HISTORY

	Cleanup. Renamed the RBL features according to a scheme
	that was suggested by Liviu Daia in October 2001. The
	names are reject_rbl_client and reject_rhsbl_sender,
	respectively.  Added domain name based reject_rhsbl_client
	and reject_rhsbl_recipient restrictions for completeness.
	The reject_rbl restriction name is still recognized for
	compatibility with systems maintained by LaMont Jones.

20020924

	Bugfix: reject_rhsbl_<mumble> was broken when <mumble> was
	unavailable, causing the restrictions parser to get out if
	sync. Spotted by Ralf Hildebrandt.  File:  smtpd/smtpd_check.c.

20020928

	Bugfix: missing %s in the 20020923 RBL code. This was not
	exploitable because Postfix implements only a safe subset
	of all printf format operators and because memory for the
	result is dynamically allocated.  Victor Duchovni. File:
	smtpd/smtpd_check.c.

20020929

	Updated MacOSX support scripts from Gerben Wierda.  Files:
	auxiliary/MacOSX/*.

20021009

	Bugfix: SIZE errors should be reported at MAIL FROM time,
	and should not be postponed (with smtpd_delay_reject = yes)
	until RCPT TO time. Reported by Jeroen Scheerder, Utrecht
	University. Files: smtpd/smtpd.c smtpd/smtpd_check.c.

20021013

	When Postfix development started, Linux mail delivery
	software such as procmail did not use kernel locks, and
	Postfix picked one that seemed plausible, namely, flock().
	In the mean time, Linux mail delivery software seems to
	have standardized on fcntl() locks. File: util/sys_defs.h.

	Feature: body_checks_size_limit parameter to specify how much
	of a message body segment (or attachment, if you prefer to
	use that term) is subjected to body_checks inspection.
	Default limit:  50 kbytes. Files:  global/mime_state.c,
	cleanup/cleanup_message.c.

20021015

	Bugfix: the code for missing postmaster/mailer-daemon
	aliases had to be moved after the code that implements the
	luser_relay feature. Files: local/alias.c, local/unknown.c.

	Weird? The LMTP client lowercased the MAIL FROM and RCPT
	TO addresses. Some remnant of code that someone put in
	there long ago. File: lmtp/lmtp_proto.c.

20021024

	Feature: proxy_interfaces parameter. Specify your NAT or
	other proxy addresses here to avoid mail delivery loops.
	Files: global/mail_params.[hc] global/own_inet_addr.[hc]
	global/resolve_local.c smtp/smtp_addr.c smtpd/smtpd_check.c.

	Paranoia: defend against a very unlikely false alarm in
	safe_open().

20021025

	Feature: X-Original-To: message headers with the raw original
	envelope recipient.

	Logging: status=sent/deferred/bounced/ logging now includes
	the original recipient address if it differs from the final
	address.

20021026

	Logging: SMTP UCE reject/warn/hold/discard logging now
	includes queue ID. This will break some logfile analyzers.

	Logging: SMTP UCE reject/warn/hold/discard logging now
	includes the protocol name and, if available, the hostname
	given in the SMTP HELO or EHLO command.

	Logging: header/body_checks reject/warn/hold/discard logging
	now includes the protocol name and, if available, the
	hostname given in the SMTP HELO or EHLO command.

20021028

	Bugfix: don't reset state after rejected EHLO. Reset state
	after HELO. Reported by Karthikeyan Bhargavan, upenn.edu.
	Files: smtpd/smtpd.c.

20021029

	Bugfix: local(8) did not prepend an X-Original-To:  message
	header while delivering to command, and local(8) did not
	document the X-Original-To:  message header.

	Workaround: DJBDNS produces a bogus A record when given a
	numerical hostname. File: dns/dns_lookup.c.

20021030

	Portability: support for Berkeley DB version 4.0 but not
	for Berkeley DB version 4.1 (yes, the API is different).
	Postfix is now going to be paranoid about the minor version
	number, too. File:  util/dict_db.c.

	Documentation: updated LMTP_README file by Amos Gouaux.

20021031

	Bugfix: (bug introduced 20021026) log NOQUEUE when rejecting
	ETRN, instead of trying to log a non-existent queue ID.
	Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.

