Postfix 2.3.3 fixes one message corruption problem in the Milter
client, and changes the appearance of bounce messages.

- File corruption while executing a Milter "header insert" action
  with with headers-only mail (found with dk-filter). This caused
  delivery agents to go into an infinite loop. As a precaution,
  delivery agents now detect loops, and the queue manager now saves
  such mail to the "corrupt" directory.

- Segmentation fault in the SMTP client while saving a cached
  connection with unsent data. Some I/O cleanup was done in the
  wrong order, causing Postfix to index some table with -1.

- Postfix no longer announces its name in delivery status notifications.
  All other details of the default bounce text remain unchanged.
  The reason for this change is that too many people believe that
  Wietse provides a free helpdesk service that solves all their
  email problems.

For more details, see the HISTORY changes below.

Prereq: "2.3.2"
diff -cr /var/tmp/postfix-2.3.2/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.3.2/src/global/mail_version.h	Thu Jul 27 12:46:58 2006
--- ./src/global/mail_version.h	Fri Aug 25 18:25:50 2006
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20060727"
! #define MAIL_VERSION_NUMBER	"2.3.2"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"200600825"
! #define MAIL_VERSION_NUMBER	"2.3.3"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr /var/tmp/postfix-2.3.2/HISTORY ./HISTORY
*** /var/tmp/postfix-2.3.2/HISTORY	Thu Jul 27 12:46:04 2006
--- ./HISTORY	Fri Aug 25 18:24:02 2006
***************
*** 12637,12639 ****
--- 12637,12693 ----
  	Cleanup: change redundant milter_abort() and milter_disc_event()
  	calls into NO-OPs.  This avoids unnecessary panic() events
  	for completely harmless conditions.  File: milter/milter8.c.
+ 
+ 20060805
+ 
+ 	Bugfix  (introduced Postfix 2.3): #ifdef damage caused
+ 	smtp_sasl_start() to be invoked twice. Reported by C-J
+ 	Lofstedt. File: smtp/smtp_sasl_proto.c.
+ 
+ 20060806
+ 
+ 	Postfix no longer announces its name in delivery status
+ 	notifications.  Users believe that Wietse provides a free
+ 	helpdesk service that solves all their email problems.
+ 	Credits to Jonathan Balester.  File: bounce/bounce_templates.c.
+ 
+ 20060807
+ 
+ 	Bugfix (introduced Postfix 2.2): when upgrading from Postfix
+ 	< 2.2 with the third-party TLS patch, the post-install
+ 	upgrade procedure didn't put a "?" in the existing tlsmgr
+ 	entry, causing tlsmgr to repeatedly start and exit when TLS
+ 	support was not compiled in.  File: conf/post-install.
+ 
+ 20060812
+ 
+ 	Bugfix (introduced Postfix < alpha): safety mechanism in
+ 	mail_date() didn't work.  Found in code review.  File:
+ 	global/mail_date.c.
+ 
+ 20060822
+ 
+ 	Added missing logging for "message to large" etc.  Files:
+ 	smtpd/smtpd.c, cleanup/cleanup_milter.c.
+ 
+ 20060823
+ 
+ 	Bugfix (introduced Postfix 2.2): segfault when vstream_fclose()
+ 	attempted to flush unwritten output, after vstream_fdclose()
+ 	had already disconnected the stream from its file descriptor.
+ 	File: util/vstream.c.
+ 
+ 	Bugfix (introduced Postfix 2.2): vstream_fdclose() did not
+ 	flush unwritten output before disconnecting a stream from
+ 	its file descriptor(s).  File: util/vstream.c.
+ 
+ 20060825
+ 
+ 	Bugfix (introduced Postfix 2.3): with headers-only mail, a
+ 	Milter "header insert" action corrupted the queue file. The
+ 	cleanup server executed some end-of-body action before the
+ 	end-of-header actions. File: cleanup/cleanup_message.c.
+ 
+ 	Robustness: mail delivery agents now detect loops in queue
+ 	files. Files with too many backward jumps are saved to the
+ 	"corrupt" directory.  File: global/record.c.
diff -cr /var/tmp/postfix-2.3.2/README_FILES/CDB_README ./README_FILES/CDB_README
*** /var/tmp/postfix-2.3.2/README_FILES/CDB_README	Thu Jan 19 12:41:30 2006
--- ./README_FILES/CDB_README	Sat Aug 12 10:32:44 2006
***************
*** 49,58 ****
          "AUXLIBS=$CDB/cdb.a $CDB/alloc.a $CDB/buffer.a $CDB/unix.a $CDB/byte.a"
      % make
  
! After postfix has been built with cdb support, you can use "cdb" tables
  wherever you can use read-only "hash", "btree" or "dbm" tables. However, the
  "ppoossttmmaapp --ii" (incremental record insertion) and "ppoossttmmaapp --dd" (incremental
  record deletion) command-line options are not available. For the same reason
  the "cdb" map type cannot be used to store the persistent address verification
! cache for the verify(8) service.
  
--- 49,59 ----
          "AUXLIBS=$CDB/cdb.a $CDB/alloc.a $CDB/buffer.a $CDB/unix.a $CDB/byte.a"
      % make
  
! After Postfix has been built with cdb support, you can use "cdb" tables
  wherever you can use read-only "hash", "btree" or "dbm" tables. However, the
  "ppoossttmmaapp --ii" (incremental record insertion) and "ppoossttmmaapp --dd" (incremental
  record deletion) command-line options are not available. For the same reason
  the "cdb" map type cannot be used to store the persistent address verification
! cache for the verify(8) service, or to store TLS session information for the
! tlsmgr(8) service.
  
diff -cr /var/tmp/postfix-2.3.2/README_FILES/SASL_README ./README_FILES/SASL_README
*** /var/tmp/postfix-2.3.2/README_FILES/SASL_README	Tue Jul 18 20:29:13 2006
--- ./README_FILES/SASL_README	Mon Aug 21 09:36:07 2006
***************
*** 61,84 ****
  
  BBuuiillddiinngg PPoossttffiixx wwiitthh DDoovveeccoott SSAASSLL ssuuppppoorrtt
  
! Dovecot SASL support is available in Postfix 2.3 and later. The Dovecot source
! code is available via http://www.dovecot.org/. At the time of writing, only
! server-side SASL support is available, so you can't use it to authenticate to
! your network provider's server. Dovecot uses its own daemon process for
! authentication. This keeps the Postfix build process simple, because there is
! no need to link extra libraries into Postfix.
  
