HISTORY

	accepts command-line recipients instead of complaining.
	The extracted header recipients are added to the command-line
	recipients.

	Feature: sender/recipient_bcc_maps. These are indexed by
	sender/recipient address and are examined when mail enters
	from outside of Postfix. Files: cleanup/cleanup_addr.c.
	cleanup/cleanup_envelope.c cleanup/cleanup_extracted.c.

20030417

	Feature: the SMTP client now falls back to native name
	service lookups (including /etc/hosts) when a host cannot
	be found in the DNS. This is controlled by a new parameter
	smtp_host_lookup (default: dns, native). Files: smtp/smtp.c,
	smtp/smtp_addr.c.

20030418

	Bugfix: "sendmail -t" broke with unrecognized message
	headers.

20030419

	Feature: "postcat -q" searches the queue for the named
	file.

	Cleanup: made postcat "record names" output more consistent.

20030421

	Debugging: added some extra detailed error logging to the
	pipe-to-command delivery, to help folks with bizarre file
	truncation problems. File: global/pipe_command.c.

20030424

	Cleanup: readlline() did not terminate the result before
	complaining about lines starting with whitespace.

	Cleanup: eliminated valid_hostname warning for invalid
	queue file names. File: global/mail_queue.c.

	Bugfix: lost three lines of code when readying the postcat
	command for release, which broke postcat -q. File:
	postcat/postcat.c.

	Bugfix: the Postfix sendmail command applied the message
	size limit when running as newaliases. The limiting code
	is now moved to the message enqueuing branch of the code.
	File: sendmail/sendmail.c.

	Documentation: start of documentation for the algorithm of
	Patrik Rak's clever queue manager scheduler (nqmgr). Files:
	conf/sample-scheduler.cf, README_FILES/SCHEDULER_README.

20030429

	Bugfix: while verifying an address, the LMTP client entered
	a forbidden "next" sender state after the last recipient.
	Fix by Vladimir Davydoff. File: lmtp/lmtp_proto.c.

	Bugfix: "," was not recognized in proxy_read_maps settings.
	Fix by Leandro Santi. File: proxymap/proxymap.c.

20030502

	Bugfix: defer delivery after .forward etc. file read error.
	File: local/token.c. Problem reported by Ben Rosengart,
	Panix.

20030503

	Bugfix: the Postfix LMTP client used the wrong service
	name, causing trouble with SASL 2.1.13.  Daniel Schales,
	Louisiana Tech. File: lmtp/lmtp_sasl_glue.c.

20030518

	Workaround: IRIX select() reports that a non-blocking file
	descriptor is writable while write() transfers zero bytes.
	File:  util/vstream.c. Superseded by change 20030523.

20030520

	Cleanup: future time stamps in Received: headers and negative
	delays in delivery agent logging after "postdrop -r",
	because deferred queue files had future file modification
	times.  File:  src/postsuper/postsuper.c.

20030521

	Cleanup: nqmgr warnings about "recipient count mismatch"
	after "postdrop -r", because the cleanup server did not
	count the "already done" recipients. Problem reported by
	Richard Stockton, Gramma Software. Files:
	cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.

20030523

	Workaround: IRIX select() reports that a non-blocking file
	descriptor is writable while write() transfers zero bytes.
	File:  global/pipe_command.c.

20030523-20030605

	Cleanup: rewrote the queue file record processing loops in
	pickup, cleanup and in [n]qmgr. This code had deteriorated
	a lot as the result of small changes over the years. This
	change brings the code closer to "obviously correct". Files:
	cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c,
	*qmgr/qmgr_message.c.

	Cleanup: Postfix no longer produces queue files with
	backwards compatibility data for Postfix versions < 1.0
	(a.k.a.  20010228). Files: cleanup/cleanup_extracted.c,
	showq/showq.c.

	Performance: the queue manager no longer has to examine
	every queue file record before it can start deliveries.
	This helps to avoid thrashing with very large mailing lists.
	Postfix queue files have an extra field in the size record
	with queue manager processing hints.  This change is backward
	and forward compatible.  Files:  cleanup/cleanup_envelope.c,
	cleanup/cleanup_extracted.c, *qmgr/qmgr_message.c.

20030528

	Compatibility: "sendmail -q<time>" without -bd option now
	exits immediately, instead of waiting for input on the
	standard input stream and screwing up system boot sequences.
	File: sendmail/sendmail.c.

