HISTORY

	Feature: selective suppression of SMTP extensions (pipelining,
	starttls, auth, etc.); this is useful to work around broken
	clients or servers.  Specify a list of EHLO keywords with
	the smtp(d)_discard_ehlo_keywords parameters, or specify
	one or more lookup tables, indexed by remote network address,
	with the smtp(d)_discard_ehlo_keyword_address_maps parameters.
	EHLO keyword lists are case insensitive.  Files:
	util/name_mask.[hc], global/ehlo_mask.[hc], smtpd/smtpd.c,
	smtp/smtp.c, smtp/smtp_proto.c.

20041219

	Bugfix: postcat without -o was broken. File: postcat/postcat.c.

20041220

	NON-PRODUCTION Bugfix: (bug introduced while adopting
	Postfix/TLS patch):  don't call smtp_flush() after return
	from vstream_setjmp(), we'll call you.  File: smtpd/smtpd.c.

	Dummy VSTREAM read-write routines. Files: util/dummy_read.c,
	util/dummy_write.c.

20041221

	Fixes for TLS_README by Victor Duchovni. File:
	proto/TLS_README.html.

	NON-PRODUCTION Bugfix: (bug introduced while adopting
	Postfix/TLS patch).  The client code had become too similar
	to the server implementation, and also required a host
	certificate and key. Fix by Victor Duchovni. File:
	tls/tls_client.c.

20041221

	Bugfix: further postcat corner cases.

20041223

	Cosmetic: don't log disconnect events as I/O errors.
	File: tls/tls_bio_ops.c.

20041221-9

	Infrastructure: unified IPv4/IPv6 name/address API so that
	Postfix can support IPv6 without #ifdef INET6 everywhere.
	In particular, we allow #ifdef in libraries but avoid it
	in applications.  Files:  util/myaddrinfo.[hc],
	util/sock_addr.[hc], dns/dns_rr_to_pa.c, dns/dns_sa_to_rr.c,
	dns/dns_rr_eq_sa.c, dns/dns_rr_to_sa.c, inet_proto.[hc].

	Postfix no longer attempts to deliver mail via IPv6 when
	the system has no IPv6 connectivity.  Network protocol
	support is now selected with the "inet_protocols" configuration
	parameter, instead of "inet_interfaces". The "inet_protocols"
	parameter also controls what DNS lookups Postfix will do.

	Infrastructure: eliminated two host/port parsing routines.
	Only one survives: host_port(), in an extended form that
	allows for missing host or missing service information but
	not both. File: util/host_port.c.

20041229

	Milestone: Postfix with the unified IPv4/IPv6 socket/name
	API builds without compiler error on IPv4-only system and
	actually works.

20041228

	Bugfix: SMTPD_PROXY_README incorrectly claimed that ":port"
	in master.cf causes a server to listen only on "localhost"
	without exposing the service to the network.  Instead,
	":port" causes a client to connect to "localhost".

20041231

	Linux workaround:  when mynetworks isn't set, a chrooted
	process could not read the IPv6 address information from
	/proc.  We now invoke own_inet_addr() before chrooting,
	while processing main.cf. File: global/mail_params.c.

20050101

	Workaround for (Linux) systems without IPV6_V6ONLY support
	(RFC 3493).  When Postfix listened on an IPv4 wild-card
	smtp socket, the IPv6 wild-card smtp listener would fail
	with EADDRINUSE (and vice versa).  File: util/myaddrinfo.c.

20050103

	Safety: when the IPV6 netmask can't be determined, assume
	/128 (host only). File: util/inet_addr_local.c.

20050104

	Re-implemented IPv6 support for net/mask pattern matching.
	Files:  util/cidr_match.[hc], util/dict_cidr.c,
	util/match_ops.[hc], proto/cidr_table.

20050105

	Moved mask_addr() to its own module so that it could also
	be called by mynetworks() and inet_addr_local() to remove
	non-zero host bits from IPv6 network/mask patterns. File:
	util/mask_addr.c.

20050108

	Re-implemented IPv6 support for network interface lookup
	via the Linux /proc file system. File:  util/inet_addr_local.c.

20050111

	Feature: specify "inet_interfaces = loopback-only" for
	servers that must listen on local interfaces only, without
	having to specify IPv4 and/or IPv6 addresses in main.cf or
	master.cf.  File:  global/own_inet_addr.c.

	Workaround: AIX 5.1 getaddrinfo() can't handle a null host
	argument with AI_PASSIVE. Instead we specify an explicit
	protocol family, a host of "::" or "0.0.0.0", and turn off
	IPV6_V6ONLY. Files: util_myaddrinfo.c, util/inet_listen.c.

