Postfix version 2.0 patchlevel 10 fixes lots of documentation and
a few minor code problems, none of which security related as usual.

- Spurious but harmless warnings from nqmgr after "postsuper -r"
to requeue files that already had some recipients delivered.

- The proxy_read_maps parameter did not recognize "," as separator.

- Defer delivery after .forward etc. file read error.

- The message_size_limit was also applied when running "newaliases",
so that the result could be truncated.

Prereq: "2.0.9"
diff -cr /tmp/postfix-2.0.9/src/global/mail_version.h ./src/global/mail_version.h
*** /tmp/postfix-2.0.9/src/global/mail_version.h	Fri Apr 18 10:26:12 2003
--- ./src/global/mail_version.h	Wed May 21 15:20:41 2003
***************
*** 20,29 ****
    * Patches change the patchlevel and the release date. Snapshots change the
    * release date only, unless they include the same bugfix as a patch release.
    */
! #define MAIL_RELEASE_DATE	"20030418"
  
  #define VAR_MAIL_VERSION	"mail_version"
! #define DEF_MAIL_VERSION	"2.0.9"
  extern char *var_mail_version;
  
   /*
--- 20,29 ----
    * Patches change the patchlevel and the release date. Snapshots change the
    * release date only, unless they include the same bugfix as a patch release.
    */
! #define MAIL_RELEASE_DATE	"20030521"
  
  #define VAR_MAIL_VERSION	"mail_version"
! #define DEF_MAIL_VERSION	"2.0.10"
  extern char *var_mail_version;
  
   /*
diff -cr /tmp/postfix-2.0.9/HISTORY ./HISTORY
*** /tmp/postfix-2.0.9/HISTORY	Fri Apr 18 10:27:21 2003
--- ./HISTORY	Wed May 21 18:48:33 2003
***************
*** 7727,7735 ****
  	and 2) MIME input processing is turned off, and 3) MIME
  	8bit->7bit conversion is requested upon delivery via SMTP.
  
  Open problems:
  
!         Low: smtp-source may block when sending large test messages.
  
  	Low: after successful delivery, per-queue window += 1/window,
  	after failure, queue window -= 1 (Victor).
--- 7727,7774 ----
  	and 2) MIME input processing is turned off, and 3) MIME
  	8bit->7bit conversion is requested upon delivery via SMTP.
  
+ 20030424
+ 
+ 	Cleanup: readlline() did not terminate the result before
+ 	complaining about lines starting with whitespace.
+ 
+ 	Cleanup: eliminated valid_hostname warning for invalid
+ 	queue file names. File: global/mail_queue.c.
+ 
+ 	Bugfix: the Postfix sendmail command applied the message
+ 	size limit when running as newaliases. The limiting code
+ 	is now moved to the message enqueuing branch of the code.
+ 	File: sendmail/sendmail.c.
+ 
+ 20030429
+ 
+ 	Bugfix: "," was not recognized in proxy_read_maps settings.
+ 	Fix by Leandro Santi. File: proxymap/proxymap.c.
+ 
+ 20030502
+ 
+ 	Bugfix: defer delivery after .forward etc. file read error.
+ 	File: local/token.c. Problem reported by Ben Rosengart,
+ 	Panix.
+ 
+ 20030520
+ 
+ 	Cleanup: future time stamps in Received: headers and negative
+ 	delays in delivery agent logging after "postdrop -r",
+ 	because deferred queue files had future file modification
+ 	times.  File:  src/postsuper/postsuper.c.
+ 
+ 20030521
+ 
+ 	Cleanup: nqmgr warnings about "recipient count mismatch"
+ 	after "postdrop -r", because the cleanup server did not
+ 	count the "already done" recipients. Problem reported by
+ 	Richard Stockton, Gramma Software. Files:
+ 	cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c
+ 
  Open problems:
  
! 	Low: smtp-source may block when sending large test messages.
  