20030530

	Bugfix: client access denied with smtpd_delay_reject=no
	broke "sendmail -bs". Fix by Victor Duchovni, Morgan Stanley.
	File: smtpd/smtpd.c.

20030531

	Compatibility: allow <@site,@site:address> route addresses
	in SMTP commands.  File: smtpd/smtpd.c.

20030605

	Cleanup: input checks moved from the pickup daemon to the
	postdrop mail submission command; this is to prepare for
	direct mail submission from postdrop->cleanup without going
	through the maildrop directory and the pickup service.
	Files: pickup/pickup.c, postdrop/postdrop.c.

	Bugfix: the "dead host" backoff timer in the MySQL client
	didn't work.  Fix by Leandro Santi. File: util/dict_mysql.c.

	Bugfix: same problem in the PostgreSQL client. File:
	util/dict_pgsql.c.

	Workaround: turned off non-blocking write to pipe because
	too many systems give a weird write() result. File:
	global/pipe_command.c.

	Cleanup: added support for vstream_fseek(.., .., SEEK_END).
	File: util/vstream.c.

20030608

	Feature: separate address resolver controls for address
	verification probe messages:  address_verify_{local,virtual,
	relay,default}_transport, address_verify_relayhost, and
	address_verify_transport_maps. The default values are the
	regular versions of the same controls. Files: trivial-rewrite/*,
	global/resolve_clnt.[hc], *qmgr/qmgr_message.c.

20030609

	Workaround: Solaris blocking socket read() may hang.  Hernan
	Perez Masci and Leandro Santi. File: smtpd/smtpd.c.

	Bugfix: the "unread recipient" counter needs to be restored
	after the queue manager has a problem reading a queue file.
	Fix by Patrik Rak. File: nqmgr/qmgr_message.c.

20030610

	Cleanup: the verify server now uses asynchronous submission
	of mail probes, so it will no longer block for in_flow_delay
	seconds when mail arrives faster than it is delivered.
	Still need to make mail_stream_finish() asynchronous in
	order to avoid blocking for trigger_timeout seconds when
	the queue manager is overwhelmed.  Files:  global/post_mail.c,
	verify/verify.c.

	Bugfix: removed extraneous sleep() after the last attempt
	to retrieve address verification status.  File: smtpd/smtpd.c.

20030611

	Bugfix: the stricter postdrop input filter broke "sendmail
	-bs". Found by Lutz Jaenicke. File: smtpd/smtpd.c.

20030614

	Portability: Dropped support for client side LDAP caching.
	As of release 2.1.13 OpenLDAP no longer supports client
	side caching, it has been deprecated for some time, and
	never worked well.  Implemented by Victor Duchovni, Morgan
	Stanley, and further enhanced by Lamont Jones, HP. Files:
	src/util/dict_ldap.c, conf/sample-ldap.cf,
	README_FILES/LDAP_README.

	Safety: Given suitable invalid database contents, LDAP
	lookups can produce too many results, enter an infinite
	loop in the expansion of "special result attributes" (LDAP
	DNs and LDAP URLs) or just consume excessive server resources
	returning large result sets.  Three new (per LDAP map)
	configuration parameters enable one to set limits on
	recursive nesting, result expansion and the server response
	"entry" count. Implemented by Victor Duchovni, Morgan
	Stanley, further enanced by Lamont Jones, HP. Files:
	src/util/dict_ldap.c, conf/sample-ldap.cf,
	README_FILES/LDAP_README.

20030616

	Feature: in mail delivery status reports, report the sender
	address as X-Postfix-Sender. Matthias Andree. File:
	bounce/bounce_notify_util.c.

	Cleanup: in mail delivery status reports, transform the
	original recipient into xtext format as required by RFC
	1891. Files: bounce/bounce_notify_util.c, util/xtext.[hc].

	Cleanup: more accurate "postfix check" warning for files
	that miss one or more of the required mode 02111 execute
	permission bits. Matthias Andree. File: conf/postfix-script.

20030618

	After "postfix reload", the master daemon now warns when
	inet_interfaces has changed, and ignores the change, instead
	of passing incorrect information to the smtp server. File:
	master/master_ent.c.

20030619

	Feature: the Postfix SMTP server can send all mail into a
	proxy server, for example a real-time SPAM filter. This
	proxy is supposed to send the mail into another Postfix
	SMTP server process for normal delivery. Files: smtpd/smtpd.c
	smtpd/smtpd_proxy.[hc].