	Workaround: AIX 5.1 getaddrinfo() can't handle a "0" service
	argument. Instead we specify "1".  Files: util/inet_addr_host.c.

20050113

	Cleanup: now that the over-all structure is proving itself,
	clean up some internal APIs to increase robustness and get
	rid of some clumsiness. Mainly, the getaddrinfo(3) interface.

	Start-up performance: the hash_queue_names default setting
	is reduced from eight directories to just defer and deferred.
	This reduces time for checking the Postfix queue. Files:
	conf/post-install, global/mail_params.h.

20050114

	Further cleanup: eliminate duplicate IPv6 results when the
	mynetworks value is generated by Postfix. More documentation
	of the new internal APIs.

	Performance: reduced start-up delay by moving warning-only
	startup checks into the background. File: conf/postfix-script.

20050115

	Further hardening of the IPv6 support: don't trust system
	libraries to protect Postfix against malformed IPv6 address
	literals. Their syntax is complex enough that errors are
	likely. Files: global/resolve_local.c, util/valid_hostname.c.

	Further cleanup: RFC 2821 requires the IPv6: prefix with
	IPv6 address strings.  The smtp and qmqp servers maintain
	separate address instances, the bare address and the RFC
	2821 compatible form, and use each where appropriate.  This
	strict separation simplifies address syntax checks as well
	as the implementation of XCLIENT and XFORWARD.

20050116

	Infrastructure: new valid_mailhost_addr() routine to verify
	that an address literal satisfies RFC 2821. An IPv4 address
	is in dotted-quad decimal form, and an IPv6 address is in
	hexadecimal form, with the "IPv6:" prefix. Files:
	global/valid_mailhost_addr.[hc].

	Further cleanup: valid_hostname() no longer allows network
	addresses or numerical domain names. While it made some
	sense with IPv4 dotted quad decimal forms, with IPv6 it
	just made no sense anymore.  Again, being stricter actually
	simplifies code. Files:  util/valid_hostname.c and a
	surprisingly small number of valid_hostname() callers that
	did not reject numerical forms.

	Bugfix: in the Postfix 2.2 SMTP client, the debug_peer_init()
	call was moved to the after-chroot initialization.

20050117

	Performance: reduced start-up delay by moving warning-only
	startup checks into the background; they now start after
	one minute to allow the system to finish booting. File:
	conf/postfix-script.

	Milestone: first non-non-production snapshot with IPv6.

20050119

	Milestone: first non-non-production snapshot with TLS.

20050124

	Workaround: don't send mail to $fallback_relay if Postfix
	is MX host for the next-hop destination. This is, however,
	a partial solution. The documentation has been updated to
	cover all the cases where a fallback_relay could interfere
	with the operation of a backup or primary MX host. Files:
	smtp/smtp_addr.c, smtp/smtp_connect.c.

20050127

	Configuration: Postfix daemons that need privileged operation
	(such as local, pipe, or spawn) now log a fatal error when
	they are configured in master.cf as unprivileged.

20050130

	Cleanup: simplified the handling of receive_override_options
	settings. Files: pickup/pickup.c, smtpd/smtpd.c, qmqpd/qmqpd.c,
	global/input_transp.c.

	Feature: permit_inet_interfaces allows a request when the
	client matches $inet_interfaces. This is used for generic
	access restrictions and for header address rewriting control.
	Files: global/mail_params.h, smtpd/smtpd_check.c.

	Cleanup: by default, message header address rewriting is
	now enabled only for mail that originates from the machine
	itself. Files: global/mail_params.h, smtpd/smtpd_check.c.

20050131

	Bugfix: when extracting recipients from message headers,
	the Postfix sendmail command produced output records longer
	than $line_length_limit, causing postdrop to reject the
	mail. Diagnosis by Victor Duchovni. File:  sendmail/sendmail.c.

20050202

	Cleanup: explicit Makefile targets for "make package" and
	"make non-interactive-package" to create ready-to-install
	packages for distribution to other systems. Added extra
	sanity checks to prevent attempts to overwrite your running
	Postfix instance. Files:  Makefile.in, proto/PACKAGE_README.

	Cleanup: when bounce_queue_lifetime > maximal_queue_lifetime,
	it is adjusted to maximal_queue_lifetime, and a warning is
	logged. Files:  *qmgr/qmgr.c.

