+
+Tempfailing verify requests is not as bad as one might think.  The
+Postfix verify cache proactively updates active addresses weeks
+before they expire. The address_verify_pending_request_limit affects
+only unknown addresses, and inactive addresses that have expired
+from the address verify cache (by default, after 31 days).
+
+Major changes - json support
+----------------------------
+
+[Feature 20151129] Machine-readable, JSON-formatted queue listing
+with "postqueue -j" (no "mailq" equivalent).  The output is a stream
+of JSON objects, one per queue file.  To simplify parsing, each
+JSON object is formatted as one text line followed by one newline
+character. See the postqueue(1) manpage for a detailed description
+of the output format.
 
-These changes are very unlikely to cause problems with server-to-server
-communication over the Internet, but they may result in interoperability
-problems with ancient client or server implementations on internal
-networks.  To address this problem, you can revert the changes with:
-
-Postfix SMTP client settings:
-
-    lmtp_tls_ciphers = export
-    smtp_tls_ciphers = export
-    lmtp_tls_protocols = !SSLv2
-    smtp_tls_protocols = !SSLv2
-    lmtp_tls_mandatory_protocols = !SSLv2
-    smtp_tls_mandatory_protocols = !SSLv2
-
-Postfix SMTP server settings:
-
-    smtpd_tls_ciphers = export
-    smtpd_tls_protocols =
-    smtpd_tls_mandatory_protocols = !SSLv2
-
-These settings, if put in main.cf, affect all Postfix SMTP client
-or server communication, which may be undesirable. To be more
-selective, use "-o name=value" parameter overrides on specific
-services in master.cf. Execute the command "postfix reload" to make
-the changes effective.
-
-Notes for distribution maintainers
-----------------------------------
-
-* New backwards-compatibility safety net.
-
-With NEW Postfix installs, you MUST install a main.cf file with
-the setting "compatibility_level = 2". See conf/main.cf for an
-example.
-
-With UPGRADES of existing Postfix systems, you MUST NOT change the
-main.cf compatibility_level setting, nor add this setting if it
-does not exist.
-
-Several Postfix default settings have changed with Postfix 3.0.  To
-avoid massive frustration with existing Postfix installations,
-Postfix 3.0 comes with a safety net that forces Postfix to keep
-running with backwards-compatible main.cf and master.cf default
-settings. This safety net depends on the main.cf compatibility_level
-setting (default: 0). Details are in COMPATIBILITY_README.
-
-* New Postfix build system.
-
-The Postfix build/install procedure has changed to support Postfix
-dynamically-linked libraries and database plugins. These must not
-be "shared" with non-Postfix programs, and therefore must not be
-installed in a public directory.
-
-To avoid massive frustration due to broken patches, PLEASE BUILD
-POSTFIX FIRST WITHOUT APPLYING ANY PATCHES.  Follow the INSTALL
-instructions (see "Building with Postfix dynamically-linked libraries
-and database plugins"), and see how things work and what the
-dynamically-linked libraries, database plugin, and configuration
-files look like.  Then, go ahead and perform your platform-specific
-customizations. The INSTALL section "Tips for distribution maintainers"
-has further suggestions.
-
-Major changes - critical
-------------------------
-
-[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
-start/stop) is required. Several Postfix-internal protocols have
-been extended to support SMTPUTF8. Failure to reload or restart
-will result in mail staying queued, while Postfix daemons log
-warning messages about unexpected attributes.
-
-Major changes - default settings
---------------------------------
-
-[Incompat 20141009] The default settings have changed for relay_domains
-(new: empty, old: $mydestination) and mynetworks_style (new: host,
-old: subnet).  However the backwards-compatibility safety net will
-prevent these changes from taking effect, giving the system
-administrator the option to make an old default setting permanent
-in main.cf or to adopt the new default setting, before turning off
-backwards compatibility. See COMPATIBILITY_README for details.
-
-[Incompat 20141001] A new backwards-compatibility safety net forces
-Postfix to run with backwards-compatible main.cf and master.cf
-default settings after an upgrade to a newer but incompatible Postfix
-version. See COMPATIBILITY_README for details.
-
-While the backwards-compatible default settings are in effect,
-Postfix logs what services or what email would be affected by the
-incompatible change. Based on this the administrator can make some
-backwards-compatibility settings permanent in main.cf or master.cf,
-before turning off backwards compatibility.
-
-See postconf.5.html#compatibility_level for details.
-
-[Incompat 20141001] The default settings
-have changed for append_dot_mydomain (new: no.  old: yes), master.cf
-chroot (new: n, old: y), and smtputf8 (new: yes, old: no).
-
-Major changes - access control
+Major changes - milter support
 ------------------------------
 
-[Feature 20141119] Support for BCC actions in header/body_checks
-and milter_header_checks.  There is no limit on the number of BCC
-actions that may be specified, other than the implicit limit due
-to finite storage. BCC support will not be implemented in Postfix
-delivery agent header/body_checks.
-
-It works in the same way as always_bcc and sender/recipient_bcc_maps:
-there can be only one address per action, recipients are added with
-the NOTIFY=NONE delivery status notification option, and duplicate
-recipients are ignored (with the same delivery status notification
-options).
-
-[Incompat 20141009] The default settings have changed for relay_domains
-(new: empty, old: $mydestination) and mynetworks_style (new: host,
-old: subnet).  However the backwards-compatibility safety net will
-prevent these changes from taking effect, giving the system
-administrator the option to make an old default setting permanent
-in main.cf or to adopt the new default setting, before turning off
-backwards compatibility. See COMPATIBILITY_README for details.
-
-[Feature 20140618] New INFO action in access(5) tables, for consistency
-with header/body_checks.
-
-[Feature 20140620] New check_xxx_a_access (for xxx in client,
-reverse_client, helo, sender, recipient) implements access control
-on all A and AAAA IP addresses for respectively the client hostname,
-helo parameter, sender domain or recipient domain. This complements
-the existing check_xxx_mx_access and check_xxx_ns_access features.
-
-Major changes - address rewriting
----------------------------------
-
-[Incompat 20141001] The default settings have changed for
-append_dot_mydomain (new: no.  old: yes), master.cf chroot (new:
-n, old: y), and smtputf8 (new: yes, old: no).
-
-Major changes - address verification
-------------------------------------
-
-[Feature 20141227] The new smtp_address_verify_target parameter
-(default: rcpt) specifies what protocol stage decides if a recipient
-is valid. Specify "data" for servers that reject invalid recipients
-in response to the DATA command.
-
-Major changes - database support
---------------------------------
+[Feature 20150523] The milter_macro_defaults feature provides an
+optional list of macro name=value pairs. These specify default
+values for Milter macros when no value is available from the SMTP
+session context.
+
+For example, with "milter_macro_defaults = auth_type=TLS", the
+Postfix SMTP server will send an auth_type of "TLS" to a Milter,
+unless the remote client authenticates with SASL.
+
+This feature was originally implemented for a submission service
+that may authenticate clients with a TLS certificate, without having
+to make changes to the code that implements TLS support.
 
-[Feature 20140512] Support for Berkeley DB version 6.
-
-[Feature 20140618] The "randmap" lookup table performs random
-selection. This may be used to implement load balancing, for example:
-
-/etc/postfix/transport:
-    # Deliver my own domain as usual.
-    example.com :
-    .example.com :
-
-/etc/postfix/main.cf:
-    transport_maps = 
-        # Deliver my own domain as usual.
-        hash:/etc/postfix/transport 
-        # Deliver other domains via randomly-selected relayhosts
-        randmap:{smtp:smtp0.example.com, smtp:smtp1.example.com}
-
-A variant of this can randomly select SMTP clients with different
-smtp_bind_address settings.
-
-To implement different weights, specify lookup results multiple
-times. For example, to choose smtp:smtp1.example.com twice as often
-as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice.
-
-A future version may support randmap:/path/to/file to load a list
-of results from file.
-
-[Feature 20140618] As the name suggests, the "pipemap" table
-implements a pipeline of lookup tables. The name of the table
-specifies the pipeline as a sequence of tables. For example, the
-following prevents SMTP mail to system accounts that have "nologin"
-as their login shell:
-
-    /etc/postfix/main.cf:
-        local_recipient_maps = 
-            pipemap:{unix:passwd.byname, pcre:/etc/postfix/no-nologin.pcre}
-            alias_maps
-
-    /etc/postfix/no-nologin.pcre:
-        !/nologin/      whatever
-
-Each "pipemap:" query is given to the first table. Each table
-lookup result becomes the query for the next table in the pipeline,
-and the last table produces the final result.  When any table lookup
-produces no result, the entire pipeline produces no result.
-
-A future version may support pipemap:/path/to/file to load a list
-of lookup tables from file.
-
-[Feature 20140924] Support for unionmap, with the same syntax as
-pipemap.  This sends a query to all tables, and concatenates non-empty
-results, separated by comma.
-
-[Feature 20131121] The "static" lookup table now supports whitespace
-when invoked as "static:{ text with whitespace }", so that it can
-be used, for example, at the end of smtpd_mumble_restrictions as
-"check_mumble_access static:{reject text...}".
-
-[Feature 20141126] "inline:{key=value, { key = text with comma/space}}"
-avoids the need to create a database for just a few entries.
-
-Major changes - delivery status notifications
----------------------------------------------
-
-[Feature 20140321] Delivery status filter support, to replace the
-delivery status codes and explanatory text of successful or
-unsuccessful deliveries by Postfix mail delivery agents.
-
-This was originally implemented for sites that want to turn certain
-soft delivery errors into hard delivery errors, but it can also be
-used to censor out information from delivery confirmation reports.
-
-This feature is implemented as a filter that replaces the three-number
-enhanced status code and descriptive text in Postfix delivery agent
-success, bounce, or defer messages. Note: this will not override
-"soft_bounce=yes", and this will not change a successful delivery
-status into an unsuccessful status or vice versa.
-
-The first example turns specific soft TLS errors into hard
-errors, by overriding the first number in the enhanced status code.
+Major changes - output rate control
+-----------------------------------
 
-/etc/postfix/main.cf:
-    smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
+[Feature 20150710] Destination-independent delivery rate delay
 
-/etc/postfix/smtp_dsn_filter:
-    /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1
-    /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1
-
-The second example removes the destination command name and file
-name from local(8) successful delivery reports, so that they will
-not be reported when a sender requests confirmation of delivery.
+Support to enforce a destination-independent delay between email
+deliveries.  The following example inserts 20 seconds of delay
+between all deliveries with the SMTP transport, limiting the delivery
+rate to at most three messages per minute.
 
 /etc/postfix/main.cf:
-    local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
-
-/etc/postfix/local_dsn_filter:
-    /^(2\S+ delivered to file).+/    $1
-    /^(2\S+ delivered to command).+/ $1
-
-This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8)
-and virtual(8) delivery agents. That is, all delivery agents that
-actually deliver mail.  It will not be implemented in the error and
-retry pseudo-delivery agents.
-
-The new main.cf parameters and default values are:
-
-    default_delivery_status_filter =
-    lmtp_delivery_status_filter = $default_delivery_status_filter
-    local_delivery_status_filter = $default_delivery_status_filter
-    pipe_delivery_status_filter = $default_delivery_status_filter
-    smtp_delivery_status_filter = $default_delivery_status_filter
-    virtual_delivery_status_filter = $default_delivery_status_filter
-
-See the postconf(5) manpage for more details.
-
-[Incompat 20140618] The pipe(8) delivery agent will now log a limited
-amount of command output upon successful delivery, and will report
-that output in "SUCCESS" delivery status reports. This is another
-good reason to disable inbound DSN requests at the Internet perimeter.
-
-[Feature 20140907] With "confirm_delay_cleared = yes", Postfix
-informs the sender when delayed mail leaves the queue (this is in
-addition to the delay_warning_time feature that warns when mail is
-still queued).  This feature is disabled by default, because it can
-result in a sudden burst of notifications when the queue drains at
-the end of a prolonged network outage.
-
-Major changes - dns
--------------------
+    smtp_transport_rate_delay = 20s
 
-[Feature 20141128] Support for DNS server reply filters in the
-Postfix SMTP/LMTP client and SMTP server. This helps to work around
-mail delivery problems with sites that have incorrect DNS information.
-Note: this has no effect on the implicit DNS lookups that are made
-by nsswitch.conf or equivalent mechanisms.
-
-This feature renders each lookup result as one line of text in
-standard zone-file format as shown below. The class field is always
-"IN", the preference field exists only for MX records, the names
-of hosts, domains, etc. end in ".", and those names are in ASCII
-form (xn--mumble form for internationalized domain names).
-
-    name         ttl   class type preference value
-    ---------------------------------------------------------
-    postfix.org. 86400 IN    MX   10         mail.cloud9.net.
-
-Typically, one would match this text with a regexp: or pcre: table.
-When a match is found, the table lookup result specifies an action.
-By default, the table query and the action name are case-insensitive.
-Currently, only the IGNORE action is implemented.
-
-For safety reasons, Postfix logs a warning or defers mail delivery
-when a DNS reply filter removes all lookup results from a successful
-query.
-
-The Postfix SMTP/LMTP client uses the smtp_dns_reply_filter and
-lmtp_dns_reply_filter features only for Postfix SMTP client lookups
-of MX, A, and AAAAA records to locate a remote SMTP or LMTP server,
-including lookups that implement the features reject_unverified_sender
-and reject_unverified_recipient. The filters are not used for lookups
-made through nsswitch.conf and similar mechanisms.
-
-The Postfix SMTP server uses the smtpd_dns_reply_filter feature
-only for Postfix SMTP server lookups of MX, A, AAAAA, and TXT records
-to implement the features reject_unknown_helo_hostname,
-reject_unknown_sender_domain, reject_unknown_recipient_domain,
-reject_rbl_*, and reject_rhsbl_*. The filter is not used for lookups
-made through nsswitch.conf and similar mechanisms, such as lookups
-of the remote SMTP client name.
-
-[Feature 20141126] Nullmx support (MX records with a null hostname).
-This change affects error messages only.  The Postfix SMTP client
-already bounced mail for such domains, and the Postfix SMTP server
-already rejected such domains with reject_unknown_sender/recipient_domain.
-This feature introduces a new SMTP server configuration parameter
-nullmx_reject_code (default: 556).
-
-Major changes - dynamic linking
--------------------------------
-
-[Feature 20140530] Support to build Postfix with Postfix
-dynamically-linked libraries, and with dynamically-loadable database
-clients. These MUST NOT be used by non-Postfix programs. Postfix
-dynamically-linked libraries introduce minor runtime overhead and
-result in smaller Postfix executable files. Dynamically-loadable
-database clients are useful when you distribute or install pre-compiled
-packages.  Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB,
-MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients.
-
-This implementation is based on Debian code by LaMont Jones, initially
-ported by Viktor Dukhovni. Currently, support exists for recent
-versions of Linux, FreeBSD, MacOS X, and for the ancient Solaris 9.
-
-To support Postfix dynamically-linked libraries and dynamically-loadable
-database clients, the Postfix build procedure had to be changed
-(specifically, the files makedefs and Makefile.in, and the files
-postfix-install and post-install that install or update Postfix).
-
-[Incompat 20140530] The Postfix 3.0 build procedure expects that
-you specify database library dependencies with variables named
-AUXLIBS_CDB, AUXLIBS_LDAP, etc.  With Postfix 3.0 and later, the
-old AUXLIBS variable still supports building a statically-loaded
-CDB etc.  database client, but only the new AUXLIBS_CDB etc. variables
-support building a dynamically-loaded or statically-loaded CDB etc.
-database client.  See CDB_README, LDAP_README, etc. for details.
-
-Failure to follow this advice will defeat the purpose of dynamic
-database client loading. Every Postfix executable file will have
-database library dependencies. And that was exactly what dynamic
-database client loading was meant to avoid.
-
-Major changes - future proofing
--------------------------------
-
-[Cleanup 20141224] The changes described here have no visible effect
-on Postfix behavior, but they make Postfix code easier to maintain,
-and therefore make new functionality easier to add.
-
-* Compile-time argument typechecks of non-printf/scanf-like variadic
-  function argument lists.
-
-* Deprecating the use of "char *" for non-text purposes such as
-  memory allocation and pointers to application context for call-back
-  functions. This dates from long-past days before void * became
-  universally available.
-
-* Replace integer types for counters and sizes with size_t or ssize_t
-  equivalents.  This eliminates some wasteful 64<->32bit conversions
-  on 64-bit systems.
-
-Major changes - installation pathnames
---------------------------------------
-
-[Incompat 20140625] For compliance with file system policies, some
-non-executable files have been moved from $daemon_directory to the
-directory specified with the new meta_directory configuration
-parameter which has the same default value as the config_directory
-parameter. This change affects non-executable files that are shared
-between multiple Postfix instances such as postfix-files, dynamicmaps.cf,
-and multi-instance template files.
-
-For backwards compatibility with Postfix 2.6 .. 2.11, specify
-"meta_directory = $daemon_directory" in main.cf before installing
-or upgrading Postfix, or specify "meta_directory = /path/name" on
-the "make makefiles", "make install" or "make upgrade" command line.
-
-Major changes - milter
-----------------------
-
-[Feature 20140928] Support for per-Milter settings that override
-main.cf parameters.  For details see the section "Advanced policy
-client configuration" in the SMTPD_POLICY_README document.
-
-Here is an example that uses both old and new syntax:
-
-    smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
-        inet:127.0.0.1:port2, ...
-
-The supported attribute names are: command_timeout, connect_timeout,
-content_timeout, default_action, and protocol. These have the same
-names as the corresponding main.cf parameters, without the "milter_"
-prefix.
-
-The per-milter settings are specified as attribute=value pairs
-separated by comma or space; specify { name = value } to allow
-spaces around the "=" or within an attribute value.
-
-[Feature 20141018] DMARC compatibility: when a Milter inserts a
-header ABOVE Postfix's own Received: header, Postfix no longer
-exposes its own Received: header to Milters (violating protocol)
-and Postfix no longer hides the Milter-inserted header from Milters
-(wtf).
+For details, see the description of default_transport_rate_delay
+and transport_transport_rate_delay in the postconf(5) manpage.
 
-Major changes - parameter syntax
+Major changes - postscreen dnsbl
 --------------------------------
 
-[Feature 20140921] In preparation for configurable mail headers and
-logging, new main.cf support for if-then-else expressions:
-
-    ${name?{text1}:{text2}}
-
-and for logical expressions: 
-
-    ${{text1}=={text2}?{text3}:{text4}}
-    ${{text1}!={text2}?{text3}:{text4}}
-
-Whitespace before and after {text} is ignored. This can help to
-make complex expressions more readable.  See the postconf(5) manpage
-for further details.
-
-[Feature 20140928] Support for whitespace in daemon command-line
-arguments. For details, see the "Command name + arguments" section
-in the master(5) manpage.  Example:
-
-    smtpd -o { parameter = value containing whitespace } ...
-
-The { ... } form is also available for non-option command-line
-arguments in master.cf, for example:
-
-    pipe ... argv=command { argument containing whitespace } ...
-
-In both cases, whitespace immediately after "{" and before "}"
-is ignored.
+[Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL
+lookup results
 
-[Feature 20141005] Postfix import_environment and export_environment
-now allow "{ name=value }" to protect whitespace in attribute values.
+Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
+that a "not found" result from a DNSBL server will be valid for one
+hour.  This may have been adequate five years ago when postscreen
+was first implemented, but nowadays, that one hour can result in
+missed opportunities to block new spambots.
 
-[Feature 20141006] The new message_drop_header parameter replaces
-a hard-coded table that specifies what message headers the cleanup
-daemon will remove.  The list of supported header names covers RFC
-5321, 5322, MIME RFCs, and some historical names.
+To address this, postscreen now respects the TTL of DNSBL "not
+found" replies, as well as the TTL of DNSWL replies (both "found"
+and "not found").  The TTL for a "not found" reply is determined
+according to RFC 2308 (the TTL of an SOA record in the reply).
 
-Major changes - pipe daemon
----------------------------
+Support for DNSBL or DNSWL reply TTL values is controlled by two
+configuration parameters:
 
-[Incompat 20140618] The pipe(8) delivery agent will now log a limited
-amount of command output upon successful delivery, and will report
-that output in "SUCCESS" delivery status reports. This is another
-good reason to disable inbound DSN requests at the Internet perimeter.
+postscreen_dnsbl_min_ttl (default: 60 seconds).
 
-Major changes - policy client
------------------------------
+    This parameter specifies a minimum for the amount of time that
+    a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
+    This prevents an excessive number of postscreen cache updates
+    when a DNSBL or DNSWL server specifies a very small reply TTL.
 
-[Feature 20140703] This release introduces three new configuration
-parameters that control error recovery for failed SMTPD policy
-requests.
+postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
 
-  * smtpd_policy_service_default_action (default: 451 4.3.5 Server
-    configuration problem): The default action when an SMTPD policy
-    service request fails.
+    This parameter specifies a maximum for the amount of time that
+    a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
+    This prevents cache pollution when a DNSBL or DNSWL server
+    specifies a very large reply TTL.
 
-  * smtpd_policy_service_try_limit (default: 2): The maximal number
-    of attempts to send an SMTPD policy service request before
-    giving up. This must be a number greater than zero.
+The postscreen_dnsbl_ttl parameter is now obsolete, and has become
+the default value for the new postscreen_dnsbl_max_ttl parameter.
 
-  * smtpd_policy_service_retry_delay (default: 1s): The delay between
-    attempts to resend a failed SMTPD policy service request. This
-    must be a number greater than zero.
-
-See postconf(5) for details and limitations.
-
-[Feature 20140928] Support for per-policy service settings that
-override main.cf parameters.  For details see the section "Different
-settings for different Milter applications" in the MILTER_README
-document.
-
-Here is an example that uses both old and new syntax:
-
-smtpd_recipient_restrictions = ...
-    check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO }
-    check_policy_service inet:127.0.0.1:port4
-    ...
-
-The per-policy service settings are specified as attribute=value pairs
-separated by comma or space; specify { name = value } to allow
-spaces around the "=" or within an attribute value.
-
-The supported attribute names are: default_action, max_idle, max_ttl,
-request_limit, retry_delay, timeout, try_limit. These have the same
-names as the corresponding main.cf parameters, without the
-"smtpd_policy_service_" prefix.
-
-[Feature 20140505] A client port attribute was added to the policy
-delegation protocol.
-
-[Feature 20140630] New smtpd_policy_service_request_limit feature to
-limit the number of requests per Postfix SMTP server policy connection.
-This is a workaround to avoid error-recovery delays with policy
-servers that cannot maintain a persistent connection.
-
-Major changes - position-independent executables
-------------------------------------------------
-
-[Feature 20150205] Preliminary support for building position-independent
-executables (PIE), tested on Fedora Core 20, Ubuntu 14.04, FreeBSD
-9 and 10, and NetBSD 6. Specify:
-
-$ make makefiles pie=yes ...other arguments...
-
-On some systems, PIE is used by the ASLR exploit mitigation technique
-(ASLR = Address-Space Layout Randomization). Whether specifying
-"pie=yes" has any effect at all depends on the compiler.  Reportedly,
-some compilers always produce PIE executables.
-
-Major changes - postscreen
---------------------------
-
-[Feature 20140501] Configurable time limit (postscreen_dnsbl_timeout)
-for DNSBL or DNSWL lookups. This is separate from the timeouts in
-the dnsblog(8) daemon which are controlled by system resolver(3)
-routines.
-
-Major changes - session fingerprint
------------------------------------
-
-[Feature 20140801] The Postfix SMTP server now logs at the end of
-a session how many times an SMTP command was successfully invoked,
-followed by the total number of invocations if some invocations
-were unsuccessful.
-
-This logging will enough to diagnose many problems without using
-verbose logging or network sniffer.
-
-    Normal session, no TLS:
-        disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
-
-    Normal session. with TLS:
-        disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
-
-    All recipients rejected, no ESMTP command pipelining:
-        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
-
-    All recipients rejected, with ESMTP command pipelining:
-        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
-
-    Password guessing bot, hangs up without QUIT:
-        disconnect from name[addr] ehlo=1 auth=0/1
-
-    Mis-configured client trying to use TLS wrappermode on port 587:
-        disconnect from name[addr] unknown=0/1
-
-Logfile analyzers can trigger on the presence of "/". It indicates
-that Postfix rejected at least one command.
-
-[Feature 20150118] As a late addition, the SMTP server now also
-logs the total number of commands (as "commands=x/y") even when the
-client did not send any commands. This helps logfile analyzers to
-recognize sessions without commands.
-
-Major changes - smtp client
----------------------------
-
-[Feature 20141227] The new smtp_address_verify_target parameter
-(default: rcpt) determines what protocol stage decides if a recipient
-is valid. Specify "data" for servers that reject recipients after
-the DATA command.
-
-Major changes - smtputf8
-------------------------
-
-[Incompat 20141001] The default settings have changed for
-append_dot_mydomain (new: no, old: yes), master.cf chroot (new:
-n, old: y), and smtputf8 (new: yes, old: no).
+Major changes - sasl auth safety
+--------------------------------
 
-[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
-start/stop) is required. Several Postfix-internal protocols have
-been extended to support SMTPUTF8. Failure to reload or restart
-will result in mail staying queued, while Postfix daemons log
-warning messages about unexpected attributes.
+[Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to
+enforce an optional rate limit on AUTH commands per SMTP client IP
+address.  Similar to other smtpd_client_*_rate_limit features, this
+enforces a limit on the number of requests per $anvil_rate_time_unit.
+
+Major changes - smtpd policy
+----------------------------
+
+[Feature 20150913] New SMTPD policy service attribute "policy_context",
+with a corresponding "smtpd_policy_service_policy_context" configuration
+parameter.  Originally, this was implemented to share the same SMTPD
+policy service endpoint among multiple check_policy_service clients.
 
-[Feature 20140715] Support for Email Address Internationalization
-(EAI) as defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP
-sender addresses, recipient addresses, and message header values.
-The implementation is based on initial work by Arnt Gulbrandsen
-that was funded by CNNIC.
+Major changes - tls
+-------------------
 
-See SMTPUTF8_README for a description of Postfix SMTPUTF8 support.
+[Feature 20160207] A new "postfix tls" command to quickly enable
+opportunistic TLS in the Postfix SMTP client or server, and to
+manage SMTP server keys and certificates, including certificate
+signing requests and TLSA DNS records for DANE. See the postfix-tls(1)
+manpage for a detailed description.
+
+[Feature 20160103] The Postfix SMTP client by default enables DANE
+policies when an MX host has a (DNSSEC) secure TLSA DNS record,
+even if the MX DNS record was obtained with insecure lookups.  The
+existence of a secure TLSA record implies that the host wants to
+talk TLS and not plaintext. For details see the
+smtp_tls_dane_insecure_mx_policy configuration parameter.
+
+[Incompat 20150721] As of the middle of 2015, all supported Postfix
+releases no longer enable "export" grade ciphers for opportunistic
+TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for
+mandatory or opportunistic TLS.
 
-[Feature 20150112] UTF-8 Casefolding support for Postfix lookup
-tables and matchlists (mydestination, relay_domains, etc.).  This
-is enabled only with "smtpuf8 = yes".
+These changes are very unlikely to cause problems with server-to-server
+communication over the Internet, but they may result in interoperability
+problems with ancient client or server implementations on internal
+networks.  To address this problem, you can revert the changes with:
 
-[Feature 20150112] With smtputf8_enable=yes, SMTP commands with
-UTF-8 syntax errors are rejected, table lookup results with invalid
-UTF-8 syntax are handled as configuration errors, and UTF-8 syntax
-errors in policy server replies result in execution of the policy
-server's default action.
+Postfix SMTP client settings:
 
-Major changes - tls support
----------------------------
+    lmtp_tls_ciphers = export
+    smtp_tls_ciphers = export
+    lmtp_tls_protocols = !SSLv2
+    smtp_tls_protocols = !SSLv2
+    lmtp_tls_mandatory_protocols = !SSLv2
+    smtp_tls_mandatory_protocols = !SSLv2
 
-(see "Major changes - delivery status notifications" above for
-turning 4XX soft errors into 5XX bounces when a remote SMTP server
-does not offer STARTTLS support).
+Postfix SMTP server settings:
 
-[Feature 20140209] the Postfix SMTP client now also falls back to
-plaintext when TLS fails AFTER the TLS protocol handshake.
+    smtpd_tls_ciphers = export
+    smtpd_tls_protocols =
+    smtpd_tls_mandatory_protocols = !SSLv2
 
-[Feature 20140218] The Postfix SMTP client now requires that a queue
-file is older than $minimal_backoff_time, before falling back from
-failed TLS to plaintext (both during or after the TLS handshake).
+These settings, if put in main.cf, affect all Postfix SMTP client
+or server communication, which may be undesirable. To be more
+selective, use "-o name=value" parameter overrides on specific
+services in master.cf. Execute the command "postfix reload" to make
+the changes effective.
 
-[Feature 20141021] Per IETF TLS WG consensus, the tls_session_ticket_cipher
-default setting was changed from aes-128-cbc to aes-256-cbc.
+[Incompat 20150719] The default Diffie-Hellman non-export prime was
+updated from 1024 to 2048 bits, because SMTP clients are starting
+to reject TLS handshakes with primes smaller than 2048 bits.
+
+Historically, this prime size is not negotiable, and each site needs
+to determine which prime size works best for the majority of its
+clients. See FORWARD_SECRECY_README for some hints in the quick-start
+section.
 
-[Feature 20150116] TLS wrappermode support in the Postfix smtp(8)
-client (new smtp_tls_wrappermode parameter) and in posttls-finger(1)
-(new -w option). There still is life in that deprecated protocol,
-and people should not have to jump hoops with stunnel.
diff -Nru postfix-3.0.4/RELEASE_NOTES-3.0 postfix-3.1.0/RELEASE_NOTES-3.0
--- postfix-3.0.4/RELEASE_NOTES-3.0	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/RELEASE_NOTES-3.0	2015-02-08 16:43:47.000000000 +0000
@@ -0,0 +1,628 @@
+The stable Postfix release is called postfix-3.0.x where 3=major
+release number, 0=minor release number, x=patchlevel.  The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
+
+New features are developed in snapshot releases. These are called
+postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day).  Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
+
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
+
+If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
+before proceeding.
+
+Notes for distribution maintainers
+----------------------------------
+
+* New backwards-compatibility safety net.
+
+With NEW Postfix installs, you MUST install a main.cf file with
+the setting "compatibility_level = 2". See conf/main.cf for an
+example.
+
+With UPGRADES of existing Postfix systems, you MUST NOT change the
+main.cf compatibility_level setting, nor add this setting if it
+does not exist.
+
+Several Postfix default settings have changed with Postfix 3.0.  To
+avoid massive frustration with existing Postfix installations,
+Postfix 3.0 comes with a safety net that forces Postfix to keep
+running with backwards-compatible main.cf and master.cf default
+settings. This safety net depends on the main.cf compatibility_level
+setting (default: 0). Details are in COMPATIBILITY_README.
+
+* New Postfix build system.
+
+The Postfix build/install procedure has changed to support Postfix
+dynamically-linked libraries and database plugins. These must not
+be "shared" with non-Postfix programs, and therefore must not be
+installed in a public directory.
+
+To avoid massive frustration due to broken patches, PLEASE BUILD
+POSTFIX FIRST WITHOUT APPLYING ANY PATCHES.  Follow the INSTALL
+instructions (see "Building with Postfix dynamically-linked libraries
+and database plugins"), and see how things work and what the
+dynamically-linked libraries, database plugin, and configuration
+files look like.  Then, go ahead and perform your platform-specific
+customizations. The INSTALL section "Tips for distribution maintainers"
+has further suggestions.
+
+Major changes - critical
+------------------------
+
+[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
+start/stop) is required. Several Postfix-internal protocols have
+been extended to support SMTPUTF8. Failure to reload or restart
+will result in mail staying queued, while Postfix daemons log
+warning messages about unexpected attributes.
+
+Major changes - default settings
+--------------------------------
+
+[Incompat 20141009] The default settings have changed for relay_domains
+(new: empty, old: $mydestination) and mynetworks_style (new: host,
+old: subnet).  However the backwards-compatibility safety net will
+prevent these changes from taking effect, giving the system
+administrator the option to make an old default setting permanent
+in main.cf or to adopt the new default setting, before turning off
+backwards compatibility. See COMPATIBILITY_README for details.
+
+[Incompat 20141001] A new backwards-compatibility safety net forces
+Postfix to run with backwards-compatible main.cf and master.cf
+default settings after an upgrade to a newer but incompatible Postfix
+version. See COMPATIBILITY_README for details.
+
+While the backwards-compatible default settings are in effect,
+Postfix logs what services or what email would be affected by the
+incompatible change. Based on this the administrator can make some
+backwards-compatibility settings permanent in main.cf or master.cf,
+before turning off backwards compatibility.
+
+See postconf.5.html#compatibility_level for details.
+
+[Incompat 20141001] The default settings
+have changed for append_dot_mydomain (new: no.  old: yes), master.cf
+chroot (new: n, old: y), and smtputf8 (new: yes, old: no).
+
+Major changes - access control
+------------------------------
+
+[Feature 20141119] Support for BCC actions in header/body_checks
+and milter_header_checks.  There is no limit on the number of BCC
+actions that may be specified, other than the implicit limit due
+to finite storage. BCC support will not be implemented in Postfix
+delivery agent header/body_checks.
+
+It works in the same way as always_bcc and sender/recipient_bcc_maps:
+there can be only one address per action, recipients are added with
+the NOTIFY=NONE delivery status notification option, and duplicate
+recipients are ignored (with the same delivery status notification
+options).
+
+[Incompat 20141009] The default settings have changed for relay_domains
+(new: empty, old: $mydestination) and mynetworks_style (new: host,
+old: subnet).  However the backwards-compatibility safety net will
+prevent these changes from taking effect, giving the system
+administrator the option to make an old default setting permanent
+in main.cf or to adopt the new default setting, before turning off
+backwards compatibility. See COMPATIBILITY_README for details.
+
+[Feature 20140618] New INFO action in access(5) tables, for consistency
+with header/body_checks.
+
+[Feature 20140620] New check_xxx_a_access (for xxx in client,
+reverse_client, helo, sender, recipient) implements access control
+on all A and AAAA IP addresses for respectively the client hostname,
+helo parameter, sender domain or recipient domain. This complements
+the existing check_xxx_mx_access and check_xxx_ns_access features.
+
+Major changes - address rewriting
+---------------------------------
+
+[Incompat 20141001] The default settings have changed for
+append_dot_mydomain (new: no.  old: yes), master.cf chroot (new:
+n, old: y), and smtputf8 (new: yes, old: no).
+
+Major changes - address verification
+------------------------------------
+
+[Feature 20141227] The new smtp_address_verify_target parameter
+(default: rcpt) specifies what protocol stage decides if a recipient
+is valid. Specify "data" for servers that reject invalid recipients
+in response to the DATA command.
+
+Major changes - database support
+--------------------------------
+
+[Feature 20140512] Support for Berkeley DB version 6.
+
+[Feature 20140618] The "randmap" lookup table performs random
+selection. This may be used to implement load balancing, for example:
+
+/etc/postfix/transport:
+    # Deliver my own domain as usual.
+    example.com :
+    .example.com :
+
+/etc/postfix/main.cf:
+    transport_maps = 
+        # Deliver my own domain as usual.
+        hash:/etc/postfix/transport 
+        # Deliver other domains via randomly-selected relayhosts
+        randmap:{smtp:smtp0.example.com, smtp:smtp1.example.com}
+
+A variant of this can randomly select SMTP clients with different
+smtp_bind_address settings.
+
+To implement different weights, specify lookup results multiple
+times. For example, to choose smtp:smtp1.example.com twice as often
+as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice.
+
+A future version may support randmap:/path/to/file to load a list
+of results from file.
+
+[Feature 20140618] As the name suggests, the "pipemap" table
+implements a pipeline of lookup tables. The name of the table
+specifies the pipeline as a sequence of tables. For example, the
+following prevents SMTP mail to system accounts that have "nologin"
+as their login shell:
+
+    /etc/postfix/main.cf:
+        local_recipient_maps = 
+            pipemap:{unix:passwd.byname, pcre:/etc/postfix/no-nologin.pcre}
+            alias_maps
+
+    /etc/postfix/no-nologin.pcre:
+        !/nologin/      whatever
+
+Each "pipemap:" query is given to the first table. Each table
+lookup result becomes the query for the next table in the pipeline,
+and the last table produces the final result.  When any table lookup
+produces no result, the entire pipeline produces no result.
+
+A future version may support pipemap:/path/to/file to load a list
+of lookup tables from file.
+
+[Feature 20140924] Support for unionmap, with the same syntax as
+pipemap.  This sends a query to all tables, and concatenates non-empty
+results, separated by comma.
+
+[Feature 20131121] The "static" lookup table now supports whitespace
+when invoked as "static:{ text with whitespace }", so that it can
+be used, for example, at the end of smtpd_mumble_restrictions as
+"check_mumble_access static:{reject text...}".
+
+[Feature 20141126] "inline:{key=value, { key = text with comma/space}}"
+avoids the need to create a database for just a few entries.
+
+Major changes - delivery status notifications
+---------------------------------------------
+
+[Feature 20140321] Delivery status filter support, to replace the
+delivery status codes and explanatory text of successful or
+unsuccessful deliveries by Postfix mail delivery agents.
+
+This was originally implemented for sites that want to turn certain
+soft delivery errors into hard delivery errors, but it can also be
+used to censor out information from delivery confirmation reports.
+
+This feature is implemented as a filter that replaces the three-number
+enhanced status code and descriptive text in Postfix delivery agent
+success, bounce, or defer messages. Note: this will not override
+"soft_bounce=yes", and this will not change a successful delivery
+status into an unsuccessful status or vice versa.
+
+The first example turns specific soft TLS errors into hard
+errors, by overriding the first number in the enhanced status code.
+
+/etc/postfix/main.cf:
+    smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
+
+/etc/postfix/smtp_dsn_filter:
+    /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1
+    /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1
+
+The second example removes the destination command name and file
+name from local(8) successful delivery reports, so that they will
+not be reported when a sender requests confirmation of delivery.
+
+/etc/postfix/main.cf:
+    local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
+
+/etc/postfix/local_dsn_filter:
+    /^(2\S+ delivered to file).+/    $1
+    /^(2\S+ delivered to command).+/ $1
+
+This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8)
+and virtual(8) delivery agents. That is, all delivery agents that
+actually deliver mail.  It will not be implemented in the error and
+retry pseudo-delivery agents.
+
+The new main.cf parameters and default values are:
+
+    default_delivery_status_filter =
+    lmtp_delivery_status_filter = $default_delivery_status_filter
+    local_delivery_status_filter = $default_delivery_status_filter
+    pipe_delivery_status_filter = $default_delivery_status_filter
+    smtp_delivery_status_filter = $default_delivery_status_filter
+    virtual_delivery_status_filter = $default_delivery_status_filter
+
+See the postconf(5) manpage for more details.
+
+[Incompat 20140618] The pipe(8) delivery agent will now log a limited
+amount of command output upon successful delivery, and will report
+that output in "SUCCESS" delivery status reports. This is another
+good reason to disable inbound DSN requests at the Internet perimeter.
+
+[Feature 20140907] With "confirm_delay_cleared = yes", Postfix
+informs the sender when delayed mail leaves the queue (this is in
+addition to the delay_warning_time feature that warns when mail is
+still queued).  This feature is disabled by default, because it can
+result in a sudden burst of notifications when the queue drains at
+the end of a prolonged network outage.
+
+Major changes - dns
+-------------------
+
+[Feature 20141128] Support for DNS server reply filters in the
+Postfix SMTP/LMTP client and SMTP server. This helps to work around
+mail delivery problems with sites that have incorrect DNS information.
+Note: this has no effect on the implicit DNS lookups that are made
+by nsswitch.conf or equivalent mechanisms.
+
+This feature renders each lookup result as one line of text in
+standard zone-file format as shown below. The class field is always
+"IN", the preference field exists only for MX records, the names
+of hosts, domains, etc. end in ".", and those names are in ASCII
+form (xn--mumble form for internationalized domain names).
+
+    name         ttl   class type preference value
+    ---------------------------------------------------------
+    postfix.org. 86400 IN    MX   10         mail.cloud9.net.
+
+Typically, one would match this text with a regexp: or pcre: table.
+When a match is found, the table lookup result specifies an action.
+By default, the table query and the action name are case-insensitive.
+Currently, only the IGNORE action is implemented.
+
+For safety reasons, Postfix logs a warning or defers mail delivery
+when a DNS reply filter removes all lookup results from a successful
+query.
+
+The Postfix SMTP/LMTP client uses the smtp_dns_reply_filter and
+lmtp_dns_reply_filter features only for Postfix SMTP client lookups
+of MX, A, and AAAAA records to locate a remote SMTP or LMTP server,
+including lookups that implement the features reject_unverified_sender
+and reject_unverified_recipient. The filters are not used for lookups
+made through nsswitch.conf and similar mechanisms.
+
+The Postfix SMTP server uses the smtpd_dns_reply_filter feature
+only for Postfix SMTP server lookups of MX, A, AAAAA, and TXT records
+to implement the features reject_unknown_helo_hostname,
+reject_unknown_sender_domain, reject_unknown_recipient_domain,
+reject_rbl_*, and reject_rhsbl_*. The filter is not used for lookups
+made through nsswitch.conf and similar mechanisms, such as lookups
+of the remote SMTP client name.
+
+[Feature 20141126] Nullmx support (MX records with a null hostname).
+This change affects error messages only.  The Postfix SMTP client
+already bounced mail for such domains, and the Postfix SMTP server
+already rejected such domains with reject_unknown_sender/recipient_domain.
+This feature introduces a new SMTP server configuration parameter
+nullmx_reject_code (default: 556).
+
+Major changes - dynamic linking
+-------------------------------
+
+[Feature 20140530] Support to build Postfix with Postfix
+dynamically-linked libraries, and with dynamically-loadable database
+clients. These MUST NOT be used by non-Postfix programs. Postfix
+dynamically-linked libraries introduce minor runtime overhead and
+result in smaller Postfix executable files. Dynamically-loadable
+database clients are useful when you distribute or install pre-compiled
+packages.  Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB,
+MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients.
+
+This implementation is based on Debian code by LaMont Jones, initially
+ported by Viktor Dukhovni. Currently, support exists for recent
+versions of Linux, FreeBSD, MacOS X, and for the ancient Solaris 9.
+
+To support Postfix dynamically-linked libraries and dynamically-loadable
+database clients, the Postfix build procedure had to be changed
+(specifically, the files makedefs and Makefile.in, and the files
+postfix-install and post-install that install or update Postfix).
+
+[Incompat 20140530] The Postfix 3.0 build procedure expects that
+you specify database library dependencies with variables named
+AUXLIBS_CDB, AUXLIBS_LDAP, etc.  With Postfix 3.0 and later, the
+old AUXLIBS variable still supports building a statically-loaded
+CDB etc.  database client, but only the new AUXLIBS_CDB etc. variables
+support building a dynamically-loaded or statically-loaded CDB etc.
+database client.  See CDB_README, LDAP_README, etc. for details.
+
+Failure to follow this advice will defeat the purpose of dynamic
+database client loading. Every Postfix executable file will have
+database library dependencies. And that was exactly what dynamic
+database client loading was meant to avoid.
+
+Major changes - future proofing
+-------------------------------
+
+[Cleanup 20141224] The changes described here have no visible effect
+on Postfix behavior, but they make Postfix code easier to maintain,
+and therefore make new functionality easier to add.
+
+* Compile-time argument typechecks of non-printf/scanf-like variadic
+  function argument lists.
+
+* Deprecating the use of "char *" for non-text purposes such as
+  memory allocation and pointers to application context for call-back
+  functions. This dates from long-past days before void * became
+  universally available.
+
+* Replace integer types for counters and sizes with size_t or ssize_t
+  equivalents.  This eliminates some wasteful 64<->32bit conversions
+  on 64-bit systems.
+
+Major changes - installation pathnames
+--------------------------------------
+
+[Incompat 20140625] For compliance with file system policies, some
+non-executable files have been moved from $daemon_directory to the
+directory specified with the new meta_directory configuration
+parameter which has the same default value as the config_directory
+parameter. This change affects non-executable files that are shared
+between multiple Postfix instances such as postfix-files, dynamicmaps.cf,
+and multi-instance template files.
+
+For backwards compatibility with Postfix 2.6 .. 2.11, specify
+"meta_directory = $daemon_directory" in main.cf before installing
+or upgrading Postfix, or specify "meta_directory = /path/name" on
+the "make makefiles", "make install" or "make upgrade" command line.
+
+Major changes - milter
+----------------------
+
+[Feature 20140928] Support for per-Milter settings that override
+main.cf parameters.  For details see the section "Advanced policy
+client configuration" in the SMTPD_POLICY_README document.
+
+Here is an example that uses both old and new syntax:
+
+    smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
+        inet:127.0.0.1:port2, ...
+
+The supported attribute names are: command_timeout, connect_timeout,
+content_timeout, default_action, and protocol. These have the same
+names as the corresponding main.cf parameters, without the "milter_"
+prefix.
+
+The per-milter settings are specified as attribute=value pairs
+separated by comma or space; specify { name = value } to allow
+spaces around the "=" or within an attribute value.
+
+[Feature 20141018] DMARC compatibility: when a Milter inserts a
+header ABOVE Postfix's own Received: header, Postfix no longer
+exposes its own Received: header to Milters (violating protocol)
+and Postfix no longer hides the Milter-inserted header from Milters
+(wtf).
+
+Major changes - parameter syntax
+--------------------------------
+
+[Feature 20140921] In preparation for configurable mail headers and
+logging, new main.cf support for if-then-else expressions:
+
+    ${name?{text1}:{text2}}
+
+and for logical expressions: 
+
+    ${{text1}=={text2}?{text3}:{text4}}
+    ${{text1}!={text2}?{text3}:{text4}}
+
+Whitespace before and after {text} is ignored. This can help to
+make complex expressions more readable.  See the postconf(5) manpage
+for further details.
+
+[Feature 20140928] Support for whitespace in daemon command-line
+arguments. For details, see the "Command name + arguments" section
+in the master(5) manpage.  Example:
+
+    smtpd -o { parameter = value containing whitespace } ...
+
+The { ... } form is also available for non-option command-line
+arguments in master.cf, for example:
+
+    pipe ... argv=command { argument containing whitespace } ...
+
+In both cases, whitespace immediately after "{" and before "}"
+is ignored.
+
+[Feature 20141005] Postfix import_environment and export_environment
+now allow "{ name=value }" to protect whitespace in attribute values.
+
+[Feature 20141006] The new message_drop_header parameter replaces
+a hard-coded table that specifies what message headers the cleanup
+daemon will remove.  The list of supported header names covers RFC
+5321, 5322, MIME RFCs, and some historical names.
+
+Major changes - pipe daemon
+---------------------------
+
+[Incompat 20140618] The pipe(8) delivery agent will now log a limited
+amount of command output upon successful delivery, and will report
+that output in "SUCCESS" delivery status reports. This is another
+good reason to disable inbound DSN requests at the Internet perimeter.
+
+Major changes - policy client
+-----------------------------
+
+[Feature 20140703] This release introduces three new configuration
+parameters that control error recovery for failed SMTPD policy
+requests.
+
+  * smtpd_policy_service_default_action (default: 451 4.3.5 Server
+    configuration problem): The default action when an SMTPD policy
+    service request fails.
+
+  * smtpd_policy_service_try_limit (default: 2): The maximal number
+    of attempts to send an SMTPD policy service request before
+    giving up. This must be a number greater than zero.
+
+  * smtpd_policy_service_retry_delay (default: 1s): The delay between
+    attempts to resend a failed SMTPD policy service request. This
+    must be a number greater than zero.
+
+See postconf(5) for details and limitations.
+
+[Feature 20140928] Support for per-policy service settings that
+override main.cf parameters.  For details see the section "Different
+settings for different Milter applications" in the MILTER_README
+document.
+
+Here is an example that uses both old and new syntax:
+
+smtpd_recipient_restrictions = ...
+    check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO }
+    check_policy_service inet:127.0.0.1:port4
+    ...
+
+The per-policy service settings are specified as attribute=value pairs
+separated by comma or space; specify { name = value } to allow
+spaces around the "=" or within an attribute value.
+
+The supported attribute names are: default_action, max_idle, max_ttl,
+request_limit, retry_delay, timeout, try_limit. These have the same
+names as the corresponding main.cf parameters, without the
+"smtpd_policy_service_" prefix.
+
+[Feature 20140505] A client port attribute was added to the policy
+delegation protocol.
+
+[Feature 20140630] New smtpd_policy_service_request_limit feature to
+limit the number of requests per Postfix SMTP server policy connection.
+This is a workaround to avoid error-recovery delays with policy
+servers that cannot maintain a persistent connection.
+
+Major changes - position-independent executables
+------------------------------------------------
+
+[Feature 20150205] Preliminary support for building position-independent
+executables (PIE), tested on Fedora Core 20, Ubuntu 14.04, FreeBSD
+9 and 10, and NetBSD 6. Specify:
+
+$ make makefiles pie=yes ...other arguments...
+
+On some systems, PIE is used by the ASLR exploit mitigation technique
+(ASLR = Address-Space Layout Randomization). Whether specifying
+"pie=yes" has any effect at all depends on the compiler.  Reportedly,
+some compilers always produce PIE executables.
+
+Major changes - postscreen
+--------------------------
+
+[Feature 20140501] Configurable time limit (postscreen_dnsbl_timeout)
+for DNSBL or DNSWL lookups. This is separate from the timeouts in
+the dnsblog(8) daemon which are controlled by system resolver(3)
+routines.
+
+Major changes - session fingerprint
+-----------------------------------
+
+[Feature 20140801] The Postfix SMTP server now logs at the end of
+a session how many times an SMTP command was successfully invoked,
+followed by the total number of invocations if some invocations
+were unsuccessful.
+
+This logging will enough to diagnose many problems without using
+verbose logging or network sniffer.
+
+    Normal session, no TLS:
+        disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
+
+    Normal session. with TLS:
+        disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
+
+    All recipients rejected, no ESMTP command pipelining:
+        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
+
+    All recipients rejected, with ESMTP command pipelining:
+        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
+
+    Password guessing bot, hangs up without QUIT:
+        disconnect from name[addr] ehlo=1 auth=0/1
+
+    Mis-configured client trying to use TLS wrappermode on port 587:
+        disconnect from name[addr] unknown=0/1
+
+Logfile analyzers can trigger on the presence of "/". It indicates
+that Postfix rejected at least one command.
+
+[Feature 20150118] As a late addition, the SMTP server now also
+logs the total number of commands (as "commands=x/y") even when the
+client did not send any commands. This helps logfile analyzers to
+recognize sessions without commands.
+
+Major changes - smtp client
+---------------------------
+
+[Feature 20141227] The new smtp_address_verify_target parameter
+(default: rcpt) determines what protocol stage decides if a recipient
+is valid. Specify "data" for servers that reject recipients after
+the DATA command.
+
+Major changes - smtputf8
+------------------------
+
+[Incompat 20141001] The default settings have changed for
+append_dot_mydomain (new: no, old: yes), master.cf chroot (new:
+n, old: y), and smtputf8 (new: yes, old: no).
+
+[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
+start/stop) is required. Several Postfix-internal protocols have
+been extended to support SMTPUTF8. Failure to reload or restart
+will result in mail staying queued, while Postfix daemons log
+warning messages about unexpected attributes.
+
+[Feature 20140715] Support for Email Address Internationalization
+(EAI) as defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP
+sender addresses, recipient addresses, and message header values.
+The implementation is based on initial work by Arnt Gulbrandsen
+that was funded by CNNIC.
+
+See SMTPUTF8_README for a description of Postfix SMTPUTF8 support.
+
+[Feature 20150112] UTF-8 Casefolding support for Postfix lookup
+tables and matchlists (mydestination, relay_domains, etc.).  This
+is enabled only with "smtpuf8 = yes".
+
+[Feature 20150112] With smtputf8_enable=yes, SMTP commands with
+UTF-8 syntax errors are rejected, table lookup results with invalid
+UTF-8 syntax are handled as configuration errors, and UTF-8 syntax
+errors in policy server replies result in execution of the policy
+server's default action.
+
+Major changes - tls support
+---------------------------
+
+(see "Major changes - delivery status notifications" above for
+turning 4XX soft errors into 5XX bounces when a remote SMTP server
+does not offer STARTTLS support).
+
+[Feature 20140209] the Postfix SMTP client now also falls back to
+plaintext when TLS fails AFTER the TLS protocol handshake.
+
+[Feature 20140218] The Postfix SMTP client now requires that a queue
+file is older than $minimal_backoff_time, before falling back from
+failed TLS to plaintext (both during or after the TLS handshake).
+
+[Feature 20141021] Per IETF TLS WG consensus, the tls_session_ticket_cipher
+default setting was changed from aes-128-cbc to aes-256-cbc.
+
+[Feature 20150116] TLS wrappermode support in the Postfix smtp(8)
+client (new smtp_tls_wrappermode parameter) and in posttls-finger(1)
+(new -w option). There still is life in that deprecated protocol,
+and people should not have to jump hoops with stunnel.
diff -Nru postfix-3.0.4/src/anvil/anvil.c postfix-3.1.0/src/anvil/anvil.c
--- postfix-3.0.4/src/anvil/anvil.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/anvil/anvil.c	2016-02-14 01:27:50.000000000 +0000
@@ -130,6 +130,25 @@
 /*	    \fBstatus=0\fR
 /*	    \fBrate=\fInumber\fR
 /* .fi
+/* AUTH RATE CONTROL
+/* .ad
+/* .fi
+/*	To register an AUTH request send the following request
+/*	to the \fBanvil\fR(8) server:
+/*
+/* .nf
+/*	    \fBrequest=auth\fR
+/*	    \fBident=\fIstring\fR
+/* .fi
+/*
+/*	The \fBanvil\fR(8) server answers with the number of auth
+/*	requests per unit time for the (service, client) combination
+/*	specified with \fBident\fR:
+/*
+/* .nf
+/*	    \fBstatus=0\fR
+/*	    \fBrate=\fInumber\fR
+/* .fi
 /* SECURITY
 /* .ad
 /* .fi
@@ -237,6 +256,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -288,6 +312,7 @@
     int     mail;			/* message rate */
     int     rcpt;			/* recipient rate */
     int     ntls;			/* new TLS session rate */
+    int     auth;			/* AUTH request rate */
     time_t  start;			/* time of first rate sample */
 } ANVIL_REMOTE;
 
@@ -318,6 +343,7 @@
 	(remote)->mail = 0; \
 	(remote)->rcpt = 0; \
 	(remote)->ntls = 0; \
+	(remote)->auth = 0; \
 	(remote)->start = event_time(); \
     } while(0)
 
@@ -337,6 +363,7 @@
 	(remote)->mail = 0; \
 	(remote)->rcpt = 0; \
 	(remote)->ntls = 0; \
+	(remote)->auth = 0; \
 	(remote)->start = _start; \
     } while(0)
 
@@ -365,6 +392,8 @@
 
 #define ANVIL_REMOTE_INCR_NTLS(remote)	ANVIL_REMOTE_INCR_RATE((remote), ntls)
 
+#define ANVIL_REMOTE_INCR_AUTH(remote)	ANVIL_REMOTE_INCR_RATE((remote), auth)
+
 /* Drop connection from (service, client) state. */
 
 #define ANVIL_REMOTE_DROP_ONE(remote) \
@@ -441,6 +470,7 @@
 static ANVIL_MAX max_mail_rate;		/* peak message rate */
 static ANVIL_MAX max_rcpt_rate;		/* peak recipient rate */
 static ANVIL_MAX max_ntls_rate;		/* peak new TLS session rate */
+static ANVIL_MAX max_auth_rate;		/* peak AUTH request rate */
 
 static int max_cache_size;		/* peak cache size */
 static time_t max_cache_time;		/* time of peak size */
@@ -531,6 +561,7 @@
 			 SEND_ATTR_INT(ANVIL_ATTR_MAIL, 0),
 			 SEND_ATTR_INT(ANVIL_ATTR_RCPT, 0),
 			 SEND_ATTR_INT(ANVIL_ATTR_NTLS, 0),
+			 SEND_ATTR_INT(ANVIL_ATTR_AUTH, 0),
 			 ATTR_TYPE_END);
     } else {
 
@@ -547,6 +578,7 @@
 			 SEND_ATTR_INT(ANVIL_ATTR_MAIL, anvil_remote->mail),
 			 SEND_ATTR_INT(ANVIL_ATTR_RCPT, anvil_remote->rcpt),
 			 SEND_ATTR_INT(ANVIL_ATTR_NTLS, anvil_remote->ntls),
+			 SEND_ATTR_INT(ANVIL_ATTR_AUTH, anvil_remote->auth),
 			 ATTR_TYPE_END);
     }
 }
@@ -689,6 +721,35 @@
 	ANVIL_MAX_UPDATE(max_rcpt_rate, anvil_remote->rcpt, anvil_remote->ident);
 }
 
+/* anvil_remote_auth - register auth request event */
+
+static void anvil_remote_auth(VSTREAM *client_stream, const char *ident)
+{
+    ANVIL_REMOTE *anvil_remote;
+
+    /*
+     * Be prepared for "postfix reload" after "connect".
+     */
+    if ((anvil_remote =
+	 (ANVIL_REMOTE *) htable_find(anvil_remote_map, ident)) == 0)
+	anvil_remote = anvil_remote_conn_update(client_stream, ident);
+
+    /*
+     * Update recipient address rate and respond to local server.
+     */
+    ANVIL_REMOTE_INCR_AUTH(anvil_remote);
+    attr_print_plain(client_stream, ATTR_FLAG_NONE,
+		     SEND_ATTR_INT(ANVIL_ATTR_STATUS, ANVIL_STAT_OK),
+		     SEND_ATTR_INT(ANVIL_ATTR_RATE, anvil_remote->auth),
+		     ATTR_TYPE_END);
+
+    /*
+     * Update peak statistics.
+     */
+    if (anvil_remote->auth > max_auth_rate.value)
+	ANVIL_MAX_UPDATE(max_auth_rate, anvil_remote->auth, anvil_remote->ident);
+}
+
 /* anvil_remote_newtls - register newtls event */
 
 static void anvil_remote_newtls(VSTREAM *client_stream, const char *ident)
@@ -826,6 +887,7 @@
     ANVIL_MAX_RATE_REPORT(max_mail_rate, "message");
     ANVIL_MAX_RATE_REPORT(max_rcpt_rate, "recipient");
     ANVIL_MAX_RATE_REPORT(max_ntls_rate, "newtls");
+    ANVIL_MAX_RATE_REPORT(max_auth_rate, "auth");
 
     if (max_cache_size > 0) {
 	msg_info("statistics: max cache size %d at %.15s",
@@ -855,6 +917,7 @@
 	ANVIL_REQ_NTLS, anvil_remote_newtls,
 	ANVIL_REQ_DISC, anvil_remote_disconnect,
 	ANVIL_REQ_NTLS_STAT, anvil_remote_newtls_stat,
+	ANVIL_REQ_AUTH, anvil_remote_auth,
 	ANVIL_REQ_LOOKUP, anvil_remote_lookup,
 	0, 0,
     };
diff -Nru postfix-3.0.4/src/anvil/.indent.pro postfix-3.1.0/src/anvil/.indent.pro
--- postfix-3.0.4/src/anvil/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/anvil/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/bounce/bounce.c postfix-3.1.0/src/bounce/bounce.c
--- postfix-3.0.4/src/bounce/bounce.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/bounce/bounce.c	2016-02-14 01:28:04.000000000 +0000
@@ -139,6 +139,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/bounce/.indent.pro postfix-3.1.0/src/bounce/.indent.pro
--- postfix-3.0.4/src/bounce/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/bounce/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/cleanup/cleanup.c postfix-3.1.0/src/cleanup/cleanup.c
--- postfix-3.0.4/src/cleanup/cleanup.c	2015-10-04 12:13:28.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup.c	2016-01-24 00:55:41.000000000 +0000
@@ -189,6 +189,12 @@
 /* .IP "\fBmilter_header_checks (empty)\fR"
 /*	Optional lookup tables for content inspection of message headers
 /*	that are produced by Milter applications.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBmilter_macro_defaults (empty)\fR"
+/*	Optional list of \fIname=value\fR pairs that specify default
+/*	values for arbitrary macros that Postfix may send to Milter
+/*	applications.
 /* MIME PROCESSING CONTROLS
 /* .ad
 /* .fi
@@ -413,6 +419,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -512,7 +523,7 @@
      */
     if (CLEANUP_OUT_OK(state) == 0 && type > 0) {
 	while (type != REC_TYPE_END
-	       && (type = rec_get(src, buf, 0)) > 0) {
+	       && (type = rec_get_raw(src, buf, 0, REC_FLAG_NONE)) > 0) {
 	    if (type == REC_TYPE_MILT_COUNT) {
 		int     milter_count = atoi(vstring_str(buf));
 
diff -Nru postfix-3.0.4/src/cleanup/cleanup_envelope.c postfix-3.1.0/src/cleanup/cleanup_envelope.c
--- postfix-3.0.4/src/cleanup/cleanup_envelope.c	2014-07-13 21:44:19.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup_envelope.c	2015-12-27 21:30:56.000000000 +0000
@@ -68,6 +68,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Application-specific. */
 
@@ -488,6 +489,16 @@
 		return;
 	    }
 	}
+	if (strcmp(attr_name, MAIL_ATTR_TRACE_FLAGS) == 0) {
+	    if (!alldig(attr_value)) {
+		msg_warn("%s: message rejected: bad TFLAG record <%.200s>",
+			 state->queue_id, buf);
+		state->errs |= CLEANUP_STAT_BAD;
+		return;
+	    }
+	    if (state->tflags == 0)
+		state->tflags = DEL_REQ_TRACE_FLAGS(atoi(attr_value));
+	}
 	nvtable_update(state->attr, attr_name, attr_value);
 	cleanup_out(state, type, buf, len);
 	return;
diff -Nru postfix-3.0.4/src/cleanup/cleanup.h postfix-3.1.0/src/cleanup/cleanup.h
--- postfix-3.0.4/src/cleanup/cleanup.h	2014-11-19 19:39:48.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup.h	2015-12-27 21:30:56.000000000 +0000
@@ -64,6 +64,7 @@
     ARGV   *auto_hdrs;			/* MTA's own header(s) */
     ARGV   *hbc_rcpt;			/* header/body checks BCC addresses */
     int     flags;			/* processing options, status flags */
+    int     tflags;			/* User- or MTA-requested tracing */
     int     qmgr_opts;			/* qmgr processing options */
     int     errs;			/* any badness experienced */
     int     err_mask;			/* allowed badness */
diff -Nru postfix-3.0.4/src/cleanup/cleanup_init.c postfix-3.1.0/src/cleanup/cleanup_init.c
--- postfix-3.0.4/src/cleanup/cleanup_init.c	2015-01-17 23:34:37.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup_init.c	2016-01-24 00:44:28.000000000 +0000
@@ -71,6 +71,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -162,6 +167,7 @@
 char   *var_milt_unk_macros;		/* unknown command macros */
 char   *var_cleanup_milters;		/* non-SMTP mail */
 char   *var_milt_head_checks;		/* post-Milter header checks */
+char   *var_milt_macro_deflts;		/* default macro settings */
 int     var_auto_8bit_enc_hdr;		/* auto-detect 8bit encoding header */
 int     var_always_add_hdrs;		/* always add missing headers */
 int     var_virt_addrlen_limit;		/* stop exponential growth */
@@ -231,6 +237,7 @@
     VAR_MILT_UNK_MACROS, DEF_MILT_UNK_MACROS, &var_milt_unk_macros, 0, 0,
     VAR_CLEANUP_MILTERS, DEF_CLEANUP_MILTERS, &var_cleanup_milters, 0, 0,
     VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0,
+    VAR_MILT_MACRO_DEFLTS, DEF_MILT_MACRO_DEFLTS, &var_milt_macro_deflts, 0, 0,
     0,
 };
 