20030620

	Bugfix: a cut-and-paste error caused the proxy server's
	354 status code to be reported when a proxy connection
	broke during the DATA phase. File: smtpd.c.

20030620

	Bugfix: after the last change to postdrop, postcat no longer
	recognized maildrop files as valid. File: postcat/postcat.c.

	Bugfix: after moving "sendmail -t" address extraction to
	sendmail, "-t" broke multi-line recipient headers.  Victor
	Duchovni, Morgan Stanley. File: sendmail/sendmail.c.

20030621

	Workaround: the safe_open(O_CREAT) race condition exploit
	avoiding code tries a little harder when it encounters a
	race condition. File: util/safe_open.c.

20030624

	Bugfix: reject_unverified_address() set the defer_if_reject
	flag when the verify service was unavailable (which never
	happens). Victor Duchovni, Morgan Stanley. File:
	smtpd/smtpd_check.c.

	New parameters address_verify_poll_{count,delay} that
	control how often to poll the address verification service
	for the completion of an address verification request.
	Specify address_verify_poll_count=1 to implement a crude
	form of greylisting, that is, always defer the first delivery
	attempt for an unknown address.  File: smtpd/smtpd_check.c.

	Bugfix: after the last change to postdrop, postcat no longer
	recognized non-maildrop queue files as valid. File:
	postcat/postcat.c.

20030629

	Cleanup: replaced references to "simulated virtual domains"
	by "virtual alias domains". Victor Duchovni, Morgan Stanley.

20030630

	Feature: smtp_quote_rfc821_envelope=(yes|no) to control
	RFC 821 style quoting of MAIL FROM and RCPT TO addresses.
	Files: global/mail_params.h, smtp/smtp.c, smtp/smtp_proto.c.

20030701

	Bugfix: multi-recipient probes triggered a bug in the SMTP
	client.  File: smtp/smtp_proto.c.

	Feature: enable_original_recipient (default: yes) to control
	whether Postfix keeps track of original recipient address
	information. Victor Duchovni, Morgan Stanley.  Files:
	cleanup/cleanup.c, cleanup/cleanup_init.c,
	cleanup/cleanup_out_recipient.c, global/log_adhoc.c,
	global/mail_copy.c, *qmgr/qmgr_message.c.

	Feature: !/pattern/ support for PCRE lookup tables.  Victor
	Duchovni, Morgan Stanley.  Files: util/dict_pcre.c.

	Cleanup: allow whitespace after patterns in repexp and pcre
	tables. Victor Duchovni, Morgan Stanley.  Files:
	util/dict_pcre.c, util/dict_regexp.c.

20030702

	Feature: CIDR lookup table support, very remotely based on
	code by Jozsef Kadlecsik. Files: proto/cidr_table,
	util/dict_cidr.[hc].

	Feature: TCP lookup table support, finally finished.  Files:
	proto/tcp_table, proto/dict_tcp.[hc].

20030705

	Feature: new receive_override_options parameter controls
	what happens before or after an external content filter:
	rejecting unknown recipients, canonical and virtual address
	mapping, address masquerading, automatic BCC recipients
	and header/body checks. This eliminates the need to configure
	multiple cleanup services in the master.cf file.

20030707

	Feature: context dependent SASL security options (i.e.
	different options when TLS is enabled/disabled). Lutz
	Jaenicke.  Files:  */*sasl_glue.[hc].

20030708

	Hardened the attr_scan routines for exposure to an untrusted
	environment, in preparation for possible use with SMTP
	policy delegation to an external server.

	Feature: address filter for RBL lookups, for use with
	multi-valued RBL services. File: smtpd/smtpd_check.c.

20030709

	Cleanup: use off_t instead of int for VSTREAM file offsets.
	This was needed for mailboxes > 2GB on 32-bit systems.
	Files: util/vstream.c, global/mail_copy.c.

20030710

	Support for multiple A and TXT results in RBL lookups.
	Victor Duchovni, Morgan Stanley.  File: smtpd/smtpd_check.c.

	Support for attribute-based query-reply protocols.  Files:
	util/attr_clnt.[hc], util/auto_clnt.[hc].

20030711

	Support for plain "name=value\n" attribute protocol.  Files:
	util/attr_{scan,print}_plain.c.

	Bugfix: the LMTP session caching code did not reset the
	EHLO server feature list when it needed to reconnect.
	Problem found by Tobias Erbsland.

20030712

	Feature: delegated SMTP policy server. As an example, see
	the greylisting server in examples/smtpd-policy.  Specify
	"check_smtpd_policy_service" in smtpd_mumble_restrictions.
	See SMTPD_POLICY_SERVICE_README for details.