	Cleanup: allow optional text after commands in SMTPD access
	maps. Based on initial effort by Victor Duchovni, Morgan
	Stanley. File: smtpd/smtpd_check.c.

	Portability: support for Berkeley DB version 4.1.  This
	version refuses to open zero-length files. This complicates
	lock management and requires extra code to remove broken
	files. Files:  util/dict_db.c, global/mkmap*.[hc].

20021101

	Bugfix: don't complain about out-of-order original recipient
	records for finished recipients. Files:  *qmgr/qmgr_message.c,
	cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.

	Cleanup: further simplified the mkmap wrapper (used by
	postmap and postalias only) to remove some hurdles for
	Michael Tokarev's CDB support. Files: global/mkmap*.[hc].

20021105

	Postalias now produces YP_LAST_MODIFIED and YP_MASTER_NAME
	records only when NIS support is compiled in. File:
	postalias.c.

20021106

	Postalias now puts $myhostname in the YP_MASTER_NAME record,
	instead of the possibly bogus gethostname() result.  File:
	postalias.c.

	The PCRE map code did not reject non-numeric replacement
	indices in replacement text, and silently treated $text as
	$0. Found by Michael Tokarev. File: dict_pcre.c.

20021108

	Cleanup: the behavior of the SMTP server's defer_if_permit
	flag was changed, in order to maximize the opportunity to
	permanently reject mail without opening opportunities for
	losing legitimate mail. This was done in cooperation with
	Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.

	The defer_if_permit flag is still set when an UCE reject
	restriction fails due to a temporary (e.g., DNS) problem,
	to prevent unwanted mail from slipping through. However,
	the flag is no longer tested at the end of client, helo or
	sender restrictions.  Instead, the flag is now tested at
	the end of the ETRN and recipient restrictions only.

	The behavior of the warn_if_reject restriction has changed.
	It no longer activates any already made defer_if_permit or
	defer_if_reject decisions (the defer_if_reject flag is set
	when some UCE permit restriction fails due to a temporary
	(DNS) problem, to avoid loss of legitimate mail).

	Bugfix: instead of setting the defer_if_permit flag, a
	failing reject restriction after warn_if_reject now merely
	logs that it would have caused mail to be deferred.

	A failing permit restriction after warn_if_reject still
	raises the defer_if_reject flag, to avoid loss of legitimate
	mail.

20021109

	Bugfix: a misguided change to the .forward macro expansion
	filter broke .forward file lookup.

	Bugfix: missing defer_if_permit test in smtpd_data_restrictions.
	Victor Duchovni. File:  smtpd/smtpd_check.c.

20021112

	Robustness: increase the mime_nesting_limit from 20 to 100,
	so that bounces can't loop. Each bounces increases the MIME
	nesting level by one.  Ralf Hildebrandt and Victor Duchovni.

20021113

	Robustness: reinstated SMTP client command flushing to
	avoid pipeline stalls.  File: smtp/smtp_chat.c.

20021114

	Robustness: distinguish between timeout and "lost connection"
	when the SMTP server is unable to send a reply to the remote
	client. File: smtpd/smtpd_chat.c.

20021115

	Bugfix: initialization error with "*" transport table
	lookup, reported by LaMont Jones. The transport map lookup
	code had grown into a monster and needed to be replaced.
	trivial-rewrite/transport.c.

20021121

	Bugfix: garbage in "user@garbage"@domain address forms may
	cause the SMTP or LMTP client to terminate with a fatal
	error exit because garbage/tcp is not an existing service.
	This cannot be abused to cause the SMTP or LMTP client to
	send data into unauthorized ports.  Files:  *qmgr/qmgr_message.c,
	trivial-rewrite/resolve.c.

20021128

	Feature: hashed hold queue support, with hashing turned on
	by default. Omission spotted by Victor Duchovni, Morgan
	Stanley. Files: global/hold_message.c, global/mail_params.h.

	Bugfix: the LMTP client lost the port(service) information
	when parsing host:port information. Victor Duchovni, Morgan
	Stanley. Fix is to have a new host_port(3) module that does
	the parsing for the SMTP and LMTP clients.

	Cleanup: host_port() routine that parses host/port information
	more consistently than the existing code in the LMTP and
	SMTP clients. Files: smtp/smtp_connect.c, lmtp/lmtp_connect.c,
	util/host_port.[hc].