@@ -410,7 +417,8 @@
 					var_milt_data_macros,
 					var_milt_eoh_macros,
 					var_milt_eod_macros,
-					var_milt_unk_macros);
+					var_milt_unk_macros,
+					var_milt_macro_deflts);
 
     flush_init();
 }
diff -Nru postfix-3.0.4/src/cleanup/cleanup_message.c postfix-3.1.0/src/cleanup/cleanup_message.c
--- postfix-3.0.4/src/cleanup/cleanup_message.c	2015-10-04 22:29:37.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup_message.c	2015-10-04 22:29:28.000000000 +0000
@@ -390,12 +390,18 @@
 		msg_warn("bad PREPEND header text \"%s\" in %s map -- "
 			 "need \"headername: headervalue\"",
 			 optional_text, map_class);
-	    } else {
+	    }
+
+	    /*
+	     * By design, cleanup_out_header() may modify content. Play safe
+	     * and prepare for future developments.
+	     */
+	    else {
 		VSTRING *temp;
 
 		cleanup_act_log(state, "prepend", context, buf, optional_text);
 		temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
-                                                    optional_text);
+						    optional_text);
 		cleanup_out_header(state, temp);
 		vstring_free(temp);
 	    }
diff -Nru postfix-3.0.4/src/cleanup/cleanup_milter.c postfix-3.1.0/src/cleanup/cleanup_milter.c
--- postfix-3.0.4/src/cleanup/cleanup_milter.c	2014-12-12 21:26:09.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup_milter.c	2016-01-24 00:44:54.000000000 +0000
@@ -72,6 +72,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -1802,14 +1807,6 @@
      */
 
     /*
-     * Canonicalize the name.
-     */
-    if (*name != '{') {				/* } */
-	vstring_sprintf(state->temp1, "{%s}", name);
-	name = STR(state->temp1);
-    }
-
-    /*
      * System macros.
      */
     if (strcmp(name, S8_MAC_DAEMON_NAME) == 0)
diff -Nru postfix-3.0.4/src/cleanup/cleanup_out_recipient.c postfix-3.1.0/src/cleanup/cleanup_out_recipient.c
--- postfix-3.0.4/src/cleanup/cleanup_out_recipient.c	2007-05-20 16:29:53.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup_out_recipient.c	2015-12-27 22:30:10.000000000 +0000
@@ -76,6 +76,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 			/* cleanup_trace_path */
 #include 
 #include 
@@ -104,6 +105,20 @@
     }
 }
 
+/* cleanup_verify_append - update verify daemon */
+
+static void cleanup_verify_append(CLEANUP_STATE *state, RECIPIENT *rcpt,
+				          DSN *dsn, int verify_status)
+{
+    MSG_STATS stats;
+
+    if (verify_append(state->queue_id, CLEANUP_MSG_STATS(&stats, state),
+		      rcpt, "none", dsn, verify_status) != 0) {
+	msg_warn("%s: verify service update error", state->queue_id);
+	state->errs |= CLEANUP_STAT_WRITE;
+    }
+}
+
 /* cleanup_out_recipient - envelope recipient output filter */
 
 void    cleanup_out_recipient(CLEANUP_STATE *state,
@@ -193,6 +208,15 @@
      * recipient information, also ignore differences in DSN attributes. We
      * do, however, keep the DSN attributes of the recipient that survives
      * duplicate elimination.
+     * 
+     * In the case of a verify(8) request for a one-to-many alias, declare the
+     * alias address as "deliverable". Do not verify the individual addresses
+     * in the expansion because that results in multiple verify(8) updates
+     * for one verify(8) request.
+     * 
+     * Multiple verify(8) updates for one verify(8) request would overwrite
+     * each other's status, and if the last status update is "undeliverable",
+     * then the whole alias is flagged as undeliverable.
      */
     else {
 	RECIPIENT rcpt;
@@ -200,6 +224,14 @@
 
 	argv = cleanup_map1n_internal(state, recip, cleanup_virt_alias_maps,
 				  cleanup_ext_prop_mask & EXT_PROP_VIRTUAL);
+	if (argv->argc > 1 && (state->tflags & DEL_REQ_FLAG_MTA_VRFY)) {
+	    (void) DSN_SIMPLE(&dsn, "2.0.0", "aliased to multiple recipients");
+	    dsn.action = "deliverable";
+	    RECIPIENT_ASSIGN(&rcpt, 0, dsn_orcpt, dsn_notify, orcpt, recip);
+	    cleanup_verify_append(state, &rcpt, &dsn, DEL_RCPT_STAT_OK);
+	    argv_free(argv);
+	    return;
+	}
 	if ((dsn_notify & DSN_NOTIFY_SUCCESS)
 	    && (argv->argc > 1 || strcmp(recip, argv->argv[0]) != 0)) {
 	    (void) DSN_SIMPLE(&dsn, "2.0.0", "alias expanded");
diff -Nru postfix-3.0.4/src/cleanup/cleanup_state.c postfix-3.1.0/src/cleanup/cleanup_state.c
--- postfix-3.0.4/src/cleanup/cleanup_state.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/cleanup/cleanup_state.c	2015-12-27 21:30:56.000000000 +0000
@@ -81,6 +81,7 @@
     state->auto_hdrs = argv_alloc(1);
     state->hbc_rcpt = 0;
     state->flags = 0;
+    state->tflags = 0;
     state->qmgr_opts = 0;
     state->errs = 0;
     state->err_mask = 0;
diff -Nru postfix-3.0.4/src/cleanup/.indent.pro postfix-3.1.0/src/cleanup/.indent.pro
--- postfix-3.0.4/src/cleanup/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/cleanup/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/cleanup/Makefile.in postfix-3.1.0/src/cleanup/Makefile.in
--- postfix-3.0.4/src/cleanup/Makefile.in	2015-01-28 00:13:12.000000000 +0000
+++ postfix-3.1.0/src/cleanup/Makefile.in	2015-12-27 22:13:26.000000000 +0000
@@ -760,7 +760,9 @@
 cleanup_envelope.o: ../../include/been_here.h
 cleanup_envelope.o: ../../include/check_arg.h
 cleanup_envelope.o: ../../include/cleanup_user.h
+cleanup_envelope.o: ../../include/deliver_request.h
 cleanup_envelope.o: ../../include/dict.h
+cleanup_envelope.o: ../../include/dsn.h
 cleanup_envelope.o: ../../include/dsn_mask.h
 cleanup_envelope.o: ../../include/header_body_checks.h
 cleanup_envelope.o: ../../include/header_opts.h
@@ -775,6 +777,7 @@
 cleanup_envelope.o: ../../include/milter.h
 cleanup_envelope.o: ../../include/mime_state.h
 cleanup_envelope.o: ../../include/msg.h
+cleanup_envelope.o: ../../include/msg_stats.h
 cleanup_envelope.o: ../../include/myflock.h
 cleanup_envelope.o: ../../include/mymalloc.h
 cleanup_envelope.o: ../../include/nvtable.h
@@ -1161,6 +1164,7 @@
 cleanup_out_recipient.o: ../../include/tok822.h
 cleanup_out_recipient.o: ../../include/trace.h
 cleanup_out_recipient.o: ../../include/vbuf.h
+cleanup_out_recipient.o: ../../include/verify.h
 cleanup_out_recipient.o: ../../include/vstream.h
 cleanup_out_recipient.o: ../../include/vstring.h
 cleanup_out_recipient.o: cleanup.h
diff -Nru postfix-3.0.4/src/discard/discard.c postfix-3.1.0/src/discard/discard.c
--- postfix-3.0.4/src/discard/discard.c	2015-01-29 12:16:47.000000000 +0000
+++ postfix-3.1.0/src/discard/discard.c	2016-02-14 01:28:34.000000000 +0000
@@ -99,6 +99,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/discard/.indent.pro postfix-3.1.0/src/discard/.indent.pro
--- postfix-3.0.4/src/discard/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/discard/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/dns/dnsbl_ttl_127.0.0.1_bind_ncache.ref postfix-3.1.0/src/dns/dnsbl_ttl_127.0.0.1_bind_ncache.ref
--- postfix-3.0.4/src/dns/dnsbl_ttl_127.0.0.1_bind_ncache.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/dns/dnsbl_ttl_127.0.0.1_bind_ncache.ref	2015-07-09 20:37:51.000000000 +0000
@@ -0,0 +1,15 @@
+./test_dns_lookup: lookup 1.0.0.127.zen.spamhaus.org type A flags 2097152
+./test_dns_lookup: dns_query: 1.0.0.127.zen.spamhaus.org (A): Host not found
+./test_dns_lookup: dns_get_answer: type SOA for zen.spamhaus.org
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.zen.spamhaus.org type=A: Host not found (rcode=3)
+1.0.0.127.zen.spamhaus.org: fqdn: zen.spamhaus.org
+ad: 0, rr: zen.spamhaus.org. TTL IN SOA - - D D D D D
+./test_dns_lookup: lookup 1.0.0.127.b.barracudacentral.org type A flags 2097152
+./test_dns_lookup: dns_query: 1.0.0.127.b.barracudacentral.org (A): Host not found
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.b.barracudacentral.org type=A: Host not found (rcode=3)
+./test_dns_lookup: lookup 1.0.0.127.bl.spamcop.net type A flags 2097152
+./test_dns_lookup: dns_query: 1.0.0.127.bl.spamcop.net (A): Host not found
+./test_dns_lookup: dns_get_answer: type SOA for bl.spamcop.net
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.bl.spamcop.net type=A: Host not found (rcode=3)
+1.0.0.127.bl.spamcop.net: fqdn: bl.spamcop.net
+ad: 0, rr: bl.spamcop.net. TTL IN SOA - - D D D D D
diff -Nru postfix-3.0.4/src/dns/dnsbl_ttl_127.0.0.1_bind_plain.ref postfix-3.1.0/src/dns/dnsbl_ttl_127.0.0.1_bind_plain.ref
--- postfix-3.0.4/src/dns/dnsbl_ttl_127.0.0.1_bind_plain.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/dns/dnsbl_ttl_127.0.0.1_bind_plain.ref	2015-07-09 18:07:53.000000000 +0000
@@ -0,0 +1,9 @@
+./test_dns_lookup: lookup 1.0.0.127.zen.spamhaus.org type A flags 2097152
+./test_dns_lookup: dns_query: 1.0.0.127.zen.spamhaus.org (A): Host not found
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.zen.spamhaus.org type=A: Host not found (rcode=3)
+./test_dns_lookup: lookup 1.0.0.127.b.barracudacentral.org type A flags 2097152
+./test_dns_lookup: dns_query: 1.0.0.127.b.barracudacentral.org (A): Host not found
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.b.barracudacentral.org type=A: Host not found (rcode=3)
+./test_dns_lookup: lookup 1.0.0.127.bl.spamcop.net type A flags 2097152
+./test_dns_lookup: dns_query: 1.0.0.127.bl.spamcop.net (A): Host not found
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.bl.spamcop.net type=A: Host not found (rcode=3)
diff -Nru postfix-3.0.4/src/dns/dnsbl_ttl_127.0.0.2_bind_plain.ref postfix-3.1.0/src/dns/dnsbl_ttl_127.0.0.2_bind_plain.ref
--- postfix-3.0.4/src/dns/dnsbl_ttl_127.0.0.2_bind_plain.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/dns/dnsbl_ttl_127.0.0.2_bind_plain.ref	2015-07-09 20:37:57.000000000 +0000
@@ -0,0 +1,15 @@
+./test_dns_lookup: lookup 2.0.0.127.zen.spamhaus.org type A flags 2097152
+./test_dns_lookup: dns_query: 2.0.0.127.zen.spamhaus.org (A): OK
+./test_dns_lookup: dns_get_answer: type A for 2.0.0.127.zen.spamhaus.org
+2.0.0.127.zen.spamhaus.org: fqdn: 2.0.0.127.zen.spamhaus.org
+ad: 0, rr: 2.0.0.127.zen.spamhaus.org. TTL IN A 127.0.0.D
+./test_dns_lookup: lookup 2.0.0.127.b.barracudacentral.org type A flags 2097152
+./test_dns_lookup: dns_query: 2.0.0.127.b.barracudacentral.org (A): OK
+./test_dns_lookup: dns_get_answer: type A for 2.0.0.127.b.barracudacentral.org
+2.0.0.127.b.barracudacentral.org: fqdn: 2.0.0.127.b.barracudacentral.org
+ad: 0, rr: 2.0.0.127.b.barracudacentral.org. TTL IN A 127.0.0.D
+./test_dns_lookup: lookup 2.0.0.127.bl.spamcop.net type A flags 2097152
+./test_dns_lookup: dns_query: 2.0.0.127.bl.spamcop.net (A): OK
+./test_dns_lookup: dns_get_answer: type A for 2.0.0.127.bl.spamcop.net
+2.0.0.127.bl.spamcop.net: fqdn: 2.0.0.127.bl.spamcop.net
+ad: 0, rr: 2.0.0.127.bl.spamcop.net. TTL IN A 127.0.0.D
diff -Nru postfix-3.0.4/src/dns/dns.h postfix-3.1.0/src/dns/dns.h
--- postfix-3.0.4/src/dns/dns.h	2015-10-10 13:44:53.000000000 +0000
+++ postfix-3.1.0/src/dns/dns.h	2016-02-21 23:06:12.000000000 +0000
@@ -219,15 +219,19 @@
  /*
   * dns_lookup.c
   */
-extern int dns_lookup_r(const char *, unsigned, unsigned, DNS_RR **,
-			        VSTRING *, VSTRING *, int *);
+extern int dns_lookup_x(const char *, unsigned, unsigned, DNS_RR **,
+			        VSTRING *, VSTRING *, int *, unsigned);
 extern int dns_lookup_rl(const char *, unsigned, DNS_RR **, VSTRING *,
 			         VSTRING *, int *, int,...);
 extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *,
 			         VSTRING *, int *, int, unsigned *);
 
 #define dns_lookup(name, type, rflags, list, fqdn, why) \
-    dns_lookup_r((name), (type), (rflags), (list), (fqdn), (why), (int *) 0)
+    dns_lookup_x((name), (type), (rflags), (list), (fqdn), (why), (int *) 0, \
+	(unsigned) 0)
+#define dns_lookup_r(name, type, rflags, list, fqdn, why, rcode) \
+    dns_lookup_x((name), (type), (rflags), (list), (fqdn), (why), (rcode), \
+	(unsigned) 0)
 #define dns_lookup_l(name, rflags, list, fqdn, why, lflags, ...) \
     dns_lookup_rl((name), (rflags), (list), (fqdn), (why), (int *) 0, \
 	(lflags), __VA_ARGS__)
@@ -242,6 +246,7 @@
 #define DNS_REQ_FLAG_STOP_INVAL	(1<<1)
 #define DNS_REQ_FLAG_STOP_NULLMX (1<<2)
 #define DNS_REQ_FLAG_STOP_MX_POLICY (1<<3)
+#define DNS_REQ_FLAG_NCACHE_TTL	(1<<4)
 #define DNS_REQ_FLAG_NONE	(0)
 
  /*
diff -Nru postfix-3.0.4/src/dns/dns_lookup.c postfix-3.1.0/src/dns/dns_lookup.c
--- postfix-3.0.4/src/dns/dns_lookup.c	2015-10-03 21:01:51.000000000 +0000
+++ postfix-3.1.0/src/dns/dns_lookup.c	2015-07-12 14:10:57.000000000 +0000
@@ -32,6 +32,8 @@
 /*	int	lflags;
 /*	unsigned *ltype;
 /* AUXILIARY FUNCTIONS
+/*	extern int var_dns_ncache_ttl_fix;
+/*
 /*	int	dns_lookup_r(name, type, rflags, list, fqdn, why, rcode)
 /*	const char *name;
 /*	unsigned type;
@@ -62,6 +64,16 @@
 /*	int	*rcode;
 /*	int	lflags;
 /*	unsigned *ltype;
+/*
+/*	int	dns_lookup_x(name, type, rflags, list, fqdn, why, rcode, lflags)
+/*	const char *name;
+/*	unsigned type;
+/*	unsigned rflags;
+/*	DNS_RR	**list;
+/*	VSTRING *fqdn;
+/*	VSTRING *why;
+/*	int	*rcode;
+/*	unsigned lflags;
 /* DESCRIPTION
 /*	dns_lookup() looks up DNS resource records. When requested to
 /*	look up data other than type CNAME, it will follow a limited
@@ -74,8 +86,14 @@
 /*	dns_lookup_l() and dns_lookup_v() allow the user to specify
 /*	a list of resource types.
 /*
-/*	dns_lookup_r(), dns_lookup_rl() and dns_lookup_rv() provide
-/*	additional information.
+/*	dns_lookup_x, dns_lookup_r(), dns_lookup_rl() and dns_lookup_rv()
+/*	accept or return additional information.
+/*
+/*	The var_dns_ncache_ttl_fix variable controls a workaround
+/*	for res_search(3) implementations that break the
+/*	DNS_REQ_FLAG_NCACHE_TTL feature. The workaround does not
+/*	support EDNS0 or DNSSEC, but it should be sufficient for
+/*	DNSBL/DNSWL lookups.
 /* INPUTS
 /* .ad
 /* .fi
@@ -100,25 +118,33 @@
 /*	implement DNSSEC.
 /* .RE
 /* .IP lflags
-/*	Multi-type request control for dns_lookup_l() and dns_lookup_v().
-/*	For convenience, DNS_REQ_FLAG_NONE requests no special
-/*	processing. Invoke dns_lookup() for all specified resource
-/*	record types in the specified order, and merge their results.
+/*	Flags that control the operation of the dns_lookup*()
+/*	functions.  DNS_REQ_FLAG_NONE requests no special processing.
 /*	Otherwise, specify one or more of the following:
 /* .RS
 /* .IP DNS_REQ_FLAG_STOP_INVAL
+/*	This flag is used by dns_lookup_l() and dns_lookup_v().
 /*	Invoke dns_lookup() for the resource types in the order as
 /*	specified, and return when dns_lookup() returns DNS_INVAL.
 /* .IP DNS_REQ_FLAG_STOP_NULLMX
+/*	This flag is used by dns_lookup_l() and dns_lookup_v().
 /*	Invoke dns_lookup() for the resource types in the order as
 /*	specified, and return when dns_lookup() returns DNS_NULLMX.
 /* .IP DNS_REQ_FLAG_STOP_MX_POLICY
+/*	This flag is used by dns_lookup_l() and dns_lookup_v().
 /*	Invoke dns_lookup() for the resource types in the order as
 /*	specified, and return when dns_lookup() returns DNS_POLICY
 /*	for an MX query.
 /* .IP DNS_REQ_FLAG_STOP_OK
+/*	This flag is used by dns_lookup_l() and dns_lookup_v().
 /*	Invoke dns_lookup() for the resource types in the order as
 /*	specified, and return when dns_lookup() returns DNS_OK.
+/* .IP DNS_REQ_FLAG_NCACHE_TTL
+/*	When the lookup result status is DNS_NOTFOUND, return the
+/*	SOA record(s) from the authority section in the reply, if
+/*	available. The per-record reply TTL specifies how long the
+/*	DNS_NOTFOUND answer is valid. The caller should pass the
+/*	record(s) to dns_rr_free().
 /* .RE
 /* .IP ltype
 /*	The resource record types to be looked up. In the case of
@@ -186,6 +212,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -203,6 +234,10 @@
 #include 
 #include 
 
+/* Global library. */
+
+#include 
+
 /* DNS library. */
 
 #define LIBDNS_INTERNAL
@@ -215,6 +250,7 @@
   */
 #define DEF_DNS_REPLY_SIZE	4096	/* in case we're using TCP */
 #define MAX_DNS_REPLY_SIZE	65536	/* in case we're using TCP */
+#define MAX_DNS_QUERY_SIZE	2048	/* XXX */
 
 typedef struct DNS_REPLY {
     unsigned char *buf;			/* raw reply data */
@@ -223,22 +259,162 @@
     int     dnssec_ad;			/* DNSSEC AD bit */
     int     query_count;		/* number of queries */
     int     answer_count;		/* number of answers */
+    int     auth_count;			/* number of authority records */
     unsigned char *query_start;		/* start of query data */
     unsigned char *answer_start;	/* start of answer data */
     unsigned char *end;			/* first byte past reply */
 } DNS_REPLY;
 
+ /*
+  * Test/set primitives to determine if the reply buffer contains a server
+  * response. We use this when the caller requests DNS_REQ_FLAG_NCACHE_TTL,
+  * and the DNS server replies that the requested record does not exist.
+  */
+#define TEST_HAVE_DNS_REPLY_PACKET(r)	((r)->end > (r)->buf)
+#define SET_HAVE_DNS_REPLY_PACKET(r, l)	((r)->end = (r)->buf + (l))
+#define SET_NO_DNS_REPLY_PACKET(r)	((r)->end = (r)->buf)
+
 #define INET_ADDR_LEN	4		/* XXX */
 #define INET6_ADDR_LEN	16		/* XXX */
 
+ /*
+  * To improve postscreen's whitelisting support, we need to know how long a
+  * DNSBL "not found" answer is valid. The 2010 implementation assumed it was
+  * valid for 3600 seconds. That is too long by 2015 standards.
+  * 
+  * Instead of guessing, Postfix 3.1 and later implement RFC 2308 (DNS NCACHE),
+  * where a DNS server provides the TTL of a "not found" response as the TTL
+  * of an SOA record in the authority section.
+  * 
+  * Unfortunately, the res_search() and res_query() API gets in the way. These
+  * functions overload their result value, the server reply length, and
+  * return -1 when the requested record does not exist. With libbind-based
+  * implementations, the server response is still available in an application
+  * buffer, thanks to the promise that res_query() and res_search() invoke
+  * res_send(), which returns the full server response even if the requested
+  * record does not exist.
+  * 
+  * If this promise is broken (for example, res_search() does not call
+  * res_send(), but some non-libbind implementation that updates the
+  * application buffer only when the requested record exists), then we have a
+  * way out by setting the var_dns_ncache_ttl_fix variable. This enables a
+  * limited res_query() clone that should be sufficient for DNSBL / DNSWL
+  * lookups.
+  * 
+  * The libunbound API does not comingle the reply length and reply status
+  * information, but that will have to wait until it is safe to make
+  * libunbound a mandatory dependency for Postfix.
+  */
+
+/* dns_res_query - a res_query() clone that can return negative replies */
+
+static int dns_res_query(const char *name, int class, int type,
+			         unsigned char *answer, int anslen)
+{
+    unsigned char msg_buf[MAX_DNS_QUERY_SIZE];
+    HEADER *reply_header = (HEADER *) answer;
+    int     len;
+
+    /*
+     * Differences with res_query() from libbind:
+     * 
+     * - This function returns a positive server reply length not only in case
+     * of success, but in all cases where a server reply is available that
+     * passes the preliminary checks in res_send().
+     * 
+     * - This function clears h_errno in case of success. The caller must use
+     * h_errno instead of the return value to decide if the lookup was
+     * successful.
+     * 
+     * - No support for EDNS0 and DNSSEC (including turning off EDNS0 after
+     * error). That should be sufficient for DNS reputation lookups where the
+     * reply contains a small number of IP addresses.  TXT records are out of
+     * scope for this workaround.
+     */
+    reply_header->rcode = NOERROR;
+
+#define NO_MKQUERY_DATA_BUF     ((unsigned char *) 0)
+#define NO_MKQUERY_DATA_LEN     ((int) 0)
+#define NO_MKQUERY_NEWRR        ((unsigned char *) 0)
+
+    if ((len = res_mkquery(QUERY, name, class, type, NO_MKQUERY_DATA_BUF,
+			   NO_MKQUERY_DATA_LEN, NO_MKQUERY_NEWRR,
+			   msg_buf, sizeof(msg_buf))) < 0) {
+	SET_H_ERRNO(NO_RECOVERY);
+	if (msg_verbose)
+	    msg_info("res_mkquery() failed");
+	return (len);
+    } else if ((len = res_send(msg_buf, len, answer, anslen)) < 0) {
+	SET_H_ERRNO(TRY_AGAIN);
+	if (msg_verbose)
+	    msg_info("res_send() failed");
+	return (len);
+    } else {
+	switch (reply_header->rcode) {
+	case NXDOMAIN:
+	    SET_H_ERRNO(HOST_NOT_FOUND);
+	    break;
+	case NOERROR:
+	    if (reply_header->ancount != 0)
+		SET_H_ERRNO(0);
+	    else
+		SET_H_ERRNO(NO_DATA);
+	    break;
+	case SERVFAIL:
+	    SET_H_ERRNO(TRY_AGAIN);
+	    break;
+	default:
+	    SET_H_ERRNO(NO_RECOVERY);
+	    break;
+	}
+	return (len);
+    }
+}
+
+/* dns_res_search - res_search() that can return negative replies */
+
+static int dns_res_search(const char *name, int class, int type,
+	               unsigned char *answer, int anslen, int keep_notfound)
+{
+    int     len;
+
+    /*
+     * Differences with res_search() from libbind:
+     * 
+     * - With a non-zero keep_notfound argument, this function returns a
+     * positive server reply length not only in case of success, but also in
+     * case of a "notfound" reply status. The keep_notfound argument is
+     * usually zero, which allows us to avoid an unnecessary memset() call in
+     * the most common use case.
+     * 
+     * - This function clears h_errno in case of success. The caller must use
+     * h_errno instead of the return value to decide if a lookup was
+     * successful.
+     */
+#define NOT_FOUND_H_ERRNO(he) ((he) == HOST_NOT_FOUND || (he) == NO_DATA)
+
+    if (keep_notfound)
+	/* Prepare for returning a null-padded server reply. */
+	memset(answer, 0, anslen);
+    len = res_query(name, class, type, answer, anslen);
+    if (len > 0) {
+	SET_H_ERRNO(0);
+    } else if (keep_notfound && NOT_FOUND_H_ERRNO(h_errno)) {
+	/* Expect to return a null-padded server reply. */
+	len = anslen;
+    }
+    return (len);
+}
+
 /* dns_query - query name server and pre-parse the reply */
 
-static int dns_query(const char *name, int type, int flags,
-		             DNS_REPLY *reply, VSTRING *why)
+static int dns_query(const char *name, int type, unsigned flags,
+		             DNS_REPLY *reply, VSTRING *why, unsigned lflags)
 {
     HEADER *reply_header;
     int     len;
     unsigned long saved_options;
+    int     keep_notfound = (lflags & DNS_REQ_FLAG_NCACHE_TTL);
 
     /*
      * Initialize the reply buffer.
@@ -289,12 +465,18 @@
     for (;;) {
 	_res.options &= ~saved_options;
 	_res.options |= flags;
-	len = res_search((char *) name, C_IN, type, reply->buf, reply->buf_len);
+	if (keep_notfound && var_dns_ncache_ttl_fix) {
+	    len = dns_res_query((char *) name, C_IN, type, reply->buf,
+				reply->buf_len);
+	} else {
+	    len = dns_res_search((char *) name, C_IN, type, reply->buf,
+				 reply->buf_len, keep_notfound);
+	}
 	_res.options &= ~flags;
 	_res.options |= saved_options;
 	reply_header = (HEADER *) reply->buf;
 	reply->rcode = reply_header->rcode;
-	if (len < 0) {
+	if (h_errno != 0) {
 	    if (why)
 		vstring_sprintf(why, "Host or domain name not found. "
 				"Name service error for name=%s type=%s: %s",
@@ -307,13 +489,17 @@
 		return (DNS_FAIL);
 	    case HOST_NOT_FOUND:
 	    case NO_DATA:
+		if (keep_notfound)
+		    break;
+		SET_NO_DNS_REPLY_PACKET(reply);
 		return (DNS_NOTFOUND);
 	    default:
 		return (DNS_RETRY);
 	    }
+	} else {
+	    if (msg_verbose)
+		msg_info("dns_query: %s (%s): OK", name, dns_strtype(type));
 	}
-	if (msg_verbose)
-	    msg_info("dns_query: %s (%s): OK", name, dns_strtype(type));
 
 	if (reply_header->tc == 0 || reply->buf_len >= MAX_DNS_REPLY_SIZE)
 	    break;
@@ -323,6 +509,14 @@
     }
 
     /*
+     * Future proofing. If this reaches the panic call, then some code change
+     * introduced a bug.
+     */
+    if (len < 0)
+	msg_panic("dns_query: bad length %d (h_errno=%s)",
+		  len, dns_strerror(h_errno));
+
+    /*
      * Paranoia.
      */
     if (len > reply->buf_len) {
@@ -340,12 +534,28 @@
 #else
     reply->dnssec_ad = 0;
 #endif
-    reply->end = reply->buf + len;
+    SET_HAVE_DNS_REPLY_PACKET(reply, len);
     reply->query_start = reply->buf + sizeof(HEADER);
     reply->answer_start = 0;
     reply->query_count = ntohs(reply_header->qdcount);
     reply->answer_count = ntohs(reply_header->ancount);
-    return (DNS_OK);
+    reply->auth_count = ntohs(reply_header->nscount);
+    if (msg_verbose > 1)
+	msg_info("dns_query: reply len=%d ancount=%d nscount=%d",
+		 len, reply->answer_count, reply->auth_count);
+
+    /*
+     * Future proofing. If this reaches the panic call, then some code change
+     * introduced a bug.
+     */
+    if (h_errno == 0) {
+	return (DNS_OK);
+    } else if (keep_notfound) {
+	return (DNS_NOTFOUND);
+    } else {
+	msg_panic("dns_query: unexpected reply status: %s",
+		  dns_strerror(h_errno));
+    }
 }
 
 /* dns_skip_query - skip query data in name server reply */
@@ -354,7 +564,6 @@
 {
     int     query_count = reply->query_count;
     unsigned char *pos = reply->query_start;
-    char    temp[DNS_NAME_LEN];
     int     len;
 
     /*
@@ -364,7 +573,7 @@
     while (query_count-- > 0) {
 	if (pos >= reply->end)
 	    return DNS_RETRY;
-	len = dn_expand(reply->buf, reply->end, pos, temp, DNS_NAME_LEN);
+	len = dn_skipname(pos, reply->end);
 	if (len < 0)
 	    return (DNS_RETRY);
 	pos += len + QFIXEDSZ;
@@ -441,6 +650,8 @@
 {
     char    temp[DNS_NAME_LEN];
     char   *tempbuf = temp;
+    UINT32_TYPE soa_buf[5];
+    int     comp_len;
     ssize_t data_len;
     unsigned pref = 0;
     unsigned char *src;
@@ -532,6 +743,35 @@
 	data_len = fixed->length;
 	tempbuf = (char *) pos;
 	break;
+
+	/*
+	 * We use the SOA record TTL to determine the negative reply TTL. We
+	 * save the time fields in the SOA record for debugging, but for now
+	 * we don't bother saving the source host and mailbox information, as
+	 * that would require changes to the DNS_RR structure and APIs. See
+	 * also code in dns_strrecord().
+	 */
+    case T_SOA:
+	comp_len = dn_skipname(pos, reply->end);
+	if (comp_len < 0)
+	    return (DNS_RETRY);
+	pos += comp_len;
+	comp_len = dn_skipname(pos, reply->end);
+	if (comp_len < 0)
+	    return (DNS_RETRY);
+	pos += comp_len;
+	if (reply->end - pos < sizeof(soa_buf)) {
+	    msg_warn("extract_answer: bad SOA length: %d", fixed->length);
+	    return (DNS_RETRY);
+	}
+	GETLONG(soa_buf[0], pos);		/* Serial */
+	GETLONG(soa_buf[1], pos);		/* Refresh */
+	GETLONG(soa_buf[2], pos);		/* Retry */
+	GETLONG(soa_buf[3], pos);		/* Expire */
+	GETLONG(soa_buf[4], pos);		/* Ncache TTL */
+	tempbuf = (char *) soa_buf;
+	data_len = sizeof(soa_buf);
+	break;
     }
     *list = dns_rr_create(orig_name, rr_name, fixed->type, fixed->class,
 			  fixed->ttl, pref, tempbuf, data_len);
@@ -576,8 +816,6 @@
 	if ((status = dns_skip_query(reply)) < 0)
 	    return (status);
     pos = reply->answer_start;
-    if (rrlist)
-	*rrlist = 0;
 
     /*
      * Either this, or use a GOTO for emergency exits. The purpose is to
@@ -663,11 +901,11 @@
     return (not_found_status);
 }
 
-/* dns_lookup_r - DNS lookup user interface */
+/* dns_lookup_x - DNS lookup user interface */
 
-int     dns_lookup_r(const char *name, unsigned type, unsigned flags,
+int     dns_lookup_x(const char *name, unsigned type, unsigned flags,
 		             DNS_RR **rrlist, VSTRING *fqdn, VSTRING *why,
-		             int *rcode)
+		             int *rcode, unsigned lflags)
 {
     char    cname[DNS_NAME_LEN];
     int     c_len = sizeof(cname);
@@ -678,6 +916,13 @@
     const char *orig_name = name;
 
     /*
+     * Reset results early. DNS_OK is not the only status that returns
+     * resource records; DNS_NOTFOUND will do that too, if requested.
+     */
+    if (rrlist)
+	*rrlist = 0;
+
+    /*
      * DJBDNS produces a bogus A record when given a numerical hostname.
      */
     if (valid_hostaddr(name, DONT_GRIPE)) {
@@ -685,6 +930,8 @@
 	    vstring_sprintf(why,
 		   "Name service error for %s: invalid host or domain name",
 			    name);
+	if (rcode)
+	    *rcode = NXDOMAIN;
 	SET_H_ERRNO(HOST_NOT_FOUND);
 	return (DNS_NOTFOUND);
     }
@@ -697,6 +944,8 @@
 	    vstring_sprintf(why,
 		   "Name service error for %s: invalid host or domain name",
 			    name);
+	if (rcode)
+	    *rcode = NXDOMAIN;
 	SET_H_ERRNO(HOST_NOT_FOUND);
 	return (DNS_NOTFOUND);
     }
@@ -710,11 +959,25 @@
 	/*
 	 * Perform the DNS lookup, and pre-parse the name server reply.
 	 */
-	status = dns_query(name, type, flags, &reply, why);
+	status = dns_query(name, type, flags, &reply, why, lflags);
 	if (rcode)
 	    *rcode = reply.rcode;
-	if (status != DNS_OK)
+	if (status != DNS_OK) {
+
+	    /*
+	     * If the record does not exist, and we have a copy of the server
+	     * response, try to extract the negative caching TTL for the SOA
+	     * record in the authority section. DO NOT return an error if an
+	     * SOA record is malformed.
+	     */
+	    if (status == DNS_NOTFOUND && TEST_HAVE_DNS_REPLY_PACKET(&reply)
+		&& reply.auth_count > 0) {
+		reply.answer_count = reply.auth_count;	/* XXX TODO: Fix API */
+		(void) dns_get_answer(orig_name, &reply, T_SOA, rrlist, fqdn,
+				      cname, c_len, &maybe_secure);
+	    }
 	    return (status);
+	}
 
 	/*
 	 * Extract resource records of the requested type. Pick up CNAME
@@ -733,10 +996,10 @@
 	    if (why)
 		vstring_sprintf(why, "Domain %s does not accept mail (nullMX)",
 				name);
-	    h_errno = NO_DATA;
+	    SET_H_ERRNO(NO_DATA);
 	    return (status);
 	case DNS_OK:
-	    if (dns_rr_filter_maps) {
+	    if (rrlist && dns_rr_filter_maps) {
 		if (dns_rr_filter_execute(rrlist) < 0) {
 		    if (why)
 			vstring_sprintf(why,
@@ -823,11 +1086,11 @@
 	if (msg_verbose)
 	    msg_info("lookup %s type %s flags %d",
 		     name, dns_strtype(type), flags);
-	status = dns_lookup_r(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
-			      fqdn, why, rcode);
+	status = dns_lookup_x(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
+			      fqdn, why, rcode, lflags);
+	if (rrlist && rr)
+	    *rrlist = dns_rr_append(*rrlist, rr);
 	if (status == DNS_OK) {
-	    if (rrlist)
-		*rrlist = dns_rr_append(*rrlist, rr);
 	    if (lflags & DNS_REQ_FLAG_STOP_OK)
 		break;
 	} else if (status == DNS_INVAL) {
@@ -875,11 +1138,11 @@
 	if (msg_verbose)
 	    msg_info("lookup %s type %s flags %d",
 		     name, dns_strtype(type), flags);
-	status = dns_lookup_r(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
-			      fqdn, why, rcode);
+	status = dns_lookup_x(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
+			      fqdn, why, rcode, lflags);
+	if (rrlist && rr)
+	    *rrlist = dns_rr_append(*rrlist, rr);
 	if (status == DNS_OK) {
-	    if (rrlist)
-		*rrlist = dns_rr_append(*rrlist, rr);
 	    if (lflags & DNS_REQ_FLAG_STOP_OK)
 		break;
 	} else if (status == DNS_INVAL) {
diff -Nru postfix-3.0.4/src/dns/dns_strrecord.c postfix-3.1.0/src/dns/dns_strrecord.c
--- postfix-3.0.4/src/dns/dns_strrecord.c	2015-02-21 20:20:41.000000000 +0000
+++ postfix-3.1.0/src/dns/dns_strrecord.c	2016-01-24 00:40:46.000000000 +0000
@@ -24,11 +24,17 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
 
 #include 
+#include 			/* memcpy */
 
 /* Utility library. */
 
@@ -45,6 +51,7 @@
 {
     const char myname[] = "dns_strrecord";
     MAI_HOSTADDR_STR host;
+    UINT32_TYPE soa_buf[5];
 
     vstring_sprintf(buf, "%s. %u IN %s ",
 		    rr->rname, rr->ttl, dns_strtype(rr->type));
@@ -88,6 +95,19 @@
 	} else {
 	    vstring_sprintf_append(buf, "[truncated record]");
 	}
+
+	/*
+	 * We use the SOA record TTL to determine the negative reply TTL. We
+	 * save the time fields in the SOA record for debugging, but for now
+	 * we don't bother saving the source host and mailbox information, as
+	 * that would require changes to the DNS_RR structure. See also code
+	 * in dns_get_rr().
+	 */
+    case T_SOA:
+	memcpy(soa_buf, rr->data, sizeof(soa_buf));
+	vstring_sprintf_append(buf, "- - %u %u %u %u %u",
+			       soa_buf[0], soa_buf[1], soa_buf[2],
+			       soa_buf[3], soa_buf[4]);
 	break;
     default:
 	msg_fatal("%s: don't know how to print type %s",
diff -Nru postfix-3.0.4/src/dns/error.ref postfix-3.1.0/src/dns/error.ref
--- postfix-3.0.4/src/dns/error.ref	2014-11-28 23:09:42.000000000 +0000
+++ postfix-3.1.0/src/dns/error.ref	2015-07-09 20:11:37.000000000 +0000
@@ -10,4 +10,4 @@
 ./test_dns_lookup: dict_regexp_lookup: error.reg: spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2
 ./test_dns_lookup: maps_find: DNS reply filter: regexp:error.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2 = oops
 ./test_dns_lookup: warning: DNS reply filter: unknown DNS filter action: "oops"
-./test_dns_lookup: fatal: Error looking up name=spike.porcupine.org type=AAAA: Invalid DNS reply filter syntax (rcode=0)
+./test_dns_lookup: warning: Error looking up name=spike.porcupine.org type=AAAA: Invalid DNS reply filter syntax (rcode=0)
diff -Nru postfix-3.0.4/src/dns/.indent.pro postfix-3.1.0/src/dns/.indent.pro
--- postfix-3.0.4/src/dns/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/dns/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/dns/Makefile.in postfix-3.1.0/src/dns/Makefile.in
--- postfix-3.0.4/src/dns/Makefile.in	2015-01-28 00:13:11.000000000 +0000
+++ postfix-3.1.0/src/dns/Makefile.in	2016-02-21 23:18:56.000000000 +0000
@@ -30,7 +30,33 @@
 
 tests:	test dns_rr_to_pa_test dns_rr_to_sa_test dns_sa_to_rr_test \
 	dns_rr_eq_sa_test no-a-test no-aaaa-test no-mx-test \
-	error-filter-test nullmx_test nxdomain_test mxonly_test
+	error-filter-test nullmx_test nxdomain_test mxonly_test \
+	dnsbl_tests
+
+dnsbl_tests: \
+	dnsbl_ttl_127.0.0.2_bind_plain_test \
+	dnsbl_ttl_127.0.0.2_bind_ncache_test \
+	dnsbl_ttl_127.0.0.2_priv_plain_test \
+	dnsbl_ttl_127.0.0.2_priv_ncache_test \
+	dnsbl_ttl_127.0.0.1_bind_plain_test \
+	dnsbl_ttl_127.0.0.1_bind_ncache_test \
+	dnsbl_ttl_127.0.0.1_priv_plain_test \
+	dnsbl_ttl_127.0.0.1_priv_ncache_test
+
+DNSBL_NEXIST_REPLY_FIX = \
+	sed -e 's/ [0-9][0-9]* IN SOA / TTL IN SOA /' \
+		-e 's/len=[0-9][0-9]* /len=LEN /' \
+		-e 's/nscount=[1-9][0-9]*/nscount=N/' \
+		-e 's/ [0-9]* [0-9]* [0-9]* [0-9]* [0-9]*/ D D D D D/'
+
+DNSBL_EXIST_REPLY_FIX = \
+	sed -e 's/ [0-9][0-9]* IN A / TTL IN A /' \
+	    -e 's/len=[0-9][0-9]* /len=LEN /' \
+	    -e 's/ancount=[1-9][0-9]*/ancount=N/' \
+	    -e 's/nscount=[1-9][0-9]*/nscount=N/' \
+	    -e 's/ [0-9]* [0-9]* [0-9]* [0-9]* [0-9]*/ D D D D D/' \
+	    -e 's/127.0.0.[0-9]*$$/127.0.0.D/' \
+	    | uniq 
 
 root_tests:
 
@@ -134,6 +160,94 @@
 	diff mxonly_test.ref mxonly_test.tmp
 	rm -f mxonly_test.tmp
 
+# Non-existent record, libbind API, RFC 2308 disabled.
+
+dnsbl_ttl_127.0.0.1_bind_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_plain.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup a 1.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup a 1.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup a 1.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_bind_plain.tmp
+	diff dnsbl_ttl_127.0.0.1_bind_plain.ref dnsbl_ttl_127.0.0.1_bind_plain.tmp
+	rm -f dnsbl_ttl_127.0.0.1_bind_plain.tmp
+
+# Non-existent record, private API, RFC 2308 disabled.
+
+dnsbl_ttl_127.0.0.1_priv_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_plain.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup -p a 1.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -p a 1.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -p a 1.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_priv_plain.tmp
+	diff dnsbl_ttl_127.0.0.1_bind_plain.ref dnsbl_ttl_127.0.0.1_priv_plain.tmp
+	rm -f dnsbl_ttl_127.0.0.1_priv_plain.tmp
+
+# Non-existent record, libbind API, RFC 2308 enabled.
+
+dnsbl_ttl_127.0.0.1_bind_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_ncache.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup -n a 1.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n a 1.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n a 1.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_bind_ncache.tmp
+	diff dnsbl_ttl_127.0.0.1_bind_ncache.ref dnsbl_ttl_127.0.0.1_bind_ncache.tmp
+	rm -f dnsbl_ttl_127.0.0.1_bind_ncache.tmp
+
+# Non-existent record, private API, RFC 2308 enabled.
+
+dnsbl_ttl_127.0.0.1_priv_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.1_bind_ncache.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup -n -p a 1.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n -p a 1.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n -p a 1.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_NEXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.1_priv_ncache.tmp
+	diff dnsbl_ttl_127.0.0.1_bind_ncache.ref dnsbl_ttl_127.0.0.1_priv_ncache.tmp
+	rm -f dnsbl_ttl_127.0.0.1_priv_ncache.tmp
+
+# Existing record, libbind API, RFC 2308 disabled.
+
+dnsbl_ttl_127.0.0.2_bind_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup a 2.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup a 2.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup a 2.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_bind_plain.tmp
+	diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_bind_plain.tmp
+	rm -f dnsbl_ttl_127.0.0.2_bind_plain.tmp
+
+# Existing record, private API, RFC 2308 disabled.
+
+dnsbl_ttl_127.0.0.2_priv_plain_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup -p a 2.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -p a 2.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -p a 2.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_priv_plain.tmp
+	diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_priv_plain.tmp
+	rm -f dnsbl_ttl_127.0.0.2_priv_plain.tmp
+
+# Existing record, libbind API, RFC 2308 enabled.
+
+dnsbl_ttl_127.0.0.2_bind_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup -n a 2.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n a 2.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n a 2.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_bind_ncache.tmp
+	diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_bind_ncache.tmp
+	rm -f dnsbl_ttl_127.0.0.2_bind_ncache.tmp
+
+# Existing record, private API, RFC 2308 enabled.
+
+dnsbl_ttl_127.0.0.2_priv_ncache_test: test_dns_lookup dnsbl_ttl_127.0.0.2_bind_plain.ref
+	(set -e; \
+        $(SHLIB_ENV) ./test_dns_lookup -n -p a 2.0.0.127.zen.spamhaus.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n -p a 2.0.0.127.b.barracudacentral.org; \
+        $(SHLIB_ENV) ./test_dns_lookup -n -p a 2.0.0.127.bl.spamcop.net; \
+	) 2>&1 | $(DNSBL_EXIST_REPLY_FIX) >dnsbl_ttl_127.0.0.2_priv_ncache.tmp
+	diff dnsbl_ttl_127.0.0.2_bind_plain.ref dnsbl_ttl_127.0.0.2_priv_ncache.tmp
+	rm -f dnsbl_ttl_127.0.0.2_priv_ncache.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
@@ -164,6 +278,7 @@
 dns_lookup.o: ../../include/argv.h
 dns_lookup.o: ../../include/check_arg.h
 dns_lookup.o: ../../include/dict.h
+dns_lookup.o: ../../include/mail_params.h
 dns_lookup.o: ../../include/maps.h
 dns_lookup.o: ../../include/msg.h
 dns_lookup.o: ../../include/myaddrinfo.h
@@ -266,6 +381,7 @@
 dns_strtype.o: dns_strtype.c
 test_dns_lookup.o: ../../include/argv.h
 test_dns_lookup.o: ../../include/check_arg.h
+test_dns_lookup.o: ../../include/mail_params.h
 test_dns_lookup.o: ../../include/msg.h
 test_dns_lookup.o: ../../include/msg_vstream.h
 test_dns_lookup.o: ../../include/myaddrinfo.h
diff -Nru postfix-3.0.4/src/dns/no-mx.ref postfix-3.1.0/src/dns/no-mx.ref
--- postfix-3.0.4/src/dns/no-mx.ref	2014-11-28 23:09:20.000000000 +0000
+++ postfix-3.1.0/src/dns/no-mx.ref	2015-07-09 20:38:08.000000000 +0000
@@ -5,7 +5,6 @@
 ./test_dns_lookup: dns_get_answer: type MX for porcupine.org
 ./test_dns_lookup: dns_get_answer: type MX for porcupine.org
 ./test_dns_lookup: dns_query: porcupine.org (MX): OK
-./test_dns_lookup: fatal: Error looking up name=porcupine.org type=MX: DNS reply filter drops all results (rcode=0)
 ./test_dns_lookup: ignoring DNS RR: porcupine.org. 3600 IN MX 10 spike.porcupine.org.
 ./test_dns_lookup: ignoring DNS RR: porcupine.org. 3600 IN MX 20 fist.porcupine.org.
 ./test_dns_lookup: ignoring DNS RR: porcupine.org. 3600 IN MX 30 m1.porcupine.org.
@@ -13,3 +12,4 @@
 ./test_dns_lookup: maps_find: DNS reply filter: regexp:no-mx.reg(0,lock|fold_fix): porcupine.org. 3600 IN MX 10 spike.porcupine.org. = ignore
 ./test_dns_lookup: maps_find: DNS reply filter: regexp:no-mx.reg(0,lock|fold_fix): porcupine.org. 3600 IN MX 20 fist.porcupine.org. = ignore
 ./test_dns_lookup: maps_find: DNS reply filter: regexp:no-mx.reg(0,lock|fold_fix): porcupine.org. 3600 IN MX 30 m1.porcupine.org. = ignore
+./test_dns_lookup: warning: Error looking up name=porcupine.org type=MX: DNS reply filter drops all results (rcode=0)
diff -Nru postfix-3.0.4/src/dns/nxdomain_test.ref postfix-3.1.0/src/dns/nxdomain_test.ref
--- postfix-3.0.4/src/dns/nxdomain_test.ref	2014-11-26 22:52:58.000000000 +0000
+++ postfix-3.1.0/src/dns/nxdomain_test.ref	2015-07-09 18:40:31.000000000 +0000
@@ -2,4 +2,4 @@
 ./test_dns_lookup: dns_query: nxdomain.porcupine.org (MX): Host not found
 ./test_dns_lookup: lookup nxdomain.porcupine.org type A flags 2097152
 ./test_dns_lookup: dns_query: nxdomain.porcupine.org (A): Host not found
-./test_dns_lookup: fatal: Host or domain name not found. Name service error for name=nxdomain.porcupine.org type=A: Host not found (rcode=3)
+./test_dns_lookup: warning: Host or domain name not found. Name service error for name=nxdomain.porcupine.org type=A: Host not found (rcode=3)
diff -Nru postfix-3.0.4/src/dns/test_dns_lookup.c postfix-3.1.0/src/dns/test_dns_lookup.c
--- postfix-3.0.4/src/dns/test_dns_lookup.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/dns/test_dns_lookup.c	2016-02-21 23:06:59.000000000 +0000
@@ -19,6 +19,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -36,6 +41,10 @@
 #include 
 #include 
 
+/* Global library. */
+
+#include 
+
 /* Application-specific. */
 
 #include "dns.h"
@@ -51,7 +60,7 @@
 
 static NORETURN usage(char **argv)
 {
-    msg_fatal("usage: %s [-v] [-f filter] types name", argv[0]);
+    msg_fatal("usage: %s [-npv] [-f filter] types name", argv[0]);
 }
 
 int     main(int argc, char **argv)
@@ -66,15 +75,23 @@
     DNS_RR *rr;
     int     i;
     int     ch;
+    int     lflags = DNS_REQ_FLAG_NONE;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
-    while ((ch = GETOPT(argc, argv, "vf:")) > 0) {
+    while ((ch = GETOPT(argc, argv, "f:npv")) > 0) {
 	switch (ch) {
+	case 'v':
 	    msg_verbose++;
 	    break;
 	case 'f':
 	    dns_rr_filter_compile("DNS reply filter", optarg);
 	    break;
+	case 'n':
+	    lflags |= DNS_REQ_FLAG_NCACHE_TTL;
+	    break;
+	case 'p':
+	    var_dns_ncache_ttl_fix = 1;
+	    break;
 	default:
 	    usage(argv);
 	}
@@ -91,16 +108,18 @@
     name = argv[optind + 1];
     msg_verbose = 1;
     switch (dns_lookup_rv(name, RES_USE_DNSSEC, &rr, fqdn, why,
-			  &rcode, DNS_REQ_FLAG_NONE, types)) {
+			  &rcode, lflags, types)) {
     default:
-	msg_fatal("%s (rcode=%d)", vstring_str(why), rcode);
+	msg_warn("%s (rcode=%d)", vstring_str(why), rcode);
     case DNS_OK:
-	vstream_printf("%s: fqdn: %s\n", name, vstring_str(fqdn));
-	buf = vstring_alloc(100);
-	print_rr(buf, rr);
-	dns_rr_free(rr);
-	vstring_free(buf);
-	vstream_fflush(VSTREAM_OUT);
+	if (rr) {
+	    vstream_printf("%s: fqdn: %s\n", name, vstring_str(fqdn));
+	    buf = vstring_alloc(100);
+	    print_rr(buf, rr);
+	    dns_rr_free(rr);
+	    vstring_free(buf);
+	    vstream_fflush(VSTREAM_OUT);
+	}
     }
     myfree((void *) types);
     exit(0);
diff -Nru postfix-3.0.4/src/dnsblog/dnsblog.c postfix-3.1.0/src/dnsblog/dnsblog.c
--- postfix-3.0.4/src/dnsblog/dnsblog.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/dnsblog/dnsblog.c	2015-07-12 00:12:55.000000000 +0000
@@ -18,8 +18,9 @@
 /*	If the IP address is listed under the DNS white/blacklist, the
 /*	\fBdnsblog\fR(8) server logs the match and replies with the
 /*	query arguments plus an address list with the resulting IP
-/*	addresses separated by whitespace.  Otherwise it replies
-/*	with the query arguments plus an empty address list.  Finally,
+/*	addresses, separated by whitespace, and the reply TTL.
+/*	Otherwise it replies with the query arguments plus an empty
+/*	address list and the reply TTL (-1 if unavailable).  Finally,
 /*	The \fBdnsblog\fR(8) server closes the connection.
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
@@ -73,11 +74,17 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
 
 #include 
+#include 
 
 /* Utility library. */
 
@@ -128,7 +135,8 @@
 
 /* static void dnsblog_query - query DNSBL for client address */
 
-static VSTRING *dnsblog_query(VSTRING *result, const char *dnsbl_domain,
+static VSTRING *dnsblog_query(VSTRING *result, int *result_ttl,
+			              const char *dnsbl_domain,
 			              const char *addr)
 {
     const char *myname = "dnsblog_query";
@@ -183,8 +191,16 @@
      * Tack on the RBL domain name and query the DNS for an A record.
      */
     vstring_strcat(query, dnsbl_domain);
-    dns_status = dns_lookup(STR(query), T_A, 0, &addr_list, (VSTRING *) 0, why);
+    dns_status = dns_lookup_x(STR(query), T_A, 0, &addr_list, (VSTRING *) 0,
+			      why, (int *) 0, DNS_REQ_FLAG_NCACHE_TTL);
+
+    /*
+     * We return the lowest TTL in the response from the A record(s) if
+     * found, or from the SOA record(s) if available. If the reply specifies
+     * no TTL, or if the query fails, we return a TTL of -1.
+     */
     VSTRING_RESET(result);
+    *result_ttl = -1;
     if (dns_status == DNS_OK) {
 	for (rr = addr_list; rr != 0; rr = rr->next) {
 	    if (dns_rr_to_pa(rr, &hostaddr) == 0) {
@@ -196,6 +212,9 @@
 		if (LEN(result) > 0)
 		    vstring_strcat(result, " ");
 		vstring_strcat(result, hostaddr.buf);
+		/* Grab the positive reply TTL. */
+		if (*result_ttl < 0 || *result_ttl > rr->ttl)
+		    *result_ttl = rr->ttl;
 	    }
 	}
 	dns_rr_free(addr_list);
@@ -203,6 +222,12 @@
 	if (msg_verbose)
 	    msg_info("%s: addr %s not listed by domain %s",
 		     myname, addr, dnsbl_domain);
+	/* Grab the negative reply TTL. */
+	for (rr = addr_list; rr != 0; rr = rr->next) {
+	    if (rr->type == T_SOA && (*result_ttl < 0 || *result_ttl > rr->ttl))
+		*result_ttl = rr->ttl;
+	}
+	dns_rr_free(addr_list);
     } else {
 	msg_warn("%s: lookup error for DNS query %s: %s",
 		 myname, STR(query), STR(why));
@@ -217,6 +242,7 @@
 			            char **argv)
 {
     int     request_id;
+    int     result_ttl;
 
     /*
      * Sanity check. This service takes no command-line arguments.
@@ -235,7 +261,7 @@
 		  RECV_ATTR_STR(MAIL_ATTR_ACT_CLIENT_ADDR, addr),
 		  RECV_ATTR_INT(MAIL_ATTR_LABEL, &request_id),
 		  ATTR_TYPE_END) == 3) {
-	(void) dnsblog_query(result, STR(rbl_domain), STR(addr));
+	(void) dnsblog_query(result, &result_ttl, STR(rbl_domain), STR(addr));
 	if (var_dnsblog_delay > 0)
 	    sleep(var_dnsblog_delay);
 	attr_print(client_stream, ATTR_FLAG_NONE,
@@ -243,6 +269,7 @@
 		   SEND_ATTR_STR(MAIL_ATTR_ACT_CLIENT_ADDR, STR(addr)),
 		   SEND_ATTR_INT(MAIL_ATTR_LABEL, request_id),
 		   SEND_ATTR_STR(MAIL_ATTR_RBL_ADDR, STR(result)),
+		   SEND_ATTR_INT(MAIL_ATTR_TTL, result_ttl),
 		   ATTR_TYPE_END);
 	vstream_fflush(client_stream);
     }
diff -Nru postfix-3.0.4/src/dnsblog/.indent.pro postfix-3.1.0/src/dnsblog/.indent.pro
--- postfix-3.0.4/src/dnsblog/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/dnsblog/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/error/error.c postfix-3.1.0/src/error/error.c
--- postfix-3.0.4/src/error/error.c	2015-01-29 12:16:47.000000000 +0000
+++ postfix-3.1.0/src/error/error.c	2016-02-14 01:28:53.000000000 +0000
@@ -103,6 +103,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/error/.indent.pro postfix-3.1.0/src/error/.indent.pro
--- postfix-3.0.4/src/error/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/error/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/flush/flush.c postfix-3.1.0/src/flush/flush.c
--- postfix-3.0.4/src/flush/flush.c	2015-01-26 22:27:17.000000000 +0000
+++ postfix-3.1.0/src/flush/flush.c	2016-02-14 01:29:11.000000000 +0000
@@ -144,6 +144,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/flush/.indent.pro postfix-3.1.0/src/flush/.indent.pro
--- postfix-3.0.4/src/flush/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/flush/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/fsstone/.indent.pro postfix-3.1.0/src/fsstone/.indent.pro
--- postfix-3.0.4/src/fsstone/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/fsstone/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/global/anvil_clnt.c postfix-3.1.0/src/global/anvil_clnt.c
--- postfix-3.0.4/src/global/anvil_clnt.c	2014-12-17 01:10:36.000000000 +0000
+++ postfix-3.1.0/src/global/anvil_clnt.c	2015-10-17 16:07:42.000000000 +0000
@@ -43,13 +43,19 @@
 /*	const char *addr;
 /*	int	*newtls;
 /*
+/*	int	anvil_clnt_auth(anvil_clnt, service, addr, auths)
+/*	ANVIL_CLNT *anvil_clnt;
+/*	const char *service;
+/*	const char *addr;
+/*	int	*auths;
+/*
 /*	int	anvil_clnt_disconnect(anvil_clnt, service, addr)
 /*	ANVIL_CLNT *anvil_clnt;
 /*	const char *service;
 /*	const char *addr;
 /*
-/*	int	anvil_clnt_lookup(anvil_clnt, service, addr,
-/*					count, rate, msgs, rcpts)
+/*	int	anvil_clnt_lookup(anvil_clnt, service, addr, count,
+/*					rate, msgs, rcpts, ntls, auths)
 /*	ANVIL_CLNT *anvil_clnt;
 /*	const char *service;
 /*	const char *addr;
@@ -57,6 +63,8 @@
 /*	int	*rate;
 /*	int	*msgs;
 /*	int	*rcpts;
+/*	int	*ntls;
+/*	int	*auths;
 /* DESCRIPTION
 /*	anvil_clnt_create() instantiates a local anvil service
 /*	client endpoint.
@@ -80,6 +88,9 @@
 /*	anvil_clnt_newtls_stat() returns the current newtls request
 /*	rate for the specified remote client.
 /*
+/*	anvil_clnt_auth() registers an AUTH event and returns the
+/*	current AUTH event rate for the specified remote client.
+/*
 /*	anvil_clnt_disconnect() informs the anvil server that a remote
 /*	client has disconnected.
 /*
@@ -111,6 +122,9 @@
 /* .IP newtls
 /*	Pointer to storage for the current "new TLS session" rate
 /*	for this remote client.
+/* .IP auths
+/*	Pointer to storage for the current AUTH event rate for this
+/*	remote client.
 /* DIAGNOSTICS
 /*	The update and status query routines return
 /*	ANVIL_STAT_OK in case of success, ANVIL_STAT_FAIL otherwise
@@ -181,7 +195,7 @@
 
 int     anvil_clnt_lookup(ANVIL_CLNT *anvil_clnt, const char *service,
 			          const char *addr, int *count, int *rate,
-			          int *msgs, int *rcpts, int *newtls)
+		             int *msgs, int *rcpts, int *newtls, int *auths)
 {
     char   *ident = ANVIL_IDENT(service, addr);
     int     status;
@@ -198,7 +212,8 @@
 			  RECV_ATTR_INT(ANVIL_ATTR_MAIL, msgs),
 			  RECV_ATTR_INT(ANVIL_ATTR_RCPT, rcpts),
 			  RECV_ATTR_INT(ANVIL_ATTR_NTLS, newtls),
-			  ATTR_TYPE_END) != 6)
+			  RECV_ATTR_INT(ANVIL_ATTR_AUTH, auths),
+			  ATTR_TYPE_END) != 7)
 	status = ANVIL_STAT_FAIL;
     else if (status != ANVIL_STAT_OK)
 	status = ANVIL_STAT_FAIL;
@@ -327,6 +342,30 @@
     return (status);
 }
 
