Prereq: "2.4.0"
diff -cr /var/tmp/postfix-2.4.0/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.4.0/src/global/mail_version.h	Wed Mar 28 14:12:37 2007
--- ./src/global/mail_version.h	Mon Apr 23 19:22:51 2007
***************
*** 20,27 ****
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20070328"
! #define MAIL_VERSION_NUMBER	"2.4.0"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- 20,27 ----
    * Patches change both the patchlevel and the release date. Snapshots have no
    * patchlevel; they change the release date only.
    */
! #define MAIL_RELEASE_DATE	"20070423"
! #define MAIL_VERSION_NUMBER	"2.4.1"
  
  #ifdef SNAPSHOT
  # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -cr /var/tmp/postfix-2.4.0/HISTORY ./HISTORY
*** /var/tmp/postfix-2.4.0/HISTORY	Wed Mar 28 14:12:56 2007
--- ./HISTORY	Mon Apr 23 19:21:53 2007
***************
*** 13396,13398 ****
--- 13396,13424 ----
  	Workaround: Eric Raymond's man page formatters don't handle
  	low-level *roff .in or .ti controls. We now use .nf and .fi
  	instead. Files: many.
+ 
+ 20070331
+ 
+ 	Bugfix (introduced Postfix 2.3): segfault with HOLD action
+ 	in access/header_checks/body_checks on 64-bit platforms.
+ 	File: cleanup/cleanup_api.c.
+ 
+ 20070402
+ 
+ 	Portability (introduced 20070325): the fix for hardlinks
+ 	and symlinks in postfix-install forgot to work around shells
+ 	where "IFS=/ command" makes the IFS setting permanent.  This
+ 	is allowed by some broken standard, and affects Solaris.
+ 	File: postfix-install.
+ 
+ 	Portability (introduced 20070212): the workaround for
+ 	non-existent library bugs with descriptors >= FD_SETSIZE
+ 	broke with "fcntl F_DUPFD: Invalid argument" on 64-bit
+ 	Solaris.  Files: master/multi_server.c, *qmgr/qmgr_transport.c.
+ 
+ 20070421
+ 
+ 	Cleanup: on (Linux) platforms that cripple signal handlers
+ 	with deadlock, "postfix stop" now forcefully stops all the
+ 	processes in the master's process group, not just the master
+ 	process alone.  File: conf/postfix-script.
diff -cr /var/tmp/postfix-2.4.0/README_FILES/BUILTIN_FILTER_README ./README_FILES/BUILTIN_FILTER_README
*** /var/tmp/postfix-2.4.0/README_FILES/BUILTIN_FILTER_README	Sat Apr 17 15:54:40 2004
--- ./README_FILES/BUILTIN_FILTER_README	Mon Apr  2 19:19:47 2007
***************
*** 18,25 ****
  Because the built-in filter is optimized for stopping specific worms and virus
  outbreaks, it has limitations that make it NOT suitable for general junk email
  and virus detection. For that, you should use one of the external content
! inspection methods that are described in the FILTER_README and
! SMTPD_PROXY_README documents.
  
  The following diagram gives an over-all picture of how Postfix built-in content
  inspection works:
--- 18,25 ----
  Because the built-in filter is optimized for stopping specific worms and virus
  outbreaks, it has limitations that make it NOT suitable for general junk email
  and virus detection. For that, you should use one of the external content
! inspection methods that are described in the FILTER_README, SMTPD_PROXY_README
! and MILTER_README documents.
  
  The following diagram gives an over-all picture of how Postfix built-in content
  inspection works:
diff -cr /var/tmp/postfix-2.4.0/README_FILES/SMTPD_PROXY_README ./README_FILES/SMTPD_PROXY_README
*** /var/tmp/postfix-2.4.0/README_FILES/SMTPD_PROXY_README	Sun Mar 25 14:58:52 2007
--- ./README_FILES/SMTPD_PROXY_README	Mon Apr  2 19:19:47 2007
***************
*** 12,18 ****
  
  As of version 2.1, the Postfix SMTP server can forward all incoming mail to a
  content filtering proxy server that inspects all mail BEFORE it is stored in
! the Postfix mail queue.
  
  The before-queue content filter is meant to be used as follows:
  
--- 12,20 ----
  
  As of version 2.1, the Postfix SMTP server can forward all incoming mail to a
  content filtering proxy server that inspects all mail BEFORE it is stored in
! the Postfix mail queue. It is roughly equivalent in capabilities to the
! approach described in MILTER_README, except that the latter uses a dedicated
! protocol instead of SMTP.
  