20021201

	Compatibility: ignore the new Sendmail -A option. File:
	sendmail/sendmail.c.

	Workaround: sendmail -v now produces no output. You need
	to specify -v -v instead. This is to avoid problems when
	people request verbose mail delivery in their mail.rc file.
	File:  sendmail/sendmail.c.

20021202

	Cleanup: hash_queue_depth now defaults to 1 level of
	subdirectories. This makes "mailq" faster on most systems,
	but will result in poorer worst-case performance when lots
	of mail is queued.

	The check_relay_domains restriction is going away. The SMTP
	server logs a warning and suggests using reject_unauth_destination
	instead.

	Cleanup: the local(8) and virtual(8) delivery agents did
	not prepend X-Original-To: addresses to maildir files.
	Omission spotted by Matthias Andree.

	Bugfix: too many levels of dereferencing while testing for
	missing reject_rbl_mumble domain names. Patrik Rak.  File:
	smtpd/smtpd_check.c.

20021203

	Bugfix: the FILTER access table action included the FILTER
	command in the filter request, where only the transport+destination
	were expected. Noel Jones. File smtpd/smtpd_check.c.

	Cleanup: virtual_maps is now called virtual_alias_maps, in
	order to better distinguish it from virtual_mailbox_maps.
	The default value is $virtual_maps for backwards compatibility.

	New parameters virtual_alias_domains and virtual_mailbox_domains
	for the "domain.tld whatever" lookups.  These use the same
	syntax as the mydestination parameter.  Default settings
	are backwards compatible with Postfix 1.1.

	Concept: just like $mydestination+$inet_interfaces control
	what routes to $local_transport, $virtual_mailbox_domains
	now controls what routes to $virtual_transport (default
	transport:  virtual), and $relay_domains now controls what
	routes to $relay_transport (default transport: relay, a
	clone of the smtp transport).  Everything else routes to
	$default_transport as before.  This eliminates the need
	for transport map entries for every virtual(8) domain, and
	avoids performance problems with inbound relay mail. This
	was improvement was suggested by Victor Duchovni. File:
	trivial-rewrite/resolve.c.

20021206

	Cleanup: do allow regexps in aliases, virtual mailbox maps
	but do not allow regular expression substitutions. Files:
	util/dict.h, util/dict_regexp.c, util/dict_pcre.c.

20021207

	Cleanup: deleted the description of sendmail-style virtual
	domains from the virtual(5) manual page. This part of
	Postfix was too confusing.

	Performance: RFC 2821 blesses the use of CNAME domain names
	in MAIL FROM and RCPT TO. Not having to expand CNAME domain
	names speeds things up a bit.  File:  smtp/smtp_proto.c.

	Workaround: exclude error mailer destinations from transport
	mapping lookups :-(. File: trivial-rewrite/resolve.c.

	Cleanup: relocated_maps lookups are now moved to the
	trivial-rewrite server. As of now, the queue manager no
	longer does any map lookups, so it won't restart when maps
	change. Files:  *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.

	Robustness: because the trivial-rewrite server now does
	many more table lookups, some of which are often LDAP or
	SQL based, trivial-rewrite clients must be be prepared for
	the case that the resolver reports a failure while processing
	a request (when it was unable to access a lookup table).
	Files:  trivial-rewrite/resolve.c, local/resolve.c,
	smtpd/smtpd_check.c.

	Robustness: moving possible LDAP or SQL table lookups into
	the trivial-rewrite server also required that trivial-rewrite
	be running as multiple processes to reduce lookup latencies.
	Files:  master/multi-server.c.

	Workaround: don't discard all the DNS lookup results when
	only one of the results has a malformed name or address.
	File:  dns/dns_lookup.c.

20021208

	Cleanup: with the preliminary address domain classification
	concept as implemented by the trivial-rewrite address
	resolver, a lot of table lookups could be eliminated from
	the SMTP server.  Files: smtpd/smtpd_check.c.

	Feature: new relay_recipient_maps parameter, for optional
	maps with all the recipients in the domains that match
	$relay_domains (so you can reject mail for unknown relay
	recipients). This is for consistency with virtual_xx_maps
	and virtual_xx_domains, and with local_recipient_maps and
	the local delivery agent.  File:  smtpd/smtpd_check.c.