  To generate the necessary Makefiles, execute the following in the Postfix top-
  level directory:
  
      % make makefiles CCARGS='-DUSE_SASL_AUTH -
!     DDEF_SASL_SERVER_TYPE=\"dovecot\"'
  
  After this, proceed with "make" as described in the INSTALL document.
  
  Notes:
  
!   * The "-DDEF_SASL_SERVER_TYPE" stuff is not necessary; it just makes Postfix
      configuration a little more convenient because you don't have to specify
      the SASL plug-in type in the Postfix main.cf file.
  
--- 61,83 ----
  
  BBuuiillddiinngg PPoossttffiixx wwiitthh DDoovveeccoott SSAASSLL ssuuppppoorrtt
  
! Support for the Dovecot version 1 SASL protocol is available in Postfix 2.3 and
! later. At the time of writing, only server-side SASL support is available, so
! you can't use it to authenticate to your network provider's server. Dovecot
! uses its own daemon process for authentication. This keeps the Postfix build
! process simple, because there is no need to link extra libraries into Postfix.
  
  To generate the necessary Makefiles, execute the following in the Postfix top-
  level directory:
  
      % make makefiles CCARGS='-DUSE_SASL_AUTH -
!     DDEF_SERVER_SASL_TYPE=\"dovecot\"'
  
  After this, proceed with "make" as described in the INSTALL document.
  
  Notes:
  
!   * The "-DDEF_SERVER_SASL_TYPE" stuff is not necessary; it just makes Postfix
      configuration a little more convenient because you don't have to specify
      the SASL plug-in type in the Postfix main.cf file.
  
diff -cr /var/tmp/postfix-2.3.2/RELEASE_NOTES ./RELEASE_NOTES
*** /var/tmp/postfix-2.3.2/RELEASE_NOTES	Tue Jul 11 20:08:31 2006
--- ./RELEASE_NOTES	Sun Aug  6 10:36:21 2006
***************
*** 11,16 ****
--- 11,23 ----
  The mail_release_date configuration parameter (format: yyyymmdd)
  specifies the release date of a stable release or snapshot release.
  
+ Incompatible changes with Postfix 2.3.3
+ ---------------------------------------
+ 
+ Postfix no longer announces its name in delivery status notifications.
+ Users believe that Wietse provides a free help desk service that
+ solves all their email problems.
+ 
  Critical notes
  --------------
  
diff -cr /var/tmp/postfix-2.3.2/conf/post-install ./conf/post-install
*** /var/tmp/postfix-2.3.2/conf/post-install	Sat Feb  4 16:53:28 2006
--- ./conf/post-install	Mon Aug  7 10:48:42 2006
***************
*** 643,648 ****
--- 643,649 ----
  	    ed $config_directory/master.cf <<EOF || exit 1
  /^tlsmgr[ 	]*fifo[ 	]/
  s/fifo/unix/
+ s/[0-9][0-9]*/&?/
  p
  w
  q
diff -cr /var/tmp/postfix-2.3.2/html/CDB_README.html ./html/CDB_README.html
*** /var/tmp/postfix-2.3.2/html/CDB_README.html	Thu Jan 19 12:41:30 2006
--- ./html/CDB_README.html	Sat Aug 12 10:32:43 2006
***************
*** 79,88 ****
  </pre>
  </blockquote>
  
! <p> After postfix has been built with cdb support, you can use
  "cdb" tables wherever you can use read-only "hash", "btree" or
  "dbm" tables. However, the "<b>postmap -i</b>" (incremental record
  insertion) and "<b>postmap -d</b>" (incremental record deletion)
  command-line options are not available. For the same reason the
  "cdb" map type cannot be used to store the persistent address
! verification cache for the <a href="verify.8.html">verify(8)</a> service. </p>
--- 79,89 ----
  </pre>
  </blockquote>
  
! <p> After Postfix has been built with cdb support, you can use
  "cdb" tables wherever you can use read-only "hash", "btree" or
  "dbm" tables. However, the "<b>postmap -i</b>" (incremental record
  insertion) and "<b>postmap -d</b>" (incremental record deletion)
  command-line options are not available. For the same reason the
  "cdb" map type cannot be used to store the persistent address
! verification cache for the <a href="verify.8.html">verify(8)</a> service, or to store
! TLS session information for the <a href="tlsmgr.8.html">tlsmgr(8)</a> service. </p>
diff -cr /var/tmp/postfix-2.3.2/html/SASL_README.html ./html/SASL_README.html
*** /var/tmp/postfix-2.3.2/html/SASL_README.html	Tue Jul 18 20:29:13 2006
--- ./html/SASL_README.html	Mon Aug 21 09:36:07 2006
***************
*** 113,121 ****
  <h2><a name="build_dovecot">Building Postfix with Dovecot SASL
  support</a></h2>
  
! <p> Dovecot SASL support is available in Postfix 2.3 and later. The
! Dovecot source code is available via <a href="http://www.dovecot.org/">http://www.dovecot.org/</a>. At
! the time
  of writing, only server-side SASL support is available, so you can't
  use it to authenticate to your network provider's server. Dovecot
  uses its own daemon process for authentication. This keeps the
--- 113,120 ----
  <h2><a name="build_dovecot">Building Postfix with Dovecot SASL
  support</a></h2>
  
! <p> Support for the Dovecot version 1 SASL protocol is available
! in Postfix 2.3 and later.  At the time
  of writing, only server-side SASL support is available, so you can't
  use it to authenticate to your network provider's server. Dovecot
  uses its own daemon process for authentication. This keeps the
***************
*** 127,133 ****
  
  <blockquote>
  <pre>
! % make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER_TYPE=\"dovecot\"'
  </pre>
  </blockquote>
  
--- 126,132 ----
  
  <blockquote>
  <pre>
! % make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"'
  </pre>
  </blockquote>
  
***************
*** 138,144 ****
  
  <ul>
  
! <li> <p> The "-DDEF_SASL_SERVER_TYPE" stuff is not necessary; it just
  makes Postfix configuration a little more convenient because you
  don't have to specify the SASL plug-in type in the Postfix <a href="postconf.5.html">main.cf</a>
  file.  </p>
--- 137,143 ----
  
  <ul>
  
! <li> <p> The "-DDEF_SERVER_SASL_TYPE" stuff is not necessary; it just
  makes Postfix configuration a little more convenient because you
  don't have to specify the SASL plug-in type in the Postfix <a href="postconf.5.html">main.cf</a>
  file.  </p>
diff -cr /var/tmp/postfix-2.3.2/html/bounce.5.html ./html/bounce.5.html
*** /var/tmp/postfix-2.3.2/html/bounce.5.html	Wed Jan  4 15:33:06 2006
--- ./html/bounce.5.html	Sun Aug  6 10:39:51 2006
***************
*** 76,82 ****
             Subject: Undelivered Mail Returned to Sender
             Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
!            This is the $<a href="postconf.5.html#mail_name">mail_name</a> program at host $<a href="postconf.5.html#myhostname">myhostname</a>.
  
