Prereq: "2.6.2"
diff -cr --new-file /var/tmp/postfix-2.6.2/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.6.2/src/global/mail_version.h	Wed Jun  3 17:02:03 2009
--- ./src/global/mail_version.h	Sun Aug  2 19:24:43 2009
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20090603"
! #define MAIL_VERSION_NUMBER	"2.6.2"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20090802"
! #define MAIL_VERSION_NUMBER	"2.6.3"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.6.2/HISTORY ./HISTORY
*** /var/tmp/postfix-2.6.2/HISTORY	Thu May 28 12:42:20 2009
--- ./HISTORY	Sun Aug  2 19:00:08 2009
***************
*** 15240,15242 ****
--- 15240,15271 ----
  	and broke reject_unauthenticated_sender_login_mismatch and
  	reject_sender_login_mismatch.  Based on fix by Victor
  	Duchovni. File: smtpd/smtpd_check.c.
+ 
+ 20090605
+ 
+ 	Bugfix: "postmulti -e destroy" used hard-coded /bin/env
+ 	command. Simplified the "destroy" procedure to destroy only
+ 	known safe names without "/". File: conf/postmulti-script.
+ 
+ 20090710
+ 
+ 	Bugfix (introduced Postfix 2.3): Postfix got out of sync
+ 	with a Milter application after the application sent a
+ 	"quarantine" request at end-of-message time. The milter
+ 	application would still be in the end-of-message state,
+ 	while Postfix would already be working on the next SMTP
+ 	event (typically, QUIT or MAIL FROM).  Problem diagnosed
+ 	with help from Alban Deniz. File: milter/milter8.c.
+ 
+ 20090712
+ 
+ 	Bugfix (garbage introduced Postfix 2.6): the ugly
+ 	${multi_instance_name:postfix}${multi_instance_name
+ 	?$multi_instance_name} garbage in Postfix logging is now
+ 	hopefully gone.  File: global/mail_task.c.
+ 
+ 20090715
+ 
+ 	Documentation: as of Postfix 2.6, the reject_unauth_pipelining
+ 	feature can be used meaningfully at any protocol stage.
+ 	File: proto/postconf.proto.
diff -cr --new-file /var/tmp/postfix-2.6.2/conf/postmulti-script ./conf/postmulti-script
*** /var/tmp/postfix-2.6.2/conf/postmulti-script	Mon Feb 23 06:50:53 2009
--- ./conf/postmulti-script	Sun Aug  2 19:02:59 2009
***************
*** 228,233 ****
--- 228,244 ----
      ;;
  
  destroy)
+ 
+     # "postmulti -e destroy" will remove an entire instance only when
+     # invoked immediately after "postmulti -e create" (i.e. before
+     # other files are added to the instance). We delete only known
+     # safe names without "/".
+     #
+     QUEUE_SUBDIRS="active bounce corrupt defer deferred flush hold \
+     incoming maildrop pid private public saved trace"
+     #DEBUG=echo
+     WARN="postlog -p warn -t $TAG"
+ 
      # Locate the target instance
      #
      [ -f "$config_directory/main.cf" ] ||
***************
*** 236,292 ****
      postfix -c "$config_directory" status >/dev/null 2>&1 &&
      	fatal "Instance '$config_directory' is not stopped"
  
-     # XXX: Internal "postfix /some/cmd" interface via /bin/env for execvp().
-     #
-     for q in maildrop incoming active deferred hold
-     do
- 	postfix -c "$config_directory" /bin/env \
- 	    find "$q" ! -name "$q" ! -name "?" -perm 0700 -print |
- 	    grep "^" >/dev/null &&
- 	    fatal "Instance '$config_directory' $q queue is not empty"
-     done
- 
      # Update multi_instance directories
      # and also (just in case) drop from alternate_config_directories
      #
!     update_cfdirs del $config_directory || exit 1
! 
!     # Change default personalities:
!     MAIL_CONFIG="$config_directory"; export MAIL_CONFIG
  
!     # Full steam ahead, instance will be at least partly destroyed!
! 
!     # Try to remove data_directory, but not sub-directories.
!     # Note: care with "$TAG" insertion into sh -c 'script'.
      #
!     postfix /bin/sh -c \
!     	'cd $data_directory; rm -f -- *; cd ..; rmdir $data_directory; \
!          PATH=$command_directory:$PATH; export PATH; \
! 	 test -d $data_directory && \
! 	     postlog -p warn -t "'"$TAG"'" \
! 	     	"$data_directory partly removed" 2>&1' 2>/dev/null
! 
!     # Remove Postfix-owned files in the queue directory.
!     # Remove all files in the "pid" sub-directory.
!     # Remove empty directories.
!     # Note: care with "$TAG" insertion into sh -c 'script'.
!     postfix /bin/sh -c \
!     	'find . -user $mail_owner ! -type d -exec rm -f -- "{}" ";"; \
!     	 find . -depth -user $mail_owner -type d -exec rmdir -- "{}" ";"; \
! 	 rm -f -- pid/*; rmdir *; cd ..; rmdir $queue_directory; \
!          PATH=$command_directory:$PATH; export PATH; \
! 	 test -d $queue_directory && \
! 	     postlog -p warn -t "'"$TAG"'" \
! 	     	"$queue_directory partly removed" 2>&1' 2>/dev/null
  
