- New proxymap service for Postfix lookup table access via another
process. This was added primarily to overcome chroot restrictions
in the Postfix SMTP server (specify proxy:unix:passwd.byname for
password file lookup through the proxymap server) but can also be
used to consolidate the number of open tables by sharing one open
table among multiple processes (specify proxy:mysql:/file/name to
avoid "too many connections" problems).

- With the local_recipient_maps feature turned on, the SMTP server
did not recognize the local built-in double bounce address as local.
Problem reported by Matthias Andree.

diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/mail_version.h ./src/global/mail_version.h
*** /tmp/postfix-2.0.0.2/src/global/mail_version.h	Wed Jan  1 19:24:36 2003
--- ./src/global/mail_version.h	Sun Jan 12 20:10:28 2003
***************
*** 20,29 ****
    * Patches change the patchlevel and the release date. Snapshots change the
    * release date only, unless they include the same bugfix as a patch release.
    */
! #define MAIL_RELEASE_DATE	"20030101"
  
  #define VAR_MAIL_VERSION	"mail_version"
! #define DEF_MAIL_VERSION	"2.0.0.2"
  extern char *var_mail_version;
  
   /*
--- 20,29 ----
    * Patches change the patchlevel and the release date. Snapshots change the
    * release date only, unless they include the same bugfix as a patch release.
    */
! #define MAIL_RELEASE_DATE	"20030112"
  
  #define VAR_MAIL_VERSION	"mail_version"
! #define DEF_MAIL_VERSION	"2.0.1"
  extern char *var_mail_version;
  
   /*
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/HISTORY ./HISTORY
*** /tmp/postfix-2.0.0.2/HISTORY	Wed Jan  1 19:27:51 2003
--- ./HISTORY	Sun Jan 12 12:19:44 2003
***************
*** 7451,7457 ****
  	properly quoted just like the null address. File:
  	global/quote_82[12]_local.c.
  
- 
  20021217
  
  	Cleanup: more work on the trivial-rewrite address rewriting
--- 7451,7456 ----
***************
*** 7507,7512 ****
--- 7506,7550 ----
  	Documentation update: new-style virtual domains broke the
  	advanced content filtering example. Files: FILTER_README,
  	RELEASE_NOTES.
+ 
+ 20030104
+ 
+ 	Cleanup: avoid warnings about flag mismatches when the same
+ 	lookup table is listed under both virtual_alias_maps and
+ 	virtual_mailbox_maps. Files: global/virtual8.h, virtual/virtual.c.
+ 
+ 	Bugfix: an obscure memory leak that puzzled me for more
+ 	than a year until I found out how to reproduce it. File:
+ 	util/vstream.c.
+ 
+ 20030106
+ 
+ 	Robustness: the master no longer aborts with "address
+ 	already in use" when inet_interfaces specifies the same IP
+ 	address multiple times, or when a TCP service in master.cf
+ 	specifies a hostname for which the same IP address is listed
+ 	multiple times. File: master/master_ent.c.
+ 
+ 20030107
+ 
+ 	Robustness: check that FILTER actions in SMTPD access maps
+ 	or cleanup header/body_checks have plausible syntax. Files:
+ 	smtpd/smtpd_check.c, cleanup/cleanup_message.c.
+ 
+ 20030110
+ 
+ 	Cleanup: the virtual_mailbox_maps parameter is now optional
+ 	even when virtual_mailbox_domains is specified. This makes
+ 	virtual mailbox domains more like relay domains and the
+ 	local domain.
+ 
+ 	Portability: the makedefs script now uses the pcre-config
+ 	utility to find out where things are installed.
+ 
+ 	Bugfix: the SMTP server did not recognize the local built-in
+ 	double bounce address as local. Reported by Matthias Andree.
+ 	For safety sake, threw in the local postmaster address as
+ 	well.  File:  smtpd/smtpd_check.c.
  
  Open problems:
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/Makefile.in ./Makefile.in
*** /tmp/postfix-2.0.0.2/Makefile.in	Tue Dec 17 20:42:31 2002
--- ./Makefile.in	Sun Jan 12 11:23:26 2003
***************
*** 6,12 ****
  	src/lmtp src/trivial-rewrite src/qmgr src/smtp src/bounce src/pipe \
  	src/showq src/postalias src/postcat src/postconf src/postdrop \
  	src/postkick src/postlock src/postlog src/postmap src/postqueue \
! 	src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual
  MANDIRS	= proto man html
  
  default: update
--- 6,13 ----
  	src/lmtp src/trivial-rewrite src/qmgr src/smtp src/bounce src/pipe \
  	src/showq src/postalias src/postcat src/postconf src/postdrop \
  	src/postkick src/postlock src/postlog src/postmap src/postqueue \
! 	src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual \
! 	src/proxymap
  MANDIRS	= proto man html
  
  default: update
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/README_FILES/ADDRESS_CLASS_README ./README_FILES/ADDRESS_CLASS_README
*** /tmp/postfix-2.0.0.2/README_FILES/ADDRESS_CLASS_README	Sat Dec 21 19:37:26 2002
--- ./README_FILES/ADDRESS_CLASS_README	Fri Jan 10 09:38:48 2003
***************
*** 47,62 ****
  	    is $virtual_alias_maps for Postfix 1.1 compatibility)
  
  virtual	For hosted domains with their own mailboxes
! mailbox	Known recipients are listed in $virtual_mailbox_maps
  	Domain names are listed in $virtual_mailbox_domains (default
  	    is $virtual_mailbox_maps for Postfix 1.1 compatibility)
  	Default delivery agent: virtual
  
  relay	For remote destinations that list your system as MX host
  	Domain names are listed in $relay_domains
! 	Known recipients are listed in $relay_recipient_maps (default
! 	    is empty; if $relay_recipient_maps is empty, the Postfix
! 	    SMTP server accepts all recipients)
  	Default delivery agent: relay (clone of default smtp agent)
  
  other	Restricted to mail from authorized clients
--- 47,64 ----
  	    is $virtual_alias_maps for Postfix 1.1 compatibility)
  
  virtual	For hosted domains with their own mailboxes
! mailbox	Known recipients are listed in $virtual_mailbox_maps (if
! 	    this parameter is empty, the Postfix SMTP server accepts
! 	    all recipients for domains listed in $virtual_mailbox_domains)
  	Domain names are listed in $virtual_mailbox_domains (default
  	    is $virtual_mailbox_maps for Postfix 1.1 compatibility)
  	Default delivery agent: virtual
  
  relay	For remote destinations that list your system as MX host
  	Domain names are listed in $relay_domains
! 	Known recipients are listed in $relay_recipient_maps (if
! 	    this parameter is empty, the Postfix SMTP server accepts
! 	    all recipients for domains listed in $relay_domains)
  	Default delivery agent: relay (clone of default smtp agent)
  
  other	Restricted to mail from authorized clients
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/README_FILES/RELEASE_NOTES ./README_FILES/RELEASE_NOTES
*** /tmp/postfix-2.0.0.2/README_FILES/RELEASE_NOTES	Wed Jan  1 19:22:17 2003
--- ./README_FILES/RELEASE_NOTES	Sun Jan 12 20:16:25 2003
***************
*** 24,29 ****
--- 24,65 ----
  date. Snapshots change only the release date, unless they include
  the same bugfixes as a patch release.
  
+ Incompatible changes with Postfix version 2.0.1 (released 20030112)
+ ===================================================================
+ 
+ If you upgrade from Postfix 1.1 you need to restart Postfix.
+ 
+ If you upgrade from Postfix 2.0 you need to "reload" Postfix.
+ 
+ Version 2.0.1 introduces the proxymap service for centralized table
+ lookup. The upgrade procedure adds the proxymap service to the
+ master.cf file.  If you see errors about problems contacting the
+ proxymap service, then you did not properly upgrade Postfix.
+ 
+ The Postfix SMTP server now by default looks up the UNIX passwd
+ file via the new proxymap service, in order to make chrooted
+ operation easier.
+ 
+ The Postfix build procedure now uses the pcre-config utility (part
+ of PCRE version 3) to find out the pathnames of the PCRE include
+ file and object library, instead of probing /usr/include and/or
+ /usr/lib. To build with PCRE version 2 support you will have to
+ specify pathnames as described in PCRE_README. To build without
+ PCRE support, specify:  make Makefiles CCARGS="-DNO_PRCE".
+ 
+ Major changes with Postfix version 2.0.1 (released 20030112)
+ ============================================================
+ 
+ This release introduces the proxymap service for Postfix lookup
+ table access. This can be used to overcome chroot restrictions in
+ the Postfix SMTP server (specify proxy:unix:passwd.byname for
+ password file lookup through the proxymap server) and can be used
+ to consolidate the number of open tables by sharing one open table
+ among multiple processes (specify proxy:mysql:/file/name to avoid
+ "too many connections" conditions). The proxy_read_maps parameter
+ specifies what maps are approved for access via the proxy service
+ (only map references starting with "proxy:" are considered approved).
+ 
  Major changes with Postfix version 2.0.0 (released 20021222, 20021223)
  ======================================================================
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/RELEASE_NOTES ./RELEASE_NOTES
*** /tmp/postfix-2.0.0.2/RELEASE_NOTES	Wed Jan  1 19:22:17 2003
--- ./RELEASE_NOTES	Sun Jan 12 20:16:25 2003
***************
*** 24,29 ****
--- 24,65 ----
  date. Snapshots change only the release date, unless they include
  the same bugfixes as a patch release.
  
+ Incompatible changes with Postfix version 2.0.1 (released 20030112)
+ ===================================================================
+ 
+ If you upgrade from Postfix 1.1 you need to restart Postfix.
+ 
+ If you upgrade from Postfix 2.0 you need to "reload" Postfix.
+ 
+ Version 2.0.1 introduces the proxymap service for centralized table
+ lookup. The upgrade procedure adds the proxymap service to the
+ master.cf file.  If you see errors about problems contacting the
+ proxymap service, then you did not properly upgrade Postfix.
+ 
+ The Postfix SMTP server now by default looks up the UNIX passwd
+ file via the new proxymap service, in order to make chrooted
+ operation easier.
+ 
+ The Postfix build procedure now uses the pcre-config utility (part
+ of PCRE version 3) to find out the pathnames of the PCRE include
+ file and object library, instead of probing /usr/include and/or
+ /usr/lib. To build with PCRE version 2 support you will have to
+ specify pathnames as described in PCRE_README. To build without
+ PCRE support, specify:  make Makefiles CCARGS="-DNO_PRCE".
+ 
+ Major changes with Postfix version 2.0.1 (released 20030112)
+ ============================================================
+ 
+ This release introduces the proxymap service for Postfix lookup
+ table access. This can be used to overcome chroot restrictions in
+ the Postfix SMTP server (specify proxy:unix:passwd.byname for
+ password file lookup through the proxymap server) and can be used
+ to consolidate the number of open tables by sharing one open table
+ among multiple processes (specify proxy:mysql:/file/name to avoid
+ "too many connections" conditions). The proxy_read_maps parameter
+ specifies what maps are approved for access via the proxy service
+ (only map references starting with "proxy:" are considered approved).
+ 
  Major changes with Postfix version 2.0.0 (released 20021222, 20021223)
  ======================================================================
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/main.cf ./conf/main.cf
*** /tmp/postfix-2.0.0.2/conf/main.cf	Sat Dec 21 16:53:01 2002
--- ./conf/main.cf	Sun Jan  5 10:58:31 2003
***************
*** 172,192 ****
  #
  # - You define $mydestination domain recipients in files other than
  #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
! #   For example, you define $mydestination domain recipients in
  #   the $virtual_mailbox_maps files.
  #
! # - You redefined the local delivery agent in master.cf.
  #
! # - You redefined the "local_transport" setting in main.cf.
  #
  # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
  #   feature of the Postfix local delivery agent (see sample-local.cf).
  #
  # Beware: if the Postfix SMTP server runs chrooted, you probably have
! # to copy the passwd (not shadow) database into the jail, and perhaps
! # other files. This is system dependent.
  # 
  #local_recipient_maps = unix:passwd.byname $alias_maps
  #local_recipient_maps =
  
  # The unknown_local_recipient_reject_code specifies the SMTP server
--- 172,194 ----
  #
  # - You define $mydestination domain recipients in files other than
  #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
! #   For example, you define $mydestination domain recipients in    
  #   the $virtual_mailbox_maps files.
  #
! # - You redefine the local delivery agent in master.cf.
  #
! # - You redefine the "local_transport" setting in main.cf.
  #
  # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
  #   feature of the Postfix local delivery agent (see sample-local.cf).
  #
  # Beware: if the Postfix SMTP server runs chrooted, you probably have
! # to access the passwd file via the proxymap service, in order to
! # overcome chroot restrictions. The alternative, having a copy of
! # the system passwd file in the chroot jail is just not practical.
  # 
  #local_recipient_maps = unix:passwd.byname $alias_maps
+ #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
  #local_recipient_maps =
  
  # The unknown_local_recipient_reject_code specifies the SMTP server
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/master.cf ./conf/master.cf
*** /tmp/postfix-2.0.0.2/conf/master.cf	Mon Dec 23 09:06:51 2002
--- ./conf/master.cf	Sun Jan 12 12:04:35 2003
***************
*** 79,84 ****
--- 79,85 ----
  bounce	  unix	-	-	n	-	0	bounce
  defer	  unix	-	-	n	-	0	bounce
  flush	  unix	n	-	n	1000?	0	flush
+ proxymap  unix	-	-	n	-	-	proxymap
  smtp	  unix	-	-	n	-	-	smtp
  relay	  unix	-	-	n	-	-	smtp
  #	-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/post-install ./conf/post-install
*** /tmp/postfix-2.0.0.2/conf/post-install	Sun Dec 22 17:45:43 2002
--- ./conf/post-install	Sun Jan 12 12:06:50 2003
***************
*** 535,540 ****
--- 535,549 ----
  	$POSTCONF -e "$unknown_local = 450" || exit 1
      fi
  
+     # Add missing proxymap service to master.cf.
+ 
+     grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
+ 	echo Editing $config_directory/master.cf, adding missing entry for proxymap service
+ 	cat >>$config_directory/master.cf <<EOF || exit 1
+ proxymap  unix        -       -       n       -       -       proxymap
+ EOF
+     }
+ 
  }
  
  # A reminder if this is the first time Postfix is being installed.
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/postfix-files ./conf/postfix-files
*** /tmp/postfix-2.0.0.2/conf/postfix-files	Sat Dec 21 17:24:04 2002
--- ./conf/postfix-files	Sun Jan 12 12:08:12 2003
***************
*** 63,68 ****
--- 63,69 ----
  $daemon_directory/nqmgr:f:root:-:755
  $daemon_directory/pickup:f:root:-:755
  $daemon_directory/pipe:f:root:-:755
+ $daemon_directory/proxymap:f:root:-:755
  $daemon_directory/qmgr:f:root:-:755
  $daemon_directory/qmqpd:f:root:-:755
  $daemon_directory/showq:f:root:-:755
***************
*** 133,138 ****
--- 134,140 ----
  $manpage_directory/man8/nqmgr.8:f:root:-:644
  $manpage_directory/man8/pickup.8:f:root:-:644
  $manpage_directory/man8/pipe.8:f:root:-:644
+ $manpage_directory/man8/proxymap.8:f:root:-:644
  $manpage_directory/man8/qmgr.8:f:root:-:644
  $manpage_directory/man8/qmqpd.8:f:root:-:644
  $manpage_directory/man8/showq.8:f:root:-:644
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/regexp_table ./conf/regexp_table
*** /tmp/postfix-2.0.0.2/conf/regexp_table	Tue Sep 17 12:54:44 2002
--- ./conf/regexp_table	Wed Jan  8 09:45:59 2003
***************
*** 89,95 ****
  #        /^postmaster@/       OK
  # 
  #        # Protect your outgoing majordomo exploders
! #        /^(.*)-outgoing@(.*)$/!/^owner-/         550 Use ${1}@${2} instead
  # 
  # EXAMPLE HEADER FILTER MAP
  #        # These were once common in junk mail.
--- 89,97 ----
  #        /^postmaster@/       OK
  # 
  #        # Protect your outgoing majordomo exploders
! #        if !/^owner-/
! #        /^(.*)-outgoing@(.*)$/   550 Use ${1}@${2} instead
! #        endif
  # 
  # EXAMPLE HEADER FILTER MAP
  #        # These were once common in junk mail.
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/sample-local.cf ./conf/sample-local.cf
*** /tmp/postfix-2.0.0.2/conf/sample-local.cf	Sat Dec 14 21:36:12 2002
--- ./conf/sample-local.cf	Sun Jan 12 12:08:49 2003
***************
*** 11,16 ****
--- 11,20 ----
  # precedence, from highest to lowest priority: mailbox_transport,
  # mailbox_command_maps, mailbox_command, home_mailbox.
  
+ #
+ # MISCELLANEOUS PARAMETERS
+ #
+ 
  # The biff parameter specifies whether or not to contact the biff
  # server.  This server sends "new mail" notifications to users who
  # have requested new mail notification with "biff y".   
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/sample-misc.cf ./conf/sample-misc.cf
*** /tmp/postfix-2.0.0.2/conf/sample-misc.cf	Tue Dec 17 20:42:28 2002
--- ./conf/sample-misc.cf	Sun Jan 12 12:10:23 2003
***************
*** 143,150 ****
  # The ipc_idle parameter bounds the idle time for internal communication
  # channels after which a client disconnects voluntarily. The purpose
  # is to allow servers to terminate voluntarily after they become
! # idle. Currently this is used by the address resolving and rewriting
! # clients.
  #
  # Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
  # The default time unit is s (seconds).
--- 143,150 ----
  # The ipc_idle parameter bounds the idle time for internal communication
  # channels after which a client disconnects voluntarily. The purpose
  # is to allow servers to terminate voluntarily after they become
! # idle. This is used, for example, by the address resolving and
! # rewriting clients.
  #
  # Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
  # The default time unit is s (seconds).
***************
*** 225,231 ****
  # a name matches a lookup key.  Continue long lines by starting the
  # next line with whitespace.
  #
! # See sample-local.cf for a description of the local_recipient_maps
  # and unknown_local_recipient_reject_code parameters. By default,
  # the SMTP server rejects mail for recipients not listed with the
  # local_recipient_maps parameter.
--- 225,231 ----
  # a name matches a lookup key.  Continue long lines by starting the
  # next line with whitespace.
  #
! # See sample-smtpd.cf for a description of the local_recipient_maps
  # and unknown_local_recipient_reject_code parameters. By default,
  # the SMTP server rejects mail for recipients not listed with the
  # local_recipient_maps parameter.
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/sample-pcre-header.cf ./conf/sample-pcre-header.cf
*** /tmp/postfix-2.0.0.2/conf/sample-pcre-header.cf	Tue Sep 17 10:19:17 2002
--- ./conf/sample-pcre-header.cf	Tue Jan  7 16:55:37 2003
***************
*** 3,10 ****
  #	message header filtering. See pcre_table(5) for syntax description.
  #
  #	Message headers are filtered one at a time. This filter understands
! #	multi-line message headers. However, the message header filter has
! #	no knowledge of MIME headers that are embedded in the message body.
  #
  #	The first field is a perl-like regular expression. The expression
  #	delimiter can be any character except whitespace, or characters
--- 3,10 ----
  #	message header filtering. See pcre_table(5) for syntax description.
  #
  #	Message headers are filtered one at a time. This filter understands
! #	multi-line message headers, including MIME headers in the message
! #	body.
  #
  #	The first field is a perl-like regular expression. The expression
  #	delimiter can be any character except whitespace, or characters
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/sample-regexp-header.cf ./conf/sample-regexp-header.cf
*** /tmp/postfix-2.0.0.2/conf/sample-regexp-header.cf	Tue Sep 17 10:15:57 2002
--- ./conf/sample-regexp-header.cf	Sun Jan 12 12:11:06 2003
***************
*** 2,9 ****
  # for a description of the syntax.
  #
  # Message headers are filtered one at a time. This filter understands
! # multi-line mail headers. However, the message header filter has no
! # knowledge of MIME headers that are embedded in the message body.
  #
  # The general format of a table entry is PATTERN RESULT. 
  #
--- 2,8 ----
  # for a description of the syntax.
  #
  # Message headers are filtered one at a time. This filter understands
! # multi-line mail headers, including MIME headers in the message body.
  #
  # The general format of a table entry is PATTERN RESULT. 
  #
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/conf/sample-smtpd.cf ./conf/sample-smtpd.cf
*** /tmp/postfix-2.0.0.2/conf/sample-smtpd.cf	Sat Dec 21 16:53:01 2002
--- ./conf/sample-smtpd.cf	Sun Jan 12 12:01:46 2003
***************
*** 4,9 ****
--- 4,68 ----
  # This file contains example settings of Postfix configuration parameters
  # that control the SMTP server program.
  
