Prereq: "3.0.12"
diff -ur --new-file /var/tmp/postfix-3.0.12/src/global/mail_version.h ./src/global/mail_version.h
--- /var/tmp/postfix-3.0.12/src/global/mail_version.h	2018-01-27 07:57:56.000000000 -0500
+++ ./src/global/mail_version.h	2018-05-19 16:50:07.000000000 -0400
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180127"
-#define MAIL_VERSION_NUMBER	"3.0.12"
+#define MAIL_RELEASE_DATE	"20180519"
+#define MAIL_VERSION_NUMBER	"3.0.13"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff -ur --new-file /var/tmp/postfix-3.0.12/HISTORY ./HISTORY
--- /var/tmp/postfix-3.0.12/HISTORY	2018-01-21 17:11:10.000000000 -0500
+++ ./HISTORY	2018-05-19 09:45:27.000000000 -0400
@@ -21901,3 +21901,25 @@
 
 	Cleanup: incorrect mailbox seek-to-end error message in the
 	virtual(8) delivery agent. File: virtual/mailbox.c.
+
+20180218
+
+	Cleanup: added 21 missing *_maps parameters to the default
+	proxy_read_maps setting. Files: global/mail_params.h.
+
+	Bugfix (introduced: 20120117): postconf should scan only
+	built-in or service-defined parameters for ldap, *sql, etc.
+	database names. Files: postconf/postconf_user.c.
+
+20180306
+
+	Bugfix (introduced: 19990302): when luser_relay specifies
+	a non-existent local address, the luser_relay feature becomes
+	a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
+
+20180422
+
+	Bugfix (introduced: Postfix 2.8): missing tls_server_start()
+	error propagation in tlsproxy(8) resulting in segfault after
+	TLS handshake error. Found during code maintenance. File:
+	tlsproxy/tlsproxy.c.
diff -ur --new-file /var/tmp/postfix-3.0.12/src/global/mail_params.h ./src/global/mail_params.h
--- /var/tmp/postfix-3.0.12/src/global/mail_params.h	2016-08-20 09:17:08.000000000 -0400
+++ ./src/global/mail_params.h	2018-02-18 10:53:29.000000000 -0500
@@ -2344,7 +2344,28 @@
 				" $" VAR_HELO_CHECKS \
 				" $" VAR_MAIL_CHECKS \
 				" $" VAR_RELAY_CHECKS \
-				" $" VAR_RCPT_CHECKS
+				" $" VAR_RCPT_CHECKS \
+				" $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+				" $" VAR_VRFY_RELAY_MAPS \
+				" $" VAR_VRFY_XPORT_MAPS \
+				" $" VAR_FBCK_TRANSP_MAPS \
+				" $" VAR_LMTP_EHLO_DIS_MAPS \
+				" $" VAR_LMTP_PIX_BUG_MAPS \
+				" $" VAR_LMTP_SASL_PASSWD \
+				" $" VAR_LMTP_TLS_POLICY \
+				" $" VAR_MAILBOX_CMD_MAPS \
+				" $" VAR_MBOX_TRANSP_MAPS \
+				" $" VAR_PSC_EHLO_DIS_MAPS \
+				" $" VAR_RBL_REPLY_MAPS \
+				" $" VAR_SND_DEF_XPORT_MAPS \
+				" $" VAR_SND_RELAY_MAPS \
+				" $" VAR_SMTP_EHLO_DIS_MAPS \
+				" $" VAR_SMTP_PIX_BUG_MAPS \
+				" $" VAR_SMTP_SASL_PASSWD \
+				" $" VAR_SMTP_TLS_POLICY \
+				" $" VAR_SMTPD_EHLO_DIS_MAPS \
+				" $" VAR_VIRT_GID_MAPS \
+				" $" VAR_VIRT_UID_MAPS
 extern char *var_proxy_read_maps;
 
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"
diff -ur --new-file /var/tmp/postfix-3.0.12/src/local/unknown.c ./src/local/unknown.c
--- /var/tmp/postfix-3.0.12/src/local/unknown.c	2015-01-11 15:30:20.000000000 -0500
+++ ./src/local/unknown.c	2018-03-06 19:29:36.000000000 -0500
@@ -73,11 +73,14 @@
 #include <sent.h>
 #include <deliver_pass.h>
 #include <defer.h>
+#include <canon_addr.h>
 
 /* Application-specific. */
 
 #include "local.h"
 
+#define STREQ(x,y) (strcasecmp((x),(y)) == 0)
+
 /* deliver_unknown - delivery for unknown recipients */
 
 int     deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr)
@@ -85,6 +88,7 @@
     const char *myname = "deliver_unknown";
     int     status;
     VSTRING *expand_luser;
+    VSTRING *canon_luser;
     static MAPS *transp_maps;
     const char *map_transport;
 