  The before-queue content filter is meant to be used as follows:
  
diff -cr /var/tmp/postfix-2.4.0/conf/postfix-script ./conf/postfix-script
*** /var/tmp/postfix-2.4.0/conf/postfix-script	Sun Mar 25 19:07:50 2007
--- ./conf/postfix-script	Sun Apr 22 10:08:47 2007
***************
*** 136,142 ****
  	    sleep 1
  	done
  	$WARN stopping the Postfix mail system with force
! 	kill -9 `sed 1q pid/master.pid`
  	;;
  
  abort)
--- 136,143 ----
  	    sleep 1
  	done
  	$WARN stopping the Postfix mail system with force
! 	pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` && 
! 		kill -9 -$pid
  	;;
  
  abort)
diff -cr /var/tmp/postfix-2.4.0/html/BUILTIN_FILTER_README.html ./html/BUILTIN_FILTER_README.html
*** /var/tmp/postfix-2.4.0/html/BUILTIN_FILTER_README.html	Tue Feb 22 09:02:05 2005
--- ./html/BUILTIN_FILTER_README.html	Thu Mar 29 10:20:56 2007
***************
*** 37,44 ****
  worms and virus outbreaks, it has <a href="#limitations">limitations</a>
  that make it NOT suitable for general junk email and virus detection.
  For that, you should use one of the external content inspection
! methods that are described in the <a href="FILTER_README.html">FILTER_README</a> and <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>
! documents.  </p>
  
  <p> The following diagram gives an over-all picture of how Postfix
  built-in content inspection works: </p>
--- 37,44 ----
  worms and virus outbreaks, it has <a href="#limitations">limitations</a>
  that make it NOT suitable for general junk email and virus detection.
  For that, you should use one of the external content inspection
! methods that are described in the <a href="FILTER_README.html">FILTER_README</a>, <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>
! and <a href="MILTER_README.html">MILTER_README</a> documents.  </p>
  
  <p> The following diagram gives an over-all picture of how Postfix
  built-in content inspection works: </p>
***************
*** 353,359 ****
  </p>
  
  <p> The easiest approach is to configure ONE Postfix instance with
! multiple SMTP server IP addresses in master.cf: </p>
  
  <ul>
  
--- 353,359 ----
  </p>
  
  <p> The easiest approach is to configure ONE Postfix instance with
! multiple SMTP server IP addresses in <a href="master.5.html">master.cf</a>: </p>
  
  <ul>
  
***************
*** 362,368 ****
  service with header/body filtering turned off.  </p>
  
  <pre>
! /etc/postfix.master.cf:
      # ==================================================================
      # service      type  private unpriv  chroot  wakeup  maxproc command
      #                    (yes)   (yes)   (yes)   (never) (100)
--- 362,368 ----
  service with header/body filtering turned off.  </p>
  
  <pre>
! /etc/postfix.<a href="master.5.html">master.cf</a>:
      # ==================================================================
      # service      type  private unpriv  chroot  wakeup  maxproc command
      #                    (yes)   (yes)   (yes)   (never) (100)
***************
*** 376,385 ****
  </pre>
  
  <li> <p> One SMTP server address for mail from outside users with
! header/body filtering turned on via main.cf. </p>
  
  <pre>
! /etc/postfix.master.cf:
      # =================================================================
      # service     type  private unpriv  chroot  wakeup  maxproc command
      #                   (yes)   (yes)   (yes)   (never) (100)
--- 376,385 ----
  </pre>
  
  <li> <p> One SMTP server address for mail from outside users with
! header/body filtering turned on via <a href="postconf.5.html">main.cf</a>. </p>
  
  <pre>
! /etc/postfix.<a href="master.5.html">master.cf</a>:
      # =================================================================
      # service     type  private unpriv  chroot  wakeup  maxproc command
      #                   (yes)   (yes)   (yes)   (never) (100)
***************
*** 397,409 ****
  
  <p> If you are MX service provider and want to apply disable
  head/body checks for some domains, you can configure ONE Postfix
! instance with multiple SMTP server IP addresses in master.cf. Each
  address provides a different service. </p>
  
  <blockquote>
  
  <pre>
! /etc/postfix.master.cf:
      # =================================================================
      # service     type  private unpriv  chroot  wakeup  maxproc command
      #                   (yes)   (yes)   (yes)   (never) (100)
--- 397,409 ----
  
  <p> If you are MX service provider and want to apply disable
  head/body checks for some domains, you can configure ONE Postfix
! instance with multiple SMTP server IP addresses in <a href="master.5.html">master.cf</a>. Each
  address provides a different service. </p>
  
  <blockquote>
  
  <pre>
! /etc/postfix.<a href="master.5.html">master.cf</a>:
      # =================================================================
      # service     type  private unpriv  chroot  wakeup  maxproc command
      #                   (yes)   (yes)   (yes)   (never) (100)
diff -cr /var/tmp/postfix-2.4.0/html/SMTPD_PROXY_README.html ./html/SMTPD_PROXY_README.html
*** /var/tmp/postfix-2.4.0/html/SMTPD_PROXY_README.html	Sun Mar 25 14:58:52 2007
--- ./html/SMTPD_PROXY_README.html	Thu Mar 29 10:20:56 2007
***************
*** 27,34 ****
  <h2>The Postfix before-queue content filter feature</h2>
  
  <p> As of version 2.1, the Postfix SMTP server can forward all
! incoming mail to a content filtering proxy server that inspects
! all mail BEFORE it is stored in the Postfix mail queue. </p>
  
  <p> The before-queue content filter is meant to be used as follows: </p>
  
--- 27,36 ----
  <h2>The Postfix before-queue content filter feature</h2>
  
  <p> As of version 2.1, the Postfix SMTP server can forward all
! incoming mail to a content filtering proxy server that inspects all
! mail BEFORE it is stored in the Postfix mail queue. It is roughly
! equivalent in capabilities to the approach described in <a href="MILTER_README.html">MILTER_README</a>,
! except that the latter uses a dedicated protocol instead of SMTP.
  