	Cleanup: removed support for obsolete #number domain forms.
	File: smtpd/smtpd_check.c.

20021209

	The Postfix installation procedure no longer sets the
	"chattr +S" bit on Linux queue directories. Wietse has
	gotten too annoyed with naive reviewers who complain about
	performance without having a clue of what they are comparing.

	"Security": local_recipient_maps is now turned on by default,
	to reject mail for non-existent users at the SMTP port.
	See conf/main.cf for instructions, section REJECTING UNKNOWN
	LOCAL USERS.

	Safety: detection of missing or inaccessible passwd file
	database, to prevent massive complaints from people who
	suddenly lose all their mail because local_recipient_maps
	is now turned on by default.

20021211

	Performance: doubled the default process limit (50->100)
	and default queue manager active queue message/recipient
	limits (10k->20k).  File: global/mail_params.h.

20021212

	Cleanup: allow transport map lookups to override error
	mailer results (to avoid breaking existing installations),
	and do transport map lookups before relocated map lookups.
	Files:  trivial-rewrite/resolve.c, trivial-rewrite/transport.c.

	Admin friendliness: the SMTP server now reports "User
	unknown in {local recipient | virtual alias | virtual
	mailbox | relay recipient} table". This will make trouble
	shooting a little easier. Files: smtpd/smtpd_check.c,
	trivial-rewrite/resolve.c.

20021213

	Cleanup: transport map entries with null nexthop ignored
	relayhost settings. Making the code simpler also made it
	more correct. Files: trivial-rewrite/resolve.c,
	trivial-rewrite/transport.c.

	Feature: "helpful_warnings" (default: yes) that can be
	turned off if you really know what you're doing and want
	to eliminate some unnecessary work.

	Feature: enforcement of master.cf process limits for
	processes such as qmgr and pickup that must run alone, and
	processes such as cleanup and bounce that must run without
	explicit process count limit. If an incorrect process limit
	is specified in master.cf the service aborts.

20021214

	Cleanup: it looks like we finally get it right with transport
	lookup table entries that either override or specify an
	error transport without updating the nexthop information.
	File:  trivial-rewrite/resolve.c.

	Performance: don't do UCE checks (which may result in 4xx
	SMTP reply codes, and thus, repeated delivery attempts)
	when we already know that the recipient does not exist.
	Files:  smtpd/smtpd.c, smtpd/smtpd_check.c.

20021215

	Cleanup: further simplification of transport map handling
	after some really fine hair splitting with Victor Duchovni.
	Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c.

20021216

	Workaround:  transform the address local-part into unquoted
	form only when the address domain is local and the local-part
	contains routing operators.  Otherwise, we may damage the
	address local-part by inserting space between non-operator
	tokens. Some people use weird addresses and expect them to
	be handled without damage.  File: trivial-rewrite/resolve.c.

	Robustness: scan the resolved recipient address for routing
	operators in the address local-part, even when the local
	MTA does not recognize ! and % as valid operators.  File:
	trivial-rewrite/resolve.c.

	Cleanup: the address rewriting code no longer tries to
	rewrite broken user@ or user@. address forms into even more
	broken forms. bother. File: trivial-rewrite/rewrite.c.

	Cleanup: the address resolver code now treates forms ending
	in @ in a more rational manner (because the address rewriting
	code no longer messes up by appending .my.domain).

	Bugfix: a null address local-part before @domain now is
	properly quoted just like the null address. File:
	global/quote_82[12]_local.c.

20021217

	Cleanup: more work on the trivial-rewrite address rewriting
	and address resolving code. New regression tests for address
	rewriting and resolving that make some assumptions about
	main.cf settings. Files: global/Makefile.in (assumptions),
	global/rewrite_clnt.in, global/rewrite_clnt.ref,
	global/resolve_clnt.in, global/resolve_clnt.ref.

	Safety: configurable SMTPD reject codes for recipients not
	in {local,relay}_recipient,virtual_{alias,mailbox}}_maps,
	aptly named unknown_mumble_reject_code.  Postfix installs
	with unknown_local_recipient_reject_code=450, unless the
	site already ran Postfix with local_recipient_maps enabled.
	Files:  smtpd/smtpd.c, smtpd/smtpd_check.c, conf/post-install.

