HISTORY

	is used while SASL authentication is disabled, instead of
	simply ignoring the restriction. LaMont Jones, HP. File:
	smtpd/smtpd.c.

	Safety: when postmap creates a non-existent file, the new
	file inherits group/other read permissions from the source
	file.  Based on code by LaMont Jones, HP.  File:
	postmap/postmap.c.

20020123

	Portability: some Linux systems install libnsl.so without
	libnsl.a file, causing an yp_match undefined reference
	problem.  File: makedefs.

20020124

	Portability: post-install now requests that command_directory
	is given on the command line when the postconf command is
	in an unusual place.

	Safety: extra code to detect and report Berkeley DB version
	mismatches between compile time and run time.  This test
	is limited to mismatches in the major version number only.
	File:  util/dict_db.c. Based on code by Lawrence Greenfield,
	Carnegie-Mellon university.

	Safety: the postfix command and the master daemon abort if
	they are running set-uid.

	Documentation: the postmap manual page described an out of
	date input file format.

20020129

	Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe.
	Therefore, input mail flow control is disabled by default.
	Files:  makedefs, global/mail_params.h, conf/main.cf.
	Problem reported by Kurt Andersen, Agilent.

20020201

	Workaround: changed the default smtpd_null_access_lookup_key
	setting to <>, because some Bezerkeloid DB implementations
	can't handle null-length lookup keys.  File: global/mail_params.h.

	Bugfix: backed out a null-length address panic call by
	ignoring the problem, like Postfix did in the past.  File:
	global/resolve_local.c.

	Safety: "postfix check" will now warn if /usr/lib/sendmail
	and /usr/sbin/sendmail differ, and will propose to replace
	one by a symlink to the other. File: conf/postfix-script.

20020204

	Sanity: additional permission checks for "postfix check"
	that warn for setgid_group group ownership mismatches.  by
	Matthias Andree, uni-dortmund.de. File: conf/postfix-script.

	Bugfix: "postfix check" used a too simplistic way to
	recognize file ownership (grepping ls output). It now uses
	the recently discovered "find -prune".  Peter Bieringer,
	Matthias Andree. File: conf/postfix-script.

20020218

	Workaround: log a warning and disconnect when an SMTP client
	ignores our negative replies and starts sending message
	content without permission. File: smtpd/smtpd.c.

20020220

	Bugfix: mismatch in the file being locked by dict_dbm and
	the file being locked by postmap, so that locks did not
	work correctly.  Victor Duchovni, Morgan Stanley.

20020222

	Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp()
	produce incorrect results with 8-bit characters. For example,
	non-ASCII characters could compare equal to ASCII characters,
	and that could result in any number of security problems.
	Files:  util/strcasecmp.c, COPYRIGHT (the BSD license).

	Bugfix: off-by-one error, causing a null byte to be written
	outside dynamically allocated memory in the queue manager
	with addresses of exactly 100 bytes long, resulting in
	SIGSEGV on systems with an "exact fit" malloc routine.
	Experienced by Ralf Hildebrandt; diagnosed by Victor
	Duchovni. Files:  *qmgr/qmgr_message.c.  This is not a
	security problem.

	Bugfix: make all recipient comparisons transitive, because
	Solaris qsort() causes SIGSEGV errors otherwise. Victor
	Duchovni, Morgan Stanley. File: *qmgr/qmgr_message.c.

20020302

	Bugfix: don't strip source route (@domain...:) when the
	result would be an empty address. This avoids problems when
	append_at_myorigin is set to "no" (which is not supported).
	Problem reported by Charles McColgan, Big Fish Communications.
	File:  trivial-rewrite/rewrite.c.

20020304

	Cleanup: postqueue should not not complain when output
	fails with "broken pipe".

20020308

	Bugfix? reply with 550 not 552 when content is rejected.
	552 is reserved for "too much mail".

	Documentation: add note to sendmail manual page that running
	"sendmail -bs" as $mail_owner enables SMTP server UCE and
	access control checks. This is meant for use from inetd etc.
	Matthias Andree.

20020311

	Bugfix: DBM maps should use different files for locking
	and for change detection.  Problem reported by Victor
	Duchovni, Morgan Stanley.  Files: util/dict.h util/dict.c
	util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c.

20020313

	Bugfix: mailq could show addresses with unusual characters
	twice.  Problem reported by Victor Duchovni, Morgan Stanley.
	File: showq/showq.c.