+/* anvil_clnt_auth - heads-up and status query */
+
+int     anvil_clnt_auth(ANVIL_CLNT *anvil_clnt, const char *service,
+			        const char *addr, int *auths)
+{
+    char   *ident = ANVIL_IDENT(service, addr);
+    int     status;
+
+    if (attr_clnt_request((ATTR_CLNT *) anvil_clnt,
+			  ATTR_FLAG_NONE,	/* Query attributes. */
+			  SEND_ATTR_STR(ANVIL_ATTR_REQ, ANVIL_REQ_AUTH),
+			  SEND_ATTR_STR(ANVIL_ATTR_IDENT, ident),
+			  ATTR_TYPE_END,
+			  ATTR_FLAG_MISSING,	/* Reply attributes. */
+			  RECV_ATTR_INT(ANVIL_ATTR_STATUS, &status),
+			  RECV_ATTR_INT(ANVIL_ATTR_RATE, auths),
+			  ATTR_TYPE_END) != 2)
+	status = ANVIL_STAT_FAIL;
+    else if (status != ANVIL_STAT_OK)
+	status = ANVIL_STAT_FAIL;
+    myfree(ident);
+    return (status);
+}
+
 /* anvil_clnt_disconnect - heads-up only */
 
 int     anvil_clnt_disconnect(ANVIL_CLNT *anvil_clnt, const char *service,
@@ -371,6 +410,7 @@
 		   ANVIL_REQ_RCPT " service addr | "
 		   ANVIL_REQ_NTLS " service addr | "
 		   ANVIL_REQ_NTLS_STAT " service addr | "
+		   ANVIL_REQ_AUTH " service addr | "
 		   ANVIL_REQ_LOOKUP " service addr\n");
 }
 
@@ -387,6 +427,7 @@
     int     msgs;
     int     rcpts;
     int     newtls;
+    int     auths;
     ANVIL_CLNT *anvil;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
@@ -432,6 +473,11 @@
 		msg_warn("error!");
 	    else
 		vstream_printf("rate=%d\n", newtls);
+	} else if (strncmp(cmd, ANVIL_REQ_AUTH, cmd_len) == 0) {
+	    if (anvil_clnt_auth(anvil, service, addr, &auths) != ANVIL_STAT_OK)
+		msg_warn("error!");
+	    else
+		vstream_printf("rate=%d\n", auths);
 	} else if (strncmp(cmd, ANVIL_REQ_NTLS_STAT, cmd_len) == 0) {
 	    if (anvil_clnt_newtls_stat(anvil, service, addr, &newtls) != ANVIL_STAT_OK)
 		msg_warn("error!");
@@ -443,12 +489,13 @@
 	    else
 		vstream_printf("OK\n");
 	} else if (strncmp(cmd, ANVIL_REQ_LOOKUP, cmd_len) == 0) {
-	    if (anvil_clnt_lookup(anvil, service, addr, &count, &rate,
-				  &msgs, &rcpts, &newtls) != ANVIL_STAT_OK)
+	    if (anvil_clnt_lookup(anvil, service, addr, &count, &rate, &msgs,
+				  &rcpts, &newtls, &auths) != ANVIL_STAT_OK)
 		msg_warn("error!");
 	    else
-		vstream_printf("count=%d, rate=%d msgs=%d rcpts=%d newtls=%d\n",
-			       count, rate, msgs, rcpts, newtls);
+		vstream_printf("count=%d, rate=%d msgs=%d rcpts=%d newtls=%d "
+			     "auths=%d\n", count, rate, msgs, rcpts, newtls,
+			       auths);
 	} else {
 	    vstream_printf("bad command: \"%s\"\n", cmd);
 	    usage();
diff -Nru postfix-3.0.4/src/global/anvil_clnt.h postfix-3.1.0/src/global/anvil_clnt.h
--- postfix-3.0.4/src/global/anvil_clnt.h	2005-10-10 17:34:42.000000000 +0000
+++ postfix-3.1.0/src/global/anvil_clnt.h	2015-10-17 14:36:46.000000000 +0000
@@ -34,6 +34,7 @@
 #define ANVIL_REQ_RCPT		"recipient"
 #define ANVIL_REQ_NTLS		"newtls"
 #define ANVIL_REQ_NTLS_STAT	"newtls_status"
+#define ANVIL_REQ_AUTH		"auth"
 #define ANVIL_REQ_LOOKUP	"lookup"
 #define ANVIL_ATTR_IDENT	"ident"
 #define ANVIL_ATTR_COUNT	"count"
@@ -41,6 +42,7 @@
 #define ANVIL_ATTR_MAIL		"mail"
 #define ANVIL_ATTR_RCPT		"rcpt"
 #define ANVIL_ATTR_NTLS		"newtls"
+#define ANVIL_ATTR_AUTH		"auth"
 #define ANVIL_ATTR_STATUS	"status"
 
 #define ANVIL_STAT_OK		0
@@ -57,7 +59,8 @@
 extern int anvil_clnt_rcpt(ANVIL_CLNT *, const char *, const char *, int *);
 extern int anvil_clnt_newtls(ANVIL_CLNT *, const char *, const char *, int *);
 extern int anvil_clnt_newtls_stat(ANVIL_CLNT *, const char *, const char *, int *);
-extern int anvil_clnt_lookup(ANVIL_CLNT *, const char *, const char *, int *, int *, int *, int *, int *);
+extern int anvil_clnt_auth(ANVIL_CLNT *, const char *, const char *, int *);
+extern int anvil_clnt_lookup(ANVIL_CLNT *, const char *, const char *, int *, int *, int *, int *, int *, int *);
 extern int anvil_clnt_disconnect(ANVIL_CLNT *, const char *, const char *);
 extern void anvil_clnt_free(ANVIL_CLNT *);
 
diff -Nru postfix-3.0.4/src/global/attr_override.c postfix-3.1.0/src/global/attr_override.c
--- postfix-3.0.4/src/global/attr_override.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/global/attr_override.c	2016-02-14 14:26:22.000000000 +0000
@@ -32,16 +32,16 @@
 /*	with arguments. Each macro may appear only once.  The list
 /*	must be terminated with CA_ATTR_OVER_END which has no argument.
 /*	The following describes the expected values.
-/* .IP "CA_ATTR_OVER_STR_TABLE(const ATTR_OVER_STR *)
+/* .IP "CA_ATTR_OVER_STR_TABLE(const ATTR_OVER_STR *)"
 /*	The macro argument specifies a null-terminated table with
 /*	attribute names, assignment targets, and range limits which
 /*	should be the same as for the corresponding main.cf parameters.
-/* .IP "CA_ATTR_OVER_TIME_TABLE(const ATTR_OVER_TIME *)
+/* .IP "CA_ATTR_OVER_TIME_TABLE(const ATTR_OVER_TIME *)"
 /*	The macro argument specifies a null-terminated table with
 /*	attribute names, their default time units (leading digits
 /*	are skipped), assignment targets, and range limits which
 /*	should be the same as for the corresponding main.cf parameters.
-/* .IP "CA_ATTR_OVER_INT_TABLE(const ATTR_OVER_INT *)
+/* .IP "CA_ATTR_OVER_INT_TABLE(const ATTR_OVER_INT *)"
 /*	The macro argument specifies a null-terminated table with
 /*	attribute names, assignment targets, and range limits which
 /*	should be the same as for the corresponding main.cf parameters.
diff -Nru postfix-3.0.4/src/global/conv_time.c postfix-3.1.0/src/global/conv_time.c
--- postfix-3.0.4/src/global/conv_time.c	2010-12-08 18:15:33.000000000 +0000
+++ postfix-3.1.0/src/global/conv_time.c	2016-01-24 00:36:46.000000000 +0000
@@ -35,6 +35,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -68,7 +73,7 @@
     errno = 0;
     intval = longval = strtol(strval, &end, 10);
     if (*strval == 0 || errno == ERANGE || longval != intval || intval < 0
-	|| (*end != 0 && end[1] != 0))
+	/* || (*end != 0 && end[1] != 0) */)
 	return (0);
 
     switch (*end ? *end : def_unit) {
diff -Nru postfix-3.0.4/src/global/db_common.c postfix-3.1.0/src/global/db_common.c
--- postfix-3.0.4/src/global/db_common.c	2015-01-13 19:15:33.000000000 +0000
+++ postfix-3.1.0/src/global/db_common.c	2016-02-12 20:05:29.000000000 +0000
@@ -36,7 +36,7 @@
 /*
 /*	\fIdb_common_parse\fR parses query and result substitution templates.
 /*	It must be called for each template before any calls to
-/*	\fIdb_common_expand\fR. The \fIctx\fB argument must be initialized to
+/*	\fIdb_common_expand\fR. The \fIctx\fR argument must be initialized to
 /*	a reference to a (void *)0 before the first template is parsed, this
 /*	causes memory for the context to be allocated and the new pointer is
 /*	stored in *ctx. When the dictionary is closed, this memory must be
diff -Nru postfix-3.0.4/src/global/dict_mysql.c postfix-3.1.0/src/global/dict_mysql.c
--- postfix-3.0.4/src/global/dict_mysql.c	2015-01-29 12:16:38.000000000 +0000
+++ postfix-3.1.0/src/global/dict_mysql.c	2016-02-14 00:55:05.000000000 +0000
@@ -131,7 +131,7 @@
 /* .br
 /*	where_field = alias
 /* .br
-/*	hosts = host1.some.domain\fR \fBhost2.some.domain
+/*	hosts = host1.some.domain host2.some.domain
 /* .IP additional_conditions
 /*	Backward compatibility when \fIquery\fR is not set, additional
 /*	conditions to the WHERE clause.
@@ -158,7 +158,7 @@
 /* .br
 /*	where_field = alias
 /* .br
-/*	hosts = host1.some.domain\fR \fBhost2.some.domain
+/*	hosts = host1.some.domain host2.some.domain
 /* .PP
 /* SEE ALSO
 /*	dict(3) generic dictionary manager
diff -Nru postfix-3.0.4/src/global/dict_pgsql.c postfix-3.1.0/src/global/dict_pgsql.c
--- postfix-3.0.4/src/global/dict_pgsql.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/global/dict_pgsql.c	2016-02-14 00:55:48.000000000 +0000
@@ -115,7 +115,7 @@
 /* .br
 /*	where_field = alias
 /* .br
-/*	hosts = host1.some.domain\fR \fBhost2.some.domain
+/*	hosts = host1.some.domain host2.some.domain
 /* .PP
 /* SEE ALSO
 /*	dict(3) generic dictionary manager
diff -Nru postfix-3.0.4/src/global/ext_prop.c postfix-3.1.0/src/global/ext_prop.c
--- postfix-3.0.4/src/global/ext_prop.c	2008-01-08 20:36:13.000000000 +0000
+++ postfix-3.1.0/src/global/ext_prop.c	2016-02-14 14:26:22.000000000 +0000
@@ -19,10 +19,10 @@
 /* .IP "canonical (EXT_PROP_CANONICAL)"
 /*	Propagate unmatched address extensions to the right-hand side
 /*	of canonical table entries (not: regular expressions).
-/* .IP "virtual (EXT_PROP_VIRTUAL)
+/* .IP "virtual (EXT_PROP_VIRTUAL)"
 /*	Propagate unmatched address extensions to the right-hand side
 /*	of virtual table entries (not: regular expressions).
-/* .IP "alias (EXT_PROP_ALIAS)
+/* .IP "alias (EXT_PROP_ALIAS)"
 /*	Propagate unmatched address extensions to the right-hand side
 /*	of alias database entries.
 /* .IP "forward (EXT_PROP_FORWARD)"
diff -Nru postfix-3.0.4/src/global/.indent.pro postfix-3.1.0/src/global/.indent.pro
--- postfix-3.0.4/src/global/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/global/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/global/mail_command_client.c postfix-3.1.0/src/global/mail_command_client.c
--- postfix-3.0.4/src/global/mail_command_client.c	2014-12-14 18:22:05.000000000 +0000
+++ postfix-3.1.0/src/global/mail_command_client.c	2015-02-16 17:49:45.000000000 +0000
@@ -52,6 +52,7 @@
 /* Utility library. */
 
 #include 
+#include 
 
 /* Global library. */
 
@@ -67,16 +68,26 @@
 
     /*
      * Talk a little protocol with the specified service.
+     * 
+     * This function is used for non-critical services where it is OK to back
+     * off after the first error. Log what communication stage failed, to
+     * facilitate trouble analysis.
      */
-    if ((stream = mail_connect(class, name, BLOCKING)) == 0)
+    if ((stream = mail_connect(class, name, BLOCKING)) == 0) {
+	msg_warn("connect to %s/%s: %m", class, name);
 	return (-1);
+    }
     va_start(ap, name);
     status = attr_vprint(stream, ATTR_FLAG_NONE, ap);
     va_end(ap);
-    if (status != 0
-	|| attr_scan(stream, ATTR_FLAG_STRICT,
-		     RECV_ATTR_INT(MAIL_ATTR_STATUS, &status), 0) != 1)
+    if (status != 0) {
+	msg_warn("write %s: %m", VSTREAM_PATH(stream));
 	status = -1;
+    } else if (attr_scan(stream, ATTR_FLAG_STRICT,
+			 RECV_ATTR_INT(MAIL_ATTR_STATUS, &status), 0) != 1) {
+	msg_warn("write/read %s: %m", VSTREAM_PATH(stream));
+	status = -1;
+    }
     (void) vstream_fclose(stream);
     return (status);
 }
diff -Nru postfix-3.0.4/src/global/mail_conf_time.c postfix-3.1.0/src/global/mail_conf_time.c
--- postfix-3.0.4/src/global/mail_conf_time.c	2014-09-25 19:08:49.000000000 +0000
+++ postfix-3.1.0/src/global/mail_conf_time.c	2016-01-24 00:37:14.000000000 +0000
@@ -78,6 +78,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -133,9 +138,11 @@
 	    msg_panic("parameter %s: missing time unit in default value: %s",
 		      name, defval);
 	if (ISALPHA(*cp)) {
+#if 0
 	    if (cp[1] != 0)
 		msg_panic("parameter %s: bad time unit in default value: %s",
 			  name, defval);
+#endif
 	    return (*cp);
 	}
     }
diff -Nru postfix-3.0.4/src/global/mail_connect.c postfix-3.1.0/src/global/mail_connect.c
--- postfix-3.0.4/src/global/mail_connect.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/global/mail_connect.c	2015-02-16 16:08:41.000000000 +0000
@@ -22,6 +22,7 @@
 /*
 /*	mail_connect() attempts to connect to the UNIX-domain socket of
 /*	the named subsystem. The result is a null pointer in case of failure.
+/*	By default this function provides no errno logging.
 /*
 /*	mail_connect_wait() is like mail_connect(), but keeps trying until
 /*	the connection succeeds. However, mail_connect_wait() terminates
diff -Nru postfix-3.0.4/src/global/mail_params.c postfix-3.1.0/src/global/mail_params.c
--- postfix-3.0.4/src/global/mail_params.c	2015-01-27 19:27:44.000000000 +0000
+++ postfix-3.1.0/src/global/mail_params.c	2015-12-28 00:19:52.000000000 +0000
@@ -327,6 +327,7 @@
 bool    var_multi_enable;
 bool    var_long_queue_ids;
 bool    var_daemon_open_fatal;
+bool    var_dns_ncache_ttl_fix;
 char   *var_dsn_filter;
 int     var_smtputf8_enable;
 int     var_strict_smtputf8;
@@ -367,13 +368,21 @@
     /*
      * If the local machine name is not in FQDN form, try to append the
      * contents of $mydomain. Use a default domain as a final workaround.
+     * 
+     * DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - IT MAKES EVERY POSTFIX
+     * PROGRAM HANG WHEN DNS SERVICE IS UNAVAILABLE. IF YOU DON'T LIKE THE
+     * DEFAULT, THEN EDIT MAIN.CF.
      */
     name = get_hostname();
+    /* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
     if ((dot = strchr(name, '.')) == 0) {
+	/* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
 	if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0)
 	    domain = DEF_MYDOMAIN;
+	/* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
 	name = concatenate(name, ".", domain, (char *) 0);
     }
+    /* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
     return (name);
 }
 
@@ -385,9 +394,16 @@
 
     /*
      * Use a default domain when the hostname is not a FQDN ("foo").
+     * 
+     * DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - IT MAKES EVERY POSTFIX
+     * PROGRAM HANG WHEN DNS SERVICE IS UNAVAILABLE. IF YOU DON'T LIKE THE
+     * DEFAULT, THEN EDIT MAIN.CF.
      */
+    /* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
     if ((dot = strchr(var_myhostname, '.')) == 0)
+	/* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
 	return (DEF_MYDOMAIN);
+    /* DO NOT CALL GETHOSTBYNAME OR GETNAMEINFO HERE - EDIT MAIN.CF */
     return (dot + 1);
 }
 
@@ -567,7 +583,7 @@
      * 
      * To turn off further warnings and deploy the new default settings, the
      * system administrator should update the compatibility_level setting as
-     * recommended in the RELASE_NOTES file.
+     * recommended in the RELEASE_NOTES file.
      * 
      * Each incompatible change has its own flag variable, instead of bit in a
      * shared variable. We don't want to rip up code when we need more flag
@@ -630,6 +646,7 @@
     static const CONFIG_BOOL_TABLE first_bool_defaults[] = {
 	/* read and process the following before opening tables. */
 	VAR_DAEMON_OPEN_FATAL, DEF_DAEMON_OPEN_FATAL, &var_daemon_open_fatal,
+	VAR_DNS_NCACHE_TTL_FIX, DEF_DNS_NCACHE_TTL_FIX, &var_dns_ncache_ttl_fix,
 	0,
     };
     static const CONFIG_NBOOL_TABLE first_nbool_defaults[] = {
diff -Nru postfix-3.0.4/src/global/mail_params.h postfix-3.1.0/src/global/mail_params.h
--- postfix-3.0.4/src/global/mail_params.h	2015-07-19 22:24:25.000000000 +0000
+++ postfix-3.1.0/src/global/mail_params.h	2016-01-31 21:05:46.000000000 +0000
@@ -216,7 +216,8 @@
 
 #define VAR_SMTP_FALLBACK	"smtp_fallback_relay"
 #define DEF_SMTP_FALLBACK	"$fallback_relay"
-#define VAR_LMTP_FALLBACK	"smtp_fallback_relay"
+#define VAR_LMTP_FALLBACK	"lmtp_fallback_relay"
+#define DEF_LMTP_FALLBACK	""
 #define DEF_FALLBACK_RELAY	""
 extern char *var_fallback_relay;
 
@@ -1579,6 +1580,11 @@
 #define DEF_LMTP_TLS_FORCE_TLSA 0
 extern bool var_smtp_tls_force_tlsa;
 
+ /* SMTP only */
+#define VAR_SMTP_TLS_INSECURE_MX_POLICY "smtp_tls_dane_insecure_mx_policy"
+#define DEF_SMTP_TLS_INSECURE_MX_POLICY "dane"
+extern char *var_smtp_tls_insecure_mx_policy;
+
  /*
   * SASL authentication support, SMTP server side.
   */
@@ -2602,6 +2608,11 @@
 #define DEF_NEWALIAS_PATH		"/usr/bin/newaliases"
 #endif
 
+#define VAR_OPENSSL_PATH		"openssl_path"
+#ifndef DEF_OPENSSL_PATH
+#define DEF_OPENSSL_PATH		"openssl"
+#endif
+
 #define VAR_MANPAGE_DIR			"manpage_directory"
 #ifndef DEF_MANPAGE_DIR
 #define DEF_MANPAGE_DIR			"/usr/local/man"
@@ -2705,6 +2716,10 @@
 #define DEF_SCACHE_STAT_TIME		"600s"
 extern int var_scache_stat_time;
 
+#define VAR_VRFY_PEND_LIMIT		"address_verify_pending_request_limit"
+#define DEF_VRFY_PEND_LIMIT		(DEF_QMGR_ACT_LIMIT / 4)
+extern int var_vrfy_pend_limit;
+
  /*
   * Address verification service.
   */
@@ -2966,6 +2981,10 @@
 #define DEF_SMTPD_POLICY_DEF_ACTION	"451 4.3.5 Server configuration problem"
 extern char *var_smtpd_policy_def_action;
 
+#define VAR_SMTPD_POLICY_CONTEXT	"smtpd_policy_service_policy_context"
+#define DEF_SMTPD_POLICY_CONTEXT	""
+extern char *var_smtpd_policy_context;
+
 #define CHECK_POLICY_SERVICE		"check_policy_service"
 
  /*
@@ -2991,6 +3010,10 @@
 #define DEF_SMTPD_CNTLS_LIMIT		0
 extern int var_smtpd_cntls_limit;
 
+#define VAR_SMTPD_CAUTH_LIMIT		"smtpd_client_auth_rate_limit"
+#define DEF_SMTPD_CAUTH_LIMIT		0
+extern int var_smtpd_cauth_limit;
+
 #define VAR_SMTPD_HOGGERS		"smtpd_client_event_limit_exceptions"
 #define DEF_SMTPD_HOGGERS		"${smtpd_client_connection_limit_exceptions:$" VAR_MYNETWORKS "}"
 extern char *var_smtpd_hoggers;
@@ -3127,19 +3150,19 @@
 #endif
 
 #define VAR_TLS_HIGH_CLIST	"tls_high_cipherlist"
-#define DEF_TLS_HIGH_CLIST	PREFER_aNULL "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
+#define DEF_TLS_HIGH_CLIST	PREFER_aNULL "HIGH:@STRENGTH"
 extern char *var_tls_high_clist;
 
 #define VAR_TLS_MEDIUM_CLIST	"tls_medium_cipherlist"
-#define DEF_TLS_MEDIUM_CLIST	PREFER_aNULL "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
+#define DEF_TLS_MEDIUM_CLIST	PREFER_aNULL "HIGH:MEDIUM:+RC4:@STRENGTH"
 extern char *var_tls_medium_clist;
 
 #define VAR_TLS_LOW_CLIST	"tls_low_cipherlist"
-#define DEF_TLS_LOW_CLIST	PREFER_aNULL "ALL:!EXPORT:+RC4:@STRENGTH"
+#define DEF_TLS_LOW_CLIST	PREFER_aNULL "HIGH:MEDIUM:LOW:+RC4:@STRENGTH"
 extern char *var_tls_low_clist;
 
 #define VAR_TLS_EXPORT_CLIST	"tls_export_cipherlist"
-#define DEF_TLS_EXPORT_CLIST	PREFER_aNULL "ALL:+RC4:@STRENGTH"
+#define DEF_TLS_EXPORT_CLIST	PREFER_aNULL "HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH"
 extern char *var_tls_export_clist;
 
 #define VAR_TLS_NULL_CLIST	"tls_null_cipherlist"
@@ -3299,6 +3322,10 @@
 #define DEF_MILT_HEAD_CHECKS		""
 extern char *var_milt_head_checks;
 
+#define VAR_MILT_MACRO_DEFLTS		"milter_macro_defaults"
+#define DEF_MILT_MACRO_DEFLTS		""
+extern char *var_milt_macro_deflts;
+
  /*
   * What internal mail do we inspect/stamp/etc.? This is not yet safe enough
   * to enable world-wide.
@@ -3391,6 +3418,11 @@
 #define DEF_DEST_RATE_DELAY	"0s"
 extern int var_dest_rate_delay;
 
+#define VAR_XPORT_RATE_DELAY	"default_transport_rate_delay"
+#define _XPORT_RATE_DELAY	"_transport_rate_delay"
+#define DEF_XPORT_RATE_DELAY	"0s"
+extern int var_xport_rate_delay;
+
  /*
   * Stress handling.
   */
@@ -3518,9 +3550,13 @@
 #define DEF_PSC_DNSBL_ACTION	"ignore"
 extern char *var_psc_dnsbl_action;
 
-#define VAR_PSC_DNSBL_TTL	"postscreen_dnsbl_ttl"
-#define DEF_PSC_DNSBL_TTL	"1h"
-extern int var_psc_dnsbl_ttl;
+#define VAR_PSC_DNSBL_MIN_TTL	"postscreen_dnsbl_min_ttl"
+#define DEF_PSC_DNSBL_MIN_TTL	"60s"
+extern int var_psc_dnsbl_min_ttl;
+
+#define VAR_PSC_DNSBL_MAX_TTL	"postscreen_dnsbl_max_ttl"
+#define DEF_PSC_DNSBL_MAX_TTL	"${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h"
+extern int var_psc_dnsbl_max_ttl;
 
 #define	VAR_PSC_DNSBL_REPLY	"postscreen_dnsbl_reply_map"
 #define	DEF_PSC_DNSBL_REPLY	""
@@ -3908,6 +3944,18 @@
 					MAIL_SRC_NAME_VERIFY
 extern char *var_smtputf8_autoclass;
 
+ /*
+  * Workaround for future incompatibility. Our implementation of RFC 2308
+  * negative reply caching relies on the promise that res_query() and
+  * res_search() invoke res_send(), which returns the server response in an
+  * application buffer even if the requested record does not exist. If this
+  * promise is broken, we have a workaround that is good enough for DNS
+  * reputation lookups.
+  */
+#define VAR_DNS_NCACHE_TTL_FIX		"dns_ncache_ttl_fix_enable"
+#define DEF_DNS_NCACHE_TTL_FIX		0
+extern bool var_dns_ncache_ttl_fix;
+
 /* LICENSE
 /* .ad
 /* .fi
diff -Nru postfix-3.0.4/src/global/mail_proto.h postfix-3.1.0/src/global/mail_proto.h
--- postfix-3.0.4/src/global/mail_proto.h	2014-07-14 23:53:14.000000000 +0000
+++ postfix-3.1.0/src/global/mail_proto.h	2015-09-13 16:36:51.000000000 +0000
@@ -161,6 +161,7 @@
 #define MAIL_ATTR_STRESS	"stress"
 #define MAIL_ATTR_LOG_IDENT	"log_ident"
 #define MAIL_ATTR_RWR_CONTEXT	"rewrite_context"
+#define MAIL_ATTR_POL_CONTEXT	"policy_context"
 
 #define MAIL_ATTR_RWR_LOCAL	"local"
 #define MAIL_ATTR_RWR_REMOTE	"remote"
diff -Nru postfix-3.0.4/src/global/mail_version.h postfix-3.1.0/src/global/mail_version.h
--- postfix-3.0.4/src/global/mail_version.h	2016-02-21 17:27:57.000000000 +0000
+++ postfix-3.1.0/src/global/mail_version.h	2016-02-25 00:44:51.000000000 +0000
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20160221"
-#define MAIL_VERSION_NUMBER	"3.0.4"
+#define MAIL_RELEASE_DATE	"20160224"
+#define MAIL_VERSION_NUMBER	"3.1.0"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -Nru postfix-3.0.4/src/global/Makefile.in postfix-3.1.0/src/global/Makefile.in
--- postfix-3.0.4/src/global/Makefile.in	2015-01-28 00:13:10.000000000 +0000
+++ postfix-3.1.0/src/global/Makefile.in	2016-01-08 12:54:39.000000000 +0000
@@ -117,7 +117,7 @@
 	valid_mailhost_addr own_inet_addr header_body_checks \
 	data_redirect addr_match_list safe_ultostr verify_sender_addr \
 	mail_version mail_dict server_acl uxtext mail_parm_split \
-	fold_addr
+	fold_addr smtp_reply_footer
 
 LIBS	= ../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX)
 LIB_DIR	= ../../lib
@@ -373,11 +373,15 @@
 fold_addr: fold_addr.c $(LIB) $(LIBS)
 	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
 
+smtp_reply_footer: smtp_reply_footer.c $(LIB) $(LIBS)
+	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+
 tests: tok822_test mime_tests strip_addr_test tok822_limit_test \
 	xtext_test scache_multi_test ehlo_mask_test \
 	namadr_list_test mail_conf_time_test header_body_checks_tests \
 	mail_version_test server_acl_test resolve_local_test maps_test \
-	safe_ultostr_test mail_parm_split_test fold_addr_test
+	safe_ultostr_test mail_parm_split_test fold_addr_test \
+	smtp_reply_footer_test
 
 mime_tests: mime_test mime_nest mime_8bit mime_dom mime_trunc mime_cvt \
 	mime_cvt2 mime_cvt3 mime_garb1 mime_garb2 mime_garb3 mime_garb4
@@ -647,6 +651,11 @@
 	diff fold_addr_test.ref fold_addr_test.tmp
 	rm -f fold_addr_test.tmp
 
+smtp_reply_footer_test: smtp_reply_footer smtp_reply_footer.ref
+	$(SHLIB_ENV) ./smtp_reply_footer >smtp_reply_footer.tmp 2>&1
+	diff smtp_reply_footer.ref smtp_reply_footer.tmp
+	rm -f smtp_reply_footer.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
@@ -1451,6 +1460,7 @@
 mail_command_client.o: ../../include/check_arg.h
 mail_command_client.o: ../../include/htable.h
 mail_command_client.o: ../../include/iostuff.h
+mail_command_client.o: ../../include/msg.h
 mail_command_client.o: ../../include/mymalloc.h
 mail_command_client.o: ../../include/nvtable.h
 mail_command_client.o: ../../include/sys_defs.h
diff -Nru postfix-3.0.4/src/global/post_mail.c postfix-3.1.0/src/global/post_mail.c
--- postfix-3.0.4/src/global/post_mail.c	2014-12-14 18:22:05.000000000 +0000
+++ postfix-3.1.0/src/global/post_mail.c	2015-12-27 22:33:30.000000000 +0000
@@ -54,6 +54,11 @@
 /*
 /*	int	post_mail_fclose(stream)
 /*	VSTREAM	*STREAM;
+/*
+/*	void	post_mail_fclose_async(stream, notify, context)
+/*	VSTREAM	*stream;
+/*	void	(*notify)(int status, void *context);
+/*	void	*context;
 /* DESCRIPTION
 /*	This module provides a convenient interface for the most
 /*	common case of sending one message to one recipient. It
@@ -91,6 +96,11 @@
 /*
 /*	post_mail_fclose() completes the posting of a message.
 /*
+/*	post_mail_fclose_async() completes the posting of a message
+/*	and upon completion invokes the caller-specified notify
+/*	routine, with the cleanup status and caller-specified context
+/*	as arguments.
+/*
 /*	Arguments:
 /* .IP sender
 /*	The sender envelope address. It is up to the application
@@ -187,6 +197,16 @@
     VSTRING *queue_id;
 } POST_MAIL_STATE;
 
+ /*
+  * Call-back state for asynchronous close requests.
+  */
+typedef struct {
+    int     status;
+    VSTREAM *stream;
+    POST_MAIL_FCLOSE_NOTIFY notify;
+    void   *context;
+} POST_MAIL_FCLOSE_STATE;
+
 /* post_mail_init - initial negotiations */
 
 static void post_mail_init(VSTREAM *stream, const char *sender,
@@ -206,6 +226,13 @@
     date = mail_date(now.tv_sec);
 
     /*
+     * XXX Don't flush buffers while sending the initial message records.
+     * That would cause deadlock between verify(8) and cleanup(8) servers.
+     */
+    vstream_control(stream, VSTREAM_CTL_BUFSIZE, 2 * VSTREAM_BUFSIZE,
+		    VSTREAM_CTL_END);
+
+    /*
      * Negotiate with the cleanup service. Give up if we can't agree.
      */
     if (attr_scan(stream, ATTR_FLAG_STRICT,
@@ -268,6 +295,9 @@
 			       BLOCKING)) != 0)
 	post_mail_init(stream, sender, recipient, source_class, trace_flags,
 		       utf8_flags, queue_id);
+    else
+	msg_warn("connect to %s/%s: %m",
+		 MAIL_CLASS_PUBLIC, var_cleanup_service);
     return (stream);
 }
 
@@ -432,3 +462,94 @@
     (void) vstream_fclose(cleanup);
     return (status);
 }
+
+/* post_mail_fclose_event - event handler */
+
+static void post_mail_fclose_event(int event, void *context)
+{
+    POST_MAIL_FCLOSE_STATE *state = (POST_MAIL_FCLOSE_STATE *) context;
+    int     status = state->status;
+
+    switch (event) {
+
+	/*
+	 * Final server reply. Pick up the completion status.
+	 */
+    case EVENT_READ:
+	if (status == 0) {
+	    if (vstream_ferror(state->stream) != 0
+		|| attr_scan(state->stream, ATTR_FLAG_MISSING,
+			     ATTR_TYPE_INT, MAIL_ATTR_STATUS, &status,
+			     ATTR_TYPE_END) != 1)
+		status = CLEANUP_STAT_WRITE;
+	}
+	break;
+
+	/*
+	 * No response or error.
+	 */
+    default:
+	msg_warn("error talking to service: %s", var_cleanup_service);
+	status = CLEANUP_STAT_WRITE;
+	break;
+    }
+
+    /*
+     * Stop the watchdog timer, and disable further read events that end up
+     * calling this function.
+     */
+    event_cancel_timer(post_mail_fclose_event, context);
+    event_disable_readwrite(vstream_fileno(state->stream));
+
+    /*
+     * Notify the requestor and clean up.
+     */
+    state->notify(status, state->context);
+    (void) vstream_fclose(state->stream);
+    myfree((void *) state);
+}
+
+/* post_mail_fclose_async - finish posting of message */
+
+void    post_mail_fclose_async(VSTREAM *stream,
+			         void (*notify) (int status, void *context),
+			               void *context)
+{
+    POST_MAIL_FCLOSE_STATE *state;
+    int     status = 0;
+
+
+    /*
+     * Send the message end marker only when there were no errors.
+     */
+    if (vstream_ferror(stream) != 0) {
+	status = CLEANUP_STAT_WRITE;
+    } else {
+	rec_fputs(stream, REC_TYPE_XTRA, "");
+	rec_fputs(stream, REC_TYPE_END, "");
+	if (vstream_fflush(stream))
+	    status = CLEANUP_STAT_WRITE;
+    }
+
+    /*
+     * Bundle up the suspended state.
+     */
+    state = (POST_MAIL_FCLOSE_STATE *) mymalloc(sizeof(*state));
+    state->status = status;
+    state->stream = stream;
+    state->notify = notify;
+    state->context = context;
+
+    /*
+     * To keep interfaces as simple as possible we report all errors via the
+     * same interface as all successes.
+     */
+    if (status == 0) {
+	event_enable_read(vstream_fileno(stream), post_mail_fclose_event,
+			  (void *) state);
+	event_request_timer(post_mail_fclose_event, (void *) state,
+			    var_daemon_timeout);
+    } else {
+	event_request_timer(post_mail_fclose_event, (void *) state, 0);
+    }
+}
diff -Nru postfix-3.0.4/src/global/post_mail.h postfix-3.1.0/src/global/post_mail.h
--- postfix-3.0.4/src/global/post_mail.h	2014-07-14 18:26:37.000000000 +0000
+++ postfix-3.1.0/src/global/post_mail.h	2015-12-27 21:30:56.000000000 +0000
@@ -28,7 +28,7 @@
  /*
   * External interface.
   */
-typedef void (*POST_MAIL_NOTIFY)(VSTREAM *, void *);
+typedef void (*POST_MAIL_NOTIFY) (VSTREAM *, void *);
 extern VSTREAM *post_mail_fopen(const char *, const char *, int, int, int, VSTRING *);
 extern VSTREAM *post_mail_fopen_nowait(const char *, const char *, int, int, int, VSTRING *);
 extern void post_mail_fopen_async(const char *, const char *, int, int, int, VSTRING *, POST_MAIL_NOTIFY, void *);
@@ -36,6 +36,8 @@
 extern int post_mail_fputs(VSTREAM *, const char *);
 extern int post_mail_buffer(VSTREAM *, const char *, int);
 extern int post_mail_fclose(VSTREAM *);
+typedef void (*POST_MAIL_FCLOSE_NOTIFY) (int, void *);
+extern void post_mail_fclose_async(VSTREAM *, POST_MAIL_FCLOSE_NOTIFY, void *);
 
 #define POST_MAIL_BUFFER(v, b) \
 	post_mail_buffer((v), vstring_str(b), VSTRING_LEN(b))
diff -Nru postfix-3.0.4/src/global/record.c postfix-3.1.0/src/global/record.c
--- postfix-3.0.4/src/global/record.c	2014-12-12 20:57:24.000000000 +0000
+++ postfix-3.1.0/src/global/record.c	2015-09-13 16:15:45.000000000 +0000
@@ -177,6 +177,7 @@
 
     if (vstream_fseek(stream, offset, SEEK_SET) < 0
 	|| VSTREAM_PUTC(type, stream) != type) {
+	msg_warn("%s: seek or write error", VSTREAM_PATH(stream));
 	return (REC_TYPE_ERROR);
     } else {
 	return (type);
@@ -304,8 +305,12 @@
 	    continue;
 	if (type == REC_TYPE_DTXT && (flags & REC_FLAG_SKIP_DTXT) != 0)
 	    continue;
-	if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0)
-	    (void) vstream_fseek(stream, (off_t) 0, SEEK_END);
+	if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0
+	    && vstream_fseek(stream, (off_t) 0, SEEK_END) < 0) {
+	    msg_warn("%s: seek error after reading END record: %m",
+		     VSTREAM_PATH(stream));
+	    return (REC_TYPE_ERROR);
+	}
 	break;
     }
     return (type);
diff -Nru postfix-3.0.4/src/global/smtp_reply_footer.c postfix-3.1.0/src/global/smtp_reply_footer.c
--- postfix-3.0.4/src/global/smtp_reply_footer.c	2014-12-12 20:53:37.000000000 +0000
+++ postfix-3.1.0/src/global/smtp_reply_footer.c	2016-01-18 14:41:40.000000000 +0000
@@ -10,7 +10,7 @@
 /*					lookup, context)
 /*	VSTRING	*buffer;
 /*	ssize_t	start;
-/*	char	*template;
+/*	const char *template;
 /*	const char *filter;
 /*	const char *(*lookup) (const char *name, void *context);
 /*	void	*context;
@@ -50,8 +50,9 @@
 /* SEE ALSO
 /*	mac_expand(3) macro expansion
 /* DIAGNOSTICS
-/*	smtp_reply_footer() returns 0 upon success, -1 if the
-/*	existing reply text is malformed.
+/*	smtp_reply_footer() returns 0 upon success, -1 if the existing
+/*	reply text is malformed, -2 in the case of a template macro
+/*	parsing error (an undefined macro value is not an error).
 /*
 /*	Fatal errors: memory allocation problem.
 /* LICENSE
@@ -63,6 +64,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -74,6 +80,7 @@
 /* Utility library. */
 
 #include 
+#include 
 #include 
 
 /* Global library. */
@@ -86,7 +93,7 @@
 #define STR	vstring_str
 
 int     smtp_reply_footer(VSTRING *buffer, ssize_t start,
-			          char *template,
+			          const char *template,
 			          const char *filter,
 			          MAC_EXP_LOOKUP_FN lookup,
 			          void *context)
@@ -95,9 +102,14 @@
     char   *cp;
     char   *next;
     char   *end;
-    ssize_t dsn_len;
+    ssize_t dsn_len;			/* last status code length */
+    ssize_t dsn_offs = -1;		/* last status code offset */
     int     crlf_at_end = 0;
-    ssize_t reply_patch_undo_offs = -1;
+    ssize_t reply_code_offs = -1;	/* last SMTP reply code offset */
+    ssize_t reply_patch_undo_len;	/* length without final CRLF */
+    int     mac_expand_error = 0;
+    int     line_added;
+    char   *saved_template;
 
     /*
      * Sanity check.
@@ -108,15 +120,15 @@
 	msg_panic("%s: empty template", myname);
 
     /*
-     * Scan and patch the original response. If the response is not what we
-     * expect, we stop making changes.
+     * Scan the original response without making changes. If the response is
+     * not what we expect, report an error. Otherwise, remember the offset of
+     * the last SMTP reply code.
      */
     for (cp = STR(buffer) + start, end = cp + strlen(cp);;) {
 	if (!ISDIGIT(cp[0]) || !ISDIGIT(cp[1]) || !ISDIGIT(cp[2])
 	    || (cp[3] != ' ' && cp[3] != '-'))
 	    return (-1);
-	cp[3] = '-';
-	reply_patch_undo_offs = cp + 3 - STR(buffer);
+	reply_code_offs = cp - STR(buffer);
 	if ((next = strstr(cp, "\r\n")) == 0) {
 	    next = end;
 	    break;
@@ -127,53 +139,150 @@
 	    break;
 	}
     }
+    if (reply_code_offs < 0)
+	return (-1);
 
     /*
      * Truncate text after the first null, and truncate the trailing CRLF.
      */
     if (next < vstring_end(buffer))
 	vstring_truncate(buffer, next - STR(buffer));
+    reply_patch_undo_len = VSTRING_LEN(buffer);
 
     /*
      * Append the footer text one line at a time. Caution: before we append
      * parts from the buffer to itself, we must extend the buffer first,
      * otherwise we would have a dangling pointer "read" bug.
+     * 
+     * XXX mac_expand() has no template length argument, so we must
+     * null-terminate the template in the middle.
      */
-    dsn_len = dsn_valid(STR(buffer) + start + 4);
-    for (cp = template, end = cp + strlen(cp);;) {
+    dsn_offs = reply_code_offs + 4;
+    dsn_len = dsn_valid(STR(buffer) + dsn_offs);
+    line_added = 0;
+    saved_template = mystrdup(template);
+    for (cp = saved_template, end = cp + strlen(cp);;) {
 	if ((next = strstr(cp, "\\n")) != 0) {
 	    *next = 0;
 	} else {
 	    next = end;
 	}
-	if (cp == template && strncmp(cp, "\\c", 2) == 0) {
+	if (cp == saved_template && strncmp(cp, "\\c", 2) == 0) {
 	    /* Handle \c at start of template. */
 	    cp += 2;
 	} else {
 	    /* Append a clone of the SMTP reply code. */
 	    vstring_strcat(buffer, "\r\n");
 	    VSTRING_SPACE(buffer, 3);
-	    vstring_strncat(buffer, STR(buffer) + start, 3);
+	    vstring_strncat(buffer, STR(buffer) + reply_code_offs, 3);
 	    vstring_strcat(buffer, next != end ? "-" : " ");
 	    /* Append a clone of the optional enhanced status code. */
 	    if (dsn_len > 0) {
 		VSTRING_SPACE(buffer, dsn_len);
-		vstring_strncat(buffer, STR(buffer) + start + 4, dsn_len);
+		vstring_strncat(buffer, STR(buffer) + dsn_offs, dsn_len);
 		vstring_strcat(buffer, " ");
 	    }
-	    reply_patch_undo_offs = -1;
+	    line_added = 1;
 	}
 	/* Append one line of footer text. */
-	mac_expand(buffer, cp, MAC_EXP_FLAG_APPEND, filter, lookup, context);
+	mac_expand_error = (mac_expand(buffer, cp, MAC_EXP_FLAG_APPEND, filter,
+				       lookup, context) & MAC_PARSE_ERROR);
+	if (mac_expand_error)
+	    break;
 	if (next < end) {
-	    *next = '\\';
 	    cp = next + 2;
 	} else
 	    break;
     }
-    if (reply_patch_undo_offs > 0)
-	STR(buffer)[reply_patch_undo_offs] = ' ';
+    myfree(saved_template);
+    /* Discard appended text after error, or finalize the result. */
+    if (mac_expand_error) {
+	vstring_truncate(buffer, reply_patch_undo_len);
+	VSTRING_TERMINATE(buffer);
+    } else if (line_added > 0) {
+	STR(buffer)[reply_code_offs + 3] = '-';
+    }
+    /* Restore CRLF at end. */
     if (crlf_at_end)
 	vstring_strcat(buffer, "\r\n");
-    return (0);
+    return (mac_expand_error ? -2 : 0);
+}
+
+#ifdef TEST
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+struct test_case {
+    const char *title;
+    const char *orig_reply;
+    const char *template;
+    const char *filter;
+    int     expected_status;
+    const char *expected_reply;
+};
+
+#define NO_FILTER	((char *) 0)
+#define NO_TEMPLATE	"NO_TEMPLATE"
+#define NO_ERROR	(0)
+#define BAD_SMTP	(-1)
+#define BAD_MACRO	(-2)
+
+static const struct test_case test_cases[] = {
+    {"missing reply", "", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0},
+    {"long smtp_code", "1234 foo", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0},
+    {"short smtp_code", "12 foo", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0},
+    {"good+bad smtp_code", "321 foo\r\n1234 foo", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0},
+    {"1-line no dsn", "550 Foo", "\\c footer", NO_FILTER, NO_ERROR, "550 Foo footer"},
+    {"1-line no dsn", "550 Foo", "Bar", NO_FILTER, NO_ERROR, "550-Foo\r\n550 Bar"},
+    {"2-line no dsn", "550-Foo\r\n550 Bar", "Baz", NO_FILTER, NO_ERROR, "550-Foo\r\n550-Bar\r\n550 Baz"},
+    {"1-line with dsn", "550 5.1.1 Foo", "Bar", NO_FILTER, NO_ERROR, "550-5.1.1 Foo\r\n550 5.1.1 Bar"},
+    {"2-line with dsn", "550-5.1.1 Foo\r\n450 4.1.1 Bar", "Baz", NO_FILTER, NO_ERROR, "550-5.1.1 Foo\r\n450-4.1.1 Bar\r\n450 4.1.1 Baz"},
+    {"bad macro", "220 myhostname", "\\c ${whatever", NO_FILTER, BAD_MACRO, 0},
+    {"bad macroCRLF", "220 myhostname\r\n", "\\c ${whatever", NO_FILTER, BAD_MACRO, 0},
+    {"good macro", "220 myhostname", "\\c $whatever", NO_FILTER, NO_ERROR, "220 myhostname DUMMY"},
+    {"good macroCRLF", "220 myhostname\r\n", "\\c $whatever", NO_FILTER, NO_ERROR, "220 myhostname DUMMY\r\n"},
+    0,
+};
+
+static const char *lookup(const char *name, int unused_mode, void *context)
+{
+    return "DUMMY";
 }
+
+int     main(int argc, char **argv)
+{
+    struct test_case *tp;
+    int     status;
+    VSTRING *buf = vstring_alloc(10);
+    void   *context = 0;
+
+    msg_vstream_init(argv[0], VSTREAM_ERR);
+
+    for (tp = test_cases; tp->title != 0; tp++) {
+	vstring_strcpy(buf, tp->orig_reply);
+	status = smtp_reply_footer(buf, 0, tp->template, tp->filter,
+				   lookup, context);
+	if (status != tp->expected_status) {
+	    msg_warn("test \"%s\": status %d, expected %d",
+		     tp->title, status, tp->expected_status);
+	} else if (status < 0 && strcmp(STR(buf), tp->orig_reply) != 0) {
+	    msg_warn("test \"%s\": result \"%s\", expected \"%s\"",
+		     tp->title, STR(buf), tp->orig_reply);
+	} else if (status == 0 && strcmp(STR(buf), tp->expected_reply) != 0) {
+	    msg_warn("test \"%s\": result \"%s\", expected \"%s\"",
+		     tp->title, STR(buf), tp->expected_reply);
+	} else {
+	    msg_info("test \"%s\": pass", tp->title);
+	}
+    }
+    vstring_free(buf);
+    exit(0);
+}
+
+#endif
diff -Nru postfix-3.0.4/src/global/smtp_reply_footer.h postfix-3.1.0/src/global/smtp_reply_footer.h
--- postfix-3.0.4/src/global/smtp_reply_footer.h	2014-12-07 01:35:34.000000000 +0000
+++ postfix-3.1.0/src/global/smtp_reply_footer.h	2016-01-10 00:54:41.000000000 +0000
@@ -20,7 +20,7 @@
  /*
   * External interface.
   */
-extern int smtp_reply_footer(VSTRING *, ssize_t, char *, const char *,
+extern int smtp_reply_footer(VSTRING *, ssize_t, const char *, const char *,
 			             MAC_EXP_LOOKUP_FN, void *);
 
 /* LICENSE
@@ -32,6 +32,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 #endif
diff -Nru postfix-3.0.4/src/global/smtp_reply_footer.ref postfix-3.1.0/src/global/smtp_reply_footer.ref
--- postfix-3.0.4/src/global/smtp_reply_footer.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/global/smtp_reply_footer.ref	2016-01-09 16:22:58.000000000 +0000
@@ -0,0 +1,15 @@
+./smtp_reply_footer: test "missing reply": pass
+./smtp_reply_footer: test "long smtp_code": pass
+./smtp_reply_footer: test "short smtp_code": pass
+./smtp_reply_footer: test "good+bad smtp_code": pass
+./smtp_reply_footer: test "1-line no dsn": pass
+./smtp_reply_footer: test "1-line no dsn": pass
+./smtp_reply_footer: test "2-line no dsn": pass
+./smtp_reply_footer: test "1-line with dsn": pass
+./smtp_reply_footer: test "2-line with dsn": pass
+./smtp_reply_footer: warning: truncated macro reference: " ${whatever"
+./smtp_reply_footer: test "bad macro": pass
+./smtp_reply_footer: warning: truncated macro reference: " ${whatever"
+./smtp_reply_footer: test "bad macroCRLF": pass
+./smtp_reply_footer: test "good macro": pass
+./smtp_reply_footer: test "good macroCRLF": pass
diff -Nru postfix-3.0.4/src/global/uxtext.c postfix-3.1.0/src/global/uxtext.c
--- postfix-3.0.4/src/global/uxtext.c	2015-10-03 23:35:09.000000000 +0000
+++ postfix-3.1.0/src/global/uxtext.c	2015-10-03 20:42:15.000000000 +0000
@@ -243,6 +243,19 @@
     VSTRING *quoted = vstring_alloc(100);
     ssize_t len;
 
+    /*
+     * Negative tests.
+     */
+    if (uxtext_unquote(unquoted, "\\x{x1}") != 0)
+	msg_warn("undetected error pattern 1");
+    if (uxtext_unquote(unquoted, "\\x{2x}") != 0)
+	msg_warn("undetected error pattern 2");
+    if (uxtext_unquote(unquoted, "\\x{33") != 0)
+	msg_warn("undetected error pattern 3");
+
+    /*
+     * Positive tests.
+     */
     while ((len = read_buf(VSTREAM_IN, unquoted)) > 0) {
 	uxtext_quote(quoted, STR(unquoted), "+=");
 	if (uxtext_unquote(unquoted, STR(quoted)) == 0)
diff -Nru postfix-3.0.4/src/global/verify.c postfix-3.1.0/src/global/verify.c
--- postfix-3.0.4/src/global/verify.c	2015-01-27 19:33:29.000000000 +0000
+++ postfix-3.1.0/src/global/verify.c	2015-12-27 22:07:28.000000000 +0000
@@ -102,8 +102,9 @@
     if (var_verify_neg_cache || vrfy_stat == DEL_RCPT_STAT_OK) {
 	req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat,
 				      my_dsn.reason);
+	/* Two verify updates for one verify request! */
 	if (req_stat == VRFY_STAT_OK
-	    && strcasecmp_utf8(recipient->address, recipient->orig_addr) != 0)
+	  && strcasecmp_utf8(recipient->address, recipient->orig_addr) != 0)
 	    req_stat = verify_clnt_update(recipient->address, vrfy_stat,
 					  my_dsn.reason);
     } else {
diff -Nru postfix-3.0.4/src/global/xtext.c postfix-3.1.0/src/global/xtext.c
--- postfix-3.0.4/src/global/xtext.c	2015-10-03 23:35:21.000000000 +0000
+++ postfix-3.1.0/src/global/xtext.c	2015-10-03 20:43:23.000000000 +0000
@@ -163,6 +163,17 @@
     VSTRING *quoted = vstring_alloc(100);
     ssize_t len;
 
+    /*
+     * Negative tests.
+     */
+    if (xtext_unquote(unquoted, "++1") != 0)
+	msg_warn("undetected error pattern 1");
+    if (xtext_unquote(unquoted, "+2+") != 0)
+	msg_warn("undetected error pattern 2");
+
+    /*
+     * Positive tests.
+     */
     while ((len = read_buf(VSTREAM_IN, unquoted)) > 0) {
 	xtext_quote(quoted, STR(unquoted), "+=");
 	if (xtext_unquote(unquoted, STR(quoted)) == 0)
diff -Nru postfix-3.0.4/src/local/forward.c postfix-3.1.0/src/local/forward.c
--- postfix-3.0.4/src/local/forward.c	2015-01-29 20:34:14.000000000 +0000
+++ postfix-3.1.0/src/local/forward.c	2015-02-16 17:18:12.000000000 +0000
@@ -134,8 +134,11 @@
      * ourselves is that we don't really know who the recipients are.
      */
     cleanup = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service, BLOCKING);
-    if (cleanup == 0)
+    if (cleanup == 0) {
+	msg_warn("connect to %s/%s: %m",
+		 MAIL_CLASS_PUBLIC, var_cleanup_service);
 	FORWARD_OPEN_RETURN(0);
+    }
     close_on_exec(vstream_fileno(cleanup), CLOSE_ON_EXEC);
     if (attr_scan(cleanup, ATTR_FLAG_STRICT,
 		  RECV_ATTR_STR(MAIL_ATTR_QUEUEID, buffer),
diff -Nru postfix-3.0.4/src/local/.indent.pro postfix-3.1.0/src/local/.indent.pro
--- postfix-3.0.4/src/local/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/local/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/local/local.c postfix-3.1.0/src/local/local.c
--- postfix-3.0.4/src/local/local.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/local/local.c	2016-02-14 01:29:26.000000000 +0000
@@ -579,6 +579,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/master/event_server.c postfix-3.1.0/src/master/event_server.c
--- postfix-3.0.4/src/master/event_server.c	2015-01-28 18:39:38.000000000 +0000
+++ postfix-3.1.0/src/master/event_server.c	2016-02-14 14:26:22.000000000 +0000
@@ -122,7 +122,7 @@
 /*	by the event_server_disconnect() function (see below).
 /* .sp
 /*	Only the last instance of this parameter type is remembered.
-/* .IP "CA_MAIL_SERVER_IN_FLOW_DELAY
+/* .IP CA_MAIL_SERVER_IN_FLOW_DELAY
 /*	Pause $in_flow_delay seconds when no "mail flow control token"
 /*	is available. A token is consumed for each connection request.
 /* .IP CA_MAIL_SERVER_SOLITARY
diff -Nru postfix-3.0.4/src/master/.indent.pro postfix-3.1.0/src/master/.indent.pro
--- postfix-3.0.4/src/master/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/master/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/master/master.c postfix-3.1.0/src/master/master.c
--- postfix-3.0.4/src/master/master.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/master/master.c	2016-02-14 01:29:42.000000000 +0000
@@ -171,6 +171,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System libraries. */
diff -Nru postfix-3.0.4/src/master/multi_server.c postfix-3.1.0/src/master/multi_server.c
--- postfix-3.0.4/src/master/multi_server.c	2015-01-28 18:40:00.000000000 +0000
+++ postfix-3.1.0/src/master/multi_server.c	2016-02-14 14:26:22.000000000 +0000
@@ -119,7 +119,7 @@
 /*	by the multi_server_disconnect() function (see below).
 /* .sp
 /*	Only the last instance of this parameter type is remembered.
-/* .IP "CA_MAIL_SERVER_IN_FLOW_DELAY
+/* .IP CA_MAIL_SERVER_IN_FLOW_DELAY
 /*	Pause $in_flow_delay seconds when no "mail flow control token"
 /*	is available. A token is consumed for each connection request.
 /* .IP CA_MAIL_SERVER_SOLITARY
diff -Nru postfix-3.0.4/src/milter/.indent.pro postfix-3.1.0/src/milter/.indent.pro
--- postfix-3.0.4/src/milter/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/milter/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/milter/milter.c postfix-3.1.0/src/milter/milter.c
--- postfix-3.0.4/src/milter/milter.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/milter/milter.c	2016-01-24 00:42:19.000000000 +0000
@@ -11,7 +11,8 @@
 /*					conn_macros, helo_macros,
 /*					mail_macros, rcpt_macros,
 /*					data_macros, eoh_macros,
-/*					eod_macros, unk_macros)
+/*					eod_macros, unk_macros,
+/*					macro_deflts)
 /*	const char *milter_names;
 /*	int	conn_timeout;
 /*	int	cmd_timeout;
@@ -26,6 +27,7 @@
 /*	const char *eoh_macros;
 /*	const char *eod_macros;
 /*	const char *unk_macros;
+/*	const char *macro_deflts;
 /*
 /*	void	milter_free(milters)
 /*	MILTERS	*milters;
@@ -119,7 +121,9 @@
 /*	milter_create() instantiates the milter clients specified
 /*	with the milter_names argument.  The conn_macros etc.
 /*	arguments specify the names of macros that are sent to the
-/*	mail filter applications upon a connect etc. event. This
+/*	mail filter applications upon a connect etc. event, and the
+/*	macro_deflts argument specifies macro defaults that will be used
+/*	only if the application's lookup call-back returns null. This
 /*	function should be called during process initialization,
 /*	before entering a chroot jail. The timeout parameters specify
 /*	time limits for the completion of the specified request
@@ -226,6 +230,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -239,6 +248,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -259,6 +269,59 @@
   */
 #define STR(x)	vstring_str(x)
 
+/* milter_macro_defaults_create - parse default macro entries */
+
+HTABLE *milter_macro_defaults_create(const char *macro_defaults)
+{
+    const char myname[] = "milter_macro_defaults_create";
+    char   *saved_defaults = mystrdup(macro_defaults);
+    char   *cp = saved_defaults;
+    HTABLE *table = 0;
+    VSTRING *canon_buf = 0;
+    char   *nameval;
+
+    while ((nameval = mystrtokq(&cp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
+	const char *err;
+	char   *name;
+	char   *value;
+
+	/*
+	 * Split the input into (name, value) pairs. Allow the forms
+	 * name=value and  { name = value }, where the last form ignores
+	 * whitespace after the opening "{", around the "=", and before the
+	 * closing "}". A name may also be specified as {name}.
+	 * 
+	 * Use the form {name} for table lookups, because that is the form of
+	 * the S8_MAC_* macro names.
+	 */
+	if (*nameval == CHARS_BRACE[0]
+	    && nameval[balpar(nameval, CHARS_BRACE)] != '='
+	    && (err = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_NONE)) != 0)
+	    msg_fatal("malformed default macro entry: %s in \"%s\"",
+		      err, macro_defaults);
+	if ((err = split_nameval(nameval, &name, &value)) != 0)
+	    msg_fatal("malformed default macro entry: %s in \"%s\"",
+		      err, macro_defaults);
+	if (*name != '{')			/* } */
+	    name = STR(vstring_sprintf(canon_buf ? canon_buf :
+			    (canon_buf = vstring_alloc(20)), "{%s}", name));
+	if (table == 0)
+	    table = htable_create(1);
+	if (htable_find(table, name) != 0) {
+	    msg_warn("ignoring multiple default macro entries for %s in \"%s\"",
+		     name, macro_defaults);
+	} else {
+	    (void) htable_enter(table, name, mystrdup(value));
+	    if (msg_verbose)
+		msg_info("%s: add name=%s default=%s", myname, name, value);
+	}
+    }
+    myfree(saved_defaults);
+    if (canon_buf)
+	vstring_free(canon_buf);
+    return (table);
+}
+
 /* milter_macro_lookup - look up macros */
 
 static ARGV *milter_macro_lookup(MILTERS *milters, const char *macro_names)
@@ -267,19 +330,28 @@
     char   *saved_names = mystrdup(macro_names);
     char   *cp = saved_names;
     ARGV   *argv = argv_alloc(10);
+    VSTRING *canon_buf = vstring_alloc(20);
     const char *value;
     const char *name;
 
     while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
 	if (msg_verbose)
 	    msg_info("%s: \"%s\"", myname, name);
+	if (*name != '{')			/* } */
+	    name = STR(vstring_sprintf(canon_buf, "{%s}", name));
 	if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
 	    if (msg_verbose)
 		msg_info("%s: result \"%s\"", myname, value);
 	    argv_add(argv, name, value, (char *) 0);
+	} else if (milters->macro_defaults != 0
+	     && (value = htable_find(milters->macro_defaults, name)) != 0) {
+	    if (msg_verbose)
+		msg_info("%s: using default \"%s\"", myname, value);
+	    argv_add(argv, name, value, (char *) 0);
 	}
     }
     myfree(saved_names);
+    vstring_free(canon_buf);
     return (argv);
 }
 
@@ -572,7 +644,8 @@
 		            int msg_timeout,
 		            const char *protocol,
 		            const char *def_action,
-		            MILTER_MACROS *macros)
+		            MILTER_MACROS *macros,
+		            HTABLE *macro_defaults)
 {
     MILTERS *milters;
     MILTER *head = 0;
@@ -642,6 +715,7 @@
     milters->mac_lookup = 0;
     milters->mac_context = 0;
     milters->macros = macros;
+    milters->macro_defaults = macro_defaults;
     milters->add_header = 0;
     milters->upd_header = milters->ins_header = 0;
     milters->del_header = 0;
@@ -664,6 +738,8 @@
 	next = m->next, m->free(m);
     if (milters->macros)
 	milter_macros_free(milters->macros);
+    if (milters->macro_defaults)
+	htable_free(milters->macro_defaults, myfree);
     myfree((void *) milters);
 }
 
@@ -721,6 +797,18 @@
 		      ATTR_TYPE_END);
 
     /*
+     * Send the filter macro defaults.
+     */
+    count = milters->macro_defaults ? milters->macro_defaults->used : 0;
+    (void) attr_print(stream, ATTR_FLAG_MORE,
+		      SEND_ATTR_INT(MAIL_ATTR_SIZE, count),
+		      ATTR_TYPE_END);
+    if (count > 0)
+	(void) attr_print(stream, ATTR_FLAG_MORE,
+			  SEND_ATTR_HASH(milters->macro_defaults),
+			  ATTR_TYPE_END);
+
+    /*
      * Send the filter instances.
      */
     for (m = milters->milter_list; m != 0; m = m->next)
@@ -749,6 +837,7 @@
     MILTER *head = 0;
     MILTER *tail = 0;
     MILTER *milter = 0;
+    int     macro_default_count;
 
     if (msg_verbose)
 	msg_info("receive %d milters", count);
@@ -763,9 +852,10 @@
 #define NO_PROTOCOL	((char *) 0)
 #define NO_ACTION	((char *) 0)
 #define NO_MACROS	((MILTER_MACROS *) 0)
+#define NO_MACRO_DEFLTS	((HTABLE *) 0)
 
     milters = milter_new(NO_MILTERS, NO_TIMEOUTS, NO_PROTOCOL, NO_ACTION,
-			 NO_MACROS);
+			 NO_MACROS, NO_MACRO_DEFLTS);
 
     /*
      * XXX Optimization: don't send or receive further information when there
@@ -787,6 +877,21 @@
     }
 