@@ -139,8 +143,20 @@
     if (*var_luser_relay) {
 	state.msg_attr.unmatched = 0;
 	expand_luser = vstring_alloc(100);
+	canon_luser = vstring_alloc(100);
 	local_expand(expand_luser, var_luser_relay, &state, &usr_attr, (void *) 0);
-	status = deliver_resolve_addr(state, usr_attr, STR(expand_luser));
+	/* In case luser_relay specifies a domain-less address. */
+	canon_addr_external(canon_luser, vstring_str(expand_luser));
+	/* Assumes that the address resolver won't change the address. */
+	if (STREQ(vstring_str(canon_luser), state.msg_attr.rcpt.address)) {
+	    dsb_simple(state.msg_attr.why, "5.1.1",
+		       "unknown user: \"%s\"", state.msg_attr.user);
+	    status = bounce_append(BOUNCE_FLAGS(state.request),
+				   BOUNCE_ATTR(state.msg_attr));
+	} else {
+	    status = deliver_resolve_addr(state, usr_attr, STR(expand_luser));
+	}
+	vstring_free(canon_luser);
 	vstring_free(expand_luser);
 	return (status);
     }
@@ -149,8 +165,6 @@
      * If no alias was found for a required reserved name, toss the message
      * into the bit bucket, and issue a warning instead.
      */
-#define STREQ(x,y) (strcasecmp(x,y) == 0)
-
     if (STREQ(state.msg_attr.user, MAIL_ADDR_MAIL_DAEMON)
 	|| STREQ(state.msg_attr.user, MAIL_ADDR_POSTMASTER)) {
 	msg_warn("required alias not found: %s", state.msg_attr.user);
diff -ur --new-file /var/tmp/postfix-3.0.12/src/postconf/postconf_user.c ./src/postconf/postconf_user.c
--- /var/tmp/postfix-3.0.12/src/postconf/postconf_user.c	2014-12-06 20:35:32.000000000 -0500
+++ ./src/postconf/postconf_user.c	2018-05-19 16:49:01.000000000 -0400
@@ -290,8 +290,13 @@
 	}
 	SCAN_USER_PARAMETER_VALUE(cparam_value, PCF_PARAM_FLAG_USER, local_scope);
 #ifdef LEGACY_DBMS_SUPPORT
-	pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
-				     local_scope);
+#define PCF_BUILTIN_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_BUILTIN)
+#define PCF_SERVICE_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_SERVICE)
+
+	if (node != 0
+	    && (PCF_BUILTIN_PARAMETER(node) || PCF_SERVICE_PARAMETER(node)))
+	    pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
+					 local_scope);
 #endif
     }
 }
diff -ur --new-file /var/tmp/postfix-3.0.12/src/postconf/test28.ref ./src/postconf/test28.ref
--- /var/tmp/postfix-3.0.12/src/postconf/test28.ref	2013-01-07 20:31:05.000000000 -0500
+++ ./src/postconf/test28.ref	2018-02-19 10:51:49.000000000 -0500
@@ -1,10 +1,10 @@
 config_directory = .
 db = memcache
-foo_domain = bar
 header_checks = ldap:hh
 hh_domain = whatever
 yy = aap
 zz_domain = whatever
+./postconf: warning: ./main.cf: unused parameter: foo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: zz=$yy
 ./postconf: warning: ./main.cf: unused parameter: aa_domain=whatever
 ./postconf: warning: ./main.cf: unused parameter: xx=proxy:ldap:foo
diff -ur --new-file /var/tmp/postfix-3.0.12/src/postconf/test29.ref ./src/postconf/test29.ref
--- /var/tmp/postfix-3.0.12/src/postconf/test29.ref	2013-01-07 20:31:36.000000000 -0500
+++ ./src/postconf/test29.ref	2018-02-19 10:52:01.000000000 -0500
@@ -1,16 +1,16 @@
 config_directory = .
-ldapfoo_domain = bar
-memcachefoo_domain = bar
-mysqlfoo_domain = bar
-pgsqlfoo_domain = bar
-sqlitefoo_domain = bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitexx=proxy:sqlite:sqlitefoo
 ./postconf: warning: ./main.cf: unused parameter: pgsqlxx=proxy:pgsql:pgsqlfoo
+./postconf: warning: ./main.cf: unused parameter: ldapfoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: memcachefoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: memcachexx=proxy:memcache:memcachefoo
 ./postconf: warning: ./main.cf: unused parameter: mysqlxx=proxy:mysql:mysqlfoo
 ./postconf: warning: ./main.cf: unused parameter: ldapxx=proxy:ldap:ldapfoo
 ./postconf: warning: ./main.cf: unused parameter: ldapfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: memcachefoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domain=bar
+./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domain=bar
diff -ur --new-file /var/tmp/postfix-3.0.12/src/tlsproxy/tlsproxy.c ./src/tlsproxy/tlsproxy.c
--- /var/tmp/postfix-3.0.12/src/tlsproxy/tlsproxy.c	2015-07-19 09:13:26.000000000 -0400
+++ ./src/tlsproxy/tlsproxy.c	2018-05-19 09:26:16.000000000 -0400
@@ -654,7 +654,7 @@
 
 /* tlsp_start_tls - turn on TLS or force disconnect */
 
-static void tlsp_start_tls(TLSP_STATE *state)
+static int tlsp_start_tls(TLSP_STATE *state)
 {
     TLS_SERVER_START_PROPS props;
     static char *cipher_grade;
@@ -707,7 +707,7 @@
 
     if (state->tls_context == 0) {
 	tlsp_state_free(state);
-	return;
+	return (-1);
     }
 
     /*
@@ -720,6 +720,7 @@
      * XXX Do we care about certificate verification results? Not as long as
      * postscreen(8) doesn't actually receive email.
      */
+    return (0);
 }
 
 /* tlsp_get_fd_event - receive final postscreen(8) hand-off information */
@@ -767,7 +768,8 @@
      * Perform the TLS layer before-handshake initialization. We perform the
      * remainder after the TLS handshake completes.
      */
-    tlsp_start_tls(state);
+    if (tlsp_start_tls(state) < 0)
+	return;
 
     /*
      * Trigger the initial proxy server I/Os.