20050203

	Cleanup: trivial-rewrite now restarts more timely after
	changes in lookup tables.  Of the all the alternatives
	tested, the simplest one produces the most bang for the
	buck. The other code is left in place for illustrative
	purposes. File:  trivial-rewrite/trivial-rewrite.c.

	Cleanup: sendmail no longer ignores null command-line
	recipients.  File: sendmail/sendmail.c.

	Cleanup: "postfix start" background checks moved back to
	the foreground so they can be stopped more easily.  File:
	conf/postfix-script.

20050204

	Feature: REPLACE command in header/body_checks (implemented
	as a combination of PREPEND and IGNORE) by Bastiaan Bakker.
	File: cleanup/cleanup_message.c.

	Cleanup: linted the manual pages for consistency in the
	way manuals are referenced, and in the presentation of
	command examples. Files: mantools/manlint, mantools/fixman,
	mantools/postconf2man.

20050205

	Cleanup: updated the mass-deletion example in the postsuper
	manual.

20050206

	Cleanup: don't count a [45]XX SMTP server greeting towards
	the mx_session_limit setting. File: smtp/smtp_connect.c.

	Feature: output address rewriting in the SMTP client. The
	smtp_generic_maps parameter specifies an address mapping
	that happens only when mail is delivered via SMTP. This is
	typically used for hosts without a valid domain name, that
	use something like localdomain.local instead.  This feature
	can replace local mail addresses by valid Internet mail
	addresses when mail needs to go across the Internet, but
	not when mail is sent between accounts on the local machine.
	Files:  smtp/smtp_proto.c, smtp/smtp_map11.c.

	Cleanup: don't panic in mymalloc() when master can't find
	any IP addresses. LaMont Jones. File: master/master_ent.c.

20050207

	Documentation: added a generic(5) manual page for consistency
	with the already existing table driven mechanisms, added
	references to or examples of the new generic mapping.

	Bugfix: the header_checks REPLACE action mis-handled
	multi-line replacement text in message headers, for example:
	/(.*)/ REPLACE X-$1. File:  cleanup/cleanup_message.c.

	Bugfix: the header_checks REPLACE action should not drop
	the input when the action is NOT executed. File:
	cleanup/cleanup_message.c.

	Bugfix? Cleanup? Documentation? main.cf now implements
	${name[?:]value} as promised in the postconf(5) manual.
	Implemented by deleting the macro processor in dict_eval(),
	and using the one in mac_expand() instead.  File: util/dict.c.

20050208

	Feature: check_ccert_access maptype:mapname for access(5)
	control, based on code by Victor Duchovni. File:
	smtpd/smtpd_check.c and documentation.

	Safety: don't allow unlimited message size with limited
	mailbox size. File: local/local.c, virtual/virtual.c.

	Feature: new smtpd policy attributes ccert_subject,
	ccert_issuer and ccert_fingerprint, with TLS client
	certificate information, but only when verification was
	successful.  Files:  src/smtpd/smtpd_check.c.

	Cleanup: corrected the address verification data flow in
	the ADDRESS_VERIFICATION_README illustration.

20050209

	Cleanup: the smtp generic mapping did syntax check on the
	input address instead of the result. These tests were not
	going to be useful in any case, because mail_addr_map()
	canonicalizes the lookup result, including @dom1->@dom2
	mapping. File:  smtp_map11.c.

	Cleanup: made the generic mapping documentation consistent
	with the implementation.

	Cleanup: documented the myorigin/mydomain address rewriting
	in canonical, generic and virtual alias maps.

	Feature: updated LDAP and *SQL query interfaces using a
	common infrastructure so that all have the same feature set
	where possible. Victor Duchovni and many others. This code
	was tested separately and was merged into the main stream
	20050308. Files: global/db_common.[hc], global/dict_ldap.c,
	global/dict_mysql.c, global/dict_pgsql.c, plus documentation.

20050210

	Bugfix: spurious fallback_relay warnings after 20050202.
	Victor Duchovni.  File: smtp/smtp_connect.c.

	Bugfix: (introduced while adopting Postfix/TLS patch) the
	TLS cache scan stopped after expiring one entry.  Victor
	Duchovni.  File: tls/tls_scache.c.

	Safety: delete-behind when removing expired entries from
	TLS session caches. With some maps the enumeration method
	mis-behaves when the current entry is deleted. File:
	tls/tls_scache.c.

20050211

	Cleanup: the "generics" feature (output address rewriting)
	is renamed to "generic", for consistency with "canonical"
	and "virtual".