     /*
+     * Receive the filter macro defaults.
+     */
+    if (attr_scan(stream, ATTR_FLAG_STRICT | ATTR_FLAG_MORE,
+		  RECV_ATTR_INT(MAIL_ATTR_SIZE, ¯o_default_count),
+		  ATTR_TYPE_END) != 1
+	|| (macro_default_count > 0
+	    && attr_scan(stream, ATTR_FLAG_STRICT | ATTR_FLAG_MORE,
+			 RECV_ATTR_HASH(milters->macro_defaults
+					= htable_create(1)),
+			 ATTR_TYPE_END) != macro_default_count)) {
+	milter_free(milters);
+	return (0);
+    }
+
+    /*
      * Receive the filters.
      */
     for (; count > 0; count--) {
@@ -872,6 +977,7 @@
     MILTERS *milters = 0;
     char   *conn_macros, *helo_macros, *mail_macros, *rcpt_macros;
     char   *data_macros, *eoh_macros, *eod_macros, *unk_macros;
+    char   *macro_deflts;
     VSTRING *inbuf = vstring_alloc(100);
     char   *bufp;
     char   *cmd;
@@ -879,7 +985,7 @@
     int     istty = isatty(vstream_fileno(VSTREAM_IN));
 
     conn_macros = helo_macros = mail_macros = rcpt_macros = data_macros
-	= eoh_macros = eod_macros = unk_macros = "";
+	= eoh_macros = eod_macros = unk_macros = macro_deflts = "";
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
     while ((ch = GETOPT(argc, argv, "V:v")) > 0) {
@@ -934,7 +1040,7 @@
 				    var_milt_protocol, var_milt_def_action,
 				    conn_macros, helo_macros, mail_macros,
 				    rcpt_macros, data_macros, eoh_macros,
-				    eod_macros, unk_macros);
+				    eod_macros, unk_macros, macro_deflts);
 	} else if (strcmp(cmd, "free") == 0 && argv->argc == 0) {
 	    if (milters == 0) {
 		msg_warn("no milters");
diff -Nru postfix-3.0.4/src/milter/milter.h postfix-3.1.0/src/milter/milter.h
--- postfix-3.0.4/src/milter/milter.h	2014-10-19 21:39:32.000000000 +0000
+++ postfix-3.1.0/src/milter/milter.h	2016-01-24 00:44:00.000000000 +0000
@@ -85,6 +85,11 @@
 #define MILTER_MACROS_ALLOC_EMPTY	2	/* mystrdup(""); */
 
  /*
+  * Helper to parse list of name=value default macro settings.
+  */
+extern struct HTABLE *milter_macro_defaults_create(const char *);
+
+ /*
   * A bunch of Milters.
   */
 typedef const char *(*MILTER_MAC_LOOKUP_FN) (const char *, void *);
@@ -101,6 +106,7 @@
     MILTER_MAC_LOOKUP_FN mac_lookup;
     void   *mac_context;		/* macro lookup context */
     struct MILTER_MACROS *macros;
+    struct HTABLE *macro_defaults;
     void   *chg_context;		/* context for queue file changes */
     MILTER_ADD_HEADER_FN add_header;
     MILTER_EDIT_HEADER_FN upd_header;
@@ -116,14 +122,16 @@
 #define milter_create(milter_names, conn_timeout, cmd_timeout, msg_timeout, \
 			protocol, def_action, conn_macros, helo_macros, \
 			mail_macros, rcpt_macros, data_macros, eoh_macros, \
-			eod_macros, unk_macros) \
+			eod_macros, unk_macros, macro_deflts) \
 	milter_new(milter_names, conn_timeout, cmd_timeout, msg_timeout, \
 		    protocol, def_action, milter_macros_create(conn_macros, \
 		    helo_macros, mail_macros, rcpt_macros, data_macros, \
-		    eoh_macros, eod_macros, unk_macros))
+		    eoh_macros, eod_macros, unk_macros), \
+		    milter_macro_defaults_create(macro_deflts))
 
 extern MILTERS *milter_new(const char *, int, int, int, const char *,
-			           const char *, MILTER_MACROS *);
+			           const char *, MILTER_MACROS *,
+			           struct HTABLE *);
 extern void milter_macro_callback(MILTERS *, MILTER_MAC_LOOKUP_FN, void *);
 extern void milter_edit_callback(MILTERS *milters, MILTER_ADD_HEADER_FN,
 		               MILTER_EDIT_HEADER_FN, MILTER_EDIT_HEADER_FN,
@@ -201,6 +209,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 #endif
diff -Nru postfix-3.0.4/src/milter/test-milter.c postfix-3.1.0/src/milter/test-milter.c
--- postfix-3.0.4/src/milter/test-milter.c	2014-01-07 23:29:08.000000000 +0000
+++ postfix-3.1.0/src/milter/test-milter.c	2016-02-14 14:26:22.000000000 +0000
@@ -22,7 +22,7 @@
 /* .IP "\fB-A address\fR"
 /*	Add the specified recipient address (specify ESMTP parameters
 /*	separated by space). Multiple -A options are supported.
-/* .IP "\fB-b pathname
+/* .IP "\fB-b pathname\fR"
 /*	Replace the message body by the content of the specified file.
 /* .IP "\fB-c connect|helo|mail|rcpt|data|header|eoh|body|eom|unknown|close|abort\fR"
 /*	When to send the non-default reply specified with \fB-a\fR.
@@ -34,7 +34,7 @@
 /* .IP "\fB-D\fI address\fR"
 /*	Delete the specified recipient address. Multiple -D options
 /*	are supported.
-/* .IP "\fB-f \fIsender\fR
+/* .IP "\fB-f \fIsender\fR"
 /*	Replace the sender by the specified address.
 /* .IP "\fB-h \fI'index header-label header-value'\fR"
 /*	Replace the message header at the specified position.
diff -Nru postfix-3.0.4/src/oqmgr/.indent.pro postfix-3.1.0/src/oqmgr/.indent.pro
--- postfix-3.0.4/src/oqmgr/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/oqmgr/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/oqmgr/qmgr.c postfix-3.1.0/src/oqmgr/qmgr.c
--- postfix-3.0.4/src/oqmgr/qmgr.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/oqmgr/qmgr.c	2016-02-14 14:26:22.000000000 +0000
@@ -73,7 +73,7 @@
 /* .IP "\fBslow start\fR"
 /*	This strategy eliminates "thundering herd" problems by slowly
 /*	adjusting the number of parallel deliveries to the same destination.
-/* .IP "\fBround robin\fR
+/* .IP "\fBround robin\fR"
 /*	The queue manager sorts delivery requests by destination.
 /*	Round-robin selection prevents one destination from dominating
 /*	deliveries to other destinations.
@@ -253,7 +253,15 @@
 /*	The default amount of delay that is inserted between individual
 /*	deliveries to the same destination; the resulting behavior depends
 /*	on the value of the corresponding per-destination recipient limit.
-/* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay
+/* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay\fR"
+/*	Idem, for delivery via the named message \fItransport\fR.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBdefault_transport_rate_delay (0s)\fR"
+/*	The default amount of delay that is inserted between individual
+/*	deliveries over the same message delivery transport, regardless of
+/*	destination.
+/* .IP "\fItransport\fB_transport_rate_delay $default_transport_rate_delay\fR"
 /*	Idem, for delivery via the named message \fItransport\fR.
 /* SAFETY CONTROLS
 /* .ad
@@ -264,6 +272,11 @@
 /* .IP "\fBqmgr_ipc_timeout (60s)\fR"
 /*	The time limit for the queue manager to send or receive information
 /*	over an internal communication channel.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR"
+/*	A safety limit that prevents address verification requests from
+/*	overwhelming the Postfix queue.
 /* MISCELLANEOUS CONTROLS
 /* .ad
 /* .fi
@@ -326,6 +339,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -386,11 +404,13 @@
 char   *var_conc_neg_feedback;
 int     var_conc_cohort_limit;
 int     var_conc_feedback_debug;
+int     var_xport_rate_delay;
 int     var_dest_rate_delay;
 char   *var_def_filter_nexthop;
 int     var_qmgr_daemon_timeout;
 int     var_qmgr_ipc_timeout;
 int     var_dsn_delay_cleared;
+int     var_vrfy_pend_limit;
 
 static QMGR_SCAN *qmgr_scans[2];
 
@@ -634,6 +654,7 @@
 	VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000,
 	VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0,
 	VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0,
+	VAR_XPORT_RATE_DELAY, DEF_XPORT_RATE_DELAY, &var_xport_rate_delay, 0, 0,
 	VAR_DEST_RATE_DELAY, DEF_DEST_RATE_DELAY, &var_dest_rate_delay, 0, 0,
 	VAR_QMGR_DAEMON_TIMEOUT, DEF_QMGR_DAEMON_TIMEOUT, &var_qmgr_daemon_timeout, 1, 0,
 	VAR_QMGR_IPC_TIMEOUT, DEF_QMGR_IPC_TIMEOUT, &var_qmgr_ipc_timeout, 1, 0,
@@ -649,6 +670,7 @@
 	VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0,
 	VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0,
 	VAR_CONC_COHORT_LIM, DEF_CONC_COHORT_LIM, &var_conc_cohort_limit, 0, 0,
+	VAR_VRFY_PEND_LIMIT, DEF_VRFY_PEND_LIMIT, &var_vrfy_pend_limit, 1, 0,
 	0,
     };
     static const CONFIG_BOOL_TABLE bool_table[] = {
diff -Nru postfix-3.0.4/src/oqmgr/qmgr_deliver.c postfix-3.1.0/src/oqmgr/qmgr_deliver.c
--- postfix-3.0.4/src/oqmgr/qmgr_deliver.c	2014-12-14 18:22:05.000000000 +0000
+++ postfix-3.1.0/src/oqmgr/qmgr_deliver.c	2015-07-12 00:17:28.000000000 +0000
@@ -40,6 +40,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -77,6 +82,14 @@
 
 #include "qmgr.h"
 
+ /*
+  * Important note on the _transport_rate_delay implementation: after
+  * qmgr_transport_alloc() sets the QMGR_TRANSPORT_STAT_RATE_LOCK flag, all
+  * code paths must directly or indirectly invoke qmgr_transport_unthrottle()
+  * or qmgr_transport_throttle(). Otherwise, transports with non-zero
+  * _transport_rate_delay will become stuck.
+  */
+
 int     qmgr_deliver_concurrency;
 
  /*
@@ -341,9 +354,10 @@
      * No problems detected. Mark the transport and queue as alive. The queue
      * itself won't go away before we dispose of the current queue entry.
      */
-    if (status != DELIVER_STAT_CRASH && VSTRING_LEN(dsb->reason) == 0) {
+    if (status != DELIVER_STAT_CRASH) {
 	qmgr_transport_unthrottle(transport);
-	qmgr_queue_unthrottle(queue);
+	if (VSTRING_LEN(dsb->reason) == 0)
+	    qmgr_queue_unthrottle(queue);
     }
 
     /*
diff -Nru postfix-3.0.4/src/oqmgr/qmgr.h postfix-3.1.0/src/oqmgr/qmgr.h
--- postfix-3.0.4/src/oqmgr/qmgr.h	2014-07-07 20:19:58.000000000 +0000
+++ postfix-3.1.0/src/oqmgr/qmgr.h	2015-12-27 21:30:56.000000000 +0000
@@ -163,10 +163,12 @@
     QMGR_FEEDBACK pos_feedback;		/* positive feedback control */
     QMGR_FEEDBACK neg_feedback;		/* negative feedback control */
     int     fail_cohort_limit;		/* flow shutdown control */
+    int     xport_rate_delay;		/* suspend per delivery */
     int     rate_delay;			/* suspend per delivery */
 };
 
 #define QMGR_TRANSPORT_STAT_DEAD	(1<<1)
+#define QMGR_TRANSPORT_STAT_RATE_LOCK	(1<<2)
 
 typedef void (*QMGR_TRANSPORT_ALLOC_NOTIFY) (QMGR_TRANSPORT *, VSTREAM *);
 extern QMGR_TRANSPORT *qmgr_transport_select(void);
@@ -328,6 +330,7 @@
 
 extern int qmgr_message_count;
 extern int qmgr_recipient_count;
+extern int qmgr_vrfy_pend_count;
 
 extern void qmgr_message_free(QMGR_MESSAGE *);
 extern void qmgr_message_update_warn(QMGR_MESSAGE *);
diff -Nru postfix-3.0.4/src/oqmgr/qmgr_message.c postfix-3.1.0/src/oqmgr/qmgr_message.c
--- postfix-3.0.4/src/oqmgr/qmgr_message.c	2015-01-27 19:33:29.000000000 +0000
+++ postfix-3.1.0/src/oqmgr/qmgr_message.c	2015-12-27 21:30:56.000000000 +0000
@@ -8,6 +8,7 @@
 /*
 /*	int	qmgr_message_count;
 /*	int	qmgr_recipient_count;
+/*	int	qmgr_vrfy_pend_count;
 /*
 /*	QMGR_MESSAGE *qmgr_message_alloc(class, name, qflags, mode)
 /*	const char *class;
@@ -38,6 +39,13 @@
 /*	of in-core recipient structures (i.e. the sum of all recipients
 /*	in all in-core message structures).
 /*
+/*	qmgr_vrfy_pend_count is a global counter for the total
+/*	number of in-core message structures that are associated
+/*	with an address verification request. Requests that exceed
+/*	the address_verify_pending_limit are deferred immediately.
+/*	This is a backup mechanism for a more refined enforcement
+/*	mechanism in the verify(8) daemon.
+/*
 /*	qmgr_message_alloc() creates an in-core message structure
 /*	with sender and recipient information taken from the named queue
 /*	file. A null result means the queue file could not be read or
@@ -136,6 +144,7 @@
 
 int     qmgr_message_count;
 int     qmgr_recipient_count;
+int     qmgr_vrfy_pend_count;
 
 /* qmgr_message_create - create in-core message structure */
 
@@ -705,11 +714,15 @@
 	     * after the logfile is deleted.
 	     */
 	    else if (strcmp(name, MAIL_ATTR_TRACE_FLAGS) == 0) {
-		message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
-		if (message->tflags == DEL_REQ_FLAG_RECORD)
-		    message->tflags_offset = curr_offset;
-		else
-		    message->tflags_offset = 0;
+		if (message->tflags == 0) {
+		    message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
+		    if (message->tflags == DEL_REQ_FLAG_RECORD)
+			message->tflags_offset = curr_offset;
+		    else
+			message->tflags_offset = 0;
+		    if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) != 0)
+			qmgr_vrfy_pend_count++;
+		}
 	    }
 	    continue;
 	}
@@ -1108,6 +1121,14 @@
 	}
 
 	/*
+	 * Safety: defer excess address verification requests.
+	 */
+	if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) != 0
+	    && qmgr_vrfy_pend_count > var_vrfy_pend_limit)
+	    QMGR_REDIRECT(&reply, MAIL_SERVICE_RETRY,
+			  "4.3.2 Too many address verification requests");
+
+	/*
 	 * Look up or instantiate the proper transport.
 	 */
 	if (transport == 0 || !STREQ(transport->name, STR(reply.transport))) {
@@ -1310,6 +1331,8 @@
 	myfree(message->rewrite_context);
     recipient_list_free(&message->rcpt_list);
     qmgr_message_count--;
+    if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) != 0)
+	qmgr_vrfy_pend_count--;
     myfree((void *) message);
 }
 
diff -Nru postfix-3.0.4/src/oqmgr/qmgr_transport.c postfix-3.1.0/src/oqmgr/qmgr_transport.c
--- postfix-3.0.4/src/oqmgr/qmgr_transport.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/oqmgr/qmgr_transport.c	2015-07-12 00:17:11.000000000 +0000
@@ -64,6 +64,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -158,6 +163,14 @@
 #define QMGR_TRANSPORT_MAX_PEND	2
 #endif
 
+ /*
+  * Important note on the _transport_rate_delay implementation: after
+  * qmgr_transport_alloc() sets the QMGR_TRANSPORT_STAT_RATE_LOCK flag, all
+  * code paths must directly or indirectly invoke qmgr_transport_unthrottle()
+  * or qmgr_transport_throttle(). Otherwise, transports with non-zero
+  * _transport_rate_delay will become stuck.
+  */
+
 /* qmgr_transport_unthrottle_wrapper - in case (char *) != (struct *) */
 
 static void qmgr_transport_unthrottle_wrapper(int unused_event, void *context)
@@ -175,7 +188,7 @@
      * This routine runs after expiration of the timer set by
      * qmgr_transport_throttle(), or whenever a delivery transport has been
      * used without malfunction. In either case, we enable delivery again if
-     * the transport was blocked, otherwise the request is ignored.
+     * the transport was throttled. We always reset the transport rate lock.
      */
     if ((transport->flags & QMGR_TRANSPORT_STAT_DEAD) != 0) {
 	if (msg_verbose)
@@ -189,6 +202,8 @@
 	event_cancel_timer(qmgr_transport_unthrottle_wrapper,
 			   (void *) transport);
     }
+    if (transport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK)
+	transport->flags &= ~QMGR_TRANSPORT_STAT_RATE_LOCK;
 }
 
 /* qmgr_transport_throttle - disable delivery process allocation */
@@ -225,6 +240,16 @@
     msg_fatal("timeout connecting to transport: %s", alloc->transport->name);
 }
 
+/* qmgr_transport_rate_event - delivery process availability notice */
+
+static void qmgr_transport_rate_event(int unused_event, void *context)
+{
+    QMGR_TRANSPORT_ALLOC *alloc = (QMGR_TRANSPORT_ALLOC *) context;
+
+    alloc->notify(alloc->transport, alloc->stream);
+    myfree((void *) alloc);
+}
+
 /* qmgr_transport_event - delivery process availability notice */
 
 static void qmgr_transport_event(int unused_event, void *context)
@@ -256,8 +281,16 @@
     /*
      * Notify the requestor.
      */
-    alloc->notify(alloc->transport, alloc->stream);
-    myfree((void *) alloc);
+    if (alloc->transport->xport_rate_delay > 0) {
+	if ((alloc->transport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK) == 0)
+	    msg_panic("transport_event: missing rate lock for transport %s",
+		      alloc->transport->name);
+	event_request_timer(qmgr_transport_rate_event, (void *) alloc,
+			    alloc->transport->xport_rate_delay);
+    } else {
+	alloc->notify(alloc->transport, alloc->stream);
+	myfree((void *) alloc);
+    }
 }
 
 /* qmgr_transport_select - select transport for allocation */
@@ -282,6 +315,7 @@
 
     for (xport = qmgr_transport_list.next; xport; xport = xport->peers.next) {
 	if ((xport->flags & QMGR_TRANSPORT_STAT_DEAD) != 0
+	    || (xport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK) != 0
 	    || xport->pending >= QMGR_TRANSPORT_MAX_PEND)
 	    continue;
 	need = xport->pending + 1;
@@ -311,10 +345,19 @@
      */
     if (transport->flags & QMGR_TRANSPORT_STAT_DEAD)
 	msg_panic("qmgr_transport: dead transport: %s", transport->name);
+    if (transport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK)
+	msg_panic("qmgr_transport: rate-locked transport: %s", transport->name);
     if (transport->pending >= QMGR_TRANSPORT_MAX_PEND)
 	msg_panic("qmgr_transport: excess allocation: %s", transport->name);
 
     /*
+     * When this message delivery transport is rate-limited, do not select it
+     * again before the end of a message delivery transaction.
+     */
+    if (transport->xport_rate_delay > 0)
+	transport->flags |= QMGR_TRANSPORT_STAT_RATE_LOCK;
+
+    /*
      * Connect to the well-known port for this delivery service, and wake up
      * when a process announces its availability. Allow only a limited number
      * of delivery process allocation attempts for this transport. In case of
@@ -387,6 +430,9 @@
     transport->init_dest_concurrency =
 	get_mail_conf_int2(name, _INIT_DEST_CON,
 			   var_init_dest_concurrency, 1, 0);
+    transport->xport_rate_delay = get_mail_conf_time2(name, _XPORT_RATE_DELAY,
+						      var_xport_rate_delay,
+						      's', 0, 0);
     transport->rate_delay = get_mail_conf_time2(name, _DEST_RATE_DELAY,
 						var_dest_rate_delay,
 						's', 0, 0);
diff -Nru postfix-3.0.4/src/pickup/.indent.pro postfix-3.1.0/src/pickup/.indent.pro
--- postfix-3.0.4/src/pickup/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/pickup/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/pickup/pickup.c postfix-3.1.0/src/pickup/pickup.c
--- postfix-3.0.4/src/pickup/pickup.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/pickup/pickup.c	2016-02-14 01:30:01.000000000 +0000
@@ -97,6 +97,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/pipe/.indent.pro postfix-3.1.0/src/pipe/.indent.pro
--- postfix-3.0.4/src/pipe/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/pipe/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/pipe/pipe.c postfix-3.1.0/src/pipe/pipe.c
--- postfix-3.0.4/src/pipe/pipe.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/pipe/pipe.c	2016-02-14 01:30:11.000000000 +0000
@@ -434,6 +434,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/postalias/.indent.pro postfix-3.1.0/src/postalias/.indent.pro
--- postfix-3.0.4/src/postalias/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postalias/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postalias/postalias.c postfix-3.1.0/src/postalias/postalias.c
--- postfix-3.0.4/src/postalias/postalias.c	2015-01-28 00:47:41.000000000 +0000
+++ postfix-3.1.0/src/postalias/postalias.c	2016-02-14 01:25:27.000000000 +0000
@@ -215,6 +215,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -801,8 +806,8 @@
 	}
     }
     mail_conf_read();
-    if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
-	msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
+    /* Re-evaluate mail_task() after reading main.cf. */
+    msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
     mail_dict_init();
 
     /*
diff -Nru postfix-3.0.4/src/postcat/.indent.pro postfix-3.1.0/src/postcat/.indent.pro
--- postfix-3.0.4/src/postcat/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postcat/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postcat/postcat.c postfix-3.1.0/src/postcat/postcat.c
--- postfix-3.0.4/src/postcat/postcat.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/postcat/postcat.c	2016-02-14 01:25:47.000000000 +0000
@@ -82,6 +82,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/postconf/.indent.pro postfix-3.1.0/src/postconf/.indent.pro
--- postfix-3.0.4/src/postconf/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postconf/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postconf/Makefile.in postfix-3.1.0/src/postconf/Makefile.in
--- postfix-3.0.4/src/postconf/Makefile.in	2015-01-28 00:13:14.000000000 +0000
+++ postfix-3.1.0/src/postconf/Makefile.in	2016-01-31 21:05:46.000000000 +0000
@@ -22,6 +22,8 @@
 SAMPLES	= ../../conf/main.cf.default
 INC_DIR	= ../../include
 LIBS	= ../../lib/libxsasl.a \
+	../../lib/lib$(LIB_PREFIX)tls$(LIB_SUFFIX) \
+	../../lib/lib$(LIB_PREFIX)dns$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)global$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX)
 
@@ -49,7 +51,8 @@
 	test22 test23 test24 test25 test26 test27 test28 test29 test30 test4b \
 	test31 test32 test33 test34 test35 test36 test37 test39 test40 test41 \
 	test42 test43 test44 test45 test46 test47 test48 test49 test50 test51 \
-	test52 test53 test54 test55 test56 test57 test58 test59
+	test52 test53 test54 test55 test56 test57 test58 test59 test60 test61 \
+	test62 test63
 
 root_tests:
 
@@ -805,6 +808,46 @@
 	diff test59.ref test59.tmp
 	rm -f main.cf master.cf test59.tmp
 
+test60: $(PROG) test60.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo foo unix - n n - 0 other >> master.cf
+	echo ' -o always_bcc=bar' >> master.cf
+	touch -t 197101010000 main.cf
+	$(SHLIB_ENV) ./$(PROG) -Fhc. >test60.tmp 2>&1 || true
+	diff test60.ref test60.tmp
+	rm -f main.cf master.cf test60.tmp
+
+test61: $(PROG) test61.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo foo unix - n n - 0 other >> master.cf
+	echo ' -o always_bcc=bar' >> master.cf
+	touch -t 197101010000 main.cf
+	$(SHLIB_ENV) ./$(PROG) -Phc. >test61.tmp 2>&1 || true
+	diff test61.ref test61.tmp
+	rm -f main.cf master.cf test61.tmp
+
+test62: $(PROG) test62.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo foo unix - n n - 0 other >> master.cf
+	echo ' -o always_bcc=bar' >> master.cf
+	touch -t 197101010000 main.cf
+	$(SHLIB_ENV) ./$(PROG) -FHc. >test62.tmp 2>&1 || true
+	diff test62.ref test62.tmp
+	rm -f main.cf master.cf test62.tmp
+
+test63: $(PROG) test63.ref
+	rm -f main.cf master.cf
+	touch main.cf master.cf
+	echo foo unix - n n - 0 other >> master.cf
+	echo ' -o always_bcc=bar' >> master.cf
+	touch -t 197101010000 main.cf
+	$(SHLIB_ENV) ./$(PROG) -PHc. >test63.tmp 2>&1 || true
+	diff test63.ref test63.tmp
+	rm -f main.cf master.cf test63.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
@@ -1054,11 +1097,16 @@
 postconf_other.o: ../../include/argv.h
 postconf_other.o: ../../include/check_arg.h
 postconf_other.o: ../../include/dict.h
+postconf_other.o: ../../include/dns.h
 postconf_other.o: ../../include/htable.h
 postconf_other.o: ../../include/mbox_conf.h
+postconf_other.o: ../../include/myaddrinfo.h
 postconf_other.o: ../../include/myflock.h
 postconf_other.o: ../../include/name_code.h
+postconf_other.o: ../../include/name_mask.h
+postconf_other.o: ../../include/sock_addr.h
 postconf_other.o: ../../include/sys_defs.h
+postconf_other.o: ../../include/tls.h
 postconf_other.o: ../../include/vbuf.h
 postconf_other.o: ../../include/vstream.h
 postconf_other.o: ../../include/vstring.h
diff -Nru postfix-3.0.4/src/postconf/postconf_builtin.c postfix-3.1.0/src/postconf/postconf_builtin.c
--- postfix-3.0.4/src/postconf/postconf_builtin.c	2014-12-12 00:59:44.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf_builtin.c	2016-01-16 23:48:42.000000000 +0000
@@ -30,6 +30,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -136,6 +141,7 @@
     {"fallback_relay", ""},
     {"authorized_verp_clients", ""},
     {"smtpd_client_connection_limit_exceptions", ""},
+    {"postscreen_dnsbl_ttl", ""},
     0,
 };
 
diff -Nru postfix-3.0.4/src/postconf/postconf.c postfix-3.1.0/src/postconf/postconf.c
--- postfix-3.0.4/src/postconf/postconf.c	2015-01-31 21:23:12.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf.c	2016-02-14 21:32:54.000000000 +0000
@@ -5,9 +5,10 @@
 /*	Postfix configuration utility
 /* SYNOPSIS
 /* .fi
+/* .ti -4
 /*	\fBManaging main.cf:\fR
 /*
-/*	\fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconfig_dir\fR]
+/*	\fBpostconf\fR [\fB-dfhHnopvx\fR] [\fB-c \fIconfig_dir\fR]
 /*	[\fB-C \fIclass,...\fR] [\fIparameter ...\fR]
 /*
 /*	\fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR]
@@ -19,6 +20,7 @@
 /*	\fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR]
 /*	\fIparameter ...\fR
 /*
+/* .ti -4
 /*	\fBManaging master.cf service entries:\fR
 /*
 /*	\fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
@@ -33,17 +35,19 @@
 /*	\fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
 /*	\fIservice\fB/\fItype ...\fR
 /*
+/* .ti -4
 /*	\fBManaging master.cf service fields:\fR
 /*
-/*	\fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
+/*	\fBpostconf\fR \fB-F\fR [\fB-fhHovx\fR] [\fB-c \fIconfig_dir\fR]
 /*	[\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR]
 /*
 /*	\fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
 /*	\fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR
 /*
+/* .ti -4
 /*	\fBManaging master.cf service parameters:\fR
 /*
-/*	\fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
+/*	\fBpostconf\fR \fB-P\fR [\fB-fhHovx\fR] [\fB-c \fIconfig_dir\fR]
 /*	[\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR]
 /*
 /*	\fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
@@ -52,6 +56,7 @@
 /*	\fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
 /*	\fIservice\fB/\fItype\fB/\fIparameter ...\fR
 /*
+/* .ti -4
 /*	\fBManaging bounce message templates:\fR
 /*
 /*	\fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
@@ -60,6 +65,12 @@
 /*	\fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
 /*	[\fItemplate_file\fR]
 /*
+/* .ti -4
+/*	\fBManaging TLS features:\fR
+/*
+/*	\fBpostconf\fR \fB-T \fImode\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
+/*
+/* .ti -4
 /*	\fBManaging other configuration:\fR
 /*
 /*	\fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR]
@@ -183,9 +194,9 @@
 /*	This feature is available with Postfix 2.9 and later.
 /* .IP \fB-F\fR
 /*	Show \fBmaster.cf\fR per-entry field settings (by default
-/*	all services and all fields), formatted as one
-/*	"\fIservice/type/field=value\fR" per line. Specify \fB-Ff\fR
-/*	to fold long lines.
+/*	all services and all fields), formatted as
+/*	"\fIservice/type/field=value\fR", one per line. Specify
+/*	\fB-Ff\fR to fold long lines.
 /*
 /*	Specify one or more "\fIservice/type/field\fR" instances
 /*	on the \fBpostconf\fR(1) command line to limit the output
@@ -197,6 +208,11 @@
 /* .IP \fB-h\fR
 /*	Show parameter or attribute values without the "\fIname\fR
 /*	= " label that normally precedes the value.
+/* .IP \fB-H\fR
+/*	Show parameter or attribute names without the " = \fIvalue\fR"
+/*	that normally follows the name.
+/*
+/*	This feature is available with Postfix 3.1 and later.
 /* .IP \fB-l\fR
 /*	List the names of all supported mailbox locking methods.
 /*	Postfix supports the following methods:
@@ -294,8 +310,9 @@
 /*	"\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query
 /*	returns a random choice from the specified results. The first
 /*	and last characters of the "randmap:" table name must be
-/*	"\fB{\fR" and "\fB}\fR".  Within these, individual maps are
-/*	separated with comma or whitespace.
+/*	"\fB{\fR" and "\fB}\fR".  Within these, individual results
+/*	are separated with comma or whitespace. To give a specific
+/*	result more weight, specify it multiple times.
 /* .IP "\fBregexp\fR (read-only)"
 /*	A lookup table based on regular expressions. The file format
 /*	is described in \fBregexp_table\fR(5).
@@ -380,8 +397,8 @@
 /*	This feature is available with Postfix 2.11 and later.
 /* .IP \fB-P\fR
 /*	Show \fBmaster.cf\fR service parameter settings (by default
-/*	all services and all parameters).  formatted as one
-/*	"\fIservice/type/parameter=value\fR" per line.  Specify
+/*	all services and all parameters), formatted as
+/*	"\fIservice/type/parameter=value\fR", one per line.  Specify
 /*	\fB-Pf\fR to fold long lines.
 /*
 /*	Specify one or more "\fIservice/type/parameter\fR" instances
@@ -406,6 +423,25 @@
 /*	line (in shell language: "").
 /*
 /*	This feature is available with Postfix 2.3 and later.
+/* .IP "\fB-T \fImode\fR"
+/*	If Postfix is compiled without TLS support, the \fB-T\fR option
+/*	produces no output.  Otherwise, if an invalid \fImode\fR is specified,
+/*	the \fB-T\fR option reports an error and exits with a non-zero status
+/*	code. The valid modes are:
+/* .RS
+/* .IP \fBcompile-version\fR
+/*	Output the OpenSSL version that Postfix was compiled with
+/*	(i.e. the OpenSSL version in a header file). The output
+/*	format is the same as with the command "\fBopenssl version\fR".
+/* .IP \fBrun-version\fR
+/*	Output the OpenSSL version that Postfix is linked with at
+/*	runtime (i.e. the OpenSSL version in a shared library).
+/* .IP \fBpublic-key-algorithms\fR
+/*	Output the lower-case names of the supported public-key
+/*	algorithms, one per-line.
+/* .RE
+/* .IP
+/*	This feature is available with Postfix 3.1 and later.
 /* .IP \fB-v\fR
 /*	Enable verbose logging for debugging purposes. Multiple
 /*	\fB-v\fR options make the software increasingly verbose.
@@ -505,6 +541,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -564,7 +605,7 @@
     /* Major modes. */
     PCF_SHOW_SASL_SERV | PCF_SHOW_SASL_CLNT | PCF_EXP_DSN_TEMPL \
     |PCF_SHOW_LOCKS | PCF_SHOW_MAPS | PCF_DUMP_DSN_TEMPL | PCF_MAIN_PARAM \
-    |PCF_MASTER_ENTRY | PCF_MASTER_FLD | PCF_MASTER_PARAM,
+    |PCF_MASTER_ENTRY | PCF_MASTER_FLD | PCF_MASTER_PARAM | PCF_SHOW_TLS,
     /* Modifiers. */
     PCF_SHOW_DEFS | PCF_EDIT_CONF | PCF_SHOW_NONDEF | PCF_COMMENT_OUT \
     |PCF_EDIT_EXCL,
@@ -572,7 +613,8 @@
     PCF_SHOW_EVAL | PCF_EDIT_CONF | PCF_COMMENT_OUT | PCF_EDIT_EXCL,
     PCF_MAIN_OVER | PCF_SHOW_DEFS | PCF_EDIT_CONF | PCF_COMMENT_OUT \
     |PCF_EDIT_EXCL,
-    PCF_HIDE_NAME | PCF_EDIT_CONF | PCF_COMMENT_OUT | PCF_EDIT_EXCL,
+    PCF_HIDE_NAME | PCF_EDIT_CONF | PCF_COMMENT_OUT | PCF_EDIT_EXCL \
+    |PCF_HIDE_VALUE,
     0,
 };
 
@@ -588,17 +630,19 @@
     {PCF_EXP_DSN_TEMPL, 0},
     {PCF_SHOW_LOCKS, 0},
     {PCF_SHOW_MAPS, 0,},
+    {PCF_SHOW_TLS, 0,},
     {PCF_DUMP_DSN_TEMPL, 0},
     {PCF_MAIN_PARAM, (PCF_EDIT_CONF | PCF_EDIT_EXCL | PCF_COMMENT_OUT \
 		      |PCF_FOLD_LINE | PCF_HIDE_NAME | PCF_PARAM_CLASS \
 		      |PCF_SHOW_EVAL | PCF_SHOW_DEFS | PCF_SHOW_NONDEF \
-		      |PCF_MAIN_OVER)},
+		      |PCF_MAIN_OVER | PCF_HIDE_VALUE)},
     {PCF_MASTER_ENTRY, (PCF_EDIT_CONF | PCF_EDIT_EXCL | PCF_COMMENT_OUT \
 			|PCF_FOLD_LINE | PCF_MAIN_OVER | PCF_SHOW_EVAL)},
     {PCF_MASTER_FLD, (PCF_EDIT_CONF | PCF_FOLD_LINE | PCF_HIDE_NAME \
-		      |PCF_MAIN_OVER | PCF_SHOW_EVAL)},
+		      |PCF_MAIN_OVER | PCF_SHOW_EVAL | PCF_HIDE_VALUE)},
     {PCF_MASTER_PARAM, (PCF_EDIT_CONF | PCF_EDIT_EXCL | PCF_FOLD_LINE \
-			|PCF_HIDE_NAME | PCF_MAIN_OVER | PCF_SHOW_EVAL)},
+			|PCF_HIDE_NAME | PCF_MAIN_OVER | PCF_SHOW_EVAL \
+			|PCF_HIDE_VALUE)},
     /* Modifiers. */
     {PCF_PARAM_CLASS, (PCF_MAIN_PARAM | PCF_SHOW_DEFS | PCF_SHOW_NONDEF)},
     0,
@@ -617,6 +661,7 @@
     "-f", PCF_FOLD_LINE,
     "-F", PCF_MASTER_FLD,
     "-h", PCF_HIDE_NAME,
+    "-H", PCF_HIDE_VALUE,
     "-l", PCF_SHOW_LOCKS,
     "-m", PCF_SHOW_MAPS,
     "-M", PCF_MASTER_ENTRY,
@@ -625,6 +670,7 @@
     "-p", PCF_MAIN_PARAM,
     "-P", PCF_MASTER_PARAM,
     "-t", PCF_DUMP_DSN_TEMPL,
+    "-T", PCF_SHOW_TLS,
     "-x", PCF_SHOW_EVAL,
     "-X", PCF_EDIT_EXCL,
     "-#", PCF_COMMENT_OUT,
@@ -646,6 +692,7 @@
 	      " [-f (fold lines)]"
 	      " [-F (master.cf fields)]"
 	      " [-h (no names)]"
+	      " [-H (no values)]"
 	      " [-l (lock types)]"
 	      " [-m (map types)]"
 	      " [-M (master.cf)]"
@@ -654,6 +701,7 @@
 	      " [-p (main.cf, default)]"
 	      " [-P (master.cf parameters)]"
 	      " [-t (bounce templates)]"
+	      " [-T compile-version|run-version|public-key-algorithms]"
 	      " [-v (verbose)]"
 	      " [-x (expand parameter values)]"
 	      " [-X (exclude)]"
@@ -720,6 +768,7 @@
 	0,
     };
     ARGV   *override_params = 0;
+    const char *pcf_tls_arg = 0;
 
     /*
      * Fingerprint executables and core dumps.
@@ -749,7 +798,7 @@
     /*
      * Parse JCL.
      */
-    while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhlmMno:pPtvxX#")) > 0) {
+    while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhHlmMno:pPtT:vxX#")) > 0) {
 	switch (ch) {
 	case 'a':
 	    pcf_cmd_mode |= PCF_SHOW_SASL_SERV;
@@ -790,6 +839,9 @@
 	case 'h':
 	    pcf_cmd_mode |= PCF_HIDE_NAME;
 	    break;
+	case 'H':
+	    pcf_cmd_mode |= PCF_HIDE_VALUE;
+	    break;
 	case 'l':
 	    pcf_cmd_mode |= PCF_SHOW_LOCKS;
 	    break;
@@ -821,6 +873,12 @@
 	    ext_argv = argv_alloc(2);
 	    argv_add(ext_argv, "bounce", "-SVndump_templates", (char *) 0);
 	    break;
+	case 'T':
+	    if (pcf_cmd_mode & PCF_SHOW_TLS)
+		msg_fatal("At most one -T  option may be specified");
+	    pcf_cmd_mode |= PCF_SHOW_TLS;
+	    pcf_tls_arg = optarg;
+	    break;
 	case 'x':
 	    pcf_cmd_mode |= PCF_SHOW_EVAL;
 	    break;
@@ -927,6 +985,13 @@
     }
 
     /*
+     * Show TLS info and exit.
+     */
+    else if (pcf_cmd_mode & PCF_SHOW_TLS) {
+	pcf_show_tls(pcf_tls_arg);
+    }
+
+    /*
      * Edit main.cf or master.cf.
      */
     else if (pcf_cmd_mode & (PCF_EDIT_CONF | PCF_COMMENT_OUT | PCF_EDIT_EXCL)) {
diff -Nru postfix-3.0.4/src/postconf/postconf.h postfix-3.1.0/src/postconf/postconf.h
--- postfix-3.0.4/src/postconf/postconf.h	2014-12-07 01:35:32.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf.h	2016-01-31 21:05:46.000000000 +0000
@@ -44,6 +44,8 @@
 #define PCF_MAIN_OVER		(1<<17)	/* override parameter values */
 #define PCF_DUMP_DSN_TEMPL	(1<<18)	/* show bounce templates */
 #define PCF_MASTER_PARAM	(1<<19)	/* manage master.cf -o name=value */
+#define PCF_HIDE_VALUE		(1<<20)	/* hide main.cf/master.cf =value */
+#define PCF_SHOW_TLS		(1<<21)	/* TLS support introspection */
 
 #define PCF_DEF_MODE	0
 
@@ -302,6 +304,7 @@
 extern void pcf_show_maps(void);
 extern void pcf_show_locks(void);
 extern void pcf_show_sasl(int);
+extern void pcf_show_tls(const char *);
 
 /* LICENSE
 /* .ad
@@ -312,4 +315,9 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
diff -Nru postfix-3.0.4/src/postconf/postconf_main.c postfix-3.1.0/src/postconf/postconf_main.c
--- postfix-3.0.4/src/postconf/postconf_main.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf_main.c	2016-01-16 23:48:26.000000000 +0000
@@ -63,6 +63,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -146,13 +151,17 @@
      * or without the name= prefix.
      */
     if (value != 0) {
-	if ((mode & PCF_SHOW_EVAL) != 0 && PCF_RAW_PARAMETER(node) == 0)
-	    value = pcf_expand_parameter_value((VSTRING *) 0, mode, value,
-					       (PCF_MASTER_ENT *) 0);
-	if ((mode & PCF_HIDE_NAME) == 0) {
-	    pcf_print_line(fp, mode, "%s = %s\n", name, value);
+	if (mode & PCF_HIDE_VALUE) {
+	    pcf_print_line(fp, mode, "%s\n", name);
 	} else {
-	    pcf_print_line(fp, mode, "%s\n", value);
+	    if ((mode & PCF_SHOW_EVAL) != 0 && PCF_RAW_PARAMETER(node) == 0)
+		value = pcf_expand_parameter_value((VSTRING *) 0, mode, value,
+						   (PCF_MASTER_ENT *) 0);
+	    if ((mode & PCF_HIDE_NAME) == 0) {
+		pcf_print_line(fp, mode, "%s = %s\n", name, value);
+	    } else {
+		pcf_print_line(fp, mode, "%s\n", value);
+	    }
 	}
 	if (msg_verbose)
 	    vstream_fflush(fp);
diff -Nru postfix-3.0.4/src/postconf/postconf_master.c postfix-3.1.0/src/postconf/postconf_master.c
--- postfix-3.0.4/src/postconf/postconf_master.c	2015-01-17 13:25:08.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf_master.c	2016-01-17 15:05:19.000000000 +0000
@@ -132,6 +132,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -659,20 +664,24 @@
 	ADD_TEXT(argv[1], strlen(argv[1]));
 	ADD_CHAR(PCF_NAMESP_SEP_STR);
 	ADD_TEXT(pcf_str_field_pattern(field), strlen(pcf_str_field_pattern(field)));
+    }
+    if ((mode & (PCF_HIDE_NAME | PCF_HIDE_VALUE)) == 0) {
 	ADD_TEXT(" = ", 3);
-	if (line_len + strlen(argv[field]) > PCF_LINE_LIMIT) {
+    }
+    if ((mode & PCF_HIDE_VALUE) == 0) {
+	if (line_len > 0 && line_len + strlen(argv[field]) > PCF_LINE_LIMIT) {
 	    vstream_fputs("\n" PCF_INDENT_TEXT, fp);
 	    line_len = PCF_INDENT_LEN;
 	}
+	ADD_TEXT(argv[field], strlen(argv[field]));
     }
-    ADD_TEXT(argv[field], strlen(argv[field]));
 
     /*
      * Format the daemon command-line options and non-option arguments. Here,
      * we have no data-dependent preference for column positions, but we do
      * have argument grouping preferences.
      */
-    if (field == PCF_MASTER_FLD_CMD) {
+    if (field == PCF_MASTER_FLD_CMD && (mode & PCF_HIDE_VALUE) == 0) {
 	in_daemon_options = 1;
 	for (field += 1; (arg = argv[field]) != 0; field++) {
 	    arg_len = strlen(arg);
@@ -853,15 +862,21 @@
 				           const char *param_name,
 				           const char *param_value)
 {
-    if ((mode & PCF_SHOW_EVAL) != 0)
-	param_value = pcf_expand_parameter_value((VSTRING *) 0, mode,
-						 param_value, masterp);
-    if ((mode & PCF_HIDE_NAME) == 0) {
-	pcf_print_line(fp, mode, "%s%c%s = %s\n",
+    if (mode & PCF_HIDE_VALUE) {
+	pcf_print_line(fp, mode, "%s%c%s\n",
 		       masterp->name_space, PCF_NAMESP_SEP_CH,
-		       param_name, param_value);
+		       param_name);
     } else {
-	pcf_print_line(fp, mode, "%s\n", param_value);
+	if ((mode & PCF_SHOW_EVAL) != 0)
+	    param_value = pcf_expand_parameter_value((VSTRING *) 0, mode,
+						     param_value, masterp);
+	if ((mode & PCF_HIDE_NAME) == 0) {
+	    pcf_print_line(fp, mode, "%s%c%s = %s\n",
+			   masterp->name_space, PCF_NAMESP_SEP_CH,
+			   param_name, param_value);
+	} else {
+	    pcf_print_line(fp, mode, "%s\n", param_value);
+	}
     }
     if (msg_verbose)
 	vstream_fflush(fp);
diff -Nru postfix-3.0.4/src/postconf/postconf_other.c postfix-3.1.0/src/postconf/postconf_other.c
--- postfix-3.0.4/src/postconf/postconf_other.c	2013-12-19 22:40:30.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf_other.c	2016-02-06 20:11:44.000000000 +0000
@@ -12,6 +12,9 @@
 /*
 /*	void	pcf_show_sasl(mode)
 /*	int	mode;
+/*
+/*	void	pcf_show_tls(what)
+/*	const char *what;
 /* DESCRIPTION
 /*	pcf_show_maps() lists the available map (lookup table)
 /*	types.
@@ -21,10 +24,16 @@
 /*	pcf_show_sasl() shows the available SASL authentication
 /*	plugin types.
 /*
+/*	pcf_show_tls() reports the "compile-version" or "run-version"
+/*	of the TLS library, or the supported public-key algorithms.
+/*
 /*	Arguments:
 /* .IP mode
 /*	Show server information if the PCF_SHOW_SASL_SERV flag is
 /*	set, otherwise show client information.
+/* .IP what
+/*	One of the literals "compile-version", "run-version" or
+/*	"public-key-algorithms".
 /* DIAGNOSTICS
 /*	Problems are reported to the standard error stream.
 /* LICENSE
@@ -36,6 +45,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -47,6 +61,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -56,6 +71,10 @@
 
 #include 
 
+/* TLS library. */
+
+#include 
+
 /* Application-specific. */
 
 #include 
@@ -99,3 +118,24 @@
 	vstream_printf("%s\n", sasl_argv->argv[i]);
     argv_free(sasl_argv);
 }
+
+/* pcf_show_tls - show TLS support */
+
+void    pcf_show_tls(const char *what)
+{
+#ifdef USE_TLS
+    if (strcmp(what, "compile-version") == 0)
+	vstream_printf("%s\n", tls_compile_version());
+    else if (strcmp(what, "run-version") == 0)
+	vstream_printf("%s\n", tls_run_version());
+    else if (strcmp(what, "public-key-algorithms") == 0) {
+	const char **cpp;
+
+	for (cpp = tls_pkey_algorithms(); *cpp; cpp++)
+	    vstream_printf("%s\n", *cpp);
+    } else {
+	msg_warn("unknown 'postconf -T' mode: %s", what);
+	exit(1);
+    }
+#endif						/* USE_TLS */
+}
diff -Nru postfix-3.0.4/src/postconf/postconf_service.c postfix-3.1.0/src/postconf/postconf_service.c
--- postfix-3.0.4/src/postconf/postconf_service.c	2014-12-07 01:35:32.000000000 +0000
+++ postfix-3.1.0/src/postconf/postconf_service.c	2016-01-16 23:48:35.000000000 +0000
@@ -28,6 +28,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -134,6 +139,7 @@
 	_CONC_NEG_FDBACK, VAR_CONC_NEG_FDBACK,
 	_CONC_COHORT_LIM, VAR_CONC_COHORT_LIM,
 	_DEST_RATE_DELAY, VAR_DEST_RATE_DELAY,
+	_XPORT_RATE_DELAY, VAR_XPORT_RATE_DELAY,
 	0,
     };
     static const PCF_STRING_NV spawn_params[] = {
diff -Nru postfix-3.0.4/src/postconf/test22.ref postfix-3.1.0/src/postconf/test22.ref
--- postfix-3.0.4/src/postconf/test22.ref	2011-11-28 16:27:16.000000000 +0000
+++ postfix-3.1.0/src/postconf/test22.ref	2016-01-17 13:39:50.000000000 +0000
@@ -13,3 +13,4 @@
 whatevershebrings_recipient_limit = $default_recipient_limit
 whatevershebrings_recipient_refill_delay = $default_recipient_refill_delay
 whatevershebrings_recipient_refill_limit = $default_recipient_refill_limit
+whatevershebrings_transport_rate_delay = $default_transport_rate_delay
diff -Nru postfix-3.0.4/src/postconf/test25.ref postfix-3.1.0/src/postconf/test25.ref
--- postfix-3.0.4/src/postconf/test25.ref	2011-11-30 23:53:37.000000000 +0000
+++ postfix-3.1.0/src/postconf/test25.ref	2016-01-17 13:40:22.000000000 +0000
@@ -13,3 +13,4 @@
 whatevershebrings_recipient_limit = $default_recipient_limit
 whatevershebrings_recipient_refill_delay = $default_recipient_refill_delay
 whatevershebrings_recipient_refill_limit = $default_recipient_refill_limit
+whatevershebrings_transport_rate_delay = $default_transport_rate_delay
diff -Nru postfix-3.0.4/src/postconf/test27.ref postfix-3.1.0/src/postconf/test27.ref
--- postfix-3.0.4/src/postconf/test27.ref	2011-12-04 22:37:16.000000000 +0000
+++ postfix-3.1.0/src/postconf/test27.ref	2016-01-17 13:41:09.000000000 +0000
@@ -13,3 +13,4 @@
 whatevershebrings_recipient_limit = $default_recipient_limit
 whatevershebrings_recipient_refill_delay = $default_recipient_refill_delay
 whatevershebrings_recipient_refill_limit = $default_recipient_refill_limit
+whatevershebrings_transport_rate_delay = $default_transport_rate_delay
diff -Nru postfix-3.0.4/src/postconf/test60.ref postfix-3.1.0/src/postconf/test60.ref
--- postfix-3.0.4/src/postconf/test60.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postconf/test60.ref	2016-01-17 13:55:12.000000000 +0000
@@ -0,0 +1,8 @@
+foo
+unix
+-
+n
+n
+-
+0
+other -o always_bcc=bar
diff -Nru postfix-3.0.4/src/postconf/test61.ref postfix-3.1.0/src/postconf/test61.ref
--- postfix-3.0.4/src/postconf/test61.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postconf/test61.ref	2016-01-17 13:55:27.000000000 +0000
@@ -0,0 +1 @@
+bar
diff -Nru postfix-3.0.4/src/postconf/test62.ref postfix-3.1.0/src/postconf/test62.ref
--- postfix-3.0.4/src/postconf/test62.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postconf/test62.ref	2016-01-17 13:58:49.000000000 +0000
@@ -0,0 +1,8 @@
+foo/unix/service
+foo/unix/type
+foo/unix/private
+foo/unix/unprivileged
+foo/unix/chroot
+foo/unix/wakeup
+foo/unix/process_limit
+foo/unix/command
diff -Nru postfix-3.0.4/src/postconf/test63.ref postfix-3.1.0/src/postconf/test63.ref
--- postfix-3.0.4/src/postconf/test63.ref	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postconf/test63.ref	2016-01-17 13:57:25.000000000 +0000
@@ -0,0 +1 @@
+foo/unix/always_bcc
diff -Nru postfix-3.0.4/src/postconf/test6.ref postfix-3.1.0/src/postconf/test6.ref
--- postfix-3.0.4/src/postconf/test6.ref	2011-11-28 01:03:44.000000000 +0000
+++ postfix-3.1.0/src/postconf/test6.ref	2016-01-17 13:38:49.000000000 +0000
@@ -14,3 +14,4 @@
 whatevershebrings_recipient_refill_delay = $default_recipient_refill_delay
 whatevershebrings_recipient_refill_limit = $default_recipient_refill_limit
 whatevershebrings_time_limit = $command_time_limit
+whatevershebrings_transport_rate_delay = $default_transport_rate_delay
diff -Nru postfix-3.0.4/src/postdrop/.indent.pro postfix-3.1.0/src/postdrop/.indent.pro
--- postfix-3.0.4/src/postdrop/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postdrop/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postdrop/postdrop.c postfix-3.1.0/src/postdrop/postdrop.c
--- postfix-3.0.4/src/postdrop/postdrop.c	2015-01-13 19:55:16.000000000 +0000
+++ postfix-3.1.0/src/postdrop/postdrop.c	2016-02-14 01:26:14.000000000 +0000
@@ -94,6 +94,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -306,8 +311,8 @@
      * perform some sanity checks on the input.
      */
     mail_conf_read();
-    if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
-	msg_syslog_init(mail_task("postdrop"), LOG_PID, LOG_FACILITY);
+    /* Re-evaluate mail_task() after reading main.cf. */
+    msg_syslog_init(mail_task("postdrop"), LOG_PID, LOG_FACILITY);
     get_mail_conf_str_table(str_table);
 
     /*
diff -Nru postfix-3.0.4/src/postfix/.indent.pro postfix-3.1.0/src/postfix/.indent.pro
--- postfix-3.0.4/src/postfix/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postfix/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postfix/postfix.c postfix-3.1.0/src/postfix/postfix.c
--- postfix-3.0.4/src/postfix/postfix.c	2015-02-08 17:38:30.000000000 +0000
+++ postfix-3.1.0/src/postfix/postfix.c	2016-02-14 14:26:22.000000000 +0000
@@ -54,7 +54,7 @@
 /*	earliest convenience.
 /* .IP \fBstatus\fR
 /*	Indicate if the Postfix mail system is currently running.
-/* .IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
+/* .IP "\fBset-permissions\fR [\fIname\fR=\fIvalue ...\fR]"
 /*	Set the ownership and permissions of Postfix related files and
 /*	directories, as specified in the \fBpostfix-files\fR file.
 /* .sp
@@ -66,7 +66,13 @@
 /*	This feature is available in Postfix 2.1 and later.  With
 /*	Postfix 2.0 and earlier, use "\fB$config_directory/post-install
 /*	set-permissions\fR".
-/* .IP "\fBupgrade-configuration\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
+/* .IP "\fBtls\fR \fIsubcommand\fR"
+/*	Enable opportunistic TLS in the Postfix SMTP client or
+/*	server, and manage Postfix SMTP server TLS private keys and
+/*	certificates.  See postfix-tls(1) for documentation.
+/* .sp
+/*	This feature is available in Postfix 3.1 and later.
+/* .IP "\fBupgrade-configuration\fR [\fIname\fR=\fIvalue ...\fR]"
 /*	Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information
 /*	that Postfix needs in order to run: add or update services, and add
 /*	or update configuration parameter settings.
@@ -165,6 +171,10 @@
 /*	plugins (postfix-*.so) that have a relative pathname in the
 /*	dynamicmaps.cf file.
 /* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBopenssl_path (openssl)\fR"
+/*	The location of the OpenSSL command line program \fBopenssl\fR(1).
+/* .PP
 /*	Other configuration parameters:
 /* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
 /*	The list of environment parameters that a Postfix process will
@@ -219,6 +229,7 @@
 /*	postcat(1), examine Postfix queue file
 /*	postconf(1), Postfix configuration utility
 /*	postfix(1), Postfix control program
+/*	postfix-tls(1), Postfix TLS management
 /*	postkick(1), trigger Postfix daemon
 /*	postlock(1), Postfix-compatible locking
 /*	postlog(1), Postfix-compatible logging
@@ -313,6 +324,11 @@
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	TLS support by:
 /*	Lutz Jaenicke
 /*	Brandenburg University of Technology
diff -Nru postfix-3.0.4/src/postkick/.indent.pro postfix-3.1.0/src/postkick/.indent.pro
--- postfix-3.0.4/src/postkick/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postkick/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postkick/postkick.c postfix-3.1.0/src/postkick/postkick.c
--- postfix-3.0.4/src/postkick/postkick.c	2012-01-25 00:41:08.000000000 +0000
+++ postfix-3.1.0/src/postkick/postkick.c	2016-02-14 01:24:59.000000000 +0000
@@ -71,6 +71,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/postlock/.indent.pro postfix-3.1.0/src/postlock/.indent.pro
--- postfix-3.0.4/src/postlock/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postlock/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postlock/postlock.c postfix-3.1.0/src/postlock/postlock.c
--- postfix-3.0.4/src/postlock/postlock.c	2012-01-25 00:41:08.000000000 +0000
+++ postfix-3.1.0/src/postlock/postlock.c	2016-02-12 19:49:30.000000000 +0000
@@ -5,7 +5,7 @@
 /*	lock mail folder and execute command
 /* SYNOPSIS
 /* .fi
-/*	\fBpostlock\fR [\fB-c \fIconfig_dir\fB] [\fB-l \fIlock_style\fB]
+/*	\fBpostlock\fR [\fB-c \fIconfig_dir\fR] [\fB-l \fIlock_style\fR]
 /*		[\fB-v\fR] \fIfile command...\fR
 /* DESCRIPTION
 /*	The \fBpostlock\fR(1) command locks \fIfile\fR for exclusive
@@ -89,6 +89,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/postlog/.indent.pro postfix-3.1.0/src/postlog/.indent.pro
--- postfix-3.0.4/src/postlog/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postlog/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postlog/postlog.c postfix-3.1.0/src/postlog/postlog.c
--- postfix-3.0.4/src/postlog/postlog.c	2012-02-14 14:02:23.000000000 +0000
+++ postfix-3.1.0/src/postlog/postlog.c	2016-02-12 19:57:17.000000000 +0000
@@ -7,7 +7,7 @@
 /* .fi
 /* .ad
 /*	\fBpostlog\fR [\fB-iv\fR] [\fB-c \fIconfig_dir\fR]
-/*	[\fB-p \fIpriority\fB] [\fB-t \fItag\fR] [\fItext...\fR]
+/*	[\fB-p \fIpriority\fR] [\fB-t \fItag\fR] [\fItext...\fR]
 /* DESCRIPTION
 /*	The \fBpostlog\fR(1) command implements a Postfix-compatible logging
 /*	interface for use in, for example, shell scripts.
@@ -26,9 +26,12 @@
 /*	instead of the default configuration directory.
 /* .IP \fB-i\fR
 /*	Include the process ID in the logging tag.
-/* .IP "\fB-p \fIpriority\fR"
-/*	Specifies the logging severity: \fBinfo\fR (default), \fBwarn\fR,
-/*	\fBerror\fR, \fBfatal\fR, or \fBpanic\fR.
+/* .IP "\fB-p \fIpriority\fR (default: \fBinfo\fR)"
+/*	Specifies the logging severity: \fBinfo\fR, \fBwarn\fR,
+/*	\fBerror\fR, \fBfatal\fR, or \fBpanic\fR. With Postfix 3.1
+/*	and later, the program will pause for 1 second after reporting
+/*	a \fBfatal\fR or \fBpanic\fR condition, just like other
+/*	Postfix programs.
 /* .IP "\fB-t \fItag\fR"
 /*	Specifies the logging tag, that is, the identifying name that
 /*	appears at the beginning of each logging record. A default tag
@@ -69,6 +72,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -170,7 +178,6 @@
 int     main(int argc, char **argv)
 {
     struct stat st;
-    char   *slash;
     int     fd;
     int     ch;
     const char *tag;
@@ -200,10 +207,7 @@
     /*
      * Set up diagnostics.
      */
-    if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
-	tag = mail_task(slash + 1);
-    else
-	tag = mail_task(argv[0]);
+    tag = mail_task(argv[0]);
     if (isatty(STDERR_FILENO))
 	msg_vstream_init(tag, VSTREAM_ERR);
     msg_syslog_init(tag, LOG_PID, LOG_FACILITY);
@@ -216,10 +220,11 @@
     /*
      * Parse switches.
      */
+    tag = 0;
     while ((ch = GETOPT(argc, argv, "c:ip:t:v")) > 0) {
 	switch (ch) {
 	default:
-	    msg_fatal("usage: %s [-c config_dir] [-i] [-p priority] [-t tag] [-v] [text]", tag);
+	    msg_fatal("usage: %s [-c config_dir] [-i] [-p priority] [-t tag] [-v] [text]", argv[0]);
 	    break;
 	case 'c':
 	    if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
@@ -241,26 +246,20 @@
     }
 
     /*
-     * Process the main.cf file. This overrides any logging facility that was
-     * specified with msg_syslog_init();
+     * Process the main.cf file. This may change the syslog_name setting and
+     * may require that mail_task() be re-evaluated.
      */
     mail_conf_read();
-    if (tag == 0 && strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0) {
-	if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
-	    tag = mail_task(slash + 1);
-	else
-	    tag = mail_task(argv[0]);
-    }
+    if (tag == 0)
+	tag = mail_task(argv[0]);
 
     /*
      * Re-initialize the logging, this time with the tag specified in main.cf
      * or on the command line.
      */
-    if (tag != 0) {
-	if (isatty(STDERR_FILENO))
-	    msg_vstream_init(tag, VSTREAM_ERR);
-	msg_syslog_init(tag, LOG_PID, LOG_FACILITY);
-    }
+    if (isatty(STDERR_FILENO))
+	msg_vstream_init(tag, VSTREAM_ERR);
+    msg_syslog_init(tag, LOG_PID, LOG_FACILITY);
 