             I'm sorry to have to inform you that your message could not
             be delivered to one or more recipients. It's attached below.
--- 76,82 ----
             Subject: Undelivered Mail Returned to Sender
             Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
!            This is the mail system at host $<a href="postconf.5.html#myhostname">myhostname</a>.
  
             I'm sorry to have to inform you that your message could not
             be delivered to one or more recipients. It's attached below.
***************
*** 86,92 ****
             If you do so, please include this problem report. You can
             delete your own text from the attached returned message.
  
!                                           The $<a href="postconf.5.html#mail_name">mail_name</a> program
             EOF
  
         The usage and specification of bounce templates is subject
--- 86,92 ----
             If you do so, please include this problem report. You can
             delete your own text from the attached returned message.
  
!                                           The mail system
             EOF
  
         The usage and specification of bounce templates is subject
diff -cr /var/tmp/postfix-2.3.2/html/master.5.html ./html/master.5.html
*** /var/tmp/postfix-2.3.2/html/master.5.html	Wed Jul  5 20:26:27 2006
--- ./html/master.5.html	Sat Aug 12 10:32:45 2006
***************
*** 147,154 ****
                mented by connecting to the service and  sending  a
                wake  up  request.   A  ? at the end of the wake-up
                time field requests that no wake up events be  sent
!               before the service is used.  Specify 0 for no auto-
!               matic wake up.
  
                The <a href="pickup.8.html"><b>pickup</b>(8)</a>, <a href="qmgr.8.html"><b>qmgr</b>(8)</a> and <a href="flush.8.html"><b>flush</b>(8)</a> daemons require
                a wake up timer.
--- 147,154 ----
                mented by connecting to the service and  sending  a
                wake  up  request.   A  ? at the end of the wake-up
                time field requests that no wake up events be  sent
!               before the first time a service is used.  Specify 0
!               for no automatic wake up.
  
                The <a href="pickup.8.html"><b>pickup</b>(8)</a>, <a href="qmgr.8.html"><b>qmgr</b>(8)</a> and <a href="flush.8.html"><b>flush</b>(8)</a> daemons require
                a wake up timer.
diff -cr /var/tmp/postfix-2.3.2/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-2.3.2/html/postconf.5.html	Sat Jul 22 20:58:17 2006
--- ./html/postconf.5.html	Sat Aug 12 10:32:44 2006
***************
*** 5508,5513 ****
--- 5508,5518 ----
  error (broken mail software) reports.
  </p>
  
+ <p> NOTE: postmaster notifications may contain confidential information
+ such as SASL passwords or message content.  It is the system
+ administrator's responsibility to treat such information with care.
+ </p>
+ 
  <p>
  The error classes are:
  </p>
***************
*** 11823,11829 ****
  <p>
  The numerical Postfix SMTP server response code when a sender or
  recipient address is rejected by the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
! or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
  </p>
  
  <p>
--- 11828,11835 ----
  <p>
  The numerical Postfix SMTP server response code when a sender or
  recipient address is rejected by the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
! or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.  The response is
! always 450 in case of a temporary DNS error.
  </p>
  
  <p>
diff -cr /var/tmp/postfix-2.3.2/makedefs ./makedefs
*** /var/tmp/postfix-2.3.2/makedefs	Mon Jul  3 16:30:00 2006
--- ./makedefs	Mon Jul 31 09:03:31 2006
***************
*** 122,127 ****
--- 122,129 ----
  		;;
    OpenBSD.3*)	SYSTYPE=OPENBSD3
  		;;
+   OpenBSD.4*)	SYSTYPE=OPENBSD4
+ 		;;
    ekkoBSD.1*)	SYSTYPE=EKKOBSD1
  		;;
     NetBSD.1*)	SYSTYPE=NETBSD1
diff -cr /var/tmp/postfix-2.3.2/man/man5/bounce.5 ./man/man5/bounce.5
*** /var/tmp/postfix-2.3.2/man/man5/bounce.5	Wed Jan  4 15:33:06 2006
--- ./man/man5/bounce.5	Sun Aug  6 10:39:51 2006
***************
*** 86,92 ****
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the $mail_name program at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
--- 86,92 ----
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the mail system at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
***************
*** 97,103 ****
  delete your own text from the attached returned message.
  
  .ti +12
!                    The $mail_name program
  EOF
  .in -4
  .ad
--- 97,103 ----
  delete your own text from the attached returned message.
  