20030716

	Bugfix: in the sample policy server, changed "ok" into
	"dunno" so the server can be used in the middle of a
	restriction list.

	Cleanup: when an RBL reply has multiple TXT records,
	concatenate them up to some reasonable limit, instead of
	selecting one randomly.  File:  smtpd/smtpd_check.c.

	Safety: always truncate SMTP server error replies to 512
	bytes.  File: smtpd/smtpd_check.c.

20030717

	Documentation: added description of policy_time_limit to
	the SMTPD_POLICY_README document.

	Documentation: corrected the command time limit parameter
	syntax in the spawn(8) manual page.

	Feature: defer_if_permit and defer_if_reject actions in
	access tables, mainly for use by the delegated policy
	server. Files: smtpd/smtpd_check.c, proto/access.

20030725

	The dict_pgsql module did not use dict_alloc() and dict_free(),
	causing improper initialization and a memory leak. Leandro
	Santi. File: util/dict_pgsql.c.

	Cleanup: added open_flags sanity checks to the dict_pgsql
	and dict_mysql modules. These maps must be opened in
	read-only mode.

20030731

	Bugfix: virtual(8) was changed to use mail_addr_find()
	instead of virtual8_maps_find(), but the SMTP server's
	virtual mailbox recipient validation was not updated.

20030804

	Bugfix: the 20030712 safety against invalid DNS results
	was broken. Reported by Ralf Hildebrandt. File:
	dns/dns_lookup.c.

20030805-12

	Safety: the pipe daemon now defers delivery with a warning
	when it is given a non-existent command-line macro name.
	File:  pipe/pipe.c.

20030810

	Bugfix: dict_ldap had a few harmless memory leaks.  By
	Liviu Daia.  File: util/dict_ldap.c.

	Feature: support for LDAP URLs in the LDAP parameter
	"server_host", if Postfix is linked against OpenLDAP.  This
	allows Postfix to connect to LDAP SSL sources.  By Liviu
	Daia.  File: util/dict_ldap.c.

20030811

	Cleanup: produce a warning when host:port specifies a badly
	formatted numerical port.  Files:  util/find_inet.c,
	smtp/smtp_connect.c, lmtp/lmtp_connect.c.

20030822

	Feature: the export_environment and import_environment
	parameters now accept name=value information that will be
	entered into the new environment. File: util/clean_env.c.

20030823

	Feature: smtpd_sasl_exceptions_networks parameter to prevent
	Postfix from offering AUTH  to clients that match the listed
	networks. Based on code by Ben Rosengart, Panix. Files:
	conf/sample-auth.cf, smtpd/smtpd.c.

20030902

	Portability: the Postfix master resets the file size to
	the largest possible off_t value when the actual limit
	appears to overflow the off_t range. Files: util/sys_defs.h,
	util/file_limit.c. A fine sample of bit banging.

20030905

	Workaround: Solaris 8 select() claims that a non-blocking
	socket is readable and then read() fails with EAGAIN. Files:
	util/timed_read.c and as precautionary measure,
	util/timed_write.c.

	Bugfix: dict_register() should not be called from dict_open()
	in dict_mysql and dict_pgsql.  Liviu Daia.  Files:
	util/dict_mysql.c, util/dict_pgsql.c.

	Feature: LDAP parameters can now be specified in external
	files.  This makes it possible to securely store bind
	passwords for plain auth outside of main.cf (which is world
	readable).  By Liviu Daia, based on a suggestion by Victor
	Duchovni and Lamont Jones.  File: util/dict_ldap.c.

	Feature: STARTTLS option for LDAP, if Postfix is linked
	against OpenLDAP.  By Liviu Daia, amended by Victor Duchovni.
	File:  util/dict_ldap.c.

	Cleanup: connections to LDAP sources are now postponed
	until they are actually needed.  By Liviu Daia.  File:
	util/dict_ldap.c.

20030908

	The 20030905 Solaris workaround triggers too many warnings.
	TCP sockets are back to blocking, and keepalives are turned
	on to kill off dead sockets, as suggested by Leandro Santi.
	Files: master/{single,multi}_server.c, smtpd/smtpd.c,
	util/sys_defs.h.

20030909

	Bugfix: the LMTP session caching code had problems with
	SASL authentication after the first connection, and pipelining
	was working poorly.  Fix by Victor Duchovni, Morgan Stanley.
	Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.