  <p> The before-queue content filter is meant to be used as follows: </p>
  
diff -cr /var/tmp/postfix-2.4.0/html/access.5.html ./html/access.5.html
*** /var/tmp/postfix-2.4.0/html/access.5.html	Mon Mar 26 20:06:04 2007
--- ./html/access.5.html	Mon Apr  2 19:11:01 2007
***************
*** 20,27 ****
         This  document  describes  access  control  on remote SMTP
         client information: host  names,  network  addresses,  and
         envelope  sender or recipient addresses; it is implemented
!        by the  Postfix  SMTP  server.   See  <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5)  or
!        <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5)  for access control on the content of email
         messages.
  
         Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text  file
--- 20,27 ----
         This  document  describes  access  control  on remote SMTP
         client information: host  names,  network  addresses,  and
         envelope  sender or recipient addresses; it is implemented
!        by the  Postfix  SMTP  server.   See  <a href="header_checks.5.html"><b>header_checks</b>(5)</a>  or
!        <a href="header_checks.5.html"><b>body_checks</b>(5)</a>  for access control on the content of email
         messages.
  
         Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text  file
diff -cr /var/tmp/postfix-2.4.0/html/cleanup.8.html ./html/cleanup.8.html
*** /var/tmp/postfix-2.4.0/html/cleanup.8.html	Sat Mar 17 13:59:51 2007
--- ./html/cleanup.8.html	Mon Apr  2 19:13:14 2007
***************
*** 102,113 ****
  
         <b><a href="postconf.5.html#body_checks">body_checks</a> (empty)</b>
                Optional  lookup  tables  for content inspection as
!               specified in the <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) manual page.
  
         <b><a href="postconf.5.html#header_checks">header_checks</a> (empty)</b>
                Optional lookup tables for  content  inspection  of
                primary  non-MIME  message headers, as specified in
!               the <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page.
  
         Available in Postfix version 2.0 and later:
  
--- 102,113 ----
  
         <b><a href="postconf.5.html#body_checks">body_checks</a> (empty)</b>
                Optional  lookup  tables  for content inspection as
!               specified in the <a href="header_checks.5.html"><b>body_checks</b>(5)</a> manual page.
  
         <b><a href="postconf.5.html#header_checks">header_checks</a> (empty)</b>
                Optional lookup tables for  content  inspection  of
                primary  non-MIME  message headers, as specified in
!               the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
  
         Available in Postfix version 2.0 and later:
  
***************
*** 119,130 ****
         <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
                Optional lookup tables for  content  inspection  of
                MIME  related  message headers, as described in the
!               <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page.
  
         <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
                Optional lookup tables for  content  inspection  of
                non-MIME  message  headers in attached messages, as
!               described in the <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page.
  
         Available in Postfix version 2.3 and later:
  
--- 119,130 ----
         <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
                Optional lookup tables for  content  inspection  of
                MIME  related  message headers, as described in the
!               <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
  
         <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
                Optional lookup tables for  content  inspection  of
                non-MIME  message  headers in attached messages, as
!               described in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
  
         Available in Postfix version 2.3 and later:
  
diff -cr /var/tmp/postfix-2.4.0/html/header_checks.5.html ./html/header_checks.5.html
*** /var/tmp/postfix-2.4.0/html/header_checks.5.html	Wed Mar 28 12:44:56 2007
--- ./html/header_checks.5.html	Thu Mar 29 10:20:57 2007
***************
*** 21,27 ****
  <b>DESCRIPTION</b>
         This  document  describes access control on the content of
         message headers and message body lines; it is  implemented
!        by  the  Postfix  <a href="cleanup.8.html">cleanup(8)</a> server before mail is queued.
         See <a href="access.5.html"><b>access</b>(5)</a> for access control  on  remote  SMTP  client
         information.
  
--- 21,27 ----
  <b>DESCRIPTION</b>
         This  document  describes access control on the content of
         message headers and message body lines; it is  implemented
!        by  the  Postfix  <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server before mail is queued.
         See <a href="access.5.html"><b>access</b>(5)</a> for access control  on  remote  SMTP  client
         information.
  
diff -cr /var/tmp/postfix-2.4.0/html/pcre_table.5.html ./html/pcre_table.5.html
*** /var/tmp/postfix-2.4.0/html/pcre_table.5.html	Mon Mar 26 13:43:38 2007
--- ./html/pcre_table.5.html	Wed Apr 11 17:03:58 2007
***************
*** 50,57 ****
         <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
  
         <b>endif</b>  Match the input string against the patterns between
!               <b>if</b> and <b>endif</b>, if and only if the input string  also
!               matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
  