20021219

	Bugfix: longjmp() while sending "go away" without setjmp()
	in the QMQP server. Patrik Rak. File: qmqpd/qmqpd.c.

	Safety: the XVERP extension is restricted to clients listed
	in the authorized_verp_clients list (default: $mynetworks).
	File: smtpd/smtpd.c.

	Workaround: preliminary IPV6 support in valid_hostliteral().
	File: util/valid_hostname.c.

20021220

	Feature: new check_recipient_maps restriction that gives
	finer control over when unknown recipients are rejected.
	As with Postfix 1.1, the default is to do this at the end
	of the recipient restrictions. Sites that want to improve
	performance can put check_recipient_maps at the start of
	the smtpd_client_restrictions list and avoid doing unnecessary
	RBL lookups etc.  File:  smtpd/smtpd_check.c.

	Feature: new show_user_unknown_recipient_table parameter
	controls whether or not to reveal the lookup table name in
	"User unknown" responses. The extra detail makes trouble
	shooting easier but also reveals information that is nobody
	elses business.

20021221

	Workaround: don't allow the transport map to override the
	virtual alias class (error:User unknown) result.  File:
	trivial-rewrite/transport.c.

20030101

	Documentation update: new-style virtual domains broke the
	advanced content filtering example. Files: FILTER_README,
	RELEASE_NOTES.

20030104

	Cleanup: avoid warnings about flag mismatches when the same
	lookup table is listed under both virtual_alias_maps and
	virtual_mailbox_maps. Files: global/virtual8.h, virtual/virtual.c.

	Bugfix: an obscure memory leak that puzzled me for more
	than a year until I found out how to reproduce it. File:
	util/vstream.c.

20030106

	Robustness: the master no longer aborts with "address
	already in use" when inet_interfaces specifies the same IP
	address multiple times, or when a TCP service in master.cf
	specifies a hostname for which the same IP address is listed
	multiple times. File: master/master_ent.c.

20030107

	Robustness: check that FILTER actions in SMTPD access maps
	or cleanup header/body_checks have plausible syntax. Files:
	smtpd/smtpd_check.c, cleanup/cleanup_message.c.

20030110

	Cleanup: the virtual_mailbox_maps parameter is now optional
	even when virtual_mailbox_domains is specified. This makes
	virtual mailbox domains more like relay domains and the
	local domain.

	Portability: the makedefs script now uses the pcre-config
	utility to find out where things are installed.

	Bugfix: the SMTP server did not recognize the local built-in
	double bounce address as local. Reported by Matthias Andree.
	For safety sake, threw in the local postmaster address as
	well.  File:  smtpd/smtpd_check.c.

20030113

	Added MAILER-DAEMON to the list of always recognized local
	addresses, since it is generated by Postfix bounces. File:
	smtpd/smtpd_check.c.

20030114

	Bugfix: transport_errno was not reset upon successful
	transport map wildcard lookup after an earlier failure.
	Reported by Victor Duchovni. File:  trivial-rewrite/transport.c.

	Cleanup: unnecessary warnings from the proxymap client
	after proxymap server disconnect. File:  global/dict_proxy.c.

	Cleanup: Patrik Rak found a few more chattr invocations
	that were missed 20021209. Files: postfix-install,
	conf/post-install.

	Cleanup: the pcre-config command can produce null outputs.
	Matthias Andree.  File: makedefs.

	Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the
	dependencies.

20030115

	Bugfix: fixed in the snapshots 20030105 but missed in the
	stable release. "sendmail -bs" tried to access the proxymap
	service.  It should not try to open any user/domain/uce
	related tables at all. File:  smtpd/smtpd.c.

20030118

	Typos: some hyperlinks referred to flushd, which is the
	name that was used before the flush service was released.
	Reported by Victor Duchovni.

	Cleanup: smtpd no longer needed to open relocated_maps.

20030119

	Cleanup: bounce messages used "X-Postfix" even when mail_name
	was set to something other than the default "Postfix" name.
	File: bounce/bounce-notify_util.c.

