diff -Nru spf-engine-2.9.1/CHANGES spf-engine-2.9.2/CHANGES
--- spf-engine-2.9.1/CHANGES	2019-10-07 00:31:00.000000000 +0000
+++ spf-engine-2.9.2/CHANGES	2019-11-23 00:01:08.000000000 +0000
@@ -4,6 +4,16 @@
 #   ! = Changed something significant, or removed a feature
 #   * = Fixed a bug, or made a minor improvement
 
+--- 2.9.2 (1019-11-22)
+  * Add mention in policyd-spf.conf (5) in the TestOnly entry that to get both
+    TestOnly behavior and no header field appended, Header_Type = None also
+    needs to be set (LP: #1849994)
+  * Milter: Move drop_privileges before Milter.runmilter and delete
+    own_socketfile so that the milter interface runs as the correct user
+    without race conditions about changing ownership of the socket file when
+    it hasn't been created yet (When the milter is started, it will create the
+    socket based on uMask, so we don't need to manually change it)
+
 --- 2.9.1 (2019-10-06)
   * Use /run instead of /var/run
   * Fix-up sysv init so it works
diff -Nru spf-engine-2.9.1/debian/changelog spf-engine-2.9.2/debian/changelog
--- spf-engine-2.9.1/debian/changelog	2019-10-07 00:44:25.000000000 +0000
+++ spf-engine-2.9.2/debian/changelog	2019-11-23 00:42:45.000000000 +0000
@@ -1,3 +1,15 @@
+spf-engine (2.9.2-1) unstable; urgency=medium
+
+  [ Ondřej Nový ]
+  * Bump Standards-Version to 4.4.1.
+
+  [ Scott Kitterman ]
+  * New upstream release
+  * Update d/watch and add upstream signing key to check GPG signature when
+    new versions are downloaded
+
+ -- Scott Kitterman <scott@kitterman.com>  Fri, 22 Nov 2019 19:42:45 -0500
+
 spf-engine (2.9.1-1) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru spf-engine-2.9.1/debian/control spf-engine-2.9.2/debian/control
--- spf-engine-2.9.1/debian/control	2019-10-07 00:38:24.000000000 +0000
+++ spf-engine-2.9.2/debian/control	2019-11-23 00:34:13.000000000 +0000
@@ -4,7 +4,7 @@
 Maintainer: Scott Kitterman <scott@kitterman.com>
 Uploaders: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
 Build-Depends: debhelper (>= 9.20160709~), dh-python, python3, python3-setuptools
-Standards-Version: 4.4.0
+Standards-Version: 4.4.1
 Homepage: https://launchpad.net/spf-engine
 Vcs-Git: https://salsa.debian.org/python-team/applications/spf-engine.git
 Vcs-Browser: https://salsa.debian.org/python-team/applications/spf-engine
diff -Nru spf-engine-2.9.1/debian/patches/0001-install-conf-fix.patch spf-engine-2.9.2/debian/patches/0001-install-conf-fix.patch
--- spf-engine-2.9.1/debian/patches/0001-install-conf-fix.patch	2019-10-07 00:43:03.000000000 +0000
+++ spf-engine-2.9.2/debian/patches/0001-install-conf-fix.patch	2019-11-23 00:35:53.000000000 +0000
@@ -58,7 +58,7 @@
   2. Configure the Postfix policy service in /etc/postfix/main.cf:
  