  .ti +12
!                    The mail system
  EOF
  .in -4
  .ad
diff -cr /var/tmp/postfix-2.3.2/man/man5/master.5 ./man/man5/master.5
*** /var/tmp/postfix-2.3.2/man/man5/master.5	Wed Jul  5 20:26:26 2006
--- ./man/man5/master.5	Sat Aug 12 10:32:45 2006
***************
*** 134,140 ****
  number of seconds. The wake up is implemented by connecting
  to the service and sending a wake up request.  A ? at the
  end of the wake-up time field requests that no wake up
! events be sent before the service is used.
  Specify 0 for no automatic wake up.
  .sp
  The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
--- 134,140 ----
  number of seconds. The wake up is implemented by connecting
  to the service and sending a wake up request.  A ? at the
  end of the wake-up time field requests that no wake up
! events be sent before the first time a service is used.
  Specify 0 for no automatic wake up.
  .sp
  The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
diff -cr /var/tmp/postfix-2.3.2/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-2.3.2/man/man5/postconf.5	Sat Jul 22 20:58:18 2006
--- ./man/man5/postconf.5	Sat Aug 12 10:32:44 2006
***************
*** 3019,3024 ****
--- 3019,3028 ----
  may wish to turn on the policy (UCE and mail relaying) and protocol
  error (broken mail software) reports.
  .PP
+ NOTE: postmaster notifications may contain confidential information
+ such as SASL passwords or message content.  It is the system
+ administrator's responsibility to treat such information with care.
+ .PP
  The error classes are:
  .IP "\fBbounce\fR (also implies \fB2bounce\fR)"
  Send the postmaster copies of the headers of bounced mail, and
***************
*** 7164,7170 ****
  .SH unknown_address_reject_code (default: 450)
  The numerical Postfix SMTP server response code when a sender or
  recipient address is rejected by the reject_unknown_sender_domain
! or reject_unknown_recipient_domain restriction.
  .PP
  Do not change this unless you have a complete understanding of RFC 821.
  .SH unknown_client_reject_code (default: 450)
--- 7168,7175 ----
  .SH unknown_address_reject_code (default: 450)
  The numerical Postfix SMTP server response code when a sender or
  recipient address is rejected by the reject_unknown_sender_domain
! or reject_unknown_recipient_domain restriction.  The response is
! always 450 in case of a temporary DNS error.
  .PP
  Do not change this unless you have a complete understanding of RFC 821.
  .SH unknown_client_reject_code (default: 450)
diff -cr /var/tmp/postfix-2.3.2/proto/CDB_README.html ./proto/CDB_README.html
*** /var/tmp/postfix-2.3.2/proto/CDB_README.html	Thu Jan 19 12:41:28 2006
--- ./proto/CDB_README.html	Wed Aug  9 15:27:38 2006
***************
*** 79,88 ****
  </pre>
  </blockquote>
  
! <p> After postfix has been built with cdb support, you can use
  "cdb" tables wherever you can use read-only "hash", "btree" or
  "dbm" tables. However, the "<b>postmap -i</b>" (incremental record
  insertion) and "<b>postmap -d</b>" (incremental record deletion)
  command-line options are not available. For the same reason the
  "cdb" map type cannot be used to store the persistent address
! verification cache for the verify(8) service. </p>
--- 79,89 ----
  </pre>
  </blockquote>
  
! <p> After Postfix has been built with cdb support, you can use
  "cdb" tables wherever you can use read-only "hash", "btree" or
  "dbm" tables. However, the "<b>postmap -i</b>" (incremental record
  insertion) and "<b>postmap -d</b>" (incremental record deletion)
  command-line options are not available. For the same reason the
  "cdb" map type cannot be used to store the persistent address
! verification cache for the verify(8) service, or to store
! TLS session information for the tlsmgr(8) service. </p>
diff -cr /var/tmp/postfix-2.3.2/proto/SASL_README.html ./proto/SASL_README.html
*** /var/tmp/postfix-2.3.2/proto/SASL_README.html	Tue Jul 18 20:28:40 2006
--- ./proto/SASL_README.html	Mon Aug 21 09:35:29 2006
***************
*** 113,121 ****
  <h2><a name="build_dovecot">Building Postfix with Dovecot SASL
  support</a></h2>
  
! <p> Dovecot SASL support is available in Postfix 2.3 and later. The
! Dovecot source code is available via http://www.dovecot.org/. At
! the time
  of writing, only server-side SASL support is available, so you can't
  use it to authenticate to your network provider's server. Dovecot
  uses its own daemon process for authentication. This keeps the
--- 113,120 ----
  <h2><a name="build_dovecot">Building Postfix with Dovecot SASL
  support</a></h2>
  
! <p> Support for the Dovecot version 1 SASL protocol is available
! in Postfix 2.3 and later.  At the time
  of writing, only server-side SASL support is available, so you can't
  use it to authenticate to your network provider's server. Dovecot
  uses its own daemon process for authentication. This keeps the
***************
*** 127,133 ****
  
  <blockquote>
  <pre>
! % make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER_TYPE=\"dovecot\"'
  </pre>
  </blockquote>
  
--- 126,132 ----
  
  <blockquote>
  <pre>
! % make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\"'
  </pre>
  </blockquote>
  
***************
*** 138,144 ****
  
  <ul>
  
! <li> <p> The "-DDEF_SASL_SERVER_TYPE" stuff is not necessary; it just
  makes Postfix configuration a little more convenient because you
  don't have to specify the SASL plug-in type in the Postfix main.cf
  file.  </p>
--- 137,143 ----
  
  <ul>
  
! <li> <p> The "-DDEF_SERVER_SASL_TYPE" stuff is not necessary; it just
  makes Postfix configuration a little more convenient because you
  don't have to specify the SASL plug-in type in the Postfix main.cf
  file.  </p>
diff -cr /var/tmp/postfix-2.3.2/proto/bounce ./proto/bounce
*** /var/tmp/postfix-2.3.2/proto/bounce	Wed Jan  4 15:33:04 2006
--- ./proto/bounce	Sun Aug  6 10:10:55 2006
***************
*** 76,82 ****
  #	Subject: Undelivered Mail Returned to Sender
  #	Postmaster-Subject: Postmaster Copy: Undelivered Mail
  #	
! #	This is the $mail_name program at host $myhostname.
  #	
  #	I'm sorry to have to inform you that your message could not
  #	be delivered to one or more recipients. It's attached below.
--- 76,82 ----
  #	Subject: Undelivered Mail Returned to Sender
  #	Postmaster-Subject: Postmaster Copy: Undelivered Mail
  #	
! #	This is the mail system at host $myhostname.
  #	
  #	I'm sorry to have to inform you that your message could not
  #	be delivered to one or more recipients. It's attached below.
***************
*** 87,93 ****
  #	delete your own text from the attached returned message.
  #
  # .ti +12
! #	                   The $mail_name program
  #	EOF
  # .in -4
  # .ad
--- 87,93 ----
  #	delete your own text from the attached returned message.
  #
  # .ti +12
! #	                   The mail system
  #	EOF
  # .in -4
  # .ad
diff -cr /var/tmp/postfix-2.3.2/proto/master ./proto/master
*** /var/tmp/postfix-2.3.2/proto/master	Wed Jul  5 20:25:52 2006
--- ./proto/master	Mon Aug  7 08:26:23 2006
***************
*** 128,134 ****
  #	number of seconds. The wake up is implemented by connecting
  #	to the service and sending a wake up request.  A ? at the
  #	end of the wake-up time field requests that no wake up
! #	events be sent before the service is used.
  #	Specify 0 for no automatic wake up.
  # .sp
  #	The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
--- 128,134 ----
  #	number of seconds. The wake up is implemented by connecting
  #	to the service and sending a wake up request.  A ? at the
  #	end of the wake-up time field requests that no wake up
! #	events be sent before the first time a service is used.
  #	Specify 0 for no automatic wake up.
  # .sp
  #	The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
diff -cr /var/tmp/postfix-2.3.2/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-2.3.2/proto/postconf.proto	Sat Jul 22 20:57:51 2006
--- ./proto/postconf.proto	Thu Aug 10 15:59:56 2006
***************
*** 2801,2806 ****
--- 2801,2811 ----
  error (broken mail software) reports.
  </p>
  