+ # REJECTING MAIL FOR UNKNOWN LOCAL USERS
+ #
+ # The local_recipient_maps parameter specifies optional lookup tables
+ # with all names or addresses of users that are local with respect
+ # to $mydestination and $inet_interfaces.
+ #
+ # If this parameter is defined, then the SMTP server will reject
+ # mail for unknown local users. This parameter is defined by default.
+ #
+ # To turn off local recipient checking in the SMTP server, specify
+ # local_recipient_maps = (i.e. empty).
+ #
+ # The default setting assumes that you use the default Postfix local
+ # delivery agent for local delivery. You need to update the
+ # local_recipient_maps setting if:
+ #
+ # - You define $mydestination domain recipients in files other than
+ #   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+ #   For example, you define $mydestination domain recipients in    
+ #   the $virtual_mailbox_maps files.
+ #
+ # - You redefine the local delivery agent in master.cf.
+ #
+ # - You redefine the "local_transport" setting in main.cf.
+ #
+ # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+ #   feature of the Postfix local delivery agent (see sample-local.cf).
+ #
+ # Beware: if the Postfix SMTP server runs chrooted, you probably have
+ # to access the passwd file via the proxymap service, in order to
+ # overcome chroot restrictions. The alternative, having a copy of
+ # the system passwd file in the chroot jail is just not practical.
+ # 
+ #local_recipient_maps =
+ #local_recipient_maps = unix:passwd.byname $alias_maps
+ local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+ 
+ # The unknown_local_recipient_reject_code specifies the SMTP server
+ # response code when a recipient domain matches $mydestination or
+ # $inet_interfaces, while $local_recipient_maps is non-empty and the
+ # recipient address or address local-part is not found.
+ #
+ # The default setting is 550 (reject mail) but it is safer to start
+ # with 450 (try again later) until you are certain that your
+ # local_recipient_maps settings are OK.
+ #
+ #unknown_local_recipient_reject_code = 450
+ unknown_local_recipient_reject_code = 550
+ 
+ # REJECTING UNKNOWN RELAY USERS
+ #
+ # The relay_recipient_maps parameter specifies optional lookup tables
+ # with all addresses in the domains that match $relay_domains.
+ #
+ # If this parameter is defined, then the SMTP server will reject
+ # mail for unknown relay users. This feature is off by default.
+ # 
+ #relay_recipient_maps = hash:/etc/postfix/relay_recipients
+ 
  #
  # SENDER ANTI-SPOOFING
  #
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/Makefile.in ./html/Makefile.in
*** /tmp/postfix-2.0.0.2/html/Makefile.in	Sun Dec 30 18:42:24 2001
--- ./html/Makefile.in	Sun Jan 12 12:40:25 2003
***************
*** 5,11 ****
  DAEMONS	=  bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \
  	lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \
  	showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \
! 	nqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html
  COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
  	postconf.1.html postfix.1.html postkick.1.html postlock.1.html \
  	postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
--- 5,12 ----
  DAEMONS	=  bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \
  	lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \
  	showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \
! 	nqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \
! 	proxymap.8.html
  COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
  	postconf.1.html postfix.1.html postkick.1.html postlock.1.html \
  	postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
***************
*** 72,77 ****
--- 73,82 ----
  	srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@
  
  pipe.8.html: ../src/pipe/pipe.c
+ 	PATH=../mantools:$$PATH; \
+ 	srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@
+ 
+ proxymap.8.html: ../src/proxymap/proxymap.c
  	PATH=../mantools:$$PATH; \
  	srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/backstage.html ./html/backstage.html
*** /tmp/postfix-2.0.0.2/html/backstage.html	Fri Jan 18 08:47:47 2002
--- ./html/backstage.html	Sun Jan 12 12:14:31 2003
***************
*** 66,71 ****
--- 66,79 ----
  
  <p>
  
+ <li>The <a href="proxymap.8.html">proxymap</a> daemon provides
+ read-only lookup service to Postfix client processes. The purpose
+ is to overcome chroot restrictions, and to consolidate the number
+ of open lookup tables by sharing one open table among multiple
+ processes.
+ 
+ <p>
+ 
  <li>The <a href="spawn.8.html">spawn</a> daemon listens on a TCP
  port, UNIX-domain socket or FIFO, and runs non-Postfix commands on
  request, with the socket or FIFO connected to the standard input,
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/faq.html ./html/faq.html
*** /tmp/postfix-2.0.0.2/html/faq.html	Wed Jan  1 19:23:42 2003
--- ./html/faq.html	Sun Jan 12 13:22:08 2003
***************
*** 674,680 ****
  Specify what recipients exist (so that your queue does not fill up
  with undeliverable mail from spammers).
  
! <p.
  
  Specify <tt>local_recipient_maps =</tt> if maintaining recipient
  information is not practical.
--- 674,680 ----
  Specify what recipients exist (so that your queue does not fill up
  with undeliverable mail from spammers).
  
! <p>
  
  Specify <tt>local_recipient_maps =</tt> if maintaining recipient
  information is not practical.
***************
*** 2090,2100 ****
  
  <pre>
      /etc/postfix/main.cf:
!         local_recipient_maps = $alias_maps, unix:passwd.byname
  </pre>
  
  <p>
  
  The local recipients tables are searched by the recipient address
  (user@domain) and by the recipient name (the address minus the
  domain). Postfix does not care what the lookup result looks like,
--- 2090,2106 ----
  
  <pre>
      /etc/postfix/main.cf:
!         local_recipient_maps = $alias_maps, proxy:unix:passwd.byname
  </pre>
  
  <p>
  
+ You need the <b>proxy:</b> part only if <b>master.cf</b> specifies
+ that the Postfix SMTP server runs chrooted. As distributed by the
+ author, Postfix runs no daemons chrooted.
+ 
+ <p>
+ 
  The local recipients tables are searched by the recipient address
  (user@domain) and by the recipient name (the address minus the
  domain). Postfix does not care what the lookup result looks like,
***************
*** 2107,2116 ****
  
  <ul>
  
! <li> If you run the Postfix SMTP server chrooted, it may be necessary
! to place a copy of the passwd file inside the chroot jail (typically:
! in <b>/var/spool/postfix/etc</b>).  This is system dependent. The
! only way to find out is to try.
  
  <p>
  
--- 2113,2124 ----
  
  <ul>
  
! <li> If you run the Postfix SMTP server chrooted, you need to access
! the system password database through the Postfix <a href="proxymap.8.html">
! proxymap</a> service, as shown in the above example. The alternative
! is simply not practical:  placing a copy of the passwd file inside
! the chroot jail (typically:  in <b>/var/spool/postfix/etc</b>)
! together with a list of system dependent files.
  
  <p>
  
***************
*** 2313,2333 ****
  This message is logged when, for example, the Postfix SMTP server
  is unable to access the UNIX password database.
  
  <ul>
  
  <li> If you're running the Postfix SMTP server chrooted (see
! <b>master.cf</b>) then you may have to copy the password file and
! perhaps a bunch of other files into the Postfix queue directory; a
! typical destination would be <b>/var/spool/postfix/etc</b>. See also
! the chroot setup scripts in the <b>examples</b> directory of the
! Postfix source code distribution.
  
  <p>
  
! <li> Be sure that you have world execute permissions on directories
! and world read permission on the passwd file and any auxiliary
! files that may be needed (such as <b>/etc/nsswitch.conf</b> and
! <b>libnss*.so*</b> files referenced by <b>/etc/nsswitch.conf</b>).
  
  </ul>
  
--- 2321,2350 ----
  This message is logged when, for example, the Postfix SMTP server
  is unable to access the UNIX password database.
  
+ <p>
+ 
  <ul>
  
  <li> If you're running the Postfix SMTP server chrooted (see
! <b>master.cf</b>) then you need to access the system password
! database through the Postfix <a href="proxymap.8.html">proxymap</a>
! service. The alternative is not practical: copying the password
! file and perhaps a bunch of other system dependent files into the
! Postfix queue directory.
! 
! <p>
! 
! <pre>
!     /etc/postfix/main.cf:
! 	local_recipient_maps = proxy:unix:passwd.byname $alias_maps ...
! </pre>
  
  <p>
  
! <li> Chrooted or not, be sure that you have world execute permissions
! on directories and world read permission on the passwd file and
! any auxiliary files that may be needed (such as <b>/etc/nsswitch.conf</b>
! and <b>libnss*.so*</b> files referenced by <b>/etc/nsswitch.conf</b>).
  
  </ul>
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/postconf.1.html ./html/postconf.1.html
*** /tmp/postfix-2.0.0.2/html/postconf.1.html	Wed Dec 18 21:18:45 2002
--- ./html/postconf.1.html	Sun Jan 12 12:16:16 2003
***************
*** 54,126 ****
                       were left behind after abnormal termination.
  
         <b>-m</b>     List the names of all supported lookup table types.
  
!               <b>btree</b>  A sorted, balanced tree structure.  This  is
!                      available  only  on systems with support for
                       Berkeley DB databases.
  
                <b>dbm</b>    An indexed file type based on hashing.  This
!                      is  available  only  on systems with support
                       for DBM databases.
  
                <b>environ</b>
                       The  UNIX  process  environment  array.  The
!                      lookup  key is the variable name. Originally
!                      implemented for testing,  someone  may  find
                       this useful someday.
  
                <b>hash</b>   An indexed file type based on hashing.  This
!                      is available only on  systems  with  support
                       for Berkeley DB databases.
  
                <b>ldap</b> (read-only)
!                      Perform  lookups  using  the  LDAP protocol.
                       This is described in an LDAP_README file.
  
                <b>mysql</b> (read-only)
!                      Perform lookups using  the  MYSQL  protocol.
                       This is described in a MYSQL_README file.
  
                <b>pcre</b> (read-only)
                       A lookup table based on Perl Compatible Reg-
!                      ular  Expressions.  The   file   format   is
                       described in <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
  
                <b>regexp</b> (read-only)
                       A lookup table based on regular expressions.
!                      The  file  format  is  described   in   <a href="regexp_table.5.html"><b>reg-</b>
                       <b>exp</b><i>_</i><b>table</b>(5)</a>.
  
                <b>static</b> (read-only)
!                      A  table  that  always  returns  its name as
!                      lookup result.  For  example,  <b>static:foobar</b>
!                      always  returns  the string <b>foobar</b> as lookup
                       result.
  
                <b>unix</b> (read-only)
!                      A limited way to query the UNIX  authentica-
                       tion  database.  The  following  tables  are
                       implemented:
  
                       <b>unix:passwd.byname</b>
!                              The  table  is  the  UNIX   password
!                              database.  The  key is a login name.
!                              The result is a password file  entry
                               in passwd(5) format.
  
                       <b>unix:group.byname</b>
!                              The   table   is   the   UNIX  group
!                              database. The key is a  group  name.
!                              The  result is a group file entry in
                               group(5) format.
  
!        Other table types may exist depending on how  Postfix  was
         built.
  
         <b>-n</b>     Print non-default parameter settings only.
  
         <b>-v</b>     Enable verbose logging for debugging purposes. Mul-
!               tiple <b>-v</b> options  make  the  software  increasingly
                verbose.
  
  <b>DIAGNOSTICS</b>
--- 54,134 ----
                       were left behind after abnormal termination.
  
         <b>-m</b>     List the names of all supported lookup table types.
+               Postfix lookup tables are specified  as  <i>type</i><b>:</b><i>name</i>,
+               where  <i>type</i>  is  one of the types listed below. The
+               table <i>name</i> syntax depends on the lookup table type.
  
!               <b>btree</b>  A  sorted, balanced tree structure.  This is
!                      available only on systems with  support  for
                       Berkeley DB databases.
  
                <b>dbm</b>    An indexed file type based on hashing.  This
!                      is available only on  systems  with  support
                       for DBM databases.
  
                <b>environ</b>
                       The  UNIX  process  environment  array.  The
!                      lookup key is the variable name.  Originally
!                      implemented  for  testing,  someone may find
                       this useful someday.
  
                <b>hash</b>   An indexed file type based on hashing.  This
!                      is  available  only  on systems with support
                       for Berkeley DB databases.
  
                <b>ldap</b> (read-only)
!                      Perform lookups  using  the  LDAP  protocol.
                       This is described in an LDAP_README file.
  
                <b>mysql</b> (read-only)
!                      Perform  lookups  using  the MYSQL protocol.
                       This is described in a MYSQL_README file.
  
                <b>pcre</b> (read-only)
                       A lookup table based on Perl Compatible Reg-
!                      ular   Expressions.   The   file  format  is
                       described in <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
  
+               <b>proxy</b> (read-only)
+                      A lookup table that is implemented  via  the
+                      Postfix  <a href="proxymap.8.html"><b>proxymap</b>(8)</a> service. The table name
+                      syntax is <i>type</i><b>:</b><i>name</i>.
+ 
                <b>regexp</b> (read-only)
                       A lookup table based on regular expressions.
!                      The   file   format  is  described  in  <a href="regexp_table.5.html"><b>reg-</b>
                       <b>exp</b><i>_</i><b>table</b>(5)</a>.
  
                <b>static</b> (read-only)
!                      A table that  always  returns  its  name  as
!                      lookup  result.  For  example, <b>static:foobar</b>
!                      always returns the string <b>foobar</b>  as  lookup
                       result.
  
                <b>unix</b> (read-only)
!                      A  limited way to query the UNIX authentica-
                       tion  database.  The  following  tables  are
                       implemented:
  
                       <b>unix:passwd.byname</b>
!                              The   table  is  the  UNIX  password
!                              database. The key is a  login  name.
!                              The  result is a password file entry
                               in passwd(5) format.
  
                       <b>unix:group.byname</b>
!                              The  table   is   the   UNIX   group
!                              database.  The  key is a group name.
!                              The result is a group file entry  in
                               group(5) format.
  
!        Other  table  types may exist depending on how Postfix was
         built.
  
         <b>-n</b>     Print non-default parameter settings only.
  
         <b>-v</b>     Enable verbose logging for debugging purposes. Mul-
!               tiple  <b>-v</b>  options  make  the software increasingly
                verbose.
  
  <b>DIAGNOSTICS</b>
***************
*** 131,137 ****
                Directory with Postfix configuration files.
  
  <b>LICENSE</b>
!        The  Secure  Mailer  license must be distributed with this
         software.
  
  <b>AUTHOR(S)</b>
--- 139,145 ----
                Directory with Postfix configuration files.
  
  <b>LICENSE</b>
!        The Secure Mailer license must be  distributed  with  this
         software.
  
  <b>AUTHOR(S)</b>
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/postqueue.1.html ./html/postqueue.1.html
*** /tmp/postfix-2.0.0.2/html/postqueue.1.html	Sat Aug 17 19:22:45 2002
--- ./html/postqueue.1.html	Tue Jan  7 16:16:13 2003
***************
*** 11,19 ****
  
  <b>DESCRIPTION</b>
         The  <b>postqueue</b>  program implements the Postfix user inter-
!        face for queue management. It implements  all  the  opera-
!        tions that are traditionally available via the <a href="sendmail.1.html"><b>sendmail</b>(1)</a>
!        command.
  
         The following options are recognized:
  
--- 11,21 ----
  
  <b>DESCRIPTION</b>
         The  <b>postqueue</b>  program implements the Postfix user inter-
!        face for queue management. It implements  operations  that
!        are  traditionally  available via the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
!        See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command  for  queue  operations  that
!        require  super-user  privileges such as deleting a message
!        from the queue or changing the status of a message.
  
         The following options are recognized:
  
***************
*** 109,115 ****
                request and in the <b>sendmail</b> <b>-qR</b> command.
  
  <b>SEE</b> <b>ALSO</b>
!        sendmail(8) sendmail-compatible user interface
         <a href="qmgr.8.html">qmgr(8)</a> queue manager
         <a href="showq.8.html">showq(8)</a> list mail queue
         <a href="flushd.8.html">flush(8)</a> fast flush service
--- 111,118 ----
                request and in the <b>sendmail</b> <b>-qR</b> command.
  
  <b>SEE</b> <b>ALSO</b>
!        <a href="sendmail.1.html">sendmail(1)</a> sendmail-compatible user interface
!        <a href="postsuper.1.html">postsuper(1)</a> privileged queue operations
         <a href="qmgr.8.html">qmgr(8)</a> queue manager
         <a href="showq.8.html">showq(8)</a> list mail queue
         <a href="flushd.8.html">flush(8)</a> fast flush service
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/postsuper.1.html ./html/postsuper.1.html
*** /tmp/postfix-2.0.0.2/html/postsuper.1.html	Sat Nov  9 10:53:13 2002
--- ./html/postsuper.1.html	Tue Jan  7 14:55:12 2003
***************
*** 11,19 ****
  <b>DESCRIPTION</b>
         The <b>postsuper</b> command does maintenance jobs on the Postfix
         queue.  Use of the command is restricted to the superuser.
  
!        By default, <b>postsuper</b> performs  the  operations  requested
!        with  the  <b>-s</b>  and  <b>-p</b> command-line options on all Postfix
         queue directories - this includes the <b>incoming</b>, <b>active</b> and
         <b>deferred</b> directories with mail files and the <b>bounce</b>, <b>defer</b>
         and <b>flush</b> directories with log files.
--- 11,21 ----
  <b>DESCRIPTION</b>
         The <b>postsuper</b> command does maintenance jobs on the Postfix
         queue.  Use of the command is restricted to the superuser.
+        See the <b>postqueue</b> command for  unprivileged  queue  opera-
+        tions such as listing or flushing the mail queue.
  
!        By  default,  <b>postsuper</b>  performs the operations requested
!        with the <b>-s</b> and <b>-p</b> command-line  options  on  all  Postfix
         queue directories - this includes the <b>incoming</b>, <b>active</b> and
         <b>deferred</b> directories with mail files and the <b>bounce</b>, <b>defer</b>
         and <b>flush</b> directories with log files.
***************
*** 21,37 ****
         Options:
  
         <b>-c</b> <i>config_dir</i>
!               The <b>main.cf</b> configuration  file  is  in  the  named
                directory  instead  of  the  default  configuration
!               directory. See  also  the  MAIL_CONFIG  environment
                setting below.
  
         <b>-d</b> <i>queue_id</i>
                Delete one message with the named queue ID from the
!               named  mail  queue(s)  (default:  <b>hold</b>,   <b>incoming</b>,
                <b>active</b> and <b>deferred</b>).  If a <i>queue_id</i> of <b>-</b> is speci-
!               fied, the program reads  queue  IDs  from  standard
!               input.  For  example, to delete all mail from or to
                <b>user@example.com</b>:
  
                mailq | tail +2 | awk  'BEGIN { RS = "" } \
--- 23,39 ----
         Options:
  
         <b>-c</b> <i>config_dir</i>
!               The  <b>main.cf</b>  configuration  file  is  in the named
                directory  instead  of  the  default  configuration
!               directory.  See  also  the  MAIL_CONFIG environment
                setting below.
  
         <b>-d</b> <i>queue_id</i>
                Delete one message with the named queue ID from the
!               named   mail  queue(s)  (default:  <b>hold</b>,  <b>incoming</b>,
                <b>active</b> and <b>deferred</b>).  If a <i>queue_id</i> of <b>-</b> is speci-
!               fied,  the  program  reads  queue IDs from standard
!               input. For example, to delete all mail from  or  to
                <b>user@example.com</b>:
  
                mailq | tail +2 | awk  'BEGIN { RS = "" } \
***************
*** 39,155 ****
                ' | tr -d '*!' | postsuper -d -
  
                Specify <b>-d</b> <b>ALL</b> to remove all messages; for example,
!               specify  <b>-d</b>  <b>ALL</b>  <b>deferred</b>  to  delete  mail in the
!               <b>deferred</b> queue.  As a safety measure, the word  <b>ALL</b>
                must be specified in upper case.
  
!               <b>Postfix</b>  <b>queue</b>  <b>IDs</b>  <b>are</b>  <b>reused.</b>   <b>There</b> <b>is</b> <b>a</b> <b>very</b>
!               <b>small</b> <b>possibility</b> <b>that</b> <b>postsuper</b> <b>deletes</b> <b>the</b>  <b>wrong</b>
!               <b>message</b>  <b>file</b> <b>when</b> <b>it</b> <b>is</b> <b>executed</b> <b>while</b> <b>the</b> <b>Postfix</b>
                <b>mail</b> <b>system</b> <b>is</b> <b>running.</b>
  
                The scenario is as follows:
  
!               1)     The Postfix queue manager deletes  the  mes-
!                      sage  that  <b>postsuper</b> is supposed to delete,
!                      because Postfix is finished  with  the  mes-
                       sage.
  
!               2)     New  mail  arrives,  and  the new message is
!                      given the same queue ID as the message  that
                       <b>postsuper</b> is supposed to delete.  The proba-
!                      bility for reusing a  deleted  queue  ID  is
!                      about  1  in  2**15 (the number of different
                       microsecond values that the system clock can
                       distinguish within a second).
  
!               3)     <b>postsuper</b>  deletes  the new message, instead
!                      of the  old  message  that  it  should  have
                       deleted.
  
         <b>-h</b> <i>queue_id</i>
!               Put  mail  "on  hold" so that no attempt is made to
!               deliver it.  Move one message with the named  queue
                ID from the named mail queue(s) (default: <b>incoming</b>,
!               <b>active</b> and <b>deferred</b>)  to  the  <b>hold</b>  queue.   If  a
                <i>queue_id</i> of <b>-</b> is specified, the program reads queue
                IDs from standard input.
  
!               Specify <b>-h</b> <b>ALL</b> to hold all messages;  for  example,
                specify  <b>-h</b>  <b>ALL</b>  <b>deferred</b>  to  hold  mail  in  the
!               <b>deferred</b> queue.  As a safety measure, the word  <b>ALL</b>
                must be specified in upper case.
  
!               Note:  mail  that  is put "on hold" will not expire
!               when its  time  in  the  queue  exceeds  the  <b>maxi-</b>
                <b>mal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b> setting.
  
         <b>-H</b> <i>queue_id</i>
                Release mail that was put "on hold".  Move one mes-
!               sage with the named queue ID from  the  named  mail
                queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.  If
!               a <i>queue_id</i> of <b>-</b> is  specified,  the  program  reads
                queue IDs from standard input.
  
