Prereq: "2.6.1"
diff -cr --new-file /var/tmp/postfix-2.6.1/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.6.1/src/global/mail_version.h	Tue May 19 19:56:41 2009
--- ./src/global/mail_version.h	Wed Jun  3 17:02:03 2009
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20090519"
! #define MAIL_VERSION_NUMBER	"2.6.1"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20090603"
! #define MAIL_VERSION_NUMBER	"2.6.2"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.6.1/HISTORY ./HISTORY
*** /var/tmp/postfix-2.6.1/HISTORY	Tue May 19 19:41:46 2009
--- ./HISTORY	Thu May 28 12:42:20 2009
***************
*** 15231,15233 ****
--- 15231,15242 ----
  	The queue file would be corrupted when the delay_warning_time
  	record was marked as "done" after sending the "your mail
  	is delayed" notice.  File: qmgr/qmgr_message.c.
+ 
+ 20090528
+ 
+ 	Bugfix (introduced: Postfix 2.6 change 20080629): with
+ 	plaintext sessions, smtpd_tls_auth_only=yes caused spurious
+ 	warnings with reject_authenticated_sender_login_mismatch,
+ 	and broke reject_unauthenticated_sender_login_mismatch and
+ 	reject_sender_login_mismatch.  Based on fix by Victor
+ 	Duchovni. File: smtpd/smtpd_check.c.
diff -cr --new-file /var/tmp/postfix-2.6.1/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c
*** /var/tmp/postfix-2.6.1/src/smtpd/smtpd_check.c	Sun Apr 26 13:59:07 2009
--- ./src/smtpd/smtpd_check.c	Thu May 28 13:19:04 2009
***************
*** 3279,3287 ****
      int     found = 0;
  
      /*
       * Reject if the client is logged in and does not own the sender address.
       */
!     if (smtpd_sasl_is_active(state) && state->sasl_username != 0) {
  	reply = smtpd_resolve_addr(sender);
  	if (reply->flags & RESOLVE_FLAG_FAIL)
  	    reject_dict_retry(state, sender);
--- 3279,3293 ----
      int     found = 0;
  
      /*
+      * Replace obscure code by self-evident code.
+      */
+ #define SMTPD_SASL_AUTHENTICATED(state) \
+ 	(smtpd_sasl_is_active(state) && state->sasl_username != 0)
+ 
+     /*
       * Reject if the client is logged in and does not own the sender address.
       */
!     if (var_smtpd_sasl_enable && SMTPD_SASL_AUTHENTICATED(state)) {
  	reply = smtpd_resolve_addr(sender);
  	if (reply->flags & RESOLVE_FLAG_FAIL)
  	    reject_dict_retry(state, sender);
***************
*** 3314,3320 ****
       * Reject if the client is not logged in and the sender address has an
       * owner.
       */
!     if (smtpd_sasl_is_active(state) && state->sasl_username == 0) {
  	reply = smtpd_resolve_addr(sender);
  	if (reply->flags & RESOLVE_FLAG_FAIL)
  	    reject_dict_retry(state, sender);
--- 3320,3326 ----
       * Reject if the client is not logged in and the sender address has an
       * owner.
       */
!     if (var_smtpd_sasl_enable && !SMTPD_SASL_AUTHENTICATED(state)) {
  	reply = smtpd_resolve_addr(sender);
  	if (reply->flags & RESOLVE_FLAG_FAIL)
  	    reject_dict_retry(state, sender);
***************
*** 3766,3772 ****
  					  state->sender, SMTPD_NAME_SENDER);
  	} else if (strcasecmp(name, REJECT_AUTH_SENDER_LOGIN_MISMATCH) == 0) {
  #ifdef USE_SASL_AUTH
! 	    if (smtpd_sasl_is_active(state)) {
  		if (state->sender && *state->sender)
  		    status = reject_auth_sender_login_mismatch(state, state->sender);
  	    } else
--- 3772,3778 ----
  					  state->sender, SMTPD_NAME_SENDER);
  	} else if (strcasecmp(name, REJECT_AUTH_SENDER_LOGIN_MISMATCH) == 0) {
  #ifdef USE_SASL_AUTH
! 	    if (var_smtpd_sasl_enable) {
  		if (state->sender && *state->sender)
  		    status = reject_auth_sender_login_mismatch(state, state->sender);
  	    } else
***************
*** 3774,3780 ****
  		msg_warn("restriction `%s' ignored: no SASL support", name);
  	} else if (strcasecmp(name, REJECT_UNAUTH_SENDER_LOGIN_MISMATCH) == 0) {
  #ifdef USE_SASL_AUTH
! 	    if (smtpd_sasl_is_active(state)) {
  		if (state->sender && *state->sender)
  		    status = reject_unauth_sender_login_mismatch(state, state->sender);
  	    } else
--- 3780,3786 ----
  		msg_warn("restriction `%s' ignored: no SASL support", name);
  	} else if (strcasecmp(name, REJECT_UNAUTH_SENDER_LOGIN_MISMATCH) == 0) {
  #ifdef USE_SASL_AUTH
! 	    if (var_smtpd_sasl_enable) {
  		if (state->sender && *state->sender)
  		    status = reject_unauth_sender_login_mismatch(state, state->sender);
  	    } else