	Bugfix: null recipients weren't properly recorded in
	bounce/defer logfiles. Such recipient addresses are not
	accepted in SMTP mail, but they could appear within locally
	submitted mail.  File: bounce/bounce_append_service.c.

20020318

	Workaround: Berkeley DB can't handle null key lookups,
	which happen with HELO names ending in ".".  Victor Duchovni,
	Morgan Stanley. File: smtpd/smtpd_check.c.

	Logging: log a hint when mail is deferred because the
	soft_bounce parameter is set. People sometimes forget to
	turn it off. File: global/bounce.c.

20020319

	Cleanup: add a msg_warn() call when fork() fails in
	pipe_command(), to make problems easier to investigate.
	Chris Wedgwood. File:  global/pipe_command.c.
	
20020320

	Feature: smtp_helo_name parameter to specify the hostname
	or [ip.address] in HELO or EHLO commands. Files: smtp/smtp.c
	smtp/smtp_proto.c.

20020324

	Cleanup: more graceful handling of long physical message
	header lines upon input. Physical header lines can now
	extend up to $header_size_limit characters. When a logical
	message header is too long, the excess text is discarded
	and Postfix no longer switches to body mode, to avoid
	breaking MIME encapsulation.  Based on code by Victor
	Duchovni, Morgan Stanley.  Files:  cleanup/cleanup_out.c,
	cleanup/cleanup_message.c.

	Cleanup: more graceful handling of long physical message
	header or body lines upon output by the SMTP client. The
	SMTP client output line length is controlled by a new
	parameter smtp_line_length_limit (default: 990; specify 0
	to disable the limit). Long lines are folded by inserting
	<CR> <LF> <SPACE>, to avoid breaking MIME encapsulation.
	Based on code by Victor Duchovni, Morgan Stanley.  File:
	smtp/smtp_proto.c.

20020325

	Cleanup: allow additional text after a WARN command in a
	header/body_checks pattern file, so that one can change
	REJECT+text into WARN+text and vice versa. Based on code
	by Fredrik Thulin, Stockholm University.

	Cleanup: log a warning when an unknown command is found in
	a header/body_checks pattern file, or when additional text
	is found after a command that does not expect additional
	text. Based on code by Fredrik Thulin, Stockholm University.

	Bugfix: sendmail should not recognize "." as the end of
	input when the current read operation started in the middle
	of a line.  Victor Duchovni, Morgan Stanley. File:
	sendmail/sendmail.c.

20020328

	Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda.
	File: util/sys_defs.h.

20020329

	Bugfix: defer_transports broke because the flush server
	triggered mail delivery (as if ETRN was sent) while doing
	some internal housekeeping of per-destination logfiles.
	Problem experienced by LaMont Jones, HP. File: flush/flush.c.

	Bugfix: virtual mapping broke for addresses with embedded
	whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
	cleanup/cleanup_map1n.c.

	Feature: configurable service name for the internal services:
	bounce, cleanup, defer, error, flush, pickup, queue, rewrite,
	showq. This allows you to specify, for example, a non-default
	cleanup service (smtpd -o cleanup_service_name=alt_cleanup).
	Files: global/mail_params.[hc].

	Feature: SASL version 2 support by Jason Hoos. Files:
	*/*_sasl_glue.c, SASL_README, conf/sample-auth.cf.

20020330

	Bugfix: postqueue did not pass on non-default configuration
	directory settings when running showq while the mail system
	is down.  The super-user is now exempted from environment
	stripping in postqueue/postqueue.c. Problem reported by
	Victor Duchovni, Morgan Stanley.

20020402

	Workaround: recognize more headers that are sent instead
	of SMTP commands. File: smtpd/smtpd.c.

20020413

	Feature: new pipe delivery agent "D" flag to prepend a
	Delivered-To:  message header. This requires single recipient
	deliveries. Based on code by Matthias Andree. File:
	pipe/pipe.c.

20020414

	Portability: Postfix will no longer attempt to build with
	gdbm support, because gdbm is broken. File:  makedefs.

20020415

	Cleanup: the attribute list IPC code did not distinguish
	between "disconnect" and "timeout" while reading an attribute
	list, making trouble shooting more difficult than necessary.
	Files:  util/attr_scan0.c, util/attr_scan64.c.

	Cleanup: install parameter defaults can now be overruled
	from makedefs: sendmail_path, mailq_path, newaliases_path,
	command_directory, daemon_directory. Based on code by
	Victor Duchovni, Morgan Stanley. File: util/sys_defs.h.