      # In the configuration directory remove just the main.cf and master.cf
      # files.
!     rm -f -- "$MAIL_CONFIG/master.cf" "$MAIL_CONFIG/main.cf" 2>/dev/null
!     rmdir -- "$MAIL_CONFIG" 2>/dev/null
!     test -d "$MAIL_CONFIG" && \
! 	 postlog -p warn -t "$TAG" \
! 	    "$MAIL_CONFIG partly removed" 2>&1
      ;;
  enable)
      postconf -c "$config_directory" -e \
      	"multi_instance_enable = yes" || exit 1;;
--- 247,282 ----
      postfix -c "$config_directory" status >/dev/null 2>&1 &&
      	fatal "Instance '$config_directory' is not stopped"
  
      # Update multi_instance directories
      # and also (just in case) drop from alternate_config_directories
      #
!     $DEBUG update_cfdirs del "$config_directory" || exit 1
  
!     # XXX: Internal "postfix /some/cmd" interface.
      #
!     postfix -c "$config_directory" /bin/sh -c "
!     for q in $QUEUE_SUBDIRS
!     do
! 	$DEBUG rmdir -- \$q || 
! 	    $WARN \`pwd\`/\$q: please verify contents and remove by hand
!     done
!     "
! 
!     postfix -c "$config_directory" /bin/sh -c "
!     for dir in \$data_directory \$queue_directory
!     do
! 	$DEBUG rmdir -- \$dir || 
! 	    $WARN \$dir: please verify contents and remove by hand
!     done
!     "
  
      # In the configuration directory remove just the main.cf and master.cf
      # files.
!     $DEBUG rm -f -- "$config_directory/master.cf" "$config_directory/main.cf" 2>/dev/null
!     $DEBUG rmdir -- "$config_directory" || 
! 	$WARN $config_directory: please verify contents and remove by hand
      ;;
+ 
  enable)
      postconf -c "$config_directory" -e \
      	"multi_instance_enable = yes" || exit 1;;
diff -cr --new-file /var/tmp/postfix-2.6.2/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-2.6.2/html/postconf.5.html	Wed May  6 14:53:52 2009
--- ./html/postconf.5.html	Wed Jul 15 10:29:39 2009
***************
*** 10657,10667 ****
  commands ahead of time without knowing that Postfix actually supports
  ESMTP command pipelining. This stops mail from bulk mail software
  that improperly uses ESMTP command pipelining in order to speed up
! deliveries. <br> Note: <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> is not useful
! outside <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> when 1) the client uses ESMTP (EHLO
! instead of HELO) and 2) with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (the
! default).  The use of <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> in the other
! restriction contexts is therefore not recommended.  </dd>
  
  <dt><b><a name="reject">reject</a></b></dt>
  
--- 10657,10671 ----
  commands ahead of time without knowing that Postfix actually supports
  ESMTP command pipelining. This stops mail from bulk mail software
  that improperly uses ESMTP command pipelining in order to speed up
! deliveries.
! <br> With Postfix 2.6 and later, the SMTP server sets a per-session
! flag whenever it detects illegal pipelining, including pipelined
! EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply
! tests whether the flag was set at any point in time during the
! session.
! <br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks
! the current status of the input read queue, and its usage is not
! recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>.  </dd>
  
  <dt><b><a name="reject">reject</a></b></dt>
  
diff -cr --new-file /var/tmp/postfix-2.6.2/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-2.6.2/man/man5/postconf.5	Wed May  6 14:53:53 2009
--- ./man/man5/postconf.5	Wed Jul 15 10:29:39 2009
***************
*** 6519,6529 ****
  that improperly uses ESMTP command pipelining in order to speed up
  deliveries.
  .br
! Note: reject_unauth_pipelining is not useful
! outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO
! instead of HELO) and 2) with "smtpd_delay_reject = yes" (the
! default).  The use of reject_unauth_pipelining in the other
! restriction contexts is therefore not recommended.
  .IP "\fBreject\fR"
  Reject the request. This restriction is useful at the end of
  a restriction list, to make the default policy explicit.  The
--- 6519,6533 ----
  that improperly uses ESMTP command pipelining in order to speed up
  deliveries.
  .br
! With Postfix 2.6 and later, the SMTP server sets a per-session
! flag whenever it detects illegal pipelining, including pipelined
! EHLO or HELO commands. The reject_unauth_pipelining feature simply
! tests whether the flag was set at any point in time during the
! session.
! .br
! With older Postfix versions, reject_unauth_pipelining checks
! the current status of the input read queue, and its usage is not
! recommended in contexts other than smtpd_data_restrictions.
  .IP "\fBreject\fR"
  Reject the request. This restriction is useful at the end of
  a restriction list, to make the default policy explicit.  The
diff -cr --new-file /var/tmp/postfix-2.6.2/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-2.6.2/proto/postconf.proto	Wed May  6 14:53:29 2009
--- ./proto/postconf.proto	Wed Jul 15 10:29:26 2009
***************
*** 4939,4949 ****
  commands ahead of time without knowing that Postfix actually supports
  ESMTP command pipelining. This stops mail from bulk mail software
  that improperly uses ESMTP command pipelining in order to speed up
! deliveries. <br> Note: reject_unauth_pipelining is not useful
! outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO
! instead of HELO) and 2) with "smtpd_delay_reject = yes" (the
! default).  The use of reject_unauth_pipelining in the other
! restriction contexts is therefore not recommended.  </dd>
  