!               Specify  <b>-H</b>  <b>ALL</b>  to  release  all mail that is "on
!               hold".  As a safety measure, the word <b>ALL</b>  must  be
                specified in upper case.
  
!        <b>-p</b>     Purge  old temporary files that are left over after
                system or software crashes.
  
         <b>-r</b> <i>queue_id</i>
!               Requeue the message with the named  queue  ID  from
!               the  named  mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
!               <b>active</b> and <b>deferred</b>).   To  requeue  multiple  mes-
!               sages,  specify  multiple  <b>-r</b> command-line options.
                Alternatively, if a <i>queue_id</i> of <b>-</b> is specified, the
                program reads queue IDs from standard input.
  
                Specify <b>-r</b> <b>ALL</b> to requeue all messages. As a safety
!               measure, the word <b>ALL</b> must be  specified  in  upper
                case.
  
!               A  requeued message is moved to the <b>maildrop</b> queue,
!               from where it is copied by the pickup daemon  to  a
!               new  file whose name is guaranteed to match the new
                queue file inode number. The new queue file is sub-
!               jected  again to mail address rewriting and substi-
                tution. This is useful when rewriting rules or vir-
                tual mappings have changed.
  
!               Postfix  queue  IDs  are  reused.   There is a very
                small possibility that <b>postsuper</b> requeues the wrong
!               message  file when it is executed while the Postfix
                mail system is running, but no harm should be done.
  
         <b>-s</b>     Structure check and structure repair.  It is highly
!               recommended to perform this operation  once  before
                Postfix startup.
  
!               <b>o</b>      Rename  files  whose name does not match the
                       message file inode number. This operation is
!                      necessary  after restoring a mail queue from
                       a different machine, or from backup media.
  
                <b>o</b>      Move queue files that are in the wrong place
                       in the file system hierarchy and remove sub-
                       directories that are no longer needed.  File
!                      position  rearrangements are necessary after
                       a  change  in  the  <b>hash</b><i>_</i><b>queue</b><i>_</i><b>names</b>  and/or
                       <b>hash</b><i>_</i><b>queue</b><i>_</i><b>depth</b> configuration parameters.
  
         <b>-v</b>     Enable verbose logging for debugging purposes. Mul-
!               tiple <b>-v</b> options  make  the  software  increasingly
                verbose.
  
  <b>DIAGNOSTICS</b>
!        Problems  are reported to the standard error stream and to
         <b>syslogd</b>.
  
!        <b>postsuper</b> reports the number of messages deleted with  <b>-d</b>,
         the number of messages requeued with <b>-r</b>, and the number of
!        messages whose queue file name  was  fixed  with  <b>-s</b>.  The
         report is written to the standard error stream and to <b>sys-</b>
         <b>logd</b>.
  
--- 41,157 ----
                ' | tr -d '*!' | postsuper -d -
  
                Specify <b>-d</b> <b>ALL</b> to remove all messages; for example,
!               specify <b>-d</b> <b>ALL</b>  <b>deferred</b>  to  delete  mail  in  the
!               <b>deferred</b>  queue.  As a safety measure, the word <b>ALL</b>
                must be specified in upper case.
  
!               <b>Postfix</b> <b>queue</b> <b>IDs</b> <b>are</b>  <b>reused.</b>   <b>There</b>  <b>is</b>  <b>a</b>  <b>very</b>
!               <b>small</b>  <b>possibility</b> <b>that</b> <b>postsuper</b> <b>deletes</b> <b>the</b> <b>wrong</b>
!               <b>message</b> <b>file</b> <b>when</b> <b>it</b> <b>is</b> <b>executed</b> <b>while</b> <b>the</b>  <b>Postfix</b>
                <b>mail</b> <b>system</b> <b>is</b> <b>running.</b>
  
                The scenario is as follows:
  
!               1)     The  Postfix  queue manager deletes the mes-
!                      sage that <b>postsuper</b> is supposed  to  delete,
!                      because  Postfix  is  finished with the mes-
                       sage.
  
!               2)     New mail arrives, and  the  new  message  is
!                      given  the same queue ID as the message that
                       <b>postsuper</b> is supposed to delete.  The proba-
!                      bility  for  reusing  a  deleted queue ID is
!                      about 1 in 2**15 (the  number  of  different
                       microsecond values that the system clock can
                       distinguish within a second).
  
!               3)     <b>postsuper</b> deletes the new  message,  instead
!                      of  the  old  message  that  it  should have
                       deleted.
  
         <b>-h</b> <i>queue_id</i>
!               Put mail "on hold" so that no attempt  is  made  to
!               deliver  it.  Move one message with the named queue
                ID from the named mail queue(s) (default: <b>incoming</b>,
!               <b>active</b>  and  <b>deferred</b>)  to  the  <b>hold</b>  queue.  If a
                <i>queue_id</i> of <b>-</b> is specified, the program reads queue
                IDs from standard input.
  
!               Specify  <b>-h</b>  <b>ALL</b> to hold all messages; for example,
                specify  <b>-h</b>  <b>ALL</b>  <b>deferred</b>  to  hold  mail  in  the
!               <b>deferred</b>  queue.  As a safety measure, the word <b>ALL</b>
                must be specified in upper case.
  
!               Note: mail that is put "on hold"  will  not  expire
!               when  its  time  in  the  queue  exceeds  the <b>maxi-</b>
                <b>mal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b> setting.
  
         <b>-H</b> <i>queue_id</i>
                Release mail that was put "on hold".  Move one mes-
!               sage  with  the  named queue ID from the named mail
                queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.  If
!               a  <i>queue_id</i>  of  <b>-</b>  is specified, the program reads
                queue IDs from standard input.
  
!               Specify <b>-H</b> <b>ALL</b> to release  all  mail  that  is  "on
!               hold".   As  a safety measure, the word <b>ALL</b> must be
                specified in upper case.
  
!        <b>-p</b>     Purge old temporary files that are left over  after
                system or software crashes.
  
         <b>-r</b> <i>queue_id</i>
!               Requeue  the  message  with the named queue ID from
!               the named mail queue(s) (default:  <b>hold</b>,  <b>incoming</b>,
!               <b>active</b>  and  <b>deferred</b>).   To  requeue multiple mes-
!               sages, specify multiple  <b>-r</b>  command-line  options.
                Alternatively, if a <i>queue_id</i> of <b>-</b> is specified, the
                program reads queue IDs from standard input.
  
                Specify <b>-r</b> <b>ALL</b> to requeue all messages. As a safety
!               measure,  the  word  <b>ALL</b> must be specified in upper
                case.
  
!               A requeued message is moved to the <b>maildrop</b>  queue,
!               from  where  it is copied by the pickup daemon to a
!               new file whose name is guaranteed to match the  new
                queue file inode number. The new queue file is sub-
!               jected again to mail address rewriting and  substi-
                tution. This is useful when rewriting rules or vir-
                tual mappings have changed.
  
!               Postfix queue IDs are  reused.   There  is  a  very
                small possibility that <b>postsuper</b> requeues the wrong
!               message file when it is executed while the  Postfix
                mail system is running, but no harm should be done.
  
         <b>-s</b>     Structure check and structure repair.  It is highly
!               recommended  to  perform this operation once before
                Postfix startup.
  
!               <b>o</b>      Rename files whose name does not  match  the
                       message file inode number. This operation is
!                      necessary after restoring a mail queue  from
                       a different machine, or from backup media.
  
                <b>o</b>      Move queue files that are in the wrong place
                       in the file system hierarchy and remove sub-
                       directories that are no longer needed.  File
!                      position rearrangements are necessary  after
                       a  change  in  the  <b>hash</b><i>_</i><b>queue</b><i>_</i><b>names</b>  and/or
                       <b>hash</b><i>_</i><b>queue</b><i>_</i><b>depth</b> configuration parameters.
  
         <b>-v</b>     Enable verbose logging for debugging purposes. Mul-
!               tiple  <b>-v</b>  options  make  the software increasingly
                verbose.
  
  <b>DIAGNOSTICS</b>
!        Problems are reported to the standard error stream and  to
         <b>syslogd</b>.
  
!        <b>postsuper</b>  reports the number of messages deleted with <b>-d</b>,
         the number of messages requeued with <b>-r</b>, and the number of
!        messages  whose  queue  file  name  was fixed with <b>-s</b>. The
         report is written to the standard error stream and to <b>sys-</b>
         <b>logd</b>.
  
***************
*** 158,179 ****
                Directory with the <b>main.cf</b> file.
  
  <b>BUGS</b>
!        Mail that is not sanitized by Postfix (i.e.  mail  in  the
         <b>maildrop</b> queue) cannot be placed "on hold".
  
  <b>CONFIGURATION</b> <b>PARAMETERS</b>
!        See  the  Postfix  <b>main.cf</b> file for syntax details and for
         default values.
  
         <b>hash</b><i>_</i><b>queue</b><i>_</i><b>depth</b>
                Number of subdirectory levels for hashed queues.
  
         <b>hash</b><i>_</i><b>queue</b><i>_</i><b>names</b>
!               The names of queues that are organized into  multi-
                ple levels of subdirectories.
  
  <b>LICENSE</b>
!        The  Secure  Mailer  license must be distributed with this
         software.
  
  <b>AUTHOR(S)</b>
--- 160,185 ----
                Directory with the <b>main.cf</b> file.
  
  <b>BUGS</b>
!        Mail  that  is  not sanitized by Postfix (i.e. mail in the
         <b>maildrop</b> queue) cannot be placed "on hold".
  
  <b>CONFIGURATION</b> <b>PARAMETERS</b>
!        See the Postfix <b>main.cf</b> file for syntax  details  and  for
         default values.
  
         <b>hash</b><i>_</i><b>queue</b><i>_</i><b>depth</b>
                Number of subdirectory levels for hashed queues.
  
         <b>hash</b><i>_</i><b>queue</b><i>_</i><b>names</b>
!               The  names of queues that are organized into multi-
                ple levels of subdirectories.
  
+ <b>SEE</b> <b>ALSO</b>
+        <a href="sendmail.1.html">sendmail(1)</a> sendmail-compatible user interface
+        <a href="postqueue.1.html">postqueue(1)</a> unprivileged queue operations
+ 
  <b>LICENSE</b>
!        The Secure Mailer license must be  distributed  with  this
         software.
  
  <b>AUTHOR(S)</b>
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/proxymap.8.html ./html/proxymap.8.html
*** /tmp/postfix-2.0.0.2/html/proxymap.8.html	Wed Dec 31 19:00:00 1969
--- ./html/proxymap.8.html	Sun Jan 12 20:11:06 2003
***************
*** 0 ****
--- 1,132 ----
+ <html> <head> </head> <body> <pre>
+ PROXYMAP(8)                                           PROXYMAP(8)
+ 
+ <b>NAME</b>
+        proxymap - Postfix lookup table proxy server
+ 
+ <b>SYNOPSIS</b>
+        <b>proxymap</b> [generic Postfix daemon options]
+ 
+ <b>DESCRIPTION</b>
+        The  <b>proxymap</b>  server provides read-only table lookup ser-
+        vice to Postfix client processes. The purpose of the  ser-
+        vice is:
+ 
+        <b>o</b>      To  overcome  chroot  restrictions.  For example, a
+               chrooted SMTP server needs  access  to  the  system
+               passwd  file  in order to reject mail for non-exis-
+               tent local addresses, but it is  not  practical  to
+               maintain  a  copy  of the passwd file in the chroot
+               jail.  The solution:
+ 
+               local_recipient_maps =
+                   proxy:unix:passwd.byname $alias_maps
+ 
+        <b>o</b>      To consolidate the number of open lookup tables  by
+               sharing  one  open  table among multiple processes.
+               For example, making mysql  connections  from  every
+               Postfix daemon process results in "too many connec-
+               tions" errors. The solution:
+ 
+               virtual_alias_maps =
+                   proxy:mysql:/etc/postfix/virtual.cf
+ 
+               The total number of connections is limited  by  the
+               number of proxymap server server processes.
+ 
+        The proxymap server implements the following requests:
+ 
+        <b>PROXY</b><i>_</i><b>REQ</b><i>_</i><b>OPEN</b> <i>maptype:mapname</i> <i>flags</i>
+               Open  the table with type <i>maptype</i> and name <i>mapname</i>,
+               as controlled by <i>flags</i>.  The reply is  the  request
+               completion  status  code  (below)  and the map type
+               dependent flags.
+ 
+        <b>PROXY</b><i>_</i><b>REQ</b><i>_</i><b>LOOKUP</b> <i>maptype:mapname</i> <i>flags</i> <i>key</i>
+               Look up the data stored under  the  requested  key.
+               The  reply  is  the  request completion status code
+               (below) and the  lookup  result  value.   The  <i>map-</i>
+               <i>type:mapname</i>  and  <i>flags</i>  are  the same as with the
+               <b>PROXY</b><i>_</i><b>REQ</b><i>_</i><b>OPEN</b> request.
+ 
+        There is no  close  command,  nor  are  tables  implicitly
+        closed  when  a client disconnects. One of the purposes of
+        the proxymap server is  to  share  tables  among  multiple
+        client processes.
+ 
+        The request completion status code is one of:
+ 
+        <b>PROXY</b><i>_</i><b>STAT</b><i>_</i><b>OK</b>
+               The  specified  table  was opened, or the requested
+               entry was found.
+ 
+        <b>PROXY</b><i>_</i><b>STAT</b><i>_</i><b>NOKEY</b>
+               The requested table entry was not found.
+ 
+        <b>PROXY</b><i>_</i><b>STAT</b><i>_</i><b>BAD</b>
+               The request was  rejected  (bad  request  parameter
+               value).
+ 
+        <b>PROXY</b><i>_</i><b>STAT</b><i>_</i><b>RETRY</b>
+               The lookup request could not be completed.
+ 
+        <b>PROXY</b><i>_</i><b>STAT</b><i>_</i><b>DENY</b>
+               The specified table was not approved for access via
+               the proxymap service.
+ 
+ <b>SERVER</b> <b>PROCESS</b> <b>MANAGEMENT</b>
+        The proxymap servers run under control by the Postfix mas-
+        ter  server.  Each server can handle multiple simultaneous
+        connections.  When all servers are  busy  while  a  client
+        connects,  the  master  creates a new proxymap server pro-
+        cess, provided that the proxymap server process  limit  is
+        not exceeded.  Each proxymap server terminates after serv-
+        ing at least <b>$max</b><i>_</i><b>use</b> clients or after  <b>$max</b><i>_</i><b>idle</b>  seconds
+        of idle time.
+ 
+ <b>SECURITY</b>
+        The  proxymap  server  opens only tables that are approved
+        via the <b>proxy</b><i>_</i><b>read</b><i>_</i><b>maps</b> configuration parameter, does  not
+        talk  to  users,  and  can  run  at  fixed  low privilege,
+        chrooted or not.
+ 
+        The proxymap server is not a trusted daemon  process,  and
+        must  not be used to look up sensitive information such as
+        user or group IDs, mailbox file/directory names or  exter-
+        nal commands.
+ 
+ <b>DIAGNOSTICS</b>
+        Problems and transactions are logged to <b>syslogd</b>(8).
+ 
+ <b>BUGS</b>
+        The  proxymap server provides service to multiple clients,
+        and must therefore not be used for tables that have  high-
+        latency lookups.
+ 
+ <b>CONFIGURATION</b> <b>PARAMETERS</b>
+        The  following  main.cf parameters are especially relevant
+        to this program. Use the <b>postfix</b> <b>reload</b>  command  after  a
+        configuration change.
+ 
+        <b>proxy</b><i>_</i><b>read</b><i>_</i><b>maps</b>
+               A  list  of  zero or more parameter values that may
+               contain references to Postfix lookup  tables.  Only
+               table   references   that  begin  with  <b>proxy:</b>  are
+               approved for  read-only  access  via  the  proxymap
+               server.
+ 
+ <b>SEE</b> <b>ALSO</b>
+        dict_proxy(3) proxy map client
+ 
+ <b>LICENSE</b>
+        The  Secure  Mailer  license must be distributed with this
+        software.
+ 
+ <b>AUTHOR(S)</b>
+        Wietse Venema
+        IBM T.J. Watson Research
+        P.O. Box 704
+        Yorktown Heights, NY 10598, USA
+ 
+                                                       PROXYMAP(8)
+ </pre> </body> </html>
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/regexp_table.5.html ./html/regexp_table.5.html
*** /tmp/postfix-2.0.0.2/html/regexp_table.5.html	Tue Sep 17 12:54:44 2002
--- ./html/regexp_table.5.html	Wed Jan  8 09:45:59 2003
***************
*** 90,96 ****
         /^postmaster@/       OK
  
         # Protect your outgoing majordomo exploders
!        /^(.*)-outgoing@(.*)$/!/^owner-/         550 Use ${1}@${2} instead
  
  <b>EXAMPLE</b> <b>HEADER</b> <b>FILTER</b> <b>MAP</b>
         # These were once common in junk mail.
--- 90,98 ----
         /^postmaster@/       OK
  
         # Protect your outgoing majordomo exploders
!        if !/^owner-/
!        /^(.*)-outgoing@(.*)$/   550 Use ${1}@${2} instead
!        endif
  
  <b>EXAMPLE</b> <b>HEADER</b> <b>FILTER</b> <b>MAP</b>
         # These were once common in junk mail.
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/trivial-rewrite.8.html ./html/trivial-rewrite.8.html
*** /tmp/postfix-2.0.0.2/html/trivial-rewrite.8.html	Mon Dec 23 13:48:32 2002
--- ./html/trivial-rewrite.8.html	Sun Jan 12 12:12:01 2003
***************
*** 75,88 ****
                <b>$relayhost</b>.   The  default nexthop is the recipient
                domain.
  
  <b>STANDARDS</b>
!        None. The command  does  not  interact  with  the  outside
         world.
  
  <b>SECURITY</b>
!        The  <b>trivial-rewrite</b> daemon is not security sensitive.  By
!        default, this daemon does not  talk  to  remote  or  local
!        users.   It can run at a fixed low privilege in a chrooted
         environment.
  
  <b>DIAGNOSTICS</b>
--- 75,98 ----
                <b>$relayhost</b>.   The  default nexthop is the recipient
                domain.
  
+ <b>SERVER</b> <b>PROCESS</b> <b>MANAGEMENT</b>
+        The trivial-rewrite servers run under control by the Post-
+        fix master server.  Each server can handle multiple simul-
+        taneous connections.  When all servers are  busy  while  a
+        client  connects, the master creates a new server process,
+        provided that the trivial-rewrite server process limit  is
+        not  exceeded.   Each  trivial-rewrite  server  terminates
+        after serving at least <b>$max</b><i>_</i><b>use</b> clients of after <b>$max</b><i>_</i><b>idle</b>
+        seconds of idle time.
+ 
  <b>STANDARDS</b>
!        None.  The  command  does  not  interact  with the outside
         world.
  
  <b>SECURITY</b>
!        The <b>trivial-rewrite</b> daemon is not security sensitive.   By
!        default,  this  daemon  does  not  talk to remote or local
!        users.  It can run at a fixed low privilege in a  chrooted
         environment.
  
  <b>DIAGNOSTICS</b>
***************
*** 90,110 ****
  
  <b>BUGS</b>
  <b>CONFIGURATION</b> <b>PARAMETERS</b>
!        The following <b>main.cf</b> parameters are  especially  relevant
!        to  this  program. See the Postfix <b>main.cf</b> file for syntax
!        details and for default values.  Use  the  <b>postfix</b>  <b>reload</b>
         command after a configuration change.
  
  <b>Miscellaneous</b>
         <b>empty</b><i>_</i><b>address</b><i>_</i><b>recipient</b>
!               The  recipient  that  is  substituted  for the null
                address.
  
         <b>inet</b><i>_</i><b>interfaces</b>
!               The  network  interfaces  that  this  mail   system
!               receives  mail  on.   This  information  is used to
!               determine if <i>user</i>@[<i>net.work.addr.ess</i>] is  local  or
!               remote.   Mail  for  local  users  is  given to the
                <b>$local</b><i>_</i><b>transport</b>.
  
         <b>mydestination</b>
--- 100,120 ----
  
  <b>BUGS</b>
  <b>CONFIGURATION</b> <b>PARAMETERS</b>
!        The  following  <b>main.cf</b> parameters are especially relevant
!        to this program. See the Postfix <b>main.cf</b> file  for  syntax
!        details  and  for  default  values. Use the <b>postfix</b> <b>reload</b>
         command after a configuration change.
  
  <b>Miscellaneous</b>
         <b>empty</b><i>_</i><b>address</b><i>_</i><b>recipient</b>
!               The recipient that  is  substituted  for  the  null
                address.
  
         <b>inet</b><i>_</i><b>interfaces</b>
!               The   network  interfaces  that  this  mail  system
!               receives mail on.   This  information  is  used  to
!               determine  if  <i>user</i>@[<i>net.work.addr.ess</i>] is local or
!               remote.  Mail for  local  users  is  given  to  the
                <b>$local</b><i>_</i><b>transport</b>.
  
         <b>mydestination</b>
***************
*** 113,119 ****
  
         <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>
                List of simulated virtual domains (domains with all
!               recipients aliased to some other  local  or  remote
                domain).
  
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
--- 123,129 ----
  
         <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>
                List of simulated virtual domains (domains with all
!               recipients  aliased  to  some other local or remote
                domain).
  
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
***************
*** 126,135 ****
  
         <b>resolve</b><i>_</i><b>unquoted</b><i>_</i><b>address</b>
                When resolving an address, do not quote the address
!               localpart as per <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>, so that additional  <b>@</b>,  <b>%</b>
!               or  <b>!</b>   characters  remain visible. This is techni-
                cally  incorrect,  but  allows  us  to  stop  relay
!               attacks  when forwarding mail to a Sendmail primary
                MX host.
  