20030120

	Bugfix: wrong FILTER_README instructions for disabling
	virtual alias mapping in the cleanup server before the
	content filter.

	Bugfix: wrong FILTER_README instructions for destination-dependent
	filtering, because relay_domains was specified incorrectly.

20030122

	Bugfix: 20021207 (move relocated table lookup from queue
	manager to trivial-rewrite server) broke relocated table
	lookup results with mail not rejected at the SMTP port.
	Files:  *qmgr/qmgr_deliver.c, *qmgr/qmgr_message.c.

20030123

	Bugfix: a widely used maildir filename algorithm was broken.
	Postfix now uses TIME.DEVICE_INODE.HOST. Files: local/maildir.c,
	virtual/maildir.c.

20030124

	Cleanup: removed the address syntax check from the queue
	manager, since a better test was implemented recently in
	the trivial-rewrite server. Files: *qmgr/qmgr_message.c.

20030126

	Update: maildir filename algorithm updated according to
	today's version of http://cr.yp.to/proto/maildir.html.

20030127

	Cleanup: use separate error messages for separate problems
	with computing the list of SASL authentication mechanisms.
	File: smtpd/smtpd_sasl_glue.c.

20030130

	Bugfix: allow $name in default time values. File:
	global/mail_conf_time.c.

20030219

	Bugfix: the local pickup daemon skipped unterminated records,
	since they happened to have the same record type code as
	content filtering instructions. Victor Duchovni.  Files:
	global/rec_type.h, pickup/pickup.c.

	Portability: Postfix could block, and thus not enforce
	command execution time limits, while delivering mail to
	command.  File: global/pipe_command.c.

	Bugfix: command execution time limits were not enforced
	because the child process killing code in pipe_command()
	was running with the wrong privileges. Problem reported by
	Ben Rosengart, Panix. File: global/pipe_command.c.

	Bugfix: duplicate recipient filtering in the cleanup server
	did not eliminate virtual expansion duplicates with the
	same original recipient. File: cleanup/cleanup_out_recipient.c.

20030223

	Bugfix: smtpd_hard/soft_error_limit off-by-one error, so
	that the real limit was one larger than the specified value.
	File: smtpd/smtpd.c, smtpd/smtpd_chat.c.

20030226

	Safety: proxymap server defense against potential deadlock
	when some library routine wants to open a proxied table.
	Instead, proxymap opens the requested table directly. File:
	proxymap/proxymap.c.

20030227

	Bugfix: added mynetworks to the list of proxy_read_maps
	parameter settings that are pre-authorized to use proxied
	table lookups.  File: global/mail_params.h.

20030305

	Workaround: Postfix removes too long non-address text from
	message headers in order to protect vulnerable Sendmail
	systems against exploitation of the remote buffer overflow
	vulnerability described in CERT advisory CA-2003-07.

20030311-19

	Bugfix: the access map actions HOLD, DISCARD and FILTER
	were broken with smtpd_delay_reject=no and with ETRN. Fixing
	this required re-architecting of the actions code. Files:
	smtpd/smtpd.[hc], smtpd/smtpd_check.c, smtpd/smtpd_state.c.

20030315

	Bugfix: the postsuper manual page documented support for
	the -c command line option, but it was not implemented.
	File: postsuper/postsuper.c.

	Bugfix: the Postfix 2.0 recipient map checking code broke
	the VRFY command, causing it to reply with status code 252
	for non-existent addresses. This required re-architecting
	the recipient table lookup code. File:  smtpd/smtpd_check.c.

20030410

	Safety: log a fatal error when a net/mask pattern has a
	non-zero host part, so that mail delivery is deferred.
	File: util/match_ops.c.

20030411

	Bugfix: extraneous warning about out-of-order original
	recipient records by Patrik Rak. Files: *qmgr/qmgr_message.c.

20030415

	Workaround: log a warning and reset incoming queue file
	time stamps when the file system clock is ahead of the
	local clock, instead of ignoring new mail until the next
	queue scan. The file system clock drift detection executes
	only once per process instance, to minimize the performance
	impact. File: global/mail_stream.c.

20030416

	Bugfix: missing partial last line when 1) someone submits
	8-bit mail not ending in newline via /usr/sbin/sendmail
	and 2) MIME input processing is turned off, and 3) MIME
	8bit->7bit conversion is requested upon delivery via SMTP.