  	Low: after successful delivery, per-queue window += 1/window,
  	after failure, queue window -= 1 (Victor).
diff -cr /tmp/postfix-2.0.9/README_FILES/FILTER_README ./README_FILES/FILTER_README
*** /tmp/postfix-2.0.9/README_FILES/FILTER_README	Tue Mar  4 08:47:56 2003
--- ./README_FILES/FILTER_README	Tue Apr 29 09:09:37 2003
***************
*** 236,243 ****
  
  Note: the localhost port 10025 SMTP server filter should announce
  itself as "220 localhost...".  Postfix aborts delivery when it
! connects to an SMTP server that uses the same hostname, because
! that normally means you have a mail delivery loop problem.
  
  The example here assumes that the /some/where/filter command is a
  PERL script. PERL has modules that make talking SMTP easy. The
--- 236,244 ----
  
  Note: the localhost port 10025 SMTP server filter should announce
  itself as "220 localhost...".  Postfix aborts delivery when it
! connects to an SMTP server that uses the same hostname as Postfix
! ("host <servername> greeted me with my own hostname"), because that
! normally means you have a mail delivery loop problem.
  
  The example here assumes that the /some/where/filter command is a
  PERL script. PERL has modules that make talking SMTP easy. The
***************
*** 280,288 ****
  The "-o local_recipient_maps=" and "-o relay_recipient_maps=" avoid
  unnecessary table lookups.
  
! The "-o myhostname=localhost.domain.tld" avoids a possible problem
! if your content filter is based on a proxy that simply relays SMTP
! commands.
  
  The "-o smtpd_xxx_restrictions" and "-o mynetworks=127.0.0.0/8"
  turn off UCE controls that would only waste time here.
--- 281,289 ----
  The "-o local_recipient_maps=" and "-o relay_recipient_maps=" avoid
  unnecessary table lookups.
  
! The "-o myhostname=localhost.domain.tld" avoids false alarms ("host
! <servername> greeted me with my own hostname") if your content
! filter is based on a proxy that simply relays SMTP commands.
  
  The "-o smtpd_xxx_restrictions" and "-o mynetworks=127.0.0.0/8"
  turn off UCE controls that would only waste time here.
diff -cr /tmp/postfix-2.0.9/README_FILES/SASL_README ./README_FILES/SASL_README
*** /tmp/postfix-2.0.9/README_FILES/SASL_README	Tue Mar  4 09:27:37 2003
--- ./README_FILES/SASL_README	Sun Apr 20 10:35:06 2003
***************
*** 50,56 ****
  
  SASL authentication information is not passed on via message headers
  or via SMTP.  It is no-one's business what username and authentication
! method the poster was using in order to access the mail server.
  
  When sending mail, Postfix looks up the server hostname or destination
  domain (the address remote part) in a table, and if a username/password
--- 50,57 ----
  
  SASL authentication information is not passed on via message headers
  or via SMTP.  It is no-one's business what username and authentication
! method the poster was using in order to access the mail server. The
! people who need to know can find the information in the maillog file.
  
  When sending mail, Postfix looks up the server hostname or destination
  domain (the address remote part) in a table, and if a username/password
***************
*** 226,231 ****
--- 227,245 ----
  
  mmencode is part of the metamail software.
  MIME::Base64 is available from www.cpan.org.
+ 
+ Trouble shooting the SASL internals
+ ===================================
+ 
+ [based on text by Liviu Daia]
+ 
+ In the Cyrus SASL sources you'll find a subdirectory named "sample".
+ Run make there, then run the resulting sample server and client in
+ separate terminals.  Strace / ktrace / truss the server to see what
+ makes it unhappy, fix the problem, then write the authors thanking
+ them for providing such useful logging.  Repeat the previous step
+ until you can successfully authenticate with the sample client.
+ Only then get back to Postfix.
  