20030912

	Workaround: besides SMTP server sockets, SMTP client sockets
	can also hang on Solaris, as reported by Leandro Santi. In
	order to deal with this at the root, all connection management
	is now done by sane_accept() and sane_connect().  Both turn
	on keepalives on Solaris.

20030913

	Safety: set-gid commands don't trust TZ.  File: msg_syslog.c.

20030914

	Address extension propagation wasn't documented enough when
	it was added to Postfix. Based on patches by Roman Neuhauser.

	Added clarifying notes to main.cf, master.cf and access by
	Dean Gibson.

	In header/body_checks, DUNNO is now the preferred action
	instead of the now deprecated OK. This may confuse fewer
	people.

	In header/body_checks, allow text after IGNORE and DUNNO,
	suggested by Victor Duchovni, Morgan Stanley.  File:
	src/cleanup/cleanup_message.c.

	Feature: reject_rhsbl_helo. File: smtpd/smtpd_check.c.

	Bugfix? The LMTP and SMTP clients now send "MAIL FROM:<sender>
	AUTH=<>" when SASL authenticated. Suggested by by Victor
	Duchovni, Morgan Stanley. Files: smtp/smtp_proto.c,
	lmtp/lmtp_proto.c.

20030915

	Bugfix: mail rejected by the before-queue content filter
	was mis-labeled as a software error; it should be labeled
	as a policy error instead. File: smtpd/smtpd.c.

	Cleanup: postcat is now null-byte transparent. File:
	postcat/postcat.c.

20030916

	Feature: ``check_{sender,recipient}_mx_access maptype:mapname''
	applies the named Postfix access table to the MX host name
	and IP addresses for the sender or recipient address. If
	no MX record is found, the A record is used instead. File:
	smtpd/smtpd_check.c.

	Feature: ``check_{sender,recipient}_ns_access maptype:mapname''
	applies the named Postfix access table to the DNS server
	hostname and IP addresses for the sender or recipient
	address. If no NS record is found, the parent domain is
	used instead. File: smtpd/smtpd_check.c.

20030917

	Feature: ``check_helo_{ns,mx}_access maptype:mapname'',
	same semantics as sender and recipient.

	Multiple LDAP lookup tables in the one Postfix process now
	share one LDAP connection. Code by Victor Duchovni, Morgan
	Stanley.  File: util/dict_ldap.c.

	Performance: with prefix_domain specified for an LDAP lookup
	table, lookups of @domain are skipped. Code by Victor
	Duchovni, Morgan Stanley.  File: util/dict_ldap.c.

	Safety: check_mumble_{mx,ns}_access refuses to be used for
	whitelisting. The Postfix SMTP server will reject the
	request with "451 server configuration error" and will log
	a warning explaining why. File: smtpd/smtpd_check.c.

20030918

	Bugfix: check_mumble_ns_access did not correctly look up
	NS records of parent domains, causing mail to be deferred
	with a 450 status code. File: smtpd/smtpd_check.c.

20030919

	Robustness: check_mumble_{mx,ns}_access skip over DNS lookup
	failures instead of deferring mail. This is not as bad as
	it appears to be because the restrictions can't be used
	for whitelisting.  File: smtpd/smtpd_check.c.

20030920

	Bugfix: the 20030917 LDAP connection sharing code introduced
	a compilation problem with non-OpenLDAP implementations.
	Fix by Liviu Daia. File: util/dict_ldap.c

	Compatibility: the LDAP server_host parameter now supports
	all the usual Postfix list element delimiters. Some LDAP
	libraries support just SPACE, others SPACE and ",". Postfix
	now normalizes the host list into a space separated format.
	This is less surprising to Postfix users used to the full
	range of delimeters in other contexts. Implemented by Liviu
	Daia. File: util/dict_ldap.c

	Bugfix: after returning too old mail, the bounce daemon
	now locks the original queue file and deletes deferred
	recipients, to avoid repeated bounce notifications when
	the queue manager is restarted. Files:  bounce/*.[hc],
	global/bounce_log.[hc], global/{bounce,defer}.[hc] and
	everything that invokes these routines including queue
	manager and delivery agents.

20030922

	Feature: "XADDR address hostname" SMTP command, for SMTPD
	restriction debugging, and for sites with fetchmail-like
	software that extracts client information from the first
	Received:  header. The smtpd_authorized_xaddr_clients
	parameter specifies what clients are allowed to use XADDR
	(default: none).  Files:  smtpd/smtpd.c.