+ <p> NOTE: postmaster notifications may contain confidential information
+ such as SASL passwords or message content.  It is the system
+ administrator's responsibility to treat such information with care.
+ </p>
+ 
  <p>
  The error classes are:
  </p>
***************
*** 5894,5900 ****
  <p>
  The numerical Postfix SMTP server response code when a sender or
  recipient address is rejected by the reject_unknown_sender_domain
! or reject_unknown_recipient_domain restriction.
  </p>
  
  <p>
--- 5899,5906 ----
  <p>
  The numerical Postfix SMTP server response code when a sender or
  recipient address is rejected by the reject_unknown_sender_domain
! or reject_unknown_recipient_domain restriction.  The response is
! always 450 in case of a temporary DNS error.
  </p>
  
  <p>
diff -cr /var/tmp/postfix-2.3.2/src/bounce/2template_test.in ./src/bounce/2template_test.in
*** /var/tmp/postfix-2.3.2/src/bounce/2template_test.in	Wed Jan 25 20:48:43 2006
--- ./src/bounce/2template_test.in	Sun Aug  6 10:10:13 2006
***************
*** 4,10 ****
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the $mail_name program at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
--- 4,10 ----
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the mail system at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
***************
*** 14,20 ****
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The $mail_name program
  EOF
  
  delay_template = <<EOF
--- 14,20 ----
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The mail system
  EOF
  
  delay_template = <<EOF
***************
*** 23,29 ****
  Subject: Delayed Mail (still being retried)
  Postmaster-Subject: Postmaster Warning: Delayed Mail
  
! This is the $mail_name program at host $myhostname.
  
  ####################################################################
  # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
--- 23,29 ----
  Subject: Delayed Mail (still being retried)
  Postmaster-Subject: Postmaster Warning: Delayed Mail
  
! This is the mail system at host $myhostname.
  
  ####################################################################
  # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
***************
*** 37,43 ****
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The $mail_name program
  EOF
  
  success_template = <<EOF
--- 37,43 ----
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The mail system
  EOF
  
  success_template = <<EOF
***************
*** 45,58 ****
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Successful Mail Delivery Report
  
! This is the $mail_name program at host $myhostname.
  
  Your message was successfully delivered to the destination(s)
  listed below. If the message was delivered to mailbox you will
  receive no further notifications. Otherwise you may still receive
  notifications of mail delivery errors from other systems.
  
!                    The $mail_name program
  EOF
  
  verify_template = <<EOF
--- 45,58 ----
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Successful Mail Delivery Report
  
! This is the mail system at host $myhostname.
  
  Your message was successfully delivered to the destination(s)
  listed below. If the message was delivered to mailbox you will
  receive no further notifications. Otherwise you may still receive
  notifications of mail delivery errors from other systems.
  
!                    The mail system
  EOF
  
  verify_template = <<EOF
***************
*** 60,70 ****
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Mail Delivery Status Report
  
! This is the $mail_name program at host $myhostname.
  
  Enclosed is the mail delivery report that you requested.
  
!                    The $mail_name program
  EOF
  failure_template = <<EOF
  Charset: us-ascii
--- 60,70 ----
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Mail Delivery Status Report
  
! This is the mail system at host $myhostname.
  
  Enclosed is the mail delivery report that you requested.
  
!                    The mail system
  EOF
  failure_template = <<EOF
  Charset: us-ascii
***************
*** 72,78 ****
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the $mail_name program at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
--- 72,78 ----
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the mail system at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
***************
*** 82,88 ****
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The $mail_name program
  EOF
  
  delay_template = <<EOF
--- 82,88 ----
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The mail system
  EOF
  
  delay_template = <<EOF
***************
*** 91,97 ****
  Subject: Delayed Mail (still being retried)
  Postmaster-Subject: Postmaster Warning: Delayed Mail
  
! This is the $mail_name program at host $myhostname.
  
  ####################################################################
  # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
--- 91,97 ----
  Subject: Delayed Mail (still being retried)
  Postmaster-Subject: Postmaster Warning: Delayed Mail
  
! This is the mail system at host $myhostname.
  
  ####################################################################
  # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
***************
*** 105,111 ****
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The $mail_name program
  EOF
  
  success_template = <<EOF
--- 105,111 ----
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The mail system
  EOF
  
  success_template = <<EOF
***************
*** 113,126 ****
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Successful Mail Delivery Report
  
! This is the $mail_name program at host $myhostname.
  
  Your message was successfully delivered to the destination(s)
  listed below. If the message was delivered to mailbox you will
  receive no further notifications. Otherwise you may still receive
  notifications of mail delivery errors from other systems.
  
!                    The $mail_name program
  EOF
  
  verify_template = <<EOF
--- 113,126 ----
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Successful Mail Delivery Report
  
! This is the mail system at host $myhostname.
  
  Your message was successfully delivered to the destination(s)
  listed below. If the message was delivered to mailbox you will
  receive no further notifications. Otherwise you may still receive
  notifications of mail delivery errors from other systems.
  
!                    The mail system
  EOF
  
  verify_template = <<EOF
***************
*** 128,136 ****
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Mail Delivery Status Report
  
! This is the $mail_name program at host $myhostname.
  
  Enclosed is the mail delivery report that you requested.
  
!                    The $mail_name program
  EOF
--- 128,136 ----
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Mail Delivery Status Report
  
! This is the mail system at host $myhostname.
  