         <b>relocated</b><i>_</i><b>maps</b>
--- 136,145 ----
  
         <b>resolve</b><i>_</i><b>unquoted</b><i>_</i><b>address</b>
                When resolving an address, do not quote the address
!               localpart  as  per <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>, so that additional <b>@</b>, <b>%</b>
!               or <b>!</b>  characters remain visible.  This  is  techni-
                cally  incorrect,  but  allows  us  to  stop  relay
!               attacks when forwarding mail to a Sendmail  primary
                MX host.
  
         <b>relocated</b><i>_</i><b>maps</b>
***************
*** 155,204 ****
  
  <b>Routing</b>
         <b>local</b><i>_</i><b>transport</b>
!               Where to deliver mail for destinations  that  match
!               <b>$mydestination</b>  or  <b>$inet</b><i>_</i><b>interfaces</b>.   The default
                transport is <b>local:$myhostname</b>.
  
!               Syntax is <i>transport</i>:<i>nexthop</i>; see  <a href="transport.5.html"><b>transport</b>(5)</a>  for
                details. The :<i>nexthop</i> part is optional.
  
         <b>virtual</b><i>_</i><b>transport</b>
!               Where  to  deliver  mail for non-local domains that
                match <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.  The default trans-
                port is <b>virtual</b>.
  
!               Syntax  is  <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
                details. The :<i>nexthop</i> part is optional.
  
         <b>relay</b><i>_</i><b>transport</b>
!               Where to deliver mail for  non-local  domains  that
!               match  <b>$relay</b><i>_</i><b>domains</b>.   The  default  transport is
                <b>relay</b> (which normally is a clone of the <b>smtp</b> trans-
                port).
  
!               Syntax  is  <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
                details. The :<i>nexthop</i> part is optional.
  
         <b>default</b><i>_</i><b>transport</b>
!               Where to deliver all  other  non-local  mail.   The
                default transport is <b>smtp</b>.
  
!               Syntax  is  <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
                details. The :<i>nexthop</i> part is optional.
  
         <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
!               List of Postfix features that use  <i>domain.tld</i>  pat-
!               terns   to  match  <i>sub.domain.tld</i>  (as  opposed  to
                requiring <i>.domain.tld</i> patterns).
  
         <b>relayhost</b>
!               The default host to send non-local mail to when  no
!               host   is   specified   with   <b>$relay</b><i>_</i><b>transport</b>  or
!               <b>$default</b><i>_</i><b>transport</b>, and when the recipient  address
                does not match the optional the <a href="transport.5.html"><b>transport</b>(5)</a> table.
  
         <b>transport</b><i>_</i><b>maps</b>
!               List of tables with <i>recipient</i> or <i>domain</i> to  (<i>trans-</i>
                <i>port,</i> <i>nexthop</i>) mappings.
  
  <b>SEE</b> <b>ALSO</b>
--- 165,214 ----
  
  <b>Routing</b>
         <b>local</b><i>_</i><b>transport</b>
!               Where  to  deliver mail for destinations that match
!               <b>$mydestination</b> or  <b>$inet</b><i>_</i><b>interfaces</b>.   The  default
                transport is <b>local:$myhostname</b>.
  
!               Syntax  is  <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
                details. The :<i>nexthop</i> part is optional.
  
         <b>virtual</b><i>_</i><b>transport</b>
!               Where to deliver mail for  non-local  domains  that
                match <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.  The default trans-
                port is <b>virtual</b>.
  
!               Syntax is <i>transport</i>:<i>nexthop</i>; see  <a href="transport.5.html"><b>transport</b>(5)</a>  for
                details. The :<i>nexthop</i> part is optional.
  
         <b>relay</b><i>_</i><b>transport</b>
!               Where  to  deliver  mail for non-local domains that
!               match <b>$relay</b><i>_</i><b>domains</b>.   The  default  transport  is
                <b>relay</b> (which normally is a clone of the <b>smtp</b> trans-
                port).
  
!               Syntax is <i>transport</i>:<i>nexthop</i>; see  <a href="transport.5.html"><b>transport</b>(5)</a>  for
                details. The :<i>nexthop</i> part is optional.
  
         <b>default</b><i>_</i><b>transport</b>
!               Where  to  deliver  all  other non-local mail.  The
                default transport is <b>smtp</b>.
  
!               Syntax is <i>transport</i>:<i>nexthop</i>; see  <a href="transport.5.html"><b>transport</b>(5)</a>  for
                details. The :<i>nexthop</i> part is optional.
  
         <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
!               List  of  Postfix features that use <i>domain.tld</i> pat-
!               terns  to  match  <i>sub.domain.tld</i>  (as  opposed   to
                requiring <i>.domain.tld</i> patterns).
  
         <b>relayhost</b>
!               The  default host to send non-local mail to when no
!               host  is   specified   with   <b>$relay</b><i>_</i><b>transport</b>   or
!               <b>$default</b><i>_</i><b>transport</b>,  and when the recipient address
                does not match the optional the <a href="transport.5.html"><b>transport</b>(5)</a> table.
  
         <b>transport</b><i>_</i><b>maps</b>
!               List  of tables with <i>recipient</i> or <i>domain</i> to (<i>trans-</i>
                <i>port,</i> <i>nexthop</i>) mappings.
  
  <b>SEE</b> <b>ALSO</b>
***************
*** 208,214 ****
         <a href="relocated.5.html">relocated(5)</a> format of the "user has moved" table
  
  <b>LICENSE</b>
!        The  Secure  Mailer  license must be distributed with this
         software.
  
  <b>AUTHOR(S)</b>
--- 218,224 ----
         <a href="relocated.5.html">relocated(5)</a> format of the "user has moved" table
  
  <b>LICENSE</b>
!        The Secure Mailer license must be  distributed  with  this
         software.
  
  <b>AUTHOR(S)</b>
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/html/virtual.8.html ./html/virtual.8.html
*** /tmp/postfix-2.0.0.2/html/virtual.8.html	Wed Dec 18 21:18:44 2002
--- ./html/virtual.8.html	Tue Jan  7 14:48:13 2003
***************
*** 141,177 ****
                etc. is disallowed, because that would open a secu-
                rity hole.
  
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
!               The  list  of  domains that should be delivered via
!               the Postfix virtual delivery agent. This  uses  the
                same  syntax  as  the  <b>mydestination</b>  configuration
                parameter.
  
         <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
!               Specifies a minimum uid that will be accepted as  a
!               return    from   a   <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b>   or   <b>vir-</b>
!               <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup.  Returned  values  less  than
!               this  will  be  rejected,  and  the message will be
                deferred.
  
         <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
                Recipients are looked up in these maps to determine
!               the  user  ID to be used when writing to the target
                mailbox.
  
!               While searching a lookup table, an  address  exten-
                sion (<i>user+foo@domain.tld</i>) is ignored.
  
!               In  a  lookup  table,  specify  a left-hand side of
!               <i>@domain.tld</i> to match  any  user  in  the  specified
!               domain    that    does    not   have   a   specific
                <i>user@domain.tld</i> entry.
  
!               For security reasons, regular expression  maps  are
!               allowed  but  regular expression substitution of $1
                etc. is disallowed, because that would open a secu-
                rity hole.
  
         <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
                Recipients are looked up in these maps to determine
                the group ID to be used when writing to the  target
--- 141,183 ----
                etc. is disallowed, because that would open a secu-
                rity hole.
  
+               For  security  reasons, proxied table lookup is not
+               allowed, because that would open a security hole.
+ 
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
!               The list of domains that should  be  delivered  via
!               the  Postfix  virtual delivery agent. This uses the
                same  syntax  as  the  <b>mydestination</b>  configuration
                parameter.
  
         <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
!               Specifies  a minimum uid that will be accepted as a
!               return   from   a   <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b>   or    <b>vir-</b>
!               <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>  lookup.   Returned  values less than
!               this will be rejected,  and  the  message  will  be
                deferred.
  
         <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
                Recipients are looked up in these maps to determine
!               the user ID to be used when writing to  the  target
                mailbox.
  
!               While  searching  a lookup table, an address exten-
                sion (<i>user+foo@domain.tld</i>) is ignored.
  
!               In a lookup table,  specify  a  left-hand  side  of
!               <i>@domain.tld</i>  to  match  any  user  in the specified
!               domain   that   does   not    have    a    specific
                <i>user@domain.tld</i> entry.
  
!               For  security  reasons, regular expression maps are
!               allowed but regular expression substitution  of  $1
                etc. is disallowed, because that would open a secu-
                rity hole.
  
+               For security reasons, proxied table lookup  is  not
+               allowed, because that would open a security hole.
+ 
         <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
                Recipients are looked up in these maps to determine
                the group ID to be used when writing to the  target
***************
*** 190,252 ****
                etc. is disallowed, because that would open a secu-
                rity hole.
  
  <b>Locking</b> <b>controls</b>
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
!               How to lock UNIX-style mailboxes: one  or  more  of
!               <b>flock</b>,   <b>fcntl</b>   or  <b>dotlock</b>.  The  <b>dotlock</b>  method
!               requires that the recipient UID or  GID  has  write
                access to the parent directory of the mailbox file.
  
!               This setting is ignored with <b>maildir</b>  style  deliv-
                ery,  because  such  deliveries  are  safe  without
                explicit locks.
  
!               Use the command <b>postconf</b> <b>-l</b> to find out what  lock-
                ing methods are available on your system.
  
         <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
!               Limit  the  number of attempts to acquire an exclu-
                sive lock on a UNIX-style mailbox file.
  
         <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
                Time (default: seconds) between successive attempts
!               to  acquire an exclusive lock on a UNIX-style mail-
!               box file. The actual delay is slightly  randomized.
  
         <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
!               Limit  the  time  after  which  a stale lockfile is
!               removed (applicable to UNIX-style mailboxes  only).
  
  <b>Resource</b> <b>controls</b>
         <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
                Limit the number of parallel deliveries to the same
                domain via the <b>virtual</b> delivery agent.  The default
                limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
!               <b>rency</b><i>_</i><b>limit</b> parameter.  The limit  is  enforced  by
                the Postfix queue manager.
  
         <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
                Limit the number of recipients per message delivery
!               via the <b>virtual</b> delivery agent.  The default  limit
!               is   taken   from  the  <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
!               <b>ent</b><i>_</i><b>limit</b> parameter.  The limit is enforced by  the
                Postfix queue manager.
  
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
!               The  maximal  size in bytes of a mailbox or maildir
                file.  Set to zero to disable the limit.
  
  <b>HISTORY</b>
!        This agent was  originally  based  on  the  Postfix  local
         delivery agent. Modifications mainly consisted of removing
!        code that either was not applicable or that was  not  safe
!        in  this  context: aliases, ~user/.forward files, delivery
         to "|command" or to /file/name.
  
!        The <b>Delivered-To:</b> header appears in the  <b>qmail</b>  system  by
         Daniel Bernstein.
  
!        The  <b>maildir</b>  structure  appears  in  the  <b>qmail</b> system by
         Daniel Bernstein.
  
  <b>SEE</b> <b>ALSO</b>
--- 196,261 ----
                etc. is disallowed, because that would open a secu-
                rity hole.
  
+               For security reasons, proxied table lookup  is  not
+               allowed, because that would open a security hole.
+ 
  <b>Locking</b> <b>controls</b>
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
!               How  to  lock  UNIX-style mailboxes: one or more of
!               <b>flock</b>,  <b>fcntl</b>  or  <b>dotlock</b>.  The   <b>dotlock</b>   method
!               requires  that  the  recipient UID or GID has write
                access to the parent directory of the mailbox file.
  
!               This  setting  is ignored with <b>maildir</b> style deliv-
                ery,  because  such  deliveries  are  safe  without
                explicit locks.
  
!               Use  the command <b>postconf</b> <b>-l</b> to find out what lock-
                ing methods are available on your system.
  
         <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
!               Limit the number of attempts to acquire  an  exclu-
                sive lock on a UNIX-style mailbox file.
  
         <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
                Time (default: seconds) between successive attempts
!               to acquire an exclusive lock on a UNIX-style  mail-
!               box  file. The actual delay is slightly randomized.
  
         <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
!               Limit the time after  which  a  stale  lockfile  is
!               removed  (applicable to UNIX-style mailboxes only).
  
  <b>Resource</b> <b>controls</b>
         <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
                Limit the number of parallel deliveries to the same
                domain via the <b>virtual</b> delivery agent.  The default
                limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
!               <b>rency</b><i>_</i><b>limit</b>  parameter.   The  limit is enforced by
                the Postfix queue manager.
  
         <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
                Limit the number of recipients per message delivery
!               via  the <b>virtual</b> delivery agent.  The default limit
!               is  taken  from   the   <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
!               <b>ent</b><i>_</i><b>limit</b>  parameter.  The limit is enforced by the
                Postfix queue manager.
  
         <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
!               The maximal size in bytes of a mailbox  or  maildir
                file.  Set to zero to disable the limit.
  
  <b>HISTORY</b>
!        This  agent  was  originally  based  on  the Postfix local
         delivery agent. Modifications mainly consisted of removing
!        code  that  either was not applicable or that was not safe
!        in this context: aliases, ~user/.forward  files,  delivery
         to "|command" or to /file/name.
  
!        The  <b>Delivered-To:</b>  header  appears in the <b>qmail</b> system by
         Daniel Bernstein.
  
!        The <b>maildir</b> structure  appears  in  the  <b>qmail</b>  system  by
         Daniel Bernstein.
  
  <b>SEE</b> <b>ALSO</b>
***************
*** 257,263 ****
         <a href="qmgr.8.html">qmgr(8)</a> queue manager
  
  <b>LICENSE</b>
!        The Secure Mailer license must be  distributed  with  this
         software.
  
  <b>AUTHOR(S)</b>
--- 266,272 ----
         <a href="qmgr.8.html">qmgr(8)</a> queue manager
  
  <b>LICENSE</b>
!        The  Secure  Mailer  license must be distributed with this
         software.
  
  <b>AUTHOR(S)</b>
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/makedefs ./makedefs
*** /tmp/postfix-2.0.0.2/makedefs	Tue Sep 17 12:22:03 2002
--- ./makedefs	Fri Jan 10 15:17:17 2003
***************
*** 191,200 ****
  		    echo "See the RELEASE_NOTES file for more information." 1>&2
  		    exit 1
  		fi
- 		if [ -f /usr/include/pcre/pcre.h ]
- 		then
- 		    CCARGS="$CCARGS -DHAS_PCRE -I/usr/include/pcre"
- 		fi
  		# GDBM locks the DBM .pag file after open. This breaks postmap.
  		# if [ -f /usr/include/gdbm-ndbm.h ]
  		# then
--- 191,196 ----
***************
*** 206,212 ****
  		#     GDBM_LIBS=gdbm
  		# fi
  		SYSLIBS="-ldb"
! 		for name in nsl resolv pcre $GDBM_LIBS
  		do
  		    test -e /usr/lib/lib$name.a -o -e /usr/lib/lib$name.so \
  			-o -e /lib/lib$name.a -o -e /lib/lib$name.so \
--- 202,208 ----
  		#     GDBM_LIBS=gdbm
  		# fi
  		SYSLIBS="-ldb"
! 		for name in nsl resolv $GDBM_LIBS
  		do
  		    test -e /usr/lib/lib$name.a -o -e /usr/lib/lib$name.so \
  			-o -e /lib/lib$name.a -o -e /lib/lib$name.so \
***************
*** 286,291 ****
--- 282,303 ----
  		fi
  		;;
  	   *)	echo "Unknown system type: $SYSTEM $RELEASE" 1>&2; exit 1;;
+ esac
+ 
+ #
+ # PCRE 3.x has a pcre-config utility so we don't have to guess.
+ #
+ case "$CCARGS" in
+ *-DHAS_PCRE*)	;;
+  *-DNO_PCRE*)	;;
+            *)	pcre_cflags=`(pcre-config --cflags) 2>/dev/null`
+ 		pcre_libs=`(pcre-config --libs) 2>/dev/null`
+ 		if [ -n "$pcre_cflags" -a -n "$pcre_libs" ]
+ 		then
+ 		    CCARGS="$CCARGS -DHAS_PCRE $pcre_cflags"
+ 		    AUXLIBS="$AUXLIBS $pcre_libs"
+ 		fi
+ 		;;
  esac
  
  # Defaults that can be overruled (make makefiles CC=cc OPT=-O6 DEBUG=)
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/Makefile.in ./man/Makefile.in
*** /tmp/postfix-2.0.0.2/man/Makefile.in	Mon Sep  2 11:34:36 2002
--- ./man/Makefile.in	Sun Jan 12 11:44:33 2003
***************
*** 5,11 ****
  DAEMONS	= man8/bounce.8 man8/defer.8 man8/cleanup.8 man8/error.8 man8/local.8 \
  	man8/lmtp.8 man8/master.8 man8/pickup.8 man8/pipe.8 man8/qmgr.8 \
  	man8/showq.8 man8/smtp.8 man8/smtpd.8 man8/trivial-rewrite.8 \
! 	man8/nqmgr.8 man8/spawn.8 man8/flush.8 man8/virtual.8 man8/qmqpd.8
  COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \
  	man1/postkick.1 man1/postlock.1 man1/postlog.1 man1/postdrop.1 \
  	man1/postmap.1 man1/sendmail.1 man1/mailq.1 man1/newaliases.1 \
--- 5,12 ----
  DAEMONS	= man8/bounce.8 man8/defer.8 man8/cleanup.8 man8/error.8 man8/local.8 \
  	man8/lmtp.8 man8/master.8 man8/pickup.8 man8/pipe.8 man8/qmgr.8 \
  	man8/showq.8 man8/smtp.8 man8/smtpd.8 man8/trivial-rewrite.8 \
! 	man8/nqmgr.8 man8/spawn.8 man8/flush.8 man8/virtual.8 man8/qmqpd.8 \
! 	man8/proxymap.8
  COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \
  	man1/postkick.1 man1/postlock.1 man1/postlog.1 man1/postdrop.1 \
  	man1/postmap.1 man1/sendmail.1 man1/mailq.1 man1/newaliases.1 \
***************
*** 62,67 ****
--- 63,71 ----
  	../mantools/srctoman $? >$@
  
  man8/pipe.8: ../src/pipe/pipe.c
+ 	../mantools/srctoman $? >$@
+ 
+ man8/proxymap.8: ../src/proxymap/proxymap.c
  	../mantools/srctoman $? >$@
  
  man8/qmgr.8: ../src/qmgr/qmgr.c
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man1/postconf.1 ./man/man1/postconf.1
*** /tmp/postfix-2.0.0.2/man/man1/postconf.1	Wed Dec 18 21:18:43 2002
--- ./man/man1/postconf.1	Sun Jan 12 12:12:00 2003
***************
*** 53,59 ****
  stale lock files that were left behind after abnormal termination.
  .RE
  .IP \fB-m\fR
! List the names of all supported lookup table types.
  .RS
  .IP \fBbtree\fR
  A sorted, balanced tree structure.
--- 53,62 ----
  stale lock files that were left behind after abnormal termination.
  .RE
  .IP \fB-m\fR
! List the names of all supported lookup table types. Postfix
! lookup tables are specified as \fItype\fB:\fIname\fR, where
! \fItype\fR is one of the types listed below. The table \fIname\fR
! syntax depends on the lookup table type.
  .RS
  .IP \fBbtree\fR
  A sorted, balanced tree structure.
***************
*** 79,84 ****
--- 82,91 ----
  .IP "\fBpcre\fR (read-only)"
  A lookup table based on Perl Compatible Regular Expressions. The
  file format is described in \fBpcre_table\fR(5).
+ .IP "\fBproxy\fR (read-only)"
+ A lookup table that is implemented via the Postfix
+ \fBproxymap\fR(8) service. The table name syntax is
+ \fItype\fB:\fIname\fR.
  .IP "\fBregexp\fR (read-only)"
  A lookup table based on regular expressions. The file format is
  described in \fBregexp_table\fR(5).
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man1/postqueue.1 ./man/man1/postqueue.1
*** /tmp/postfix-2.0.0.2/man/man1/postqueue.1	Sat Aug 17 19:22:45 2002
--- ./man/man1/postqueue.1	Tue Jan  7 16:16:13 2003
***************
*** 17,24 ****
  .ad
  .fi
  The \fBpostqueue\fR program implements the Postfix user interface
! for queue management. It implements all the operations that are
  traditionally available via the \fBsendmail\fR(1) command.
  
  The following options are recognized:
  .IP "\fB-c \fIconfig_dir\fR"
--- 17,27 ----
  .ad
  .fi
  The \fBpostqueue\fR program implements the Postfix user interface
! for queue management. It implements operations that are
  traditionally available via the \fBsendmail\fR(1) command.
+ See the \fBpostsuper\fR(1) command for queue operations
+ that require super-user privileges such as deleting a message
+ from the queue or changing the status of a message.
  
  The following options are recognized:
  .IP "\fB-c \fIconfig_dir\fR"
***************
*** 112,118 ****
  .SH SEE ALSO
  .na
  .nf
! sendmail(8) sendmail-compatible user interface
  qmgr(8) queue manager
  showq(8) list mail queue
  flush(8) fast flush service
--- 115,122 ----
  .SH SEE ALSO
  .na
  .nf
! sendmail(1) sendmail-compatible user interface
! postsuper(1) privileged queue operations
  qmgr(8) queue manager
  showq(8) list mail queue
  flush(8) fast flush service
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man1/postsuper.1 ./man/man1/postsuper.1
*** /tmp/postfix-2.0.0.2/man/man1/postsuper.1	Sat Nov  9 10:53:13 2002
--- ./man/man1/postsuper.1	Tue Jan  7 14:55:11 2003
***************
*** 18,23 ****
--- 18,25 ----
  .fi
  The \fBpostsuper\fR command does maintenance jobs on the Postfix
  queue. Use of the command is restricted to the superuser.
+ See the \fBpostqueue\fR command for unprivileged queue operations
+ such as listing or flushing the mail queue.
  