20050212

	Cleanup: remove old trace(8) logfile before attempting
	delivery (and after locking the message file exclusively).
	Files: *qmgr/qmgr_message.c.

	Cleanup: don't parse-then-regenerate message headers when
	no address is changed by address rewriting operations. This
	behavior was copied from the SMTP client's generic mapping
	code.  Files: cleanup/cleanup_rewrite.c, cleanup/cleanup_map11.c,
	cleanup/cleanup_masquerade.c, cleanup/cleanup_message.c..

20050215

	Bugfix: don't chmod queue files while running "postfix
	set-permissions". This prevents mail from being labeled as
	"corrupt" when a live Postfix system is upgraded.  Found
	by Victor Duchovni.  File: conf/post-install.

20050216

	Feature: in smtpd?_discard_ehlo_keyword(s|_address_maps)
	specify the pseudo keyword "silent-discard" in order to
	avoid logging that some EHLO keyword is being suppressed.
	File: global/ehlo_mask.[hc].

20050217

	Bugfix: typo in tls_server.c, breaking CApath.  Fix by
	Philipp Morger. File: tls/tls_server.c.

20050227

	Bugfix (bug introduced 20040331): with SIGHUP ignored, the
	postdrop signal handler would effectively ignore SIGINT,
	SIGQUIT and SIGTERM.  Simplified the overly-conservative
	protection against nested signals in postdrop, and added
	some future proofing comments.  File:  postdrop/postdrop.c

	Cleanup: when address rewriting is enabled, don't change
	the capitalization of header labels, i.e. don't replace
	FROM: or CC: by From: or Cc:. Files: cleanup/cleanup_message.c,
	smtp/smtp_proto.c.

20050228

	Cleanup/portability: missing #includes and bad prototypes.
	Matthias Andree, Carsten Hoeger, and others.

20050302

	Workaround: make TLS session caching work with perverse
	sites that have multiple servers per hostname or even
	multiple servers per IP address, but no shared TLS session
	cache. The SMTP client TLS session cache is now indexed by
	(server hostname, server address, server port, server helo
	hostname). After an idea by Victor Duchovni. Files:
	smtp/smtp_proto.c, tls/tls_client.c.

20050303

	Bugfix (bug inherited from Postfix/TLS patch): a rare 9kbyte
	memory leak when in-memory TLS session information expires;
	found by setting the expiry time shorter than the time to
	deliver one or two messages with a very slow machine.  This
	was due to a missing SSL_SESSION_free() call in the "new
	session" call-back routines. Found by Victor Duchovni.
	Files: tls/tls_client.c, tls/tls_server.c.

	Workaround: OpenSSL is overly agressive when purging a
	not-yet expired entry from a full in-memory cache: it also
	purges the entry from the on-disk server session cache.
	Workaround is to let only the tlsmgr purge entries from the
	on-disk server session cache.  Found by Victor Duchovni.
	File: tls/tls_server.c.

20050304

	Postfix releases are now signed with Wietse's new PGP key.
	The old key was getting a bit short for today's standards.
	The new public key can be found on the Postfix download
	webpage. As proof of authenticity the new PGP key is signed
	with Wietse's old PGP key.

	Cleanup: check_mumble_{ns,mx}_access no longer attempt to
	do MX or NS lookups for address literals. An address literal
	is treated as its own MX host; there is no meaningful
	equivalent for NS access control. File: smtpd/smtpd_check.c.

20050310

	Bugfix: the AIX and SUN compilers rightfully complained
	about non-portable code in the "new" LDAP/SQL client. File:
	global/db_common.c.

	Workaround: some systems no longer recognize "tail +2" as
	valid command syntax. Instead they require "improved" syntax
	that is not valid on several other systems that Postfix
	builds on.  So we have to stop using the tail command.
	Files: Makefile.in, src/*/Makefile.in.

20050312

	Bugfix: the TLS session cache cleaning code didn't always
	delete the right entry. Problem found by Victor Duchovni,
	more problems found by Wietse. File: tls/tls_scache.c.

20050314

	Portability: Berkeley DB changed API from version 2.5 to
	2.6. Rob Foehl. File: util/dict_db.c.

20050315

	Bugfix: when <unistd.h> is included, read is a reserved
	identifier. File: smtpstone/smtp-source.c.

20050321-27

	Support for RFC 3463 enhanced status codes.  See also the
	ENHANCED_STATUS_README (a hacker's guide) for background.

	New module to pass around (status code + text) instead of
	just text.  File: Files: global/dsn_util.c.