     /*
      * Log the command line or log lines from standard input.
@@ -270,5 +269,11 @@
     } else {
 	log_stream(level, VSTREAM_IN);
     }
+
+    /*
+     * Consistency with msg(3) functions.
+     */
+    if (level >= MSG_FATAL)
+	sleep(1);
     exit(0);
 }
diff -Nru postfix-3.0.4/src/postmap/.indent.pro postfix-3.1.0/src/postmap/.indent.pro
--- postfix-3.0.4/src/postmap/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postmap/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postmap/postmap.c postfix-3.1.0/src/postmap/postmap.c
--- postfix-3.0.4/src/postmap/postmap.c	2015-01-28 00:47:41.000000000 +0000
+++ postfix-3.1.0/src/postmap/postmap.c	2016-02-14 01:26:42.000000000 +0000
@@ -276,6 +276,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -941,8 +946,8 @@
 	}
     }
     mail_conf_read();
-    if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
-	msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
+    /* Re-evaluate mail_task() after reading main.cf. */
+    msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
     mail_dict_init();
     if ((query == 0 || strcmp(query, "-") != 0)
 	&& (postmap_flags & POSTMAP_FLAG_ANY_KEY))
diff -Nru postfix-3.0.4/src/postmulti/.indent.pro postfix-3.1.0/src/postmulti/.indent.pro
--- postfix-3.0.4/src/postmulti/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postmulti/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postmulti/postmulti.c postfix-3.1.0/src/postmulti/postmulti.c
--- postfix-3.0.4/src/postmulti/postmulti.c	2015-09-24 23:24:12.000000000 +0000
+++ postfix-3.1.0/src/postmulti/postmulti.c	2016-02-14 15:20:03.000000000 +0000
@@ -5,11 +5,13 @@
 /*	Postfix multi-instance manager
 /* SYNOPSIS
 /* .fi
-/*	\fBENABLING MULTI-INSTANCE MANAGEMENT:\fR
+/* .ti -4
+/*	\fBEnabling multi-instance management:\fR
 /*
 /*	\fBpostmulti\fR \fB-e init\fR [\fB-v\fR]
 /*
-/*	\fBITERATOR MODE:\fR
+/* .ti -4
+/*	\fBIterator mode:\fR
 /*
 /*	\fBpostmulti\fR \fB-l\fR [\fB-aRv\fR] [\fB-g \fIgroup\fR]
 /*	[\fB-i \fIname\fR]
@@ -20,7 +22,8 @@
 /*	\fBpostmulti\fR \fB-x\fR [\fB-aRv\fR] [\fB-g \fIgroup\fR]
 /*	[\fB-i \fIname\fR] \fIcommand...\fR
 /*
-/*	\fBLIFE-CYCLE MANAGEMENT:\fR
+/* .ti -4
+/*	\fBLife-cycle management:\fR
 /*
 /*	\fBpostmulti\fR \fB-e create\fR [\fB-av\fR]
 /*	[\fB-g \fIgroup\fR] [\fB-i \fIname\fR] [\fB-G \fIgroup\fR]
diff -Nru postfix-3.0.4/src/postqueue/Makefile.in postfix-3.1.0/src/postqueue/Makefile.in
--- postfix-3.0.4/src/postqueue/Makefile.in	2015-01-28 00:13:14.000000000 +0000
+++ postfix-3.1.0/src/postqueue/Makefile.in	2015-11-29 23:11:39.000000000 +0000
@@ -1,7 +1,7 @@
 SHELL	= /bin/sh
-SRCS	= postqueue.c
-OBJS	= postqueue.o
-HDRS	= 
+SRCS	= postqueue.c showq_compat.c showq_json.c
+OBJS	= postqueue.o showq_compat.o showq_json.o
+HDRS	= postqueue.h
 TESTSRC	= 
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
 CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
@@ -16,7 +16,7 @@
 $(PROG): $(OBJS) $(LIBS)
 	$(CC) $(CFLAGS) $(SHLIB_RPATH) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
 
-$(OBJS): ../../conf/makedefs.out
+$(OBJS): ../../conf/makedefs.out postqueue.h
 
 Makefile: Makefile.in
 	cat ../../conf/makedefs.out $? >$@
@@ -84,6 +84,7 @@
 postqueue.o: ../../include/nvtable.h
 postqueue.o: ../../include/safe.h
 postqueue.o: ../../include/smtp_stream.h
+postqueue.o: ../../include/stringops.h
 postqueue.o: ../../include/sys_defs.h
 postqueue.o: ../../include/user_acl.h
 postqueue.o: ../../include/valid_hostname.h
@@ -93,3 +94,40 @@
 postqueue.o: ../../include/vstring.h
 postqueue.o: ../../include/warn_stat.h
 postqueue.o: postqueue.c
+postqueue.o: postqueue.h
+showq_compat.o: ../../include/attr.h
+showq_compat.o: ../../include/check_arg.h
+showq_compat.o: ../../include/htable.h
+showq_compat.o: ../../include/iostuff.h
+showq_compat.o: ../../include/mail_date.h
+showq_compat.o: ../../include/mail_params.h
+showq_compat.o: ../../include/mail_proto.h
+showq_compat.o: ../../include/mail_queue.h
+showq_compat.o: ../../include/msg.h
+showq_compat.o: ../../include/mymalloc.h
+showq_compat.o: ../../include/nvtable.h
+showq_compat.o: ../../include/stringops.h
+showq_compat.o: ../../include/sys_defs.h
+showq_compat.o: ../../include/vbuf.h
+showq_compat.o: ../../include/vstream.h
+showq_compat.o: ../../include/vstring.h
+showq_compat.o: postqueue.h
+showq_compat.o: showq_compat.c
+showq_json.o: ../../include/attr.h
+showq_json.o: ../../include/check_arg.h
+showq_json.o: ../../include/htable.h
+showq_json.o: ../../include/iostuff.h
+showq_json.o: ../../include/mail_date.h
+showq_json.o: ../../include/mail_params.h
+showq_json.o: ../../include/mail_proto.h
+showq_json.o: ../../include/mail_queue.h
+showq_json.o: ../../include/msg.h
+showq_json.o: ../../include/mymalloc.h
+showq_json.o: ../../include/nvtable.h
+showq_json.o: ../../include/stringops.h
+showq_json.o: ../../include/sys_defs.h
+showq_json.o: ../../include/vbuf.h
+showq_json.o: ../../include/vstream.h
+showq_json.o: ../../include/vstring.h
+showq_json.o: postqueue.h
+showq_json.o: showq_json.c
diff -Nru postfix-3.0.4/src/postqueue/postqueue.c postfix-3.1.0/src/postqueue/postqueue.c
--- postfix-3.0.4/src/postqueue/postqueue.c	2015-01-13 19:56:24.000000000 +0000
+++ postfix-3.1.0/src/postqueue/postqueue.c	2016-02-14 17:21:01.000000000 +0000
@@ -4,13 +4,21 @@
 /* SUMMARY
 /*	Postfix queue control
 /* SYNOPSIS
+/* .ti -4
+/*	\fBTo flush the mail queue\fR:
+/*
 /*	\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-f\fR
-/* .br
+/*
 /*	\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-i \fIqueue_id\fR
-/* .br
-/*	\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-p\fR
-/* .br
+/*
 /*	\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-s \fIsite\fR
+/*
+/* .ti -4
+/*	\fBTo list the mail queue\fR:
+/*
+/*	\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-j\fR
+/*
+/*	\fBpostqueue\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR] \fB-p\fR
 /* DESCRIPTION
 /*	The \fBpostqueue\fR(1) command implements the Postfix user interface
 /*	for queue management. It implements operations that are
@@ -40,6 +48,14 @@
 /*	command, by contacting the \fBflush\fR(8) server.
 /*
 /*	This feature is available with Postfix version 2.4 and later.
+/* .IP "\fB-j\fR"
+/*	Produce a queue listing in JSON format, based on output
+/*	from the showq(8) daemon.  The result is a stream of zero
+/*	or more JSON objects, one per queue file.  Each object is
+/*	followed by a newline character to support simple streaming
+/*	parsers. See "\fBJSON OBJECT FORMAT\fR" below for details.
+/*
+/*	This feature is available in Postfix 3.1 and later.
 /* .IP \fB-p\fR
 /*	Produce a traditional sendmail-style queue listing.
 /*	This option implements the traditional \fBmailq\fR command,
@@ -72,11 +88,54 @@
 /*	Enable verbose logging for debugging purposes. Multiple \fB-v\fR
 /*	options make the software increasingly verbose. As of Postfix 2.3,
 /*	this option is available for the super-user only.
+/* JSON OBJECT FORMAT
+/* .ad
+/* .fi
+/*	Each JSON object represents one queue file; it is emitted
+/*	as a single text line followed by a newline character.
+/*
+/*	Object members have string values unless indicated otherwise.
+/*	Programs should ignore object members that are not listed
+/*	here; the list of members is expected to grow over time.
+/* .IP \fBqueue_name\fR
+/*	The name of the queue where the message was found.  Note
+/*	that the contents of the mail queue may change while it is
+/*	being listed; some messages may appear more than once, and
+/*	some messages may be missed.
+/* .IP \fBqueue_id\fR
+/*	The queue file name. The queue_id may be reused within a
+/*	Postfix instance unless "enable_long_queue_ids = true" and
+/*	time is monotonic.  Even then, the queue_id is not expected
+/*	to be unique between different Postfix instances.  Management
+/*	tools that require a unique name should combine the queue_id
+/*	with the myhostname setting of the Postfix instance.
+/* .IP \fBarrival_time\fR
+/*	The number of seconds since the start of the UNIX epoch.
+/* .IP \fBmessage_size\fR
+/*	The number of bytes in the message header and body. This
+/*	number does not include message envelope information. It
+/*	is approximately equal to the number of bytes that would
+/*	be transmitted via SMTP including the  line endings.
+/* .IP \fBsender\fR
+/*	The envelope sender address.
+/* .IP \fBrecipients\fR
+/*	An array containing zero or more objects with members:
+/* .RS
+/* .IP \fBaddress\fR
+/*	One recipient address.
+/* .IP \fBdelay_reason\fR
+/*	If present, the reason for delayed delivery.  Delayed
+/*	recipients may have no delay reason, for example, while
+/*	delivery is in progress, or after the system was stopped
+/*	before it could record the reason.
+/* .RE
 /* SECURITY
 /* .ad
 /* .fi
 /*	This program is designed to run with set-group ID privileges, so
 /*	that it can connect to Postfix daemon processes.
+/* STANDARDS
+/*	RFC 7159 (JSON notation)
 /* DIAGNOSTICS
 /*	Problems are logged to \fBsyslogd\fR(8) and to the standard error
 /*	stream.
@@ -161,6 +220,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -188,6 +252,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /* Global library. */
 
@@ -208,6 +273,8 @@
 
 /* Application-specific. */
 
+#include 
+
  /*
   * WARNING WARNING WARNING
   * 
@@ -241,6 +308,7 @@
 #define PQ_MODE_FLUSH_QUEUE	2	/* flush queue */
 #define PQ_MODE_FLUSH_SITE	3	/* flush site */
 #define PQ_MODE_FLUSH_FILE	4	/* flush message */
+#define PQ_MODE_JSON_LIST	5	/* JSON-format queue listing */
 
  /*
   * Silly little macros (SLMs).
@@ -261,10 +329,9 @@
 
 /* show_queue - show queue status */
 
-static void show_queue(void)
+static void show_queue(int mode)
 {
     const char *errstr;
-    char    buf[VSTREAM_BUFSIZE];
     VSTREAM *showq;
     int     n;
     uid_t   uid = getuid();
@@ -277,19 +344,20 @@
 			 errstr, (long) uid);
 
     /*
-     * Connect to the show queue service. Terminate silently when piping into
-     * a program that terminates early.
+     * Connect to the show queue service.
      */
     if ((showq = mail_connect(MAIL_CLASS_PUBLIC, var_showq_service, BLOCKING)) != 0) {
-	while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0) {
-	    if (vstream_fwrite(VSTREAM_OUT, buf, n) != n
-		|| vstream_fflush(VSTREAM_OUT) != 0) {
-		if (errno == EPIPE)
-		    break;
-		msg_fatal("write error: %m");
-	    }
+	switch (mode) {
+	case PQ_MODE_MAILQ_LIST:
+	    showq_compat(showq);
+	    break;
+	case PQ_MODE_JSON_LIST:
+	    showq_json(showq);
+	    break;
+	default:
+	    msg_panic("show_queue: unknown mode %d", mode);
 	}
-	if (vstream_fclose(showq) && errno != EPIPE)
+	if (vstream_fclose(showq))
 	    msg_warn("close: %m");
     }
 
@@ -308,21 +376,40 @@
      * directly. Just run the showq program in stand-alone mode.
      */
     else if (geteuid() == 0) {
+	char   *showq_path;
 	ARGV   *argv;
 	int     stat;
 
 	msg_warn("Mail system is down -- accessing queue directly");
+	showq_path = concatenate(var_daemon_dir, "/", var_showq_service,
+				 (char *) 0);
 	argv = argv_alloc(6);
-	argv_add(argv, var_showq_service, "-u", "-S", (char *) 0);
+	argv_add(argv, showq_path, "-u", "-S", (char *) 0);
 	for (n = 0; n < msg_verbose; n++)
 	    argv_add(argv, "-v", (char *) 0);
 	argv_terminate(argv);
-	stat = mail_run_foreground(var_daemon_dir, argv->argv);
+	if ((showq = vstream_popen(O_RDONLY,
+				   CA_VSTREAM_POPEN_ARGV(argv->argv),
+				   CA_VSTREAM_POPEN_END)) == 0) {
+	    stat = -1;
+	} else {
+	    switch (mode) {
+	    case PQ_MODE_MAILQ_LIST:
+		showq_compat(showq);
+		break;
+	    case PQ_MODE_JSON_LIST:
+		showq_json(showq);
+		break;
+	    default:
+		msg_panic("show_queue: unknown mode %d", mode);
+	    }
+	    stat = vstream_pclose(showq);
+	}
 	argv_free(argv);
 	if (stat != 0)
 	    msg_fatal_status(stat < 0 ? EX_OSERR : EX_SOFTWARE,
-			     "Error running %s/%s",
-			     var_daemon_dir, argv->argv[0]);
+			     "Error running %s", showq_path);
+	myfree(showq_path);
     }
 
     /*
@@ -438,7 +525,7 @@
 
 static NORETURN usage(void)
 {
-    msg_fatal_status(EX_USAGE, "usage: postqueue -f | postqueue -i queueid | postqueue -p | postqueue -s site");
+    msg_fatal_status(EX_USAGE, "usage: postqueue -f | postqueue -i queueid | postqueue -j | postqueue -p | postqueue -s site");
 }
 
 MAIL_VERSION_STAMP_DECLARE;
@@ -500,7 +587,7 @@
      * mail configuration read routine. Don't do complex things until we have
      * completed initializations.
      */
-    while ((c = GETOPT(argc, argv, "c:fi:ps:v")) > 0) {
+    while ((c = GETOPT(argc, argv, "c:fi:jps:v")) > 0) {
 	switch (c) {
 	case 'c':				/* non-default configuration */
 	    if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
@@ -517,6 +604,11 @@
 	    mode = PQ_MODE_FLUSH_FILE;
 	    id_to_flush = optarg;
 	    break;
+	case 'j':
+	    if (mode != PQ_MODE_DEFAULT)
+		usage();
+	    mode = PQ_MODE_JSON_LIST;
+	    break;
 	case 'p':				/* traditional mailq */
 	    if (mode != PQ_MODE_DEFAULT)
 		usage();
@@ -543,8 +635,8 @@
      * Further initialization...
      */
     mail_conf_read();
-    if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
-	msg_syslog_init(mail_task("postqueue"), LOG_PID, LOG_FACILITY);
+    /* Re-evaluate mail_task() after reading main.cf. */
+    msg_syslog_init(mail_task("postqueue"), LOG_PID, LOG_FACILITY);
     mail_dict_init();				/* proxy, sql, ldap */
     get_mail_conf_str_table(str_table);
 
@@ -597,7 +689,8 @@
 	msg_panic("unknown operation mode: %d", mode);
 	/* NOTREACHED */
     case PQ_MODE_MAILQ_LIST:
-	show_queue();
+    case PQ_MODE_JSON_LIST:
+	show_queue(mode);
 	exit(0);
 	break;
     case PQ_MODE_FLUSH_SITE:
diff -Nru postfix-3.0.4/src/postqueue/postqueue.h postfix-3.1.0/src/postqueue/postqueue.h
--- postfix-3.0.4/src/postqueue/postqueue.h	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postqueue/postqueue.h	2015-11-29 22:57:38.000000000 +0000
@@ -0,0 +1,35 @@
+/*++
+/* NAME
+/*	postqueue 5h
+/* SUMMARY
+/*	postqueue internal interfaces
+/* SYNOPSIS
+/*	#include 
+/* DESCRIPTION
+/* .nf
+
+ /*
+  * showq_compat.c
+  */
+extern void showq_compat(VSTREAM *);
+
+ /*
+  * showq_json.c
+  */
+extern void showq_json(VSTREAM *);
+
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*--*/
diff -Nru postfix-3.0.4/src/postqueue/showq_compat.c postfix-3.1.0/src/postqueue/showq_compat.c
--- postfix-3.0.4/src/postqueue/showq_compat.c	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postqueue/showq_compat.c	2015-11-30 00:46:31.000000000 +0000
@@ -0,0 +1,209 @@
+/*++
+/* NAME
+/*	showq_compat 8
+/* SUMMARY
+/*	Sendmail mailq compatibitily adapter
+/* SYNOPSIS
+/*	void	showq_compat(
+/*	VSTREAM	*showq)
+/* DESCRIPTION
+/*	This function converts a record stream from the showq(8)
+/*	daemon to of an approximation of Sendmail mailq command
+/*	output.
+/* DIAGNOSTICS
+/*	Fatal errors: out of memory, malformed showq(8) daemon output.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*--*/
+
+/* System library. */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Utility library. */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Global library. */
+
+#include 
+#include 
+#include 
+#include 
+
+/* Application-specific. */
+
+#include 
+
+ /*
+  * The enable_long_queue_ids parameter determines the output format.
+  * 
+  * The historical output format for short queue IDs (inode number and time in
+  * microseconds modulo 1) is not suitable for large inode numbers, but we
+  * won't change it to avoid breaking compatibility with programs that parse
+  * this output.
+  */
+#define S_STRING_FORMAT	"%-11s %7s %-20s %s\n"
+#define S_SENDER_FORMAT	"%-11s %7ld %20.20s %s\n"
+#define S_HEADINGS	"-Queue ID-", "--Size--", \
+			    "----Arrival Time----", "-Sender/Recipient-------"
+
+#define L_STRING_FORMAT	"%-17s %8s %-19s %s\n"
+#define L_SENDER_FORMAT	"%-17s %8ld %19.19s %s\n"
+#define L_HEADINGS	"----Queue ID-----", "--Size--", \
+			    "---Arrival Time----", "--Sender/Recipient------"
+
+#define STR(x)	vstring_str(x)
+
+/* showq_message - report status for one message */
+
+static unsigned long showq_message(VSTREAM *showq_stream)
+{
+    static VSTRING *queue_name = 0;
+    static VSTRING *queue_id = 0;
+    static VSTRING *id_status = 0;
+    static VSTRING *addr = 0;
+    static VSTRING *why = 0;
+    long    arrival_time;
+    long    message_size;
+    int     message_status;
+    char   *saved_reason = mystrdup("");
+    const char *show_reason;
+    int     padding;
+    int     showq_status;
+    time_t  time_t_arrival_time;
+
+    /*
+     * One-time initialization.
+     */
+    if (queue_name == 0) {
+	queue_name = vstring_alloc(100);
+	queue_id = vstring_alloc(100);
+	id_status = vstring_alloc(100);
+	addr = vstring_alloc(100);
+	why = vstring_alloc(100);
+    }
+
+    /*
+     * Read the message properties and sender address.
+     */
+    if (attr_scan(showq_stream, ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
+		  RECV_ATTR_STR(MAIL_ATTR_QUEUE, queue_name),
+		  RECV_ATTR_STR(MAIL_ATTR_QUEUEID, queue_id),
+		  RECV_ATTR_LONG(MAIL_ATTR_TIME, &arrival_time),
+		  RECV_ATTR_LONG(MAIL_ATTR_SIZE, &message_size),
+		  RECV_ATTR_STR(MAIL_ATTR_SENDER, addr),
+		  ATTR_TYPE_END) != 5)
+	msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+
+    /*
+     * Decorate queue file names in specific states, then print the result
+     * left-aligned, followed by other status info and the sender address
+     * which is already in externalized RFC 5321 form.
+     */
+    message_status = (strcmp(STR(queue_name), MAIL_QUEUE_ACTIVE) == 0 ? '*' :
+		 strcmp(STR(queue_name), MAIL_QUEUE_HOLD) == 0 ? '!' : ' ');
+    vstring_sprintf(id_status, "%s%c", STR(queue_id), message_status);
+    time_t_arrival_time = arrival_time;
+    vstream_printf(var_long_queue_ids ?
+		   L_SENDER_FORMAT : S_SENDER_FORMAT, STR(id_status),
+		   message_size, asctime(localtime(&time_t_arrival_time)),
+		   STR(addr));
+
+    /*
+     * Read zero or more (recipient, reason) pair(s) until attr_scan_more()
+     * consumes a terminator. If the showq daemon messes up, don't try to
+     * resynchronize.
+     */
+    while ((showq_status = attr_scan_more(showq_stream)) > 0) {
+	if (attr_scan(showq_stream, ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
+		      RECV_ATTR_STR(MAIL_ATTR_RECIP, addr),
+		      RECV_ATTR_STR(MAIL_ATTR_WHY, why),
+		      ATTR_TYPE_END) != 2)
+	    msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+
+	/*
+	 * Don't output a "(reason)" line when no recipient has a reason, or
+	 * when the previous recipient has the same (non)reason as the
+	 * current recipient. Do output a "(reason unavailable)" when the
+	 * previous recipient has a reason, and the current recipient has
+	 * none.
+	 */
+	if (strcmp(saved_reason, STR(why)) != 0) {
+	    myfree(saved_reason);
+	    saved_reason = mystrdup(STR(why));
+	    show_reason = *saved_reason ? saved_reason : "reason unavailable";
+	    if ((padding = 76 - strlen(show_reason)) < 0)
+		padding = 0;
+	    vstream_printf("%*s(%s)\n", padding, "", show_reason);
+	}
+	vstream_printf(var_long_queue_ids ?
+		       L_STRING_FORMAT : S_STRING_FORMAT,
+		       "", "", "", STR(addr));
+    }
+    if (showq_status < 0)
+	msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+    myfree(saved_reason);
+    return (message_size);
+}
+
+/* showq_compat - legacy mailq-style output adapter */
+
+void    showq_compat(VSTREAM *showq_stream)
+{
+    unsigned long file_count = 0;
+    unsigned long queue_size = 0;
+    int     showq_status;
+
+    /*
+     * Process zero or more queue file objects until attr_scan_more()
+     * consumes a terminator.
+     */
+    while ((showq_status = attr_scan_more(showq_stream)) > 0) {
+	if (file_count > 0) {
+	    vstream_printf("\n");
+	} else if (var_long_queue_ids) {
+	    vstream_printf(L_STRING_FORMAT, L_HEADINGS);
+	} else {
+	    vstream_printf(S_STRING_FORMAT, S_HEADINGS);
+	}
+	queue_size += showq_message(showq_stream);
+	file_count++;
+	vstream_fflush(VSTREAM_OUT);
+    }
+    if (showq_status < 0)
+	msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+
+    /*
+     * Print the queue summary.
+     */
+    if (file_count == 0)
+	vstream_printf("Mail queue is empty\n");
+    else {
+	vstream_printf("\n-- %lu Kbytes in %lu Request%s.\n",
+		       queue_size / 1024, file_count,
+		       file_count == 1 ? "" : "s");
+    }
+    vstream_fflush(VSTREAM_OUT);
+}
diff -Nru postfix-3.0.4/src/postqueue/showq_json.c postfix-3.1.0/src/postqueue/showq_json.c
--- postfix-3.0.4/src/postqueue/showq_json.c	1970-01-01 00:00:00.000000000 +0000
+++ postfix-3.1.0/src/postqueue/showq_json.c	2016-02-14 15:38:28.000000000 +0000
@@ -0,0 +1,213 @@
+/*++
+/* NAME
+/*	showq_json 8
+/* SUMMARY
+/*	JSON queue status formatter
+/* SYNOPSIS
+/*	void	showq_json(
+/*	VSTREAM	*showq)
+/* DESCRIPTION
+/*	This function converts showq(8) daemon output to JSON format.
+/* DIAGNOSTICS
+/*	Fatal errors: out of memory, malformed showq(8) daemon output.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*--*/
+
+/* System library. */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Utility library. */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* Global library. */
+
+#include 
+#include 
+#include 
+#include 
+
+/* Application-specific. */
+
+#include 
+
+#define STR(x)	vstring_str(x)
+#define LEN(x)	VSTRING_LEN(x)
+
+/* json_quote - quote JSON string */
+
+static char *json_quote(VSTRING *result, const char *text)
+{
+    unsigned char *cp;
+    int     ch;
+
+    /*
+     * We use short escape sequences for common control characters. Note that
+     * RFC 4627 allows "/" (0x2F) to be sent without quoting. Differences
+     * with RFC 4627: we send DEL (0x7f) as \u007F; the result remains RFC
+     * 4627 complaint.
+     */
+    VSTRING_RESET(result);
+    for (cp = (unsigned char *) text; (ch = *cp) != 0; cp++) {
+	if (UNEXPECTED(ISCNTRL(ch))) {
+	    switch (ch) {
+	    case '\b':
+		VSTRING_ADDCH(result, '\\');
+		VSTRING_ADDCH(result, 'b');
+		break;
+	    case '\f':
+		VSTRING_ADDCH(result, '\\');
+		VSTRING_ADDCH(result, 'f');
+		break;
+	    case '\n':
+		VSTRING_ADDCH(result, '\\');
+		VSTRING_ADDCH(result, 'n');
+		break;
+	    case '\r':
+		VSTRING_ADDCH(result, '\\');
+		VSTRING_ADDCH(result, 'r');
+		break;
+	    case '\t':
+		VSTRING_ADDCH(result, '\\');
+		VSTRING_ADDCH(result, 't');
+		break;
+	    default:
+		vstring_sprintf(result, "\\u%04X", ch);
+		break;
+	    }
+	} else {
+	    switch (ch) {
+	    case '\\':
+	    case '"':
+		VSTRING_ADDCH(result, '\\');
+		/* FALLTHROUGH */
+	    default:
+		VSTRING_ADDCH(result, ch);
+		break;
+	    }
+	}
+    }
+    VSTRING_TERMINATE(result);
+
+    /*
+     * Force the result to be UTF-8 (with SMTPUTF8 enabled) or ASCII (with
+     * SMTPUTF8 disabled).
+     */
+    printable(STR(result), '?');
+    return (STR(result));
+}
+
+/* json_message - report status for one message */
+
+static void format_json(VSTREAM *showq_stream)
+{
+    static VSTRING *queue_name = 0;
+    static VSTRING *queue_id = 0;
+    static VSTRING *addr = 0;
+    static VSTRING *why = 0;
+    static VSTRING *quote_buf = 0;
+    long    arrival_time;
+    long    message_size;
+    int     showq_status;
+    int     rcpt_count = 0;
+
+    /*
+     * One-time initialization.
+     */
+    if (queue_name == 0) {
+	queue_name = vstring_alloc(100);
+	queue_id = vstring_alloc(100);
+	addr = vstring_alloc(100);
+	why = vstring_alloc(100);
+	quote_buf = vstring_alloc(100);
+    }
+
+    /*
+     * Read the message properties and sender address.
+     */
+    if (attr_scan(showq_stream, ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
+		  RECV_ATTR_STR(MAIL_ATTR_QUEUE, queue_name),
+		  RECV_ATTR_STR(MAIL_ATTR_QUEUEID, queue_id),
+		  RECV_ATTR_LONG(MAIL_ATTR_TIME, &arrival_time),
+		  RECV_ATTR_LONG(MAIL_ATTR_SIZE, &message_size),
+		  RECV_ATTR_STR(MAIL_ATTR_SENDER, addr),
+		  ATTR_TYPE_END) != 5)
+	msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+    vstream_printf("{");
+    vstream_printf("\"queue_name\": \"%s\", ",
+		   json_quote(quote_buf, STR(queue_name)));
+    vstream_printf("\"queue_id\": \"%s\", ",
+		   json_quote(quote_buf, STR(queue_id)));
+    vstream_printf("\"arrival_time\": %ld, ", arrival_time);
+    vstream_printf("\"message_size\": %ld, ", message_size);
+    vstream_printf("\"sender\": \"%s\", ",
+		   json_quote(quote_buf, STR(addr)));
+
+    /*
+     Read zero or more (recipient, reason) pair(s) until attr_scan_more()
+     * consumes a terminator. If the showq daemon messes up, don't try to
+     * resynchronize.
+     */
+    vstream_printf("\"recipients\": [");
+    for (rcpt_count = 0; (showq_status = attr_scan_more(showq_stream)) > 0; rcpt_count++) {
+	if (rcpt_count > 0)
+	    vstream_printf(", ");
+	vstream_printf("{");
+	if (attr_scan(showq_stream, ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
+		      RECV_ATTR_STR(MAIL_ATTR_RECIP, addr),
+		      RECV_ATTR_STR(MAIL_ATTR_WHY, why),
+		      ATTR_TYPE_END) != 2)
+	    msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+	vstream_printf("\"address\": \"%s\"",
+		       json_quote(quote_buf, STR(addr)));
+	if (LEN(why) > 0)
+	    vstream_printf(", \"delay_reason\": \"%s\"",
+			   json_quote(quote_buf, STR(why)));
+	vstream_printf("}");
+    }
+    vstream_printf("]");
+    if (showq_status < 0)
+	msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+    vstream_printf("}\n");
+    vstream_fflush(VSTREAM_OUT);
+}
+
+/* showq_json - streaming JSON-format output adapter */
+
+void    showq_json(VSTREAM *showq_stream)
+{
+    int     showq_status;
+
+    /*
+     * Emit zero or more queue file objects until attr_scan_more()
+     * consumes a terminator.
+     */
+    while ((showq_status = attr_scan_more(showq_stream)) > 0) {
+	format_json(showq_stream);
+    }
+    if (showq_status < 0)
+	msg_fatal_status(EX_SOFTWARE, "malformed showq server response");
+}
diff -Nru postfix-3.0.4/src/postscreen/.indent.pro postfix-3.1.0/src/postscreen/.indent.pro
--- postfix-3.0.4/src/postscreen/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postscreen/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postscreen/Makefile.in postfix-3.1.0/src/postscreen/Makefile.in
--- postfix-3.0.4/src/postscreen/Makefile.in	2015-01-28 00:13:15.000000000 +0000
+++ postfix-3.1.0/src/postscreen/Makefile.in	2015-07-12 17:21:05.000000000 +0000
@@ -16,7 +16,6 @@
 TESTPROG=
 PROG	= postscreen
 INC_DIR = ../../include
-# Fake libdns dependency, for early-binding shared-library builds.
 LIBS	= ../../lib/lib$(LIB_PREFIX)master$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)tls$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)dns$(LIB_SUFFIX) \
diff -Nru postfix-3.0.4/src/postscreen/postscreen.c postfix-3.1.0/src/postscreen/postscreen.c
--- postfix-3.0.4/src/postscreen/postscreen.c	2015-04-04 13:35:35.000000000 +0000
+++ postfix-3.1.0/src/postscreen/postscreen.c	2015-07-12 00:08:23.000000000 +0000
@@ -30,11 +30,11 @@
 /*	process. This minimizes the overhead for legitimate mail.
 /*
 /*	By default, \fBpostscreen\fR(8) logs statistics and hands
-/*	off every connection to a Postfix SMTP server process, while
+/*	off each connection to a Postfix SMTP server process, while
 /*	excluding clients in mynetworks from all tests (primarily,
 /*	to avoid problems with non-standard SMTP implementations
-/*	in network appliances).  This mode is useful for non-destructive
-/*	testing.
+/*	in network appliances).  This default mode blocks no clients,
+/*	and is useful for non-destructive testing.
 /*
 /*	In a typical production setting, \fBpostscreen\fR(8) is
 /*	configured to reject mail from clients that fail one or
@@ -121,6 +121,10 @@
 /*	A case insensitive list of EHLO keywords (pipelining, starttls,
 /*	auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO
 /*	response to a remote SMTP client.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBdns_ncache_ttl_fix_enable (no)\fR"
+/*	Enable a workaround for future libc incompatibility.
 /* TROUBLE SHOOTING CONTROLS
 /* .ad
 /* .fi
@@ -275,9 +279,14 @@
 /* .IP "\fBpostscreen_bare_newline_ttl (30d)\fR"
 /*	The amount of time that \fBpostscreen\fR(8) will use the result from
 /*	a successful "bare newline" SMTP protocol test.
-/* .IP "\fBpostscreen_dnsbl_ttl (1h)\fR"
-/*	The amount of time that \fBpostscreen\fR(8) will use the result from
-/*	a successful DNS blocklist test.
+/* .IP "\fBpostscreen_dnsbl_max_ttl (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)\fR"
+/*	The maximum amount of time that \fBpostscreen\fR(8) will use the
+/*	result from a successful DNS-based reputation test before a
+/*	client IP address is required to pass that test again.
+/* .IP "\fBpostscreen_dnsbl_min_ttl (60s)\fR"
+/*	The minimum amount of time that \fBpostscreen\fR(8) will use the
+/*	result from a successful DNS-based reputation test before a
+/*	client IP address is required to pass that test again.
 /* .IP "\fBpostscreen_greet_ttl (1d)\fR"
 /*	The amount of time that \fBpostscreen\fR(8) will use the result from
 /*	a successful PREGREET test.
@@ -388,6 +397,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -476,7 +490,8 @@
 int     var_psc_dnsbl_thresh;
 int     var_psc_dnsbl_wthresh;
 char   *var_psc_dnsbl_action;
-int     var_psc_dnsbl_ttl;
+int     var_psc_dnsbl_min_ttl;
+int     var_psc_dnsbl_max_ttl;
 int     var_psc_dnsbl_tmout;
 
 bool    var_psc_pipel_enable;
@@ -524,7 +539,6 @@
 int     psc_nsmtp_action;		/* PSC_ACT_DROP/ENFORCE/etc */
 int     psc_barlf_action;		/* PSC_ACT_DROP/ENFORCE/etc */
 int     psc_min_ttl;			/* Update with new tests! */
-int     psc_max_ttl;			/* Update with new tests! */
 STRING_LIST *psc_forbid_cmds;		/* CONNECT GET POST */
 int     psc_stress_greet_wait;		/* stressed greet wait */
 int     psc_normal_greet_wait;		/* stressed greet wait */
@@ -1022,13 +1036,9 @@
      * Pre-compute the minimal and maximal TTL.
      */
     psc_min_ttl =
-	PSC_MIN(PSC_MIN(var_psc_pregr_ttl, var_psc_dnsbl_ttl),
+	PSC_MIN(PSC_MIN(var_psc_pregr_ttl, var_psc_dnsbl_min_ttl),
 		PSC_MIN(PSC_MIN(var_psc_pipel_ttl, var_psc_nsmtp_ttl),
 			var_psc_barlf_ttl));
-    psc_max_ttl =
-	PSC_MAX(PSC_MAX(var_psc_pregr_ttl, var_psc_dnsbl_ttl),
-		PSC_MAX(PSC_MAX(var_psc_pipel_ttl, var_psc_nsmtp_ttl),
-			var_psc_barlf_ttl));
 
     /*
      * Pre-compute the stress and normal command time limits.
@@ -1122,7 +1132,8 @@
     static const CONFIG_TIME_TABLE time_table[] = {
 	VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, &var_psc_greet_wait, 1, 0,
 	VAR_PSC_PREGR_TTL, DEF_PSC_PREGR_TTL, &var_psc_pregr_ttl, 1, 0,
-	VAR_PSC_DNSBL_TTL, DEF_PSC_DNSBL_TTL, &var_psc_dnsbl_ttl, 1, 0,
+	VAR_PSC_DNSBL_MIN_TTL, DEF_PSC_DNSBL_MIN_TTL, &var_psc_dnsbl_min_ttl, 1, 0,
+	VAR_PSC_DNSBL_MAX_TTL, DEF_PSC_DNSBL_MAX_TTL, &var_psc_dnsbl_max_ttl, 1, 0,
 	VAR_PSC_PIPEL_TTL, DEF_PSC_PIPEL_TTL, &var_psc_pipel_ttl, 1, 0,
 	VAR_PSC_NSMTP_TTL, DEF_PSC_NSMTP_TTL, &var_psc_nsmtp_ttl, 1, 0,
 	VAR_PSC_BARLF_TTL, DEF_PSC_BARLF_TTL, &var_psc_barlf_ttl, 1, 0,
diff -Nru postfix-3.0.4/src/postscreen/postscreen_dnsbl.c postfix-3.1.0/src/postscreen/postscreen_dnsbl.c
--- postfix-3.0.4/src/postscreen/postscreen_dnsbl.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/postscreen/postscreen_dnsbl.c	2015-07-12 00:08:54.000000000 +0000
@@ -13,10 +13,12 @@
 /*	void	(*callback)(int, char *);
 /*	char	*context;
 /*
-/*	int	psc_dnsbl_retrieve(client_addr, dnsbl_name, dnsbl_index)
+/*	int	psc_dnsbl_retrieve(client_addr, dnsbl_name, dnsbl_index,
+/*					dnsbl_ttl)
 /*	char	*client_addr;
 /*	const char **dnsbl_name;
 /*	int	dnsbl_index;
+/*	int	*dnsbl_ttl;
 /* DESCRIPTION
 /*	This module implements preliminary support for DNSBL lookups.
 /*	Multiple requests for the same information are handled with
@@ -37,8 +39,10 @@
 /*	The result value is the index for the psc_dnsbl_retrieve()
 /*	call.
 /*
-/*	psc_dnsbl_retrieve() retrieves the result score requested with
-/*	psc_dnsbl_request() and decrements the reference count. It
+/*	psc_dnsbl_retrieve() retrieves the result score and reply
+/*	TTL requested with psc_dnsbl_request(), and decrements the
+/*	reference count. The reply TTL value is clamped to
+/*	postscreen_dnsbl_min_ttl and postscreen_dnsbl_max_ttl.  It
 /*	is an error to retrieve a score without requesting it first.
 /* LICENSE
 /* .ad
@@ -49,6 +53,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -58,6 +67,7 @@
 #include 			/* inet_pton() */
 #include 			/* inet_pton() */
 #include 			/* sscanf */
+#include 
 
 /* Utility library. */
 
@@ -140,7 +150,9 @@
 typedef struct {
     const char *dnsbl_name;		/* DNSBL with largest contribution */
     int     dnsbl_weight;		/* weight of largest contribution */
-    int     total;			/* combined blocklist score */
+    int     total;			/* combined white+blocklist score */
+    int     fail_ttl;			/* combined reply TTL */
+    int     pass_ttl;			/* combined reply TTL */
     int     refcount;			/* score reference count */
     int     pending_lookups;		/* nr of DNS requests in flight */
     int     request_id;			/* duplicate suppression */
@@ -306,11 +318,12 @@
 /* psc_dnsbl_retrieve - retrieve blocklist score, decrement reference count */
 
 int     psc_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name,
-			           int dnsbl_index)
+			           int dnsbl_index, int *dnsbl_ttl)
 {
     const char *myname = "psc_dnsbl_retrieve";
     PSC_DNSBL_SCORE *score;
     int     result_score;
+    int     result_ttl;
 
     /*
      * Sanity check.
@@ -329,6 +342,16 @@
      */
     result_score = score->total;
     *dnsbl_name = score->dnsbl_name;
+    result_ttl = (result_score > 0) ? score->fail_ttl : score->pass_ttl;
+    /* As with dnsblog(8), a value < 0 means no reply TTL. */
+    if (result_ttl < var_psc_dnsbl_min_ttl)
+	result_ttl = var_psc_dnsbl_min_ttl;
+    if (result_ttl > var_psc_dnsbl_max_ttl)
+	result_ttl = var_psc_dnsbl_max_ttl;
+    *dnsbl_ttl = result_ttl;
+    if (msg_verbose)
+	msg_info("%s: addr=%s score=%d ttl=%d",
+		 myname, client_addr, result_score, result_ttl);
     score->refcount -= 1;
     if (score->refcount < 1) {
 	if (msg_verbose > 1)
@@ -349,6 +372,7 @@
     PSC_DNSBL_SITE *site;
     ARGV   *reply_argv;
     int     request_id;
+    int     dnsbl_ttl;
 
     PSC_CLEAR_EVENT_REQUEST(vstream_fileno(stream), psc_dnsbl_receive, context);
 
@@ -374,7 +398,8 @@
 		     RECV_ATTR_STR(MAIL_ATTR_ACT_CLIENT_ADDR, reply_client),
 		     RECV_ATTR_INT(MAIL_ATTR_LABEL, &request_id),
 		     RECV_ATTR_STR(MAIL_ATTR_RBL_ADDR, reply_addr),
-		     ATTR_TYPE_END) == 4
+		     RECV_ATTR_INT(MAIL_ATTR_TTL, &dnsbl_ttl),
+		     ATTR_TYPE_END) == 5
 	&& (score = (PSC_DNSBL_SCORE *)
 	    htable_find(dnsbl_score_cache, STR(reply_client))) != 0
 	&& score->request_id == request_id) {
@@ -387,14 +412,17 @@
 	 * server may be messed up.
 	 */
 	if (msg_verbose > 1)
-	    msg_info("%s: client=\"%s\" score=%d domain=\"%s\" reply=\"%s\"",
+	    msg_info("%s: client=\"%s\" score=%d domain=\"%s\" reply=\"%d %s\"",
 		     myname, STR(reply_client), score->total,
-		     STR(reply_dnsbl), STR(reply_addr));
-	if (*STR(reply_addr) != 0) {
-	    head = (PSC_DNSBL_HEAD *)
-		htable_find(dnsbl_site_cache, STR(reply_dnsbl));
-	    site = (head ? head->first : (PSC_DNSBL_SITE *) 0);
-	    for (reply_argv = 0; site != 0; site = site->next) {
+		     STR(reply_dnsbl), dnsbl_ttl, STR(reply_addr));
+	head = (PSC_DNSBL_HEAD *)
+	    htable_find(dnsbl_site_cache, STR(reply_dnsbl));
+	if (head == 0) {
+	    /* Bogus domain. Do nothing. */
+	} else if (*STR(reply_addr) != 0) {
+	    /* DNS reputation record(s) found. */
+	    reply_argv = 0;
+	    for (site = head->first; site != 0; site = site->next) {
 		if (site->byte_codes == 0
 		    || psc_dnsbl_match(site->byte_codes, reply_argv ? reply_argv :
 			 (reply_argv = argv_split(STR(reply_addr), " ")))) {
@@ -409,9 +437,29 @@
 			       myname, site->filter ? site->filter : "null",
 				 site->weight, score->total);
 		}
+		/* As with dnsblog(8), a value < 0 means no reply TTL. */
+		if (site->weight > 0) {
+		    if (score->fail_ttl < 0 || score->fail_ttl > dnsbl_ttl)
+			score->fail_ttl = dnsbl_ttl;
+		} else {
+		    if (score->pass_ttl < 0 || score->pass_ttl > dnsbl_ttl)
+			score->pass_ttl = dnsbl_ttl;
+		}
 	    }
 	    if (reply_argv != 0)
 		argv_free(reply_argv);
+	} else {
+	    /* No DNS reputation record found. */
+	    for (site = head->first; site != 0; site = site->next) {
+		/* As with dnsblog(8), a value < 0 means no reply TTL. */
+		if (site->weight > 0) {
+		    if (score->pass_ttl < 0 || score->pass_ttl > dnsbl_ttl)
+			score->pass_ttl = dnsbl_ttl;
+		} else {
+		    if (score->fail_ttl < 0 || score->fail_ttl > dnsbl_ttl)
+			score->fail_ttl = dnsbl_ttl;
+		}
+	    }
 	}
 
 	/*
@@ -485,6 +533,9 @@
     score->request_id = request_count++;
     score->dnsbl_name = 0;
     score->dnsbl_weight = 0;
+    /* As with dnsblog(8), a value < 0 means no reply TTL. */
+    score->pass_ttl = -1;
+    score->fail_ttl = -1;
     score->total = 0;
     score->refcount = 1;
     score->pending_lookups = 0;
diff -Nru postfix-3.0.4/src/postscreen/postscreen_early.c postfix-3.1.0/src/postscreen/postscreen_early.c
--- postfix-3.0.4/src/postscreen/postscreen_early.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/postscreen/postscreen_early.c	2016-01-24 00:38:38.000000000 +0000
@@ -25,6 +25,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -87,8 +92,8 @@
 		state->flags |= PSC_STATE_FLAG_BYTINDX_PASS(tindx);
 	    }
 	    /* Update expiration even if the test was completed or disabled. */
-	    if (state->expire_time[tindx] < now + var_psc_dnsbl_ttl)
-		state->expire_time[tindx] = now + var_psc_dnsbl_ttl;
+	    if (state->expire_time[tindx] < now + state->dnsbl_ttl)
+		state->expire_time[tindx] = now + state->dnsbl_ttl;
 	}
     }
 }
@@ -164,12 +169,13 @@
 		state->dnsbl_score =
 		    psc_dnsbl_retrieve(state->smtp_client_addr,
 				       &state->dnsbl_name,
-				       state->dnsbl_index);
+				       state->dnsbl_index,
+				       &state->dnsbl_ttl);
 		if (var_psc_dnsbl_wthresh < 0)
 		    psc_whitelist_non_dnsbl(state);
 	    }
 	    if (state->dnsbl_score < var_psc_dnsbl_thresh) {
-		state->dnsbl_stamp = event_time() + var_psc_dnsbl_ttl;
+		state->dnsbl_stamp = event_time() + state->dnsbl_ttl;
 		PSC_PASS_SESSION_STATE(state, "dnsbl test",
 				       PSC_STATE_FLAG_DNSBL_PASS);
 	    } else {
@@ -228,7 +234,8 @@
 		&& (state->flags & PSC_STATE_FLAG_DNSBL_TODO))
 		(void) psc_dnsbl_retrieve(state->smtp_client_addr,
 					  &state->dnsbl_name,
-					  state->dnsbl_index);
+					  state->dnsbl_index,
+					  &state->dnsbl_ttl);
 	    /* XXX Wait for DNS replies to come in. */
 	    psc_hangup_event(state);
 	    return;
@@ -246,7 +253,8 @@
 		&& (state->flags & PSC_STATE_FLAG_DNSBL_TODO))
 		(void) psc_dnsbl_retrieve(state->smtp_client_addr,
 					  &state->dnsbl_name,
-					  state->dnsbl_index);
+					  state->dnsbl_index,
+					  &state->dnsbl_ttl);
 	    PSC_DROP_SESSION_STATE(state, "521 5.5.1 Protocol error\r\n");
 	    return;
 	case PSC_ACT_ENFORCE:
@@ -298,7 +306,7 @@
      */
     state->dnsbl_score =
 	psc_dnsbl_retrieve(state->smtp_client_addr, &state->dnsbl_name,
-			   state->dnsbl_index);
+			   state->dnsbl_index, &state->dnsbl_ttl);
     if (var_psc_dnsbl_wthresh < 0)
 	psc_whitelist_non_dnsbl(state);
 
diff -Nru postfix-3.0.4/src/postscreen/postscreen.h postfix-3.1.0/src/postscreen/postscreen.h
--- postfix-3.0.4/src/postscreen/postscreen.h	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/postscreen/postscreen.h	2016-01-24 00:39:28.000000000 +0000
@@ -75,6 +75,7 @@
     time_t  expire_time[PSC_TINDX_COUNT];	/* per-test expiration */
     VSTRING *dnsbl_reply;		/* dnsbl reject text */
     int     dnsbl_score;		/* saved DNSBL score */
+    int     dnsbl_ttl;			/* saved DNSBL TTL */
     const char *dnsbl_name;		/* DNSBL name with largest weight */
     int     dnsbl_index;		/* dnsbl request index */
     const char *rcpt_reply;		/* how to reject recipients */
@@ -372,7 +373,6 @@
 extern int psc_nsmtp_action;		/* PSC_ACT_DROP etc. */
 extern int psc_barlf_action;		/* PSC_ACT_DROP etc. */
 extern int psc_min_ttl;			/* Update with new tests! */
-extern int psc_max_ttl;			/* Update with new tests! */
 extern STRING_LIST *psc_forbid_cmds;	/* CONNECT GET POST */
 extern int psc_stress_greet_wait;	/* stressed greet wait */
 extern int psc_normal_greet_wait;	/* stressed greet wait */
@@ -480,7 +480,7 @@
   * postscreen_dnsbl.c
   */
 extern void psc_dnsbl_init(void);
-extern int psc_dnsbl_retrieve(const char *, const char **, int);
+extern int psc_dnsbl_retrieve(const char *, const char **, int, int *);
 extern int psc_dnsbl_request(const char *, void (*) (int, void *), void *);
 
  /*
@@ -582,4 +582,9 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
diff -Nru postfix-3.0.4/src/postsuper/.indent.pro postfix-3.1.0/src/postsuper/.indent.pro
--- postfix-3.0.4/src/postsuper/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/postsuper/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/postsuper/postsuper.c postfix-3.1.0/src/postsuper/postsuper.c
--- postfix-3.0.4/src/postsuper/postsuper.c	2014-10-16 21:58:31.000000000 +0000
+++ postfix-3.1.0/src/postsuper/postsuper.c	2016-02-14 01:27:14.000000000 +0000
@@ -251,6 +251,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -1223,8 +1228,8 @@
      * configuration directory location.
      */
     mail_conf_read();
-    if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
-	msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
+    /* Re-evaluate mail_task() after reading main.cf. */
+    msg_syslog_init(mail_task(argv[0]), LOG_PID, LOG_FACILITY);
     if (chdir(var_queue_dir))
 	msg_fatal("chdir %s: %m", var_queue_dir);
 
diff -Nru postfix-3.0.4/src/posttls-finger/.indent.pro postfix-3.1.0/src/posttls-finger/.indent.pro
--- postfix-3.0.4/src/posttls-finger/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/posttls-finger/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/posttls-finger/posttls-finger.c postfix-3.1.0/src/posttls-finger/posttls-finger.c
--- postfix-3.0.4/src/posttls-finger/posttls-finger.c	2015-02-02 17:46:10.000000000 +0000
+++ postfix-3.1.0/src/posttls-finger/posttls-finger.c	2016-01-04 12:26:16.000000000 +0000
@@ -203,6 +203,11 @@
 /*	don't expose the underlying server identity in their EHLO
 /*	response; with these servers there will never be more than
 /*	1 reconnection attempt.
+/* .IP "\fB-M \fIinsecure_mx_policy\fR (default: \fBdane\fR)"
+/*	The TLS policy for MX hosts with "secure" TLSA records when the
+/*	nexthop destination security level is \fBdane\fR, but the MX
+/*	record was found via an "insecure" MX lookup.  See the main.cf
+/*	documentation for smtp_tls_insecure_mx_policy for details.
 /* .IP "\fB-o \fIname=value\fR"
 /*	Specify zero or more times to override the value of the main.cf
 /*	parameter \fIname\fR with \fIvalue\fR.  Possible use-cases include
@@ -453,6 +458,7 @@
     TLS_DANE *ddane;			/* DANE TLSA from DNS */
     char   *grade;			/* Minimum cipher grade */
     char   *protocols;			/* Protocol inclusion/exclusion */
+    int     mxinsec_level;		/* DANE for insecure MX RRs? */
 #endif
     OPTIONS options;			/* JCL */
 } STATE;
@@ -1107,7 +1113,14 @@
     static const char *myname = "mx_addr_list";
     DNS_RR *addr_list = 0;
     DNS_RR *rr;
-    int     res_opt = mx_names->dnssec_valid ? RES_USE_DNSSEC : 0;
+    int     res_opt = 0;
+
+    if (mx_names->dnssec_valid)
+	res_opt = RES_USE_DNSSEC;
+#ifdef USE_TLS
+    else if (state->mxinsec_level > TLS_LEV_MAY)
+	res_opt = RES_USE_DNSSEC;
+#endif
 
     for (rr = mx_names; rr; rr = rr->next) {
 	if (rr->type != T_MX)
@@ -1226,7 +1239,8 @@
 
 #ifdef USE_TLS
     if (TLS_DANE_BASED(level)) {
-	if (state->mx == 0 || state->mx->dnssec_valid) {
+	if (state->mx == 0 || state->mx->dnssec_valid ||
+	    state->mxinsec_level > TLS_LEV_MAY) {
 	    if (state->log_mask & (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE))
 		tls_dane_verbose(1);
 	    else
@@ -1248,9 +1262,8 @@
 			   HNAME(addr), ntohs(state->port));
 		level = TLS_LEV_INVALID;
 	    } else if (tls_dane_notfound(state->ddane)
-		       || tls_dane_unusable(state->ddane)
-		       || level == TLS_LEV_DANE_ONLY) {
-		if (msg_verbose)
+		       || tls_dane_unusable(state->ddane)) {
+		if (msg_verbose || level == TLS_LEV_DANE_ONLY)
 		    msg_info("no %sTLSA records found, "
 			     "resorting to \"secure\"",
 			     tls_dane_unusable(state->ddane) ?
@@ -1259,12 +1272,22 @@
 	    } else if (!TLS_DANE_HASTA(state->ddane)
 		       && !TLS_DANE_HASEE(state->ddane)) {
 		msg_panic("DANE activated with no TLSA records to match");
+	    } else if (state->mx && !state->mx->dnssec_valid &&
+		       state->mxinsec_level == TLS_LEV_ENCRYPT) {
+		msg_info("TLSA RRs found, MX RRset insecure: just encrypt");
+		tls_dane_free(state->ddane);
+		state->ddane = 0;
+		level = TLS_LEV_ENCRYPT;
 	    } else {
 		if (state->match)
 		    argv_free(state->match);
 		argv_add(state->match = argv_alloc(2),
 			 state->ddane->base_domain, ARGV_END);
 		if (state->mx) {
+		    if (!state->mx->dnssec_valid) {
+			msg_info("MX RRset insecure: log verified as trusted");
+			level = TLS_LEV_HALF_DANE;
+		    }
 		    if (strcmp(state->mx->qname, state->mx->rname) == 0)
 			argv_add(state->match, state->mx->qname, ARGV_END);
 		    else
@@ -1272,6 +1295,10 @@
 				 state->mx->qname, ARGV_END);
 		}
 	    }
+	} else if (state->mx && !state->mx->dnssec_valid &&
+		   state->mxinsec_level == TLS_LEV_MAY) {
+	    msg_info("MX RRset is insecure: try to encrypt");
+	    level = TLS_LEV_MAY;
 	} else {
 	    level = TLS_LEV_SECURE;
 	}
@@ -1642,7 +1669,7 @@
 
 #define OPTS "a:ch:o:St:T:v"
 #ifdef USE_TLS
-#define TLSOPTS "A:Cd:fF:g:k:K:l:L:m:p:P:r:w"
+#define TLSOPTS "A:Cd:fF:g:k:K:l:L:m:M:p:P:r:w"
 
     state->mdalg = mystrdup("sha1");
     state->CApath = mystrdup("");
@@ -1652,6 +1679,7 @@
     state->options.tas = argv_alloc(1);
     state->options.logopts = 0;
     state->level = TLS_LEV_DANE;
+    state->mxinsec_level = TLS_LEV_DANE;
 #else
 #define TLSOPTS ""
     state->level = TLS_LEV_NONE;
@@ -1738,6 +1766,16 @@
 	case 'm':
 	    state->max_reconnect = atoi(optarg);
 	    break;
+	case 'M':
+	    switch (state->mxinsec_level = tls_level_lookup(optarg)) {
+	    case TLS_LEV_MAY:
+	    case TLS_LEV_ENCRYPT:
+	    case TLS_LEV_DANE:
+		break;
+	    default:
+		msg_fatal("bad '-M' option value: %s", optarg);
+	    }
+	    break;
 	case 'p':
 	    myfree(state->protocols);
 	    state->protocols = mystrdup(optarg);
diff -Nru postfix-3.0.4/src/proxymap/.indent.pro postfix-3.1.0/src/proxymap/.indent.pro
--- postfix-3.0.4/src/proxymap/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/proxymap/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/proxymap/proxymap.c postfix-3.1.0/src/proxymap/proxymap.c
--- postfix-3.0.4/src/proxymap/proxymap.c	2015-01-02 22:55:37.000000000 +0000
+++ postfix-3.1.0/src/proxymap/proxymap.c	2016-02-14 01:30:38.000000000 +0000
@@ -205,6 +205,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/qmgr/.indent.pro postfix-3.1.0/src/qmgr/.indent.pro
--- postfix-3.0.4/src/qmgr/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/qmgr/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/qmgr/qmgr.c postfix-3.1.0/src/qmgr/qmgr.c
--- postfix-3.0.4/src/qmgr/qmgr.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/qmgr/qmgr.c	2016-02-14 14:26:22.000000000 +0000
@@ -73,7 +73,7 @@
 /* .IP "\fBslow start\fR"
 /*	This strategy eliminates "thundering herd" problems by slowly
 /*	adjusting the number of parallel deliveries to the same destination.
-/* .IP "\fBround robin\fR
+/* .IP "\fBround robin\fR"
 /*	The queue manager sorts delivery requests by destination.
 /*	Round-robin selection prevents one destination from dominating
 /*	deliveries to other destinations.
@@ -299,7 +299,15 @@
 /*	The default amount of delay that is inserted between individual
 /*	deliveries to the same destination; the resulting behavior depends
 /*	on the value of the corresponding per-destination recipient limit.
-/* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay
+/* .IP "\fItransport\fB_destination_rate_delay $default_destination_rate_delay\fR"
+/*	Idem, for delivery via the named message \fItransport\fR.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBdefault_transport_rate_delay (0s)\fR"
+/*	The default amount of delay that is inserted between individual
+/*	deliveries over the same message delivery transport, regardless of
+/*	destination.
+/* .IP "\fItransport\fB_transport_rate_delay $default_transport_rate_delay\fR"
 /*	Idem, for delivery via the named message \fItransport\fR.
 /* SAFETY CONTROLS
 /* .ad
@@ -310,6 +318,11 @@
 /* .IP "\fBqmgr_ipc_timeout (60s)\fR"
 /*	The time limit for the queue manager to send or receive information
 /*	over an internal communication channel.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR"
+/*	A safety limit that prevents address verification requests from
+/*	overwhelming the Postfix queue.
 /* MISCELLANEOUS CONTROLS
 /* .ad
 /* .fi
@@ -378,6 +391,11 @@
 /*	Patrik Rak
 /*	Modra 6
 /*	155 00, Prague, Czech Republic
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -446,11 +464,13 @@
 char   *var_conc_neg_feedback;
 int     var_conc_cohort_limit;
 int     var_conc_feedback_debug;
+int     var_xport_rate_delay;
 int     var_dest_rate_delay;
 char   *var_def_filter_nexthop;
 int     var_qmgr_daemon_timeout;
 int     var_qmgr_ipc_timeout;
 int     var_dsn_delay_cleared;
+int     var_vrfy_pend_limit;
 
 static QMGR_SCAN *qmgr_scans[2];
 
@@ -702,6 +722,7 @@
 	VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0,
 	VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0,
 	VAR_XPORT_REFILL_DELAY, DEF_XPORT_REFILL_DELAY, &var_xport_refill_delay, 1, 0,
+	VAR_XPORT_RATE_DELAY, DEF_XPORT_RATE_DELAY, &var_xport_rate_delay, 0, 0,
 	VAR_DEST_RATE_DELAY, DEF_DEST_RATE_DELAY, &var_dest_rate_delay, 0, 0,
 	VAR_QMGR_DAEMON_TIMEOUT, DEF_QMGR_DAEMON_TIMEOUT, &var_qmgr_daemon_timeout, 1, 0,
 	VAR_QMGR_IPC_TIMEOUT, DEF_QMGR_IPC_TIMEOUT, &var_qmgr_ipc_timeout, 1, 0,
@@ -724,6 +745,7 @@
 	VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0,
 	VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0,
 	VAR_CONC_COHORT_LIM, DEF_CONC_COHORT_LIM, &var_conc_cohort_limit, 0, 0,
+	VAR_VRFY_PEND_LIMIT, DEF_VRFY_PEND_LIMIT, &var_vrfy_pend_limit, 1, 0,
 	0,
     };
     static const CONFIG_BOOL_TABLE bool_table[] = {
diff -Nru postfix-3.0.4/src/qmgr/qmgr_deliver.c postfix-3.1.0/src/qmgr/qmgr_deliver.c
--- postfix-3.0.4/src/qmgr/qmgr_deliver.c	2014-12-14 18:22:05.000000000 +0000
+++ postfix-3.1.0/src/qmgr/qmgr_deliver.c	2015-07-12 14:12:56.000000000 +0000
@@ -45,6 +45,11 @@
 /*	Patrik Rak
 /*	Modra 6
 /*	155 00, Prague, Czech Republic
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -82,6 +87,14 @@
 
 #include "qmgr.h"
 
+ /*
+  * Important note on the _transport_rate_delay implementation: after
+  * qmgr_transport_alloc() sets the QMGR_TRANSPORT_STAT_RATE_LOCK flag, all
+  * code paths must directly or indirectly invoke qmgr_transport_unthrottle()
+  * or qmgr_transport_throttle(). Otherwise, transports with non-zero
+  * _transport_rate_delay will become stuck.
+  */
+
 int     qmgr_deliver_concurrency;
 
  /*
@@ -346,9 +359,10 @@
      * No problems detected. Mark the transport and queue as alive. The queue
      * itself won't go away before we dispose of the current queue entry.
      */
-    if (status != DELIVER_STAT_CRASH && VSTRING_LEN(dsb->reason) == 0) {
+    if (status != DELIVER_STAT_CRASH) {
 	qmgr_transport_unthrottle(transport);
-	qmgr_queue_unthrottle(queue);
+	if (VSTRING_LEN(dsb->reason) == 0)
+	    qmgr_queue_unthrottle(queue);
     }
 
     /*
diff -Nru postfix-3.0.4/src/qmgr/qmgr.h postfix-3.1.0/src/qmgr/qmgr.h
--- postfix-3.0.4/src/qmgr/qmgr.h	2014-07-07 20:15:53.000000000 +0000
+++ postfix-3.1.0/src/qmgr/qmgr.h	2015-12-27 21:30:56.000000000 +0000
@@ -204,10 +204,12 @@
     QMGR_FEEDBACK pos_feedback;		/* positive feedback control */
     QMGR_FEEDBACK neg_feedback;		/* negative feedback control */
     int     fail_cohort_limit;		/* flow shutdown control */
+    int     xport_rate_delay;		/* suspend per delivery */
     int     rate_delay;			/* suspend per delivery */
 };
 
 #define QMGR_TRANSPORT_STAT_DEAD	(1<<1)
+#define QMGR_TRANSPORT_STAT_RATE_LOCK	(1<<2)
 
 typedef void (*QMGR_TRANSPORT_ALLOC_NOTIFY) (QMGR_TRANSPORT *, VSTREAM *);
 extern QMGR_TRANSPORT *qmgr_transport_select(void);
@@ -378,6 +380,7 @@
 
 extern int qmgr_message_count;
 extern int qmgr_recipient_count;
+extern int qmgr_vrfy_pend_count;
 
 extern void qmgr_message_free(QMGR_MESSAGE *);
 extern void qmgr_message_update_warn(QMGR_MESSAGE *);
diff -Nru postfix-3.0.4/src/qmgr/qmgr_message.c postfix-3.1.0/src/qmgr/qmgr_message.c
--- postfix-3.0.4/src/qmgr/qmgr_message.c	2015-01-27 19:27:44.000000000 +0000
+++ postfix-3.1.0/src/qmgr/qmgr_message.c	2015-12-27 21:30:56.000000000 +0000
@@ -8,6 +8,7 @@
 /*
 /*	int	qmgr_message_count;
 /*	int	qmgr_recipient_count;
+/*	int	qmgr_vrfy_pend_count;
 /*
 /*	QMGR_MESSAGE *qmgr_message_alloc(class, name, qflags, mode)
 /*	const char *class;
@@ -38,6 +39,13 @@
 /*	of in-core recipient structures (i.e. the sum of all recipients
 /*	in all in-core message structures).
 /*
+/*	qmgr_vrfy_pend_count is a global counter for the total
+/*	number of in-core message structures that are associated
+/*	with an address verification request. Requests that exceed
+/*	the address_verify_pending_limit are deferred immediately.
+/*	This is a backup mechanism for a more refined enforcement
+/*	mechanism in the verify(8) daemon.
+/*
 /*	qmgr_message_alloc() creates an in-core message structure
 /*	with sender and recipient information taken from the named queue
 /*	file. A null result means the queue file could not be read or
@@ -145,6 +153,7 @@
 
 int     qmgr_message_count;
 int     qmgr_recipient_count;
+int     qmgr_vrfy_pend_count;
 