                Note:  do not prepend whitespace to patterns inside
                <b>if</b>..<b>endif</b>.
--- 50,57 ----
         <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
  
         <b>endif</b>  Match the input string against the patterns between
!               <b>if</b> and <b>endif</b>, if and only if that same input string
!               also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
  
                Note:  do not prepend whitespace to patterns inside
                <b>if</b>..<b>endif</b>.
***************
*** 61,68 ****
         <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
  
         <b>endif</b>  Match the input string against the patterns between
!               <b>if</b> and <b>endif</b>, if and only if the input string  does
!               <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
  
                Note:  do not prepend whitespace to patterns inside
                <b>if</b>..<b>endif</b>.
--- 61,68 ----
         <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
  
         <b>endif</b>  Match the input string against the patterns between
!               <b>if</b> and <b>endif</b>, if and only if that same input string
!               does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
  
                Note:  do not prepend whitespace to patterns inside
                <b>if</b>..<b>endif</b>.
diff -cr /var/tmp/postfix-2.4.0/html/regexp_table.5.html ./html/regexp_table.5.html
*** /var/tmp/postfix-2.4.0/html/regexp_table.5.html	Mon Mar 26 13:43:38 2007
--- ./html/regexp_table.5.html	Wed Apr 11 17:01:16 2007
***************
*** 62,138 ****
  
         <b>endif</b>  Match the input string against the patterns between
                <b>if</b> and <b>endif</b>, if and only if that same input string
!               does  <b>not</b>  match  <i>pattern</i>.  The <b>if</b>..<b>endif</b> can nest.
!               matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
  
!               Note: do not prepend whitespace to patterns  inside
                <b>if</b>..<b>endif</b>.
  
                This feature is available in Postfix 2.1 and later.
  
         blank lines and comments
!               Empty lines and whitespace-only lines are  ignored,
!               as  are  lines whose first non-whitespace character
                is a `#'.
  
         multi-line text
!               A logical line starts with non-whitespace  text.  A
!               line  that starts with whitespace continues a logi-
                cal line.
  
!        Each pattern is a POSIX regular expression enclosed  by  a
         pair of delimiters. The regular expression syntax is docu-
!        mented in  <b>re_format</b>(7)  with  4.4BSD,  in  <b>regex</b>(5)  with
         Solaris, and in <b>regex</b>(7) with Linux. Other systems may use
         other document names.
  
!        The expression delimiter  can  be  any  character,  except
         whitespace or characters that have special meaning (tradi-
!        tionally the forward slash is used). The  regular  expres-
         sion can contain whitespace.
  
         By default, matching is case-insensitive, and newlines are
!        not treated as special characters. The  behavior  is  con-
!        trolled  by  flags,  which are toggled by appending one or
         more of the following characters after the pattern:
  
         <b>i</b> (default: on)
!               Toggles the  case  sensitivity  flag.  By  default,
                matching is case insensitive.
  
         <b>x</b> (default: on)
!               Toggles  the  extended  expression  syntax flag. By
!               default, support for extended expression syntax  is
                enabled.
  
         <b>m</b> (default: off)
!               Toggle  the multi-line mode flag. When this flag is
!               on, the <b>^</b> and <b>$</b>  metacharacters  match  immediately
!               after  and  immediately before a newline character,
!               respectively, in addition to matching at the  start
                and end of the input string.
  
  <b>TABLE SEARCH ORDER</b>
!        Patterns  are applied in the order as specified in the ta-
!        ble, until a pattern  is  found  that  matches  the  input
         string.
  
!        Each  pattern  is  applied  to  the  entire  input string.
!        Depending on the application, that  string  is  an  entire
         client hostname, an entire client IP address, or an entire
!        mail address.  Thus, no parent domain  or  parent  network
!        search  is  done,  and  <i>user@domain</i> mail addresses are not
!        broken up into their <i>user</i> and  <i>domain</i>  constituent  parts,
         nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
  
  <b>TEXT SUBSTITUTION</b>
!        Substitution  of  substrings  from  the matched expression
!        into the result string is possible  using  $1,  $2,  etc.;
         specify $$ to produce a $ character as output.  The macros
!        in the result string may need to be  written  as  ${n}  or
         $(n) if they aren't followed by whitespace.
  
!        Note:  since negated patterns (those preceded by <b>!</b>) return
         a result when the expression does not match, substitutions
         are not available for negated patterns.
  
--- 62,137 ----
  
         <b>endif</b>  Match the input string against the patterns between
                <b>if</b> and <b>endif</b>, if and only if that same input string
!               does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
  
!               Note:  do not prepend whitespace to patterns inside
                <b>if</b>..<b>endif</b>.
  
                This feature is available in Postfix 2.1 and later.
  
         blank lines and comments
!               Empty  lines and whitespace-only lines are ignored,
!               as are lines whose first  non-whitespace  character
                is a `#'.
  
         multi-line text
!               A  logical  line starts with non-whitespace text. A
!               line that starts with whitespace continues a  logi-
                cal line.
  