	Status-related lookup tables now have an extra column for
	enhanced status codes.  Files: global/sys_exits.c,
	global/cleanup_strerror.c.

	Cleanup: centralized mapping of errno values to delivery
	status codes after failed delivery to mailbox, maildir, or
	file. Error codes EAGAIN, and ESTALE are 4.2.0 temporary
	errors; ENOSPC is a 4.3.0 temporary error; and EDQUOT and
	EFBIG are 5.2.2 hard errors. For backwards compatibility,
	the result of other errors depends on the delivery agent:
	with local(8) everything else is a 5.2.0 hard error, and
	with virtual(8) everything else is soft 4.2.0 error.  File:
	global/mbox_open.c.

20050324

	Workaround: gcc -W (version 3.4.2 [FreeBSD] 20040728) no
	longer warns about missing return statements. What a time
	waste.

	Workaround: gcc -E (version 3.4.2 [FreeBSD] 20040728) output
	has changed, causing too much "make depend" output.

20050325

	Bugfix: when bouncing mail that was submitted with Postfix
	sendmail, the cleanup daemon ignored the reason specified
	in header/body_checks, and always produced a generic reason.
	File: cleanup/cleanup_api.c.

	Workaround: don't announce pipelining support when the
	smtp-sink test program is configured to fail specific
	commands with -r or -f (the fix is to build a proper SMTP
	state engine into the smtp-sink test program).  File:
	smtpstone/smtp-sink.c.

20050326

	Update: more PCRE error codes. File: util/dict_pcre.c.

20050327

	Bugfix: the SMTP and LMTP clients did not ask the queue
	manager to reduce destination concurrency when "lost
	connection" or "connection timed out" happened AFTER Postfix
	received the server greeting. Files: smtp/smtp_trouble.c,
	lmtp/lmtp-trouble.c.

	Workaround: FreeBSD has incompatibly changed the output
	format from "od", breaking regression test portability.

	The TLS client session cache ID is now derived from the
	server IP address, TCP Port, and server HELO hostname
	if available. File: smtp/smtp_proto.c.

20050328

	Cleanup: the REPLACE action is no longer implemented as
	PREPEND+IGNORE. The result remains in the input stream,
	and is subject to address rewriting and other processing
	where applicable.  File: cleanup/cleanup_message.c.

	Feature: the TLS server name verification status is moved
	out of the TLS session cache. This not only simplifies the
	client-side TLS cache implementation, but also provides
	better cache support for clients that connect to multiple
	independent MTAs under the same DNS hostname or IP address,
	provided that each MTA replies with a unique name in the
	EHLO response. Patch by Victor Duchovni. Files: tlsmgr/tlsmgr.c,
	tls/tls_verify.c, tls/tls_session.c, tls/tls_server.c,
	tls/tls_scache.h, tls/tls_scache.c, tls/tls_misc.c,
	tls/tls_mgr.h, tls/tls_mgr.c, tls/tls_client.c, tls/tls.h,
	smtp/smtp_proto.c.

20050330

	Bugfix: in some compilation environments the SMTP and LMTP
	clients could ignore enhanced status codes in server replies.
	Bug introduced 20050329 while polishing working code.  Files:
	smtp/smtp_chat.c, lmtp/lmtp_chat.c.

	Feature: add enhanced status code support to the smtp-sink
	test program. File: smtpstone/smtp-sink.c.

20050331

	Workarounds for ancient gcc compilers that can't handle
	valid C. Bugs reported by Victor Duchovni. Files:
	util/sys_defs.h, global/dsn_util.h, tls/tls_client.c.

	Bugfix: when delivery to command failed, command output was
	not reported. Fix was to enable format checks for the new
	dsn_vstring_update() module. File: global/dsn_util.h,
	global/pipe_command.c.

20050401

	Cleanup: ignore incorrect enhanced status codes (such as
	5xx reply followed by a 4.x.x status), and don't look for
	enhanced status codes unless the server replies with a
	[245]XX reply.  Files: smtp/smtp_chat.c, lmtp/lmtp_chat.c.

20050402

	Feature: enhanced status code support for errors found by
	the MIME processor. Files: global/mime_state.c,
	cleanup/cleanup_message.c, smtp/smtp_proto.c.

	Cleanup: updated error messages about MIME processing errors
	in the SMTP client. These errors are no longer specific to
	8bit->7bit conversion; they can also happen with generic
	address mapping. File: smtp/smtp_proto.c.