20031015

	Workaround: smtpd access maps should not apply subdomain
	name magic to numerical hostnames. File: smtpd/smtpd_check.c.

	Safety: the local delivery agent now defers delivery when
	alias lookup produces an empty result. File: local/alias.c.

20031019

	Workaround: disable request/reply size limit in attr_scan*.c
	to prevent mail from getting stuck when rewriting a malformed
	message header.  This limit was turned on with snapshot
	20030715 to harden the protocol that is used by SMTPD policy
	delegation. A "no code change" workaround is to specify
	"header_size_limit = $line_length_limit".  The proper fix
	is to enforce request/reply size limits only for data from
	outside of Postfix. Problem reported by Brandon Mullenberg,
	Dialup USA. Files:  util/attr_scan*.c.

	Feature: "XLOGINFO address hostname" SMTP command, so that
	Postfix daemons behind SMTPD pass-through proxies log useful
	client name/address information instead of localhost[127.0.0.1].
	The smtpd_authorized_xloginfo_clients parameter specifies
	what clients are allowed to use XLOGINFO (default: none).
	Files:  smtpd/smtpd.c.

	Cleanup: renamed the authorized_verp_clients parameter to
	smtpd_authorized_verp_clients for consistency.

20031021

	Workaround: the demo greylist script now uses BTREE instead
	of HASH files for hopefully better stability. The real fix
	is to use a single updater process that serves multiple
	clients. That approach seems to work well with the verify
	daemon. File: examples/smtpd-policy/smtpd-policy.pl.

20031022

	Safety: the SMTP server now warns when the queue_minfree
	value is less than twice the message size limit. File:
	smtpd/smtpd.c.

	Safety:  the SMTP server no longer accepts mail when the
	amount of free space is less than twice the message size
	limit.  File: smtpd/smtpd_check.c.

	Safety: log a warning and defer mail when canonical or
	virtual lookups return a non-address result (like a string
	that contains no address). File: global/mail_addr_map.c.

	Safety: log a warning and defer mail when any map lookup
	returns an empty string result, and explain that "no result"
	is expected in case of a "not found" condition. This happens
	with incorrectly implemented SQL or LDAP tables. File:
	global/maps_find.c.

20031023

	Bugfix: the MYSQL and PGSQL modules invoked dict_register().
	This was fixed a while ago but never made it into the
	distribution. Files: util/dict*sql.c.

	Robustness: added three ISSPACE() calls in the smtpd proxy
	parser. File: smtpd/smtpd_proxy.c.

20031024

	Portability: added localhost to mydestination for sites
	that turn off append_dot_mydomain. File: global/mail_params.h.

20031027

	Portability: MacOS X Bind8 compatibility. File: makedefs.

20031103

	Robustness: flush pipelined "." and "quit" replies to avoid
	repeated deliveries in case of a program crash (you know,
	the kind of thing that happens before Postfix release :-).
	File:  smtpd/smtpd.c.

20031105

	Portability: turn off NETINFO support for MacOS X Panther
	by default. Files: makedefs, util/sys_defs.h.

20031106

	Feature: the sample greylist policy server is now case
	insensitive.  File: examples/smtpd-policy/smtpd-policy.pl.

20031103-20031110

	Feature: preliminary defense against SMTP clients that
	hammer the SMTP server with too many simultaneous or
	successive connection attempts, with a whitelist capability
	to disable the restriction for authorized clients.  Most
	work is implemented by a new "anvil" server.  Parameters:
	smtpd_client_connection_count_limit, smtpd_client_connection-
	_rate_limit, smtpd_client_connection_limit_exceptions, and
	client_connection_rate_time_unit.  Documentation:  smtpd(8),
	anvil(8), sample-smtpd.cf. Files:  smtpd/smtpd.c,
	global/anvil_clnt.[hc], anvil/anvil.c.  The anvil server
	logs peak count and rate information per client when it
	terminates after running out of work or after "postfix
	reload".

20031110

	Cleanup: Postfix now supports the /0 netmask (match every
	address).  This is useful as a catch-all pattern at the
	end of a table.  Files:  util/dict_cidr.c, util/match_ops.c.

	Cleanup: don't report that $queue_directory/etc/filename
	differs from /etc/filename when /etc/filename does not
	exist.  File: conf/postfix-script.

20031112

	Feature: client_connection_status_update_time parameter
	controls periodic logging of maximal connection counts or
	rates.  The default logging interval is 10 minutes.