  Enclosed is the mail delivery report that you requested.
  
!                    The mail system
  EOF
diff -cr /var/tmp/postfix-2.3.2/src/bounce/bounce_templates.c ./src/bounce/bounce_templates.c
*** /var/tmp/postfix-2.3.2/src/bounce/bounce_templates.c	Sun Jan  8 10:35:53 2006
--- ./src/bounce/bounce_templates.c	Sun Aug  6 09:46:35 2006
***************
*** 93,99 ****
    * The fail template is for permanent failure.
    */
  static const char *def_bounce_failure_body[] = {
!     "This is the $mail_name program at host $myhostname.",
      "",
      "I'm sorry to have to inform you that your message could not",
      "be delivered to one or more recipients. It's attached below.",
--- 93,99 ----
    * The fail template is for permanent failure.
    */
  static const char *def_bounce_failure_body[] = {
!     "This is the mail system at host $myhostname.",
      "",
      "I'm sorry to have to inform you that your message could not",
      "be delivered to one or more recipients. It's attached below.",
***************
*** 103,109 ****
      "If you do so, please include this problem report. You can",
      "delete your own text from the attached returned message.",
      "",
!     "                   The $mail_name program",
      0,
  };
  
--- 103,109 ----
      "If you do so, please include this problem report. You can",
      "delete your own text from the attached returned message.",
      "",
!     "                   The mail system",
      0,
  };
  
***************
*** 124,130 ****
    * The delay template is for delayed mail notifications.
    */
  static const char *def_bounce_delay_body[] = {
!     "This is the $mail_name program at host $myhostname.",
      "",
      "####################################################################",
      "# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #",
--- 124,130 ----
    * The delay template is for delayed mail notifications.
    */
  static const char *def_bounce_delay_body[] = {
!     "This is the mail system at host $myhostname.",
      "",
      "####################################################################",
      "# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #",
***************
*** 139,145 ****
      "If you do so, please include this problem report. You can",
      "delete your own text from the attached returned message.",
      "",
!     "                   The $mail_name program",
      0,
  };
  
--- 139,145 ----
      "If you do so, please include this problem report. You can",
      "delete your own text from the attached returned message.",
      "",
!     "                   The mail system",
      0,
  };
  
***************
*** 161,174 ****
    * notifications.
    */
  static const char *def_bounce_success_body[] = {
!     "This is the $mail_name program at host $myhostname.",
      "",
      "Your message was successfully delivered to the destination(s)",
      "listed below. If the message was delivered to mailbox you will",
      "receive no further notifications. Otherwise you may still receive",
      "notifications of mail delivery errors from other systems.",
      "",
!     "                   The $mail_name program",
      0,
  };
  
--- 161,174 ----
    * notifications.
    */
  static const char *def_bounce_success_body[] = {
!     "This is the mail system at host $myhostname.",
      "",
      "Your message was successfully delivered to the destination(s)",
      "listed below. If the message was delivered to mailbox you will",
      "receive no further notifications. Otherwise you may still receive",
      "notifications of mail delivery errors from other systems.",
      "",
!     "                   The mail system",
      0,
  };
  
***************
*** 190,200 ****
    * address verification (sendmail -bv).
    */
  static const char *def_bounce_verify_body[] = {
!     "This is the $mail_name program at host $myhostname.",
      "",
      "Enclosed is the mail delivery report that you requested.",
      "",
!     "                   The $mail_name program",
      0,
  };
  
--- 190,200 ----
    * address verification (sendmail -bv).
    */
  static const char *def_bounce_verify_body[] = {
!     "This is the mail system at host $myhostname.",
      "",
      "Enclosed is the mail delivery report that you requested.",
      "",
!     "                   The mail system",
      0,
  };
  
diff -cr /var/tmp/postfix-2.3.2/src/bounce/template_test.ref ./src/bounce/template_test.ref
*** /var/tmp/postfix-2.3.2/src/bounce/template_test.ref	Wed Jan 25 20:33:00 2006
--- ./src/bounce/template_test.ref	Sun Aug  6 10:09:07 2006
***************
*** 4,10 ****
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the $mail_name program at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
--- 4,10 ----
  Subject: Undelivered Mail Returned to Sender
  Postmaster-Subject: Postmaster Copy: Undelivered Mail
  
! This is the mail system at host $myhostname.
  
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
***************
*** 14,20 ****
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The $mail_name program
  EOF
  
  delay_template = <<EOF
--- 14,20 ----
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The mail system
  EOF
  
  delay_template = <<EOF
***************
*** 23,29 ****
  Subject: Delayed Mail (still being retried)
  Postmaster-Subject: Postmaster Warning: Delayed Mail
  
! This is the $mail_name program at host $myhostname.
  
  ####################################################################
  # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
--- 23,29 ----
  Subject: Delayed Mail (still being retried)
  Postmaster-Subject: Postmaster Warning: Delayed Mail
  
! This is the mail system at host $myhostname.
  
  ####################################################################
  # THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
***************
*** 37,43 ****
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The $mail_name program
  EOF
  
  success_template = <<EOF
--- 37,43 ----
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
  
!                    The mail system
  EOF
  
  success_template = <<EOF
***************
*** 45,58 ****
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Successful Mail Delivery Report
  
! This is the $mail_name program at host $myhostname.
  
  Your message was successfully delivered to the destination(s)
  listed below. If the message was delivered to mailbox you will
  receive no further notifications. Otherwise you may still receive
  notifications of mail delivery errors from other systems.
  
!                    The $mail_name program
  EOF
  
  verify_template = <<EOF
--- 45,58 ----
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Successful Mail Delivery Report
  
! This is the mail system at host $myhostname.
  
  Your message was successfully delivered to the destination(s)
  listed below. If the message was delivered to mailbox you will
  receive no further notifications. Otherwise you may still receive
  notifications of mail delivery errors from other systems.
  
!                    The mail system
  EOF
  
  verify_template = <<EOF
***************
*** 60,68 ****
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Mail Delivery Status Report
  
! This is the $mail_name program at host $myhostname.
  
  Enclosed is the mail delivery report that you requested.
  
!                    The $mail_name program
  EOF
--- 60,68 ----
  From: MAILER-DAEMON (Mail Delivery System)
  Subject: Mail Delivery Status Report
  
! This is the mail system at host $myhostname.
  