  Enabling SASL authentication in the Postfix SMTP client
  =======================================================
diff -cr /tmp/postfix-2.0.9/README_FILES/VIRTUAL_README ./README_FILES/VIRTUAL_README
*** /tmp/postfix-2.0.9/README_FILES/VIRTUAL_README	Wed Dec 11 17:04:45 2002
--- ./README_FILES/VIRTUAL_README	Sat Apr 26 14:41:18 2003
***************
*** 24,35 ****
  maps, and the mailbox location map can specify either mailbox or
  maildir delivery (controlled by trailing slash on mailbox name).
  
! The agent does not support user+foo address extensions, aliases or
! .forward files (use the virtual table instead), and therefore
! doesn't support file or program aliases. This choice was made to
! simplify and streamline the code (it allowed me to dispense with
! 70% of local's code - mostly the bits that are a security headache)
! - if you need this functionality, this agent isn't for you.
  
  It also doesn't support writing to a common spool as root and then
  chowning the mailbox to the user - I felt this functionality didn't
--- 24,36 ----
  maps, and the mailbox location map can specify either mailbox or
  maildir delivery (controlled by trailing slash on mailbox name).
  
! The agent allows but ignores user+foo address extensions, does not
! support aliases or .forward files (use the virtual table instead),
! and therefore doesn't support file or program aliases. This choice
! was made to simplify and streamline the code (it allowed me to
! dispense with 70% of local's code - mostly the bits that are a
! security headache) - if you need this functionality, this agent
! isn't for you.
  
  It also doesn't support writing to a common spool as root and then
  chowning the mailbox to the user - I felt this functionality didn't
***************
*** 67,73 ****
  
      Specifies the list of domains that should be delivered to the
      $virtual_transport delivery agent (default: virtual). As of
!     version 1.2, Postfix is smart enough that you don't have to
      list every virtual domain in a Postfix transport map.
  
  virtual_mailbox_maps
--- 68,74 ----
  
      Specifies the list of domains that should be delivered to the
      $virtual_transport delivery agent (default: virtual). As of
!     version 2.0, Postfix is smart enough that you don't have to
      list every virtual domain in a Postfix transport map.
  
  virtual_mailbox_maps
***************
*** 160,168 ****
  ==============================================================
  
  This example does not use the Postfix local delivery agent at all.
! With this configuration Postfix does no user+foo address extension,
! no alias expansion, no .forward file expansion, and no lookups of
! recipients in /etc/passwd.
  
  Instead of "hash" specify "dbm" or "btree", depending on your system
  type.  The command "postconf -m" displays possible lookup table
--- 161,169 ----
  ==============================================================
  
  This example does not use the Postfix local delivery agent at all.
! With this configuration Postfix does no alias expansion, no .forward
! file expansion, no lookups of recipients in /etc/passwd, and allows
! but ignores user+foo address extensions.
  