	Safety: SASL 2.1.19 has a version lookup routine that we
	can use to detect compile time / run time version mis-matches
	(also known as DLL hell).  Files: src/smtpd/smtpd_sasl_glue.c,
	src/smtp/smtp_sasl_glue.c, src/lmtp/lmtp_sasl_glue.c.

20050404

	Typo: missing comma after dsn=x.yy.zz logging. File:
	global/log_adhoc.c.

	Feature: specify "smtpd_sasl_authenticated_header = yes"
	to report the SASL login name in the Received: message
	header, so that the login name is shared with the whole
	world. Based on code by Branko F. Gracnar. Files:
	smtpd/smtpd.c, and documentation.

20050407

	@%^!#& Thanks to inadequate SASL documentation the client
	could negotiate a security layer where none was desired.
	Better documentation has become available since Postfix
	SASL support was implemented, and now Postfix needs to be
	fixed. Files: */*_sasl_glue.c.

20050409

	Safety: the CDB map now logs a warning when the source file
	is newer than the indexed file, just like the Berkeley DB
	and DBM maps. Michael Tokarev. File: util/dict_cdb.c.

20040411

	Portability: put the SASL DLL Hell guard after the declarations
	instead of before.  Reported by Marcus Grando. Files:
	smtp/smtp_sasl_glue.c, lmtp/lmtp_sasl_glue.c.

20050412

	Infrastructure: change the disposition or other properties
	of an embryonic queue file. This is currently used only to
	place mail on hold.  After code by Victor Duchovni.  Files:
	global/mail_stream.[hc], cleanup/cleanup_api.c.

	Bugfix: while updating the cleanup_flush() infrastructure
	eliminated a portability problem that was introduced when
	"REJECT text" support was added. File: cleanup/cleanup.c.
	
20050413

	Portability: don't mix socket message send/receive calls
	with socket stream read/write calls. The fact that you can
	get away with it only on some stacks implies that there is
	no long-term guarantee. Specify -DCAN_WRITE_BEFORE_SENDING_FD
	if you feel brave. File: util/sys_defs.h.

	Robustness: re-compile all object files after the "make
	makefiles" options have changed. Files: src/*/Makefile.in.

	Tweaking: reply with 5.3.4 when the message size exceeds
	the mail system message_size_limit, instead of 5.2.3 which
	is a mailbox specific status. File: smtpd/smtpd_check.c.

20050417

	Safety: don't call syslog from a user-triggered signal
	handler.  File: postdrop/postdrop.c.

20050421

	Bugfix: don't panic when the fall-back relay can't be used
	because the local MTA is MX for the destination.  File:
	smtp/smtp_connect.c.

20050422

	Bugfix: don't panic when the fall-back relay can't be used
	because it was already tried via a cached session. Produce
	a default excuse instead. File: smtp/smtp_connect.c.

	Bugfix: postsuper could lose an error message after reporting
	a fatal error.  File: postsuper/postsuper.c.

20050426

	Bugfix: simplified and improved the 20050422 fall-back relay
	fix. File: smtp/smtp_connect.c.

20050427

	Final solution for the 20050422 fall-back relay problem:
	truncate the fall-back host list when the local MTA is MX
	for some destination. Files: util/argv.c, smtp/smtp_connect.c.

	Cleanup: extra dsn_vstring_update_dsn() routine to shut up
	GCC complaints about valid code. Files: src/global/dsn_util.c,
	src/global/mbox_open.c, src/lmtp/lmtp_addr.c, src/smtp/smtp_addr.c,
	src/smtp/smtp_connect.c.

20050429

	The Postfix SMTP server now announces ENHANCEDSTATUSCODES
	support in the EHLO response, as described in RFC 2034.
	File: smtpd/smtpd.c.

20050503

	Propagate enhanced status code from error(8) mailer to SMTP
	server replies. File: smtpd/smtpd_check.c.

	Cleanup: more consistent format of smtpd warning logging,
	so that it is easier to sort.  Files: smtpd/smtpd.c,
	smtpd/smtpd_check.c.

20050504

	Yikes. People are exposing the smtp-sink test program to
	hostile environments, while it was designed for controlled
	environments. Completed the support for write timeouts,
	added support for read timeouts, and added a missing exception
	handler for the 220 server greeting.  File: smtpstone/smtp-sink.c.

20050506

	Cleanup: with "REJECT 4.X.Y ..." actions in header/body_checks,
	change the SMTP server reply code from 550 into 450, instead
	of having the SMTP server change the DSN into 5.X.Y.  File:
	smtpd/smtpd.c.