  By default, \fBpostsuper\fR performs the operations requested with the
  \fB-s\fR and \fB-p\fR command-line options on all Postfix queue
***************
*** 176,181 ****
--- 178,188 ----
  .IP \fBhash_queue_names\fR
  The names of queues that are organized into multiple levels of
  subdirectories.
+ .SH SEE ALSO
+ .na
+ .nf
+ sendmail(1) sendmail-compatible user interface
+ postqueue(1) unprivileged queue operations
  .SH LICENSE
  .na
  .nf
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man5/regexp_table.5 ./man/man5/regexp_table.5
*** /tmp/postfix-2.0.0.2/man/man5/regexp_table.5	Tue Sep 17 12:54:44 2002
--- ./man/man5/regexp_table.5	Wed Jan  8 09:45:59 2003
***************
*** 84,90 ****
  /^postmaster@/       OK
  
  # Protect your outgoing majordomo exploders
! /^(.*)-outgoing@(.*)$/!/^owner-/         550 Use ${1}@${2} instead
  .SH EXAMPLE HEADER FILTER MAP
  .na
  .nf
--- 84,92 ----
  /^postmaster@/       OK
  
  # Protect your outgoing majordomo exploders
! if !/^owner-/
! /^(.*)-outgoing@(.*)$/   550 Use ${1}@${2} instead
! endif
  .SH EXAMPLE HEADER FILTER MAP
  .na
  .nf
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man8/proxymap.8 ./man/man8/proxymap.8
*** /tmp/postfix-2.0.0.2/man/man8/proxymap.8	Wed Dec 31 19:00:00 1969
--- ./man/man8/proxymap.8	Sun Jan 12 20:11:05 2003
***************
*** 0 ****
--- 1,134 ----
+ .TH PROXYMAP 8 
+ .ad
+ .fi
+ .SH NAME
+ proxymap
+ \-
+ Postfix lookup table proxy server
+ .SH SYNOPSIS
+ .na
+ .nf
+ \fBproxymap\fR [generic Postfix daemon options]
+ .SH DESCRIPTION
+ .ad
+ .fi
+ The \fBproxymap\fR server provides read-only table
+ lookup service to Postfix client processes. The purpose
+ of the service is:
+ .IP \(bu
+ To overcome chroot restrictions. For example, a chrooted SMTP
+ server needs access to the system passwd file in order to
+ reject mail for non-existent local addresses, but it is not
+ practical to maintain a copy of the passwd file in the chroot
+ jail.  The solution:
+ .sp
+ local_recipient_maps =
+ .ti +4
+ proxy:unix:passwd.byname $alias_maps
+ .IP \(bu
+ To consolidate the number of open lookup tables by sharing
+ one open table among multiple processes. For example, making
+ mysql connections from every Postfix daemon process results
+ in "too many connections" errors. The solution:
+ .sp
+ virtual_alias_maps =
+ .ti +4
+ proxy:mysql:/etc/postfix/virtual.cf
+ .sp
+ The total number of connections is limited by the number of
+ proxymap server server processes.
+ .PP
+ The proxymap server implements the following requests:
+ .IP "\fBPROXY_REQ_OPEN\fI maptype:mapname flags\fR"
+ Open the table with type \fImaptype\fR and name \fImapname\fR,
+ as controlled by \fIflags\fR.
+ The reply is the request completion status code (below) and the
+ map type dependent flags.
+ .IP "\fBPROXY_REQ_LOOKUP\fI maptype:mapname flags key\fR"
+ Look up the data stored under the requested key.
+ The reply is the request completion status code (below) and
+ the lookup result value.
+ The \fImaptype:mapname\fR and \fIflags\fR are the same
+ as with the \fBPROXY_REQ_OPEN\fR request.
+ .PP
+ There is no close command, nor are tables implicitly closed
+ when a client disconnects. One of the purposes of the proxymap
+ server is to share tables among multiple client processes.
+ 
+ The request completion status code is one of:
+ .IP \fBPROXY_STAT_OK\fR
+ The specified table was opened, or the requested entry was found.
+ .IP \fBPROXY_STAT_NOKEY\fR
+ The requested table entry was not found.
+ .IP \fBPROXY_STAT_BAD\fR
+ The request was rejected (bad request parameter value).
+ .IP \fBPROXY_STAT_RETRY\fR
+ The lookup request could not be completed.
+ .IP \fBPROXY_STAT_DENY\fR
+ The specified table was not approved for access via the
+ proxymap service.
+ .SH SERVER PROCESS MANAGEMENT
+ .na
+ .nf
+ .ad
+ .fi
+ The proxymap servers run under control by the Postfix master
+ server.  Each server can handle multiple simultaneous connections.
+ When all servers are busy while a client connects, the master
+ creates a new proxymap server process, provided that the proxymap
+ server process limit is not exceeded.
+ Each proxymap server terminates after serving
+ at least \fB$max_use\fR clients or after \fB$max_idle\fR seconds
+ of idle time.
+ .SH SECURITY
+ .na
+ .nf
+ .ad
+ .fi
+ The proxymap server opens only tables that are approved via the
+ \fBproxy_read_maps\fR configuration parameter, does not talk to
+ users, and can run at fixed low privilege, chrooted or not.
+ 
+ The proxymap server is not a trusted daemon process, and must
+ not be used to look up sensitive information such as user or
+ group IDs, mailbox file/directory names or external commands.
+ .SH DIAGNOSTICS
+ .ad
+ .fi
+ Problems and transactions are logged to \fBsyslogd\fR(8).
+ .SH BUGS
+ .ad
+ .fi
+ The proxymap server provides service to multiple clients,
+ and must therefore not be used for tables that have high-latency
+ lookups.
+ .SH CONFIGURATION PARAMETERS
+ .na
+ .nf
+ .ad
+ .fi
+ The following main.cf parameters are especially relevant
+ to this program. Use the \fBpostfix reload\fR command
+ after a configuration change.
+ .IP \fBproxy_read_maps\fR
+ A list of zero or more parameter values that may contain
+ references to Postfix lookup tables. Only table references
+ that begin with \fBproxy:\fR are approved for read-only
+ access via the proxymap server.
+ .SH SEE ALSO
+ .na
+ .nf
+ dict_proxy(3) proxy map client
+ .SH LICENSE
+ .na
+ .nf
+ .ad
+ .fi
+ The Secure Mailer license must be distributed with this software.
+ .SH AUTHOR(S)
+ .na
+ .nf
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man8/trivial-rewrite.8 ./man/man8/trivial-rewrite.8
*** /tmp/postfix-2.0.0.2/man/man8/trivial-rewrite.8	Mon Dec 23 13:48:32 2002
--- ./man/man8/trivial-rewrite.8	Sun Jan 12 12:12:00 2003
***************
*** 65,70 ****
--- 65,83 ----
  This overrides the optional nexthop information that is specified
  with \fB$relayhost\fR.
  The default nexthop is the recipient domain.
+ .SH SERVER PROCESS MANAGEMENT
+ .na
+ .nf
+ .ad
+ .fi
+ The trivial-rewrite servers run under control by the Postfix master
+ server.  Each server can handle multiple simultaneous connections.
+ When all servers are busy while a client connects, the master
+ creates a new server process, provided that the trivial-rewrite
+ server process limit is not exceeded.
+ Each trivial-rewrite server terminates after
+ serving at least \fB$max_use\fR clients of after \fB$max_idle\fR
+ seconds of idle time.
  .SH STANDARDS
  .na
  .nf
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/man/man8/virtual.8 ./man/man8/virtual.8
*** /tmp/postfix-2.0.0.2/man/man8/virtual.8	Wed Dec 18 21:18:43 2002
--- ./man/man8/virtual.8	Tue Jan  7 14:48:12 2003
***************
*** 157,162 ****
--- 157,165 ----
  For security reasons, regular expression maps are allowed but
  regular expression substitution of $1 etc. is disallowed,
  because that would open a security hole.
+ 
+ For security reasons, proxied table lookup is not allowed,
+ because that would open a security hole.
  .IP \fBvirtual_mailbox_domains\fR
  The list of domains that should be delivered via the Postfix virtual
  delivery agent. This uses the same syntax as the \fBmydestination\fR
***************
*** 180,185 ****
--- 183,191 ----
  For security reasons, regular expression maps are allowed but
  regular expression substitution of $1 etc. is disallowed,
  because that would open a security hole.
+ 
+ For security reasons, proxied table lookup is not allowed,
+ because that would open a security hole.
  .IP \fBvirtual_gid_maps\fR
  Recipients are looked up in these maps to determine the group ID to be
  used when writing to the target mailbox.
***************
*** 193,198 ****
--- 199,207 ----
  
  For security reasons, regular expression maps are allowed but
  regular expression substitution of $1 etc. is disallowed,
+ because that would open a security hole.
+ 
+ For security reasons, proxied table lookup is not allowed,
  because that would open a security hole.
  .SH "Locking controls"
  .ad
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/mantools/postlink ./mantools/postlink
*** /tmp/postfix-2.0.0.2/mantools/postlink	Sat Jun  8 14:21:39 2002
--- ./mantools/postlink	Sun Jan 12 12:44:49 2003
***************
*** 44,49 ****
--- 44,50 ----
  	s/[<bB>]*canonical[</bB>]*(5)/<a href="canonical.5.html">&<\/a>/
  	s/[<bB>]*etrn[</bB>]*(5)/<a href="etrn.5.html">&<\/a>/
  	s/[<bB>]*pcre[</bBiI>]*_[</iIbB>]*table[</bB>]*(5)/<a href="pcre_table.5.html">&<\/a>/
+ 	s/[<bB>]*proxymap[</bB>]*(8)/<a href="proxymap.8.html">&<\/a>/
  	s/[<bB>]*reg[-</bB>]*\n*[ <bB>]*exp[</bBiI>]*_[</iIbB>]*table[</bB>]*(5)/<a href="regexp_table.5.html">&<\/a>/
  	s/[<bB>]*relocated[</bB>]*(5)/<a href="relocated.5.html">&<\/a>/
  	s/[<bB>]*trans[-</bB>]*\n*[ <bB>]*port[</bB>]*(5)/<a href="transport.5.html">&<\/a>/
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/proto/regexp_table ./proto/regexp_table
*** /tmp/postfix-2.0.0.2/proto/regexp_table	Tue Sep 17 12:54:42 2002
--- ./proto/regexp_table	Wed Jan  8 09:45:41 2003
***************
*** 76,82 ****
  #	/^postmaster@/	     OK
  #
  #	# Protect your outgoing majordomo exploders
! #	/^(.*)-outgoing@(.*)$/!/^owner-/	 550 Use ${1}@${2} instead
  # EXAMPLE HEADER FILTER MAP
  #	# These were once common in junk mail.
  #	/^Subject: make money fast/     REJECT
--- 76,84 ----
  #	/^postmaster@/	     OK
  #
  #	# Protect your outgoing majordomo exploders
! #	if !/^owner-/
! #	/^(.*)-outgoing@(.*)$/	 550 Use ${1}@${2} instead
! #	endif
  # EXAMPLE HEADER FILTER MAP
  #	# These were once common in junk mail.
  #	/^Subject: make money fast/     REJECT
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/cleanup/cleanup_message.c ./src/cleanup/cleanup_message.c
*** /tmp/postfix-2.0.0.2/src/cleanup/cleanup_message.c	Mon Oct 28 17:14:18 2002
--- ./src/cleanup/cleanup_message.c	Sun Jan 12 11:17:45 2003
***************
*** 316,321 ****
--- 316,324 ----
      if (STREQUAL(value, "FILTER", command_len)) {
  	if (*optional_text == 0) {
  	    msg_warn("missing FILTER command argument in %s map", map_class);
+ 	} else if (strchr(optional_text, ':') == 0) {
+ 	    msg_warn("bad FILTER command %s in %s, need transport:destination",
+ 		     optional_text, map_class);
  	} else {
  	    if (state->filter)
  		myfree(state->filter);
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/Makefile.in ./src/global/Makefile.in
*** /tmp/postfix-2.0.0.2/src/global/Makefile.in	Sat Dec 21 20:47:03 2002
--- ./src/global/Makefile.in	Sun Jan 12 12:17:39 2003
***************
*** 20,26 ****
  	tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \
  	flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \
  	verp_sender.c match_parent_style.c mime_state.c header_token.c \
! 	strip_addr.c virtual8_maps.c hold_message.c
  OBJS	= been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
  	debug_peer.o debug_process.o defer.o deliver_completed.o \
  	deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
--- 20,26 ----
  	tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \
  	flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \
  	verp_sender.c match_parent_style.c mime_state.c header_token.c \
! 	strip_addr.c virtual8_maps.c hold_message.c dict_proxy.c mail_dict.c
  OBJS	= been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
  	debug_peer.o debug_process.o defer.o deliver_completed.o \
  	deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
***************
*** 42,48 ****
  	tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \
  	flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \
  	verp_sender.o match_parent_style.o mime_state.o header_token.o \
! 	strip_addr.o virtual8_maps.o hold_message.o
  HDRS	= been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
  	config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
  	deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
--- 42,48 ----
  	tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \
  	flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \
  	verp_sender.o match_parent_style.o mime_state.o header_token.o \
! 	strip_addr.o virtual8_maps.o hold_message.o dict_proxy.o mail_dict.o
  HDRS	= been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
  	config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
  	deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
***************
*** 60,66 ****
  	sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \
  	mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \
  	match_parent_style.h quote_flags.h mime_state.h header_token.h \
! 	lex_822.h strip_addr.h virtual8_maps.h hold_message.h
  TESTSRC	= rec2stream.c stream2rec.c recdump.c
  WARN	= -W -Wformat -Wimplicit -Wmissing-prototypes \
  	-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
--- 60,67 ----
  	sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \
  	mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \
  	match_parent_style.h quote_flags.h mime_state.h header_token.h \
! 	lex_822.h strip_addr.h virtual8_maps.h hold_message.h dict_proxy.h \
! 	mail_dict.h
  TESTSRC	= rec2stream.c stream2rec.c recdump.c
  WARN	= -W -Wformat -Wimplicit -Wmissing-prototypes \
  	-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
***************
*** 489,494 ****
--- 490,511 ----
  deliver_request.o: mail_open_ok.h
  deliver_request.o: recipient_list.h
  deliver_request.o: deliver_request.h
+ dict_proxy.o: dict_proxy.c
+ dict_proxy.o: ../../include/sys_defs.h
+ dict_proxy.o: ../../include/msg.h
+ dict_proxy.o: ../../include/mymalloc.h
+ dict_proxy.o: ../../include/stringops.h
+ dict_proxy.o: ../../include/vstring.h
+ dict_proxy.o: ../../include/vbuf.h
+ dict_proxy.o: ../../include/vstream.h
+ dict_proxy.o: ../../include/attr.h
+ dict_proxy.o: ../../include/dict.h
+ dict_proxy.o: ../../include/argv.h
+ dict_proxy.o: mail_proto.h
+ dict_proxy.o: ../../include/iostuff.h
+ dict_proxy.o: mail_params.h
+ dict_proxy.o: clnt_stream.h
+ dict_proxy.o: dict_proxy.h
  domain_list.o: domain_list.c
  domain_list.o: ../../include/sys_defs.h
  domain_list.o: ../../include/match_list.h
***************
*** 712,717 ****
--- 729,743 ----
  mail_date.o: ../../include/vstring.h
  mail_date.o: ../../include/vbuf.h
  mail_date.o: mail_date.h
+ mail_dict.o: mail_dict.c
+ mail_dict.o: ../../include/sys_defs.h
+ mail_dict.o: ../../include/dict.h
+ mail_dict.o: ../../include/vstream.h
+ mail_dict.o: ../../include/vbuf.h
+ mail_dict.o: ../../include/argv.h
+ mail_dict.o: ../../include/msg.h
+ mail_dict.o: dict_proxy.h
+ mail_dict.o: mail_dict.h
  mail_error.o: mail_error.c
  mail_error.o: ../../include/sys_defs.h
  mail_error.o: mail_error.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/dict_proxy.c ./src/global/dict_proxy.c
*** /tmp/postfix-2.0.0.2/src/global/dict_proxy.c	Wed Dec 31 19:00:00 1969
--- ./src/global/dict_proxy.c	Sun Jan 12 11:38:37 2003
***************
*** 0 ****
--- 1,249 ----
+ /*++
+ /* NAME
+ /*	dict_proxy 3
+ /* SUMMARY
+ /*	generic dictionary proxy client
+ /* SYNOPSIS
+ /*	#include <dict_proxy.h>
+ /*
+ /*	DICT	*dict_proxy_open(map, open_flags, dict_flags)
+ /*	const char *map;
+ /*	int	dummy;
+ /*	int	dict_flags;
+ /* DESCRIPTION
+ /*	dict_proxy_open() relays read-only operations through
+ /*	the Postfix proxymap server.
+ /*
+ /*	The \fIopen_flags\fR argument must specify O_RDONLY.
+ /*
+ /*	The connection to the Postfix proxymap server is automatically
+ /*	closed after $ipc_idle seconds of idle time.
+ /* SECURITY
+ /*      The proxy map server is not meant to be a trusted process. Proxy
+ /*	maps must not be used to look up security sensitive information
+ /*	such as user/group IDs, output files, or external commands.
+ /* SEE ALSO
+ /*	dict(3) generic dictionary manager
+ /*	clnt_stream(3) client endpoint connection management
+ /* DIAGNOSTICS
+ /*	Fatal errors: out of memory, unimplemented operation,
+ /*	bad request parameter, map not approved for proxy access.
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /*	The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /*	Wietse Venema
+ /*	IBM T.J. Watson Research
+ /*	P.O. Box 704
+ /*	Yorktown Heights, NY 10598, USA
+ /*--*/
+ 
+ /* System library. */
+ 
+ #include <sys_defs.h>
+ #include <errno.h>
+ #include <unistd.h>
+ 
+ /* Utility library. */
+ 
+ #include <msg.h>
+ #include <mymalloc.h>
+ #include <stringops.h>
+ #include <vstring.h>
+ #include <vstream.h>
+ #include <attr.h>
+ #include <dict.h>
+ 
+ /* Global library. */
+ 
+ #include <mail_proto.h>
+ #include <mail_params.h>
+ #include <clnt_stream.h>
+ #include <dict_proxy.h>
+ 
+ /* Application-specific. */
+ 
+ typedef struct {
+     DICT    dict;			/* generic members */
+     int     in_flags;			/* caller-specified flags */
+     VSTRING *result;			/* storage */
+ } DICT_PROXY;
+ 
+  /*
+   * SLMs.
+   */
+ #define STR(x)		vstring_str(x)
+ #define VSTREQ(v,s)	(strcmp(STR(v),s) == 0)
+ 
+  /*
+   * All proxied maps within a process share the same query/reply socket.
+   */
+ static CLNT_STREAM *proxy_stream;
+ 
+ /* dict_proxy_lookup - find table entry */
+ 
+ static const char *dict_proxy_lookup(DICT *dict, const char *key)
+ {
+     const char *myname = "dict_proxy_lookup";
+     DICT_PROXY *dict_proxy = (DICT_PROXY *) dict;
+     VSTREAM *stream;
+     int     status;
+ 
+     /*
+      * The client and server live in separate processes that may start and
+      * terminate independently. We cannot rely on a persistent connection,
+      * let alone on persistent state (such as a specific open table) that is
+      * associated with a specific connection. Each lookup needs to specify
+      * the table and the flags that were specified to dict_proxy_open().
+      */
+     VSTRING_RESET(dict_proxy->result);
+     VSTRING_TERMINATE(dict_proxy->result);
+     for (;;) {
+ 	stream = clnt_stream_access(proxy_stream);
+ 	errno = 0;
+ 	if (attr_print(stream, ATTR_FLAG_NONE,
+ 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_LOOKUP,
+ 		       ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict->name,
+ 		       ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, dict_proxy->in_flags,
+ 		       ATTR_TYPE_STR, MAIL_ATTR_KEY, key,
+ 		       ATTR_TYPE_END) != 0
+ 	    || vstream_fflush(stream)
+ 	    || attr_scan(stream, ATTR_FLAG_STRICT,
+ 			 ATTR_TYPE_NUM, MAIL_ATTR_STATUS, &status,
+ 			 ATTR_TYPE_STR, MAIL_ATTR_VALUE, dict_proxy->result,
+ 			 ATTR_TYPE_END) != 2) {
+ 	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+ 		msg_warn("%s: service %s: %m", myname, VSTREAM_PATH(stream));
+ 	} else {
+ 	    if (msg_verbose)
+ 		msg_info("%s: table=%s flags=0%o key=%s -> status=%d result=%s",
+ 			 myname, dict->name, dict_proxy->in_flags, key,
+ 			 status, STR(dict_proxy->result));
+ 	    switch (status) {
+ 	    case PROXY_STAT_BAD:
+ 		msg_fatal("%s lookup failed for table \"%s\" key \"%s\": "
+ 			  "invalid request",
+ 			  MAIL_SERVICE_PROXYMAP, dict->name, key);
+ 	    case PROXY_STAT_DENY:
+ 		msg_fatal("%s service is not configured for table \"%s\"",
+ 			  MAIL_SERVICE_PROXYMAP, dict->name);
+ 	    case PROXY_STAT_OK:
+ 		return (STR(dict_proxy->result));
+ 	    case PROXY_STAT_NOKEY:
+ 		dict_errno = 0;
+ 		return (0);
+ 	    case PROXY_STAT_RETRY:
+ 		dict_errno = DICT_ERR_RETRY;
+ 		return (0);
+ 	    default:
+ 		msg_warn("%s lookup failed for table \"%s\" key \"%s\": "
+ 			 "unexpected reply status %d",
+ 			 MAIL_SERVICE_PROXYMAP, dict->name, key, status);
+ 	    }
+ 	}
+ 	clnt_stream_recover(proxy_stream);
+ 	sleep(1);				/* XXX make configurable */
+     }
+ }
+ 
+ /* dict_proxy_close - disconnect */
+ 
+ static void dict_proxy_close(DICT *dict)
+ {
+     DICT_PROXY *dict_proxy = (DICT_PROXY *) dict;
+ 
+     vstring_free(dict_proxy->result);
+     dict_free(dict);
+ }
+ 
+ /* dict_proxy_open - open remote map */
+ 
+ DICT   *dict_proxy_open(const char *map, int open_flags, int dict_flags)
+ {
+     const char *myname = "dict_proxy_open";
+     DICT_PROXY *dict_proxy;
+     VSTREAM *stream;
+     int     server_flags;
+     int     status;
+     char   *kludge = 0;
+     char   *prefix;
+ 
+     /*
+      * Sanity checks.
+      */
+     if (dict_flags & DICT_FLAG_NO_PROXY)
+ 	msg_fatal("%s: proxy map must not be used with this map type", map);
+     if (open_flags != O_RDONLY)
+ 	msg_fatal("%s: proxy map open requires O_RDONLY access mode", map);
+ 
+     /*
+      * Local initialization.
+      */
+     dict_proxy = (DICT_PROXY *)
+ 	dict_alloc(DICT_TYPE_PROXY, map, sizeof(*dict_proxy));
+     dict_proxy->dict.lookup = dict_proxy_lookup;
+     dict_proxy->dict.close = dict_proxy_close;
+     dict_proxy->in_flags = dict_flags;
+     dict_proxy->result = vstring_alloc(10);
+ 
+     /*
+      * Use a shared stream for all proxied table lookups.
+      * 
+      * XXX Use absolute pathname to make this work from non-daemon processes.
+      */
+     if (proxy_stream == 0) {
+ 	if (access(MAIL_CLASS_PRIVATE "/" MAIL_SERVICE_PROXYMAP, F_OK) == 0)
+ 	    prefix = MAIL_CLASS_PRIVATE;
+ 	else
+ 	    prefix = kludge = concatenate(var_queue_dir, "/",
+ 					  MAIL_CLASS_PRIVATE, (char *) 0);
+ 	proxy_stream = clnt_stream_create(prefix,
+ 					  MAIL_SERVICE_PROXYMAP,
+ 					  var_ipc_idle_limit);
+ 	if (kludge)
+ 	    myfree(kludge);
+     }
+ 
+     /*
+      * Establish initial contact and get the map type specific flags.
+      * 
+      * XXX Should retrieve flags from local instance.
+      */
+     for (;;) {
+ 	stream = clnt_stream_access(proxy_stream);
+ 	errno = 0;
+ 	if (attr_print(stream, ATTR_FLAG_NONE,
+ 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_OPEN,
+ 		       ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict_proxy->dict.name,
+ 		       ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, dict_proxy->in_flags,
+ 		       ATTR_TYPE_END) != 0
+ 	    || attr_scan(stream, ATTR_FLAG_STRICT,
+ 			 ATTR_TYPE_NUM, MAIL_ATTR_STATUS, &status,
+ 			 ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, &server_flags,
+ 			 ATTR_TYPE_END) != 2) {
+ 	    if (msg_verbose || (errno != EPIPE && errno != ENOENT))
+ 		msg_warn("%s: service %s: %m", VSTREAM_PATH(stream), myname);
+ 	} else {
+ 	    if (msg_verbose)
+ 		msg_info("%s: connect to map=%s status=%d server_flags=0%o",
+ 		       myname, dict_proxy->dict.name, status, server_flags);
+ 	    switch (status) {
+ 	    case PROXY_STAT_BAD:
+ 		msg_fatal("%s open failed for table \"%s\": invalid request",
+ 			  MAIL_SERVICE_PROXYMAP, dict_proxy->dict.name);
+ 	    case PROXY_STAT_DENY:
+ 		msg_fatal("%s service is not configured for table \"%s\"",
+ 			  MAIL_SERVICE_PROXYMAP, dict_proxy->dict.name);
+ 	    case PROXY_STAT_OK:
+ 		dict_proxy->dict.flags = dict_proxy->in_flags | server_flags;
+ 		return (DICT_DEBUG (&dict_proxy->dict));
+ 	    default:
+ 		msg_warn("%s open failed for table \"%s\": unexpected status %d",
+ 		      MAIL_SERVICE_PROXYMAP, dict_proxy->dict.name, status);
+ 	    }
+ 	}
+ 	clnt_stream_recover(proxy_stream);
+ 	sleep(1);				/* XXX make configurable */
+     }
+ }
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/dict_proxy.h ./src/global/dict_proxy.h
*** /tmp/postfix-2.0.0.2/src/global/dict_proxy.h	Wed Dec 31 19:00:00 1969
--- ./src/global/dict_proxy.h	Sat Jan  4 16:01:55 2003
***************
*** 0 ****
--- 1,49 ----
+ #ifndef _DICT_PROXY_H_INCLUDED_
+ #define _DICT_PROXY_H_INCLUDED_
+ 
+ /*++
+ /* NAME
+ /*	dict_proxy 3h
+ /* SUMMARY
+ /*	dictionary manager interface to PROXY maps
+ /* SYNOPSIS
+ /*	#include <dict_proxy.h>
+ /* DESCRIPTION
+ /* .nf
+ 
+  /*
+   * Utility library.
+   */
+ #include <dict.h>
+ 
+  /*
+   * External interface.
+   */
+ #define DICT_TYPE_PROXY	"proxy"
+ 
+ extern DICT *dict_proxy_open(const char *, int, int);
+ 
+  /*
+   * Protocol interface.
+   */
+ #define PROXY_REQ_OPEN		"open"
+ #define PROXY_REQ_LOOKUP	"lookup"
+ 
+ #define PROXY_STAT_OK		0	/* operation succeeded */
+ #define PROXY_STAT_NOKEY	1	/* requested key not found */
+ #define PROXY_STAT_RETRY	2	/* try lookup again later */
+ #define PROXY_STAT_BAD		3	/* invalid request parameter */
+ #define PROXY_STAT_DENY		4	/* table not approved for proxying */
+ 
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /*	The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /*	Wietse Venema
+ /*	IBM T.J. Watson Research
+ /*	P.O. Box 704
+ /*	Yorktown Heights, NY 10598, USA
+ /*--*/
+ 
+ #endif
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/mail_dict.c ./src/global/mail_dict.c
*** /tmp/postfix-2.0.0.2/src/global/mail_dict.c	Wed Dec 31 19:00:00 1969
--- ./src/global/mail_dict.c	Thu Jan  2 15:05:33 2003
***************
*** 0 ****
--- 1,57 ----
+ /*++
+ /* NAME
+ /*	mail_dict 3
+ /* SUMMARY
+ /*	register application-specific dictionaries
+ /* SYNOPSIS
+ /*	#include <mail_dict.h>
+ /*
+ /*	void	mail_dict_init()
+ /* DESCRIPTION
+ /*	This module registers dictionary types that depend on higher-level
+ /*	Postfix-specific interfaces and protocols.
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /*	The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /*	Wietse Venema
+ /*	IBM T.J. Watson Research
+ /*	P.O. Box 704
+ /*	Yorktown Heights, NY 10598, USA
+ /*--*/
+ 
+ /* System library. */
+ 
+ #include <sys_defs.h>
+ 
+ /* Utility library. */
+ 
+ #include <dict.h>
+ #include <msg.h>
+ 
+ /* Global library. */
+ 
+ #include <dict_proxy.h>
+ #include <mail_dict.h>
+ 
+ typedef struct {
+     char   *type;
+     struct DICT *(*open) (const char *, int, int);
+ } DICT_OPEN_INFO;
+ 
+ static DICT_OPEN_INFO dict_open_info[] = {
+     DICT_TYPE_PROXY, dict_proxy_open,
+     /* XXX LDAP and MYSQL etc. should go here, too. */
+     0,
+ };
+ 
+ /* mail_dict_init - dictionaries that depend on Postfix-specific interfaces */
+ 
+ void    mail_dict_init(void)
+ {
+     DICT_OPEN_INFO *dp;
+ 
+     for (dp = dict_open_info; dp->type; dp++)
+ 	dict_open_register(dp->type, dp->open);
+ }
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/mail_dict.h ./src/global/mail_dict.h
*** /tmp/postfix-2.0.0.2/src/global/mail_dict.h	Wed Dec 31 19:00:00 1969
--- ./src/global/mail_dict.h	Thu Jan  2 15:04:36 2003
***************
*** 0 ****
--- 1,25 ----
+ /*++
+ /* NAME
+ /*	mail_dict 3h
+ /* SUMMARY
+ /*	register application-specific dictionaries
+ /* SYNOPSIS
+ /*	#include <mail_dict.h>
+ /* DESCRIPTION
+ /* .nf
+ 
+  /*
+   * External interface.
+   */
+ extern void mail_dict_init(void);
+ 
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /*	The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /*	Wietse Venema
+ /*	IBM T.J. Watson Research
+ /*	P.O. Box 704
+ /*	Yorktown Heights, NY 10598, USA
+ /*--*/
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/mail_params.h ./src/global/mail_params.h
*** /tmp/postfix-2.0.0.2/src/global/mail_params.h	Mon Dec 23 15:33:09 2002
--- ./src/global/mail_params.h	Sun Jan 12 11:41:21 2003
***************
*** 1294,1305 ****
    * Heuristic to reject unknown local recipients at the SMTP port.
    */
  #define VAR_LOCAL_RCPT_MAPS	"local_recipient_maps"
! #define DEF_LOCAL_RCPT_MAPS	"unix:passwd.byname $alias_maps"
  extern char *var_local_rcpt_maps;
  