  Instead of "hash" specify "dbm" or "btree", depending on your system
  type.  The command "postconf -m" displays possible lookup table
diff -cr /tmp/postfix-2.0.9/conf/master.cf ./conf/master.cf
*** /tmp/postfix-2.0.9/conf/master.cf	Sat Mar  8 15:46:58 2003
--- ./conf/master.cf	Sun Apr 27 18:51:13 2003
***************
*** 1,8 ****
  #
! # Postfix master process configuration file.  Each line describes how
! # a mailer component program should be run. The fields that make up
! # each line are described below. A "-" field value requests that a
! # default value be used for that field.
  #
  # Service: any name that is valid for the specified transport type
  # (the next field).  With INET transports, a service is specified as
--- 1,14 ----
  #
! # Postfix master process configuration file.  Each logical line
! # describes how a Postfix daemon program should be run.
! #
! # A logical line starts with non-whitespace, non-comment text. 
! # Empty lines and whitespace-only lines are ignored, as are comment
! # lines whose first non-whitespace character is a `#'.
! # A line that starts with whitespace continues a logical line.
! #
! # The fields that make up each line are described below. A "-" field
! # value requests that a default value be used for that field.
  #
  # Service: any name that is valid for the specified transport type
  # (the next field).  With INET transports, a service is specified as
***************
*** 58,69 ****
  #
  # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
  # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
- #
- # DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR
- # POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD
- #
- # DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL
- # DELIVER MAIL MULTIPLE TIMES.
  #
  # DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
  #
--- 64,69 ----
diff -cr /tmp/postfix-2.0.9/conf/pcre_table ./conf/pcre_table
*** /tmp/postfix-2.0.9/conf/pcre_table	Wed Dec 18 21:18:42 2002
--- ./conf/pcre_table	Wed May 21 15:21:42 2003
***************
*** 135,141 ****
  # 
  # EXAMPLE SMTPD ACCESS MAP
  #        # Protect your outgoing majordomo exploders
! #        /^(?!owner-)(.*)-outgoing@/     550 Use ${1}@${2} instead
  # 
  #        # Bounce friend@whatever, except when whatever is our domain (you would
  #        # be better just bouncing all friend@ mail - this is just an example).
--- 135,141 ----
  # 
  # EXAMPLE SMTPD ACCESS MAP
  #        # Protect your outgoing majordomo exploders
! #        /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead
  # 
  #        # Bounce friend@whatever, except when whatever is our domain (you would
  #        # be better just bouncing all friend@ mail - this is just an example).
diff -cr /tmp/postfix-2.0.9/conf/sample-mime.cf ./conf/sample-mime.cf
*** /tmp/postfix-2.0.9/conf/sample-mime.cf	Sat Dec 21 16:53:01 2002
--- ./conf/sample-mime.cf	Mon May 19 08:20:17 2003
***************
*** 66,69 ****
  # 
  # This blocks mail from poorly written mail software.
  # 
! strict_mime_domain_encoding = no
--- 66,69 ----
  # 
  # This blocks mail from poorly written mail software.
  # 
! strict_mime_encoding_domain = no
diff -cr /tmp/postfix-2.0.9/conf/sample-pcre-access.cf ./conf/sample-pcre-access.cf
*** /tmp/postfix-2.0.9/conf/sample-pcre-access.cf	Tue Sep 17 10:19:48 2002
--- ./conf/sample-pcre-access.cf	Fri May  2 09:25:21 2003
***************
*** 45,51 ****
  
  # Protect your outgoing majordomo exploders
  #
! /^(?!owner-)(.*)-outgoing@/		550 Use ${1}@${2} instead
  
  
  # Bounce friend@whatever, except when whatever is our domain (you would
--- 45,51 ----
  
  # Protect your outgoing majordomo exploders
  #
! /^(?!owner-)(.*)-outgoing@(.*)/		550 Use ${1}@${2} instead
  
  
  # Bounce friend@whatever, except when whatever is our domain (you would
diff -cr /tmp/postfix-2.0.9/conf/sample-regexp-access.cf ./conf/sample-regexp-access.cf
*** /tmp/postfix-2.0.9/conf/sample-regexp-access.cf	Tue Sep 17 10:14:00 2002
--- ./conf/sample-regexp-access.cf	Fri May  2 09:24:56 2003
***************
*** 30,33 ****
  /^postmaster@/				OK
  
  # Protect your outgoing majordomo exploders
! /^(.*)-outgoing@(.*)$/!/^owner-.*/	550 Use ${1}@${2} instead
--- 30,35 ----
  /^postmaster@/				OK
  
  # Protect your outgoing majordomo exploders
! if !/^owner-.*/
! /^(.*)-outgoing@(.*)$/			550 Use ${1}@${2} instead
! endif
diff -cr /tmp/postfix-2.0.9/html/cleanup.8.html ./html/cleanup.8.html
*** /tmp/postfix-2.0.9/html/cleanup.8.html	Thu Dec 19 20:35:08 2002
--- ./html/cleanup.8.html	Wed May 21 15:21:42 2003
***************
*** 133,139 ****
                ple,  bounces  from  qmail  or from old versions of
                Postfix).
  
!        <b>strict</b><i>_</i><b>mime</b><i>_</i><b>domain</b><i>_</i><b>encoding</b>
                Reject mail with invalid <b>Content-Transfer-Encoding:</b>
                information  for  message/*  or  multipart/*.  This
                blocks mail from poorly written software.
--- 133,139 ----
                ple,  bounces  from  qmail  or from old versions of
                Postfix).
  