20020411

	Cleanup: Use more robust quoting passing makedefs/Makefile
	settings. This also simplifies the seven backslashes example
	in the INSTALL file.  Victor Duchovni, Morgan Stanley.
	Files: makedefs, INSTALL.

20020417

	Bugfix: the post-install script failed to upgrade master.cf
	settings from private to public if the service was explicitly
	configured as private.

20020418

	Documentation: added CPU saving patterns for quickly skipping
	base 64 encoded text in message bodies.  Liviu Daia.
	Files: {proto,conf}/pcre_table, {proto,conf}/regexp_table,
	conf/sample_{regexp,pcre}_body.cf.

20020426

	Bugfix: the SMTP client forgot to quote whitespace etc.
	in a sender/recipient address when DNS lookup was turned
	off (disable_dns_lookups = yes). Problem experienced by
	Chip Paswater. Files: smtp/smtp_proto.c.

20020501

	Feature: wildcard lookup in transport maps (lookup key
	"*").  Code developed with Lamont Jones, HP.

	Feature: a null transport:destination transport map entry
	means proceed as if the transport map lookup failed.  Code
	developed with Lamont Jones, HP.

	Feature: more efficient use of cache memory when a process
	opens multiple Berkeley DB tables; and faster performance
	creating large tables by using more buffer memory. Files:
	util/dict_db.[hc], global/mkmap_db.c. Victor Duchovni,
	Morgan Stanley.

20020503

	Cleanup: postqueue silently ignored command-line arguments
	following -p or -f options, instead of complaining; postqueue
	produced an incorrect error message (mail system down) when
	the command was installed with incorrect privileges.  File:
	postqueue/postqueue.c.

	Bugfix: while reporting a domain name or IP address syntax
	error, postqueue could dereference a dangling pointer with
	some getopt() implementations. LaMont Jones, HP.  File:
	postqueue/postqueue.c.

	Safety: postalias and postmap now drop root privileges
	while processing a non-root input file. Thus, the result
	should be writable to the source file owner. Specify the
	-o option if this is a problem. Files: postmap/postmap.c,
	postalias/postalias.c.

	Consistency: just like postmap, postalias now copies file
	permissions from the source file when it creates a new
	table for the first time. File: postalias/postalias.c.

20020504

	Portability: run-time test to avoid GDBM trouble.  File:
	util/dict_dbm.c.

20020505

	Cleanup: revised and simplified the transport map semantics.
	Null transport or nexhop fields now mean: "do not change":
	use what would be used if the transport map did not exist.
	This change eliminated a lot of code. The incompatibility
	is that a null transport field no longer defaults to
	$default_transport, but to $local_transport or $default_transport
	depending on the destination, and that a transport map only
	overrides relayhost when the table specifies explicit
	nexthop information.  Files:  trivial-rewrite/transport.c,
	trivial-rewrite/resolve.c.

	Cleanup: revised the user interface for controlling the
	Berkeley DB create and read buffer size controls. Files:
	util/dict_db.[hc], global/mail_params.[hc], global/mkmap_db.c.

20020507

	Cleanup: simplified the hash/btree cache management code.
	The caches are now per table instead of shared, and the
	default read cache size is reduced to 128 kBytes. File:
	util/dict_db.c.

20020508

	Bugfix: close user@domain@postfix-style.virtual.domain
	source routing relaying loophole involving postfix-style
	virtual domains with @virtual.domain catch-all patterns.
	Problem reported by Victor Duchovni. File:  smtpd/smtpd_check.c.

	Bugfix: mail_addr_map() used the "wrong" @ character in
	addresses with multiple @. Victor Duchovni. File:
	global/mail_addr_map.c.

	Bugfix: for address localpart quoting, now quote @ as a
	special character everywhere, except when resolving addresses.
	Previously, the @ was nowhere quoted as a special character,
	not even in SMTP commands.  Files:  global/quote_82[12]_local.c
	and clients.

20020509

	Safety: don't allow an OK access rule lookup result for
	user@domain@postfix-style.virtual.domain. Suggested by
	Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.

	Bugfix: quote unquoted address localparts that need quoting.
	Files: global/tok822_parse.c, global/quote_82[12]_local.c.

	Documentation: simplified the advanced content filtering
	example, and included a more advanced example for those
	who want to squeeze out more performance without running
	multiple Postfix instances.  Text by Victor Duchovni, Morgan
	Stanley. File:  README_FILES/FILTER_README.