 diff --git a/policyd-spf.conf.5 b/policyd-spf.conf.5
-index 362e79d..a5cb92c 100644
+index b40060f..993d992 100644
 --- a/policyd-spf.conf.5
 +++ b/policyd-spf.conf.5
 @@ -137,7 +137,7 @@ policyd-spf python configuration parameters
@@ -80,7 +80,7 @@
  Additionally, whitelisting certain IP addresses from SPF checks is supported.
  This man page and the sample configuration file show the format to use.
 diff --git a/setup.py b/setup.py
-index 159135e..c856745 100644
+index ed45d67..d97a1b3 100644
 --- a/setup.py
 +++ b/setup.py
 @@ -25,10 +25,11 @@ setup(name='spf-engine',
@@ -100,7 +100,7 @@
      classifiers = [
          'Development Status :: 5 - Production/Stable',
 diff --git a/spf_engine/policyd_spf.py b/spf_engine/policyd_spf.py
-index 8fb77b2..d0536d6 100644
+index d3e3a94..7f764ca 100644
 --- a/spf_engine/policyd_spf.py
 +++ b/spf_engine/policyd_spf.py
 @@ -46,7 +46,7 @@ def main():
diff -Nru spf-engine-2.9.1/debian/upstream/signing-key.asc spf-engine-2.9.2/debian/upstream/signing-key.asc
--- spf-engine-2.9.1/debian/upstream/signing-key.asc	1970-01-01 00:00:00.000000000 +0000
+++ spf-engine-2.9.2/debian/upstream/signing-key.asc	2019-11-23 00:37:34.000000000 +0000
@@ -0,0 +1,89 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBE3EHY8BEADXW6wYzfIYppDcA1MdzkWd0QpNVq2gh3QDl5pTlng/A6G/NsXU
+iabqcsKNMbWnSdxoZeAIxoqprSsCkk6cVImcN34fh5tsrLxaEj6ZyuPhv5OQkhqK
+B52HDVzJod8St8RHrpP7oRx9AifHT74o0WE5sEfikUmvBENgMtvZiDrqVq+dOWLo
+9vKMK1yh2uM37YyExKxQH80OR6REeR75L2HCLch7Q4l6CBYwV9sa/OdZeE1JpO8m
+9YM9L6oJ+0dxqMtjOFtFfy98b0JzZz0BXStPQzcgbUlVdsq1ZGn+/dOCO761wQ9E
+A+sol0un3TjSUa9FL58UtLtGXRx9SV9XfRIAiTmS22/R397ndjaNMgn3WYT3HvOF
+HOHzK7HmrmbXqkYov3y6has8jWdPhftSv/ai7qr4DRAKpWH388AIbXeKfoOuitSE
+Udp/S9qBWKFcPBixPBrsHFMco8D1EizWR0pC01PH3w+7ONS1qZYxZQUObdtKDLoB
+D4dRaNGJ1nZQJihL2s6zsA1WaSbaQTjwGjoS2wXAm3xp+/5HNQ0VXJsBZjEq3Ino
+hRq9D5Q6Vd6tmNiT2rW0iIIaHCicDMhqSvBENnZfS07Kb2i59jFeBlmDVpVWQYjx
+EAL/Yn8JfOwd1WM1hQDKuoWBs//i9g/Qjazru0+xYc1909OFYApyqBK9MQARAQAB
+tCxEb25hbGQgU2NvdHQgS2l0dGVybWFuIDxzY290dEBraXR0ZXJtYW4uY29tPokC
+OgQTAQgAJAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCTcQgNwIZAQAKCRB4
+1977mtWa8QLGEACuOQqz8zgRDcdow9ILO132AU/Pku2Y9zE3g1rWTa7qJlenKTR+
+z+qUA0HRuUl8MylPKfh5Ik3Jo94f/2xgo8qZZkhVrlVVFMKRf2zjRKqkwvXECumR
+7YZ/S5mU6EmcWvKslRmMmKom/zyWXrIELg24DEkpkuelIjwPL7UunIT9jPoEFHoc
+kJLXTzBvMwwHbPWEgHe1E1pfJvyOTjZ1CA7z1IQMZU9giqJtZ2j9FNKa5aGFM6AN
+zwuD354FQPW8qz0TcEiKLSVAa034hMlVEAIJhAvmZBaq/3pE7P8hh3P/0A50+Qfr