!        <b>strict</b><i>_</i><b>mime</b><i>_</i><b>encoding</b><i>_</i><b>domain</b>
                Reject mail with invalid <b>Content-Transfer-Encoding:</b>
                information  for  message/*  or  multipart/*.  This
                blocks mail from poorly written software.
diff -cr /tmp/postfix-2.0.9/html/pcre_table.5.html ./html/pcre_table.5.html
*** /tmp/postfix-2.0.9/html/pcre_table.5.html	Wed Dec 18 21:18:46 2002
--- ./html/pcre_table.5.html	Wed May 21 15:21:43 2003
***************
*** 136,142 ****
  
  <b>EXAMPLE</b> <b>SMTPD</b> <b>ACCESS</b> <b>MAP</b>
         # Protect your outgoing majordomo exploders
!        /^(?!owner-)(.*)-outgoing@/     550 Use ${1}@${2} instead
  
         # Bounce friend@whatever, except when whatever is our domain (you would
         # be better just bouncing all friend@ mail - this is just an example).
--- 136,142 ----
  
  <b>EXAMPLE</b> <b>SMTPD</b> <b>ACCESS</b> <b>MAP</b>
         # Protect your outgoing majordomo exploders
!        /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead
  
         # Bounce friend@whatever, except when whatever is our domain (you would
         # be better just bouncing all friend@ mail - this is just an example).
diff -cr /tmp/postfix-2.0.9/man/man5/pcre_table.5 ./man/man5/pcre_table.5
*** /tmp/postfix-2.0.9/man/man5/pcre_table.5	Wed Dec 18 21:18:43 2002
--- ./man/man5/pcre_table.5	Wed May 21 15:21:42 2003
***************
*** 119,125 ****
  .na
  .nf
  # Protect your outgoing majordomo exploders
! /^(?!owner-)(.*)-outgoing@/     550 Use ${1}@${2} instead
  
  # Bounce friend@whatever, except when whatever is our domain (you would
  # be better just bouncing all friend@ mail - this is just an example).
--- 119,125 ----
  .na
  .nf
  # Protect your outgoing majordomo exploders
! /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead
  