20030424

	Cleanup: readlline() did not terminate the result before
	complaining about lines starting with whitespace.

	Cleanup: eliminated valid_hostname warning for invalid
	queue file names. File: global/mail_queue.c.

	Bugfix: the Postfix sendmail command applied the message
	size limit when running as newaliases. The limiting code
	is now moved to the message enqueuing branch of the code.
	File: sendmail/sendmail.c.

20030429

	Bugfix: "," was not recognized in proxy_read_maps settings.
	Fix by Leandro Santi. File: proxymap/proxymap.c.

20030502

	Bugfix: defer delivery after .forward etc. file read error.
	File: local/token.c. Problem reported by Ben Rosengart,
	Panix.

20030520

	Cleanup: future time stamps in Received: headers and negative
	delays in delivery agent logging after "postdrop -r",
	because deferred queue files had future file modification
	times.  File:  src/postsuper/postsuper.c.

20030521

	Cleanup: nqmgr warnings about "recipient count mismatch"
	after "postdrop -r", because the cleanup server did not
	count the "already done" recipients. Problem reported by
	Richard Stockton, Gramma Software. Files:
	cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c

20030528

	Compatibility: "sendmail -q<time>" without -bd option now
	exits immediately, instead of waiting for input on the
	standard input stream and screwing up system boot sequences.
	File: sendmail/sendmail.c.

	Bugfix: the Postfix LMTP client used the wrong service
	name, causing trouble with SASL 2.1.13.  Daniel Schales,
	Louisiana Tech. File: lmtp/lmtp_sasl_glue.c.

	Workaround: IRIX select() reports that a non-blocking file
	descriptor is writable while write() transfers zero bytes.
	File:  global/pipe_command.c.

	Feature: "postcat -q" (search the queue for the named file)
	support copied from snapshot release because I can't see
	people suffer. File: postcat/postcat.c.

20030530

	Bugfix: client access denied with smtpd_delay_reject=no
	broke "sendmail -bs". Fix by Victor Duchovni, Morgan Stanley.
	File: smtpd/smtpd.c.

20030531

	Compatibility: allow <@site,@site:address> route addresses
	in SMTP commands.  File: smtpd/smtpd.c.

20030605

	Bugfix: the "dead host" backoff timer in the MySQL client
	didn't work.  Fix by Leandro Santi. File: util/dict_mysql.c.

	Safety: stricter checks on what queue file records the
	postdrop submission command accepts (idea copied from
	snapshot). File:  postdrop/postdrop.c.

	Workaround: turned off non-blocking write to pipe because
	too many systems give a weird write() result. File:
	global/pipe_command.c.  

20030609

	Workaround: Solaris blocking socket read() may hang.  Hernan
	Perez Masci and Leandro Santi. File: smtpd/smtpd.c.

20030611

	Bugfix: the stricter postdrop input filter broke "sendmail
	-bs". Found by Lutz Jaenicke. File: smtpd/smtpd.c.

20030616

	Cleanup: more accurate "postfix check" warning for files
	that miss one or more of the required mode 02111 execute
	permission bits. Matthias Andree. File: conf/postfix-script.

20030618

	Workaround: after "postfix reload", the master daemon now
	warns when inet_interfaces has changed, and ignores the
	change, instead of passing incorrect information to the
	smtp server. File:  master/master_ent.c.

20030620

	Bugfix: after the last change to postdrop, postcat no longer
	recognized maildrop queue files as valid. File: postcat/postcat.c.

20030621

	Workaround: the safe_open(O_CREAT) race condition exploit
	avoiding code tries a little harder when it encounters a
	race condition. File: util/safe_open.c.

20030629

	Cleanup: replaced references to "simulated virtual domains"
	by "virtual alias domains". Victor Duchovni, Morgan Stanley.

20030711

	Bugfix: the LMTP session caching code did not reset the
	EHLO server feature list when it needed to reconnect.
	Problem found by Tobias Erbsland.

20030717

	Documentation: corrected the command time limit parameter
	syntax in the spawn(8) manual page.

20030811

	Cleanup: produce a warning when host:port specifies a badly
	formatted numerical port.  Files:  util/find_inet.c,
	smtp/smtp_connect.c, lmtp/lmtp_connect.c.