+7mjuH9O4OVvQTWPa/0u4hqX0YufTXs0MhrG0/GjMsNwbYnu8elPP+GSIdQsg5hsF
+NPBDE1zMh5QeyvfAyEe3bWrrL9ldVOx463cm3IzLB3wYdEksUqA/YbX80DdmRg/I
+jCXpclUCFNAHSp8qaKp9DMKvEjpBvFkSXMT4d5lSnPbXetW5FS1ixneJbrQfGpPf
+0lbEHHlixL/1mWGgB1vte7410kJs/xPME1+CYdjxTTxR1DVFLKl23FrugWoxPbsS
+MHAznC1fXJWZmqJhYb3xyhQ51G2IEZ1OwGmf536NWk9Y2dJulRvpfkQVTJAhyC+N
+/CtvQPKwCJHoy4jQoCr9pIXZt0MkiWUhKfiJyugCX7VJBUkhBmEcLkzyQrQtRG9u
+YWxkIFNjb3R0IEtpdHRlcm1hbiA8ZGViaWFuQGtpdHRlcm1hbi5jb20+iQI3BBMB
+CAAhBQJNxB8wAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEHjX3vua1Zrx
+LLwP+gMvRVn5H30qbf8E1MKLrp3wEvKf/hX40X+ZPjEWSeXp2OrwiqtpOyYHelNB
+ALtKCcRhcyfU15X9volleNVxpl90eBQ1fe5qyTS/P1M54Ogf6U0GiS12fQSS5MF5
+x/qSf6qs8SXh91WPgk74Bshu0qfORnrBqEJORaonLk9NoNpbsPmIL+I5xZU2X6Sa
+Cjdu+veZzgLA8P627fi6x2kjLNv787OpptS1r0s9xKjINw6mUhZq9lgr4+rIXyMc
+C4LPxZmsFzjWAtQuvlAJ5C28GGOWJW/xcPww4+5I/QZbBb3d8ydNxmxsmK2D4pdv
+hVZ8XOpwsCtQTPmffiO8mU3Qk+OHY81kQUcrP/V3CBduH2Uuy0CsseP0rKSSuDA9
+RNR8J853SzKKB+ChSwX6+A5H1KDQylhIWS8sv3e/tk3+g3anQ4+PYs2hT7j0+Uh4
+f5hDN6Ys+TmTeK86CqQTnKs5kFoC2O6r6IyrfJSfG9dAcHENp/A8CYjtqmtYkbqO
+iemHDlX1iXugA8u/Y3TbdbmtnB3n3whSdenR8Y7v8iD0ONCpdYDPpcaMIsU+Tc+s
+8avEWn6onHgpkix7opfH70qX+PSG/8JXJmgCUF8fWdtUc1oQG1VaFMIxocTj/85o
+rX6rhAUNJyYuMSRuyBeQX9Eszo0WnN921rCsvpab1wz0TXzxtC1Eb25hbGQgU2Nv
+dHQgS2l0dGVybWFuIDx1YnVudHVAa2l0dGVybWFuLmNvbT6JAjcEEwEIACEFAk3E
+H1ECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQeNfe+5rVmvHf2xAAhPoG
+ER7qwVbwhwQggQcHDxJZxrHA79au65DvN3kvHupd1Km8FOD6HbtFLpSwSZr2k/EE
+1pgq3b5qxwMMR6uNnbe1SHrqpiSZt3dRkzLrLyw21hltVPnbfowQSWNwA5uiqUKA
+R+LIIZoaqTYieRnKtSWqiHEUuISB+AYwCeRMTldfrwpjXRoB91anfiddvIJXB3Ff
+8g6R9xy/3GVJFX5HP+hK86OHE0B2fTNP8IY9O89CRgI4cSjHKLoQg2LQwRA1vnKq
+skVsWMFN5fAlXsIeD/3t4MSlttB96LTfvfK+D2yDAhfbEXph4I35Ak++QlZUS8oU
+uMia688aPPHO8XsaIBNhyT7IZMAJQ9d0KTprpRDlxyh2Dqozqe9I6WQ1BIk5nC8b
+R3TxGCaXlA+9UdxvfBbknrKuQHGrBKs4ZwoO50mIsctnb5+tKby1QYiC8es5cDc+
+k1Ha5islqDEnZXAv8wcD8RpsXxg+GWBuSq/4U6tl+oHVOjI4WmpBSACGPMWHb+oO
+d8Nb4NLL05LIa0F+lTD6uhwVB+4IaM9sBJf1CA73wYnM3QYm+Cjm0yk7cnkKUIII
+0O58YDFQ0DquCHzFgKSlHCC0cTAObJNygsEodmL8qKoljFbpjwUSXjurn8T+idaX
+6O+sMq+cHYDotB08oWrJPR9uTMGLgshv1hx2rh+0LURvbmFsZCBTY290dCBLaXR0
+ZXJtYW4gPGtpdHRlcm1hbkBkZWJpYW4ub3JnPokCNwQTAQgAIQUCTcQfcwIbAwUL
+CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB41977mtWa8a/cD/43s2qDKHHrU1WI
+TYSRbrWg1O3iM0rZBA6iHP6t5rSByvlGuObl10Z0rgjTTkTqbNK/tKgDefBc+o0w
+k1uT9Xt1JRZAfP94hypi+iIgtrNJYmnlxYEZ+Wb1TuVv4yDSosN+LJ0e3JjvAF2s