  # Bounce friend@whatever, except when whatever is our domain (you would
  # be better just bouncing all friend@ mail - this is just an example).
diff -cr /tmp/postfix-2.0.9/man/man8/cleanup.8 ./man/man8/cleanup.8
*** /tmp/postfix-2.0.9/man/man8/cleanup.8	Thu Dec 19 20:35:07 2002
--- ./man/man8/cleanup.8	Wed May 21 15:21:42 2003
***************
*** 121,127 ****
  request contains valid 8-bit MIME mail, and it breaks bounces from
  mailers that do not properly encapsulate 8-bit content (for example,
  bounces from qmail or from old versions of Postfix).
! .IP \fBstrict_mime_domain_encoding\fR
  Reject mail with invalid \fBContent-Transfer-Encoding:\fR
  information for message/* or multipart/*. This blocks mail
  from poorly written software.
--- 121,127 ----
  request contains valid 8-bit MIME mail, and it breaks bounces from
  mailers that do not properly encapsulate 8-bit content (for example,
  bounces from qmail or from old versions of Postfix).
! .IP \fBstrict_mime_encoding_domain\fR
  Reject mail with invalid \fBContent-Transfer-Encoding:\fR
  information for message/* or multipart/*. This blocks mail
  from poorly written software.
diff -cr /tmp/postfix-2.0.9/proto/pcre_table ./proto/pcre_table
*** /tmp/postfix-2.0.9/proto/pcre_table	Wed Dec 18 21:01:46 2002
--- ./proto/pcre_table	Fri May  2 09:27:58 2003
***************
*** 111,117 ****
  #	or $(n) if they aren't followed by whitespace.
  # EXAMPLE SMTPD ACCESS MAP
  #	# Protect your outgoing majordomo exploders
! #	/^(?!owner-)(.*)-outgoing@/     550 Use ${1}@${2} instead
  #
  #	# Bounce friend@whatever, except when whatever is our domain (you would
  #	# be better just bouncing all friend@ mail - this is just an example).
--- 111,117 ----
  #	or $(n) if they aren't followed by whitespace.
  # EXAMPLE SMTPD ACCESS MAP
  #	# Protect your outgoing majordomo exploders
! #	/^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead
  #
  #	# Bounce friend@whatever, except when whatever is our domain (you would
  #	# be better just bouncing all friend@ mail - this is just an example).
diff -cr /tmp/postfix-2.0.9/src/cleanup/cleanup.c ./src/cleanup/cleanup.c
*** /tmp/postfix-2.0.9/src/cleanup/cleanup.c	Thu Dec 19 20:33:40 2002
--- ./src/cleanup/cleanup.c	Mon May 19 08:20:18 2003
***************
*** 107,113 ****
  /*	request contains valid 8-bit MIME mail, and it breaks bounces from
  /*	mailers that do not properly encapsulate 8-bit content (for example,
  /*	bounces from qmail or from old versions of Postfix).
! /* .IP \fBstrict_mime_domain_encoding\fR
  /*	Reject mail with invalid \fBContent-Transfer-Encoding:\fR
  /*	information for message/* or multipart/*. This blocks mail
  /*	from poorly written software.
--- 107,113 ----
  /*	request contains valid 8-bit MIME mail, and it breaks bounces from
  /*	mailers that do not properly encapsulate 8-bit content (for example,
  /*	bounces from qmail or from old versions of Postfix).
! /* .IP \fBstrict_mime_encoding_domain\fR
  /*	Reject mail with invalid \fBContent-Transfer-Encoding:\fR
  /*	information for message/* or multipart/*. This blocks mail
  /*	from poorly written software.
diff -cr /tmp/postfix-2.0.9/src/cleanup/cleanup_envelope.c ./src/cleanup/cleanup_envelope.c
*** /tmp/postfix-2.0.9/src/cleanup/cleanup_envelope.c	Fri Nov  1 08:34:02 2002
--- ./src/cleanup/cleanup_envelope.c	Wed May 21 17:13:41 2003
***************
*** 207,212 ****
--- 207,214 ----
  	vstring_free(clean_addr);
  	myfree(state->orig_rcpt);
  	state->orig_rcpt = 0;
+     } else if (type == REC_TYPE_DONE) {
+ 	 /* void */ ;
      } else if (type == REC_TYPE_WARN) {
  	if ((state->warn_time = atol(buf)) < 0) {
  	    state->errs |= CLEANUP_STAT_BAD;
diff -cr /tmp/postfix-2.0.9/src/cleanup/cleanup_extracted.c ./src/cleanup/cleanup_extracted.c
*** /tmp/postfix-2.0.9/src/cleanup/cleanup_extracted.c	Tue Mar 11 19:10:16 2003
--- ./src/cleanup/cleanup_extracted.c	Wed May 21 14:26:11 2003
***************
*** 160,167 ****
--- 160,170 ----
  	myfree(state->orig_rcpt);
  	state->orig_rcpt = 0;
  	return;
+     } else if (type == REC_TYPE_DONE) {
+ 	return;
      } else if (type == REC_TYPE_ORCP) {
  	state->orig_rcpt = mystrdup(buf);
+ 	return;
      }
      if (type != REC_TYPE_END) {
  	cleanup_out(state, type, buf, len);
diff -cr /tmp/postfix-2.0.9/src/global/mail_queue.c ./src/global/mail_queue.c
*** /tmp/postfix-2.0.9/src/global/mail_queue.c	Mon Oct 29 18:04:51 2001
--- ./src/global/mail_queue.c	Thu Apr 24 11:20:06 2003
***************
*** 311,317 ****
      /*
       * OK if in valid hostname form.
       */
!     return (valid_hostname(queue_id, DO_GRIPE));
  }
  