20020510

	Feature: header/body filters now log the origin of the
	message that is being rejected. Files: smtpd/smtpd.c,
	qmqpd/qmqpd.c, pickup/pickup.c, cleanup/cleanup_envelope.c,
	cleanup/cleanup_message.c.  Requested by Craig Sanders, if
	I remember correctly.

	Feature: the Postfix SMTP client now passes on MIME body
	type information (8bit, 7bit) received via SMTP, via MIME
	headers, or via the sendmail command line. Files:
	global/deliver_request.c, smtpd/smtpd.c, sendmail/sendmail.c,
	cleanup/cleanup_envelope.c, cleanup/cleanup_message.c,
	cleanup/cleanup_extracted.c, *qmgr/qmgr_message.c,
	*qmgr/qmgr_deliver.c, smtp/smtp_proto.c, lmtp/lmtp_proto.c.

20020511

	Feature: bounces now specify the proper MIME encoding (8bit,
	7bit), depending on the MIME body type information received
	via SMTP, via MIME headers, or via the sendmail command
	line. Files: global/bounce.c, global/defer.c, global/abounce.c,
	bounce/bounce_service.c, bounce/bounce_notify_util.c.

20020512

	Cleanup: the SMTP client logged and bounced the CNAME
	expanded recipient address, and thereby complicated trouble
	shooting.  File:  src/smtp_proto.c.

	Bugfix: the SMTP and LMTP clients bounced the quoted
	recipient address, resulting in too much quoting in bounce
	reports.  Files:  src/smtp_proto.c, lmtp/lmtp_proto.c.

20020513

	Bugfix: the LDAP client used the "wrong" @ character in
	addresses with multiple @. LaMont Jones, HP. File:
	util/dict_ldap.c.

	Feature: lots of new LDAP stuff: result_filter (filter to
	expand results from queries), chase_referrals,
	LaMont Jones, HP. The LDAP bind timeout now works thanks
	to Victor Duchovni, Morgan Stanley. File:  util/dict_ldap.c.

	Cleanup: specify "resolve_dequoted_address = no" to prevent
	Postfix from looking inside quotes for extra @ etc. characters
	when resolving an address. This behavior is technically
	more correct, but it opens a mail relay loophole with "user
	@domain"@domain when relaying mail to a Sendmail system.

20020514

	Bugfix: the new code for header address quoting sometimes
	did not null terminate strings so that arbitrary garbage
	could appear at the end of message headers.  Reported by
	Ralf Hildebrandt.  File:  global/tok822_parse.c.

	Safety: user@domain@domain is no longer accepted by the
	permit_mx_backup uce restriction (unless Postfix is configured
	with "resolve_dequoted_address = no"). Victor Duchovni,
	Morgan Stanley. File: smtpd/smtpd_check.c.

20020515

	Workaround: flush the SMTP client output buffer when no
	output has happened for 10+ seconds. This prevents the
	socket from timing out, in case DNS CNAME expansion is
	slow.  Problem experienced by Alex Erdelyi, peregrine.com.
	File:  smtp/smtp_chat.c. We did the same thing for the SMTP
	server years ago, and one wonders why the coin didn't drop
	at the time that the SMTP client could suffer from a similar
	problem.

20020516

	Updated the FILTER_README file to turn off DNS lookups in
	the SMTP client that feeds mail into a content filter.

20020517

	Cleanup: Mailbox-Line: message header labels should be
	X-Mailbox-Line:  labels. Files: smtpd/smtpd.c, qmqpd/qmqpd.c.

20020515-21

	Feature: new MIME parser, written from scratch, that
	recognizes the structure of MIME encapsulated mail. Influenced
	by comments from Victor Duchovni. This code can detect but
	will not decode obscure MIME formats or obscure character
	string encoding that Liviu Daia expresses concern about.

	MIME header scanning now happens in header_checks, and is
	faster than body_checks could ever be. This also eliminates
	the problem with multi-line MIME headers being matched one
	line at a time.  Files:  global/mime_state.[hc],
	cleanup/cleanup_message.c.

20020521-22

	Feature: 8-bit to quoted-printable conversion. First use in
	the Postfix SMTP client. File: smtp/smtp_proto.c.

	Logging: the Postfix SMTP and LMTP clients now report the
	the protocol stage when they report a server reply.  File:
	smtp/smtp_proto.c, lmtp/lmtp_proto.c.