20030905

	Workaround: Solaris 8 select() claims that a non-blocking
	socket is readable and then read() fails with EAGAIN. Files:
	util/timed_read.c and as precautionary measure,
	util/timed_write.c.

20030908

	The 20030905 workaround triggers too many warnings. TCP
	sockets are back to blocking, and keepalives are turned on
	to kill off dead sockets, as suggested by Leandro Santi.
	Files: master/{single,multi}_server.c, smtpd/smtpd.c,
	util/sys_defs.h.

20030909

	Bugfix: the LMTP session caching code had problems with
	SASL authentication after the first connection, and pipelining
	was working poorly.  Fix by Viktor Dukhovni, Morgan Stanley.
	Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.

20030912

	Workaround: besides SMTP server sockets, SMTP client sockets
	can also hang on Solaris, as reported by Leandro Santi. In
	order to deal with this at the root, all connection management
	is now done by sane_accept() and sane_connect().  Both turn
	on keepalives on Solaris.

20030913

	Safety: set-gid commands don't trust TZ.  File: msg_syslog.c.

20031027

	Portability: MacOS X Bind8 compatibility. File: makedefs.

20031110

	Cleanup: don't report that $queue_directory/etc/filename
	differs from /etc/filename when /etc/filename does not
	exist.  File: conf/postfix-script.

20031126

	Bugfix: "panic: mymalloc: requested length 0" when master.cf
	specified an invalid host name or address.  Postfix now
	logs more specific information. File:  master/master_ent.c.
	Reported by several people.

20031215

	Safety: updated mail_queue_id_ok() for long fast flush
	logfile names. File: global/mail_queue.c.

	Robustness: save and restore the resolver _res.options
	settings before and after DNS lookup, to avoid surprises
	in third-party code. This may eliminate some "localhost
	not found" problems. File: dns/dns_lookup.c.

20031222

	Cleanup: shaved half the worst-case bits off the cleanup
	duplicate address filter footprint. After discussion with
	Victor Duchovni. File: cleanup/cleanup_out_recipient.c.

20031223

	Bugfix: restore errno after write failure in SIGCHLD handler.
	Leandro Santi. File: master/master_sig.c.

20040104

	Workaround: MacOSX dumps core on the 20030913 TZ censoring
	code. We explictly set TZ=UTC, which will produce incorrect
	results when "mailq" formatting is moved from the showq
	daemon to the postqueue command.   File: msg_syslog.c.

	Bugfix: vstring_get() etc. now return VSTREAM_EOF when they
	terminate prematurely, instead of returning the last
	character stored.  This avoids mis-leading warnings. File:
	global/vstring_vstream.c.

20040115

	Performance: allow delivery concurrency to increase even
	while mail is deferred, as long as the delivery agent does
	not report really serious trouble with the destination.
	Files:  *qmgr/qmgr_deliver.c.

20040122

	UNDO the 20040104 change (vstring_get() etc. return
	VSTREAM_EOF when they terminate prematurely, instead of
	returning the last character stored, to avoid mis-leading
	warnings). File:  global/vstring_vstream.c.

	Portability: test -e is not portable. File: conf/postfix-script.

20040302

	Bugfix: the pickup daemon now strokes the watchdog frequently
	to prevent the watchdog from barking when mail arrives
	faster than it can be picked up. File: pickup/pickup.c.

20040311

	Bugfix: bad address syntax caused map lookup with zero-length
	keys.  Problem reported by Andrei Koulik. Files:
	util/match_ops.c, src/trivial-rewrite/transport.c.

20040401

	Bugfix: the MySQL client aborted because of a spurious
	dict_register() call, causing complaints about a table
	already being registered. File: util/dict_mysql.c.

20040407

	Bugfix: missing return statement at the end of the
	FREE_MEMORY_AND_RETURN error handling macro. This could
	cause core dump after table lookup failure.  Adi Prasaja.
	File: trivial-rewrite/resolve.c.

20040414

	Bugfix: postdrop should not enable SIGHUP (and abort mail
	delivery) when SIGHUP was ignored by the parent process.
	File: postdrop/postdrop.c.  Victor Duchovni, Morgan Stanley.


20040415