  /* mail_queue_enter - make mail queue entry with locally-unique name */
--- 311,317 ----
      /*
       * OK if in valid hostname form.
       */
!     return (valid_hostname(queue_id, DONT_GRIPE));
  }
  
  /* mail_queue_enter - make mail queue entry with locally-unique name */
diff -cr /tmp/postfix-2.0.9/src/local/token.c ./src/local/token.c
*** /tmp/postfix-2.0.9/src/local/token.c	Thu Nov  1 19:19:12 2001
--- ./src/local/token.c	Fri May  2 15:32:19 2003
***************
*** 98,103 ****
--- 98,104 ----
  #include <tok822.h>
  #include <mail_params.h>
  #include <bounce.h>
+ #include <defer.h>
  
  /* Application-specific. */
  
***************
*** 207,212 ****
--- 208,217 ----
  		break;
  	}
      }
+     if (vstream_ferror(fp))
+ 	status = defer_append(BOUNCE_FLAG_KEEP,
+ 			      BOUNCE_ATTR(state.msg_attr),
+ 			      "error reading .forward file: %m");
      vstring_free(buf);
      return (status);
  }
diff -cr /tmp/postfix-2.0.9/src/pickup/pickup.c ./src/pickup/pickup.c
*** /tmp/postfix-2.0.9/src/pickup/pickup.c	Wed Feb 19 09:51:38 2003
--- ./src/pickup/pickup.c	Wed May 21 17:34:55 2003
***************
*** 178,183 ****
--- 178,185 ----
  	if ((type = rec_get(qfile, buf, var_line_limit)) < 0
  	    || strchr(expected, type) == 0)
  	    return (file_read_error(info, type));
+ 	if (msg_verbose)
+ 	    msg_info("%s: read %c %s", info->id, type, vstring_str(buf));
  	if (type == *expected)
  	    break;
  	if (type == REC_TYPE_FROM)
***************
*** 193,198 ****
--- 195,202 ----
  	    if (info->rcpt == 0)
  		info->rcpt = mystrdup(vstring_str(buf));
  	if (type == REC_TYPE_TIME)
+ 	    continue;
+ 	if (type == REC_TYPE_SIZE)
  	    continue;
  	if (type == REC_TYPE_ATTR) {
  	    if ((error_text = split_nameval(vstring_str(buf), &attr_name,
diff -cr /tmp/postfix-2.0.9/src/postdrop/postdrop.c ./src/postdrop/postdrop.c
*** /tmp/postfix-2.0.9/src/postdrop/postdrop.c	Thu Aug 22 09:20:02 2002
--- ./src/postdrop/postdrop.c	Wed May 21 17:23:58 2003
***************
*** 315,323 ****
  	}
  	if (rec_type == REC_TYPE_ERROR)
  	    msg_fatal("uid=%ld: malformed input", (long) uid);
- 	if (rec_type == REC_TYPE_TIME)
- 	    rec_fprintf(dst->stream, REC_TYPE_TIME, "%ld",
- 			(long) time((time_t *) 0));
  	if (strchr(*expected, rec_type) == 0)
  	    msg_fatal("uid=%ld: unexpected record type: %d", (long) uid, rec_type);
  	if (rec_type == **expected)
--- 315,320 ----
diff -cr /tmp/postfix-2.0.9/src/postsuper/postsuper.c ./src/postsuper/postsuper.c
*** /tmp/postfix-2.0.9/src/postsuper/postsuper.c	Sun Mar 16 19:50:29 2003
--- ./src/postsuper/postsuper.c	Wed May 21 17:19:21 2003
***************
*** 188,193 ****
--- 188,194 ----
  #include <string.h>
  #include <signal.h>
  #include <stdio.h>			/* remove() */
+ #include <utime.h>
  
  /* Utility library. */
  
***************
*** 428,433 ****
--- 429,435 ----
      VSTRING *new_path_buf;
      int     found;
      int     tries;
+     struct utimbuf tbuf;
  
