Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/ibm-public/postfix Merge conflicts between postfix ...



details:   https://anonhg.NetBSD.org/src/rev/f1c41dfd5976
branches:  trunk
changeset: 371777:f1c41dfd5976
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Oct 08 16:12:43 2022 +0000

description:
Merge conflicts between postfix 3.5.2 and 3.7.3

diffstat:

 external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README |    20 +-
 external/ibm-public/postfix/dist/README_FILES/CYRUS_README                |     5 -
 external/ibm-public/postfix/dist/README_FILES/INSTALL                     |     6 +-
 external/ibm-public/postfix/dist/README_FILES/TLS_README                  |   192 +-
 external/ibm-public/postfix/dist/conf/main.cf                             |    33 +-
 external/ibm-public/postfix/dist/conf/master.cf                           |    38 +-
 external/ibm-public/postfix/dist/conf/post-install                        |     4 +-
 external/ibm-public/postfix/dist/conf/postfix-files                       |    21 +-
 external/ibm-public/postfix/dist/conf/postfix-tls-script                  |     4 +-
 external/ibm-public/postfix/dist/conf/postmulti-script                    |     8 +-
 external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html    |    14 +-
 external/ibm-public/postfix/dist/html/INSTALL.html                        |    12 +-
 external/ibm-public/postfix/dist/html/TLS_README.html                     |   207 +-
 external/ibm-public/postfix/dist/html/postconf.5.html                     |  2663 ++++++---
 external/ibm-public/postfix/dist/makedefs                                 |   142 +-
 external/ibm-public/postfix/dist/man/man1/makedefs.1                      |     8 +-
 external/ibm-public/postfix/dist/man/man1/postalias.1                     |    23 +-
 external/ibm-public/postfix/dist/man/man1/postcat.1                       |    10 +-
 external/ibm-public/postfix/dist/man/man1/postconf.1                      |    20 +-
 external/ibm-public/postfix/dist/man/man1/postdrop.1                      |    14 +-
 external/ibm-public/postfix/dist/man/man1/postfix.1                       |    33 +-
 external/ibm-public/postfix/dist/man/man1/postlog.1                       |    17 +-
 external/ibm-public/postfix/dist/man/man1/postmap.1                       |    34 +-
 external/ibm-public/postfix/dist/man/man1/postmulti.1                     |    12 +-
 external/ibm-public/postfix/dist/man/man1/postqueue.1                     |     4 +-
 external/ibm-public/postfix/dist/man/man1/postsuper.1                     |    13 +-
 external/ibm-public/postfix/dist/man/man1/posttls-finger.1                |    35 +-
 external/ibm-public/postfix/dist/man/man1/sendmail.1                      |    65 +-
 external/ibm-public/postfix/dist/man/man1/smtp-sink.1                     |     4 +-
 external/ibm-public/postfix/dist/man/man5/access.5                        |     6 +-
 external/ibm-public/postfix/dist/man/man5/aliases.5                       |     7 +-
 external/ibm-public/postfix/dist/man/man5/canonical.5                     |     6 +-
 external/ibm-public/postfix/dist/man/man5/cidr_table.5                    |    38 +-
 external/ibm-public/postfix/dist/man/man5/generic.5                       |    51 +-
 external/ibm-public/postfix/dist/man/man5/ldap_table.5                    |    16 +-
 external/ibm-public/postfix/dist/man/man5/lmdb_table.5                    |    12 +-
 external/ibm-public/postfix/dist/man/man5/master.5                        |    12 +-
 external/ibm-public/postfix/dist/man/man5/mysql_table.5                   |    15 +-
 external/ibm-public/postfix/dist/man/man5/pcre_table.5                    |    57 +-
 external/ibm-public/postfix/dist/man/man5/pgsql_table.5                   |    11 +-
 external/ibm-public/postfix/dist/man/man5/postconf.5                      |  2324 +++++--
 external/ibm-public/postfix/dist/man/man5/regexp_table.5                  |    34 +-
 external/ibm-public/postfix/dist/man/man5/relocated.5                     |    35 +-
 external/ibm-public/postfix/dist/man/man5/sqlite_table.5                  |     8 +-
 external/ibm-public/postfix/dist/man/man5/transport.5                     |     7 +-
 external/ibm-public/postfix/dist/man/man5/virtual.5                       |    14 +-
 external/ibm-public/postfix/dist/man/man8/bounce.8                        |    12 +-
 external/ibm-public/postfix/dist/man/man8/cleanup.8                       |    38 +-
 external/ibm-public/postfix/dist/man/man8/dnsblog.8                       |    12 +-
 external/ibm-public/postfix/dist/man/man8/local.8                         |    52 +-
 external/ibm-public/postfix/dist/man/man8/master.8                        |     8 +-
 external/ibm-public/postfix/dist/man/man8/pipe.8                          |     8 +-
 external/ibm-public/postfix/dist/man/man8/postlogd.8                      |     6 +-
 external/ibm-public/postfix/dist/man/man8/postscreen.8                    |    50 +-
 external/ibm-public/postfix/dist/man/man8/qmqpd.8                         |    13 +-
 external/ibm-public/postfix/dist/man/man8/smtp.8                          |    72 +-
 external/ibm-public/postfix/dist/man/man8/smtpd.8                         |    90 +-
 external/ibm-public/postfix/dist/man/man8/spawn.8                         |     4 +-