!        Each  pattern  is a POSIX regular expression enclosed by a
         pair of delimiters. The regular expression syntax is docu-
!        mented  in  <b>re_format</b>(7)  with  4.4BSD,  in  <b>regex</b>(5) with
         Solaris, and in <b>regex</b>(7) with Linux. Other systems may use
         other document names.
  
!        The  expression  delimiter  can  be  any character, except
         whitespace or characters that have special meaning (tradi-
!        tionally  the  forward slash is used). The regular expres-
         sion can contain whitespace.
  
         By default, matching is case-insensitive, and newlines are
!        not  treated  as  special characters. The behavior is con-
!        trolled by flags, which are toggled by  appending  one  or
         more of the following characters after the pattern:
  
         <b>i</b> (default: on)
!               Toggles  the  case  sensitivity  flag.  By default,
                matching is case insensitive.
  
         <b>x</b> (default: on)
!               Toggles the extended  expression  syntax  flag.  By
!               default,  support for extended expression syntax is
                enabled.
  
         <b>m</b> (default: off)
!               Toggle the multi-line mode flag. When this flag  is
!               on,  the  <b>^</b>  and <b>$</b> metacharacters match immediately
!               after and immediately before a  newline  character,
!               respectively,  in addition to matching at the start
                and end of the input string.
  
  <b>TABLE SEARCH ORDER</b>
!        Patterns are applied in the order as specified in the  ta-
!        ble,  until  a  pattern  is  found  that matches the input
         string.
  
!        Each pattern  is  applied  to  the  entire  input  string.
!        Depending  on  the  application,  that string is an entire
         client hostname, an entire client IP address, or an entire
!        mail  address.   Thus,  no parent domain or parent network
!        search is done, and <i>user@domain</i>  mail  addresses  are  not
!        broken  up  into  their <i>user</i> and <i>domain</i> constituent parts,
         nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
  
  <b>TEXT SUBSTITUTION</b>
!        Substitution of substrings  from  the  matched  expression
!        into  the  result  string  is possible using $1, $2, etc.;
         specify $$ to produce a $ character as output.  The macros
!        in  the  result  string  may need to be written as ${n} or
         $(n) if they aren't followed by whitespace.
  
!        Note: since negated patterns (those preceded by <b>!</b>)  return
         a result when the expression does not match, substitutions
         are not available for negated patterns.
  
diff -cr /var/tmp/postfix-2.4.0/man/man5/header_checks.5 ./man/man5/header_checks.5
*** /var/tmp/postfix-2.4.0/man/man5/header_checks.5	Wed Mar 28 12:44:55 2007
--- ./man/man5/header_checks.5	Thu Mar 29 10:20:57 2007
***************
*** 22,28 ****
  .fi
  This document describes access control on the content of
  message headers and message body lines; it is implemented
! by the Postfix cleanup(8) server before mail is queued.
  See \fBaccess\fR(5) for access control on remote SMTP client
  information.
  
--- 22,28 ----
  .fi
  This document describes access control on the content of
  message headers and message body lines; it is implemented
! by the Postfix \fBcleanup\fR(8) server before mail is queued.
  See \fBaccess\fR(5) for access control on remote SMTP client
  information.
  
diff -cr /var/tmp/postfix-2.4.0/man/man5/pcre_table.5 ./man/man5/pcre_table.5
*** /var/tmp/postfix-2.4.0/man/man5/pcre_table.5	Mon Mar 26 13:43:35 2007
--- ./man/man5/pcre_table.5	Wed Apr 11 17:03:58 2007
***************
*** 51,57 ****
  .IP "\fBif /\fIpattern\fB/\fIflags\fR"
  .IP "\fBendif\fR"
  Match the input string against the patterns between \fBif\fR
! and \fBendif\fR, if and only if the input string also matches
  \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  .sp
  Note: do not prepend whitespace to patterns inside
--- 51,57 ----
  .IP "\fBif /\fIpattern\fB/\fIflags\fR"
  .IP "\fBendif\fR"
  Match the input string against the patterns between \fBif\fR
! and \fBendif\fR, if and only if that same input string also matches
  \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  .sp
  Note: do not prepend whitespace to patterns inside
***************
*** 61,67 ****
  .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
  .IP "\fBendif\fR"
  Match the input string against the patterns between \fBif\fR
! and \fBendif\fR, if and only if the input string does \fBnot\fR
  match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  .sp
  Note: do not prepend whitespace to patterns inside
--- 61,67 ----
  .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
  .IP "\fBendif\fR"
  Match the input string against the patterns between \fBif\fR
! and \fBendif\fR, if and only if that same input string does \fBnot\fR
  match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  .sp
  Note: do not prepend whitespace to patterns inside
diff -cr /var/tmp/postfix-2.4.0/man/man5/regexp_table.5 ./man/man5/regexp_table.5
*** /var/tmp/postfix-2.4.0/man/man5/regexp_table.5	Mon Mar 26 13:43:35 2007
--- ./man/man5/regexp_table.5	Wed Apr 11 17:01:16 2007
***************
*** 63,69 ****
  Match the input string against the patterns between \fBif\fR
  and \fBendif\fR, if and only if that same input string does
  \fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
- matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  .sp
  Note: do not prepend whitespace to patterns inside
  \fBif\fR..\fBendif\fR.
--- 63,68 ----
diff -cr /var/tmp/postfix-2.4.0/mantools/postlink ./mantools/postlink
*** /var/tmp/postfix-2.4.0/mantools/postlink	Thu Mar 22 11:09:13 2007
--- ./mantools/postlink	Mon Apr  2 19:10:27 2007
***************
*** 677,682 ****
--- 677,685 ----
      s/[<bB>]*vir[-<\/bB>]*\n*[ <bB>]*tual[<\/bB>]*\(8\)/<a href="virtual.8.html">$&<\/a>/g;
      s/[<bB>]*cidr_ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="cidr_table.5.html">$&<\/a>/g;
      s/[<bB>]*tcp_ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="tcp_table.5.html">$&<\/a>/g;
+     # Workaround...
+     s/<b><a href="postconf.5.html#body_checks">body_checks<\/a><\/b>\(5\)/<b>body_checks<\/b>(5)/;
+     s/<b><a href="postconf.5.html#header_checks">header_checks<\/a><\/b>\(5\)/<b>header_checks<\/b>(5)/;
      s/[<bB>]*body_checks[<\/bB>]*\(5\)/<a href="header_checks.5.html">$&<\/a>/g;
      s/[<bB>]*header_checks[<\/bB>]*\(5\)/<a href="header_checks.5.html">$&<\/a>/g;
  