  #define VAR_LOCAL_RCPT_CODE	"unknown_local_recipient_reject_code"
  #define DEF_LOCAL_RCPT_CODE	550
  extern int var_local_rcpt_code;
  
   /*
    * Other.
--- 1294,1324 ----
    * Heuristic to reject unknown local recipients at the SMTP port.
    */
  #define VAR_LOCAL_RCPT_MAPS	"local_recipient_maps"
! #define DEF_LOCAL_RCPT_MAPS	"proxy:unix:passwd.byname $alias_maps"
  extern char *var_local_rcpt_maps;
  
  #define VAR_LOCAL_RCPT_CODE	"unknown_local_recipient_reject_code"
  #define DEF_LOCAL_RCPT_CODE	550
  extern int var_local_rcpt_code;
+ 
+  /*
+   * List of pre-approved maps that are OK to open with the proxymap service.
+   */
+ #define VAR_PROXY_READ_MAPS     "proxy_read_maps"
+ #define DEF_PROXY_READ_MAPS     "$" VAR_LOCAL_RCPT_MAPS \
+                                 " $" VAR_MYDEST \
+                                 " $" VAR_VIRT_ALIAS_MAPS \
+                                 " $" VAR_VIRT_ALIAS_DOMS \
+                                 " $" VAR_VIRT_MAILBOX_MAPS \
+                                 " $" VAR_VIRT_MAILBOX_DOMS \
+                                 " $" VAR_RELAY_RCPT_MAPS \
+                                 " $" VAR_RELAY_DOMAINS \
+                                 " $" VAR_CANONICAL_MAPS \
+                                 " $" VAR_SEND_CANON_MAPS \
+                                 " $" VAR_RCPT_CANON_MAPS \
+                                 " $" VAR_RELOCATED_MAPS \
+                                 " $" VAR_TRANSPORT_MAPS
+ extern char *var_proxy_read_maps;
  
   /*
    * Other.
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/mail_proto.h ./src/global/mail_proto.h
*** /tmp/postfix-2.0.0.2/src/global/mail_proto.h	Tue Dec  3 14:52:30 2002
--- ./src/global/mail_proto.h	Sun Jan 12 12:45:43 2003
***************
*** 50,55 ****
--- 50,56 ----
  #define MAIL_SERVICE_ERROR	"error"
  #define MAIL_SERVICE_FLUSH	"flush"
  #define MAIL_SERVICE_RELAY	"relay"
+ #define MAIL_SERVICE_PROXYMAP	"proxymap"
  
   /*
    * Well-known socket or FIFO directories. The main difference is in file
***************
*** 106,111 ****
--- 107,115 ----
  #define MAIL_ATTR_ADDR		"address"
  #define MAIL_ATTR_TRANSPORT	"transport"
  #define MAIL_ATTR_NEXTHOP	"nexthop"
+ #define MAIL_ATTR_TABLE		"table"
+ #define MAIL_ATTR_KEY		"key"
+ #define MAIL_ATTR_VALUE		"value"
  
   /*
    * Suffixes for sender_name, sender_domain etc.
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/virtual8_maps.c ./src/global/virtual8_maps.c
*** /tmp/postfix-2.0.0.2/src/global/virtual8_maps.c	Mon Dec  9 10:37:24 2002
--- ./src/global/virtual8_maps.c	Sat Jan  4 18:25:38 2003
***************
*** 28,36 ****
  /*	named dictionaries.
  /*	The result is a handle that must be specified along with all
  /*	other virtual8_maps_xxx() operations.
! /*	See dict_open(3) for a description of flags. virtual8_maps_create()
! /*	implicitly sets the DICT_FLAG_NO_REGSUB flag in order to disable
! /*	regular expression substitution into the lookup result.
  /*
  /*	virtual8_maps_find() searches the specified list of dictionaries
  /*	in the specified order for the named key. The result is in
--- 28,34 ----
  /*	named dictionaries.
  /*	The result is a handle that must be specified along with all
  /*	other virtual8_maps_xxx() operations.
! /*	See dict_open(3) for a description of flags.
  /*
  /*	virtual8_maps_find() searches the specified list of dictionaries
  /*	in the specified order for the named key. The result is in
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/global/virtual8_maps.h ./src/global/virtual8_maps.h
*** /tmp/postfix-2.0.0.2/src/global/virtual8_maps.h	Mon Dec  9 10:36:35 2002
--- ./src/global/virtual8_maps.h	Sat Jan  4 18:26:21 2003
***************
*** 20,26 ****
    * External interface.
    */
  #define virtual8_maps_create(title, map_names, flags) \
! 	maps_create((title), (map_names), (flags) | DICT_FLAG_NO_REGSUB)
  extern const char *virtual8_maps_find(MAPS *, const char *);
  #define virtual8_maps_free(maps)	maps_free((maps))
  
--- 20,26 ----
    * External interface.
    */
  #define virtual8_maps_create(title, map_names, flags) \
! 	maps_create((title), (map_names), (flags))
  extern const char *virtual8_maps_find(MAPS *, const char *);
  #define virtual8_maps_free(maps)	maps_free((maps))
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/local/local.c ./src/local/local.c
*** /tmp/postfix-2.0.0.2/src/local/local.c	Thu Dec 19 20:33:41 2002
--- ./src/local/local.c	Sat Jan  4 20:08:43 2003
***************
*** 697,703 ****
  	set_file_limit(var_mailbox_limit);
      }
      alias_maps = maps_create("aliases", var_alias_maps,
! 			     DICT_FLAG_LOCK | DICT_FLAG_NO_REGSUB);
  }
  
  /* main - pass control to the single-threaded skeleton */
--- 697,703 ----
  	set_file_limit(var_mailbox_limit);
      }
      alias_maps = maps_create("aliases", var_alias_maps,
! 			     DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
  }
  
  /* main - pass control to the single-threaded skeleton */
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/master/Makefile.in ./src/master/Makefile.in
*** /tmp/postfix-2.0.0.2/src/master/Makefile.in	Sat Dec 21 20:47:05 2002
--- ./src/master/Makefile.in	Sun Jan 12 12:17:42 2003
***************
*** 242,247 ****
--- 242,248 ----
  multi_server.o: ../../include/debug_process.h
  multi_server.o: ../../include/mail_params.h
  multi_server.o: ../../include/mail_conf.h
+ multi_server.o: ../../include/mail_dict.h
  multi_server.o: ../../include/timed_ipc.h
  multi_server.o: ../../include/resolve_local.h
  multi_server.o: mail_flow.h
***************
*** 270,275 ****
--- 271,277 ----
  single_server.o: ../../include/mail_task.h
  single_server.o: ../../include/debug_process.h
  single_server.o: ../../include/mail_conf.h
+ single_server.o: ../../include/mail_dict.h
  single_server.o: ../../include/timed_ipc.h
  single_server.o: ../../include/resolve_local.h
  single_server.o: mail_flow.h
***************
*** 298,303 ****
--- 300,306 ----
  trigger_server.o: ../../include/mail_task.h
  trigger_server.o: ../../include/debug_process.h
  trigger_server.o: ../../include/mail_conf.h
+ trigger_server.o: ../../include/mail_dict.h
  trigger_server.o: ../../include/resolve_local.h
  trigger_server.o: mail_flow.h
  trigger_server.o: master_proto.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/master/master_ent.c ./src/master/master_ent.c
*** /tmp/postfix-2.0.0.2/src/master/master_ent.c	Fri Dec 13 20:53:04 2002
--- ./src/master/master_ent.c	Sun Jan 12 19:25:39 2003
***************
*** 282,293 ****
--- 282,295 ----
  		mymalloc(sizeof(*MASTER_INET_ADDRLIST(serv)));
  	    inet_addr_list_init(MASTER_INET_ADDRLIST(serv));
  	    inet_addr_host(MASTER_INET_ADDRLIST(serv), host);
+ 	    inet_addr_list_uniq(MASTER_INET_ADDRLIST(serv));
  	    serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used;
  	} else if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) {
  	    MASTER_INET_ADDRLIST(serv) = 0;	/* wild-card */
  	    serv->listen_fd_count = 1;
  	} else {
  	    MASTER_INET_ADDRLIST(serv) = own_inet_addr_list();	/* virtual */
+ 	    inet_addr_list_uniq(MASTER_INET_ADDRLIST(serv));
  	    serv->listen_fd_count = MASTER_INET_ADDRLIST(serv)->used;
  	}
  	MASTER_INET_PORT(serv) = mystrdup(port);
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/master/multi_server.c ./src/master/multi_server.c
*** /tmp/postfix-2.0.0.2/src/master/multi_server.c	Fri Dec 13 20:55:30 2002
--- ./src/master/multi_server.c	Sun Jan 12 11:00:57 2003
***************
*** 114,120 ****
  /*	The var_idle_limit variable limits the time that a service
  /*	receives no client connection requests before it commits suicide.
  /*	This value is taken from the global \fBmain.cf\fR configuration
! /*	file. Setting \fBvar_use_limit\fR to zero disables the idle limit.
  /* DIAGNOSTICS
  /*	Problems and transactions are logged to \fBsyslogd\fR(8).
  /* SEE ALSO
--- 114,120 ----
  /*	The var_idle_limit variable limits the time that a service
  /*	receives no client connection requests before it commits suicide.
  /*	This value is taken from the global \fBmain.cf\fR configuration
! /*	file. Setting \fBvar_idle_limit\fR to zero disables the idle limit.
  /* DIAGNOSTICS
  /*	Problems and transactions are logged to \fBsyslogd\fR(8).
  /* SEE ALSO
***************
*** 173,178 ****
--- 173,179 ----
  #include <debug_process.h>
  #include <mail_params.h>
  #include <mail_conf.h>
+ #include <mail_dict.h>
  #include <timed_ipc.h>
  #include <resolve_local.h>
  #include <mail_flow.h>
***************
*** 437,442 ****
--- 438,448 ----
      mail_conf_suck();
  
      /*
+      * Register dictionaries that use higher-level interfaces and protocols.
+      */
+     mail_dict_init();
+ 
+     /*
       * Pick up policy settings from master process. Shut up error messages to
       * stderr, because no-one is going to see them.
       */
***************
*** 619,632 ****
      /*
       * Run pre-jail initialization.
       */
      if (pre_init)
  	pre_init(multi_server_name, multi_server_argv);
  
      /*
       * Optionally, restrict the damage that this process can do.
       */
-     if (chdir(var_queue_dir) < 0)
- 	msg_fatal("chdir(\"%s\"): %m", var_queue_dir);
      resolve_local_init();
      chroot_uid(root_dir, user_name);
  
--- 625,638 ----
      /*
       * Run pre-jail initialization.
       */
+     if (chdir(var_queue_dir) < 0)
+ 	msg_fatal("chdir(\"%s\"): %m", var_queue_dir);
      if (pre_init)
  	pre_init(multi_server_name, multi_server_argv);
  
      /*
       * Optionally, restrict the damage that this process can do.
       */
      resolve_local_init();
      chroot_uid(root_dir, user_name);
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/master/single_server.c ./src/master/single_server.c
*** /tmp/postfix-2.0.0.2/src/master/single_server.c	Fri Dec 13 20:57:27 2002
--- ./src/master/single_server.c	Sun Jan 12 11:00:57 2003
***************
*** 167,172 ****
--- 167,173 ----
  #include <mail_task.h>
  #include <debug_process.h>
  #include <mail_conf.h>
+ #include <mail_dict.h>
  #include <timed_ipc.h>
  #include <resolve_local.h>
  #include <mail_flow.h>
***************
*** 393,398 ****
--- 394,404 ----
      mail_conf_suck();
  