	Feature: "make makefiles WARN=stuff..." overrides the
	built-in GCC warning options that are used when "make" is
	invoked from within a source subdirectory. Files:  makedefs,
	*/Makefile.in.

20031125

	Feature: qmgr logs "queueid: deleted", just like postsuper,
	when it removes a message from the mail queue.

	Performance: smtpd connects to the cleanup or proxy server
	AFTER the first valid RCPT TO command, instead of after
	the first valid MAIL FROM command. This avoid wasting
	real-time proxy filter resources when mail is stopped by
	the SMTP server's access blocks.  File: smtpd/smtpd.c.

20031126

	Bugfix: "panic: mymalloc: requested length 0" when master.cf
	specified an invalid host name or address.  Postfix now
	logs more specific information. File:  master/master_ent.c.
	Reported by several people.

20031125-20031201

	Feature: XCLIENT support to override the SMTP server's
	client information for logging and/or access control. This
	replaces the short-lived XADDR and XLOGINFO extensions.
	Remotely based on code by Victor Duchovni.  See FILTER_README
	and SMTPD_PROXY_README for usage details. Files:
	smtpd/{smtpd,smtpd_check,smtpd_proxy,smtpd_xclient}.c
	smtp/smtp_smtp_proto.c, *qmgr/qmgr_message.c,
	global/deliver_request.c.

20031202

	Cleanup: postfix-files now has support for files that are
	no longer part of Postfix. When upgrading Postfix, the
	post-install script gives the user a reminder. Files:
	conf/postfix-files, conf/post-install.

20031203

	Support for SMTPD access map actions (FILTER, REDIRECT,
	HOLD or DISCARD) that are delegated to the cleanup server,
	but can trigger before the first valid recipient address
	is accepted (and thus, before a cleanup server connection
	is available).  Files:  smtpd/{smtpd,smtpd_state,smtpd_check}.c.

20031204

	Bugfix: conf/post-install didn't skip non-existent obsolete
	files.  Victor Duchovni.

	Minor cleanups of the xclient error messages; xclient
	command lookup tables. File: smtpd/smtpd.c.

20031206

	Feature: reject_sender_login_mismatch allows multiple owners
	of a sender address.  Code by Liviu Daia.  Files:
	smtpd/smtpd_check.c and documentation.

	reject_sender_login_mismatch is now implemented by elementary
	features reject_unauthenticated_sender_login_mismatch
	(reject if the client is not SASL logged in but the sender
	address has an owner in smtpd_sender_login_maps) and
	reject_authenticated_sender_login_mismatch (reject if the
	client is SASL logged in but does not own the sender
	address).  Code by Liviu Daia.  Files: smtpd/smtpd_check.c
	and documentation.

20031207

	Bugfix: fallback_transport and mailbox_transport were broken
	because the deliver_pass.c module was not updated for the
	changed message delivery protocol.

20031211

	Safety: in dynamically growing data structures, update the
	length info after (instead of before) updating the data
	size. Files:  util/argv.c, util/inet_addrlist.c, util/intv.c,
	util/mvect.c, util/vstring.c, global/recipient_list.c,
	*qmgr/qmgr_rcpt_list.c.

20031212

	Cleanup: separate extensions XCLIENT (impersonate SMTP
	client) and XFORWARD (down-stream logging of up-stream MTA
	and/or message information, not necessarily SMTP related).
	The protocol is extensible: the server advertises what
	attributes XCLIENT or XFORWARD will accept, and it is an
	error to send an unsupported attribute.  No xtext encoding
	is used, since no attribute currently needs it.  See also:
	XCLIENT_README and XFORWARD_README.

20031214

	Feature: XFORWARD support in the LMTP client.

20031215

	Safety: updated mail_queue_id_ok() for long fast flush
	logfile names. File: global/mail_queue.c.

	Robustness: save and restore the resolver _res.options
	settings before and after DNS lookup, to avoid surprises
	in third-party code. This may eliminate some "localhost
	not found" problems. File: dns/dns_lookup.c.

20031216

	Cleanup:  easier to parse mailq output (no more space
	between short queue ID and message status).  File:
	showq/showq.c.

20031216-21

	Cleanup: the SMTP client now moves on to the next MX host
	or fallback relay when delivery fails in the middle of an
	SMTP session. This includes both broken connections and
	4xx SMTP server replies.  Files:  smtp/smtp.c, smtp_rcpt.c,
	smtp/smtp_connect.c, smtp_trouble.c.