20050510

	Usability: when reporting a sender address problem, transform
	a recipient DSN status (e.g., 4.1.1-4.1.6) into the
	corresponding sender DSN status, and vice versa; and when
	reporting a non-address problem, transform a sender or
	recipient DSN status into a generic non-address DSN status
	(e.g., 4.0.0).  This transformation may be needed when the
	same access table or RBL reply template are used for client,
	helo, sender, or recipient restrictions; or when the same
	error mailer information is used for senders or recipients.
	Files: smtpd/smtpd_check.c, smtpd/smtpd_dsn_fix.[hc].

20050512

	Feature: support for more SASL logging call-backs, if these
	are defined in the compile-time environment. Files:
	smtpd/smtpd_sasl_glue.c, smtp/smtp_sasl_glue.c.

20050513

	Workaround: Postfix now uses "localdomain" as the default
	domain name when $myhostname is not in "host.domain" form.
	Files: global/mail_params.[hc].

---------

20050415-20050615

	As of 20050525, DSN support does not involve new queue file
	record types, so you can switch back to older Postfix
	versions. Older non-production releases did introduce queue
	file incompatibilty.

	DSN support is selected via the SMTP port by extra parameters
	to the MAIL FROM and RCPT TO commands, and with the Postfix
	sendmail command with new command-line options: -N (specify
	notification options such as "never", "success", "delay"
	or "failure") and -V (specify an envelope ID that identifies
	the mail submission transaction).  VERP support now uses
	-XV instead of -V.

	The implementation piggy-backs on the trace(8) service that
	was already used for "sendmail -v" (verbose delivery) and
	for "sendmail -bv" (what-if) reports. You can no longer
	requests these functions together with DSN support.

	All this means revision of bounce/defer/trace client
	interfaces, of the bounce service, the record reading loops
	in postdrop, cleanup(8) and qmgr(8), the queue manager to
	delivery agent protocol, and some extra SMTP protocol
	parameters in smtpd(8), lmtp(8) and smtp(8).

	New code module: global/dsn_smtp.[hc] for RFC 3461 related
	information (but this may still change).

	Feature: "sendmail -G" is no longer a no-op.  Message headers
	are treated as if the message has a remote origin. Files:
	sendmail/sendmail.c, postdrop/postdrop.c.

	Feature: automatic BCC senders are now created as if they
	were received with NOTIFY=NEVER, in case it helps. File:
	cleanup/cleanup_addr.c

	Compatibility: with large bounces, send message headers
	only, instead of truncating MIME messages in the middle.

20050517

	Bugfix: in a DSN report, the original recipient should not
	be xtext encoded. File: bounce/bounce_notify_util.c.

20050523

	Bugfix: mymalloc() panic with mistyped server host list.
	File: global/dict_pgsql.c.

20050525

	Feature: specify delay_warning_time=1 to get immediate
	notification of delay. File: qmgr/qmgr_active.c.

20050526

	Reset the Postfix original recipient when delivering to
	mailing list.

20050601

	Modified the master backgrounding procedure to not abort
	when the master is already a process group leader. This
	happens when people bypass or modify the official Postfix
	start-up procedure.  Jacek Konieczny. File: master/master.c.

20050602

	Sanity check: don't report "address in use" when some Postfix
	socket is a directory. File: util/unix_listen.c.

20050613

	Now that the over-all structure of the code is proving
	itself, interfaces can be cleaned up. This means nicer names
	for variables, functions and data structures, and dedicated
	read/write routines for recipient and DSN information.
	These remove a lot of clutter from the bounce client and
	server code.  Files: dsn_print.c dsb_scan.c, rcpt_print.c,
	rcpt_buf.c.

	For Sendmail compatibility, the Postfix sendmail -V option
	no longer controls VERP usage, but is used to specify the
	DSN envelope ID.  In order to provide a smooth transition,
	backwards compatibility code recognizes when -V is being
	used for VERP control.  It will do the right thing, and
	warns the user to use -XV instead. File: sendmail/sendmail.c.

20050614

	The cleanup server writes bounce (delivery failure) and
	trace (success) records, but it no longer requests sender
	notification.  That is now handled by the queue manager.
	The reason is that the cleanup server must be able to abort
	a request including its bounce and trace logfiles, so it
	must not take actions that can't be undone.

20050615

	Cleanup: the SMTP client now sends QUIT when the initial
	HELO handshake fails. it still doesn't send QUIT when the
	server greets with a [45]XX code, as that is handled in the
	connection management code before a session context exists.
	File: smtp/smtp_connect.c.

	Cleanup: made the quote_821_local() routine "const" clean.
	File: global/quote_821_local.[hc].