      /*
+      * Register dictionaries that use higher-level interfaces and protocols.
+      */
+     mail_dict_init();
+ 
+     /*
       * Pick up policy settings from master process. Shut up error messages to
       * stderr, because no-one is going to see them.
       */
***************
*** 568,581 ****
      /*
       * Run pre-jail initialization.
       */
      if (pre_init)
  	pre_init(single_server_name, single_server_argv);
  
      /*
       * Optionally, restrict the damage that this process can do.
       */
-     if (chdir(var_queue_dir) < 0)
- 	msg_fatal("chdir(\"%s\"): %m", var_queue_dir);
      resolve_local_init();
      chroot_uid(root_dir, user_name);
  
--- 574,587 ----
      /*
       * Run pre-jail initialization.
       */
+     if (chdir(var_queue_dir) < 0)
+ 	msg_fatal("chdir(\"%s\"): %m", var_queue_dir);
      if (pre_init)
  	pre_init(single_server_name, single_server_argv);
  
      /*
       * Optionally, restrict the damage that this process can do.
       */
      resolve_local_init();
      chroot_uid(root_dir, user_name);
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/master/trigger_server.c ./src/master/trigger_server.c
*** /tmp/postfix-2.0.0.2/src/master/trigger_server.c	Fri Dec 13 20:59:05 2002
--- ./src/master/trigger_server.c	Sun Jan 12 11:00:58 2003
***************
*** 175,180 ****
--- 175,181 ----
  #include <mail_task.h>
  #include <debug_process.h>
  #include <mail_conf.h>
+ #include <mail_dict.h>
  #include <resolve_local.h>
  #include <mail_flow.h>
  
***************
*** 389,394 ****
--- 390,400 ----
      mail_conf_suck();
  
      /*
+      * Register dictionaries that use higher-level interfaces and protocols.
+      */
+     mail_dict_init();
+ 
+     /*
       * Pick up policy settings from master process. Shut up error messages to
       * stderr, because no-one is going to see them.
       */
***************
*** 578,591 ****
      /*
       * Run pre-jail initialization.
       */
      if (pre_init)
  	pre_init(trigger_server_name, trigger_server_argv);
  
      /*
       * Optionally, restrict the damage that this process can do.
       */
-     if (chdir(var_queue_dir) < 0)
- 	msg_fatal("chdir(\"%s\"): %m", var_queue_dir);
      resolve_local_init();
      chroot_uid(root_dir, user_name);
  
--- 584,597 ----
      /*
       * Run pre-jail initialization.
       */
+     if (chdir(var_queue_dir) < 0)
+ 	msg_fatal("chdir(\"%s\"): %m", var_queue_dir);
      if (pre_init)
  	pre_init(trigger_server_name, trigger_server_argv);
  
      /*
       * Optionally, restrict the damage that this process can do.
       */
      resolve_local_init();
      chroot_uid(root_dir, user_name);
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postalias/Makefile.in ./src/postalias/Makefile.in
*** /tmp/postfix-2.0.0.2/src/postalias/Makefile.in	Sat Dec 21 20:47:17 2002
--- ./src/postalias/Makefile.in	Sun Jan 12 12:17:55 2003
***************
*** 95,100 ****
--- 95,101 ----
  postalias.o: ../../include/tok822.h
  postalias.o: ../../include/resolve_clnt.h
  postalias.o: ../../include/mail_conf.h
+ postalias.o: ../../include/mail_dict.h
  postalias.o: ../../include/mail_params.h
  postalias.o: ../../include/mkmap.h
  postalias.o: ../../include/dict.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postalias/postalias.c ./src/postalias/postalias.c
*** /tmp/postfix-2.0.0.2/src/postalias/postalias.c	Wed Dec 18 21:01:46 2002
--- ./src/postalias/postalias.c	Thu Jan  2 17:06:58 2003
***************
*** 169,174 ****
--- 169,175 ----
  
  #include <tok822.h>
  #include <mail_conf.h>
+ #include <mail_dict.h>
  #include <mail_params.h>
  #include <mkmap.h>
  
***************
*** 587,592 ****
--- 588,594 ----
  	}
      }
      mail_conf_read();
+     mail_dict_init();
  
      /*
       * Use the map type specified by the user, or fall back to a default
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postconf/Makefile.in ./src/postconf/Makefile.in
*** /tmp/postfix-2.0.0.2/src/postconf/Makefile.in	Sat Dec 21 20:47:18 2002
--- ./src/postconf/Makefile.in	Sun Jan 12 12:17:56 2003
***************
*** 88,93 ****
--- 88,94 ----
  postconf.o: ../../include/myflock.h
  postconf.o: ../../include/mynetworks.h
  postconf.o: ../../include/mail_conf.h
+ postconf.o: ../../include/mail_dict.h
  postconf.o: ../../include/mail_proto.h
  postconf.o: ../../include/iostuff.h
  postconf.o: ../../include/attr.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postconf/postconf.c ./src/postconf/postconf.c
*** /tmp/postfix-2.0.0.2/src/postconf/postconf.c	Wed Dec 18 21:01:47 2002
--- ./src/postconf/postconf.c	Fri Jan  3 13:44:49 2003
***************
*** 47,53 ****
  /*	stale lock files that were left behind after abnormal termination.
  /* .RE
  /* .IP \fB-m\fR
! /*	List the names of all supported lookup table types.
  /* .RS
  /* .IP \fBbtree\fR
  /*	A sorted, balanced tree structure.
--- 47,56 ----
  /*	stale lock files that were left behind after abnormal termination.
  /* .RE
  /* .IP \fB-m\fR
! /*	List the names of all supported lookup table types. Postfix
! /*	lookup tables are specified as \fItype\fB:\fIname\fR, where
! /*	\fItype\fR is one of the types listed below. The table \fIname\fR
! /*	syntax depends on the lookup table type.
  /* .RS
  /* .IP \fBbtree\fR
  /*	A sorted, balanced tree structure.
***************
*** 73,78 ****
--- 76,85 ----
  /* .IP "\fBpcre\fR (read-only)"
  /*	A lookup table based on Perl Compatible Regular Expressions. The
  /*	file format is described in \fBpcre_table\fR(5).
+ /* .IP "\fBproxy\fR (read-only)"
+ /*	A lookup table that is implemented via the Postfix
+ /*	\fBproxymap\fR(8) service. The table name syntax is
+ /*	\fItype\fB:\fIname\fR.
  /* .IP "\fBregexp\fR (read-only)"
  /*	A lookup table based on regular expressions. The file format is
  /*	described in \fBregexp_table\fR(5).
***************
*** 156,161 ****
--- 163,169 ----
  
  #include <mynetworks.h>
  #include <mail_conf.h>
+ #include <mail_dict.h>
  #include <mail_proto.h>
  #include <mail_version.h>
  #include <mail_params.h>
***************
*** 921,926 ****
--- 929,935 ----
       * If showing map types, show them and exit
       */
      if (mode & SHOW_MAPS) {
+ 	mail_dict_init();
  	show_maps();
      }
  
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postmap/Makefile.in ./src/postmap/Makefile.in
*** /tmp/postfix-2.0.0.2/src/postmap/Makefile.in	Sat Dec 21 20:47:19 2002
--- ./src/postmap/Makefile.in	Sun Jan 12 12:17:58 2003
***************
*** 93,98 ****
--- 93,99 ----
  postmap.o: ../../include/vstring_vstream.h
  postmap.o: ../../include/set_eugid.h
  postmap.o: ../../include/mail_conf.h
+ postmap.o: ../../include/mail_dict.h
  postmap.o: ../../include/mail_params.h
  postmap.o: ../../include/mkmap.h
  postmap.o: ../../include/dict.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postmap/postmap.c ./src/postmap/postmap.c
*** /tmp/postfix-2.0.0.2/src/postmap/postmap.c	Tue Jul 16 08:10:35 2002
--- ./src/postmap/postmap.c	Sun Jan 12 11:21:11 2003
***************
*** 181,186 ****
--- 181,187 ----
  /* Global library. */
  
  #include <mail_conf.h>
+ #include <mail_dict.h>
  #include <mail_params.h>
  #include <mkmap.h>
  
***************
*** 537,542 ****
--- 538,544 ----
  	}
      }
      mail_conf_read();
+     mail_dict_init();
  
      /*
       * Use the map type specified by the user, or fall back to a default
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postqueue/postqueue.c ./src/postqueue/postqueue.c
*** /tmp/postfix-2.0.0.2/src/postqueue/postqueue.c	Fri Aug 16 13:26:29 2002
--- ./src/postqueue/postqueue.c	Tue Jan  7 14:59:53 2003
***************
*** 11,18 ****
  /*	\fBpostqueue\fR [\fB-c \fIconfig_dir\fR] \fB-s \fIsite\fR
  /* DESCRIPTION
  /*	The \fBpostqueue\fR program implements the Postfix user interface
! /*	for queue management. It implements all the operations that are
  /*	traditionally available via the \fBsendmail\fR(1) command.
  /*
  /*	The following options are recognized:
  /* .IP "\fB-c \fIconfig_dir\fR"
--- 11,21 ----
  /*	\fBpostqueue\fR [\fB-c \fIconfig_dir\fR] \fB-s \fIsite\fR
  /* DESCRIPTION
  /*	The \fBpostqueue\fR program implements the Postfix user interface
! /*	for queue management. It implements operations that are
  /*	traditionally available via the \fBsendmail\fR(1) command.
+ /*	See the \fBpostsuper\fR(1) command for queue operations
+ /*	that require super-user privileges such as deleting a message
+ /*	from the queue or changing the status of a message.
  /*
  /*	The following options are recognized:
  /* .IP "\fB-c \fIconfig_dir\fR"
***************
*** 94,100 ****
  /*	specifies the domains that Postfix accepts in the SMTP \fBETRN\fR
  /*	request and in the \fBsendmail -qR\fR command.
  /* SEE ALSO
! /*	sendmail(8) sendmail-compatible user interface
  /*	qmgr(8) queue manager
  /*	showq(8) list mail queue
  /*	flush(8) fast flush service
--- 97,104 ----
  /*	specifies the domains that Postfix accepts in the SMTP \fBETRN\fR
  /*	request and in the \fBsendmail -qR\fR command.
  /* SEE ALSO
! /*	sendmail(1) sendmail-compatible user interface
! /*	postsuper(1) privileged queue operations
  /*	qmgr(8) queue manager
  /*	showq(8) list mail queue
  /*	flush(8) fast flush service
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/postsuper/postsuper.c ./src/postsuper/postsuper.c
*** /tmp/postfix-2.0.0.2/src/postsuper/postsuper.c	Sat Nov  9 10:53:10 2002
--- ./src/postsuper/postsuper.c	Tue Jan  7 14:51:48 2003
***************
*** 12,17 ****
--- 12,19 ----
  /* DESCRIPTION
  /*	The \fBpostsuper\fR command does maintenance jobs on the Postfix
  /*	queue. Use of the command is restricted to the superuser.
+ /*	See the \fBpostqueue\fR command for unprivileged queue operations
+ /*	such as listing or flushing the mail queue.
  /*
  /*	By default, \fBpostsuper\fR performs the operations requested with the
  /*	\fB-s\fR and \fB-p\fR command-line options on all Postfix queue
***************
*** 162,167 ****
--- 164,172 ----
  /* .IP \fBhash_queue_names\fR
  /*	The names of queues that are organized into multiple levels of
  /*	subdirectories.
+ /* SEE ALSO
+ /*	sendmail(1) sendmail-compatible user interface
+ /*	postqueue(1) unprivileged queue operations
  /* LICENSE
  /* .ad
  /* .fi
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/proxymap/Makefile.in ./src/proxymap/Makefile.in
*** /tmp/postfix-2.0.0.2/src/proxymap/Makefile.in	Wed Dec 31 19:00:00 1969
--- ./src/proxymap/Makefile.in	Sun Jan 12 12:18:03 2003
***************
*** 0 ****
--- 1,75 ----
+ SHELL	= /bin/sh
+ SRCS	= proxymap.c
+ OBJS	= proxymap.o
+ HDRS	= 
+ TESTSRC	=
+ WARN	= -W -Wformat -Wimplicit -Wmissing-prototypes \
+ 	-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
+ 	-Wunused
+ DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
+ CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
+ TESTPROG= 
+ PROG	= proxymap
+ INC_DIR = ../../include
+ LIBS	= ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a
+ 
+ .c.o:;	$(CC) $(CFLAGS) -c $*.c
+ 
+ $(PROG): $(OBJS) $(LIBS)
+ 	$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
+ 
+ Makefile: Makefile.in
+ 	(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
+ 
+ test:	$(TESTPROG)
+ 
+ tests:	test
+ 
+ update: ../../libexec/$(PROG)
+ 
+ ../../libexec/$(PROG): $(PROG)
+ 	cp $(PROG) ../../libexec
+ 
+ printfck: $(OBJS) $(PROG)
+ 	rm -rf printfck
+ 	mkdir printfck
+ 	sed '1,/^# do not edit/!d' Makefile >printfck/Makefile
+ 	set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done
+ 	cd printfck; make "INC_DIR=../../../include" `cd ..; ls *.o`
+ 
+ lint:
+ 	lint $(DEFS) $(SRCS) $(LINTFIX)
+ 
+ clean:
+ 	rm -f *.o *core $(PROG) $(TESTPROG) junk 
+ 	rm -rf printfck
+ 
+ tidy:	clean
+ 
+ depend: $(MAKES)
+ 	(sed '1,/^# do not edit/!d' Makefile.in; \
+ 	set -e; for i in [a-z][a-z0-9]*.c; do \
+ 	    $(CC) -E $(DEFS) $(INCL) $$i | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \
+ 	    -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' -e 'p' -e '}'; \
+ 	done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in
+ 	@$(EXPORT) make -f Makefile.in Makefile 1>&2
+ 
+ # do not edit below this line - it is generated by 'make depend'
+ proxymap.o: proxymap.c
+ proxymap.o: ../../include/sys_defs.h
+ proxymap.o: ../../include/msg.h
+ proxymap.o: ../../include/mymalloc.h
+ proxymap.o: ../../include/vstring.h
+ proxymap.o: ../../include/vbuf.h
+ proxymap.o: ../../include/htable.h
+ proxymap.o: ../../include/stringops.h
+ proxymap.o: ../../include/dict.h
+ proxymap.o: ../../include/vstream.h
+ proxymap.o: ../../include/argv.h
+ proxymap.o: ../../include/mail_conf.h
+ proxymap.o: ../../include/mail_params.h
+ proxymap.o: ../../include/mail_proto.h
+ proxymap.o: ../../include/iostuff.h
+ proxymap.o: ../../include/attr.h
+ proxymap.o: ../../include/dict_proxy.h
+ proxymap.o: ../../include/mail_server.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/proxymap/proxymap.c ./src/proxymap/proxymap.c
*** /tmp/postfix-2.0.0.2/src/proxymap/proxymap.c	Wed Dec 31 19:00:00 1969
--- ./src/proxymap/proxymap.c	Sun Jan 12 19:39:25 2003
***************
*** 0 ****
--- 1,406 ----
+ /*++
+ /* NAME
+ /*	proxymap 8
+ /* SUMMARY
+ /*	Postfix lookup table proxy server
+ /* SYNOPSIS
+ /*	\fBproxymap\fR [generic Postfix daemon options]
+ /* DESCRIPTION
+ /*	The \fBproxymap\fR server provides read-only table
+ /*	lookup service to Postfix client processes. The purpose
+ /*	of the service is:
+ /* .IP \(bu
+ /*	To overcome chroot restrictions. For example, a chrooted SMTP
+ /*	server needs access to the system passwd file in order to
+ /*	reject mail for non-existent local addresses, but it is not
+ /*	practical to maintain a copy of the passwd file in the chroot
+ /*	jail.  The solution:
+ /* .sp
+ /*	local_recipient_maps =
+ /* .ti +4
+ /*	proxy:unix:passwd.byname $alias_maps
+ /* .IP \(bu
+ /*	To consolidate the number of open lookup tables by sharing
+ /*	one open table among multiple processes. For example, making
+ /*	mysql connections from every Postfix daemon process results
+ /*	in "too many connections" errors. The solution:
+ /* .sp
+ /*	virtual_alias_maps =
+ /* .ti +4
+ /*	proxy:mysql:/etc/postfix/virtual.cf
+ /* .sp
+ /*	The total number of connections is limited by the number of
+ /*	proxymap server server processes.
+ /* .PP
+ /*	The proxymap server implements the following requests:
+ /* .IP "\fBPROXY_REQ_OPEN\fI maptype:mapname flags\fR"
+ /*	Open the table with type \fImaptype\fR and name \fImapname\fR,
+ /*	as controlled by \fIflags\fR.
+ /*	The reply is the request completion status code (below) and the
+ /*	map type dependent flags.
+ /* .IP "\fBPROXY_REQ_LOOKUP\fI maptype:mapname flags key\fR"
+ /*	Look up the data stored under the requested key.
+ /*	The reply is the request completion status code (below) and
+ /*	the lookup result value.
+ /*	The \fImaptype:mapname\fR and \fIflags\fR are the same
+ /*	as with the \fBPROXY_REQ_OPEN\fR request.
+ /* .PP
+ /*	There is no close command, nor are tables implicitly closed
+ /*	when a client disconnects. One of the purposes of the proxymap
+ /*	server is to share tables among multiple client processes.
+ /*
+ /*	The request completion status code is one of:
+ /* .IP \fBPROXY_STAT_OK\fR
+ /*	The specified table was opened, or the requested entry was found.
+ /* .IP \fBPROXY_STAT_NOKEY\fR
+ /*	The requested table entry was not found.
+ /* .IP \fBPROXY_STAT_BAD\fR
+ /*	The request was rejected (bad request parameter value).
+ /* .IP \fBPROXY_STAT_RETRY\fR
+ /*	The lookup request could not be completed.
+ /* .IP \fBPROXY_STAT_DENY\fR
+ /*	The specified table was not approved for access via the
+ /*	proxymap service.
+ /* SERVER PROCESS MANAGEMENT
+ /* .ad
+ /* .fi
+ /*	The proxymap servers run under control by the Postfix master
+ /*	server.  Each server can handle multiple simultaneous connections.
+ /*	When all servers are busy while a client connects, the master
+ /*	creates a new proxymap server process, provided that the proxymap
+ /*	server process limit is not exceeded.
+ /*	Each proxymap server terminates after serving
+ /*	at least \fB$max_use\fR clients or after \fB$max_idle\fR seconds
+ /*	of idle time.
+ /* SECURITY
+ /* .ad
+ /* .fi
+ /*	The proxymap server opens only tables that are approved via the
+ /*	\fBproxy_read_maps\fR configuration parameter, does not talk to
+ /*	users, and can run at fixed low privilege, chrooted or not.
+ /*
+ /*	The proxymap server is not a trusted daemon process, and must
+ /*	not be used to look up sensitive information such as user or
+ /*	group IDs, mailbox file/directory names or external commands.
+ /* DIAGNOSTICS
+ /*	Problems and transactions are logged to \fBsyslogd\fR(8).
+ /* BUGS
+ /*	The proxymap server provides service to multiple clients,
+ /*	and must therefore not be used for tables that have high-latency
+ /*	lookups.
+ /* CONFIGURATION PARAMETERS
+ /* .ad
+ /* .fi
+ /*	The following main.cf parameters are especially relevant
+ /*	to this program. Use the \fBpostfix reload\fR command
+ /*	after a configuration change.
+ /* .IP \fBproxy_read_maps\fR
+ /*	A list of zero or more parameter values that may contain
+ /*	references to Postfix lookup tables. Only table references
+ /*	that begin with \fBproxy:\fR are approved for read-only
+ /*	access via the proxymap server.
+ /* SEE ALSO
+ /*	dict_proxy(3) proxy map client
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /*	The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /*	Wietse Venema
+ /*	IBM T.J. Watson Research
+ /*	P.O. Box 704
+ /*	Yorktown Heights, NY 10598, USA
+ /*--*/
+ 
+ /* System library. */
+ 
+ #include <sys_defs.h>
+ #include <string.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
+ /* Utility library. */
+ 
+ #include <msg.h>
+ #include <mymalloc.h>
+ #include <vstring.h>
+ #include <htable.h>
+ #include <stringops.h>
+ #include <dict.h>
+ 
+ /* Global library. */
+ 
+ #include <mail_conf.h>
+ #include <mail_params.h>
+ #include <mail_proto.h>
+ #include <dict_proxy.h>
+ 
+ /* Server skeleton. */
+ 
+ #include <mail_server.h>
+ 
+ /* Application-specific. */
+ 
+  /*
+   * XXX All but the last are needed here so that $name expansion dependencies
+   * aren't too broken. The fix is to gather all parameter default settings in
+   * one place.
+   */
+ char   *var_local_rcpt_maps;
+ char   *var_virt_alias_maps;
+ char   *var_virt_alias_doms;
+ char   *var_virt_mbox_maps;
+ char   *var_virt_mbox_doms;
+ char   *var_relay_rcpt_maps;
+ char   *var_relay_domains;
+ char   *var_canonical_maps;
+ char   *var_send_canon_maps;
+ char   *var_rcpt_canon_maps;
+ char   *var_relocatedmaps;
+ char   *var_transport_maps;
+ char   *var_proxy_read_maps;
+ 
+  /*
+   * The pre-approved, pre-parsed list of maps.
+   */
+ static HTABLE *proxy_read_maps;
+ 
+  /*
+   * Shared and static to reduce memory allocation overhead.
+   */
+ static VSTRING *request;
+ static VSTRING *request_map;
+ static VSTRING *request_key;
+ static VSTRING *map_type_name_flags;
+ 
+  /*
+   * Silly little macros.
+   */
+ #define STR(x)			vstring_str(x)
+ #define VSTREQ(x,y)		(strcmp(STR(x),y) == 0)
+ 
+ /* proxy_map_find - look up or open table */
+ 
+ static DICT *proxy_map_find(const char *map_type_name, int request_flags,
+ 			            int *statp)
+ {
+     DICT   *dict;
+ 
+ #define PROXY_COLON	DICT_TYPE_PROXY ":"
+ #define PROXY_COLON_LEN	(sizeof(PROXY_COLON) - 1)
+ #define READ_OPEN_FLAGS	O_RDONLY
+ 
+     /*
+      * Canonicalize the map name. If the map is not on the approved list,
+      * deny the request.
+      */
+ #define PROXY_MAP_FIND_ERROR_RETURN(x)  { *statp = (x); return (0); }
+ 
+     while (strncmp(map_type_name, PROXY_COLON, PROXY_COLON_LEN) == 0)
+ 	map_type_name += PROXY_COLON_LEN;
+     if (strchr(map_type_name, ':') == 0)
+ 	PROXY_MAP_FIND_ERROR_RETURN(PROXY_STAT_BAD);
+     if (htable_locate(proxy_read_maps, map_type_name) == 0) {
+ 	msg_warn("request for unapproved table: \"%s\"", map_type_name);
+ 	msg_warn("to approve this table for %s access, list %s:%s in %s:%s",
+ 		 MAIL_SERVICE_PROXYMAP, DICT_TYPE_PROXY, map_type_name,
+ 		 MAIN_CONF_FILE, VAR_PROXY_READ_MAPS);
+ 	PROXY_MAP_FIND_ERROR_RETURN(PROXY_STAT_DENY);
+     }
+ 
+     /*
+      * Open one instance of a map for each combination of name+flags.
+      */
+     vstring_sprintf(map_type_name_flags, "%s:%o",
+ 		    map_type_name, request_flags);
+     if ((dict = dict_handle(STR(map_type_name_flags))) == 0)
+ 	dict = dict_open(map_type_name, READ_OPEN_FLAGS, request_flags);
+     if (dict == 0)
+ 	msg_panic("proxy_map_find: dict_open null result");
+     dict_register(STR(map_type_name_flags), dict);
+     return (dict);
+ }
+ 
+ /* proxymap_lookup_service - remote lookup service */
+ 
+ static void proxymap_lookup_service(VSTREAM *client_stream)
+ {
+     int     request_flags;
+     DICT   *dict;
+     const char *reply_value;
+     int     reply_status;
+ 
+     /*
+      * Process the request.
+      */
+     if (attr_scan(client_stream, ATTR_FLAG_STRICT,
+ 		  ATTR_TYPE_STR, MAIL_ATTR_TABLE, request_map,
+ 		  ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, &request_flags,
+ 		  ATTR_TYPE_STR, MAIL_ATTR_KEY, request_key,
+ 		  ATTR_TYPE_END) != 3) {
+ 	reply_status = PROXY_STAT_BAD;
+ 	reply_value = "";
+     } else if ((dict = proxy_map_find(STR(request_map), request_flags,
+ 				      &reply_status)) == 0) {
+ 	reply_value = "";
+     } else if ((reply_value = dict_get(dict, STR(request_key))) != 0) {
+ 	reply_status = PROXY_STAT_OK;
+     } else if (dict_errno == 0) {
+ 	reply_status = PROXY_STAT_NOKEY;
+ 	reply_value = "";
+     } else {
+ 	reply_status = PROXY_STAT_RETRY;
+ 	reply_value = "";
+     }
+ 
+     /*
+      * Respond to the client.
+      */
+     attr_print(client_stream, ATTR_FLAG_NONE,
+ 	       ATTR_TYPE_NUM, MAIL_ATTR_STATUS, reply_status,
+ 	       ATTR_TYPE_STR, MAIL_ATTR_VALUE, reply_value,
+ 	       ATTR_TYPE_END);
+ }
+ 
+ /* proxymap_open_service - open remote lookup table */
+ 
+ static void proxymap_open_service(VSTREAM *client_stream)
+ {
+     int     request_flags;
+     DICT   *dict;
+     int     reply_status;
+     int     reply_flags;
+ 
+     /*
+      * Process the request.
+      */
+     if (attr_scan(client_stream, ATTR_FLAG_STRICT,
+ 		  ATTR_TYPE_STR, MAIL_ATTR_TABLE, request_map,
+ 		  ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, &request_flags,
+ 		  ATTR_TYPE_END) != 2) {
+ 	reply_status = PROXY_STAT_BAD;
+ 	reply_flags = 0;
+     } else if ((dict = proxy_map_find(STR(request_map), request_flags,
+ 				      &reply_status)) == 0) {
+ 	reply_flags = 0;
+     } else {
+ 	reply_status = PROXY_STAT_OK;
+ 	reply_flags = dict->flags;
+     }
+ 
+     /*
+      * Respond to the client.
+      */
+     attr_print(client_stream, ATTR_FLAG_NONE,
+ 	       ATTR_TYPE_NUM, MAIL_ATTR_STATUS, reply_status,
+ 	       ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, reply_flags,
+ 	       ATTR_TYPE_END);
+ }
+ 
+ /* proxymap_service - perform service for client */
+ 
+ static void proxymap_service(VSTREAM *client_stream, char *unused_service,
+ 			             char **argv)
+ {
+ 
+     /*
+      * Sanity check. This service takes no command-line arguments.
+      */
+     if (argv[0])
+ 	msg_fatal("unexpected command-line argument: %s", argv[0]);
+ 
+     /*
+      * This routine runs whenever a client connects to the socket dedicated
+      * to the proxymap service. All connection-management stuff is handled by
+      * the common code in multi_server.c.
+      */
+     if (attr_scan(client_stream,
+ 		  ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
+ 		  ATTR_TYPE_STR, MAIL_ATTR_REQ, request,
+ 		  ATTR_TYPE_END) == 1) {
+ 	if (VSTREQ(request, PROXY_REQ_LOOKUP)) {
+ 	    proxymap_lookup_service(client_stream);
+ 	} else if (VSTREQ(request, PROXY_REQ_OPEN)) {
+ 	    proxymap_open_service(client_stream);
+ 	} else {
+ 	    msg_warn("unrecognized request: \"%s\", ignored", STR(request));
+ 	    attr_print(client_stream, ATTR_FLAG_NONE,
+ 		       ATTR_TYPE_NUM, MAIL_ATTR_STATUS, PROXY_STAT_BAD,
+ 		       ATTR_TYPE_END);
+ 	}
+     }
+     vstream_fflush(client_stream);
+ }
+ 
+ /* post_jail_init - initialization after privilege drop */
+ 
+ static void post_jail_init(char *unused_name, char **unused_argv)
+ {
+     const char *sep = " \t\r\n";
+     char   *saved_filter;
+     char   *bp;
+     char   *type_name;
+ 
+     /*
+      * Pre-allocate buffers.
+      */
+     request = vstring_alloc(10);
+     request_map = vstring_alloc(10);
+     request_key = vstring_alloc(10);
+     map_type_name_flags = vstring_alloc(10);
+ 
+     /*
+      * Prepare the pre-approved list of proxied tables.
+      */
+     saved_filter = bp = mystrdup(var_proxy_read_maps);
+     proxy_read_maps = htable_create(13);
+     while ((type_name = mystrtok(&bp, sep)) != 0) {
+ 	if (strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN))
+ 	    continue;
+ 	do {
+ 	    type_name += PROXY_COLON_LEN;
+ 	} while (!strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN));
+ 	if (strchr(type_name, ':') != 0
+ 	    && htable_locate(proxy_read_maps, type_name) == 0)
+ 	    (void) htable_enter(proxy_read_maps, type_name, (char *) 0);
+     }
+     myfree(saved_filter);
+ }
+ 
+ /* pre_accept - see if tables have changed */
+ 
+ static void pre_accept(char *unused_name, char **unused_argv)
+ {
+     if (dict_changed()) {
+ 	msg_info("some lookup table has changed -- restarting");
+ 	exit(0);
+     }
+ }
+ 
+ /* main - pass control to the multi-threaded skeleton */
+ 
+ int     main(int argc, char **argv)
+ {
+     static CONFIG_STR_TABLE str_table[] = {
+ 	VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
+ 	VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
+ 	VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
+ 	VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mbox_maps, 0, 0,
+ 	VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mbox_doms, 0, 0,
+ 	VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
+ 	VAR_RELAY_DOMAINS, DEF_RELAY_DOMAINS, &var_relay_domains, 0, 0,
+ 	VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
+ 	VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
+ 	VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
+ 	VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocatedmaps, 0, 0,
+ 	VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0,
+ 	VAR_PROXY_READ_MAPS, DEF_PROXY_READ_MAPS, &var_proxy_read_maps, 0, 0,
+ 	0,
+     };
+ 
+     multi_server_main(argc, argv, proxymap_service,
+ 		      MAIL_SERVER_STR_TABLE, str_table,
+ 		      MAIL_SERVER_POST_INIT, post_jail_init,
+ 		      MAIL_SERVER_PRE_ACCEPT, pre_accept,
+ 		      0);
+ }
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/smtpd/Makefile.in ./src/smtpd/Makefile.in
*** /tmp/postfix-2.0.0.2/src/smtpd/Makefile.in	Sat Dec 21 20:47:10 2002
--- ./src/smtpd/Makefile.in	Sun Jan 12 12:17:47 2003
***************
*** 221,226 ****
--- 221,227 ----
  smtpd_check.o: ../../include/mail_proto.h
  smtpd_check.o: ../../include/iostuff.h
  smtpd_check.o: ../../include/attr.h
+ smtpd_check.o: ../../include/mail_addr.h
  smtpd_check.o: smtpd.h
  smtpd_check.o: ../../include/mail_stream.h
  smtpd_check.o: smtpd_sasl_glue.h
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/smtpd/smtpd_check.c ./src/smtpd/smtpd_check.c
*** /tmp/postfix-2.0.0.2/src/smtpd/smtpd_check.c	Sat Dec 21 21:11:24 2002
--- ./src/smtpd/smtpd_check.c	Sun Jan 12 11:16:42 2003
***************
*** 315,320 ****
--- 315,321 ----
  #include <record.h>
  #include <rec_type.h>
  #include <mail_proto.h>
+ #include <mail_addr.h>
  