+Tjbjab4DhMlzs6qs1zqCz4AvZdXKx9v42XcsyAulG9cyeITT4HNDK1DvYSmJ+gi4
+dUJupUli/uznk8nqmFWp6jlY+UyxcCCJm+gE41Y4TQPEkzW25OKp4jvLI9T6DjnE
+KIUw56eOfKAc8b4dfE+Ods0X94XUmAAAOEC8zWWinUy5vAAPham+OcazODKrPfoA
+S6A3sPUGeiTCbDxBdi1KW148hRs5Z30AeDvKbqxDWyErq+0I+w7zeGy+I8KmakSs
+XtWPxxwJBQiDH2mWPlHO7Chx4mdzvHs/X3Et0+1lxu6vyacnI0Q+GahrGYzIAkim
+GiXt83UPtUx8RdhxaGMk3XXOwHjrZJWYAfxQMGdzTlkl5i50fwnqcffLOMTpsaqB
+M+5AYj3OequNY5Z7mdto6XkHomsUN1bSAU1hiVDIbMx2nVeL3Pm14InAzfJ+bD1W
+GRuYOChhNpf9P4F118mNTZ8RVlE4Ddf6l0Rray1sbgJbvGqn6Lt580f95NpW+4By
+ewRf1PAoArpBmH6gAb53bQ18NLXnZLkCDQRNxB6rARAAzK0n18CkZi7B1ckd9ur5
+RoJkg2jVXI9dImzct7BW21y73/ZCnZ8smpHJuj0OmUNJXQdEuJZ05uKbkf6h8iuJ
++IpUTIeIhpA7/+Eyyi0X5D2qSImushJoNLvN4+6oPsTSH/4IhQiH5ZSTFwonEXQ9
+62tcTI6+rul3az8pTql/ZLg4Nuoyx3/JjE8lbIJIblsrXYZkxxyJpmDjU/7WavGY
+C9+F/kpo2Z0fE0At3CLNW6SxpaA+hfr5KUU9+/l4SApHsxpl9fKs3EQqztDm7jqK
+fEdOWdFiP2xXhaFyv2qd++nw96HjQu/fY8Z9gvoA82g4IrFCZ1Y+XtAjQKTEOmSQ
+ExZEhN7bXgLadhgf2WRZ7fElMy5p6KdwvjCI9sqrsqlh7jiP8BR3xOEo/3iNjI9q
+Wpjq0NhOaixk7ZO7QDkp702vHaufxLTXPhS2gQCYqH7c4W9crsDkNzpmSON/yvDI
+1H3IF7xizIa9XkPNaUSyaMwkir0FKKQIrMpK3n/d7UzkXejrJuuqWsHQIUTb6OGH
+GQbcisGS/cUCAzulNuLHx9mnevmw6PKjpVJ9ovOxEdmGgvXDk4BwRGKE3RdtQ/6l
+CSgnadkpgJ+xkANCqZ7FojPpLJAfBhfq1n0DyDFaCvm7Et2xkQ+seXfd6n40DI+7
+lhBT/GHYXgRnFYpXOQhB7BMAEQEAAYkCHwQYAQgACQUCTcQeqwIbDAAKCRB41977
+mtWa8TT3D/9dp7rHaaC+wSW1vbwDSMtMceh/On8NfU/xL4dstM/MDwswVmppPLXF
+cvOScJpeCEbPPY1AMU8q8MFuVHGeXiCJJER5LjEn9zzMGVWOBP255fEaw0/Geqgh
+PqE6u/4OhvK1cN5TDq+FkFdSc6NG2ZBcYzxPUKLXv5FWaMYtVXCy96pj1clgDMc/
+PJmelvjVncdXijxGYTdbnxUSiWESP09EIdBmnw9cPYH8SHv6iWGACJEc14yGuQfW
+NL/UMhaM4XH20Jy00RfTcdbwqi7X+5LLgZ3kACRNzpQHmvXqp53iu4OC16XN/U+l
+/JkqZe7obEjpBAq2GQjk2uwl/MVtt31lyYu3pJiFV7zSyKXH46uSVU9aBZbL8a24
+KBYii2i+KMQnS5GvXDQp/pIFyiSe3SSr+7Hi71nKcpl0xh61X4MO0JEPWjDr/JAv
+pGBtHVSGmLHixPeZ5QtMpCjaKjZN1mBQdoj5Bs87dD61a8O3rxgkmzLKoe6YFz4C
+41jgyJKe7Q7Goh04RYIIRotZYCxXOcFw4jjwY0hmq2/uzMomNQd6/A0bNlOFWyc9
+A+Gfj5aiRueDU9I/9jAP/92tw/wRwcY6izq8/obQFJgqFLN59dQ7NTSyWpmnkxVL
+6Qu/M0b89YPKMUXQk/mMNLLT5zQ9ZGgGpCNgLYZyitg24oAVWAUG0A==
+=bSEL
+-----END PGP PUBLIC KEY BLOCK-----
diff -Nru spf-engine-2.9.1/debian/watch spf-engine-2.9.2/debian/watch
--- spf-engine-2.9.1/debian/watch	2019-10-07 00:38:24.000000000 +0000
+++ spf-engine-2.9.2/debian/watch	2019-11-23 00:38:23.000000000 +0000
@@ -1,3 +1,4 @@
 version=3
+opts=pgpmode=auto \
 https://launchpad.net/spf-engine/+download https://launchpad.net/spf-engine/.*/.*/spf-engine-(.*)\.tar\.gz
 