diff -cr /var/tmp/postfix-2.4.0/postfix-install ./postfix-install
*** /var/tmp/postfix-2.4.0/postfix-install	Sun Mar 25 16:44:02 2007
--- ./postfix-install	Mon Apr  2 13:14:37 2007
***************
*** 686,707 ****
  
       # Hard link. Skip files that are not installed.
  
!      h) eval echo $path | (IFS=/ read prefix file; test "$prefix" = "no" || (
! 	    eval dest_path=$install_root$path
! 	    check_parent $dest_path || exit 1
! 	    eval source_path=$install_root$source
! 	    compare_or_hardlink $source_path $dest_path || exit 1
! 	)) || exit 1
  	continue;;
  
       # Symbolic link. Skip files that are not installed.
  
!      l) eval echo $path | (IFS=/ read prefix file; test "$prefix" = "no" || (
! 	    eval dest_path=$install_root$path
! 	    check_parent $dest_path || exit 1
! 	    eval source_path=$install_root$source
! 	    compare_or_symlink $source_path $dest_path || exit 1
! 	)) || exit 1
  	continue;;
  
       *) echo $0: Error: unknown type $type for $path in conf/postfix-files 1>&2
--- 686,713 ----
  
       # Hard link. Skip files that are not installed.
  
!      h) eval echo $path | (
! 	    IFS=/ read prefix file; IFS="$BACKUP_IFS"
! 	    test "$prefix" = "no" || (
! 		eval dest_path=$install_root$path
! 		check_parent $dest_path || exit 1
! 		eval source_path=$install_root$source
! 		compare_or_hardlink $source_path $dest_path || exit 1
! 	    )
! 	) || exit 1
  	continue;;
  
       # Symbolic link. Skip files that are not installed.
  
!      l) eval echo $path | (
! 	    IFS=/ read prefix file; IFS="$BACKUP_IFS"
! 	    test "$prefix" = "no" || (
! 		eval dest_path=$install_root$path
! 		check_parent $dest_path || exit 1
! 		eval source_path=$install_root$source
! 		compare_or_symlink $source_path $dest_path || exit 1
! 	    )
! 	) || exit 1
  	continue;;
  
       *) echo $0: Error: unknown type $type for $path in conf/postfix-files 1>&2
diff -cr /var/tmp/postfix-2.4.0/proto/BUILTIN_FILTER_README.html ./proto/BUILTIN_FILTER_README.html
*** /var/tmp/postfix-2.4.0/proto/BUILTIN_FILTER_README.html	Sat Apr 17 15:54:32 2004
--- ./proto/BUILTIN_FILTER_README.html	Thu Mar 29 10:09:11 2007
***************
*** 37,44 ****
  worms and virus outbreaks, it has <a href="#limitations">limitations</a>
  that make it NOT suitable for general junk email and virus detection.
  For that, you should use one of the external content inspection
! methods that are described in the FILTER_README and SMTPD_PROXY_README
! documents.  </p>
  
  <p> The following diagram gives an over-all picture of how Postfix
  built-in content inspection works: </p>
--- 37,44 ----
  worms and virus outbreaks, it has <a href="#limitations">limitations</a>
  that make it NOT suitable for general junk email and virus detection.
  For that, you should use one of the external content inspection
! methods that are described in the FILTER_README, SMTPD_PROXY_README
! and MILTER_README documents.  </p>
  