	Bugfix: the SMTP server warned about ignored client attributes
	(these were introduced 20020510) in mail that was submitted
	with "sendmail -bs".  File: smtpd/smtpd.c.

20020525

	Feature: separation of header checks into header_checks
	(all primary headers except MIME related headers),
	mime_header_checks (all MIME headers including MIME headers
	at the start of messages) and nested_header_checks (headers
	of attached messages, except MIME related headers).

	Cleanup: broke out the header value parser from the MIME
	processor so that the code can be reused elsewhere. File:
	global/header_token.c.

	Compatibility: Postfix now recognizes "name :" as a valid
	message header, but normalizes it to "name:" form or else
	lots of things would break all over the place.  Files:
	global/is_header.c, global/mime_state.c.

20020526

	Bugfix: the SMTP server now disallows RCPT TO:<"">, just
	like it disallows RCPT TO:<>.  File: smtpd/smtpd.c.

	Feature: disable_mime_input_processing=yes/no controls
	whether Postfix recognizes (and optionally enforces) MIME
	formats while receiving mail. Default is NO.

	Feature: disable_mime_output_conversion=yes/no controls
	whether Postfix will convert 8BITMIME to 7BIT mail when
	delivering mail to an SMTP server that does not announce
	8BITMIME support.  Default is NO.

	Feature: strict_8bitmime=yes/no controls whether Postfix
	rejects 8-bit characters in headers and 7-bit body parts.
	This blocks mail from poorly written software, including
	majordomo approval requests that contain a valid 8BITMIME
	email message, as well as mail that is piped into ancient
	/bin/mail implementations that do not MIME format 8-bit
	content. Default is NO.

	Feature: strict_mime_encoding_domain=yes/no controls whether
	Postfix rejects illegal content transfer encodings for
	multipart/* and message/*. This blocks mail from poorly
	written software. Default is NO.

20020527

	Feature: "FILTER transport:nexthop" in header/body checks.
	After the message is queued, the message is sent through
	a content filter. This requires different cleanup servers
	before and after the filter, with header/body checks turned
	off in the second cleanup server.

20020528

	Feature: strict_7bit_headers and strict_8bitmime_body are
	now separately available. To to turn on both, use
	strict_8bitmime.

	Cleanup: abandon the use of isspace(3) in the parsing of
	RFC822 message headers. Files: global/lex_822.h and lots
	of little places.

	Documentation: replace domain.name by domain.tld in the
	example config files. The domain exists. They were getting
	mail from poorly configured Postfix boxes.

	Bugfix: The Postfix sendmail command did not export the
	MAIL_CONFIG environment setting to the postdrop command.
	File: global/mail_config.h.

	Incompatibility: by default, turn on the PCRE_DOTALL flag,
	so that PCRE patterns will match multi-line message headers
	without causing pain. Suggested by Michael Tokarev. Also
	documented all those darned undocumented PCRE flags in the
	pcre_table(5) manual page. Files:  util/dict_pcre.c,
	proto/pcre_table.

20020529

	Bugfix: mail rejected due to MIME errors was rejected
	without proper logging. Files: global/mime_state.c,
	cleanup/cleanup_message.c.

20020531

	Bugfix: the SMTP client code that prepends '.' to lines
	starting with '.' had to be moved from its old place to
	after the MIME output conversion. Problem found by Mark
	Martinec.  File: smtp/smtp_proto.c.

20020601

	Bugfix: the deliver_pass() routine needed updating for the
	extra MIME encoding attribute that was introduced 20020510.
	Patch by Sebastian Schaffert @ wastl.net.  File:
	global/deliver_pass.c.

20020604

	Workaround: Solaris non-blocking read() can fail on a socket
	with unread data according to ioctl FIONREAD.  Incredible.
	Diagnosis by Max Pashkov.  File:  smtp/smtp-sink.c.

20020605

	Safety: header_address_token_limit limits the amount of
	memory and CPU that we're willing to spend while parsing
	addresses in message headers. The limit is expressed as a
	number of tokens. File: global/tok822_parse.c

20020608

	Feature: user@domain transport map lookup, based on code
	by Scott Cotton, from several years ago. Adding this code
	now was much less painful than it was in the past. Files:
	global/strip_addr.c, trivial-rewrite/transport.c.

20020613

	Bugfix: postsuper -r was broken as of 20020510. The cleanup
	daemon would discard mail with MIME type information. Moved
	a bunch of sanity checks from the cleanup daemon to the
	pickup daemon, so the checks are in one place.  Problem
	experienced by Pavol Luptak. Files: pickup/pickup.c,
	cleanup/cleanup_extracted.c.

