Prereq: "3.0.3"
diff -cr --new-file /var/tmp/postfix-3.0.3/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-3.0.3/src/global/mail_version.h	2015-10-10 11:36:36.000000000 -0400
--- ./src/global/mail_version.h	2016-02-21 12:27:57.000000000 -0500
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20151010"
! #define MAIL_VERSION_NUMBER	"3.0.3"
  
  #ifdef SNAPSHOT
  #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20160221"
! #define MAIL_VERSION_NUMBER	"3.0.4"
  
  #ifdef SNAPSHOT
  #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-3.0.3/HISTORY ./HISTORY
*** /var/tmp/postfix-3.0.3/HISTORY	2015-10-10 09:38:08.000000000 -0400
--- ./HISTORY	2016-02-21 11:57:24.000000000 -0500
***************
*** 21727,21729 ****
--- 21727,21741 ----
  	development release): the DNS multi-query clients forgot
  	to save and restore h_errno when evaluating the aggregate
  	result. File: dns/dns_lookup.c.
+ 
+ 20151124
+ 
+ 	Bugfix (introduced: Postfix 3.0): don't throttle a destination
+ 	after opportunistic TLS failure. Viktor Dukhovni. File:
+ 	smtp/smtp_proto.c.
+ 
+ 20160204
+ 
+ 	Documentation (introduced: Postfix 3.0): wrong paramester
+ 	name in lmtp_address_verify_target description. File:
+ 	proto/posconf.proto
diff -cr --new-file /var/tmp/postfix-3.0.3/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-3.0.3/html/postconf.5.html	2015-07-19 18:34:31.000000000 -0400
--- ./html/postconf.5.html	2016-02-04 19:29:25.000000000 -0500
***************
*** 4026,4032 ****
  <DT><b><a name="lmtp_address_verify_target">lmtp_address_verify_target</a>
  (default: rcpt)</b></DT><DD>
  
! <p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
  configuration parameter.  See there for details. </p>
  
  <p> This feature is available in Postfix 3.0 and later.  </p>
--- 4026,4032 ----
  <DT><b><a name="lmtp_address_verify_target">lmtp_address_verify_target</a>
  (default: rcpt)</b></DT><DD>
  
! <p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a>
  configuration parameter.  See there for details. </p>
  
  <p> This feature is available in Postfix 3.0 and later.  </p>
diff -cr --new-file /var/tmp/postfix-3.0.3/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-3.0.3/man/man5/postconf.5	2015-07-19 18:34:32.000000000 -0400
--- ./man/man5/postconf.5	2016-02-04 19:29:25.000000000 -0500
***************
*** 2473,2479 ****
  .PP
  This feature is available in Postfix 2.8 and later.
  .SH lmtp_address_verify_target (default: rcpt)
! The LMTP\-specific version of the smtp_dns_support_level
  configuration parameter.  See there for details.
  .PP
  This feature is available in Postfix 3.0 and later.
--- 2473,2479 ----
  .PP
  This feature is available in Postfix 2.8 and later.
  .SH lmtp_address_verify_target (default: rcpt)
! The LMTP\-specific version of the smtp_address_verify_target
  configuration parameter.  See there for details.
  .PP
  This feature is available in Postfix 3.0 and later.
diff -cr --new-file /var/tmp/postfix-3.0.3/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-3.0.3/proto/postconf.proto	2015-07-19 18:34:26.000000000 -0400
--- ./proto/postconf.proto	2016-02-04 19:29:11.000000000 -0500
***************
*** 15432,15438 ****
  
  %PARAM lmtp_address_verify_target rcpt
  
! <p> The LMTP-specific version of the smtp_dns_support_level
  configuration parameter.  See there for details. </p>
  
  <p> This feature is available in Postfix 3.0 and later.  </p>
--- 15432,15438 ----
  
  %PARAM lmtp_address_verify_target rcpt
  
! <p> The LMTP-specific version of the smtp_address_verify_target
  configuration parameter.  See there for details. </p>
  
  <p> This feature is available in Postfix 3.0 and later.  </p>
diff -cr --new-file /var/tmp/postfix-3.0.3/src/smtp/smtp_proto.c ./src/smtp/smtp_proto.c
*** /var/tmp/postfix-3.0.3/src/smtp/smtp_proto.c	2015-01-17 19:15:36.000000000 -0500
--- ./src/smtp/smtp_proto.c	2015-11-24 19:35:13.000000000 -0500
***************
*** 935,946 ****
  	 * authentication. If the server doesn't announce SASL support over
  	 * plaintext connections, then we don't want delivery to fail with
  	 * "relay access denied".
  	 */
  	if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
  	    RETRY_AS_PLAINTEXT;
! 	return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
! 			       SMTP_RESP_FAKE(&fake, "4.7.5"),
! 			       "Cannot start TLS: handshake failure"));
      }
  
      /*
--- 935,957 ----
  	 * authentication. If the server doesn't announce SASL support over
  	 * plaintext connections, then we don't want delivery to fail with
  	 * "relay access denied".
+ 	 * 
+ 	 * If TLS is opportunistic, don't throttle the destination, otherwise if
+ 	 * the mail is volume is high enough we may have difficulty ever
+ 	 * draining even the deferred mail, as new mail provides a constant
+ 	 * stream of negative feedback.
  	 */
  	if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
  	    RETRY_AS_PLAINTEXT;
! 	if (state->tls->level == TLS_LEV_MAY) {
! 	    return (smtp_mesg_fail(state, DSN_BY_LOCAL_MTA,
! 				   SMTP_RESP_FAKE(&fake, "4.7.5"),
! 				   "Cannot start TLS: handshake failure"));
! 	} else {
! 	    return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
! 				   SMTP_RESP_FAKE(&fake, "4.7.5"),
! 				   "Cannot start TLS: handshake failure"));
! 	}
      }
  
      /*