diff -Nru spf-engine-2.9.1/PKG-INFO spf-engine-2.9.2/PKG-INFO
--- spf-engine-2.9.1/PKG-INFO	2019-10-07 00:31:42.000000000 +0000
+++ spf-engine-2.9.2/PKG-INFO	2019-11-23 00:01:59.000000000 +0000
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: spf-engine
-Version: 2.9.1
+Version: 2.9.2
 Summary: SPF processing for Postfix (and Sendmail)
 Home-page: https://launchpad.net/spf-engine
 Author: Scott Kitterman
diff -Nru spf-engine-2.9.1/policyd-spf.conf.5 spf-engine-2.9.2/policyd-spf.conf.5
--- spf-engine-2.9.1/policyd-spf.conf.5	2019-02-08 02:09:08.000000000 +0000
+++ spf-engine-2.9.2/policyd-spf.conf.5	2019-10-27 01:08:05.000000000 +0000
@@ -212,7 +212,8 @@
 The policy server can operate in a test only mode. This allows you to see the
 potential impact of SPF checking in your mail logs without rejecting mail.
 Headers are prepended in messages, but message delivery is not affected. This
-mode is not enabled by default.  To enable it, set TestOnly = 0.  
+mode is not enabled by default.  To enable it, set TestOnly = 0.  If you want
+test operation with no header added, also set Header_Type = None. 
 