 /* qmgr_message_create - create in-core message structure */
 
@@ -746,11 +755,15 @@
 	     * after the logfile is deleted.
 	     */
 	    else if (strcmp(name, MAIL_ATTR_TRACE_FLAGS) == 0) {
-		message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
-		if (message->tflags == DEL_REQ_FLAG_RECORD)
-		    message->tflags_offset = curr_offset;
-		else
-		    message->tflags_offset = 0;
+		if (message->tflags == 0) {
+		    message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
+		    if (message->tflags == DEL_REQ_FLAG_RECORD)
+			message->tflags_offset = curr_offset;
+		    else
+			message->tflags_offset = 0;
+		    if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) != 0)
+			qmgr_vrfy_pend_count++;
+		}
 	    }
 	    continue;
 	}
@@ -1167,6 +1180,14 @@
 	}
 
 	/*
+	 * Safety: defer excess address verification requests.
+	 */
+	if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) != 0
+	    && qmgr_vrfy_pend_count > var_vrfy_pend_limit)
+	    QMGR_REDIRECT(&reply, MAIL_SERVICE_RETRY,
+			  "4.3.2 Too many address verification requests");
+
+	/*
 	 * Look up or instantiate the proper transport.
 	 */
 	if (transport == 0 || !STREQ(transport->name, STR(reply.transport))) {
@@ -1431,6 +1452,8 @@
 	myfree(message->rewrite_context);
     recipient_list_free(&message->rcpt_list);
     qmgr_message_count--;
+    if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) != 0)
+	qmgr_vrfy_pend_count--;
     myfree((void *) message);
 }
 
diff -Nru postfix-3.0.4/src/qmgr/qmgr_transport.c postfix-3.1.0/src/qmgr/qmgr_transport.c
--- postfix-3.0.4/src/qmgr/qmgr_transport.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/qmgr/qmgr_transport.c	2015-07-12 14:12:25.000000000 +0000
@@ -69,6 +69,11 @@
 /*	Patrik Rak
 /*	Modra 6
 /*	155 00, Prague, Czech Republic
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -163,6 +168,14 @@
 #define QMGR_TRANSPORT_MAX_PEND	2
 #endif
 
+ /*
+  * Important note on the _transport_rate_delay implementation: after
+  * qmgr_transport_alloc() sets the QMGR_TRANSPORT_STAT_RATE_LOCK flag, all
+  * code paths must directly or indirectly invoke qmgr_transport_unthrottle()
+  * or qmgr_transport_throttle(). Otherwise, transports with non-zero
+  * _transport_rate_delay will become stuck.
+  */
+
 /* qmgr_transport_unthrottle_wrapper - in case (char *) != (struct *) */
 
 static void qmgr_transport_unthrottle_wrapper(int unused_event, void *context)
@@ -180,7 +193,7 @@
      * This routine runs after expiration of the timer set by
      * qmgr_transport_throttle(), or whenever a delivery transport has been
      * used without malfunction. In either case, we enable delivery again if
-     * the transport was blocked, otherwise the request is ignored.
+     * the transport was throttled. We always reset the transport rate lock.
      */
     if ((transport->flags & QMGR_TRANSPORT_STAT_DEAD) != 0) {
 	if (msg_verbose)
@@ -194,6 +207,8 @@
 	event_cancel_timer(qmgr_transport_unthrottle_wrapper,
 			   (void *) transport);
     }
+    if (transport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK)
+	transport->flags &= ~QMGR_TRANSPORT_STAT_RATE_LOCK;
 }
 
 /* qmgr_transport_throttle - disable delivery process allocation */
@@ -230,6 +245,16 @@
     msg_fatal("timeout connecting to transport: %s", alloc->transport->name);
 }
 
+/* qmgr_transport_rate_event - delivery process availability notice */
+
+static void qmgr_transport_rate_event(int unused_event, void *context)
+{
+    QMGR_TRANSPORT_ALLOC *alloc = (QMGR_TRANSPORT_ALLOC *) context;
+
+    alloc->notify(alloc->transport, alloc->stream);
+    myfree((void *) alloc);
+}
+
 /* qmgr_transport_event - delivery process availability notice */
 
 static void qmgr_transport_event(int unused_event, void *context)
@@ -261,8 +286,16 @@
     /*
      * Notify the requestor.
      */
-    alloc->notify(alloc->transport, alloc->stream);
-    myfree((void *) alloc);
+    if (alloc->transport->xport_rate_delay > 0) {
+	if ((alloc->transport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK) == 0)
+	    msg_panic("transport_event: missing rate lock for transport %s",
+		      alloc->transport->name);
+	event_request_timer(qmgr_transport_rate_event, (void *) alloc,
+			    alloc->transport->xport_rate_delay);
+    } else {
+	alloc->notify(alloc->transport, alloc->stream);
+	myfree((void *) alloc);
+    }
 }
 
 /* qmgr_transport_select - select transport for allocation */
@@ -287,6 +320,7 @@
 
     for (xport = qmgr_transport_list.next; xport; xport = xport->peers.next) {
 	if ((xport->flags & QMGR_TRANSPORT_STAT_DEAD) != 0
+	    || (xport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK) != 0
 	    || xport->pending >= QMGR_TRANSPORT_MAX_PEND)
 	    continue;
 	need = xport->pending + 1;
@@ -316,10 +350,19 @@
      */
     if (transport->flags & QMGR_TRANSPORT_STAT_DEAD)
 	msg_panic("qmgr_transport: dead transport: %s", transport->name);
+    if (transport->flags & QMGR_TRANSPORT_STAT_RATE_LOCK)
+	msg_panic("qmgr_transport: rate-locked transport: %s", transport->name);
     if (transport->pending >= QMGR_TRANSPORT_MAX_PEND)
 	msg_panic("qmgr_transport: excess allocation: %s", transport->name);
 
     /*
+     * When this message delivery transport is rate-limited, do not select it
+     * again before the end of a message delivery transaction.
+     */
+    if (transport->xport_rate_delay > 0)
+	transport->flags |= QMGR_TRANSPORT_STAT_RATE_LOCK;
+
+    /*
      * Connect to the well-known port for this delivery service, and wake up
      * when a process announces its availability. Allow only a limited number
      * of delivery process allocation attempts for this transport. In case of
@@ -392,6 +435,9 @@
     transport->init_dest_concurrency =
 	get_mail_conf_int2(name, _INIT_DEST_CON,
 			   var_init_dest_concurrency, 1, 0);
+    transport->xport_rate_delay = get_mail_conf_time2(name, _XPORT_RATE_DELAY,
+						      var_xport_rate_delay,
+						      's', 0, 0);
     transport->rate_delay = get_mail_conf_time2(name, _DEST_RATE_DELAY,
 						var_dest_rate_delay,
 						's', 0, 0);
diff -Nru postfix-3.0.4/src/qmqpd/.indent.pro postfix-3.1.0/src/qmqpd/.indent.pro
--- postfix-3.0.4/src/qmqpd/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/qmqpd/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/qmqpd/Makefile.in postfix-3.1.0/src/qmqpd/Makefile.in
--- postfix-3.0.4/src/qmqpd/Makefile.in	2015-01-28 00:13:14.000000000 +0000
+++ postfix-3.1.0/src/qmqpd/Makefile.in	2015-07-12 17:14:32.000000000 +0000
@@ -10,7 +10,6 @@
 INC_DIR	= ../../include
 LIBS	= ../../lib/lib$(LIB_PREFIX)master$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)global$(LIB_SUFFIX) \
-	../../lib/lib$(LIB_PREFIX)dns$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX)
 
 .c.o:;	$(CC) $(CFLAGS) -c $*.c
diff -Nru postfix-3.0.4/src/qmqpd/qmqpd.c postfix-3.1.0/src/qmqpd/qmqpd.c
--- postfix-3.0.4/src/qmqpd/qmqpd.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/qmqpd/qmqpd.c	2016-02-14 01:30:54.000000000 +0000
@@ -158,6 +158,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/scache/.indent.pro postfix-3.1.0/src/scache/.indent.pro
--- postfix-3.0.4/src/scache/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/scache/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/scache/scache.c postfix-3.1.0/src/scache/scache.c
--- postfix-3.0.4/src/scache/scache.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/scache/scache.c	2016-02-14 01:31:05.000000000 +0000
@@ -137,6 +137,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/sendmail/.indent.pro postfix-3.1.0/src/sendmail/.indent.pro
--- postfix-3.0.4/src/sendmail/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/sendmail/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/sendmail/sendmail.c postfix-3.1.0/src/sendmail/sendmail.c
--- postfix-3.0.4/src/sendmail/sendmail.c	2015-01-13 19:31:27.000000000 +0000
+++ postfix-3.1.0/src/sendmail/sendmail.c	2016-02-14 14:26:22.000000000 +0000
@@ -110,7 +110,7 @@
 /*	With all Postfix versions, you can specify a directory pathname
 /*	with the MAIL_CONFIG environment variable to override the
 /*	location of configuration files.
-/* .IP "\fB-F \fIfull_name\fR
+/* .IP "\fB-F \fIfull_name\fR"
 /*	Set the sender full name. This overrides the NAME environment
 /*	variable, and is used only with messages that
 /*	have no \fBFrom:\fR message header.
@@ -407,6 +407,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -1073,8 +1078,8 @@
     }
     optind = saved_optind;
     mail_conf_read();
-    if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
-	msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
+    /* Re-evaluate mail_task() after reading main.cf. */
+    msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
     get_mail_conf_str_table(str_table);
 
     if (chdir(var_queue_dir))
diff -Nru postfix-3.0.4/src/showq/.indent.pro postfix-3.1.0/src/showq/.indent.pro
--- postfix-3.0.4/src/showq/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/showq/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/showq/showq.c postfix-3.1.0/src/showq/showq.c
--- postfix-3.0.4/src/showq/showq.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/showq/showq.c	2015-12-16 22:30:20.000000000 +0000
@@ -7,7 +7,8 @@
 /*	\fBshowq\fR [generic Postfix daemon options]
 /* DESCRIPTION
 /*	The \fBshowq\fR(8) daemon reports the Postfix mail queue status.
-/*	It is the program that emulates the sendmail `mailq' command.
+/*	The output is meant to be formatted by the postqueue(1) command,
+/*	as it emulates the Sendmail `mailq' command.
 /*
 /*	The \fBshowq\fR(8) daemon can also be run in stand-alone mode
 /*	by the superuser. This mode of operation is used to emulate
@@ -89,6 +90,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -140,18 +146,6 @@
 int     var_dup_filter_limit;
 char   *var_empty_addr;
 
-#define S_STRING_FORMAT	"%-10s %8s %-20s %s\n"
-#define S_SENDER_FORMAT	"%-11s %7ld %20.20s %s\n"
-#define S_DROP_FORMAT	"%-10s%c %7ld %20.20s (maildrop queue, sender UID %u)\n"
-#define S_HEADINGS	"-Queue ID-", "--Size--", \
-			    "----Arrival Time----", "-Sender/Recipient-------"
-
-#define L_STRING_FORMAT	"%-17s %8s %-19s %s\n"
-#define L_SENDER_FORMAT	"%-17s %8ld %19.19s %s\n"
-#define L_DROP_FORMAT	"%-16s%c %8ld %19.19s (maildrop queue, sender UID %u)\n"
-#define L_HEADINGS	"----Queue ID-----", "--Size--", \
-			    "---Arrival Time----", "--Sender/Recipient------"
-
 static void showq_reasons(VSTREAM *, BOUNCE_LOG *, RCPT_BUF *, DSN_BUF *,
 			          HTABLE *);
 
@@ -167,16 +161,31 @@
     int     rec_type;
     time_t  arrival_time = 0;
     char   *start;
-    long    msg_size = 0;
+    long    msg_size = size;
     BOUNCE_LOG *logfile;
     HTABLE *dup_filter = 0;
     RCPT_BUF *rcpt_buf = 0;
     DSN_BUF *dsn_buf = 0;
-    char    status = (strcmp(queue, MAIL_QUEUE_ACTIVE) == 0 ? '*' :
-		      strcmp(queue, MAIL_QUEUE_HOLD) == 0 ? '!' : ' ');
+    int     sender_seen = 0;
     int     msg_size_ok = 0;
 
     /*
+     * Let the optimizer worry about eliminating duplicate code.
+     */
+#define SHOWQ_CLEANUP_AND_RETURN { \
+	if (sender_seen > 0) \
+	    attr_print(client, ATTR_FLAG_NONE, ATTR_TYPE_END); \
+	vstring_free(buf); \
+	vstring_free(printable_quoted_addr); \
+	if (rcpt_buf) \
+	    rcpb_free(rcpt_buf); \
+	if (dsn_buf) \
+	    dsb_free(dsn_buf); \
+	if (dup_filter) \
+	    htable_free(dup_filter, (void (*) (void *)) 0); \
+    }
+
+    /*
      * XXX addresses in defer logfiles are in printable quoted form, while
      * addresses in message envelope records are in raw unquoted form. This
      * may change once we replace the present ad-hoc bounce/defer logfile
@@ -192,12 +201,17 @@
 	    msg_info("record %c %s", rec_type, printable(start, '?'));
 	switch (rec_type) {
 	case REC_TYPE_TIME:
-	    arrival_time = atol(start);
+	    /* TODO: parse seconds and microseconds. */
+	    if (arrival_time == 0)
+		arrival_time = atol(start);
 	    break;
 	case REC_TYPE_SIZE:
-	    if (msg_size == 0) {
-		if ((msg_size_ok = ((msg_size = atol(start)) > 0)) == 0) {
-		    msg_warn("%s: malformed size record: %.100s",
+	    if (msg_size_ok == 0) {
+		msg_size_ok = (start[strspn(start, "0123456789 ")] == 0
+			       && (msg_size = atol(start)) >= 0);
+		if (msg_size_ok == 0) {
+		    msg_warn("%s: malformed size record: %.100s "
+			     "-- using file size instead",
 			     id, printable(start, '?'));
 		    msg_size = size;
 		}
@@ -208,25 +222,40 @@
 		start = var_empty_addr;
 	    quote_822_local(printable_quoted_addr, start);
 	    printable(STR(printable_quoted_addr), '?');
-	    /* quote_822_local() saves buf, so we can reuse its space. */
-	    vstring_sprintf(buf, "%s%c", id, status);
-	    vstream_fprintf(client, var_long_queue_ids ?
-			    L_SENDER_FORMAT : S_SENDER_FORMAT, STR(buf),
-			  msg_size > 0 ? msg_size : size, arrival_time > 0 ?
-			    asctime(localtime(&arrival_time)) :
-			    asctime(localtime(&mtime)),
-			    STR(printable_quoted_addr));
+	    if (sender_seen++ > 0) {
+		msg_warn("%s: duplicate sender address: %s "
+			 "-- skipping remainder of this file",
+			 id, STR(printable_quoted_addr));
+		SHOWQ_CLEANUP_AND_RETURN;
+	    }
+	    attr_print(client, ATTR_FLAG_MORE,
+		       SEND_ATTR_STR(MAIL_ATTR_QUEUE, queue),
+		       SEND_ATTR_STR(MAIL_ATTR_QUEUEID, id),
+		       SEND_ATTR_LONG(MAIL_ATTR_TIME, arrival_time > 0 ?
+				      arrival_time : mtime),
+		       SEND_ATTR_LONG(MAIL_ATTR_SIZE, msg_size),
+		       SEND_ATTR_STR(MAIL_ATTR_SENDER,
+				     STR(printable_quoted_addr)),
+		       ATTR_TYPE_END);
 	    break;
 	case REC_TYPE_RCPT:
+	    if (sender_seen == 0) {
+		msg_warn("%s: missing sender address: %s "
+			 "-- skipping remainder of this file",
+			 id, STR(printable_quoted_addr));
+		SHOWQ_CLEANUP_AND_RETURN;
+	    }
 	    if (*start == 0)			/* can't happen? */
 		start = var_empty_addr;
 	    quote_822_local(printable_quoted_addr, start);
 	    printable(STR(printable_quoted_addr), '?');
 	    if (dup_filter == 0
 	      || htable_locate(dup_filter, STR(printable_quoted_addr)) == 0)
-		vstream_fprintf(client, var_long_queue_ids ?
-				L_STRING_FORMAT : S_STRING_FORMAT,
-				"", "", "", STR(printable_quoted_addr));
+		attr_print(client, ATTR_FLAG_MORE,
+			   SEND_ATTR_STR(MAIL_ATTR_RECIP,
+					 STR(printable_quoted_addr)),
+			   SEND_ATTR_STR(MAIL_ATTR_WHY, ""),
+			   ATTR_TYPE_END);
 	    break;
 	case REC_TYPE_MESG:
 	    if (msg_size_ok && vstream_fseek(qfile, msg_size, SEEK_CUR) < 0)
@@ -237,18 +266,22 @@
 	}
 
 	/*
-	 * With the heading printed, see if there is a defer logfile. The
-	 * defer logfile is not necessarily complete: delivery may be
+	 * Before listing any recipients from the queue file, try to list
+	 * recipients from the corresponding defer logfile with per-recipient
+	 * descriptions why delivery was deferred.
+	 * 
+	 * The defer logfile is not necessarily complete: delivery may be
 	 * interrupted (postfix stop or reload) before all recipients have
 	 * been tried.
 	 * 
 	 * Therefore we keep a record of recipients found in the defer logfile,
 	 * and try to avoid listing those recipients again when processing
-	 * the remainder of the queue file.
+	 * recipients from the queue file.
 	 */
 	if (rec_type == REC_TYPE_FROM
-	    && dup_filter == 0
 	    && (logfile = bounce_log_open(MAIL_QUEUE_DEFER, id, O_RDONLY, 0)) != 0) {
+	    if (dup_filter != 0)
+		msg_panic("showq_report: attempt to reuse duplicate filter");
 	    dup_filter = htable_create(var_dup_filter_limit);
 	    if (rcpt_buf == 0)
 		rcpt_buf = rcpb_create();
@@ -259,14 +292,7 @@
 		msg_warn("close %s %s: %m", MAIL_QUEUE_DEFER, id);
 	}
     }
-    vstring_free(buf);
-    vstring_free(printable_quoted_addr);
-    if (rcpt_buf)
-	rcpb_free(rcpt_buf);
-    if (dsn_buf)
-	dsb_free(dsn_buf);
-    if (dup_filter)
-	htable_free(dup_filter, (void (*) (void *)) 0);
+    SHOWQ_CLEANUP_AND_RETURN;
 }
 
 /* showq_reasons - show deferral reasons */
@@ -274,8 +300,6 @@
 static void showq_reasons(VSTREAM *client, BOUNCE_LOG *bp, RCPT_BUF *rcpt_buf,
 			          DSN_BUF *dsn_buf, HTABLE *dup_filter)
 {
-    char   *saved_reason = 0;
-    int     padding;
     RECIPIENT *rcpt = &rcpt_buf->rcpt;
     DSN    *dsn = &dsn_buf->dsn;
 
@@ -289,23 +313,11 @@
 	    if (htable_locate(dup_filter, rcpt->address) == 0)
 		htable_enter(dup_filter, rcpt->address, (void *) 0);
 
-	/*
-	 * Don't print the reason when the previous recipient had the same
-	 * problem.
-	 */
-	if (saved_reason == 0 || strcmp(saved_reason, dsn->reason) != 0) {
-	    if (saved_reason)
-		myfree(saved_reason);
-	    saved_reason = mystrdup(dsn->reason);
-	    if ((padding = 76 - strlen(saved_reason)) < 0)
-		padding = 0;
-	    vstream_fprintf(client, "%*s(%s)\n", padding, "", saved_reason);
-	}
-	vstream_fprintf(client, var_long_queue_ids ? L_STRING_FORMAT :
-			S_STRING_FORMAT, "", "", "", rcpt->address);
+	attr_print(client, ATTR_FLAG_MORE,
+		   SEND_ATTR_STR(MAIL_ATTR_RECIP, rcpt->address),
+		   SEND_ATTR_STR(MAIL_ATTR_WHY, dsn->reason),
+		   ATTR_TYPE_END);
     }
-    if (saved_reason)
-	myfree(saved_reason);
 }
 
 
@@ -317,8 +329,6 @@
     const char *path;
     int     status;
     char   *id;
-    int     file_count;
-    unsigned long queue_size = 0;
     struct stat st;
     struct queue_info {
 	char   *name;			/* queue name */
@@ -346,7 +356,6 @@
      * existing file, assume the system is out of resources or that it is
      * mis-configured, and force backoff by raising a fatal error.
      */
-    file_count = 0;
     for (qp = queue_info; qp->name != 0; qp++) {
 	SCAN_DIR *scan = scan_dir_open(qp->name);
 	char   *saved_id = 0;
@@ -368,30 +377,14 @@
 	    saved_id = mystrdup(id);
 	    status = mail_open_ok(qp->name, id, &st, &path);
 	    if (status == MAIL_OPEN_YES) {
-		if (file_count == 0) {
-		    if (var_long_queue_ids)
-			vstream_fprintf(client, L_STRING_FORMAT, L_HEADINGS);
-		    else
-			vstream_fprintf(client, S_STRING_FORMAT, S_HEADINGS);
-		} else
-		    vstream_fprintf(client, "\n");
 		if ((qfile = mail_queue_open(qp->name, id, O_RDONLY, 0)) != 0) {
-		    queue_size += st.st_size;
 		    showq_report(client, qp->name, id, qfile, (long) st.st_size,
 				 st.st_mtime);
 		    if (vstream_fclose(qfile))
 			msg_warn("close file %s %s: %m", qp->name, id);
-		} else if (strcmp(qp->name, MAIL_QUEUE_MAILDROP) == 0) {
-		    queue_size += st.st_size;
-		    vstream_fprintf(client, var_long_queue_ids ?
-				    L_DROP_FORMAT : S_DROP_FORMAT, id, ' ',
-				    (long) st.st_size,
-				    asctime(localtime(&st.st_mtime)),
-				    (unsigned) st.st_uid);
-		} else if (errno != ENOENT)
-		    msg_fatal("open %s %s: %m", qp->name, id);
-		file_count++;
-		vstream_fflush(client);
+		} else if (errno != ENOENT) {
+		    msg_warn("open %s %s: %m", qp->name, id);
+		}
 	    }
 	    vstream_fflush(client);
 	}
@@ -399,13 +392,7 @@
 	    myfree(saved_id);
 	scan_dir_close(scan);
     }
-    if (file_count == 0)
-	vstream_fprintf(client, "Mail queue is empty\n");
-    else {
-	vstream_fprintf(client, "\n-- %lu Kbytes in %d Request%s.\n",
-			queue_size / 1024, file_count,
-			file_count == 1 ? "" : "s");
-    }
+    attr_print(client, ATTR_FLAG_NONE, ATTR_TYPE_END);
 }
 
 MAIL_VERSION_STAMP_DECLARE;
diff -Nru postfix-3.0.4/src/smtp/.indent.pro postfix-3.1.0/src/smtp/.indent.pro
--- postfix-3.0.4/src/smtp/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/smtp/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/smtp/lmtp_params.c postfix-3.1.0/src/smtp/lmtp_params.c
--- postfix-3.0.4/src/smtp/lmtp_params.c	2015-01-18 00:19:01.000000000 +0000
+++ postfix-3.1.0/src/smtp/lmtp_params.c	2016-01-03 14:52:17.000000000 +0000
@@ -1,5 +1,6 @@
     static const CONFIG_STR_TABLE lmtp_str_table[] = {
 	VAR_NOTIFY_CLASSES, DEF_NOTIFY_CLASSES, &var_notify_classes, 0, 0,
+	VAR_LMTP_FALLBACK, DEF_LMTP_FALLBACK, &var_fallback_relay, 0, 0,
 	VAR_BESTMX_TRANSP, DEF_BESTMX_TRANSP, &var_bestmx_transp, 0, 0,
 	VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
 	VAR_LMTP_SASL_PASSWD, DEF_LMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0,
diff -Nru postfix-3.0.4/src/smtp/smtp_addr.c postfix-3.1.0/src/smtp/smtp_addr.c
--- postfix-3.0.4/src/smtp/smtp_addr.c	2014-12-31 13:16:25.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp_addr.c	2016-01-03 14:49:51.000000000 +0000
@@ -134,6 +134,7 @@
     struct addrinfo *res0;
     struct addrinfo *res;
     INET_PROTO_INFO *proto_info = inet_proto_info();
+    unsigned char *proto_family_list = proto_info->sa_family_list;
     int     found;
 
     if (msg_verbose)
@@ -143,14 +144,14 @@
      * Interpret a numerical name as an address.
      */
     if (hostaddr_to_sockaddr(host, (char *) 0, 0, &res0) == 0) {
-	if (strchr((char *) proto_info->sa_family_list, res0->ai_family) != 0) {
-	if ((addr = dns_sa_to_rr(host, pref, res0->ai_addr)) == 0)
-	    msg_fatal("host %s: conversion error for address family %d: %m",
-		    host, ((struct sockaddr *) (res0->ai_addr))->sa_family);
-	addr_list = dns_rr_append(addr_list, addr);
-	freeaddrinfo(res0);
-	return (addr_list);
-    }
+	if (strchr((char *) proto_family_list, res0->ai_family) != 0) {
+	    if ((addr = dns_sa_to_rr(host, pref, res0->ai_addr)) == 0)
+		msg_fatal("host %s: conversion error for address family "
+			  "%d: %m", host, res0->ai_addr->sa_family);
+	    addr_list = dns_rr_append(addr_list, addr);
+	    freeaddrinfo(res0);
+	    return (addr_list);
+	}
 	freeaddrinfo(res0);
     }
 
@@ -214,15 +215,15 @@
 		       host, MAI_STRERROR(aierr));
 	} else {
 	    for (found = 0, res = res0; res != 0; res = res->ai_next) {
-		if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
+		if (strchr((char *) proto_family_list, res->ai_family) == 0) {
 		    msg_info("skipping address family %d for host %s",
 			     res->ai_family, host);
 		    continue;
 		}
 		found++;
 		if ((addr = dns_sa_to_rr(host, pref, res->ai_addr)) == 0)
-		    msg_fatal("host %s: conversion error for address family %d: %m",
-		    host, ((struct sockaddr *) (res0->ai_addr))->sa_family);
+		    msg_fatal("host %s: conversion error for address family "
+			      "%d: %m", host, res0->ai_addr->sa_family);
 		addr_list = dns_rr_append(addr_list, addr);
 	    }
 	    freeaddrinfo(res0);
@@ -246,7 +247,14 @@
 {
     DNS_RR *addr_list = 0;
     DNS_RR *rr;
-    int     res_opt = mx_names->dnssec_valid ? RES_USE_DNSSEC : 0;
+    int     res_opt = 0;
+
+    if (mx_names->dnssec_valid)
+	res_opt = RES_USE_DNSSEC;
+#ifdef USE_TLS
+    else if (smtp_tls_insecure_mx_policy > TLS_LEV_MAY)
+	res_opt = RES_USE_DNSSEC;
+#endif
 
     /*
      * As long as we are able to look up any host address, we ignore problems
diff -Nru postfix-3.0.4/src/smtp/smtp.c postfix-3.1.0/src/smtp/smtp.c
--- postfix-3.0.4/src/smtp/smtp.c	2015-07-19 22:34:26.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp.c	2016-02-14 01:08:41.000000000 +0000
@@ -98,6 +98,7 @@
 /*	RFC 5321 (SMTP protocol)
 /*	RFC 6531 (Internationalized SMTP)
 /*	RFC 6533 (Internationalized Delivery Status Notifications)
+/*	RFC 7672 (SMTP security via opportunistic DANE TLS)
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
 /*	Corrupted message files are marked so that the queue manager can
@@ -286,9 +287,7 @@
 /*	Enable SASL authentication in the Postfix SMTP client.
 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
 /*	Optional Postfix SMTP client lookup tables with one username:password
-/*	entry
-/*	per remote hostname or domain, or sender address when sender-dependent
-/*	authentication is enabled.
+/*	entry per sender, remote hostname or next-hop domain.
 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
 /*	Postfix SMTP client SASL security options; as of Postfix 2.3
 /*	the list of available
@@ -404,14 +403,14 @@
 /*	The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
 /*	process requests from the \fBtlsmgr\fR(8) server in order to seed its
 /*	internal pseudo random number generator (PRNG).
-/* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "HIGH" grade ciphers.
-/* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
-/* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "LOW" or higher grade ciphers.
-/* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
+/* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "high" grade ciphers.
+/* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "medium" or higher grade ciphers.
+/* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "low" or higher grade ciphers.
+/* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "export" or higher grade ciphers.
 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
 /*	The OpenSSL cipherlist for "NULL" grade ciphers that provide
 /*	authentication without encryption.
@@ -469,6 +468,12 @@
 /* .IP "\fBsmtp_tls_wrappermode (no)\fR"
 /*	Request that the Postfix SMTP client connects using the
 /*	legacy SMTPS protocol instead of using the STARTTLS command.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR"
+/*	The TLS policy for MX hosts with "secure" TLSA records when the
+/*	nexthop destination security level is \fBdane\fR, but the MX
+/*	record was found via an "insecure" MX lookup.
 /* OBSOLETE STARTTLS CONTROLS
 /* .ad
 /* .fi
@@ -695,6 +700,11 @@
 /* .IP "\fBsmtp_address_verify_target (rcpt)\fR"
 /*	In the context of email address verification, the SMTP protocol
 /*	stage that determines whether an email address is deliverable.
+/* .PP
+/*	Available with Postfix 3.1 and later:
+/* .IP "\fBlmtp_fallback_relay (empty)\fR"
+/*	Optional list of relay hosts for LMTP destinations that can't be
+/*	found or that are unreachable.
 /* SEE ALSO
 /*	generic(5), output address rewriting
 /*	header_checks(5), message header content inspection
@@ -726,6 +736,11 @@
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	Command pipelining in cooperation with:
 /*	Jon Ribbens
 /*	Oaktree Internet Solutions Ltd.,
@@ -886,6 +901,7 @@
 char   *var_smtp_tls_eckey_file;
 bool    var_smtp_tls_blk_early_mail_reply;
 bool    var_smtp_tls_force_tlsa;
+char   *var_smtp_tls_insecure_mx_policy;
 
 #endif
 
@@ -938,6 +954,7 @@
   * OpenSSL client state (opaque handle)
   */
 TLS_APPL_STATE *smtp_tls_ctx;
+int     smtp_tls_insecure_mx_policy;
 
 #endif
 
@@ -1057,6 +1074,22 @@
 	var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
     }
 
+#ifdef USE_TLS
+    if (smtp_mode) {
+	smtp_tls_insecure_mx_policy =
+	    tls_level_lookup(var_smtp_tls_insecure_mx_policy);
+	switch (smtp_tls_insecure_mx_policy) {
+	case TLS_LEV_MAY:
+	case TLS_LEV_ENCRYPT:
+	case TLS_LEV_DANE:
+	    break;
+	default:
+	    msg_fatal("invalid %s: \"%s\"", VAR_SMTP_TLS_INSECURE_MX_POLICY,
+		      var_smtp_tls_insecure_mx_policy);
+	}
+    }
+#endif
+
     /*
      * Select hostname lookup mechanisms.
      */
diff -Nru postfix-3.0.4/src/smtp/smtp_connect.c postfix-3.1.0/src/smtp/smtp_connect.c
--- postfix-3.0.4/src/smtp/smtp_connect.c	2015-01-18 00:06:00.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp_connect.c	2015-03-29 19:04:22.000000000 +0000
@@ -473,6 +473,13 @@
     DSN_BUF *why = state->why;
 
     /*
+     * Do not silently ignore an unused setting.
+     */
+    if (*var_fallback_relay)
+	msg_warn("ignoring \"%s = %s\" setting for non-TCP connections",
+		 VAR_LMTP_FALLBACK, var_fallback_relay);
+
+    /*
      * It's too painful to weave this code into the SMTP connection
      * management routine.
      * 
@@ -761,20 +768,15 @@
     }
 
     /*
-     * First try to deliver to the indicated destination, then try to deliver
-     * to the optional fall-back relays.
-     * 
-     * Future proofing: do a null destination sanity check in case we allow the
-     * primary destination to be a list (it could be just separators).
+     * Future proofing: do a null destination sanity check in case we allow
+     * the primary destination to be a list (it could be just separators).
      */
     sites = argv_alloc(1);
     argv_add(sites, nexthop, (char *) 0);
     if (sites->argc == 0)
 	msg_panic("null destination: \"%s\"", nexthop);
     non_fallback_sites = sites->argc;
-    /* When we are lmtp(8) var_fallback_relay is null */
-    if (smtp_mode)
-	argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP);
+    argv_split_append(sites, var_fallback_relay, CHARS_COMMA_SP);
 
     /*
      * Don't give up after a hard host lookup error until we have tried the
@@ -815,9 +817,8 @@
 	    state->misc_flags |= SMTP_MISC_FLAG_FINAL_NEXTHOP;
 
 	/*
-	 * Parse the destination. Default is to use the SMTP port. Look up
-	 * the address instead of the mail exchanger when a quoted host is
-	 * specified, or when DNS lookups are disabled.
+	 * Parse the destination. If no TCP port is specified, use the port
+	 * that is reserved for the protocol (SMTP or LMTP).
 	 */
 	dest_buf = smtp_parse_destination(dest, def_service, &domain, &port);
 	if (var_helpful_warnings && var_smtp_tls_wrappermode == 0
@@ -832,8 +833,9 @@
 	SMTP_ITER_INIT(iter, dest, NO_HOST, NO_ADDR, port, state);
 
 	/*
-	 * Resolve an SMTP server. Skip mail exchanger lookups when a quoted
-	 * host is specified, or when DNS lookups are disabled.
+	 * Resolve an SMTP or LMTP server. In the case of SMTP, skip mail
+	 * exchanger lookups when a quoted host is specified or when DNS
+	 * lookups are disabled.
 	 */
 	if (msg_verbose)
 	    msg_info("connecting to %s port %d", domain, ntohs(port));
@@ -1072,7 +1074,7 @@
 	 * Pay attention to what could be configuration problems, and pretend
 	 * that these are recoverable rather than bouncing the mail.
 	 */
-	else if (!SMTP_HAS_SOFT_DSN(why) && smtp_mode) {
+	else if (!SMTP_HAS_SOFT_DSN(why)) {
 
 	    /*
 	     * The fall-back destination did not resolve as expected, or it
@@ -1087,8 +1089,13 @@
 	    /*
 	     * The next-hop relayhost did not resolve as expected, or it is
 	     * refusing to talk to us, or mail for it loops back to us.
+	     * 
+	     * XXX There is no equivalent safety net for mis-configured
+	     * sender-dependent relay hosts. The trivial-rewrite resolver
+	     * would have to flag the result, and the queue manager would
+	     * have to provide that information to delivery agents.
 	     */
-	    else if (strcmp(sites->argv[0], var_relayhost) == 0) {
+	    else if (smtp_mode && strcmp(sites->argv[0], var_relayhost) == 0) {
 		msg_warn("%s configuration problem", VAR_RELAYHOST);
 		vstring_strcpy(why->status, "4.3.5");
 		/* XXX Keep the diagnostic code and MTA. */
@@ -1098,7 +1105,7 @@
 	     * Mail for the next-hop destination loops back to myself. Pass
 	     * the mail to the best_mx_transport or bounce it.
 	     */
-	    else if (SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
+	    else if (smtp_mode && SMTP_HAS_LOOP_DSN(why) && *var_bestmx_transp) {
 		dsb_reset(why);			/* XXX */
 		state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
 						 var_bestmx_transp,
@@ -1151,9 +1158,6 @@
     }
 
     /*
-     * With SMTP we can have indirection via MX host lookup, as well as an
-     * optional fall-back relayhost that we must avoid when we are MX host.
-     * 
      * XXX We don't add support for "unix:" or "inet:" prefixes in SMTP
      * destinations, because that would break compatibility with existing
      * Postfix configurations that have a host with such a name.
diff -Nru postfix-3.0.4/src/smtp/smtp.h postfix-3.1.0/src/smtp/smtp.h
--- postfix-3.0.4/src/smtp/smtp.h	2014-12-28 15:11:50.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp.h	2016-01-03 14:49:51.000000000 +0000
@@ -290,6 +290,7 @@
 #ifdef USE_TLS
 
 extern TLS_APPL_STATE *smtp_tls_ctx;	/* client-side TLS engine */
+extern int smtp_tls_insecure_mx_policy;	/* DANE post insecure MX? */
 
 #endif
 
@@ -567,16 +568,21 @@
  /*
   * smtp_trouble.c
   */
+#define SMTP_THROTTLE	1
+#define SMTP_NOTHROTTLE	0
 extern int smtp_sess_fail(SMTP_STATE *);
-extern int PRINTFLIKE(4, 5) smtp_site_fail(SMTP_STATE *, const char *,
-				             SMTP_RESP *, const char *,...);
-extern int PRINTFLIKE(4, 5) smtp_mesg_fail(SMTP_STATE *, const char *,
+extern int PRINTFLIKE(5, 6) smtp_misc_fail(SMTP_STATE *, int, const char *,
 				             SMTP_RESP *, const char *,...);
 extern void PRINTFLIKE(5, 6) smtp_rcpt_fail(SMTP_STATE *, RECIPIENT *,
 					          const char *, SMTP_RESP *,
 					            const char *,...);
 extern int smtp_stream_except(SMTP_STATE *, int, const char *);
 
+#define smtp_site_fail(state, mta, resp, ...) \
+	smtp_misc_fail((state), SMTP_THROTTLE, (mta), (resp), __VA_ARGS__)
+#define smtp_mesg_fail(state, mta, resp, ...) \
+	smtp_misc_fail((state), SMTP_NOTHROTTLE, (mta), (resp), __VA_ARGS__)
+
  /*
   * smtp_unalias.c
   */
diff -Nru postfix-3.0.4/src/smtp/smtp-only postfix-3.1.0/src/smtp/smtp-only
--- postfix-3.0.4/src/smtp/smtp-only	2005-12-06 14:42:27.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp-only	2016-01-03 14:46:47.000000000 +0000
@@ -1,4 +1,4 @@
 _ALWAYS_EHLO
 _NEVER_EHLO
-_SMTP_FALLBACK
 _IGN_MX_LOOKUP_ERR
+_INSECURE_MX_POLICY
diff -Nru postfix-3.0.4/src/smtp/smtp_params.c postfix-3.1.0/src/smtp/smtp_params.c
--- postfix-3.0.4/src/smtp/smtp_params.c	2015-01-18 00:17:54.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp_params.c	2016-01-03 14:49:51.000000000 +0000
@@ -29,6 +29,7 @@
 	VAR_SMTP_TLS_ECCERT_FILE, DEF_SMTP_TLS_ECCERT_FILE, &var_smtp_tls_eccert_file, 0, 0,
 	VAR_SMTP_TLS_ECKEY_FILE, DEF_SMTP_TLS_ECKEY_FILE, &var_smtp_tls_eckey_file, 0, 0,
 	VAR_SMTP_TLS_LOGLEVEL, DEF_SMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0,
+	VAR_SMTP_TLS_INSECURE_MX_POLICY, DEF_SMTP_TLS_INSECURE_MX_POLICY, &var_smtp_tls_insecure_mx_policy, 0, 0,
 #endif
 	VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
 	VAR_SMTP_SASL_TYPE, DEF_SMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0,
diff -Nru postfix-3.0.4/src/smtp/smtp_proto.c postfix-3.1.0/src/smtp/smtp_proto.c
--- postfix-3.0.4/src/smtp/smtp_proto.c	2015-11-25 00:35:13.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp_proto.c	2015-11-25 01:17:36.000000000 +0000
@@ -943,15 +943,11 @@
 	 */
 	if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
 	    RETRY_AS_PLAINTEXT;
-	if (state->tls->level == TLS_LEV_MAY) {
-	    return (smtp_mesg_fail(state, DSN_BY_LOCAL_MTA,
-				   SMTP_RESP_FAKE(&fake, "4.7.5"),
-				   "Cannot start TLS: handshake failure"));
-	} else {
-	    return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
-				   SMTP_RESP_FAKE(&fake, "4.7.5"),
-				   "Cannot start TLS: handshake failure"));
-	}
+	return (smtp_misc_fail(state, state->tls->level == TLS_LEV_MAY ?
+			       SMTP_NOTHROTTLE : SMTP_THROTTLE,
+			       DSN_BY_LOCAL_MTA,
+			       SMTP_RESP_FAKE(&fake, "4.7.5"),
+			       "Cannot start TLS: handshake failure"));
     }
 
     /*
diff -Nru postfix-3.0.4/src/smtp/smtp_tls_policy.c postfix-3.1.0/src/smtp/smtp_tls_policy.c
--- postfix-3.0.4/src/smtp/smtp_tls_policy.c	2015-01-27 19:27:44.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp_tls_policy.c	2016-01-04 12:26:16.000000000 +0000
@@ -436,6 +436,7 @@
 	also_exclude = "eNULL";
 	break;
 
+    case TLS_LEV_HALF_DANE:
     case TLS_LEV_DANE:
     case TLS_LEV_DANE_ONLY:
     case TLS_LEV_FPRINT:
@@ -563,6 +564,7 @@
     case TLS_LEV_NONE:
     case TLS_LEV_MAY:
     case TLS_LEV_ENCRYPT:
+    case TLS_LEV_HALF_DANE:
     case TLS_LEV_DANE:
     case TLS_LEV_DANE_ONLY:
 	break;
@@ -714,7 +716,7 @@
 
 #define NONDANE_CONFIG	0		/* Administrator's fault */
 #define NONDANE_DEST	1		/* Remote server's fault */
-#define DANE_UNUSABLE	2		/* Remote server's fault */
+#define DANE_CANTAUTH	2		/* Remote server's fault */
 
 static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls,
 					           SMTP_ITERATOR *iter,
@@ -725,7 +727,7 @@
 
     va_start(ap, fmt);
     if (tls->level == TLS_LEV_DANE) {
-	tls->level = (errtype == DANE_UNUSABLE) ? TLS_LEV_ENCRYPT : TLS_LEV_MAY;
+	tls->level = (errtype == DANE_CANTAUTH) ? TLS_LEV_ENCRYPT : TLS_LEV_MAY;
 	if (errtype == NONDANE_CONFIG)
 	    vmsg_warn(fmt, ap);
 	else if (msg_verbose)
@@ -792,8 +794,15 @@
 		      STR(iter->dest), policy_name(tls->level));
 	return;
     }
-    /* When the MX name is present and insecure, DANE does not apply. */
-    if (iter->mx && !iter->mx->dnssec_valid) {
+
+    /*
+     * When the MX name is present and insecure, DANE may not apply, we then
+     * either fail if DANE is mandatory or use regular opportunistic TLS if
+     * the insecure MX level is "may".
+     */
+    if (iter->mx && !iter->mx->dnssec_valid
+	&& (tls->level == TLS_LEV_DANE_ONLY ||
+	    smtp_tls_insecure_mx_policy <= TLS_LEV_MAY)) {
 	dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination");
 	return;
     }
@@ -825,12 +834,30 @@
      * given verifier some of the CAs are surely not trustworthy).
      */
     if (tls_dane_unusable(dane)) {
-	dane_incompat(tls, iter, DANE_UNUSABLE, "TLSA records unusable");
+	dane_incompat(tls, iter, DANE_CANTAUTH, "TLSA records unusable");
 	tls_dane_free(dane);
 	return;
     }
 
     /*
+     * Perhaps downgrade to "encrypt" if MX is insecure.
+     */
+    if (iter->mx && !iter->mx->dnssec_valid) {
+	if (smtp_tls_insecure_mx_policy == TLS_LEV_ENCRYPT) {
+	    dane_incompat(tls, iter, DANE_CANTAUTH,
+			  "Verification not possible, MX RRset is insecure");
+	    tls_dane_free(dane);
+	    return;
+	}
+	if (tls->level != TLS_LEV_DANE
+	    || smtp_tls_insecure_mx_policy != TLS_LEV_DANE)
+	    msg_panic("wrong state for insecure MX host DANE policy");
+
+	/* For correct logging in tls_client_start() */
+	tls->level = TLS_LEV_HALF_DANE;
+    }
+
+    /*
      * With DANE trust anchors, peername matching is not configurable.
      */
     if (TLS_DANE_HASTA(dane)) {
diff -Nru postfix-3.0.4/src/smtp/smtp_trouble.c postfix-3.1.0/src/smtp/smtp_trouble.c
--- postfix-3.0.4/src/smtp/smtp_trouble.c	2014-05-08 18:57:39.000000000 +0000
+++ postfix-3.1.0/src/smtp/smtp_trouble.c	2015-11-25 01:18:17.000000000 +0000
@@ -32,6 +32,13 @@
 /*	SMTP_STATE *state;
 /*	int	exception;
 /*	const char *description;
+/* AUXILIARY FUNCTIONS
+/*	int	smtp_misc_fail(state, throttle, mta_name, resp, format, ...)
+/*	SMTP_STATE *state;
+/*	int	throttle;
+/*	const char *mta_name;
+/*	SMTP_RESP *resp;
+/*	const char *format;
 /* DESCRIPTION
 /*	This module handles all non-fatal errors that can happen while
 /*	attempting to deliver mail via SMTP, and implements the policy
@@ -82,6 +89,13 @@
 /*	remaining recipients.
 /*	The result is non-zero.
 /*
+/*	smtp_misc_fail() provides a more detailed interface than
+/*	smtp_site_fail() and smtp_mesg_fail(), which are convenience
+/*	wrappers around smtp_misc_fail(). The throttle argument
+/*	is either SMTP_THROTTLE or SMTP_NOTHROTTLE; it is used only
+/*	in the "soft error, final server" policy, and determines
+/*	whether a destination will be marked as problematic.
+/*
 /*	smtp_rcpt_fail() handles the case where a recipient is not
 /*	accepted by the server for reasons other than that the server
 /*	recipient limit is reached.
@@ -162,9 +176,6 @@
 #include "smtp.h"
 #include "smtp_sasl.h"
 
-#define SMTP_THROTTLE	1
-#define SMTP_NOTHROTTLE	0
-
 /* smtp_check_code - check response code */
 
 static void smtp_check_code(SMTP_SESSION *session, int code)
@@ -310,10 +321,10 @@
 	       reply ? DSB_DTYPE_SMTP : DSB_DTYPE_NONE, reply);
 }
 
-/* smtp_site_fail - throttle this queue; skip, defer or bounce all recipients */
+/* smtp_misc_fail - maybe throttle queue; skip/defer/bounce all recipients */
 
-int     smtp_site_fail(SMTP_STATE *state, const char *mta_name, SMTP_RESP *resp,
-		               const char *format,...)
+int     smtp_misc_fail(SMTP_STATE *state, int throttle, const char *mta_name, 
+				SMTP_RESP *resp, const char *format,...)
 {
     va_list ap;
 
@@ -330,30 +341,7 @@
     /*
      * Skip, defer or bounce recipients, and throttle this queue.
      */
-    return (smtp_bulk_fail(state, SMTP_THROTTLE));
-}
-
-/* smtp_mesg_fail - skip, defer or bounce all recipients; no queue throttle */
-
-int     smtp_mesg_fail(SMTP_STATE *state, const char *mta_name, SMTP_RESP *resp,
-		               const char *format,...)
-{
-    va_list ap;
-
-    /*
-     * Initialize.
-     */
-    va_start(ap, format);
-    vsmtp_fill_dsn(state, mta_name, resp->dsn, resp->str, format, ap);
-    va_end(ap);
-
-    if (state->session && mta_name)
-	smtp_check_code(state->session, resp->code);
-
-    /*
-     * Skip, defer or bounce recipients, but don't throttle this queue.
-     */
-    return (smtp_bulk_fail(state, SMTP_NOTHROTTLE));
+    return (smtp_bulk_fail(state, throttle));
 }
 
 /* smtp_rcpt_fail - skip, defer, or bounce recipient */
diff -Nru postfix-3.0.4/src/smtpd/.indent.pro postfix-3.1.0/src/smtpd/.indent.pro
--- postfix-3.0.4/src/smtpd/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/smtpd/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/smtpd/Makefile.in postfix-3.1.0/src/smtpd/Makefile.in
--- postfix-3.0.4/src/smtpd/Makefile.in	2015-01-28 00:13:12.000000000 +0000
+++ postfix-3.1.0/src/smtpd/Makefile.in	2015-07-12 17:20:44.000000000 +0000
@@ -16,10 +16,8 @@
 TESTPROG= smtpd_token smtpd_check
 PROG	= smtpd
 INC_DIR	= ../../include
-# Fake libdns dependency, for early-binding shared-library builds.
 LIBS	= ../../lib/lib$(LIB_PREFIX)master$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)tls$(LIB_SUFFIX) \
-	../../lib/lib$(LIB_PREFIX)dns$(LIB_SUFFIX) \
 	../../lib/libxsasl.a \
 	../../lib/libmilter.a \
 	../../lib/lib$(LIB_PREFIX)dns$(LIB_SUFFIX) \
diff -Nru postfix-3.0.4/src/smtpd/smtpd.c postfix-3.1.0/src/smtpd/smtpd.c
--- postfix-3.0.4/src/smtpd/smtpd.c	2015-07-19 22:34:26.000000000 +0000
+++ postfix-3.1.0/src/smtpd/smtpd.c	2016-01-24 00:55:14.000000000 +0000
@@ -55,6 +55,7 @@
 /*	RFC 5321 (SMTP protocol)
 /*	RFC 6531 (Internationalized SMTP)
 /*	RFC 6533 (Internationalized Delivery Status Notifications)
+/*	RFC 7505 ("Null MX" No Service Resource Record)
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
 /*
@@ -79,7 +80,7 @@
 /* .ad
 /* .fi
 /* .IP "\fBbroken_sasl_auth_clients (no)\fR"
-/*	Enable inter-operability with remote SMTP clients that implement an obsolete
+/*	Enable interoperability with remote SMTP clients that implement an obsolete
 /*	version of the AUTH command (RFC 4954).
 /* .IP "\fBdisable_vrfy_command (no)\fR"
 /*	Disable the SMTP VRFY command.
@@ -251,6 +252,12 @@
 /* .IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR"
 /*	The macros that are sent to Milter (mail filter) applications
 /*	after the message end-of-data.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBmilter_macro_defaults (empty)\fR"
+/*	Optional list of \fIname=value\fR pairs that specify default
+/*	values for arbitrary macros that Postfix may send to Milter
+/*	applications.
 /* GENERAL CONTENT INSPECTION CONTROLS
 /* .ad
 /* .fi
@@ -278,7 +285,7 @@
 /*	Postfix SMTP client to a remote SMTP server.
 /*	See the SASL_README document for details.
 /* .IP "\fBbroken_sasl_auth_clients (no)\fR"
-/*	Enable inter-operability with remote SMTP clients that implement an obsolete
+/*	Enable interoperability with remote SMTP clients that implement an obsolete
 /*	version of the AUTH command (RFC 4954).
 /* .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
 /*	Enable SASL authentication in the Postfix SMTP server.
@@ -291,7 +298,7 @@
 /*	features depends on the SASL server implementation that is selected
 /*	with \fBsmtpd_sasl_type\fR.
 /* .IP "\fBsmtpd_sender_login_maps (empty)\fR"
-/*	Optional lookup table with the SASL login names that own sender
+/*	Optional lookup table with the SASL login names that own the sender
 /*	(MAIL FROM) addresses.
 /* .PP
 /*	Available in Postfix version 2.1 and later:
@@ -404,14 +411,14 @@
 /*	The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
 /*	process requests from the \fBtlsmgr\fR(8) server in order to seed its
 /*	internal pseudo random number generator (PRNG).
-/* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "HIGH" grade ciphers.
-/* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
-/* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "LOW" or higher grade ciphers.
-/* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR"
-/*	The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
+/* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "high" grade ciphers.
+/* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "medium" or higher grade ciphers.
+/* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "low" or higher grade ciphers.
+/* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+/*	The OpenSSL cipherlist for "export" or higher grade ciphers.
 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
 /*	The OpenSSL cipherlist for "NULL" grade ciphers that provide
 /*	authentication without encryption.
@@ -693,6 +700,12 @@
 /*	time limit per read or write system call, to a time limit to send
 /*	or receive a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBsmtpd_client_auth_rate_limit (0)\fR"
+/*	The maximal number of AUTH commands that any client is allowed to
+/*	send to this service per time unit, regardless of whether or not
+/*	Postfix actually accepts those commands.
 /* TARPIT CONTROLS
 /* .ad
 /* .fi
@@ -751,6 +764,13 @@
 /* .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
 /*	The delay between attempts to resend a failed SMTPD policy
 /*	service request.
+/* .PP
+/*	Available in Postfix version 3.1 and later:
+/* .IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
+/*	Optional information that the Postfix SMTP server specifies in
+/*	the "policy_context" attribute of a policy service request (originally,
+/*	to share the same service endpoint among multiple check_policy_service
+/*	clients).
 /* ACCESS CONTROLS
 /* .ad
 /* .fi
@@ -1053,6 +1073,11 @@
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	SASL support originally by:
 /*	Till Franke
 /*	SuSE Rhein/Main AG
@@ -1266,6 +1291,7 @@
 int     var_smtpd_policy_try_limit;
 int     var_smtpd_policy_try_delay;
 char   *var_smtpd_policy_def_action;
+char   *var_smtpd_policy_context;
 int     var_smtpd_policy_idle;
 int     var_smtpd_policy_ttl;
 char   *var_xclient_hosts;
@@ -1278,6 +1304,7 @@
 int     var_smtpd_cmail_limit;
 int     var_smtpd_crcpt_limit;
 int     var_smtpd_cntls_limit;
+int     var_smtpd_cauth_limit;
 char   *var_smtpd_hoggers;
 char   *var_local_rwr_clients;
 char   *var_smtpd_ehlo_dis_words;
@@ -1343,6 +1370,7 @@
 char   *var_milt_eoh_macros;
 char   *var_milt_eod_macros;
 char   *var_milt_unk_macros;
+char   *var_milt_macro_deflts;
 bool    var_smtpd_client_port_log;
 char   *var_stress;
 
@@ -1882,6 +1910,36 @@
     }
 }
 
+#ifdef USE_SASL_AUTH
+
+/* smtpd_sasl_auth_cmd_wrapper - smtpd_sasl_auth_cmd front-end */
+
+static int smtpd_sasl_auth_cmd_wrapper(SMTPD_STATE *state, int argc,
+				               SMTPD_TOKEN *argv)
+{
+    int     rate;
+
+    if (SMTPD_STAND_ALONE(state) == 0
+	&& !xclient_allowed
+	&& anvil_clnt
+	&& var_smtpd_cauth_limit > 0
+	&& !namadr_list_match(hogger_list, state->name, state->addr)
+	&& anvil_clnt_auth(anvil_clnt, state->service, state->addr,
+			   &rate) == ANVIL_STAT_OK
+	&& rate > var_smtpd_cauth_limit) {
+	state->error_mask |= MAIL_ERROR_POLICY;
+	msg_warn("AUTH command rate limit exceeded: %d from %s for service %s",
+		 rate, state->namaddr, state->service);
+	smtpd_chat_reply(state,
+			 "450 4.7.1 Error: too many AUTH commands from %s",
+			 state->addr);
+	return (-1);
+    }
+    return (smtpd_sasl_auth_cmd(state, argc, argv));
+}
+
+#endif
+
 /* mail_open_stream - open mail queue file or IPC stream */
 
 static int mail_open_stream(SMTPD_STATE *state)
@@ -4341,7 +4399,7 @@
      * VSTREAMS, so that we don't lose all the user-configurable
      * state->client attributes (such as longjump buffers or timeouts).
      * 
-     * As we implement tlsproy support in the Postfix SMTP client we should
+     * As we implement tlsproxy support in the Postfix SMTP client we should
      * develop a usable abstraction that encapsulates this stream plumbing in
      * a library module.
      */
@@ -4698,7 +4756,7 @@
     {SMTPD_CMD_STARTTLS, unimpl_cmd, SMTPD_CMD_FLAG_PRE_TLS,},
 #endif
 #ifdef USE_SASL_AUTH
-    {SMTPD_CMD_AUTH, smtpd_sasl_auth_cmd,},
+    {SMTPD_CMD_AUTH, smtpd_sasl_auth_cmd_wrapper,},
 #else
     {SMTPD_CMD_AUTH, unimpl_cmd,},
 #endif
@@ -5538,7 +5596,8 @@
 					  var_milt_data_macros,
 					  var_milt_eoh_macros,
 					  var_milt_eod_macros,
-					  var_milt_unk_macros);
+					  var_milt_unk_macros,
+					  var_milt_macro_deflts);
 	else
 	    smtpd_input_transp_mask |= INPUT_TRANSP_MILTER;
     }
@@ -5561,7 +5620,7 @@
      */
     if (var_smtpd_crate_limit || var_smtpd_cconn_limit
 	|| var_smtpd_cmail_limit || var_smtpd_crcpt_limit
-	|| var_smtpd_cntls_limit)
+	|| var_smtpd_cntls_limit || var_smtpd_cauth_limit)
 	anvil_clnt = anvil_clnt_create();
 }
 
@@ -5609,6 +5668,7 @@
 	VAR_SMTPD_CMAIL_LIMIT, DEF_SMTPD_CMAIL_LIMIT, &var_smtpd_cmail_limit, 0, 0,
 	VAR_SMTPD_CRCPT_LIMIT, DEF_SMTPD_CRCPT_LIMIT, &var_smtpd_crcpt_limit, 0, 0,
 	VAR_SMTPD_CNTLS_LIMIT, DEF_SMTPD_CNTLS_LIMIT, &var_smtpd_cntls_limit, 0, 0,
+	VAR_SMTPD_CAUTH_LIMIT, DEF_SMTPD_CAUTH_LIMIT, &var_smtpd_cauth_limit, 0, 0,
 #ifdef USE_TLS
 	VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0,
 #endif
@@ -5750,6 +5810,7 @@
 	VAR_MILT_DEF_ACTION, DEF_MILT_DEF_ACTION, &var_milt_def_action, 1, 0,
 	VAR_MILT_DAEMON_NAME, DEF_MILT_DAEMON_NAME, &var_milt_daemon_name, 1, 0,
 	VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
+	VAR_MILT_MACRO_DEFLTS, DEF_MILT_MACRO_DEFLTS, &var_milt_macro_deflts, 0, 0,
 	VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
 	VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
 	VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
@@ -5765,6 +5826,7 @@
 	VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, 0,
 	VAR_SMTPD_UPROXY_PROTO, DEF_SMTPD_UPROXY_PROTO, &var_smtpd_uproxy_proto, 0, 0,
 	VAR_SMTPD_POLICY_DEF_ACTION, DEF_SMTPD_POLICY_DEF_ACTION, &var_smtpd_policy_def_action, 1, 0,
+	VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0,
 	VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
 	0,
     };
diff -Nru postfix-3.0.4/src/smtpd/smtpd_check.c postfix-3.1.0/src/smtpd/smtpd_check.c
--- postfix-3.0.4/src/smtpd/smtpd_check.c	2015-02-08 17:02:51.000000000 +0000
+++ postfix-3.1.0/src/smtpd/smtpd_check.c	2016-02-15 17:06:11.000000000 +0000
@@ -462,6 +462,7 @@
 typedef struct {
     ATTR_CLNT *client;			/* client handle */
     char   *def_action;			/* default action */
+    char   *policy_context;		/* context of policy request */
 } SMTPD_POLICY_CLNT;
 
  /*
@@ -483,6 +484,7 @@
 };
 static ATTR_OVER_STR str_table[] = {
     21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
+    21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
     0,
 };
 
@@ -498,6 +500,7 @@
 #define smtpd_policy_try_limit_offset	1
 
 #define smtpd_policy_def_action_offset	0
+#define smtpd_policy_context_offset	1
 
 /* policy_client_register - register policy service endpoint */
 
@@ -527,6 +530,7 @@
 	int     smtpd_policy_req_limit = var_smtpd_policy_req_limit;
 	int     smtpd_policy_try_limit = var_smtpd_policy_try_limit;
 	const char *smtpd_policy_def_action = var_smtpd_policy_def_action;
+	const char *smtpd_policy_context = var_smtpd_policy_context;
 
 	link_override_table_to_variable(time_table, smtpd_policy_tmout);
 	link_override_table_to_variable(time_table, smtpd_policy_idle);
@@ -535,6 +539,7 @@
 	link_override_table_to_variable(int_table, smtpd_policy_req_limit);
 	link_override_table_to_variable(int_table, smtpd_policy_try_limit);
 	link_override_table_to_variable(str_table, smtpd_policy_def_action);
+	link_override_table_to_variable(str_table, smtpd_policy_context);
 
 	if (*name == parens[0]) {
 	    cp = saved_name = mystrdup(name);
@@ -553,11 +558,12 @@
 	if (msg_verbose)
 	    msg_info("%s: name=\"%s\" default_action=\"%s\" max_idle=%d "
 		     "max_ttl=%d request_limit=%d retry_delay=%d "
-		     "timeout=%d try_limit=%d",
+		     "timeout=%d try_limit=%d policy_context=\"%s\"",
 		     myname, policy_name, smtpd_policy_def_action,
 		     smtpd_policy_idle, smtpd_policy_ttl,
 		     smtpd_policy_req_limit, smtpd_policy_try_delay,
-		     smtpd_policy_tmout, smtpd_policy_try_limit);
+		     smtpd_policy_tmout, smtpd_policy_try_limit,
+		     smtpd_policy_context);
 
 	/*
 	 * Create the client.
@@ -574,6 +580,7 @@
 			  ATTR_CLNT_CTL_TRY_DELAY, smtpd_policy_try_delay,
 			  ATTR_CLNT_CTL_END);
 	policy_client->def_action = mystrdup(smtpd_policy_def_action);
+	policy_client->policy_context = mystrdup(smtpd_policy_context);
 	htable_enter(policy_clnt_table, name, (void *) policy_client);
 	if (saved_name)
 	    myfree(saved_name);
@@ -927,6 +934,7 @@
 					             const char *reply_name,
 					             const char *format,...)
 {
+    const char myname[] = "smtpd_acl_permit";
     va_list ap;
     const char *whatsup;
 