20020705

	Safety: log a warning when a domain is listed in mydestination
	and (virtual_maps or virtual_mailbox_maps).  This configuration
	error causes the Postfix SMTP server to reject recipients
	when the local_recipient_maps feature is enabled.  File:
	smtpd/smtpd_check.c.

200207011

	Portability: in the master daemon, the default now is to
	enable the signal handler code that writes a byte into a
	pipe, instead of the signal handler code that sets a global
	flag and hopes that select() will somehow wake up. File:
	master/master_sig.c. This is needed for some IRIX and
	UnixWare versions, but it should also produce a robust
	result on all other supported systems.

	Performance: the default SMTP connection establishment
	timeout is now 30 seconds, instead of the system default
	which can be atrociously large.

20020712

	When DNS lookup fails while delivering mail, report not
	only the domain name but also the DNS record type.  This
	should clue in people who ask why Postfix can't find a
	domain while nslookup can.  File:  dns/dns_lookup.c.

20020713

	Bugfix: undo change made at 20020610 that causes the trivial
	resolver client to loop when an address consists entirely
	of @ and . characters.  File: trivial-rewrite/resolve.c.

	Cleanup: Postfix no longer strips multiple '.' at the end
	of a domain name. One '.' is silently tolerated. Files:
	trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
	global/resolve_local.c. This policy is too distributed.

20020715

	Feature: @domain.tld catch-all map entries for the virtual
	mail delivery agent. Files: global/virtual8_maps_find.c,
	virtual/mailbox.c, smtpd/smtpd_check.c.

	Feature: the virtual mail delivery agent now accepts address
	extensions (user+foo@domain.tld), ignores them when looking
	up users in its tables, but displays them in Delivered-To:
	message headers.  File: global/virtual8_maps_find.c.

20020716

	Feature: domain names in a masquerade_domains list can now
	be prefixed with !, in order to disable masquerading for
	that domain name and for its subdomains. File:
	cleanup/cleanup_masquerade.c.

20020717

	Bugfix: Mac OS X niscript (Netinfo) update by Gerben Wierda.
	File: auxiliary/MacOSX/niscript.

	Feature: The SMTP server reject_unknown_whatever restrictions
	now also attempt to look up AAAA (IPV6 address) records.
	Jun-ichiro itojun Hagino, IIJ labs. Files: smtpd/smtpd_check.c,
	dns/dns_lookup.c.

20020718

	Bugfix: unnecessary lookups for extended addresses by the
	virtual8_maps_find() routine. Victor Duchovni. His patch
	did not work, nor did my own, but the present version should
	be OK. File: global/virtual8_maps_find.c.

20020719

	Workaround: log a warning when an SMTP client name->address
	lookup results in a numeric IP address, and set the client
	hostname to "unknown". Some gethostbyname() implementations
	will actually accept such garbage and thereby allow sites
	to defeat the "reject_unknown_client" restriction. Problem
	reported by Wolfgang Rupprecht, fix based on analysis (but
	not code) by Victor Duchovni.

	Bugfix: memory leaks in the LDAP client by Victor Duchovni.
	File: util/dict_ldap.c.

	Bugfix: garbage in verbose "flush" server logging. Victor
	Duchovni.  File: flush/flush.c.

20020723

	Incompatibility: smtpd_sasl_local_domain now defaults to
	the null string. File: smtpd/smtpd.c, smtpd/smtpd_sasl_glue.c.

20020726

	Documentation: added GDB debugging instructions for sites
	that do not have X installed on the Postfix machine. Henrik
	Larsson, spambox.dk.

20020729

	Weird: installed RedHat 3.03 inside VMware, and no change
	was needed to build Postfix, except to recognize the Linux
	version.

	Bugfix: some mailers will announce ESMTP features in their
	HELO (not EHLO) response. Postfix did not ignore them.
	File: smtp/smtp_proto.c.

20020731

	Cleanup: permit_naked_ip_address is unsafe (especially when
	used with smtpd_recipient_restrictions) and will go away.
	Postfix now logs a warning. File: smtpd/smtpd_check.c.

20020801

	Cleanup: the warning message for matched header/body
	content was misleading. File: cleanup/cleanup_message.c.

	Safety: moved the "postsuper -r ALL" operation after the
	"postsuper -s" check that makes queue file names match
	inode numbers. This avoids loss of mail in the unlikely
	case that someone runs "postsuper -sr ALL" on a queue that
	was copied from another place.