  Enclosed is the mail delivery report that you requested.
  
!                    The mail system
  EOF
diff -cr /var/tmp/postfix-2.3.2/src/cleanup/cleanup_message.c ./src/cleanup/cleanup_message.c
*** /var/tmp/postfix-2.3.2/src/cleanup/cleanup_message.c	Thu Jun 15 14:07:15 2006
--- ./src/cleanup/cleanup_message.c	Fri Aug 25 17:30:50 2006
***************
*** 797,806 ****
       * current file position so we can compute the message size lateron.
       */
      else if (type == REC_TYPE_XTRA) {
  	if (state->milters || cleanup_milters)
  	    /* Make room for body modification. */
  	    cleanup_out_format(state, REC_TYPE_PTR, REC_TYPE_PTR_FORMAT, 0L);
- 	state->mime_errs = mime_state_update(state->mime_state, type, buf, len);
  	/* Ignore header truncation after primary message headers. */
  	state->mime_errs &= ~MIME_ERR_TRUNC_HEADER;
  	if (state->mime_errs && state->reason == 0) {
--- 797,806 ----
       * current file position so we can compute the message size lateron.
       */
      else if (type == REC_TYPE_XTRA) {
+ 	state->mime_errs = mime_state_update(state->mime_state, type, buf, len);
  	if (state->milters || cleanup_milters)
  	    /* Make room for body modification. */
  	    cleanup_out_format(state, REC_TYPE_PTR, REC_TYPE_PTR_FORMAT, 0L);
  	/* Ignore header truncation after primary message headers. */
  	state->mime_errs &= ~MIME_ERR_TRUNC_HEADER;
  	if (state->mime_errs && state->reason == 0) {
diff -cr /var/tmp/postfix-2.3.2/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c
*** /var/tmp/postfix-2.3.2/src/cleanup/cleanup_milter.c	Tue Jul 25 16:21:42 2006
--- ./src/cleanup/cleanup_milter.c	Tue Aug 22 11:00:32 2006
***************
*** 213,222 ****
  
  static void cleanup_milter_set_error(CLEANUP_STATE *state, int err)
  {
!     if (err == EFBIG)
  	state->errs |= CLEANUP_STAT_SIZE;
!     else
  	state->errs |= CLEANUP_STAT_WRITE;
  }
  
  /* cleanup_milter_error - return dummy error description */
--- 213,225 ----
  
  static void cleanup_milter_set_error(CLEANUP_STATE *state, int err)
  {
!     if (err == EFBIG) {
! 	msg_warn("%s: queue file size limit exceeded", state->queue_id);
  	state->errs |= CLEANUP_STAT_SIZE;
!     } else {
! 	msg_warn("%s: write queue file: %m", state->queue_id);
  	state->errs |= CLEANUP_STAT_WRITE;
+     }
  }
  
  /* cleanup_milter_error - return dummy error description */
diff -cr /var/tmp/postfix-2.3.2/src/global/mail_date.c ./src/global/mail_date.c
*** /var/tmp/postfix-2.3.2/src/global/mail_date.c	Thu May  9 10:52:55 2002
--- ./src/global/mail_date.c	Sat Aug 12 10:37:42 2006
***************
*** 121,127 ****
       * Finally, add the time zone name.
       */
      while (strftime(vstring_end(vp), vstring_avail(vp), " (%Z)", lt) == 0)
! 	VSTRING_SPACE(vp, 100);
      VSTRING_SKIP(vp);
  
      return (vstring_str(vp));
--- 121,127 ----
       * Finally, add the time zone name.
       */
      while (strftime(vstring_end(vp), vstring_avail(vp), " (%Z)", lt) == 0)
! 	VSTRING_SPACE(vp, vstring_avail(vp) + 100);
      VSTRING_SKIP(vp);
  
      return (vstring_str(vp));
diff -cr /var/tmp/postfix-2.3.2/src/global/record.c ./src/global/record.c
*** /var/tmp/postfix-2.3.2/src/global/record.c	Thu Jun 15 14:07:15 2006
--- ./src/global/record.c	Fri Aug 25 18:19:42 2006
***************
*** 293,310 ****
--- 293,334 ----
  int     rec_goto(VSTREAM *stream, const char *buf)
  {
      off_t   offset;
+     static const char *saved_path;
+     static off_t saved_offset;
+     static int reverse_count;
  