@@ -939,6 +947,9 @@
     /*
      * First, find out if (and how) this permit action should be logged.
      */
+    if (msg_verbose)
+	msg_info("%s: checking %s settings", myname, VAR_SMTPD_ACL_PERM_LOG);
+
     if (state->defer_if_permit.active) {
 	/* This action is overruled. Do not log. */
 	whatsup = 0;
@@ -959,6 +970,9 @@
 	    va_end(ap);
 	}
 	log_whatsup(state, whatsup, STR(error_text));
+    } else {
+	if (msg_verbose)
+	    msg_info("%s: %s: no match", myname, VAR_SMTPD_ACL_PERM_LOG);
     }
     return (SMTPD_CHECK_OK);
 }
@@ -2944,6 +2958,9 @@
      * 
      * If the domain name exists but no NS record exists, look up parent domain
      * NS records.
+     * 
+     * XXX 20150707 Work around broken DNS servers that reply with NXDOMAIN
+     * instead of "no data".
      */
     if (type == T_A
 #ifdef HAS_IPV6
@@ -2962,12 +2979,12 @@
 		server_list = dns_rr_create(domain, domain, type, C_IN, 0, 0,
 					    domain, strlen(domain) + 1);
 		dns_status = DNS_OK;
-	    } else if (type == T_NS && h_errno == NO_DATA) {
+	    } else if (type == T_NS /* && h_errno == NO_DATA */ ) {
 		while ((domain = strchr(domain, '.')) != 0 && domain[1]) {
 		    domain += 1;
 		    dns_status = dns_lookup(domain, type, 0, &server_list,
 					    (VSTRING *) 0, (VSTRING *) 0);
-		    if (dns_status != DNS_NOTFOUND || h_errno != NO_DATA)
+		    if (dns_status != DNS_NOTFOUND /* || h_errno != NO_DATA */)
 			break;
 		}
 	    }
@@ -3947,6 +3964,8 @@
 			  SEND_ATTR_INT(MAIL_ATTR_CRYPTO_KEYSIZE,
 		       IF_ENCRYPTED(state->tls_context->cipher_usebits, 0)),
 #endif
+			  SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT,
+					policy_clnt->policy_context),
 			  ATTR_TYPE_END,
 			  ATTR_FLAG_MISSING,	/* Reply attributes. */
 			  RECV_ATTR_STR(MAIL_ATTR_ACTION, action),
@@ -5444,6 +5463,7 @@
 char   *var_mynetworks = "";
 char   *var_notify_classes = "";
 char   *var_smtpd_policy_def_action = "";
+char   *var_smtpd_policy_context = "";
 
  /*
   * String-valued configuration parameters.
diff -Nru postfix-3.0.4/src/smtpd/smtpd_dns_filter.ref postfix-3.1.0/src/smtpd/smtpd_dns_filter.ref
--- postfix-3.0.4/src/smtpd/smtpd_dns_filter.ref	2014-12-23 15:23:49.000000000 +0000
+++ postfix-3.1.0/src/smtpd/smtpd_dns_filter.ref	2015-07-10 21:06:25.000000000 +0000
@@ -148,7 +148,7 @@
 OK
 >>> # EXPECT reject + A record, "all TXT results dropped" warning.
 >>> client localhost 127.0.0.2
-./smtpd_check: ignoring DNS RR: 2.0.0.127.dnsbltest.porcupine.org. TTL IN TXT DNS blocklist test.
+./smtpd_check: ignoring DNS RR: 2.0.0.127.dnsbltest.porcupine.org. TTL IN TXT DNS blocklist test
 ./smtpd_check: warning: 2.0.0.127.dnsbltest.porcupine.org: TXT lookup error: DNS reply filter drops all results
 ./smtpd_check: : reject: CONNECT from localhost[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from= proto=SMTP helo=
 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org
diff -Nru postfix-3.0.4/src/smtpd/smtpd_milter.c postfix-3.1.0/src/smtpd/smtpd_milter.c
--- postfix-3.0.4/src/smtpd/smtpd_milter.c	2015-01-27 19:33:29.000000000 +0000
+++ postfix-3.1.0/src/smtpd/smtpd_milter.c	2016-01-24 00:43:31.000000000 +0000
@@ -25,6 +25,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -72,14 +77,6 @@
 	state->expand_buf = vstring_alloc(10);
 
     /*
-     * Canonicalize the name.
-     */
-    if (*name != '{') {				/* } */
-	vstring_sprintf(state->expand_buf, "{%s}", name);
-	name = STR(state->expand_buf);
-    }
-
-    /*
      * System macros.
      */
     if (strcmp(name, S8_MAC_DAEMON_NAME) == 0)
@@ -143,7 +140,7 @@
     /*
      * MAIL FROM macros.
      */
-#define IF_SASL_ENABLED(s) (smtpd_sasl_is_active(state) && (s) ? (s) : 0)
+#define IF_SASL_ENABLED(s) ((s) ? (s) : 0)
 
     if (strcmp(name, S8_MAC_I) == 0)
 	return (state->queue_id);
diff -Nru postfix-3.0.4/src/smtpd/smtpd_sasl_glue.c postfix-3.1.0/src/smtpd/smtpd_sasl_glue.c
--- postfix-3.0.4/src/smtpd/smtpd_sasl_glue.c	2013-12-24 20:55:03.000000000 +0000
+++ postfix-3.1.0/src/smtpd/smtpd_sasl_glue.c	2016-01-24 00:49:20.000000000 +0000
@@ -115,6 +115,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -316,8 +321,12 @@
 		 state->namaddr, sasl_method,
 		 STR(state->sasl_reply));
 	/* RFC 4954 Section 6. */
-	smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
-			 STR(state->sasl_reply));
+	if (status == XSASL_AUTH_TEMP)
+	    smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s",
+			     STR(state->sasl_reply));
+	else
+	    smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
+			     STR(state->sasl_reply));
 	return (-1);
     }
     /* RFC 4954 Section 6. */
diff -Nru postfix-3.0.4/src/smtpd/smtpd_server.ref postfix-3.1.0/src/smtpd/smtpd_server.ref
--- postfix-3.0.4/src/smtpd/smtpd_server.ref	2014-11-30 17:40:17.000000000 +0000
+++ postfix-3.1.0/src/smtpd/smtpd_server.ref	2015-07-10 21:13:22.000000000 +0000
@@ -51,7 +51,7 @@
 ./smtpd_check: : reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 : Helo command rejected: Access denied; from= proto=SMTP helo=
 554 5.7.1 : Helo command rejected: Access denied
 >>> helo example.tld
-./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
+./smtpd_check: warning: Unable to look up NS host for tld: Host not found
 OK
 >>> helo foo@postfix.org
 OK
@@ -61,7 +61,7 @@
 ./smtpd_check: : reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 : Sender address rejected: Access denied; from= proto=SMTP helo=
 554 5.7.1 : Sender address rejected: Access denied
 >>> mail example.tld
-./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
+./smtpd_check: warning: Unable to look up NS host for tld: Host not found
 OK
 >>> mail foo@postfix.org
 OK
@@ -71,7 +71,7 @@
 ./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 : Recipient address rejected: Access denied; from= to= proto=SMTP helo=
 554 5.7.1 : Recipient address rejected: Access denied
 >>> rcpt foo@example.tld
-./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
+./smtpd_check: warning: Unable to look up NS host for tld: Host not found
 OK
 >>> rcpt foo@postfix.org
 OK
diff -Nru postfix-3.0.4/src/smtpstone/.indent.pro postfix-3.1.0/src/smtpstone/.indent.pro
--- postfix-3.0.4/src/smtpstone/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/smtpstone/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/smtpstone/qmqp-sink.c postfix-3.1.0/src/smtpstone/qmqp-sink.c
--- postfix-3.0.4/src/smtpstone/qmqp-sink.c	2014-12-26 15:35:06.000000000 +0000
+++ postfix-3.1.0/src/smtpstone/qmqp-sink.c	2016-02-14 14:26:22.000000000 +0000
@@ -36,7 +36,7 @@
 /* .IP \fB-v\fR
 /*	Increase verbosity. Specify \fB-v -v\fR to see some of the QMQP
 /*	conversation.
-/* .IP "\fB-x \fItime\fR
+/* .IP "\fB-x \fItime\fR"
 /*	Terminate after \fItime\fR seconds. This is to facilitate memory
 /*	leak testing.
 /* SEE ALSO
@@ -50,6 +50,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -135,7 +140,7 @@
 	    send_reply(state);
 	    return;
 	}
-	vstream_fseek(state->stream, 0L, 0);
+	vstream_fpurge(state->stream, VSTREAM_PURGE_BOTH);
     }
 
     /*
diff -Nru postfix-3.0.4/src/smtpstone/qmqp-source.c postfix-3.1.0/src/smtpstone/qmqp-source.c
--- postfix-3.0.4/src/smtpstone/qmqp-source.c	2014-12-26 15:35:11.000000000 +0000
+++ postfix-3.1.0/src/smtpstone/qmqp-source.c	2016-02-14 01:07:11.000000000 +0000
@@ -71,6 +71,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/smtpstone/smtp-sink.c postfix-3.1.0/src/smtpstone/smtp-sink.c
--- postfix-3.0.4/src/smtpstone/smtp-sink.c	2015-01-28 19:29:49.000000000 +0000
+++ postfix-3.1.0/src/smtpstone/smtp-sink.c	2016-02-14 01:07:52.000000000 +0000
@@ -233,7 +233,7 @@
 /*	software. This three-line header marks the end of the headers
 /*	provided by \fBsmtp-sink\fR, and is formatted as follows:
 /* .RS
-/* .IP "\fBfrom \fIhelo\fB ([\fIaddr\fB])\fR"
+/* .IP "\fBfrom \fIhelo\fR ([\fIaddr\fR])"
 /*	The HELO or EHLO command argument and client IP address.
 /*	If the client did not send HELO or EHLO, the client IP
 /*	address is used instead.
@@ -255,6 +255,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/smtpstone/smtp-source.c postfix-3.1.0/src/smtpstone/smtp-source.c
--- postfix-3.0.4/src/smtpstone/smtp-source.c	2014-12-26 15:35:18.000000000 +0000
+++ postfix-3.1.0/src/smtpstone/smtp-source.c	2016-02-14 01:07:22.000000000 +0000
@@ -106,6 +106,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/spawn/.indent.pro postfix-3.1.0/src/spawn/.indent.pro
--- postfix-3.0.4/src/spawn/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/spawn/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/spawn/spawn.c postfix-3.1.0/src/spawn/spawn.c
--- postfix-3.0.4/src/spawn/spawn.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/spawn/spawn.c	2016-02-14 01:31:21.000000000 +0000
@@ -121,6 +121,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/tls/.indent.pro postfix-3.1.0/src/tls/.indent.pro
--- postfix-3.0.4/src/tls/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/tls/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/tls/tls_client.c postfix-3.1.0/src/tls/tls_client.c
--- postfix-3.0.4/src/tls/tls_client.c	2015-01-22 14:47:02.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_client.c	2016-01-31 21:05:46.000000000 +0000
@@ -83,8 +83,8 @@
 /* .IP TLScontext->peer_status
 /*	A bitmask field that records the status of the peer certificate
 /*	verification. This consists of one or more of
-/*	TLS_CERT_FLAG_PRESENT, TLS_CERT_FLAG_ALTNAME, TLS_CERT_FLAG_TRUSTED
-/*	and TLS_CERT_FLAG_MATCHED.
+/*	TLS_CERT_FLAG_PRESENT, TLS_CERT_FLAG_ALTNAME, TLS_CERT_FLAG_TRUSTED,
+/*	TLS_CERT_FLAG_MATCHED and TLS_CERT_FLAG_SECURED.
 /* .IP TLScontext->peer_CN
 /*	Extracted CommonName of the peer, or zero-length string if the
 /*	information could not be extracted.
@@ -347,14 +347,28 @@
      * we want to be as compatible as possible, so we will start off with a
      * SSLv2 greeting allowing the best we can offer: TLSv1. We can restrict
      * this with the options setting later, anyhow.
+     * 
+     * OpenSSL 1.1.0-dev deprecates SSLv23_client_method() in favour of
+     * TLS_client_method(), with the change in question signalled via a new
+     * TLS_ANY_VERSION macro.
      */
     ERR_clear_error();
-    if ((client_ctx = SSL_CTX_new(SSLv23_client_method())) == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
+    client_ctx = SSL_CTX_new(TLS_client_method());
+#else
+    client_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif
+    if (client_ctx == 0) {
 	msg_warn("cannot allocate client SSL_CTX: disabling TLS support");
 	tls_print_errors();
 	return (0);
     }
 
+#ifdef SSL_SECOP_PEER
+    /* Backwards compatible security as a base for opportunistic TLS. */
+    SSL_CTX_set_security_level(client_ctx, 0);
+#endif
+
     /*
      * See the verify callback in tls_verify.c
      */
@@ -423,11 +437,17 @@
     }
 
     /*
+     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+     */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+    /*
      * According to the OpenSSL documentation, temporary RSA key is needed
      * export ciphers are in use. We have to provide one, so well, we just do
      * it.
      */
     SSL_CTX_set_tmp_rsa_callback(client_ctx, tls_tmp_rsa_cb);
+#endif
 
     /*
      * Finally, the setup for the server certificate checking, done "by the
@@ -931,6 +951,12 @@
     if (protomask != 0)
 	SSL_set_options(TLScontext->con, TLS_SSL_OP_PROTOMASK(protomask));
 
+#ifdef SSL_SECOP_PEER
+    /* When authenticating the peer, use 80-bit plus OpenSSL security level */
+    if (TLS_MUST_MATCH(props->tls_level))
+	SSL_set_security_level(TLScontext->con, 1);
+#endif
+
     /*
      * XXX To avoid memory leaks we must always call SSL_SESSION_free() after
      * calling SSL_set_session(), regardless of whether or not the session
@@ -1101,13 +1127,25 @@
     tls_stream_start(props->stream, TLScontext);
 
     /*
+     * Fully secured only if trusted, matched and not insecure like halfdane.
+     * Should perhaps also exclude "verify" (as opposed to "secure") here,
+     * because that can be subject to insecure MX indirection, but that's
+     * rather incompatible.  Users have been warned.
+     */
+    if (TLS_CERT_IS_PRESENT(TLScontext)
+	&& TLS_CERT_IS_TRUSTED(TLScontext)
+	&& TLS_CERT_IS_MATCHED(TLScontext)
+	&& !TLS_NEVER_SECURED(props->tls_level))
+	TLScontext->peer_status |= TLS_CERT_FLAG_SECURED;
+
+    /*
      * All the key facts in a single log entry.
      */
     if (log_mask & TLS_LOG_SUMMARY)
 	msg_info("%s TLS connection established to %s: %s with cipher %s "
 		 "(%d/%d bits)",
 		 !TLS_CERT_IS_PRESENT(TLScontext) ? "Anonymous" :
-		 TLS_CERT_IS_MATCHED(TLScontext) ? "Verified" :
+		 TLS_CERT_IS_SECURED(TLScontext) ? "Verified" :
 		 TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
 	      props->namaddr, TLScontext->protocol, TLScontext->cipher_name,
 		 TLScontext->cipher_usebits, TLScontext->cipher_algbits);
diff -Nru postfix-3.0.4/src/tls/tls_dane.c postfix-3.1.0/src/tls/tls_dane.c
--- postfix-3.0.4/src/tls/tls_dane.c	2015-04-01 12:46:02.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_dane.c	2015-11-01 00:24:04.000000000 +0000
@@ -551,7 +551,7 @@
 {
     TLS_CERTS *new = (TLS_CERTS *) mymalloc(sizeof(*new));
 
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     new->cert = x;
     new->next = d->certs;
     d->certs = new;
@@ -1406,12 +1406,8 @@
 
 static int push_ext(X509 *cert, X509_EXTENSION *ext)
 {
-    x509_extension_stack_t *exts;
-
     if (ext) {
-	if ((exts = cert->cert_info->extensions) == 0)
-	    exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
-	if (exts && sk_X509_EXTENSION_push(exts, ext))
+	if (X509_add_ext(cert, ext, -1))
 	    return 1;
 	X509_EXTENSION_free(ext);
     }
@@ -1542,7 +1538,7 @@
     if (cert) {
 	if (trusted && !X509_add1_trust_object(cert, serverAuth))
 	    msg_fatal("out of memory");
-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+	X509_up_ref(cert);
 	if (!sk_X509_push(*xs, cert))
 	    msg_fatal("out of memory");
     }
diff -Nru postfix-3.0.4/src/tls/tls_dh.c postfix-3.1.0/src/tls/tls_dh.c
--- postfix-3.0.4/src/tls/tls_dh.c	2015-01-16 00:25:21.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_dh.c	2016-01-03 14:49:51.000000000 +0000
@@ -87,44 +87,66 @@
 /* Application-specific. */
 
  /*
-  * Compiled-in EDH primes (the compiled-in generator is always 2). These are
-  * used when no parameters are explicitly loaded from a site-specific file.
+  * Compiled-in DH parameters.  Used when no parameters are explicitly loaded
+  * from a site-specific file.  Using an ASN.1 DER encoding avoids the need
+  * to explicitly manipulate the internal representation of DH parameter
+  * objects.
   * 
-  * 512-bit parameters are used for export ciphers, and 1024-bit parameters are
-  * used for non-export ciphers. An ~80-bit strong EDH key exchange is really
-  * too weak to protect 128+ bit keys, but larger DH primes are
-  * computationally expensive. When greater security is required, use EECDH.
+  * 512-bit parameters are used for export ciphers, and 2048-bit parameters are
+  * used for non-export ciphers.  The non-export group is now 2048-bit, as
+  * 1024 bits is increasingly considered to weak by clients.  When greater
+  * security is required, use EECDH.
   */
 
- /*
-  * Generated via "openssl dhparam -2 -noout -C 512 2>/dev/null" TODO:
-  * generate at compile-time.
+ /*-
+  * Generated via:
+  *   $ openssl dhparam -2 -outform DER 512 2>/dev/null |
+  *     hexdump -ve '/1 "0x%02x, "' | fmt
+  * TODO: generate at compile-time. But that is no good for the majority of
+  * sites that install pre-compiled binaries, and breaks reproducible builds.
+  * Instead, generate at installation time and use main.cf configuration.
   */
-static unsigned char dh512_p[] = {
-    0x88, 0x3F, 0x00, 0xAF, 0xFC, 0x0C, 0x8A, 0xB8, 0x35, 0xCD, 0xE5, 0xC2,
-    0x0F, 0x55, 0xDF, 0x06, 0x3F, 0x16, 0x07, 0xBF, 0xCE, 0x13, 0x35, 0xE4,
-    0x1C, 0x1E, 0x03, 0xF3, 0xAB, 0x17, 0xF6, 0x63, 0x50, 0x63, 0x67, 0x3E,
-    0x10, 0xD7, 0x3E, 0xB4, 0xEB, 0x46, 0x8C, 0x40, 0x50, 0xE6, 0x91, 0xA5,
-    0x6E, 0x01, 0x45, 0xDE, 0xC9, 0xB1, 0x1F, 0x64, 0x54, 0xFA, 0xD9, 0xAB,
-    0x4F, 0x70, 0xBA, 0x5B,
+static unsigned char dh512_der[] = {
+    0x30, 0x46, 0x02, 0x41, 0x00, 0xd8, 0xbf, 0x11, 0xd6, 0x41, 0x2a, 0x7a,
+    0x9c, 0x78, 0xb2, 0xaa, 0x41, 0x23, 0x0a, 0xdc, 0xcf, 0xb7, 0x19, 0xc5,
+    0x16, 0x4c, 0xcb, 0x4a, 0xd0, 0xd2, 0x1f, 0x1f, 0x70, 0x24, 0x86, 0x6f,
+    0x51, 0x52, 0xc6, 0x5b, 0x28, 0xbb, 0x82, 0xe1, 0x24, 0x91, 0x3d, 0x4d,
+    0x95, 0x56, 0xf8, 0x0b, 0x2c, 0xe0, 0x36, 0x67, 0x88, 0x64, 0x15, 0x1f,
+    0x45, 0xd5, 0xb8, 0x0a, 0x00, 0x03, 0x76, 0x32, 0x0b, 0x02, 0x01, 0x02,
 };
 
- /*
-  * Generated via "openssl dhparam -2 -noout -C 1024 2>/dev/null" TODO:
-  * generate at compile-time.
+ /*-
+  * Generated via:
+  *   $ openssl dhparam -2 -outform DER 2048 2>/dev/null |
+  *     hexdump -ve '/1 "0x%02x, "' | fmt
+  * TODO: generate at compile-time. But that is no good for the majority of
+  * sites that install pre-compiled binaries, and breaks reproducible builds.
+  * Instead, generate at installation time and use main.cf configuration.
   */
-static unsigned char dh1024_p[] = {
-    0xB0, 0xFE, 0xB4, 0xCF, 0xD4, 0x55, 0x07, 0xE7, 0xCC, 0x88, 0x59, 0x0D,
-    0x17, 0x26, 0xC5, 0x0C, 0xA5, 0x4A, 0x92, 0x23, 0x81, 0x78, 0xDA, 0x88,
-    0xAA, 0x4C, 0x13, 0x06, 0xBF, 0x5D, 0x2F, 0x9E, 0xBC, 0x96, 0xB8, 0x51,
-    0x00, 0x9D, 0x0C, 0x0D, 0x75, 0xAD, 0xFD, 0x3B, 0xB1, 0x7E, 0x71, 0x4F,
-    0x3F, 0x91, 0x54, 0x14, 0x44, 0xB8, 0x30, 0x25, 0x1C, 0xEB, 0xDF, 0x72,
-    0x9C, 0x4C, 0xF1, 0x89, 0x0D, 0x68, 0x3F, 0x94, 0x8E, 0xA4, 0xFB, 0x76,
-    0x89, 0x18, 0xB2, 0x91, 0x16, 0x90, 0x01, 0x99, 0x66, 0x8C, 0x53, 0x81,
-    0x4E, 0x27, 0x3D, 0x99, 0xE7, 0x5A, 0x7A, 0xAF, 0xD5, 0xEC, 0xE2, 0x7E,
-    0xFA, 0xED, 0x01, 0x18, 0xC2, 0x78, 0x25, 0x59, 0x06, 0x5C, 0x39, 0xF6,
-    0xCD, 0x49, 0x54, 0xAF, 0xC1, 0xB1, 0xEA, 0x4A, 0xF9, 0x53, 0xD0, 0xDF,
-    0x6D, 0xAF, 0xD4, 0x93, 0xE7, 0xBA, 0xAE, 0x9B,
+static unsigned char dh2048_der[] = {
+    0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x28, 0x1b,
+    0x68, 0x69, 0x90, 0x2f, 0x37, 0x9f, 0x5a, 0x50, 0x23, 0x73, 0x2c, 0x11,
+    0xf2, 0xac, 0x7c, 0x3e, 0x58, 0xb9, 0x23, 0x3e, 0x02, 0x07, 0x4d, 0xba,
+    0xd9, 0x2c, 0xc1, 0x9e, 0xf9, 0xc4, 0x2f, 0xbc, 0x8d, 0x86, 0x4b, 0x2a,
+    0x87, 0x86, 0x93, 0x32, 0x0f, 0x72, 0x40, 0xfe, 0x7e, 0xa2, 0xc1, 0x32,
+    0xf0, 0x65, 0x9c, 0xc3, 0x19, 0x25, 0x2d, 0xeb, 0x6a, 0x49, 0x94, 0x79,
+    0x2d, 0xa1, 0xbe, 0x05, 0x26, 0xac, 0x8d, 0x69, 0xdc, 0x2e, 0x7e, 0xb5,
+    0xfd, 0x3c, 0x2b, 0x7d, 0x43, 0x22, 0x53, 0xf6, 0x1e, 0x04, 0x45, 0xd7,
+    0x53, 0x84, 0xfd, 0x6b, 0x12, 0x72, 0x47, 0x04, 0xaf, 0xa4, 0xac, 0x4b,
+    0x55, 0xb6, 0x79, 0x42, 0x40, 0x88, 0x54, 0x48, 0xd5, 0x4d, 0x3a, 0xb2,
+    0xbf, 0x6c, 0x26, 0x95, 0x29, 0xdd, 0x8b, 0x9e, 0xed, 0xb8, 0x60, 0x8e,
+    0xb5, 0x35, 0xb6, 0x22, 0x44, 0x1f, 0xfb, 0x56, 0x74, 0xfe, 0xf0, 0x2c,
+    0xe6, 0x0c, 0x22, 0xc9, 0x35, 0xb3, 0x1b, 0x96, 0xbb, 0x0a, 0x5a, 0xc3,
+    0x09, 0xa0, 0xcc, 0xa5, 0x40, 0x90, 0x0f, 0x59, 0xa2, 0x89, 0x69, 0x2a,
+    0x69, 0x79, 0xe4, 0xd3, 0x24, 0xc6, 0x8c, 0xda, 0xbc, 0x98, 0x3a, 0x5b,
+    0x16, 0xae, 0x63, 0x6c, 0x0b, 0x43, 0x4f, 0xf3, 0x2e, 0xc8, 0xa9, 0x6b,
+    0x58, 0x6a, 0xa9, 0x8e, 0x64, 0x09, 0x3d, 0x88, 0x44, 0x4f, 0x97, 0x2c,
+    0x1d, 0x98, 0xb0, 0xa9, 0xc0, 0xb6, 0x8d, 0x19, 0x37, 0x1f, 0xb7, 0xc9,
+    0x86, 0xa8, 0xdc, 0x37, 0x4d, 0x64, 0x27, 0xf3, 0xf5, 0x2b, 0x7b, 0x6b,
+    0x76, 0x84, 0x3f, 0xc1, 0x23, 0x97, 0x2d, 0x71, 0xf7, 0xb6, 0xc2, 0x35,
+    0x28, 0x10, 0x96, 0xd6, 0x69, 0x0c, 0x2e, 0x1f, 0x9f, 0xdf, 0x82, 0x81,
+    0x57, 0x57, 0x39, 0xa5, 0xf2, 0x81, 0x29, 0x57, 0xf9, 0x2f, 0xd0, 0x03,
+    0xab, 0x02, 0x01, 0x02,
 };
 
  /*
@@ -151,6 +173,14 @@
 	msg_panic("Invalid DH parameters size %d, file %s", bits, path);
     }
 
+    /*
+     * This function is the first to set the DH parameters, but free any
+     * prior value just in case the call sequence changes some day.
+     */
+    if (*dhPtr) {
+	DH_free(*dhPtr);
+	*dhPtr = 0;
+    }
     if ((paramfile = fopen(path, "r")) != 0) {
 	if ((*dhPtr = PEM_read_DHparams(paramfile, 0, 0, 0)) == 0) {
 	    msg_warn("cannot load %d-bit DH parameters from file %s"
@@ -166,24 +196,18 @@
 
 /* tls_get_dh - get compiled-in DH parameters */
 
-static DH *tls_get_dh(const unsigned char *p, int plen)
+static DH *tls_get_dh(const unsigned char *p, size_t plen)
 {
-    DH     *dh;
-    static unsigned char g[] = {0x02,};
+    const unsigned char *endp = p;
+    DH     *dh = 0;
 
-    /* Use the compiled-in parameters. */
-    if ((dh = DH_new()) == 0) {
-	msg_warn("cannot create DH parameter set: %m");	/* 200411 */
-	return (0);
-    }
-    dh->p = BN_bin2bn(p, plen, (BIGNUM *) 0);
-    dh->g = BN_bin2bn(g, 1, (BIGNUM *) 0);
-    if ((dh->p == 0) || (dh->g == 0)) {
-	msg_warn("cannot load compiled-in DH parameters");	/* 200411 */
-	DH_free(dh);				/* 200411 */
-	return (0);
-    }
-    return (dh);
+    if (d2i_DHparams(&dh, &endp, plen) && plen == endp - p)
+	return (dh);
+
+    msg_warn("cannot load compiled-in DH parameters");
+    if (dh)
+	DH_free(dh);
+    return (0);
 }
 
 /* tls_tmp_dh_cb - call-back for Diffie-Hellman parameters */
@@ -194,11 +218,11 @@
 
     if (export && keylength == 512) {		/* 40-bit export cipher */
 	if (dh_512 == 0)
-	    dh_512 = tls_get_dh(dh512_p, (int) sizeof(dh512_p));
+	    dh_512 = tls_get_dh(dh512_der, sizeof(dh512_der));
 	dh_tmp = dh_512;
     } else {					/* ADH, DHE-RSA or DSA */
 	if (dh_1024 == 0)
-	    dh_1024 = tls_get_dh(dh1024_p, (int) sizeof(dh1024_p));
+	    dh_1024 = tls_get_dh(dh2048_der, sizeof(dh2048_der));
 	dh_tmp = dh_1024;
     }
     return (dh_tmp);
@@ -255,10 +279,12 @@
     ERR_clear_error();
     if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0
 	|| SSL_CTX_set_tmp_ecdh(server_ctx, ecdh) == 0) {
+	EC_KEY_free(ecdh);			/* OK if NULL */
 	msg_warn("unable to use curve \"%s\": disabling EECDH support", curve);
 	tls_print_errors();
 	return (0);
     }
+    EC_KEY_free(ecdh);
 #endif
     return (1);
 }
diff -Nru postfix-3.0.4/src/tls/tls_fprint.c postfix-3.1.0/src/tls/tls_fprint.c
--- postfix-3.0.4/src/tls/tls_fprint.c	2015-01-18 20:15:46.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_fprint.c	2015-11-01 00:24:04.000000000 +0000
@@ -188,7 +188,7 @@
 	msg_panic("digest algorithm \"%s\" not found", mdalg);
 
     /* Salt the session lookup key with the OpenSSL runtime version. */
-    sslversion = SSLeay();
+    sslversion = OpenSSL_version_num();
 
     mdctx = EVP_MD_CTX_create();
     checkok(EVP_DigestInit_ex(mdctx, md, NULL));
diff -Nru postfix-3.0.4/src/tls/tls.h postfix-3.1.0/src/tls/tls.h
--- postfix-3.0.4/src/tls/tls.h	2015-01-28 18:41:14.000000000 +0000
+++ postfix-3.1.0/src/tls/tls.h	2016-02-06 20:09:41.000000000 +0000
@@ -44,22 +44,23 @@
 #define TLS_LEV_MAY		1	/* wildcard */
 #define TLS_LEV_ENCRYPT		2	/* encrypted connection */
 #define TLS_LEV_FPRINT		3	/* "peer" CA-less verification */
-#define TLS_LEV_DANE		4	/* Opportunistic TLSA policy */
-#define TLS_LEV_DANE_ONLY	5	/* Required TLSA policy */
-#define TLS_LEV_VERIFY		6	/* certificate verified */
-#define TLS_LEV_SECURE		7	/* "secure" verification */
+#define TLS_LEV_HALF_DANE	4	/* DANE TLSA MX host, insecure MX RR */
+#define TLS_LEV_DANE		5	/* Opportunistic TLSA policy */
+#define TLS_LEV_DANE_ONLY	6	/* Required TLSA policy */
+#define TLS_LEV_VERIFY		7	/* certificate verified */
+#define TLS_LEV_SECURE		8	/* "secure" verification */
 
 #define TLS_REQUIRED(l)		((l) > TLS_LEV_MAY)
 #define TLS_MUST_MATCH(l)	((l) > TLS_LEV_ENCRYPT)
-#define TLS_MUST_TRUST(l)	((l) >= TLS_LEV_DANE)
+#define TLS_MUST_TRUST(l)	((l) >= TLS_LEV_HALF_DANE)
 #define TLS_MUST_PKIX(l)	((l) >= TLS_LEV_VERIFY)
 #define TLS_OPPORTUNISTIC(l)	((l) == TLS_LEV_MAY || (l) == TLS_LEV_DANE)
-#define TLS_DANE_BASED(l)	((l) == TLS_LEV_DANE || (l) == TLS_LEV_DANE_ONLY)
+#define TLS_DANE_BASED(l)	\
+	((l) >= TLS_LEV_HALF_DANE && (l) <= TLS_LEV_DANE_ONLY)
+#define TLS_NEVER_SECURED(l)	((l) == TLS_LEV_HALF_DANE)
 
-extern const NAME_CODE tls_level_table[];
-
-#define tls_level_lookup(s) name_code(tls_level_table, NAME_CODE_FLAG_NONE, (s))
-#define str_tls_level(l) str_name_code(tls_level_table, (l))
+extern int tls_level_lookup(const char *);
+extern const char *str_tls_level(int);
 
 #ifdef USE_TLS
 
@@ -73,11 +74,12 @@
 #include 
 #include 
 #include 
+#include 		/* Legacy SSLEAY_VERSION_NUMBER */
+#include 		/* OPENSSL_VERSION_NUMBER */
 #include 
 
  /* Appease indent(1) */
 #define x509_stack_t STACK_OF(X509)
-#define x509_extension_stack_t STACK_OF(X509_EXTENSION)
 #define general_name_stack_t STACK_OF(GENERAL_NAME)
 #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
 #define ssl_comp_stack_t STACK_OF(SSL_COMP)
@@ -86,6 +88,14 @@
 #error "need OpenSSL version 0.9.7 or later"
 #endif
 
+ /* Backwards compatibility with OpenSSL < 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OpenSSL_version_num SSLeay
+#define OpenSSL_version SSLeay_version
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
+#endif
+
 /* SSL_CIPHER_get_name() got constified in 0.9.7g */
 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL	/* constification */
 #define SSL_CIPHER_const const
@@ -171,7 +181,7 @@
     TLS_CERTS *certs;			/* Full trust-anchor certificates */
     TLS_PKEYS *pkeys;			/* Full trust-anchor public keys */
     char   *base_domain;		/* Base domain of TLSA RRset */
-    int     flags;			/* Conflate cert and pkey digests */
+    int     flags;			/* Lookup status */
     time_t  expires;			/* Expiration time of this record */
     int     refs;			/* Reference count */
 } TLS_DANE;
@@ -241,11 +251,13 @@
 #define TLS_CERT_FLAG_ALTNAME		(1<<1)
 #define TLS_CERT_FLAG_TRUSTED		(1<<2)
 #define TLS_CERT_FLAG_MATCHED		(1<<3)
+#define TLS_CERT_FLAG_SECURED		(1<<4)
 
 #define TLS_CERT_IS_PRESENT(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_PRESENT))
 #define TLS_CERT_IS_ALTNAME(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_ALTNAME))
 #define TLS_CERT_IS_TRUSTED(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_TRUSTED))
 #define TLS_CERT_IS_MATCHED(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_MATCHED))
+#define TLS_CERT_IS_SECURED(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_SECURED))
 
  /*
   * Opaque client context handle.
@@ -295,7 +307,6 @@
  /*
   * tls_misc.c
   */
-
 extern void tls_param_init(void);
 
  /*
@@ -522,6 +533,13 @@
   */
 extern void tls_session_stop(TLS_APPL_STATE *, VSTREAM *, int, int, TLS_SESS_STATE *);
 
+ /*
+  * tls_misc.c
+  */
+extern const char *tls_compile_version(void);
+extern const char *tls_run_version(void);
+extern const char **tls_pkey_algorithms(void);
+
 #ifdef TLS_INTERNAL
 
 #include 
diff -Nru postfix-3.0.4/src/tls/tls_level.c postfix-3.1.0/src/tls/tls_level.c
--- postfix-3.0.4/src/tls/tls_level.c	2013-05-30 12:45:03.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_level.c	2016-01-04 12:26:16.000000000 +0000
@@ -12,9 +12,8 @@
 /*	const char *str_tls_level(level)
 /*	int	level;
 /* DESCRIPTION
-/*	The macros in this module convert TLS levels from symbolic
-/*	name to internal form and vice versa. The macros are safe
-/*	because they evaluate their arguments only once.
+/*	The functions in this module convert TLS levels from symbolic
+/*	name to internal form and vice versa.
 /*
 /*	tls_level_lookup() converts a TLS level from symbolic name
 /*	to internal form. When an unknown level is specified,
@@ -22,7 +21,9 @@
 /*
 /*	str_tls_level() converts a TLS level from internal form to
 /*	symbolic name. The result is a null pointer for an unknown
-/*	level.
+/*	level.  The "halfdane" level is not a valid user-selected TLS level,
+/*	it is generated internally and is only valid output for the
+/*	str_tls_level() function.
 /* SEE ALSO
 /*	name_code(3) name to number mapping
 /* LICENSE
@@ -68,14 +69,27 @@
   * The smtp(8) client will report trust failure in preference to reporting
   * failure to match, so we make "dane" larger than "fingerprint".
   */
-const NAME_CODE tls_level_table[] = {
+static const NAME_CODE tls_level_table[] = {
     "none", TLS_LEV_NONE,
     "may", TLS_LEV_MAY,
     "encrypt", TLS_LEV_ENCRYPT,
     "fingerprint", TLS_LEV_FPRINT,
+    "halfdane", TLS_LEV_HALF_DANE,	/* output only */
     "dane", TLS_LEV_DANE,
     "dane-only", TLS_LEV_DANE_ONLY,
     "verify", TLS_LEV_VERIFY,
     "secure", TLS_LEV_SECURE,
     0, TLS_LEV_INVALID,
 };
+
+int     tls_level_lookup(const char *name)
+{
+    int     level = name_code(tls_level_table, NAME_CODE_FLAG_NONE, name);
+
+    return ((level != TLS_LEV_HALF_DANE) ? level : TLS_LEV_INVALID);
+}
+
+const char *str_tls_level(int level)
+{
+    return (str_name_code(tls_level_table, level));
+}
diff -Nru postfix-3.0.4/src/tls/tls_misc.c postfix-3.1.0/src/tls/tls_misc.c
--- postfix-3.0.4/src/tls/tls_misc.c	2015-01-16 00:25:21.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_misc.c	2016-02-06 20:20:45.000000000 +0000
@@ -24,6 +24,7 @@
 /*	bool	var_tls_multi_wildcard;
 /*	char	*var_tls_mgr_service;
 /*	char	*var_tls_tkt_cipher;
+/*	char	*var_openssl_path;
 /*
 /*	TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
 /*	SSL_CTX	*ssl_ctx;
@@ -81,10 +82,16 @@
 /*
 /*	void	 tls_update_app_logmask(app_ctx, log_mask)
 /*	TLS_APPL_STATE *app_ctx;
-/*	int      log_mask;
+/*	int	log_mask;
 /*
 /*	int	tls_validate_digest(dgst)
 /*	const char *dgst;
+/*
+/*	const char *tls_compile_version(void)
+/*
+/*	const char *tls_run_version(void)
+/*
+/*	const char **tls_pkey_algorithms(void)
 /* DESCRIPTION
 /*	This module implements routines that support the TLS client
 /*	and server internals.
@@ -155,6 +162,16 @@
 /*
 /*	tls_validate_digest() returns non-zero if the named digest
 /*	is usable and zero otherwise.
+/*
+/*	tls_compile_version() returns a text string description of
+/*	the compile-time TLS library.
+/*
+/*	tls_run_version() is just tls_compile_version() but with the runtime
+/*	version instead of the compile-time version.
+/*
+/*	tls_pkey_algorithms() returns a pointer to null-terminated
+/*	array of string constants with the names of the supported
+/*	public-key algorithms.
 /* LICENSE
 /* .ad
 /* .fi
@@ -177,6 +194,11 @@
 /*
 /*	Victor Duchovni
 /*	Morgan Stanley
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -233,6 +255,7 @@
 bool    var_tls_multi_wildcard;
 char   *var_tls_mgr_service;
 char   *var_tls_tkt_cipher;
+char   *var_openssl_path;
 
 #ifdef VAR_TLS_PREEMPT_CLIST
 bool    var_tls_preempt_clist;
@@ -461,7 +484,7 @@
     static ARGV *exclude;		/* Cached */
     SSL    *s = 0;
     ssl_cipher_stack_t *ciphers;
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
     const cipher_probe_t *probe;
     int     alg_bits;
     int     num;
@@ -617,6 +640,7 @@
 	VAR_TLS_DANE_DIGESTS, DEF_TLS_DANE_DIGESTS, &var_tls_dane_digests, 1, 0,
 	VAR_TLS_MGR_SERVICE, DEF_TLS_MGR_SERVICE, &var_tls_mgr_service, 1, 0,
 	VAR_TLS_TKT_CIPHER, DEF_TLS_TKT_CIPHER, &var_tls_tkt_cipher, 0, 0,
+	VAR_OPENSSL_PATH, DEF_OPENSSL_PATH, &var_openssl_path, 1, 0,
 	0,
     };
     static const CONFIG_INT_TABLE int_table[] = {
@@ -862,7 +886,7 @@
 
 /* tls_version_split - Split OpenSSL version number into major, minor, ... */
 
-static void tls_version_split(long version, TLS_VINFO *info)
+static void tls_version_split(unsigned long version, TLS_VINFO *info)
 {
 
     /*
@@ -935,7 +959,7 @@
     TLS_VINFO lib_info;
 
     tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
-    tls_version_split(SSLeay(), &lib_info);
+    tls_version_split(OpenSSL_version_num(), &lib_info);
 
     if (lib_info.major != hdr_info.major
 	|| lib_info.minor != hdr_info.minor
@@ -946,6 +970,43 @@
 		 hdr_info.major, hdr_info.minor, hdr_info.micro);
 }
 
+/* tls_compile_version - compile-time OpenSSL version */
+
+const char *tls_compile_version(void)
+{
+    return (OPENSSL_VERSION_TEXT);
+}
+
+/* tls_run_version - run-time version "major.minor.micro" */
+
+const char *tls_run_version(void)
+{
+    return (OpenSSL_version(OPENSSL_VERSION));
+}
+
+const char **tls_pkey_algorithms(void)
+{
+
+    /*
+     * Return an array, not string, so that the result can be inspected
+     * without parsing. Sort the result alphabetically, not chronologically.
+     */
+    static const char *algs[] = {
+#ifndef OPENSSL_NO_DSA
+	"dsa",
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ECDSA)
+	"ecdsa",
+#endif
+#ifndef OPENSSL_NO_RSA
+	"rsa",
+#endif
+	0,
+    };
+
+    return (algs);
+}
+
 /* tls_bug_bits - SSL bug compatibility bits for this OpenSSL version */
 
 long    tls_bug_bits(void)
@@ -954,7 +1015,7 @@
 
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
 	OPENSSL_VERSION_NUMBER < 0x10000000L
-    long    lib_version = SSLeay();
+    long    lib_version = OpenSSL_version_num();
 
     /*
      * In OpenSSL 0.9.8[ab], enabling zlib compression breaks the padding bug
diff -Nru postfix-3.0.4/src/tls/tls_rsa.c postfix-3.1.0/src/tls/tls_rsa.c
--- postfix-3.0.4/src/tls/tls_rsa.c	2015-01-16 00:25:21.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_rsa.c	2016-01-03 14:49:51.000000000 +0000
@@ -54,6 +54,11 @@
 #include 
 #include 
 
+ /*
+  * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+  */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
 /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
 
 RSA    *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength)
@@ -91,14 +96,21 @@
     return (rsa_tmp);
 }
 
+#endif					/* OPENSSL_VERSION_NUMBER */
+
 #ifdef TEST
 
 #include 
 
 int     main(int unused_argc, char *const argv[])
 {
+    int     ok = 0;
+
+    /*
+     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+     */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     RSA    *rsa;
-    int     ok;
 
     msg_vstream_init(argv[0], VSTREAM_ERR);
 
@@ -111,6 +123,7 @@
     /* Non-export or unexpected bit length should fail */
     ok = ok && tls_tmp_rsa_cb(0, 0, 512) == 0;
     ok = ok && tls_tmp_rsa_cb(0, 1, 1024) == 0;
+#endif
 
     return ok ? 0 : 1;
 }
diff -Nru postfix-3.0.4/src/tls/tls_server.c postfix-3.1.0/src/tls/tls_server.c
--- postfix-3.0.4/src/tls/tls_server.c	2015-01-16 00:25:21.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_server.c	2016-01-31 21:05:46.000000000 +0000
@@ -193,7 +193,7 @@
 	buf = vstring_alloc(2 * (len + strlen(service))); \
 	hex_encode(buf, (char *) (id), (len)); \
 	vstring_sprintf_append(buf, "&s=%s", (service)); \
-	vstring_sprintf_append(buf, "&l=%ld", (long) SSLeay()); \
+	vstring_sprintf_append(buf, "&l=%ld", (long) OpenSSL_version_num()); \
     } while (0)
 
 
@@ -429,14 +429,28 @@
      * SSLv2), so we need to have the SSLv23 server here. If we want to limit
      * the protocol level, we can add an option to not use SSLv2/v3/TLSv1
      * later.
+     * 
+     * OpenSSL 1.1.0-dev deprecates SSLv23_server_method() in favour of
+     * TLS_client_method(), with the change in question signalled via a new
+     * TLS_ANY_VERSION macro.
      */
     ERR_clear_error();
-    if ((server_ctx = SSL_CTX_new(SSLv23_server_method())) == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
+    server_ctx = SSL_CTX_new(TLS_server_method());
+#else
+    server_ctx = SSL_CTX_new(SSLv23_server_method());
+#endif
+    if (server_ctx == 0) {
 	msg_warn("cannot allocate server SSL_CTX: disabling TLS support");
 	tls_print_errors();
 	return (0);
     }
 
+#ifdef SSL_SECOP_PEER
+    /* Backwards compatible security as a base for opportunistic TLS. */
+    SSL_CTX_set_security_level(server_ctx, 0);
+#endif
+
     /*
      * See the verify callback in tls_verify.c
      */
@@ -561,11 +575,17 @@
     }
 
     /*
+     * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+     */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+    /*
      * According to OpenSSL documentation, a temporary RSA key is needed when
      * export ciphers are in use, because the certified key cannot be
      * directly used.
      */
     SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
+#endif
 
     /*
      * Diffie-Hellman key generation parameters can either be loaded from
@@ -739,6 +759,12 @@
 	return (0);
     }
 
+#ifdef SSL_SECOP_PEER
+    /* When authenticating the peer, use 80-bit plus OpenSSL security level */
+    if (props->requirecert)
+	SSL_set_security_level(TLScontext->con, 1);
+#endif
+
     /*
      * Before really starting anything, try to seed the PRNG a little bit
      * more.
@@ -868,6 +894,22 @@
 		     TLScontext->peer_pkey_fprint);
 	}
 	X509_free(peer);
+
+	/*
+	 * Give them a clue. Problems with trust chain verification are logged
+	 * when the session is first negotiated, before the session is stored
+	 * into the cache. We don't want mystery failures, so log the fact the
+	 * real problem is to be found in the past.
+	 */
+	if (!TLS_CERT_IS_TRUSTED(TLScontext)
+	    && (TLScontext->log_mask & TLS_LOG_UNTRUSTED)) {
+	    if (TLScontext->session_reused == 0)
+		tls_log_verify_error(TLScontext);
+	    else
+		msg_info("%s: re-using session with untrusted certificate, "
+			 "look for details earlier in the log",
+			 TLScontext->namaddr);
+	}
     } else {
 	TLScontext->peer_CN = mystrdup("");
 	TLScontext->issuer_CN = mystrdup("");
diff -Nru postfix-3.0.4/src/tls/tls_verify.c postfix-3.1.0/src/tls/tls_verify.c
--- postfix-3.0.4/src/tls/tls_verify.c	2013-06-16 22:49:37.000000000 +0000
+++ postfix-3.1.0/src/tls/tls_verify.c	2015-11-01 00:24:04.000000000 +0000
@@ -138,7 +138,7 @@
     if (TLScontext->errorcert != 0)
 	X509_free(TLScontext->errorcert);
     if (errorcert != 0)
-	CRYPTO_add(&errorcert->references, 1, CRYPTO_LOCK_X509);
+	X509_up_ref(errorcert);
     TLScontext->errorcert = errorcert;
     TLScontext->errorcode = errorcode;
     TLScontext->errordepth = depth;
diff -Nru postfix-3.0.4/src/tlsmgr/.indent.pro postfix-3.1.0/src/tlsmgr/.indent.pro
--- postfix-3.0.4/src/tlsmgr/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/tlsmgr/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/tlsmgr/Makefile.in postfix-3.1.0/src/tlsmgr/Makefile.in
--- postfix-3.0.4/src/tlsmgr/Makefile.in	2015-01-28 00:13:15.000000000 +0000
+++ postfix-3.1.0/src/tlsmgr/Makefile.in	2015-07-12 17:21:20.000000000 +0000
@@ -8,7 +8,6 @@
 TESTPROG= 
 PROG	= tlsmgr
 INC_DIR	= ../../include
-# Fake libdns dependency, for early-binding shared-library builds.
 LIBS	= ../../lib/lib$(LIB_PREFIX)master$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)tls$(LIB_SUFFIX) \
 	../../lib/lib$(LIB_PREFIX)dns$(LIB_SUFFIX) \
diff -Nru postfix-3.0.4/src/tlsmgr/tlsmgr.c postfix-3.1.0/src/tlsmgr/tlsmgr.c
--- postfix-3.0.4/src/tlsmgr/tlsmgr.c	2014-12-25 16:47:18.000000000 +0000
+++ postfix-3.1.0/src/tlsmgr/tlsmgr.c	2016-02-14 01:31:42.000000000 +0000
@@ -165,6 +165,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/tlsproxy/.indent.pro postfix-3.1.0/src/tlsproxy/.indent.pro
--- postfix-3.0.4/src/tlsproxy/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/tlsproxy/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/tlsproxy/tlsproxy.c postfix-3.1.0/src/tlsproxy/tlsproxy.c
--- postfix-3.0.4/src/tlsproxy/tlsproxy.c	2015-07-19 13:13:26.000000000 +0000
+++ postfix-3.1.0/src/tlsproxy/tlsproxy.c	2016-02-14 01:32:01.000000000 +0000
@@ -186,6 +186,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
  /*
diff -Nru postfix-3.0.4/src/trivial-rewrite/.indent.pro postfix-3.1.0/src/trivial-rewrite/.indent.pro
--- postfix-3.0.4/src/trivial-rewrite/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/trivial-rewrite/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/trivial-rewrite/resolve.c postfix-3.1.0/src/trivial-rewrite/resolve.c
--- postfix-3.0.4/src/trivial-rewrite/resolve.c	2015-03-25 12:22:46.000000000 +0000
+++ postfix-3.1.0/src/trivial-rewrite/resolve.c	2016-01-24 00:52:59.000000000 +0000
@@ -44,6 +44,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/trivial-rewrite/trivial-rewrite.c postfix-3.1.0/src/trivial-rewrite/trivial-rewrite.c
--- postfix-3.0.4/src/trivial-rewrite/trivial-rewrite.c	2015-01-30 00:55:20.000000000 +0000
+++ postfix-3.1.0/src/trivial-rewrite/trivial-rewrite.c	2016-02-14 01:32:16.000000000 +0000
@@ -279,6 +279,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/util/attr.h postfix-3.1.0/src/util/attr.h
--- postfix-3.0.4/src/util/attr.h	2015-02-03 16:27:18.000000000 +0000
+++ postfix-3.1.0/src/util/attr.h	2015-11-30 00:30:33.000000000 +0000
@@ -26,6 +26,14 @@
 #include 
 
  /*
+  * Delegation for better data abstraction.
+  */
+typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
+typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
+typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
+typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
+
+ /*
   * Attribute types. See attr_scan(3) for documentation.
   */
 #define ATTR_TYPE_END		0	/* end of data */
@@ -38,6 +46,14 @@
 #define ATTR_TYPE_DATA		5	/* Binary data */
 #define ATTR_TYPE_FUNC		6	/* Function pointer */
 
+ /*
+  * Optional sender-specified grouping for hash or nameval tables.
+  */
+#define ATTR_TYPE_OPEN		'{'
+#define ATTR_TYPE_CLOSE		'}'
+#define ATTR_NAME_OPEN		"{"
+#define ATTR_NAME_CLOSE		"}"
+
 #define ATTR_HASH_LIMIT		1024	/* Size of hash table */
 
  /*
@@ -50,7 +66,7 @@
 #define SEND_ATTR_NV(val)		ATTR_TYPE_NV, CHECK_CPTR(ATTR, NVTABLE, (val))
 #define SEND_ATTR_LONG(name, val)	ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, long, (val))
 #define SEND_ATTR_DATA(name, len, val)	ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, ssize_t, (len)), CHECK_CPTR(ATTR, void, (val))
-#define SEND_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, (func), CHECK_CPTR(ATTR, void, (val))
+#define SEND_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_PRINT_SLAVE_FN, (func)), CHECK_CPTR(ATTR, void, (val))
 
 #define RECV_ATTR_INT(name, val)	ATTR_TYPE_INT, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, int, (val))
 #define RECV_ATTR_STR(name, val)	ATTR_TYPE_STR, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
@@ -58,7 +74,7 @@
 #define RECV_ATTR_NV(val)		ATTR_TYPE_NV, CHECK_PTR(ATTR, NVTABLE, (val))
 #define RECV_ATTR_LONG(name, val)	ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, long, (val))
 #define RECV_ATTR_DATA(name, val)	ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
-#define RECV_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, (func), CHECK_PTR(ATTR, void, (val))
+#define RECV_ATTR_FUNC(func, val)	ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_SCAN_SLAVE_FN, (func)), CHECK_PTR(ATTR, void, (val))
 
 CHECK_VAL_HELPER_DCL(ATTR, ssize_t);
 CHECK_VAL_HELPER_DCL(ATTR, long);
@@ -73,6 +89,8 @@
 CHECK_CPTR_HELPER_DCL(ATTR, char);
 CHECK_CPTR_HELPER_DCL(ATTR, NVTABLE);
 CHECK_CPTR_HELPER_DCL(ATTR, HTABLE);
+CHECK_VAL_HELPER_DCL(ATTR, ATTR_PRINT_SLAVE_FN);
+CHECK_VAL_HELPER_DCL(ATTR, ATTR_SCAN_SLAVE_FN);
 
  /*
   * Flags that control processing. See attr_scan(3) for documentation.
@@ -86,20 +104,13 @@
 #define ATTR_FLAG_ALL		(07)
 
  /*
-  * Delegation for better data abstraction.
-  */
-typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
-typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
-
- /*
   * Default to null-terminated, as opposed to base64-encoded.
   */
 #define attr_print	attr_print0
 #define attr_vprint	attr_vprint0
 #define attr_scan	attr_scan0
 #define attr_vscan	attr_vscan0
+#define attr_scan_more	attr_scan_more0
 
  /*
   * attr_print64.c.
@@ -110,8 +121,9 @@
  /*
   * attr_scan64.c.
   */
-extern int attr_scan64(VSTREAM *, int,...);
-extern int attr_vscan64(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan64(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan64(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan_more64(VSTREAM *);
 
  /*
   * attr_print0.c.
@@ -122,21 +134,22 @@
  /*
   * attr_scan0.c.
   */
-extern int attr_scan0(VSTREAM *, int,...);
-extern int attr_vscan0(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan0(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan0(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan_more0(VSTREAM *);
 
  /*
   * attr_scan_plain.c.
   */
 extern int attr_print_plain(VSTREAM *, int,...);
 extern int attr_vprint_plain(VSTREAM *, int, va_list);
+extern int attr_scan_more_plain(VSTREAM *);
 
  /*
   * attr_print_plain.c.
   */
-extern int attr_scan_plain(VSTREAM *, int,...);
-extern int attr_vscan_plain(VSTREAM *, int, va_list);
-
+extern int WARN_UNUSED_RESULT attr_scan_plain(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan_plain(VSTREAM *, int, va_list);
 
  /*
   * Attribute names for testing the compatibility of the read and write
diff -Nru postfix-3.0.4/src/util/attr_print0.c postfix-3.1.0/src/util/attr_print0.c
--- postfix-3.0.4/src/util/attr_print0.c	2014-12-23 00:58:34.000000000 +0000
+++ postfix-3.1.0/src/util/attr_print0.c	2016-01-24 00:41:43.000000000 +0000
@@ -80,6 +80,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -174,6 +179,7 @@
 	    print_fn(attr_print0, fp, flags | ATTR_FLAG_MORE, print_arg);
 	    break;
 	case ATTR_TYPE_HASH:
+	    vstream_fwrite(fp, ATTR_NAME_OPEN, sizeof(ATTR_NAME_OPEN));
 	    ht_info_list = htable_list(va_arg(ap, HTABLE *));
 	    for (ht = ht_info_list; *ht; ht++) {
 		vstream_fwrite(fp, ht[0]->key, strlen(ht[0]->key) + 1);
@@ -183,6 +189,7 @@
 			     ht[0]->key, (char *) ht[0]->value);
 	    }
 	    myfree((void *) ht_info_list);
+	    vstream_fwrite(fp, ATTR_NAME_CLOSE, sizeof(ATTR_NAME_CLOSE));
 	    break;
 	default:
 	    msg_panic("%s: unknown type code: %d", myname, attr_type);
@@ -226,6 +233,7 @@
 		SEND_ATTR_STR(ATTR_NAME_STR, "whoopee"),
 		SEND_ATTR_DATA(ATTR_NAME_DATA, strlen("whoopee"), "whoopee"),
 		SEND_ATTR_HASH(table),
+		SEND_ATTR_LONG(ATTR_NAME_LONG, 4321L),
 		ATTR_TYPE_END);
     attr_print0(VSTREAM_OUT, ATTR_FLAG_NONE,
 		SEND_ATTR_INT(ATTR_NAME_INT, 4711),
diff -Nru postfix-3.0.4/src/util/attr_print64.c postfix-3.1.0/src/util/attr_print64.c
--- postfix-3.0.4/src/util/attr_print64.c	2014-12-23 00:58:40.000000000 +0000
+++ postfix-3.1.0/src/util/attr_print64.c	2016-01-24 00:41:29.000000000 +0000
@@ -80,6 +80,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -211,6 +216,8 @@
 	    print_fn(attr_print64, fp, flags | ATTR_FLAG_MORE, print_arg);
 	    break;
 	case ATTR_TYPE_HASH:
+	    attr_print64_str(fp, ATTR_NAME_OPEN, sizeof(ATTR_NAME_OPEN) - 1);
+	    VSTREAM_PUTC('\n', fp);
 	    ht_info_list = htable_list(va_arg(ap, HTABLE *));
 	    for (ht = ht_info_list; *ht; ht++) {
 		attr_print64_str(fp, ht[0]->key, strlen(ht[0]->key));
@@ -222,6 +229,8 @@
 			     ht[0]->key, (char *) ht[0]->value);
 	    }
 	    myfree((void *) ht_info_list);
+	    attr_print64_str(fp, ATTR_NAME_CLOSE, sizeof(ATTR_NAME_CLOSE) - 1);
+	    VSTREAM_PUTC('\n', fp);
 	    break;
 	default:
 	    msg_panic("%s: unknown type code: %d", myname, attr_type);
@@ -265,6 +274,7 @@
 		 SEND_ATTR_STR(ATTR_NAME_STR, "whoopee"),
 	       SEND_ATTR_DATA(ATTR_NAME_DATA, strlen("whoopee"), "whoopee"),
 		 SEND_ATTR_HASH(table),
+		 SEND_ATTR_LONG(ATTR_NAME_LONG, 4321L),
 		 ATTR_TYPE_END);
     attr_print64(VSTREAM_OUT, ATTR_FLAG_NONE,
 		 SEND_ATTR_INT(ATTR_NAME_INT, 4711),
diff -Nru postfix-3.0.4/src/util/attr_print_plain.c postfix-3.1.0/src/util/attr_print_plain.c
--- postfix-3.0.4/src/util/attr_print_plain.c	2014-12-23 00:58:49.000000000 +0000
+++ postfix-3.1.0/src/util/attr_print_plain.c	2016-01-24 00:41:16.000000000 +0000
@@ -80,6 +80,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -169,6 +174,8 @@
 	    print_fn(attr_print_plain, fp, flags | ATTR_FLAG_MORE, print_arg);
 	    break;
 	case ATTR_TYPE_HASH:
+	    vstream_fwrite(fp, ATTR_NAME_OPEN, sizeof(ATTR_NAME_OPEN));
+	    VSTREAM_PUTC('\n', fp);
 	    ht_info_list = htable_list(va_arg(ap, HTABLE *));
 	    for (ht = ht_info_list; *ht; ht++) {
 		vstream_fprintf(fp, "%s=%s\n", ht[0]->key, (char *) ht[0]->value);
@@ -177,6 +184,8 @@
 			     ht[0]->key, (char *) ht[0]->value);
 	    }
 	    myfree((void *) ht_info_list);
+	    vstream_fwrite(fp, ATTR_NAME_CLOSE, sizeof(ATTR_NAME_CLOSE));
+	    VSTREAM_PUTC('\n', fp);
 	    break;
 	default:
 	    msg_panic("%s: unknown type code: %d", myname, attr_type);
@@ -220,6 +229,7 @@
 		     SEND_ATTR_STR(ATTR_NAME_STR, "whoopee"),
 	       SEND_ATTR_DATA(ATTR_NAME_DATA, strlen("whoopee"), "whoopee"),
 		     SEND_ATTR_HASH(table),
+		     SEND_ATTR_LONG(ATTR_NAME_LONG, 4321L),
 		     ATTR_TYPE_END);
     attr_print_plain(VSTREAM_OUT, ATTR_FLAG_NONE,
 		     SEND_ATTR_INT(ATTR_NAME_INT, 4711),
diff -Nru postfix-3.0.4/src/util/attr_scan0.c postfix-3.1.0/src/util/attr_scan0.c
--- postfix-3.0.4/src/util/attr_scan0.c	2015-01-29 12:16:48.000000000 +0000
+++ postfix-3.1.0/src/util/attr_scan0.c	2015-11-30 00:30:33.000000000 +0000
@@ -7,15 +7,18 @@
 /*	#include 
 /*
 /*	int	attr_scan0(fp, flags, type, name, ..., ATTR_TYPE_END)
-/*	VSTREAM	fp;
+/*	VSTREAM	*fp;
 /*	int	flags;
 /*	int	type;
 /*	char	*name;
 /*
 /*	int	attr_vscan0(fp, flags, ap)
-/*	VSTREAM	fp;
+/*	VSTREAM	*fp;
 /*	int	flags;
 /*	va_list	ap;
+/*
+/*	int	attr_scan_more0(fp)
+/*	VSTREAM	*fp;
 /* DESCRIPTION
 /*	attr_scan0() takes zero or more (name, value) request attributes
 /*	and recovers the attribute values from the byte stream that was
@@ -24,12 +27,19 @@
 /*	attr_vscan0() provides an alternative interface that is convenient
 /*	for calling from within a variadic function.
 /*
+/*	attr_scan_more0() returns 0 when a terminator is found (and
+/*	consumes that terminator), returns 1 when more input is
+/*	expected (without consuming input), and returns -1 otherwise
+/*	(error).
+/*
 /*	The input stream is formatted as follows, where (item)* stands
 /*	for zero or more instances of the specified item, and where
 /*	(item1 | item2) stands for choice:
 /*
 /* .in +5
-/*	attr-list :== simple-attr* null
+/*	attr-list :== (simple-attr | multi-attr)* null
+/* .br
+/*	multi-attr :== "{" null simple-attr* "}" null
 /* .br
 /*	simple-attr :== attr-name null attr-value null
 /* .br
@@ -98,10 +108,7 @@
 /*	error.
 /* .IP "RECV_ATTR_HASH(HTABLE *table)"
 /* .IP "RECV_ATTR_NAMEVAL(NVTABLE *table)"
-/*	All further input attributes are processed as string attributes.
-/*	No specific attribute sequence is enforced.
-/*	All attributes up to the attribute list terminator are read,
-/*	but only the first instance of each attribute is stored.
+/*	Receive a sequence of attribute names and string values.
 /*	There can be no more than 1024 attributes in a hash table.
 /* .sp
 /*	The attribute string values are stored in the hash table under
@@ -109,7 +116,15 @@
 /*	Values from the input stream are added to the hash table. Existing
 /*	hash table entries are not replaced.
 /* .sp
-/*	N.B. This construct must be followed by an ATTR_TYPE_END argument.
+/*	Note: the SEND_ATTR_HASH or SEND_ATTR_NAMEVAL requests
+/*	format their payload as a multi-attr sequence (see syntax
+/*	above). When the receiver's input does not start with a
+/*	multi-attr delimiter (i.e. the sender did not request
+/*	SEND_ATTR_HASH or SEND_ATTR_NAMEVAL), the receiver will
+/*	store all attribute names and values up to the attribute
+/*	list terminator. In terms of code, this means that the
+/*	RECV_ATTR_HASH or RECV_ATTR_NAMEVAL request must be followed
+/*	by ATTR_TYPE_END.
 /* .IP ATTR_TYPE_END
 /*	This argument terminates the requested attribute list.
 /* .RE
@@ -137,6 +152,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -294,7 +314,8 @@
 	 * from the input stream instead. This is secure only when the
 	 * resulting table is queried with known to be good attribute names.
 	 */
-	if (wanted_type != ATTR_TYPE_HASH) {
+	if (wanted_type != ATTR_TYPE_HASH
+	    && wanted_type != ATTR_TYPE_CLOSE) {
 	    wanted_type = va_arg(ap, int);
 	    if (wanted_type == ATTR_TYPE_END) {
 		if ((flags & ATTR_FLAG_MORE) != 0)
@@ -303,9 +324,6 @@
 	    } else if (wanted_type == ATTR_TYPE_HASH) {
 		wanted_name = "(any attribute name or list terminator)";
 		hash_table = va_arg(ap, HTABLE *);
-		if (va_arg(ap, int) !=ATTR_TYPE_END)
-		    msg_panic("%s: ATTR_TYPE_HASH not followed by ATTR_TYPE_END",
-			      myname);
 	    } else if (wanted_type != ATTR_TYPE_FUNC) {
 		wanted_name = va_arg(ap, char *);
 	    }
@@ -341,6 +359,19 @@
 	     * See if the caller asks for this attribute.
 	     */
 	    if (wanted_type == ATTR_TYPE_HASH
+		&& strcmp(ATTR_NAME_OPEN, STR(name_buf)) == 0) {
+		wanted_type = ATTR_TYPE_CLOSE;
+		wanted_name = "(any attribute name or '}')";
+		/* Advance in the input stream. */
+		continue;
+	    } else if (wanted_type == ATTR_TYPE_CLOSE
+		       && strcmp(ATTR_NAME_CLOSE, STR(name_buf)) == 0) {
+		/* Advance in the argument list. */
+		wanted_type = -1;
+		break;
+	    }
+	    if (wanted_type == ATTR_TYPE_HASH
+		|| wanted_type == ATTR_TYPE_CLOSE
 		|| (wanted_type != ATTR_TYPE_END
 		    && strcmp(wanted_name, STR(name_buf)) == 0))
 		break;
@@ -391,6 +422,7 @@
 		return (-1);
 	    break;
 	case ATTR_TYPE_HASH:
+	case ATTR_TYPE_CLOSE:
 	    if ((ch = attr_scan0_string(fp, str_buf,
 					"input attribute value")) < 0)
 		return (-1);
@@ -409,6 +441,9 @@
 			     mystrdup(STR(str_buf)));
 	    }
 	    break;
+	case -1:
+	    conversions -= 1;
+	    break;
 	default:
 	    msg_panic("%s: unknown type code: %d", myname, wanted_type);
 	}
@@ -428,6 +463,30 @@
     return (ret);
 }
 