	Feature: "postsuper -h" to put mail "on hold" and "postsuper
	-H" to release mail that was placed "on hold". This involves
	a new queue, which is appropriately named "hold".  Files:
	postsuper/postsuper.c, showq/showq.c.

20020803

	Feature: when a Delivered-To: mail delivery loop is detected,
	send the bounce to the mailing list owner. This required
	changes to the local delivery agent, a new bounce client
	stub, and a new bounce server stub and support routines
	for one recipient bouncing. Files: local/recipient.c,
	global/bounce_log.c, global/bounce.c, bounce/bounce.c,
	bounce/bounce_notify_util.c, bounce/bounce_one_service.c.

20020809

	Bugfix: the 20020531 bugfix could prepend '.' to lines when
	it shouldn't (but only when converting 8-bit mail to 7-bit).
	Problem experienced by Ralf Hildebrandt.  File:
	smtp/smtp_proto.c.

	Bugfix: smtpd_sender_login_maps did not do the @domain etc.
	wild-card lookups that were promised. Problem experienced
	by Sven Michels. File: smtpd/smtpd_check.c.

20020810

	Feature: new smtp-sink command-line options to specify the
	SMTP hostname, to disable ESMTP protocol support, to
	disable 8BITMIME support, and to syslog selected commands.
	File: smtpstone/smtp-sink.c.

20020814

	Feature: the queue manager now warns when mail for some
	destination is piling up in the active queue, and suggests
	a variety of remedies.  The qmgr_clog_warn_time parameter
	controls the time between warnings, mainly so that I could
	test the code. To disable these warnings, specify
	"qmgr_clog_warn_time = 0". Files:  *qmgr/qmgr_entry.c.

20020815

	Paranoia: truncate the DNS response length result value in
	case it is larger than the result buffer length (the resolver
	documentation is vague about this). File:  dns/dns_lookup.c.

20020816

	Cleanup: "postqueue -f" now also triggers delivery of mail
	in the maildrop directory. This is needed when the master
	does not frequently wake up the pickup service.  Files:
	global/mail_flush.c, postqueue/postqueue.c.

20020818

	Cleanup: the qmgr_site_hog_factor feature is gone (defer
	mail if a site uses up too much space in the active queue).
	Instead, the qmgr_clog_warn_time feature provides better
	solutions. File: qmgr/qmgr_message.c.

20020819

	Feature: new header/body_checks HOLD pattern that causes
	mail to be placed on the "hold" queue for manual inspection.
	Files: global/hold_message.[hc], cleanup/cleanup_message.c.

20020820

	Bugfix: yesterday's HOLD pattern code did not update the
	cleanup server's idea of the queue file name for error
	recovery and for error reporting purposes, so that incomplete
	or content rejected mail would not be deleted from the
	queue, and so that the bouncer would not find the queue
	file.

	Bugfix: the #ifdef that detects too old LDAP libraries was
	in the wrong place.  Victor Duchovni.  File: util/dict_ldap.c.

	Feature: new header/body_checks DISCARD pattern that causes
	mail to be silently discarded. Files: global/cleanup_user.h,
	cleanup/cleanup_message.c, cleanup/cleanup_api.c.

	Bugfix: the local delivery agent's mailbox duplicate delivery
	eliminator was not updated in the days that address extensions
	were added to Postfix. The other local duplicate eliminators
	probably need revision as well. File: local/mailbox.c.

20020821

	Feature: HOLD and DISCARD actions in SMTPD access tables.
	These requests are propagated to the cleanup daemon.
	Files: cleanup/cleanup_envelope.c smtpd/smtpd_check.c.

	Cleanup: eliminate unnecessary references to the obsolete
	program_directory configuration parameter (but keep the
	parameter so as to not break existing installations).
	Matthias Andree, many little changes in documentation.

20020822

	Bit Rot: OpenLDAP incompatible change with URL parsing.
	Patches by Will Day, Georgia Tech, and Carsten Hoeger,
	SUSE.  File: util/dict_ldap.c.

20020823

	Bugfix: added a missing memset() call to wipe the lookup
	key in dict_db_delete(). This is needed by some Berkeley
	DB implementations. Patch by Katsu Yamamoto, Fujitsu.

	Bugfix: when permit_mx_backup is unable to make a decision
	due to DNS problems, set the "defer if reject" flag so that
	other restrictions will not cause mail to be rejected.
	File: smtpd/smtpd_check.c.