  <p> The following diagram gives an over-all picture of how Postfix
  built-in content inspection works: </p>
diff -cr /var/tmp/postfix-2.4.0/proto/SMTPD_PROXY_README.html ./proto/SMTPD_PROXY_README.html
*** /var/tmp/postfix-2.4.0/proto/SMTPD_PROXY_README.html	Sun Mar 25 14:58:49 2007
--- ./proto/SMTPD_PROXY_README.html	Thu Mar 29 10:16:16 2007
***************
*** 27,34 ****
  <h2>The Postfix before-queue content filter feature</h2>
  
  <p> As of version 2.1, the Postfix SMTP server can forward all
! incoming mail to a content filtering proxy server that inspects
! all mail BEFORE it is stored in the Postfix mail queue. </p>
  
  <p> The before-queue content filter is meant to be used as follows: </p>
  
--- 27,36 ----
  <h2>The Postfix before-queue content filter feature</h2>
  
  <p> As of version 2.1, the Postfix SMTP server can forward all
! incoming mail to a content filtering proxy server that inspects all
! mail BEFORE it is stored in the Postfix mail queue. It is roughly
! equivalent in capabilities to the approach described in MILTER_README,
! except that the latter uses a dedicated protocol instead of SMTP.
  
  <p> The before-queue content filter is meant to be used as follows: </p>
  
diff -cr /var/tmp/postfix-2.4.0/proto/header_checks ./proto/header_checks
*** /var/tmp/postfix-2.4.0/proto/header_checks	Wed Mar 28 12:44:20 2007
--- ./proto/header_checks	Thu Mar 29 09:56:46 2007
***************
*** 16,22 ****
  # DESCRIPTION
  #	This document describes access control on the content of
  #	message headers and message body lines; it is implemented
! #	by the Postfix cleanup(8) server before mail is queued.
  #	See \fBaccess\fR(5) for access control on remote SMTP client
  #	information.
  #
--- 16,22 ----
  # DESCRIPTION
  #	This document describes access control on the content of
  #	message headers and message body lines; it is implemented
! #	by the Postfix \fBcleanup\fR(8) server before mail is queued.
  #	See \fBaccess\fR(5) for access control on remote SMTP client
  #	information.
  #
diff -cr /var/tmp/postfix-2.4.0/proto/pcre_table ./proto/pcre_table
*** /var/tmp/postfix-2.4.0/proto/pcre_table	Sun Mar 25 20:37:52 2007
--- ./proto/pcre_table	Wed Apr 11 17:03:15 2007
***************
*** 41,47 ****
  # .IP "\fBif /\fIpattern\fB/\fIflags\fR"
  # .IP "\fBendif\fR"
  #	Match the input string against the patterns between \fBif\fR
! #	and \fBendif\fR, if and only if the input string also matches
  #	\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  # .sp
  #	Note: do not prepend whitespace to patterns inside
--- 41,47 ----
  # .IP "\fBif /\fIpattern\fB/\fIflags\fR"
  # .IP "\fBendif\fR"
  #	Match the input string against the patterns between \fBif\fR
! #	and \fBendif\fR, if and only if that same input string also matches
  #	\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  # .sp
  #	Note: do not prepend whitespace to patterns inside
***************
*** 51,57 ****
  # .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
  # .IP "\fBendif\fR"
  #	Match the input string against the patterns between \fBif\fR
! #	and \fBendif\fR, if and only if the input string does \fBnot\fR
  #	match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  # .sp
  #	Note: do not prepend whitespace to patterns inside
--- 51,57 ----
  # .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
  # .IP "\fBendif\fR"
  #	Match the input string against the patterns between \fBif\fR
! #	and \fBendif\fR, if and only if that same input string does \fBnot\fR
  #	match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  # .sp
  #	Note: do not prepend whitespace to patterns inside
diff -cr /var/tmp/postfix-2.4.0/proto/regexp_table ./proto/regexp_table
*** /var/tmp/postfix-2.4.0/proto/regexp_table	Sun Mar 25 20:37:34 2007
--- ./proto/regexp_table	Wed Apr 11 17:01:09 2007
***************
*** 53,59 ****
  #       Match the input string against the patterns between \fBif\fR
  #	and \fBendif\fR, if and only if that same input string does
  #	\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
- #	matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
  # .sp
  #       Note: do not prepend whitespace to patterns inside
  #	\fBif\fR..\fBendif\fR.
--- 53,58 ----
diff -cr /var/tmp/postfix-2.4.0/src/cleanup/cleanup_api.c ./src/cleanup/cleanup_api.c
*** /var/tmp/postfix-2.4.0/src/cleanup/cleanup_api.c	Thu Feb 15 16:17:00 2007
--- ./src/cleanup/cleanup_api.c	Sat Mar 31 13:06:52 2007
***************
*** 297,304 ****
  #endif
  	    mail_stream_ctl(state->handle,
  			    MAIL_STREAM_CTL_QUEUE, state->queue_name,
! 			    MAIL_STREAM_CTL_CLASS, 0,
! 			    MAIL_STREAM_CTL_SERVICE, 0,
  #ifdef DELAY_ACTION
  			    MAIL_STREAM_CTL_DELAY, state->defer_delay,
  #endif
--- 297,304 ----
  #endif
  	    mail_stream_ctl(state->handle,
  			    MAIL_STREAM_CTL_QUEUE, state->queue_name,
! 			    MAIL_STREAM_CTL_CLASS, (char *) 0,
! 			    MAIL_STREAM_CTL_SERVICE, (char *) 0,
  #ifdef DELAY_ACTION
  			    MAIL_STREAM_CTL_DELAY, state->defer_delay,
  #endif
diff -cr /var/tmp/postfix-2.4.0/src/master/multi_server.c ./src/master/multi_server.c
*** /var/tmp/postfix-2.4.0/src/master/multi_server.c	Wed Mar 14 15:35:47 2007
--- ./src/master/multi_server.c	Mon Apr  2 15:09:09 2007
***************
*** 336,349 ****
      char   *tmp;
  