20050616

	Bugfix: missing or mis-placed va_end() macros, found in
	Postfix 2.3 code review. Files: util/netstring.c,
	util/myaddrinfo.c, util/attr_clnt.c, util/vstream.c.

	Bugfix: the SMTP server now separates the message size check
	from the queue space check, so that the size check can be
	done before an SMTPD proxy filter. Files: smtpd/smtpd.c,
	smtpd/smtpd_check.c.

20050617

	Postdrop didn't recognize the new recipient attributes.
	File: postdrop/postdrop.c.

	Feature: configurable MAILER-DAEMON replacement for the
	null sender address that is used by the pipe(8) delivery
	agent on the command line and in message headers. Command-line
	address quoting is disabled when the replacement is empty.
	File: pipe/pipe.c.

20050618

	With virtual aliasing enabled, Postfix would always report
	successful alias expansion, even when no alias was expanded.
	File: cleanup/cleanup_out_recipient.c.

20050621

	Portability: file descriptor passing is available for Tru64
	UNIX, but not for AIX4 and IRIX6.  Albert Chin. File:
	util/sys_defs.h.

20050622

	Cleanup: the DNS lookup code now accommodates name server
	replies longer than 4 kbytes, with a hard upper limit of
	32kbytes. For safety reasons, the number of MX host addresses
	that the SMTP client will try was reduced from unlimited
	to just 5, so that Postfix won't spend forever trying to
	connect to dozens and dozens of bogus MX hosts. Files:
	dns/dns_lookup.c, global/mail_params.h.

	Cleanup: the code that handles a 4xx or 5xx SMTP server
	greeting was moved from the connection management module
	to the protocol engine, for cleaner error handling.  This
	means that the failed session now counts towards the limit
	on the total number of SMTP sessions per domain name (default:
	smtp_mx_session_limit = 2).  Files: smtp/smtp_connect.c,
	smtp/smtp_proto.c.

20050623

	Cleanup: generalized the delegated attribute scan/print
	interfaces, and updated the deliver_pass module with delegated
	attribute scan/print support. Files: util/attr_scan0.c,
	util/attr_print0.c, global/dsb_scan.c, global/dsn_print.c,
	global/rcpt_buf,c global/rcpt_print.c, global/deliver_pass.c.

	Added delegated attribute scan/print function support to
	the base64 and plain attribute I/O encodings. Files:
	util/attr_scan_plain.c util/attr_print_plain.c.

20050624

	Added "." to the list commands that smtp-sink can "break"
	(by disconnecting, or by responding with a 4XX or 5XX reply
	code). File: smtpstone/smtp-sink.c.

20050625

	Safety: allow only 4.x.x and 5.x.x enhanced status codes
	in header/body_checks REJECT actions. File:
	cleanup/cleanup_message.c.

20050627

	Code cleanup: generalized the smtp-sink code that simulates
	server errors. File: smtpstone/smtp-sink.c.

20050629

	Code cleanup: the smtp_mx_session_limit setting (per delivery
	request session count limit) now ignores sessions that fail
	to complete the TCP, SMTP, EHLO or TLS handshake (was: TCP
	and SMTP).  File: smtp/smtp_proto.c.

20050630

	Updated the example spf.pl script to version 1.06.

	Portability: the file descriptor passing code broke on LP64
	systems (inherited from Stevens Network Programming).  Files:
	util/unix_send_fd.c, util/unix_recv_fd.c.

20050706

	Robustness: the SMTP client now disables connection caching
	when it is unable to communicate with the scache(8) server,
	instead of looping forever. File: global/scache_clnt.c.

	Portability: after sending a socket, the scache(8) server
	now waits for an ACK from the connection cache client before
	closing the socket that it just sent. Files: scache/scache.c,
	global/scache_clnt.c.
	 
20050708

	Bugfix: missing returns in 20050706 caching disabling code
	(in error handling code that never executes).  File:
	global/scache_clnt.c.

	Portability: use explicitly unsigned operands when doing
	bit-wise shift operations on data larger than a character.

20050709-15

	Migration of data object sizes and offsets from int->ssize_t
	and unsigned->size_t for better portability to LP64 and
	LLP64 systems where *size_t is 64 bits wide.   This change
	has no effect on 32-bit systems.

	This change not only eliminated some obscure portability
	bugs (see two paragraphs down), it also eliminated many
	unnecessary conversions back and forth between 32-bit and
	64-bit integers, because all relevant system library functions
	take *size_t arguments or return *size_t results.