	Configuration parameters: smtp_mx_address_limit (limit the
	list of IP addresses from MX lookup), and smtp_mx_session_limit
	(limit the number of actual SMTP sessions per delivery
	attempt, ignoring unusable MX IP addresses).

	The new code centers around a mark-and-sweep algorithm
	(replacing code that twiddled the rcpt->offset structure
	member), with paranoid sanity checks to ensure that every
	recipient is explicitly accounted for.

20031217

	Update: LDAP client logging (Liviu Daia) and LDAP client
	documentation (Victor Duchovni). Files: util/dict_ldap.c,
	conf/sample-ldap.cf, README_FILES/LDAP_README.

20031222

	Cleanup: shaved half the worst-case bits off the cleanup
	duplicate address filter footprint. After discussion with
	Victor Duchovni. File: cleanup/cleanup_out_recipient.c.

	Safety: added "mail loops to myself" logic for destinations
	that don't have an MX host.  File: smtp/smtp_addr.c.

20031223

	Workaround: turn off "mail loops to myself" for non-MX
	destinations because it breaks SMTP-based content filters.
	Fix is to turn off loop detection when a non-default TCP
	port is specified.  File: smtp/smtp_addr.c.

	Bugfix: restore errno after write failure in SIGCHLD handler.
	Leandro Santi (who got the idea from Hernan Perez Masci).
	File: master/master_sig.c.

	Bugfix: the auto_clnt module disconnected too early, causing
	unnecessary work by the anvil server.

	Cleanup: eliminated binary hashes from anvil server. Anvil
	client information is now stored on top of its VSTREAM.

20031226

	Feature: bounce_queue_lifetime parameter (default:
	$maximal_queue_life_time) that bounds the time that
	MAILER-DAEMON messages spend in the queue before they are
	considered undeliverable.

	Feature: disable "mail loops back to myself" protection
	when SMTP mail is sent to a non-standard port. This makes
	setting up content filters less painful.

	Cleanup: disallow bare x.x.x.x numeric IP addresses in
	email addresses. The form user@[x.x.x.x] is still allowed.

	Cleanup: cleaned up the naming of internal symbols in the
	SMTP client.

20031231

	Bugfix: stricter address syntax test broke "sendmail -bs".
	File: smtpd/smtpd.c.

20040101

	Cleanup: the Postfix SMTP server rejects a MAIL FROM address
	that matches a local, virtual or relay domain, while the
	address is not listed in the corresponding local, virtual
	or relay recipient table.

	Feature: the reject_unlisted_sender(recipient) SMTPD access
	restriction rejects an address that matches a local, virtual
	or relay domain, while the address is not listed in the
	corresponding local, virtual or relay recipient table.

	Compatibility: the check_recipient_maps restriction works
	like reject_unlisted_recipient, but will eventually be
	removed from Postfix.

20040102

	Misc documentation cleanup by Loic Minier.

20040104

	Workaround: MacOSX dumps core on the 20030913 TZ censoring
	code. We explictly set TZ=UTC, which will produce incorrect
	results when "mailq" formatting is moved from the showq
	daemon to the postqueue command.   File: msg_syslog.c.

	Feature: after mail is requeued with "postsuper -r", the
	pickup server logs the old queue ID together with the new
	queue ID.  Victor Duchovni. File: pickup/pickup.c.

	Feature: smtpd_sasl_application_name parameter (default:
	smtpd) to control the name of the SASL configuration file
	used by the Postfix SMTP server. Liviu Daia. Files:
	mail_params.h, smtpd.c, smtpd_sasl_glue.c.

	Cleanup: the LDAP client configuration parser is now shared
	between the LDAP, MySQL, and PGSQL clients.  Liviu Daia.
	Files: global/cfgparser.[hc], global/dict_ldap.c,
	global/dict_mysql.c, global/dict_pgsql.c and documentation.

	Cleanup: moved "util" modules with dependencies on higher-level
	"global" code from the util directory to the global directory:
	util/dict_open.c, global/cfgparser.[hc], global/dict_ldap.c,
	global/dict_mysql.c, global/dict_pgsql.c, global/mail_dict.c.

	Cleanup: the new queue manager nqmgr replaces the default
	queue manager qmgr, leaving behind a hard link for backwards
	compatibility. The old queue manager remains available as
	as oqmgr but will eventually be removed.

	Bugfix: vstring_get() etc. now return VSTREAM_EOF when they
	terminate prematurely, instead of returning the last