      /*
       * Sanity check. No early returns beyond this point.
***************
*** 454,459 ****
--- 456,464 ----
  		continue;
  	    (void) mail_queue_path(new_path_buf, MAIL_QUEUE_MAILDROP, queue_id);
  	    if (postrename(old_path, STR(new_path_buf)) == 0) {
+ 		tbuf.actime = tbuf.modtime = time((time_t *) 0);
+ 		if (utime(STR(new_path_buf), &tbuf) < 0) 
+ 		    msg_warn("%s: reset time stamps: %m", STR(new_path_buf));
  		msg_info("%s: requeued", queue_id);
  		found = 1;
  		break;
diff -cr /tmp/postfix-2.0.9/src/proxymap/proxymap.c ./src/proxymap/proxymap.c
*** /tmp/postfix-2.0.9/src/proxymap/proxymap.c	Sat Mar  8 15:44:17 2003
--- ./src/proxymap/proxymap.c	Tue Apr 29 17:04:27 2003
***************
*** 350,356 ****
  
  static void post_jail_init(char *unused_name, char **unused_argv)
  {
!     const char *sep = " \t\r\n";
      char   *saved_filter;
      char   *bp;
      char   *type_name;
--- 350,356 ----
  
  static void post_jail_init(char *unused_name, char **unused_argv)
  {
!     const char *sep = ", \t\r\n";
      char   *saved_filter;
      char   *bp;
      char   *type_name;
diff -cr /tmp/postfix-2.0.9/src/sendmail/sendmail.c ./src/sendmail/sendmail.c
*** /tmp/postfix-2.0.9/src/sendmail/sendmail.c	Wed Dec 18 21:01:47 2002
--- ./src/sendmail/sendmail.c	Wed May 21 18:42:14 2003
***************
*** 379,384 ****
--- 379,391 ----
      buf = vstring_alloc(100);
  
      /*
+      * Stop run-away process accidents by limiting the queue file size. This
+      * is not a defense against DOS attack.
+      */
+     if (var_message_limit > 0 && get_file_limit() > var_message_limit)
+ 	set_file_limit((off_t) var_message_limit);
+ 
+     /*
       * The sender name is provided by the user. In principle, the mail pickup
       * service could deduce the sender name from queue file ownership, but:
       * pickup would not be able to run chrooted, and it may not be desirable
***************
*** 428,434 ****
       * 
       * XXX Should limit the size of envelope records.
       */
-     rec_fprintf(dst, REC_TYPE_TIME, "%ld", (long) time((time_t *) 0));
      if (full_name || (full_name = fullname()) != 0)
  	rec_fputs(dst, REC_TYPE_FULL, full_name);
      rec_fputs(dst, REC_TYPE_FROM, saved_sender);
--- 435,440 ----
***************
*** 611,623 ****
      mail_conf_read();
      if (chdir(var_queue_dir))
  	msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
- 
-     /*
-      * Stop run-away process accidents by limiting the queue file size. This
-      * is not a defense against DOS attack.
-      */
-     if (var_message_limit > 0 && get_file_limit() > var_message_limit)
- 	set_file_limit((off_t) var_message_limit);
  
      signal(SIGPIPE, SIG_IGN);
  
--- 617,622 ----
diff -cr /tmp/postfix-2.0.9/src/util/readlline.c ./src/util/readlline.c
*** /tmp/postfix-2.0.9/src/util/readlline.c	Fri Jan  4 17:34:28 2002
--- ./src/util/readlline.c	Wed Apr 23 22:15:36 2003
***************
*** 101,106 ****
--- 101,107 ----
  		break;
  	}
      }
+     VSTRING_TERMINATE(buf);
  
      /*
       * Invalid input: continuing text without preceding text. Allowing this
***************
*** 118,123 ****
      /*
       * Done.
       */
-     VSTRING_TERMINATE(buf);
      return (LEN(buf) > 0 ? buf : 0);
  }
--- 119,123 ----