+/* attr_scan_more0 - look ahead for more */
+
+int     attr_scan_more0(VSTREAM *fp)
+{
+    int     ch;
+
+    switch (ch = VSTREAM_GETC(fp)) {
+    case 0:
+	if (msg_verbose)
+	    msg_info("%s: terminator (consumed)", VSTREAM_PATH(fp));
+	return (0);
+    case VSTREAM_EOF:
+	if (msg_verbose)
+	    msg_info("%s: EOF", VSTREAM_PATH(fp));
+	return (-1);
+    default:
+	if (msg_verbose)
+	    msg_info("%s: non-terminator '%c' (lookahead)",
+		     VSTREAM_PATH(fp), ch);
+	(void) vstream_ungetc(fp, ch);
+	return (1);
+    }
+}
+
 #ifdef TEST
 
  /*
@@ -447,6 +506,7 @@
     HTABLE_INFO **ht;
     int     int_val;
     long    long_val;
+    long    long_val2;
     int     ret;
 
     msg_verbose = 1;
@@ -458,6 +518,7 @@
 			  RECV_ATTR_STR(ATTR_NAME_STR, str_val),
 			  RECV_ATTR_DATA(ATTR_NAME_DATA, data_val),
 			  RECV_ATTR_HASH(table),
+			  RECV_ATTR_LONG(ATTR_NAME_LONG, &long_val2),
 			  ATTR_TYPE_END)) > 4) {
 	vstream_printf("%s %d\n", ATTR_NAME_INT, int_val);
 	vstream_printf("%s %ld\n", ATTR_NAME_LONG, long_val);
@@ -467,6 +528,7 @@
 	for (ht = ht_info_list; *ht; ht++)
 	    vstream_printf("(hash) %s %s\n", ht[0]->key, (char *) ht[0]->value);
 	myfree((void *) ht_info_list);
+	vstream_printf("%s %ld\n", ATTR_NAME_LONG, long_val2);
     } else {
 	vstream_printf("return: %d\n", ret);
     }
diff -Nru postfix-3.0.4/src/util/attr_scan0.ref postfix-3.1.0/src/util/attr_scan0.ref
--- postfix-3.0.4/src/util/attr_scan0.ref	2004-11-22 16:20:16.000000000 +0000
+++ postfix-3.1.0/src/util/attr_scan0.ref	2015-05-05 21:36:56.000000000 +0000
@@ -4,6 +4,7 @@
 ./attr_print0: send attr data = [data 7 bytes]
 ./attr_print0: send attr name foo-name value foo-value
 ./attr_print0: send attr name bar-name value bar-value
+./attr_print0: send attr long_number = 4321
 ./attr_print0: send attr number = 4711
 ./attr_print0: send attr long_number = 1234
 ./attr_print0: send attr string = whoopee
@@ -21,12 +22,19 @@
 ./attr_scan0: input attribute name: data
 ./attr_scan0: input attribute value: d2hvb3BlZQ==
 ./attr_scan0: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan0: input attribute name: {
+./attr_scan0: unknown_stream: wanted attribute: (any attribute name or '}')
 ./attr_scan0: input attribute name: foo-name
 ./attr_scan0: input attribute value: foo-value
-./attr_scan0: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan0: unknown_stream: wanted attribute: (any attribute name or '}')
 ./attr_scan0: input attribute name: bar-name
 ./attr_scan0: input attribute value: bar-value
-./attr_scan0: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan0: unknown_stream: wanted attribute: (any attribute name or '}')
+./attr_scan0: input attribute name: }
+./attr_scan0: unknown_stream: wanted attribute: long_number
+./attr_scan0: input attribute name: long_number
+./attr_scan0: input attribute value: 4321
+./attr_scan0: unknown_stream: wanted attribute: (list terminator)
 ./attr_scan0: input attribute name: (end)
 ./attr_scan0: unknown_stream: wanted attribute: number
 ./attr_scan0: input attribute name: number
@@ -48,6 +56,7 @@
 data whoopee
 (hash) foo-name foo-value
 (hash) bar-name bar-value
+long_number 4321
 number 4711
 long_number 1234
 string whoopee
diff -Nru postfix-3.0.4/src/util/attr_scan64.c postfix-3.1.0/src/util/attr_scan64.c
--- postfix-3.0.4/src/util/attr_scan64.c	2014-12-23 00:57:56.000000000 +0000
+++ postfix-3.1.0/src/util/attr_scan64.c	2015-11-30 00:30:33.000000000 +0000
@@ -7,15 +7,18 @@
 /*	#include 
 /*
 /*	int	attr_scan64(fp, flags, type, name, ..., ATTR_TYPE_END)
-/*	VSTREAM	fp;
+/*	VSTREAM	*fp;
 /*	int	flags;
 /*	int	type;
 /*	char	*name;
 /*
 /*	int	attr_vscan64(fp, flags, ap)
-/*	VSTREAM	fp;
+/*	VSTREAM	*fp;
 /*	int	flags;
 /*	va_list	ap;
+/*
+/*	int	attr_scan_more64(fp)
+/*	VSTREAM	*fp;
 /* DESCRIPTION
 /*	attr_scan64() takes zero or more (name, value) request attributes
 /*	and recovers the attribute values from the byte stream that was
@@ -24,12 +27,19 @@
 /*	attr_vscan64() provides an alternative interface that is convenient
 /*	for calling from within a variadic function.
 /*
+/*	attr_scan_more64() returns 0 when a terminator is found
+/*	(and consumes that terminator), returns 1 when more input
+/*	is expected (without consuming input), and returns -1
+/*	otherwise (error).
+/*
 /*	The input stream is formatted as follows, where (item)* stands
 /*	for zero or more instances of the specified item, and where
 /*	(item1 | item2) stands for choice:
 /*
 /* .in +5
-/*	attr-list :== simple-attr* newline
+/*	attr-list :== (simple-attr | multi-attr)* newline
+/* .br
+/*	multi-attr :== "{" newline simple-attr* "}" newline
 /* .br
 /*	simple-attr :== attr-name colon attr-value newline
 /* .br
@@ -100,10 +110,7 @@
 /*	error.
 /* .IP "RECV_ATTR_HASH(HTABLE *table)"
 /* .IP "RECV_ATTR_NAMEVAL(NVTABLE *table)"
-/*	All further input attributes are processed as string attributes.
-/*	No specific attribute sequence is enforced.
-/*	All attributes up to the attribute list terminator are read,
-/*	but only the first instance of each attribute is stored.
+/*	Receive a sequence of attribute names and string values.
 /*	There can be no more than 1024 attributes in a hash table.
 /* .sp
 /*	The attribute string values are stored in the hash table under
@@ -111,7 +118,15 @@
 /*	Values from the input stream are added to the hash table. Existing
 /*	hash table entries are not replaced.
 /* .sp
-/*	N.B. This construct must be followed by an ATTR_TYPE_END argument.
+/*	Note: the SEND_ATTR_HASH or SEND_ATTR_NAMEVAL requests
+/*	format their payload as a multi-attr sequence (see syntax
+/*	above). When the receiver's input does not start with a
+/*	multi-attr delimiter (i.e. the sender did not request
+/*	SEND_ATTR_HASH or SEND_ATTR_NAMEVAL), the receiver will
+/*	store all attribute names and values up to the attribute
+/*	list terminator. In terms of code, this means that the
+/*	RECV_ATTR_HASH or RECV_ATTR_NAMEVAL request must be followed
+/*	by ATTR_TYPE_END.
 /* .IP ATTR_TYPE_END
 /*	This argument terminates the requested attribute list.
 /* .RE
@@ -139,6 +154,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -297,7 +317,8 @@
 	 * from the input stream instead. This is secure only when the
 	 * resulting table is queried with known to be good attribute names.
 	 */
-	if (wanted_type != ATTR_TYPE_HASH) {
+	if (wanted_type != ATTR_TYPE_HASH
+	    && wanted_type != ATTR_TYPE_CLOSE) {
 	    wanted_type = va_arg(ap, int);
 	    if (wanted_type == ATTR_TYPE_END) {
 		if ((flags & ATTR_FLAG_MORE) != 0)
@@ -306,9 +327,6 @@
 	    } else if (wanted_type == ATTR_TYPE_HASH) {
 		wanted_name = "(any attribute name or list terminator)";
 		hash_table = va_arg(ap, HTABLE *);
-		if (va_arg(ap, int) !=ATTR_TYPE_END)
-		    msg_panic("%s: ATTR_TYPE_HASH not followed by ATTR_TYPE_END",
-			      myname);
 	    } else if (wanted_type != ATTR_TYPE_FUNC) {
 		wanted_name = va_arg(ap, char *);
 	    }
@@ -344,6 +362,19 @@
 	     * See if the caller asks for this attribute.
 	     */
 	    if (wanted_type == ATTR_TYPE_HASH
+	      && ch == '\n' && strcmp(ATTR_NAME_OPEN, STR(name_buf)) == 0) {
+		wanted_type = ATTR_TYPE_CLOSE;
+		wanted_name = "(any attribute name or '}')";
+		/* Advance in the input stream. */
+		continue;
+	    } else if (wanted_type == ATTR_TYPE_CLOSE
+	     && ch == '\n' && strcmp(ATTR_NAME_CLOSE, STR(name_buf)) == 0) {
+		/* Advance in the argument list. */
+		wanted_type = -1;
+		break;
+	    }
+	    if (wanted_type == ATTR_TYPE_HASH
+		|| wanted_type == ATTR_TYPE_CLOSE
 		|| (wanted_type != ATTR_TYPE_END
 		    && strcmp(wanted_name, STR(name_buf)) == 0))
 		break;
@@ -440,6 +471,7 @@
 		return (-1);
 	    break;
 	case ATTR_TYPE_HASH:
+	case ATTR_TYPE_CLOSE:
 	    if (ch != ':') {
 		msg_warn("missing value for string attribute %s from %s",
 			 STR(name_buf), VSTREAM_PATH(fp));
@@ -468,6 +500,9 @@
 			     mystrdup(STR(str_buf)));
 	    }
 	    break;
+	case -1:
+	    conversions -= 1;
+	    break;
 	default:
 	    msg_panic("%s: unknown type code: %d", myname, wanted_type);
 	}
@@ -487,6 +522,30 @@
     return (ret);
 }
 
+/* attr_scan_more64 - look ahead for more */
+
+int     attr_scan_more64(VSTREAM *fp)
+{
+    int     ch;
+
+    switch (ch = VSTREAM_GETC(fp)) {
+    case '\n':
+	if (msg_verbose)
+	    msg_info("%s: terminator (consumed)", VSTREAM_PATH(fp));
+	return (0);
+    case VSTREAM_EOF:
+	if (msg_verbose)
+	    msg_info("%s: EOF", VSTREAM_PATH(fp));
+	return (-1);
+    default:
+	if (msg_verbose)
+	    msg_info("%s: non-terminator '%c' (lookahead)",
+		     VSTREAM_PATH(fp), ch);
+	(void) vstream_ungetc(fp, ch);
+	return (1);
+    }
+}
+
 #ifdef TEST
 
  /*
@@ -506,6 +565,7 @@
     HTABLE_INFO **ht;
     int     int_val;
     long    long_val;
+    long    long_val2;
     int     ret;
 
     msg_verbose = 1;
@@ -517,6 +577,7 @@
 			   RECV_ATTR_STR(ATTR_NAME_STR, str_val),
 			   RECV_ATTR_DATA(ATTR_NAME_DATA, data_val),
 			   RECV_ATTR_HASH(table),
+			   RECV_ATTR_LONG(ATTR_NAME_LONG, &long_val2),
 			   ATTR_TYPE_END)) > 4) {
 	vstream_printf("%s %d\n", ATTR_NAME_INT, int_val);
 	vstream_printf("%s %ld\n", ATTR_NAME_LONG, long_val);
@@ -526,6 +587,7 @@
 	for (ht = ht_info_list; *ht; ht++)
 	    vstream_printf("(hash) %s %s\n", ht[0]->key, (char *) ht[0]->value);
 	myfree((void *) ht_info_list);
+	vstream_printf("%s %ld\n", ATTR_NAME_LONG, long_val2);
     } else {
 	vstream_printf("return: %d\n", ret);
     }
diff -Nru postfix-3.0.4/src/util/attr_scan64.ref postfix-3.1.0/src/util/attr_scan64.ref
--- postfix-3.0.4/src/util/attr_scan64.ref	2004-11-22 16:27:15.000000000 +0000
+++ postfix-3.1.0/src/util/attr_scan64.ref	2015-05-06 00:47:43.000000000 +0000
@@ -4,6 +4,7 @@
 ./attr_print64: send attr data = [data 7 bytes]
 ./attr_print64: send attr name foo-name value foo-value
 ./attr_print64: send attr name bar-name value bar-value
+./attr_print64: send attr long_number = 4321
 ./attr_print64: send attr number = 4711
 ./attr_print64: send attr long_number = 1234
 ./attr_print64: send attr string = whoopee
@@ -21,12 +22,19 @@
 ./attr_scan64: input attribute name: data
 ./attr_scan64: input attribute value: whoopee
 ./attr_scan64: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan64: input attribute name: {
+./attr_scan64: unknown_stream: wanted attribute: (any attribute name or '}')
 ./attr_scan64: input attribute name: foo-name
 ./attr_scan64: input attribute value: foo-value
-./attr_scan64: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan64: unknown_stream: wanted attribute: (any attribute name or '}')
 ./attr_scan64: input attribute name: bar-name
 ./attr_scan64: input attribute value: bar-value
-./attr_scan64: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan64: unknown_stream: wanted attribute: (any attribute name or '}')
+./attr_scan64: input attribute name: }
+./attr_scan64: unknown_stream: wanted attribute: long_number
+./attr_scan64: input attribute name: long_number
+./attr_scan64: input attribute value: 4321
+./attr_scan64: unknown_stream: wanted attribute: (list terminator)
 ./attr_scan64: input attribute name: (end)
 ./attr_scan64: unknown_stream: wanted attribute: number
 ./attr_scan64: input attribute name: number
@@ -48,6 +56,7 @@
 data whoopee
 (hash) foo-name foo-value
 (hash) bar-name bar-value
+long_number 4321
 number 4711
 long_number 1234
 string whoopee
diff -Nru postfix-3.0.4/src/util/attr_scan_plain.c postfix-3.1.0/src/util/attr_scan_plain.c
--- postfix-3.0.4/src/util/attr_scan_plain.c	2014-12-23 00:58:07.000000000 +0000
+++ postfix-3.1.0/src/util/attr_scan_plain.c	2015-11-30 00:30:33.000000000 +0000
@@ -7,15 +7,18 @@
 /*	#include 
 /*
 /*	int	attr_scan_plain(fp, flags, type, name, ..., ATTR_TYPE_END)
-/*	VSTREAM	fp;
+/*	VSTREAM	*fp;
 /*	int	flags;
 /*	int	type;
 /*	char	*name;
 /*
 /*	int	attr_vscan_plain(fp, flags, ap)
-/*	VSTREAM	fp;
+/*	VSTREAM	*fp;
 /*	int	flags;
 /*	va_list	ap;
+/*
+/*	int	attr_scan_more_plain(fp)
+/*	VSTREAM *fp;
 /* DESCRIPTION
 /*	attr_scan_plain() takes zero or more (name, value) request attributes
 /*	and recovers the attribute values from the byte stream that was
@@ -24,12 +27,19 @@
 /*	attr_vscan_plain() provides an alternative interface that is convenient
 /*	for calling from within a variadic function.
 /*
+/*	attr_scan_more_plain() returns 0 when a terminator is found
+/*	(and consumes that terminator), returns 1 when more input
+/*	is expected (without consuming input), and returns -1
+/*	otherwise (error).
+/*
 /*	The input stream is formatted as follows, where (item)* stands
 /*	for zero or more instances of the specified item, and where
 /*	(item1 | item2) stands for choice:
 /*
 /* .in +5
-/*	attr-list :== simple-attr* newline
+/*	attr-list :== (simple-attr | multi-attr)* newline
+/* .br
+/*	multi-attr :== "{" newline simple-attr* "}" newline
 /* .br
 /*	simple-attr :== attr-name "=" attr-value newline
 /* .br
@@ -98,10 +108,7 @@
 /*	error.
 /* .IP "RECV_ATTR_HASH(HTABLE *table)"
 /* .IP "RECV_ATTR_NAMEVAL(NVTABLE *table)"
-/*	All further input attributes are processed as string attributes.
-/*	No specific attribute sequence is enforced.
-/*	All attributes up to the attribute list terminator are read,
-/*	but only the first instance of each attribute is stored.
+/*	Receive a sequence of attribute names and string values.
 /*	There can be no more than 1024 attributes in a hash table.
 /* .sp
 /*	The attribute string values are stored in the hash table under
@@ -109,7 +116,15 @@
 /*	Values from the input stream are added to the hash table. Existing
 /*	hash table entries are not replaced.
 /* .sp
-/*	N.B. This construct must be followed by an ATTR_TYPE_END argument.
+/*	Note: the SEND_ATTR_HASH or SEND_ATTR_NAMEVAL requests
+/*	format their payload as a multi-attr sequence (see syntax
+/*	above). When the receiver's input does not start with a
+/*	multi-attr delimiter (i.e. the sender did not request
+/*	SEND_ATTR_HASH or SEND_ATTR_NAMEVAL), the receiver will
+/*	store all attribute names and values up to the attribute
+/*	list terminator. In terms of code, this means that the
+/*	RECV_ATTR_HASH or RECV_ATTR_NAMEVAL request must be followed
+/*	by ATTR_TYPE_END.
 /* .IP ATTR_TYPE_END
 /*	This argument terminates the requested attribute list.
 /* .RE
@@ -137,6 +152,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -310,7 +330,8 @@
 	 * from the input stream instead. This is secure only when the
 	 * resulting table is queried with known to be good attribute names.
 	 */
-	if (wanted_type != ATTR_TYPE_HASH) {
+	if (wanted_type != ATTR_TYPE_HASH
+	    && wanted_type != ATTR_TYPE_CLOSE) {
 	    wanted_type = va_arg(ap, int);
 	    if (wanted_type == ATTR_TYPE_END) {
 		if ((flags & ATTR_FLAG_MORE) != 0)
@@ -319,9 +340,6 @@
 	    } else if (wanted_type == ATTR_TYPE_HASH) {
 		wanted_name = "(any attribute name or list terminator)";
 		hash_table = va_arg(ap, HTABLE *);
-		if (va_arg(ap, int) !=ATTR_TYPE_END)
-		    msg_panic("%s: ATTR_TYPE_HASH not followed by ATTR_TYPE_END",
-			      myname);
 	    } else if (wanted_type != ATTR_TYPE_FUNC) {
 		wanted_name = va_arg(ap, char *);
 	    }
@@ -357,6 +375,19 @@
 	     * See if the caller asks for this attribute.
 	     */
 	    if (wanted_type == ATTR_TYPE_HASH
+	      && ch == '\n' && strcmp(ATTR_NAME_OPEN, STR(name_buf)) == 0) {
+		wanted_type = ATTR_TYPE_CLOSE;
+		wanted_name = "(any attribute name or '}')";
+		/* Advance in the input stream. */
+		continue;
+	    } else if (wanted_type == ATTR_TYPE_CLOSE
+	     && ch == '\n' && strcmp(ATTR_NAME_CLOSE, STR(name_buf)) == 0) {
+		/* Advance in the argument list. */
+		wanted_type = -1;
+		break;
+	    }
+	    if (wanted_type == ATTR_TYPE_HASH
+		|| wanted_type == ATTR_TYPE_CLOSE
 		|| (wanted_type != ATTR_TYPE_END
 		    && strcmp(wanted_name, STR(name_buf)) == 0))
 		break;
@@ -428,6 +459,7 @@
 		return (-1);
 	    break;
 	case ATTR_TYPE_HASH:
+	case ATTR_TYPE_CLOSE:
 	    if (ch != '=') {
 		msg_warn("missing value for string attribute %s from %s",
 			 STR(name_buf), VSTREAM_PATH(fp));
@@ -451,6 +483,9 @@
 			     mystrdup(STR(str_buf)));
 	    }
 	    break;
+	case -1:
+	    conversions -= 1;
+	    break;
 	default:
 	    msg_panic("%s: unknown type code: %d", myname, wanted_type);
 	}
@@ -470,6 +505,30 @@
     return (ret);
 }
 
+/* attr_scan_more_plain - look ahead for more */
+
+int     attr_scan_more_plain(VSTREAM *fp)
+{
+    int     ch;
+
+    switch (ch = VSTREAM_GETC(fp)) {
+    case '\n':
+	if (msg_verbose)
+	    msg_info("%s: terminator (consumed)", VSTREAM_PATH(fp));
+	return (0);
+    case VSTREAM_EOF:
+	if (msg_verbose)
+	    msg_info("%s: EOF", VSTREAM_PATH(fp));
+	return (-1);
+    default:
+	if (msg_verbose)
+	    msg_info("%s: non-terminator '%c' (lookahead)",
+		     VSTREAM_PATH(fp), ch);
+	(void) vstream_ungetc(fp, ch);
+	return (1);
+    }
+}
+
 #ifdef TEST
 
  /*
@@ -489,6 +548,7 @@
     HTABLE_INFO **ht;
     int     int_val;
     long    long_val;
+    long    long_val2;
     int     ret;
 
     msg_verbose = 1;
@@ -500,6 +560,7 @@
 			       RECV_ATTR_STR(ATTR_NAME_STR, str_val),
 			       RECV_ATTR_DATA(ATTR_NAME_DATA, data_val),
 			       RECV_ATTR_HASH(table),
+			       RECV_ATTR_LONG(ATTR_NAME_LONG, &long_val2),
 			       ATTR_TYPE_END)) > 4) {
 	vstream_printf("%s %d\n", ATTR_NAME_INT, int_val);
 	vstream_printf("%s %ld\n", ATTR_NAME_LONG, long_val);
@@ -509,6 +570,7 @@
 	for (ht = ht_info_list; *ht; ht++)
 	    vstream_printf("(hash) %s %s\n", ht[0]->key, (char *) ht[0]->value);
 	myfree((void *) ht_info_list);
+	vstream_printf("%s %ld\n", ATTR_NAME_LONG, long_val2);
     } else {
 	vstream_printf("return: %d\n", ret);
     }
diff -Nru postfix-3.0.4/src/util/attr_scan_plain.ref postfix-3.1.0/src/util/attr_scan_plain.ref
--- postfix-3.0.4/src/util/attr_scan_plain.ref	2004-11-22 16:30:31.000000000 +0000
+++ postfix-3.1.0/src/util/attr_scan_plain.ref	2015-05-06 13:47:24.000000000 +0000
@@ -4,6 +4,7 @@
 ./attr_print_plain: send attr data = [data 7 bytes]
 ./attr_print_plain: send attr name foo-name value foo-value
 ./attr_print_plain: send attr name bar-name value bar-value
+./attr_print_plain: send attr long_number = 4321
 ./attr_print_plain: send attr number = 4711
 ./attr_print_plain: send attr long_number = 1234
 ./attr_print_plain: send attr string = whoopee
@@ -21,12 +22,19 @@
 ./attr_scan_plain: input attribute name: data
 ./attr_scan_plain: input attribute value: d2hvb3BlZQ==
 ./attr_scan_plain: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan_plain: input attribute name: {
+./attr_scan_plain: unknown_stream: wanted attribute: (any attribute name or '}')
 ./attr_scan_plain: input attribute name: foo-name
 ./attr_scan_plain: input attribute value: foo-value
-./attr_scan_plain: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan_plain: unknown_stream: wanted attribute: (any attribute name or '}')
 ./attr_scan_plain: input attribute name: bar-name
 ./attr_scan_plain: input attribute value: bar-value
-./attr_scan_plain: unknown_stream: wanted attribute: (any attribute name or list terminator)
+./attr_scan_plain: unknown_stream: wanted attribute: (any attribute name or '}')
+./attr_scan_plain: input attribute name: }
+./attr_scan_plain: unknown_stream: wanted attribute: long_number
+./attr_scan_plain: input attribute name: long_number
+./attr_scan_plain: input attribute value: 4321
+./attr_scan_plain: unknown_stream: wanted attribute: (list terminator)
 ./attr_scan_plain: input attribute name: (end)
 ./attr_scan_plain: unknown_stream: wanted attribute: number
 ./attr_scan_plain: input attribute name: number
@@ -48,6 +56,7 @@
 data whoopee
 (hash) foo-name foo-value
 (hash) bar-name bar-value
+long_number 4321
 number 4711
 long_number 1234
 string whoopee
diff -Nru postfix-3.0.4/src/util/base32_code.h postfix-3.1.0/src/util/base32_code.h
--- postfix-3.0.4/src/util/base32_code.h	2011-03-11 19:23:05.000000000 +0000
+++ postfix-3.1.0/src/util/base32_code.h	2015-09-12 21:03:44.000000000 +0000
@@ -20,7 +20,7 @@
   * External interface.
   */
 extern VSTRING *base32_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *base32_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT base32_decode(VSTRING *, const char *, ssize_t);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/base64_code.h postfix-3.1.0/src/util/base64_code.h
--- postfix-3.0.4/src/util/base64_code.h	2013-05-30 12:45:03.000000000 +0000
+++ postfix-3.1.0/src/util/base64_code.h	2015-09-12 21:03:58.000000000 +0000
@@ -20,7 +20,7 @@
   * External interface.
   */
 extern VSTRING *base64_encode_opt(VSTRING *, const char *, ssize_t, int);
-extern VSTRING *base64_decode_opt(VSTRING *, const char *, ssize_t, int);
+extern VSTRING *WARN_UNUSED_RESULT base64_decode_opt(VSTRING *, const char *, ssize_t, int);
 
 #define BASE64_FLAG_NONE	0
 #define BASE64_FLAG_APPEND	(1<<0)
diff -Nru postfix-3.0.4/src/util/casefold.c postfix-3.1.0/src/util/casefold.c
--- postfix-3.0.4/src/util/casefold.c	2015-01-29 00:12:57.000000000 +0000
+++ postfix-3.1.0/src/util/casefold.c	2015-02-12 01:07:48.000000000 +0000
@@ -52,7 +52,7 @@
 /* .IP dest
 /*	Output buffer, null-terminated. Specify a null pointer to
 /*	use an internal buffer that is overwritten upon each call.
-/* .IP len
+/* .IP src_len
 /*	The string length, -1 to determine the length dynamically.
 /* .IP flags
 /*	Bitwise OR of zero or more of the following:
diff -Nru postfix-3.0.4/src/util/dict_pcre.c postfix-3.1.0/src/util/dict_pcre.c
--- postfix-3.0.4/src/util/dict_pcre.c	2014-12-07 01:35:32.000000000 +0000
+++ postfix-3.1.0/src/util/dict_pcre.c	2015-10-11 18:03:17.000000000 +0000
@@ -223,35 +223,42 @@
 	return;
     case PCRE_ERROR_NULL:
     case PCRE_ERROR_BADOPTION:
-	msg_fatal("pcre map %s, line %d: bad args to re_exec",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: bad args to re_exec",
+		 mapname, lineno);
+	return;
     case PCRE_ERROR_BADMAGIC:
     case PCRE_ERROR_UNKNOWN_NODE:
-	msg_fatal("pcre map %s, line %d: corrupt compiled regexp",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: corrupt compiled regexp",
+		 mapname, lineno);
+	return;
 #ifdef PCRE_ERROR_NOMEMORY
     case PCRE_ERROR_NOMEMORY:
-	msg_fatal("pcre map %s, line %d: out of memory",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: out of memory",
+		 mapname, lineno);
+	return;
 #endif
 #ifdef PCRE_ERROR_MATCHLIMIT
     case PCRE_ERROR_MATCHLIMIT:
-	msg_fatal("pcre map %s, line %d: matched text exceeds buffer limit",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: backtracking limit exceeded",
+		 mapname, lineno);
+	return;
 #endif
 #ifdef PCRE_ERROR_BADUTF8
     case PCRE_ERROR_BADUTF8:
-	msg_fatal("pcre map %s, line %d: bad UTF-8 sequence in search string",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: bad UTF-8 sequence in search string",
+		 mapname, lineno);
+	return;
 #endif
 #ifdef PCRE_ERROR_BADUTF8_OFFSET
     case PCRE_ERROR_BADUTF8_OFFSET:
-	msg_fatal("pcre map %s, line %d: bad UTF-8 start offset in search string",
-		  mapname, lineno);
+	msg_warn("pcre map %s, line %d: bad UTF-8 start offset in search string",
+		 mapname, lineno);
+	return;
 #endif
     default:
-	msg_fatal("pcre map %s, line %d: unknown re_exec error: %d",
-		  mapname, lineno, errval);
+	msg_warn("pcre map %s, line %d: unknown re_exec error: %d",
+		 mapname, lineno, errval);
+	return;
     }
 }
 
diff -Nru postfix-3.0.4/src/util/edit_file.h postfix-3.1.0/src/util/edit_file.h
--- postfix-3.0.4/src/util/edit_file.h	2009-01-09 18:53:29.000000000 +0000
+++ postfix-3.1.0/src/util/edit_file.h	2015-09-12 20:37:55.000000000 +0000
@@ -31,7 +31,7 @@
 #define EDIT_FILE_SUFFIX ".tmp"
 
 extern EDIT_FILE *edit_file_open(const char *, int, mode_t);
-extern int edit_file_close(EDIT_FILE *);
+extern int WARN_UNUSED_RESULT edit_file_close(EDIT_FILE *);
 extern void edit_file_cleanup(EDIT_FILE *);
 
 /* LICENSE
diff -Nru postfix-3.0.4/src/util/hex_code.h postfix-3.1.0/src/util/hex_code.h
--- postfix-3.0.4/src/util/hex_code.h	2005-07-13 20:56:19.000000000 +0000
+++ postfix-3.1.0/src/util/hex_code.h	2015-09-12 21:04:57.000000000 +0000
@@ -20,7 +20,7 @@
   * External interface.
   */
 extern VSTRING *hex_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *hex_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT hex_decode(VSTRING *, const char *, ssize_t);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/host_port.h postfix-3.1.0/src/util/host_port.h
--- postfix-3.0.4/src/util/host_port.h	2005-01-19 01:22:18.000000000 +0000
+++ postfix-3.1.0/src/util/host_port.h	2015-09-13 15:37:10.000000000 +0000
@@ -13,7 +13,8 @@
 
  /* External interface. */
 
-extern const char *host_port(char *, char **, char *, char **, char *);
+extern const char *WARN_UNUSED_RESULT host_port(char *, char **, char *,
+						        char **, char *);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/.indent.pro postfix-3.1.0/src/util/.indent.pro
--- postfix-3.0.4/src/util/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/util/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/util/listen.h postfix-3.1.0/src/util/listen.h
--- postfix-3.0.4/src/util/listen.h	2012-06-21 13:00:56.000000000 +0000
+++ postfix-3.1.0/src/util/listen.h	2015-09-12 20:45:47.000000000 +0000
@@ -29,7 +29,7 @@
 extern int unix_accept(int);
 extern int stream_accept(int);
 
-extern int recv_pass_attr(int, HTABLE **, int, ssize_t);
+extern int WARN_UNUSED_RESULT recv_pass_attr(int, HTABLE **, int, ssize_t);
 extern int pass_accept(int);
 extern int pass_accept_attr(int, HTABLE **);
 
diff -Nru postfix-3.0.4/src/util/lstat_as.h postfix-3.1.0/src/util/lstat_as.h
--- postfix-3.0.4/src/util/lstat_as.h	1998-12-11 18:55:42.000000000 +0000
+++ postfix-3.1.0/src/util/lstat_as.h	2015-09-12 20:50:27.000000000 +0000
@@ -14,7 +14,7 @@
 
  /* External interface. */
 
-extern int lstat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT lstat_as(const char *, struct stat *, uid_t, gid_t);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/mac_expand.h postfix-3.1.0/src/util/mac_expand.h
--- postfix-3.0.4/src/util/mac_expand.h	2014-12-07 01:35:34.000000000 +0000
+++ postfix-3.1.0/src/util/mac_expand.h	2016-02-06 16:20:19.000000000 +0000
@@ -8,8 +8,8 @@
 /*	expand macro references in string
 /* SYNOPSIS
 /*	#include 
- DESCRIPTION
- .nf
+/* DESCRIPTION
+/* .nf
 
  /*
   * Utility library.
diff -Nru postfix-3.0.4/src/util/mac_parse.h postfix-3.1.0/src/util/mac_parse.h
--- postfix-3.0.4/src/util/mac_parse.h	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/util/mac_parse.h	2016-02-06 16:20:28.000000000 +0000
@@ -8,8 +8,8 @@
 /*	locate macro references in string
 /* SYNOPSIS
 /*	#include 
- DESCRIPTION
- .nf
+/* DESCRIPTION
+/* .nf
 
  /*
   * Utility library.
@@ -30,7 +30,7 @@
 
 typedef int (*MAC_PARSE_FN) (int, VSTRING *, void *);
 
-extern int mac_parse(const char *, MAC_PARSE_FN, void *);
+extern int WARN_UNUSED_RESULT mac_parse(const char *, MAC_PARSE_FN, void *);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/myaddrinfo.h postfix-3.1.0/src/util/myaddrinfo.h
--- postfix-3.0.4/src/util/myaddrinfo.h	2011-02-01 19:44:24.000000000 +0000
+++ postfix-3.1.0/src/util/myaddrinfo.h	2015-09-12 21:41:24.000000000 +0000
@@ -154,14 +154,14 @@
     char    buf[MAI_SERVPORT_STRSIZE];
 } MAI_SERVPORT_STR;
 
-extern int hostname_to_sockaddr_pf(const char *, int, const char *, int,
-				           struct addrinfo **);
-extern int hostaddr_to_sockaddr(const char *, const char *, int,
-				        struct addrinfo **);
-extern int sockaddr_to_hostaddr(const struct sockaddr *, SOCKADDR_SIZE,
-		               MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
-extern int sockaddr_to_hostname(const struct sockaddr *, SOCKADDR_SIZE,
-		               MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
+extern int WARN_UNUSED_RESULT hostname_to_sockaddr_pf(const char *,
+			        int, const char *, int, struct addrinfo **);
+extern int WARN_UNUSED_RESULT hostaddr_to_sockaddr(const char *,
+			             const char *, int, struct addrinfo **);
+extern int WARN_UNUSED_RESULT sockaddr_to_hostaddr(const struct sockaddr *,
+	        SOCKADDR_SIZE, MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
+extern int WARN_UNUSED_RESULT sockaddr_to_hostname(const struct sockaddr *,
+	        SOCKADDR_SIZE, MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
 extern void myaddrinfo_control(int,...);
 
 #define MAI_CTL_END	0		/* list terminator */
diff -Nru postfix-3.0.4/src/util/myflock.h postfix-3.1.0/src/util/myflock.h
--- postfix-3.0.4/src/util/myflock.h	2000-11-30 19:38:10.000000000 +0000
+++ postfix-3.1.0/src/util/myflock.h	2015-09-12 20:55:12.000000000 +0000
@@ -14,7 +14,7 @@
  /*
   * External interface.
   */
-extern int myflock(int, int, int);
+extern int WARN_UNUSED_RESULT myflock(int, int, int);
 
  /*
   * Lock styles.
diff -Nru postfix-3.0.4/src/util/peekfd.c postfix-3.1.0/src/util/peekfd.c
--- postfix-3.0.4/src/util/peekfd.c	2006-08-10 15:21:30.000000000 +0000
+++ postfix-3.1.0/src/util/peekfd.c	2015-07-12 14:18:54.000000000 +0000
@@ -42,6 +42,10 @@
 #endif
 #include 
 
+#ifndef SHUT_RDWR
+#define SHUT_RDWR  2
+#endif
+
 /* Utility library. */
 
 #include "iostuff.h"
@@ -57,7 +61,23 @@
 #ifdef FIONREAD
     int     count;
 
+#ifdef SUNOS5
+
+    /*
+     * With Solaris10, write_wait() hangs in poll() until timeout, when
+     * invoked after peekfd() has received an ECONNRESET error indication.
+     * This happens when a client sends QUIT and closes the connection
+     * immediately.
+     */
+    if (ioctl(fd, FIONREAD, (char *) &count) < 0) {
+	(void) shutdown(fd, SHUT_RDWR);
+	return (-1);
+    } else {
+	return (count);
+    }
+#else						/* SUNOS5 */
     return (ioctl(fd, FIONREAD, (char *) &count) < 0 ? -1 : count);
+#endif						/* SUNOS5 */
 #else
 #error "don't know how to look ahead"
 #endif
diff -Nru postfix-3.0.4/src/util/recv_pass_attr.c postfix-3.1.0/src/util/recv_pass_attr.c
--- postfix-3.0.4/src/util/recv_pass_attr.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/util/recv_pass_attr.c	2015-09-12 21:42:58.000000000 +0000
@@ -13,7 +13,7 @@
 /*	ssize_t	bufsize;
 /* DESCRIPTION
 /*	recv_pass_attr() receives named attributes over the specified
-/*	The result value is zero for success, -1 for error.
+/*	descriptor. The result value is zero for success, -1 for error.
 /*
 /*	Arguments:
 /* .IP fd
@@ -21,7 +21,7 @@
 /* .IP attr
 /*	Pointer to attribute list pointer. The target is set to
 /*	zero on error or when the received attribute list is empty,
-/*	ohterwise it is assigned a pointer to non-empty attribute
+/*	otherwise it is assigned a pointer to non-empty attribute
 /*	list.
 /* .IP timeout
 /*	The deadline for receiving all attributes.
@@ -70,10 +70,10 @@
 		    CA_VSTREAM_CTL_TIMEOUT(timeout),
 		    CA_VSTREAM_CTL_START_DEADLINE,
 		    CA_VSTREAM_CTL_END);
-    (void) attr_scan(fp, ATTR_FLAG_NONE,
-		     ATTR_TYPE_HASH, *attr = htable_create(1),
-		     ATTR_TYPE_END);
-    stream_err = (vstream_feof(fp) || vstream_ferror(fp));
+    stream_err = (attr_scan(fp, ATTR_FLAG_NONE,
+			    ATTR_TYPE_HASH, *attr = htable_create(1),
+			    ATTR_TYPE_END) < 0
+		  || vstream_feof(fp) || vstream_ferror(fp));
     vstream_fdclose(fp);
 
     /*
diff -Nru postfix-3.0.4/src/util/sane_fsops.h postfix-3.1.0/src/util/sane_fsops.h
--- postfix-3.0.4/src/util/sane_fsops.h	2000-01-28 14:22:58.000000000 +0000
+++ postfix-3.1.0/src/util/sane_fsops.h	2015-09-12 20:57:39.000000000 +0000
@@ -13,8 +13,8 @@
 
  /* External interface. */
 
-extern int sane_rename(const char *, const char *);
-extern int sane_link(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_rename(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_link(const char *, const char *);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/sane_socketpair.h postfix-3.1.0/src/util/sane_socketpair.h
--- postfix-3.0.4/src/util/sane_socketpair.h	2001-02-22 00:24:55.000000000 +0000
+++ postfix-3.1.0/src/util/sane_socketpair.h	2015-09-12 20:58:22.000000000 +0000
@@ -13,7 +13,7 @@
 
  /* External interface. */
 
-extern int sane_socketpair(int, int, int, int *);
+extern int WARN_UNUSED_RESULT sane_socketpair(int, int, int, int *);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/scan_dir.c postfix-3.1.0/src/util/scan_dir.c
--- postfix-3.0.4/src/util/scan_dir.c	2015-04-23 00:43:34.000000000 +0000
+++ postfix-3.1.0/src/util/scan_dir.c	2016-01-24 00:45:58.000000000 +0000
@@ -58,6 +58,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
diff -Nru postfix-3.0.4/src/util/slmdb.c postfix-3.1.0/src/util/slmdb.c
--- postfix-3.0.4/src/util/slmdb.c	2015-01-29 13:40:49.000000000 +0000
+++ postfix-3.1.0/src/util/slmdb.c	2016-02-14 14:26:22.000000000 +0000
@@ -149,7 +149,7 @@
 /*	CA_SLMDB_CTL_END.  The following text enumerates the symbolic
 /*	request names and the corresponding argument types.
 /* .RS
-/* .IP "CA_SLMDB_CTL_LONGJMP_FN(void (*)(void *, int))
+/* .IP "CA_SLMDB_CTL_LONGJMP_FN(void (*)(void *, int))"
 /*	Call-back function pointer. The function is called to repeat
 /*	a failed bulk-mode transaction from the start. The arguments
 /*	are the application context and the setjmp() or sigsetjmp()
diff -Nru postfix-3.0.4/src/util/stat_as.h postfix-3.1.0/src/util/stat_as.h
--- postfix-3.0.4/src/util/stat_as.h	1998-12-11 18:55:42.000000000 +0000
+++ postfix-3.1.0/src/util/stat_as.h	2015-09-12 21:00:51.000000000 +0000
@@ -14,7 +14,7 @@
 
  /* External interface. */
 
-extern int stat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT stat_as(const char *, struct stat *, uid_t, gid_t);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/strcasecmp_utf8.c postfix-3.1.0/src/util/strcasecmp_utf8.c
--- postfix-3.0.4/src/util/strcasecmp_utf8.c	2015-04-09 23:58:39.000000000 +0000
+++ postfix-3.1.0/src/util/strcasecmp_utf8.c	2016-01-24 00:48:04.000000000 +0000
@@ -59,6 +59,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
  /*
diff -Nru postfix-3.0.4/src/util/strcasecmp_utf8_test.in postfix-3.1.0/src/util/strcasecmp_utf8_test.in
--- postfix-3.0.4/src/util/strcasecmp_utf8_test.in	2015-01-27 16:02:46.000000000 +0000
+++ postfix-3.1.0/src/util/strcasecmp_utf8_test.in	2015-02-17 00:45:45.000000000 +0000
@@ -5,5 +5,6 @@
 compare HeLlO hellp
 compare hellp HeLlO
 compare-len HeLlO hellp 4
+compare-len HeLO help 4
 compare abcde abcdf 
 compare YYY€€€XXX yyy€€€xxx
diff -Nru postfix-3.0.4/src/util/strcasecmp_utf8_test.ref postfix-3.1.0/src/util/strcasecmp_utf8_test.ref
--- postfix-3.0.4/src/util/strcasecmp_utf8_test.ref	2015-01-27 16:03:36.000000000 +0000
+++ postfix-3.1.0/src/util/strcasecmp_utf8_test.ref	2015-02-17 00:45:49.000000000 +0000
@@ -12,6 +12,8 @@
 "hellp" > "HeLlO"
 > compare-len HeLlO hellp 4
 "HeLl" == "hell"
+> compare-len HeLO help 4
+"HeLO" < "help"
 > compare abcde abcdf 
 "abcde" < "abcdf"
 > compare YYY€€€XXX yyy€€€xxx
diff -Nru postfix-3.0.4/src/util/stringops.h postfix-3.1.0/src/util/stringops.h
--- postfix-3.0.4/src/util/stringops.h	2015-02-12 01:11:06.000000000 +0000
+++ postfix-3.1.0/src/util/stringops.h	2015-09-13 15:36:38.000000000 +0000
@@ -45,10 +45,10 @@
 extern int allprint(const char *);
 extern int allspace(const char *);
 extern int allascii_len(const char *, ssize_t);
-extern const char *split_nameval(char *, char **, char **);
+extern const char *WARN_UNUSED_RESULT split_nameval(char *, char **, char **);
 extern int valid_utf8_string(const char *, ssize_t);
 extern size_t balpar(const char *, const char *);
-extern char *extpar(char **, const char *, int);
+extern char *WARN_UNUSED_RESULT extpar(char **, const char *, int);
 extern int strcasecmp_utf8x(int, const char *, const char *);
 extern int strncasecmp_utf8x(int, const char *, const char *, ssize_t);
 
diff -Nru postfix-3.0.4/src/util/sys_defs.h postfix-3.1.0/src/util/sys_defs.h
--- postfix-3.0.4/src/util/sys_defs.h	2015-07-18 13:28:17.000000000 +0000
+++ postfix-3.1.0/src/util/sys_defs.h	2016-02-06 13:30:39.000000000 +0000
@@ -260,6 +260,7 @@
 #define HAVE_POSIX_GETPW_R
 #endif
 #define HAS_DLOPEN
+#define PREFERRED_RAND_SOURCE	"dev:/dev/urandom"
 #endif
 
  /*
@@ -1377,6 +1378,14 @@
 #endif
 
  /*
+  * If we don't have defined a preferred random device above, but the system
+  * has /dev/urandom, then we use that.
+  */
+#if !defined(PREFERRED_RAND_SOURCE) && defined(HAS_DEV_URANDOM)
+#define PREFERRED_RAND_SOURCE	"dev:/dev/urandom"
+#endif
+
+ /*
   * Defaults for systems without kqueue, /dev/poll or epoll support.
   * master/multi-server.c and *qmgr/qmgr_transport.c depend on this.
   */
@@ -1648,6 +1657,28 @@
 #endif
 
  /*
+  * Warn about ignored function result values that must never be ignored.
+  * Typically, this is for error results from "read" functions that normally
+  * write to output parameters (for example, stat- or scanf-like functions)
+  * or from functions that have other useful side effects (for example,
+  * fseek- or rename-like functions).
+  * 
+  * DO NOT use this for functions that write to a stream; it is entirely
+  * legitimate to detect write errors with fflush() or fclose() only. On the
+  * other hand most (but not all) functions that read from a stream must
+  * never ignore result values.
+  * 
+  * XXX Prepending "(void)" won't shut up GCC. Clang behaves as expected.
+  */
+#if ((__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || __GNUC__ > 3)
+#define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#elif defined(__clang__) && __has_attribute(warn_unused_result)
+#define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#else
+#define WARN_UNUSED_RESULT
+#endif
+
+ /*
   * ISO C says that the "volatile" qualifier protects against optimizations
   * that cause longjmp() to clobber local variables.
   */
diff -Nru postfix-3.0.4/src/util/timed_wait.h postfix-3.1.0/src/util/timed_wait.h
--- postfix-3.0.4/src/util/timed_wait.h	1998-12-11 18:55:38.000000000 +0000
+++ postfix-3.1.0/src/util/timed_wait.h	2015-09-12 21:06:26.000000000 +0000
@@ -14,7 +14,7 @@
  /*
   * External interface.
   */
-extern int timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
+extern int WARN_UNUSED_RESULT timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
 
 /* LICENSE
 /* .ad
diff -Nru postfix-3.0.4/src/util/vstream.c postfix-3.1.0/src/util/vstream.c
--- postfix-3.0.4/src/util/vstream.c	2015-01-27 13:29:19.000000000 +0000
+++ postfix-3.1.0/src/util/vstream.c	2016-02-14 14:26:22.000000000 +0000
@@ -294,11 +294,11 @@
 /* .IP "CA_VSTREAM_CTL_DOUBLE (no arguments)"
 /*	Use separate buffers for reading and for writing.  This prevents
 /*	unread input from being discarded upon change of I/O direction.
-/* .IP "CA_VSTREAM_CTL_READ_FD(int)
+/* .IP "CA_VSTREAM_CTL_READ_FD(int)"
 /*	The argument specifies the file descriptor to be used for reading.
 /*	This feature is limited to double-buffered streams, and makes the
 /*	stream non-seekable.
-/* .IP "CA_VSTREAM_CTL_WRITE_FD(int)
+/* .IP "CA_VSTREAM_CTL_WRITE_FD(int)"
 /*	The argument specifies the file descriptor to be used for writing.
 /*	This feature is limited to double-buffered streams, and makes the
 /*	stream non-seekable.
@@ -315,7 +315,7 @@
 /* .IP "CA_VSTREAM_CTL_WAITPID_FN(int (*)(pid_t, WAIT_STATUS_T *, int))"
 /*	A pointer to function that behaves like waitpid(). This information
 /*	is used by the vstream_pclose() routine.
-/* .IP "CA_VSTREAM_CTL_TIMEOUT(int)
+/* .IP "CA_VSTREAM_CTL_TIMEOUT(int)"
 /*	The deadline for a descriptor to become readable in case of a read
 /*	request, or writable in case of a write request. Specify a value
 /*	of 0 to disable deadlines.
@@ -399,7 +399,8 @@
 /*	This is an alias for vstream_bufstat(stream, VSTREAM_BST_IN_PEND).
 /*
 /*	vstream_peek_data() returns a pointer to the unread bytes
-/*	that exist according to vstream_peek().
+/*	that exist according to vstream_peek(), or null if no unread
+/*	bytes are available.
 /*
 /*	vstream_setjmp() saves processing context and makes that context
 /*	available for use with vstream_longjmp().  Normally, vstream_setjmp()
diff -Nru postfix-3.0.4/src/util/vstream.h postfix-3.1.0/src/util/vstream.h
--- postfix-3.0.4/src/util/vstream.h	2014-12-25 16:57:06.000000000 +0000
+++ postfix-3.1.0/src/util/vstream.h	2015-09-12 21:08:35.000000000 +0000
@@ -93,7 +93,7 @@
 
 extern VSTREAM *vstream_fopen(const char *, int, mode_t);
 extern int vstream_fclose(VSTREAM *);
-extern off_t vstream_fseek(VSTREAM *, off_t, int);
+extern off_t WARN_UNUSED_RESULT vstream_fseek(VSTREAM *, off_t, int);
 extern off_t vstream_ftell(VSTREAM *);
 extern int vstream_fpurge(VSTREAM *, int);
 extern int vstream_fflush(VSTREAM *);
diff -Nru postfix-3.0.4/src/util/vstring.c postfix-3.1.0/src/util/vstring.c
--- postfix-3.0.4/src/util/vstring.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/util/vstring.c	2016-02-14 14:26:22.000000000 +0000
@@ -134,7 +134,7 @@
 /*	The function takes a VSTRING pointer and a list of zero or
 /*	more macros with zer or more arguments, terminated with
 /*	CA_VSTRING_CTL_END which has none.
-/* .IP "CA_VSTRING_CTL_MAXLEN(ssize_t len)
+/* .IP "CA_VSTRING_CTL_MAXLEN(ssize_t len)"
 /*	Specifies a hard upper limit on a string's length. When the
 /*	length would be exceeded, the program simulates a memory
 /*	allocation problem (i.e. it terminates through msg_fatal()).
@@ -565,9 +565,14 @@
 
     vp = (VSTRING *) mymalloc(sizeof(*vp));
     len = strlen(str);
+    vp->vbuf.flags = 0;
+    vp->vbuf.len = 0;
     vp->vbuf.data = (unsigned char *) str;
     vp->vbuf.len = len + 1;
     VSTRING_AT_OFFSET(vp, len);
+    vp->vbuf.get_ready = vstring_buf_get_ready;
+    vp->vbuf.put_ready = vstring_buf_put_ready;
+    vp->vbuf.space = vstring_buf_space;
     vp->maxlen = 0;
     return (vp);
 }
diff -Nru postfix-3.0.4/src/util/vstring_vstream.h postfix-3.1.0/src/util/vstring_vstream.h
--- postfix-3.0.4/src/util/vstring_vstream.h	2005-07-15 01:02:01.000000000 +0000
+++ postfix-3.1.0/src/util/vstring_vstream.h	2015-09-12 21:09:26.000000000 +0000
@@ -19,12 +19,12 @@
  /*
   * External interface.
   */
-extern int vstring_get(VSTRING *, VSTREAM *);
-extern int vstring_get_nonl(VSTRING *, VSTREAM *);
-extern int vstring_get_null(VSTRING *, VSTREAM *);
-extern int vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_nonl(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_null(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
 
  /*
   * Backwards compatibility for code that still uses the vstring_fgets()
diff -Nru postfix-3.0.4/src/verify/.indent.pro postfix-3.1.0/src/verify/.indent.pro
--- postfix-3.0.4/src/verify/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/verify/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/verify/verify.c postfix-3.1.0/src/verify/verify.c
--- postfix-3.0.4/src/verify/verify.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/verify/verify.c	2016-02-14 01:08:52.000000000 +0000
@@ -204,6 +204,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -400,9 +405,17 @@
     vstring_free(text);
 }
 
+/* verify_post_mail_fclose_action - callback */
+
+static void verify_post_mail_fclose_action(int unused_status,
+					           void *unused_context)
+{
+    /* no code here, we just need to avoid blocking in post_mail_fclose() */
+}
+
 /* verify_post_mail_action - callback */
 
-static void verify_post_mail_action(VSTREAM *stream, void *unused_context)
+static void verify_post_mail_action(VSTREAM *stream, void *context)
 {
 
     /*
@@ -410,7 +423,7 @@
      * deferred, or bounced.
      */
     if (stream != 0)
-	post_mail_fclose(stream);
+	post_mail_fclose_async(stream, verify_post_mail_fclose_action, context);
 }
 
 /* verify_query_service - query address status */
@@ -500,8 +513,8 @@
     (addr_status != DEL_RCPT_STAT_OK && updated + var_verify_neg_try < now)
 
 	if (now - probed > PROBE_TTL
-	    && (POSITIVE_REFRESH_NEEDED(addr_status, updated)
-		|| NEGATIVE_REFRESH_NEEDED(addr_status, updated))) {
+	       && (POSITIVE_REFRESH_NEEDED(addr_status, updated)
+		   || NEGATIVE_REFRESH_NEEDED(addr_status, updated))) {
 	    if (msg_verbose)
 		msg_info("PROBE %s status=%d probed=%ld updated=%ld",
 			 STR(addr), addr_status, now, updated);
diff -Nru postfix-3.0.4/src/virtual/.indent.pro postfix-3.1.0/src/virtual/.indent.pro
--- postfix-3.0.4/src/virtual/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/virtual/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/virtual/virtual.c postfix-3.1.0/src/virtual/virtual.c
--- postfix-3.0.4/src/virtual/virtual.c	2015-01-29 22:15:30.000000000 +0000
+++ postfix-3.1.0/src/virtual/virtual.c	2016-02-14 01:32:37.000000000 +0000
@@ -283,6 +283,11 @@
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
+/*
 /*	Andrew McNamara
 /*	andrewm@connect.com.au
 /*	connect.com.au Pty. Ltd.
diff -Nru postfix-3.0.4/src/xsasl/.indent.pro postfix-3.1.0/src/xsasl/.indent.pro
--- postfix-3.0.4/src/xsasl/.indent.pro	2015-01-11 13:28:18.000000000 +0000
+++ postfix-3.1.0/src/xsasl/.indent.pro	2015-12-27 22:04:47.000000000 +0000
@@ -249,6 +249,7 @@
 -TPLMYSQL
 -TPLPGSQL
 -TPOSTMAP_KEY_STATE
+-TPOST_MAIL_FCLOSE_STATE
 -TPOST_MAIL_STATE
 -TPRIVATE_STR_TABLE
 -TPSC_CALL_BACK_ENTRY
@@ -404,5 +405,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t
diff -Nru postfix-3.0.4/src/xsasl/xsasl_cyrus_server.c postfix-3.1.0/src/xsasl/xsasl_cyrus_server.c
--- postfix-3.0.4/src/xsasl/xsasl_cyrus_server.c	2014-12-07 01:35:33.000000000 +0000
+++ postfix-3.1.0/src/xsasl/xsasl_cyrus_server.c	2016-01-24 00:50:22.000000000 +0000
@@ -47,6 +47,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -474,7 +479,13 @@
 	if (sasl_status == SASL_NOUSER)		/* privacy */
 	    sasl_status = SASL_BADAUTH;
 	vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status));
-	return (XSASL_AUTH_FAIL);
+	switch (sasl_status) {
+	case SASL_TRYAGAIN:
+	case SASL_UNAVAIL:
+	    return XSASL_AUTH_TEMP;
+	default:
+	    return (XSASL_AUTH_FAIL);
+	}
     }
 }
 
diff -Nru postfix-3.0.4/src/xsasl/xsasl_dovecot_server.c postfix-3.1.0/src/xsasl/xsasl_dovecot_server.c
--- postfix-3.0.4/src/xsasl/xsasl_dovecot_server.c	2014-12-25 16:47:17.000000000 +0000
+++ postfix-3.1.0/src/xsasl/xsasl_dovecot_server.c	2016-01-24 00:50:54.000000000 +0000
@@ -41,6 +41,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -598,7 +603,7 @@
     }
 
     vstring_strcpy(reply, "Connection lost to authentication server");
-    return XSASL_AUTH_FAIL;
+    return XSASL_AUTH_TEMP;
 }
 
 /* is_valid_base64 - input sanitized */
@@ -655,7 +660,7 @@
     for (i = 0; i < 2; i++) {
 	if (!server->impl->sasl_stream) {
 	    if (xsasl_dovecot_server_connect(server->impl) < 0)
-		return (0);
+		return XSASL_AUTH_TEMP;
 	}
 	/* send the request */
 	server->last_request_id = ++server->impl->request_id_counter;
@@ -686,7 +691,7 @@
 
 	if (i == 1) {
 	    vstring_strcpy(reply, "Can't connect to authentication server");
-	    return XSASL_AUTH_FAIL;
+	    return XSASL_AUTH_TEMP;
 	}
 
 	/*
@@ -714,7 +719,7 @@
 		    "CONT\t%u\t%s\n", server->last_request_id, request);
     if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {
 	vstring_strcpy(reply, "Connection lost to authentication server");
-	return XSASL_AUTH_FAIL;
+	return XSASL_AUTH_TEMP;
     }
     return xsasl_dovecot_handle_reply(server, reply);
 }
diff -Nru postfix-3.0.4/src/xsasl/xsasl.h postfix-3.1.0/src/xsasl/xsasl.h
--- postfix-3.0.4/src/xsasl/xsasl.h	2009-04-18 23:39:16.000000000 +0000
+++ postfix-3.1.0/src/xsasl/xsasl.h	2016-01-24 00:49:54.000000000 +0000
@@ -121,6 +121,7 @@
 #define XSASL_AUTH_DONE	3		/* Authentication completed */
 #define XSASL_AUTH_FORM	4		/* Cannot decode response */
 #define XSASL_AUTH_FAIL	5		/* Error */
+#define XSASL_AUTH_TEMP	6		/* Temporary error condition */
 
 /* LICENSE
 /* .ad
@@ -131,6 +132,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 #endif