  <dt><b><a name="reject">reject</a></b></dt>
  
--- 4939,4953 ----
  commands ahead of time without knowing that Postfix actually supports
  ESMTP command pipelining. This stops mail from bulk mail software
  that improperly uses ESMTP command pipelining in order to speed up
! deliveries.
! <br> With Postfix 2.6 and later, the SMTP server sets a per-session
! flag whenever it detects illegal pipelining, including pipelined
! EHLO or HELO commands. The reject_unauth_pipelining feature simply
! tests whether the flag was set at any point in time during the
! session.   
! <br> With older Postfix versions, reject_unauth_pipelining checks
! the current status of the input read queue, and its usage is not
! recommended in contexts other than smtpd_data_restrictions.  </dd>
  
  <dt><b><a name="reject">reject</a></b></dt>
  
diff -cr --new-file /var/tmp/postfix-2.6.2/src/global/mail_task.c ./src/global/mail_task.c
*** /var/tmp/postfix-2.6.2/src/global/mail_task.c	Fri Feb 23 20:52:38 2007
--- ./src/global/mail_task.c	Sun Jul 12 15:19:43 2009
***************
*** 59,65 ****
      /* Setenv()-ed from main.cf, or inherited from master. */
      if ((tag = safe_getenv(CONF_ENV_LOGTAG)) == 0)
  	/* Check main.cf settings directly, in case set-gid. */
! 	tag = var_syslog_name ? var_syslog_name : DEF_SYSLOG_NAME;
      vstring_sprintf(canon_name, "%s/%s", tag, argv0);
      return (vstring_str(canon_name));
  }
--- 59,66 ----
      /* Setenv()-ed from main.cf, or inherited from master. */
      if ((tag = safe_getenv(CONF_ENV_LOGTAG)) == 0)
  	/* Check main.cf settings directly, in case set-gid. */
! 	tag = var_syslog_name ? var_syslog_name :
! 	    mail_conf_eval(DEF_SYSLOG_NAME);
      vstring_sprintf(canon_name, "%s/%s", tag, argv0);
      return (vstring_str(canon_name));
  }
diff -cr --new-file /var/tmp/postfix-2.6.2/src/milter/milter8.c ./src/milter/milter8.c
*** /var/tmp/postfix-2.6.2/src/milter/milter8.c	Wed May  6 15:01:43 2009
--- ./src/milter/milter8.c	Sat Jul 11 20:27:15 2009
***************
*** 1296,1302 ****
  	    /*
  	     * Decision: quarantine. In Sendmail 8.13 this does not imply a
  	     * transition in the receiver state (reply, reject, tempfail,
! 	     * accept, discard).
  	     */
  	case SMFIR_QUARANTINE:
  	    /* XXX What to do with the "reason" text? */
--- 1296,1303 ----
  	    /*
  	     * Decision: quarantine. In Sendmail 8.13 this does not imply a
  	     * transition in the receiver state (reply, reject, tempfail,
! 	     * accept, discard). We should not transition, either, otherwise
! 	     * we get out of sync.
  	     */
  	case SMFIR_QUARANTINE:
  	    /* XXX What to do with the "reason" text? */
***************
*** 1304,1310 ****
  				  MILTER8_DATA_BUFFER, milter->buf,
  				  MILTER8_DATA_END) != 0)
  		MILTER8_EVENT_BREAK(milter->def_reply);
! 	    MILTER8_EVENT_BREAK("H");
  
  	    /*
  	     * Decision: skip further events of this type.
--- 1305,1312 ----
  				  MILTER8_DATA_BUFFER, milter->buf,
  				  MILTER8_DATA_END) != 0)
  		MILTER8_EVENT_BREAK(milter->def_reply);
! 	    milter8_def_reply(milter, "H");
! 	    continue;
  
  	    /*
  	     * Decision: skip further events of this type.