  #if defined(F_DUPFD) && (EVENTS_STYLE != EVENTS_STYLE_SELECT)
      int     new_fd;
  
      /*
       * Leave some handles < FD_SETSIZE for DBMS libraries, in the unlikely
       * case of a multi-server with a thousand clients.
       */
!     if (fd < FD_SETSIZE / 8) {
! 	if ((new_fd = fcntl(fd, F_DUPFD, FD_SETSIZE / 8)) < 0)
  	    msg_fatal("fcntl F_DUPFD: %m");
  	(void) close(fd);
  	fd = new_fd;
--- 336,352 ----
      char   *tmp;
  
  #if defined(F_DUPFD) && (EVENTS_STYLE != EVENTS_STYLE_SELECT)
+ #ifndef THRESHOLD_FD_WORKAROUND
+ #define THRESHOLD_FD_WORKAROUND 128
+ #endif
      int     new_fd;
  
      /*
       * Leave some handles < FD_SETSIZE for DBMS libraries, in the unlikely
       * case of a multi-server with a thousand clients.
       */
!     if (fd < THRESHOLD_FD_WORKAROUND) {
! 	if ((new_fd = fcntl(fd, F_DUPFD, THRESHOLD_FD_WORKAROUND)) < 0)
  	    msg_fatal("fcntl F_DUPFD: %m");
  	(void) close(fd);
  	fd = new_fd;
diff -cr /var/tmp/postfix-2.4.0/src/oqmgr/qmgr_transport.c ./src/oqmgr/qmgr_transport.c
*** /var/tmp/postfix-2.4.0/src/oqmgr/qmgr_transport.c	Sat Feb 17 20:09:55 2007
--- ./src/oqmgr/qmgr_transport.c	Mon Apr  2 15:08:18 2007
***************
*** 342,349 ****
  	return;
      }
  #if (EVENTS_STYLE != EVENTS_STYLE_SELECT) && defined(VSTREAM_CTL_DUPFD)
      vstream_control(alloc->stream,
! 		    VSTREAM_CTL_DUPFD, FD_SETSIZE / 8,
  		    VSTREAM_CTL_END);
  #endif
      event_enable_read(vstream_fileno(alloc->stream), qmgr_transport_event,
--- 342,352 ----
  	return;
      }
  #if (EVENTS_STYLE != EVENTS_STYLE_SELECT) && defined(VSTREAM_CTL_DUPFD)
+ #ifndef THRESHOLD_FD_WORKAROUND
+ #define THRESHOLD_FD_WORKAROUND 128
+ #endif
      vstream_control(alloc->stream,
! 		    VSTREAM_CTL_DUPFD, THRESHOLD_FD_WORKAROUND,
  		    VSTREAM_CTL_END);
  #endif
      event_enable_read(vstream_fileno(alloc->stream), qmgr_transport_event,
diff -cr /var/tmp/postfix-2.4.0/src/qmgr/qmgr_transport.c ./src/qmgr/qmgr_transport.c
*** /var/tmp/postfix-2.4.0/src/qmgr/qmgr_transport.c	Sat Feb 17 20:10:04 2007
--- ./src/qmgr/qmgr_transport.c	Mon Apr  2 15:08:32 2007
***************
*** 347,354 ****
  	return;
      }
  #if (EVENTS_STYLE != EVENTS_STYLE_SELECT) && defined(VSTREAM_CTL_DUPFD)
      vstream_control(alloc->stream,
! 		    VSTREAM_CTL_DUPFD, FD_SETSIZE / 8,
  		    VSTREAM_CTL_END);
  #endif
      event_enable_read(vstream_fileno(alloc->stream), qmgr_transport_event,
--- 347,357 ----
  	return;
      }
  #if (EVENTS_STYLE != EVENTS_STYLE_SELECT) && defined(VSTREAM_CTL_DUPFD)
+ #ifndef THRESHOLD_FD_WORKAROUND
+ #define THRESHOLD_FD_WORKAROUND 128
+ #endif
      vstream_control(alloc->stream,
! 		    VSTREAM_CTL_DUPFD, THRESHOLD_FD_WORKAROUND,
  		    VSTREAM_CTL_END);
  #endif
      event_enable_read(vstream_fileno(alloc->stream), qmgr_transport_event,