	Feature: instead of giving up immediately after DNS failure,
	turn on the "defer_if_permit" flag when reject_unknown_hostname,
	reject_unknown_sender_domain or reject_unknown_recipient_domain
	are unable to make a decision, and see if any subsequent
	restrictions would still cause the mail to be rejected.
	File:  smtpd/smtpd_check.c.

	Feature: "FILTER transport:nexthop" is now also available
	in SMTPD access tables.

20020826

	Workaround: HP-UX 11 accept() fails with ENOBUFS when the
	client disconnects early. File: sane_accept.c.

20020901

	Cleanup: postfix-install no longer installs all the manual
	pages under $POSTFIXSOURCE/man, so we can generate manual
	pages for smtp-sink etc.  File: man/Makefile.in.

20020903

	Bugfix: the rmail script should have been updated when
	Postfix sendmail was changed to recognize `.' as the end
	of input.  Problem fix by Christian Kratzer, cksoft.de.
	File:  auxiliary/rmail/rmail.

	Feature: specify "maximal_queue_lifetime = 0" for mail that
	should be returned immediately after the first unsuccessful
	delivery attempt. Files: qmgr/qmgr.c, nqmgr/nqmgr.c.

20020904

	Bugfix: qmail compatibility: qmqpd should support any
	character at the end of the VERP prefix in prefix@host-@[].
	Based on a patch by LaMont Jones, HP.

20020905

	Feature: "smtpd_data_restrictions = reject_unauth_pipelining"
	blocks mail from SMTP clients that send message content
	before Postfix has replied to the DATA command.  File:
	smtpd/smtpd.c, smtpd/smtpd_check.c.

	Bugfix: the LDAP client dumped core in verbose mode.
	Reported by Will Day and others.  File: util/dict_ldap.c.

20020906

	Cleanup: dict_regexp module speedups by avoiding unnecessary
	substring overhead while matching strings. Based on a
	suggestion by Liviu Daia. This involved major rewriting of
	the regexp map code.  File: util/dict_regexp.c.

20020907

	Feature: IF..ENDIF support based on code by Bert Driehuis.
	This involved a further rewrite of the regexp map code.
	File: util/dict_regexp.c.

 
20020910

	Bugfix: the SMTP client produced suprious warnings about
	trouble with fallback_relay hosts. File:  smtp/smtp_connect.c.

	Robustness: don't wait with detecting broken SMTP connections
	until reading input. Leandro Santi. File: smtpd/smtpd_chat.c.

20020911

	Workaround: IRIX 6 can't do ioctl FIONREAD on pipes. This
	breaks the in_flow_delay feature.  File:  util/sys_defs.h.

20020912

	Bugfix: canonical/virtual mapping core dump with a null
	right-hand side address. Report by Jussi Silvennoinen.
	File: global/mail-addr_crunch.c.

	Feature: IF..ENDIF support based on code by Bert Driehuis.
	This involved a rewrite of the pcre map code similar to
	the regexp map code.  File:  util/dict_pcre.c.

20020917

	Feature: on Linux, support for PCRE lookup tables is now
	compiled in if the PCRE library code is found under
	/usr/include and /usr/lib.  File: makedefs.

20020918

	Documentation: postsuper(1) did not document the -c option.

	Bugfix: possible longjump() before setjmp(). File:
	smtpd/smtpd.c.

	Bugfix: pickup should not preserve INSPECT or FILTER records
	from "postsuper -r". File: pickup/pickup.c.

20020919

	Feature: "reject_rbl <domain>" for client address blacklisting
	by LaMont Jones, including $name expansion for per-domain
	customized response messages. The obsolete reject_maps_rbl
	is now a wrapper that uses the new code.

20020921

	Internal: added caching and factored out common code that
	will be used for both reject_rbl and for the upcoming
	reject_rhsbl restriction.

20020922

	Feature: "reject_rhsbl <domain>" for sender domain
	blacklisting.  Provides the same per-domain customized
	response message mechanisms with $name expansion as
	reject_rbl.

	Safety: the smtpd_expansion_filter parameter controls what
	characters are allowed in the expansion of $name macros in
	template RBL responses.

	Cleanup. In order to make sensible warnings possible when
	expanding a non-existent $name in RBL reply templates,
	mac_expand() had to be changed so that an empty string
	result (i.e. the name does exist) will no longer cause
	${name?text} to succeed.  File:  util/mac_expand.c.

20020923