 Note: This option was previously named defaultSeedOnly.  This is still
 accepted, but logs an error.
diff -Nru spf-engine-2.9.1/setup.py spf-engine-2.9.2/setup.py
--- spf-engine-2.9.1/setup.py	2019-02-02 02:29:44.000000000 +0000
+++ spf-engine-2.9.2/setup.py	2019-10-27 01:15:11.000000000 +0000
@@ -5,7 +5,7 @@
 DESC = """SPF (Sender Policy Framework) processing engine for Postfix policy server and Milter implemented in Python."""
 
 setup(name='spf-engine',
-    version='2.9.1',
+    version='2.9.2',
     description='SPF processing for Postfix (and Sendmail)',
     long_description=DESC,
     author='Scott Kitterman',
diff -Nru spf-engine-2.9.1/spf_engine/milter_spf.py spf-engine-2.9.2/spf_engine/milter_spf.py
--- spf-engine-2.9.1/spf_engine/milter_spf.py	2019-02-02 02:30:24.000000000 +0000
+++ spf-engine-2.9.2/spf_engine/milter_spf.py	2019-10-27 01:15:59.000000000 +0000
@@ -40,7 +40,7 @@
 from spf_engine.util import own_socketfile
 from spf_engine.util import fold
 
-__version__ = "2.9.1"
+__version__ = "2.9.2"
 FWS = re.compile(r'\r?\n[ \t]+')
 
 
@@ -231,9 +231,8 @@
     syslog.syslog('pyspf-milter started:{0} user:{1}'
                   .format(pid, milterconfig.get('UserID')))
     sys.stdout.flush()
-    Milter.runmilter(miltername, socketname, 240)
-    own_socketfile(milterconfig)
     drop_privileges(milterconfig)
+    Milter.runmilter(miltername, socketname, 240)
 
 if __name__ == "__main__":
     main()
diff -Nru spf-engine-2.9.1/spf_engine/policyd_spf.py spf-engine-2.9.2/spf_engine/policyd_spf.py
--- spf-engine-2.9.1/spf_engine/policyd_spf.py	2019-02-02 02:30:04.000000000 +0000
+++ spf-engine-2.9.2/spf_engine/policyd_spf.py	2019-10-27 01:15:38.000000000 +0000
@@ -24,7 +24,7 @@
 '''
 
 def main():
-    __version__ = "2.9.1"
+    __version__ = "2.9.2"
 
     import syslog
     import os
diff -Nru spf-engine-2.9.1/spf_engine/util.py spf-engine-2.9.2/spf_engine/util.py
--- spf-engine-2.9.1/spf_engine/util.py	2019-02-01 18:22:20.000000000 +0000
+++ spf-engine-2.9.2/spf_engine/util.py	2019-10-27 01:14:23.000000000 +0000
@@ -124,13 +124,3 @@
     return pid
 
 
-def own_socketfile(milterconfig):
-    """If socket is Unix socket, chown to UserID before dropping privileges"""
-    import os
-    user, group = user_group(milterconfig.get('UserID'))
-    if milterconfig.get('Socket')[:1] == '/':
-        os.chown(milterconfig.get('Socket')[1:], user, group)
-    if milterconfig.get('Socket')[:6] == "local:":
-        os.chown(milterconfig.get('Socket')[6:], user, group)
-
-
diff -Nru spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO spf-engine-2.9.2/spf_engine.egg-info/PKG-INFO
--- spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO	2019-10-07 00:31:42.000000000 +0000
+++ spf-engine-2.9.2/spf_engine.egg-info/PKG-INFO	2019-11-23 00:01:59.000000000 +0000
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: spf-engine
-Version: 2.9.1
+Version: 2.9.2
 Summary: SPF processing for Postfix (and Sendmail)
 Home-page: https://launchpad.net/spf-engine
 Author: Scott Kitterman