  /* Application-specific. */
  
***************
*** 1680,1685 ****
--- 1681,1690 ----
  	    msg_warn("access map %s entry %s has FILTER entry without value",
  		     table, datum);
  	    return (SMTPD_CHECK_DUNNO);
+ 	} else if (strchr(cmd_text, ':') == 0) {
+ 	    msg_warn("access map %s entry %s requires transport:destination",
+ 		     table, datum);
+ 	    return (SMTPD_CHECK_DUNNO);
  	} else {
  	    vstring_sprintf(error_text, "<%s>: %s triggers FILTER %s",
  			    reply_name, reply_class, cmd_text);
***************
*** 3193,3200 ****
--- 3198,3211 ----
       * local delivery, because the virtual delivery agent requires
       * user@domain style addresses in its user database.
       */
+ #define MATCH_LEFT(l, r, n) (strncasecmp((l), (r), (n)) == 0 && (r)[n] == '@')
+ 
      if ((reply->flags & RESOLVE_CLASS_LOCAL)
  	&& *var_local_rcpt_maps
+ 	&& !MATCH_LEFT(var_double_bounce_sender, CONST_STR(reply->recipient),
+ 		       strlen(var_double_bounce_sender))
+ 	&& !MATCH_LEFT(MAIL_ADDR_POSTMASTER, CONST_STR(reply->recipient),
+ 		       strlen(MAIL_ADDR_POSTMASTER))
  	&& NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient)))
  	return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
  				   "%d <%s>: User unknown%s",
***************
*** 3206,3211 ****
--- 3217,3223 ----
       * Reject mail to unknown addresses in virtual mailbox domains.
       */
      if ((reply->flags & RESOLVE_CLASS_VIRTUAL)
+ 	&& *var_virt_mailbox_maps
  	&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient)))
  	return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
  				   "%d <%s>: User unknown%s",
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/trivial-rewrite/resolve.c ./src/trivial-rewrite/resolve.c
*** /tmp/postfix-2.0.0.2/src/trivial-rewrite/resolve.c	Sun Dec 22 12:07:32 2002
--- ./src/trivial-rewrite/resolve.c	Sat Jan 11 18:52:41 2003
***************
*** 400,411 ****
  	 */
  	if (virt_alias_doms
  	    && string_list_match(virt_alias_doms, rcpt_domain)) {
! 	    if (var_helpful_warnings
! 		&& virt_mailbox_doms
! 		&& string_list_match(virt_mailbox_doms, rcpt_domain))
! 		msg_warn("do not list domain %s in BOTH %s and %s",
! 			 rcpt_domain, VAR_VIRT_ALIAS_DOMS,
! 			 VAR_VIRT_MAILBOX_DOMS);
  	    vstring_strcpy(channel, MAIL_SERVICE_ERROR);
  	    vstring_sprintf(nexthop, "User unknown%s",
  			    var_show_unk_rcpt_table ?
--- 400,412 ----
  	 */
  	if (virt_alias_doms
  	    && string_list_match(virt_alias_doms, rcpt_domain)) {
! 	    if (var_helpful_warnings) {
! 		if (virt_mailbox_doms
! 		    && string_list_match(virt_mailbox_doms, rcpt_domain))
! 		    msg_warn("do not list domain %s in BOTH %s and %s",
! 			     rcpt_domain, VAR_VIRT_ALIAS_DOMS,
! 			     VAR_VIRT_MAILBOX_DOMS);
! 	    }
  	    vstring_strcpy(channel, MAIL_SERVICE_ERROR);
  	    vstring_sprintf(nexthop, "User unknown%s",
  			    var_show_unk_rcpt_table ?
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/trivial-rewrite/transport.c ./src/trivial-rewrite/transport.c
*** /tmp/postfix-2.0.0.2/src/trivial-rewrite/transport.c	Sun Dec 22 12:07:32 2002
--- ./src/trivial-rewrite/transport.c	Thu Jan  9 10:06:32 2003
***************
*** 294,299 ****
--- 294,301 ----
      /*
       * Fall back to the wild-card entry.
       */
+     if (transport_errno) 
+ 	transport_wildcard_init();
      if (transport_errno) {
  	dict_errno = transport_errno;
  	RETURN_FREE(NOTFOUND);
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/trivial-rewrite/trivial-rewrite.c ./src/trivial-rewrite/trivial-rewrite.c
*** /tmp/postfix-2.0.0.2/src/trivial-rewrite/trivial-rewrite.c	Mon Dec 23 13:02:11 2002
--- ./src/trivial-rewrite/trivial-rewrite.c	Thu Jan  9 10:18:31 2003
***************
*** 57,62 ****
--- 57,73 ----
  /*	This overrides the optional nexthop information that is specified
  /*	with \fB$relayhost\fR.
  /*	The default nexthop is the recipient domain.
+ /* SERVER PROCESS MANAGEMENT
+ /* .ad
+ /* .fi
+ /*	The trivial-rewrite servers run under control by the Postfix master
+ /*	server.  Each server can handle multiple simultaneous connections.
+ /*	When all servers are busy while a client connects, the master
+ /*	creates a new server process, provided that the trivial-rewrite
+ /*	server process limit is not exceeded.
+ /*	Each trivial-rewrite server terminates after
+ /*	serving at least \fB$max_use\fR clients of after \fB$max_idle\fR
+ /*	seconds of idle time.
  /* STANDARDS
  /* .ad
  /* .fi
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/util/dict.h ./src/util/dict.h
*** /tmp/postfix-2.0.0.2/src/util/dict.h	Sat Dec  7 11:28:00 2002
--- ./src/util/dict.h	Sat Jan  4 20:03:28 2003
***************
*** 59,64 ****
--- 59,67 ----
  #define DICT_FLAG_DEBUG		(1<<9)	/* log access */
  #define DICT_FLAG_FOLD_KEY	(1<<10)	/* lowercase the lookup key */
  #define DICT_FLAG_NO_REGSUB	(1<<11)	/* no lhs->rhs regexp substitution */
+ #define DICT_FLAG_NO_PROXY	(1<<12)	/* no proxy mapping */
+ 
+ #define DICT_FLAG_PARANOID	(DICT_FLAG_NO_REGSUB | DICT_FLAG_NO_PROXY)
  
  extern int dict_unknown_allowed;
  extern int dict_errno;
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/util/dict_open.c ./src/util/dict_open.c
*** /tmp/postfix-2.0.0.2/src/util/dict_open.c	Sat Dec  7 11:28:52 2002
--- ./src/util/dict_open.c	Sat Jan  4 20:07:25 2003
***************
*** 84,89 ****
--- 84,94 ----
  /* .IP DICT_FLAG_NO_REGSUB
  /*      Disallow regular expression substitution from left-hand side data 
  /*	into the right-hand side.
+ /* .IP DICT_FLAG_NO_PROXY
+ /*	Disallow access through the \fBproxymap\fR service.
+ /* .IP DICT_FLAG_PARANOID
+ /*	A combination of all the paranoia flags: DICT_FLAG_NO_REGSUB
+ /*	and DICT_FLAG_NO_PROXY.
  /* .PP
  /*	Specify DICT_FLAG_NONE for no special processing.
  /*
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/util/vstream.c ./src/util/vstream.c
*** /tmp/postfix-2.0.0.2/src/util/vstream.c	Tue Jan 22 09:49:09 2002
--- ./src/util/vstream.c	Sat Jan  4 21:22:21 2003
***************
*** 640,647 ****
       * allocation gives the application a chance to override the default
       * buffering policy.
       */
!     if (bp->data == 0)
  	vstream_buf_alloc(bp, VSTREAM_BUFSIZE);
  
      /*
       * If the stream is double-buffered and the write buffer is not empty,
--- 640,650 ----
       * allocation gives the application a chance to override the default
       * buffering policy.
       */
!     if (bp->data == 0) {
  	vstream_buf_alloc(bp, VSTREAM_BUFSIZE);
+ 	if (bp->flags & VSTREAM_FLAG_DOUBLE) 
+ 	    VSTREAM_SAVE_STATE(stream, read_buf, read_fd);
+     }
  
      /*
       * If the stream is double-buffered and the write buffer is not empty,
***************
*** 724,729 ****
--- 727,734 ----
       */
      if (bp->data == 0) {
  	vstream_buf_alloc(bp, VSTREAM_BUFSIZE);
+ 	if (bp->flags & VSTREAM_FLAG_DOUBLE) 
+ 	    VSTREAM_SAVE_STATE(stream, write_buf, write_fd);
      } else if (bp->cnt <= 0) {
  	if (VSTREAM_FFLUSH_SOME(stream))
  	    return (VSTREAM_EOF);
diff -cr --new-file --exclude=.indent.pro /tmp/postfix-2.0.0.2/src/virtual/virtual.c ./src/virtual/virtual.c
*** /tmp/postfix-2.0.0.2/src/virtual/virtual.c	Wed Dec 18 21:01:47 2002
--- ./src/virtual/virtual.c	Sat Jan  4 20:04:24 2003
***************
*** 133,138 ****
--- 133,141 ----
  /*	For security reasons, regular expression maps are allowed but
  /*	regular expression substitution of $1 etc. is disallowed,
  /*	because that would open a security hole.
+ /*
+ /*	For security reasons, proxied table lookup is not allowed,
+ /*	because that would open a security hole.
  /* .IP \fBvirtual_mailbox_domains\fR
  /*	The list of domains that should be delivered via the Postfix virtual
  /*	delivery agent. This uses the same syntax as the \fBmydestination\fR
***************
*** 156,161 ****
--- 159,167 ----
  /*	For security reasons, regular expression maps are allowed but
  /*	regular expression substitution of $1 etc. is disallowed,
  /*	because that would open a security hole.
+ /*
+ /*	For security reasons, proxied table lookup is not allowed,
+ /*	because that would open a security hole.
  /* .IP \fBvirtual_gid_maps\fR
  /*	Recipients are looked up in these maps to determine the group ID to be
  /*	used when writing to the target mailbox.
***************
*** 170,175 ****
--- 176,184 ----
  /*	For security reasons, regular expression maps are allowed but
  /*	regular expression substitution of $1 etc. is disallowed,
  /*	because that would open a security hole.
+ /*
+ /*	For security reasons, proxied table lookup is not allowed,
+ /*	because that would open a security hole.
  /* .SH "Locking controls"
  /* .ad
  /* .fi
***************
*** 404,418 ****
  
      virtual_mailbox_maps =
  	virtual8_maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps,
! 			     DICT_FLAG_LOCK);
  
      virtual_uid_maps =
  	virtual8_maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps,
! 			     DICT_FLAG_LOCK);
  
      virtual_gid_maps =
  	virtual8_maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps,
! 			     DICT_FLAG_LOCK);
  
      virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock);
  }
--- 413,427 ----
  
      virtual_mailbox_maps =
  	virtual8_maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps,
! 			     DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
  
      virtual_uid_maps =
  	virtual8_maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps,
! 			     DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
  
      virtual_gid_maps =
  	virtual8_maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps,
! 			     DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
  
      virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock);
  }