+     /*
+      * Crude workaround for queue file loops. VSTREAMs currently have no
+      * option to attach application-specific data, so we use global state and
+      * simple logic to detect if an application switches streams. We trigger
+      * on reverse jumps only. There's one reverse jump for every inserted
+      * header, but only one reverse jump for all appended recipients. No-one
+      * is likely to insert 10000 message headers, but someone might append
+      * 10000 recipients.
+      */
+ #define STREQ(x,y) ((x) == (y) && strcmp((x), (y)) == 0)
+ #define REVERSE_JUMP_LIMIT	10000
+ 
+     if (!STREQ(saved_path, VSTREAM_PATH(stream))) {
+ 	saved_path = VSTREAM_PATH(stream);
+ 	reverse_count = 0;
+ 	saved_offset = 0;
+     }
      while (ISSPACE(*buf))
  	buf++;
      if ((offset = off_cvt_string(buf)) < 0) {
  	msg_warn("%s: malformed pointer record value: %s",
  		 VSTREAM_PATH(stream), buf);
  	return (REC_TYPE_ERROR);
+     } else if (offset < saved_offset && ++reverse_count > REVERSE_JUMP_LIMIT) {
+ 	msg_warn("%s: too many reverse jump records", VSTREAM_PATH(stream));
+ 	return (REC_TYPE_ERROR);
      } else if (offset > 0 && vstream_fseek(stream, offset, SEEK_SET) < 0) {
  	msg_warn("%s: seek error after pointer record: %m",
  		 VSTREAM_PATH(stream));
  	return (REC_TYPE_ERROR);
      } else {
+ 	saved_offset = offset;
  	return (0);
      }
  }
diff -cr /var/tmp/postfix-2.3.2/src/smtp/smtp_sasl_proto.c ./src/smtp/smtp_sasl_proto.c
*** /var/tmp/postfix-2.3.2/src/smtp/smtp_sasl_proto.c	Wed Jun 14 20:50:02 2006
--- ./src/smtp/smtp_sasl_proto.c	Sat Aug  5 17:28:08 2006
***************
*** 176,193 ****
  	ret = smtp_sess_fail(state);
  	/* Session reuse is disabled. */
      } else {
! #ifdef USE_TLS
  	if (session->tls_context == 0)
- #endif
  	    smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
  			    var_smtp_sasl_opts);
- #ifdef USE_TLS
  #ifdef SNAPSHOT					/* XXX: Not yet */
  	else if (session->tls_context->peer_verified)
  	    smtp_sasl_start(session, VAR_SMTP_SASL_TLSV_OPTS,
  			    var_smtp_sasl_tlsv_opts);
- 	else
  #endif
  	    smtp_sasl_start(session, VAR_SMTP_SASL_TLS_OPTS,
  			    var_smtp_sasl_tls_opts);
  #endif
--- 176,194 ----
  	ret = smtp_sess_fail(state);
  	/* Session reuse is disabled. */
      } else {
! #ifndef USE_TLS
! 	smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
! 			var_smtp_sasl_opts);
! #else
  	if (session->tls_context == 0)
  	    smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
  			    var_smtp_sasl_opts);
  #ifdef SNAPSHOT					/* XXX: Not yet */
  	else if (session->tls_context->peer_verified)
  	    smtp_sasl_start(session, VAR_SMTP_SASL_TLSV_OPTS,
  			    var_smtp_sasl_tlsv_opts);
  #endif
+ 	else
  	    smtp_sasl_start(session, VAR_SMTP_SASL_TLS_OPTS,
  			    var_smtp_sasl_tls_opts);
  #endif
diff -cr /var/tmp/postfix-2.3.2/src/smtpd/smtpd.c ./src/smtpd/smtpd.c
*** /var/tmp/postfix-2.3.2/src/smtpd/smtpd.c	Wed Jul 26 20:47:39 2006
--- ./src/smtpd/smtpd.c	Tue Aug 22 11:00:32 2006
***************
*** 2643,2651 ****
  	    && (state->proxy == 0 ? (++start, --len) == 0 : len == 1))
  	    break;
  	if (state->err == CLEANUP_STAT_OK) {
! 	    if (var_message_limit > 0 && var_message_limit - state->act_size < len + 2)
  		state->err = CLEANUP_STAT_SIZE;
! 	    else {
  		state->act_size += len + 2;
  		if (out_record(out_stream, curr_rec_type, start, len) < 0)
  		    state->err = out_error;
--- 2643,2653 ----
  	    && (state->proxy == 0 ? (++start, --len) == 0 : len == 1))
  	    break;
  	if (state->err == CLEANUP_STAT_OK) {
! 	    if (var_message_limit > 0 && var_message_limit - state->act_size < len + 2) {
  		state->err = CLEANUP_STAT_SIZE;
! 		msg_warn("%s: queue file size limit exceeded",
! 			 state->queue_id ? state->queue_id : "NOQUEUE");
! 	    } else {
  		state->act_size += len + 2;
  		if (out_record(out_stream, curr_rec_type, start, len) < 0)
  		    state->err = out_error;
diff -cr /var/tmp/postfix-2.3.2/src/util/sys_defs.h ./src/util/sys_defs.h
*** /var/tmp/postfix-2.3.2/src/util/sys_defs.h	Mon Jul  3 08:37:32 2006
--- ./src/util/sys_defs.h	Mon Jul 31 09:04:29 2006
***************
*** 26,32 ****
  #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
      || defined(FREEBSD5) || defined(FREEBSD6) \
      || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
!     || defined(OPENBSD2) || defined(OPENBSD3) \
      || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \
      || defined(EKKOBSD1)
  #define SUPPORTED
--- 26,32 ----
  #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
      || defined(FREEBSD5) || defined(FREEBSD6) \
      || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
!     || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
      || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \
      || defined(EKKOBSD1)
  #define SUPPORTED
diff -cr /var/tmp/postfix-2.3.2/src/util/vstream.c ./src/util/vstream.c
*** /var/tmp/postfix-2.3.2/src/util/vstream.c	Thu Jun 15 14:07:16 2006
--- ./src/util/vstream.c	Wed Aug 23 16:27:28 2006
***************
*** 1049,1056 ****
       */
      if (stream->pid != 0)
  	msg_panic("vstream_fclose: stream has process");
!     if ((stream->buf.flags & VSTREAM_FLAG_WRITE_DOUBLE) != 0)
  	vstream_fflush(stream);
      err = vstream_ferror(stream);
      if (stream->buf.flags & VSTREAM_FLAG_DOUBLE) {
  	if (stream->read_fd >= 0)
--- 1049,1057 ----
       */
      if (stream->pid != 0)
  	msg_panic("vstream_fclose: stream has process");
!     if ((stream->buf.flags & VSTREAM_FLAG_WRITE_DOUBLE) != 0 && stream->fd >= 0)
  	vstream_fflush(stream);
+     /* Do not remove: vstream_fdclose() depends on this error test. */
      err = vstream_ferror(stream);
      if (stream->buf.flags & VSTREAM_FLAG_DOUBLE) {
  	if (stream->read_fd >= 0)
***************
*** 1079,1086 ****
  
  int     vstream_fdclose(VSTREAM *stream)
  {
      if (stream->buf.flags & VSTREAM_FLAG_DOUBLE) {
! 	stream->read_fd = stream->write_fd = -1;
      } else {
  	stream->fd = -1;
      }
--- 1080,1101 ----
  
  int     vstream_fdclose(VSTREAM *stream)
  {
+ 
+     /*
+      * Flush unwritten output, just like vstream_fclose(). Errors are
+      * reported by vstream_fclose().
+      */
+     if ((stream->buf.flags & VSTREAM_FLAG_WRITE_DOUBLE) != 0)
+ 	(void) vstream_fflush(stream);
+ 
+     /*
+      * NOTE: Negative file descriptors are not part of the external
+      * interface. They are for internal use only, in order to support
+      * vstream_fdclose() without a lot of code duplication. Applications that
+      * rely on negative VSTREAM file descriptors will break without warning.
+      */
      if (stream->buf.flags & VSTREAM_FLAG_DOUBLE) {
! 	stream->fd = stream->read_fd = stream->write_fd = -1;
      } else {
  	stream->fd = -1;
      }