 external/ibm-public/postfix/dist/man/man8/tlsproxy.8                      |    33 +-
 external/ibm-public/postfix/dist/man/man8/trivial-rewrite.8               |    11 +-
 external/ibm-public/postfix/dist/man/man8/verify.8                        |     4 +-
 external/ibm-public/postfix/dist/man/man8/virtual.8                       |     6 +-
 external/ibm-public/postfix/dist/mantools/comment.c                       |     2 +-
 external/ibm-public/postfix/dist/postfix-install                          |     4 +-
 external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html   |    14 +-
 external/ibm-public/postfix/dist/proto/INSTALL.html                       |    10 +-
 external/ibm-public/postfix/dist/proto/TLS_README.html                    |   165 +-
 external/ibm-public/postfix/dist/proto/postconf.proto                     |  2354 +++++---
 external/ibm-public/postfix/dist/src/anvil/anvil.c                        |    18 +-
 external/ibm-public/postfix/dist/src/bounce/bounce.c                      |    35 +-
 external/ibm-public/postfix/dist/src/bounce/bounce_notify_util.c          |   123 +-
 external/ibm-public/postfix/dist/src/bounce/bounce_notify_util_tester.c   |     2 +-
 external/ibm-public/postfix/dist/src/bounce/bounce_service.h              |     8 +-
 external/ibm-public/postfix/dist/src/bounce/bounce_template.c             |    18 +-
 external/ibm-public/postfix/dist/src/bounce/bounce_template.h             |    11 +-
 external/ibm-public/postfix/dist/src/bounce/bounce_templates.c            |    14 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup.c                    |    39 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup.h                    |     9 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_api.c                |     4 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_body_edit.c          |    11 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_init.c               |    17 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_message.c            |    40 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c             |   136 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_out.c                |    10 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_out_recipient.c      |     3 +-
 external/ibm-public/postfix/dist/src/cleanup/cleanup_state.c              |     4 +-
 external/ibm-public/postfix/dist/src/dns/dns.h                            |    33 +-
 external/ibm-public/postfix/dist/src/dns/dns_lookup.c                     |   218 +-
 external/ibm-public/postfix/dist/src/dns/dns_sec.c                        |     2 +-
 external/ibm-public/postfix/dist/src/dns/test_dns_lookup.c                |     9 +-
 external/ibm-public/postfix/dist/src/dnsblog/dnsblog.c                    |    12 +-
 external/ibm-public/postfix/dist/src/flush/flush.c                        |    14 +-
 external/ibm-public/postfix/dist/src/global/abounce.c                     |   247 +-
 external/ibm-public/postfix/dist/src/global/anvil_clnt.c                  |    14 +-
 external/ibm-public/postfix/dist/src/global/been_here.c                   |    86 +-
 external/ibm-public/postfix/dist/src/global/been_here.h                   |     9 +-
 external/ibm-public/postfix/dist/src/global/bounce.c                      |    19 +-
 external/ibm-public/postfix/dist/src/global/cleanup_strerror.c            |     2 +-
 external/ibm-public/postfix/dist/src/global/cleanup_user.h                |     8 +-
 external/ibm-public/postfix/dist/src/global/clnt_stream.c                 |    30 +-
 external/ibm-public/postfix/dist/src/global/clnt_stream.h                 |     2 +-
 external/ibm-public/postfix/dist/src/global/compat_level.c                |     2 +-
 external/ibm-public/postfix/dist/src/global/compat_level.h                |     2 +-
 external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.c      |     2 +-
 external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.h      |     2 +-
 external/ibm-public/postfix/dist/src/global/db_common.c                   |    11 +-
 external/ibm-public/postfix/dist/src/global/debug_peer.c                  |     4 +-
 external/ibm-public/postfix/dist/src/global/defer.c                       |    14 +-
 external/ibm-public/postfix/dist/src/global/deliver_pass.c                |    25 +-
 external/ibm-public/postfix/dist/src/global/deliver_request.c             |    17 +-
 external/ibm-public/postfix/dist/src/global/delivered_hdr.c               |    88 +-
 external/ibm-public/postfix/dist/src/global/dict_ldap.c                   |     4 +-
 external/ibm-public/postfix/dist/src/global/dict_proxy.c                  |    92 +-
 external/ibm-public/postfix/dist/src/global/dict_sqlite.c                 |     4 +-
 external/ibm-public/postfix/dist/src/global/dsb_scan.c                    |    11 +-
 external/ibm-public/postfix/dist/src/global/dsb_scan.h                    |     2 +-
 external/ibm-public/postfix/dist/src/global/dsn_print.c                   |    15 +-
 external/ibm-public/postfix/dist/src/global/dsn_print.h                   |     2 +-
 external/ibm-public/postfix/dist/src/global/dynamicmaps.c                 |    18 +-
 external/ibm-public/postfix/dist/src/global/flush_clnt.c                  |    12 +-
 external/ibm-public/postfix/dist/src/global/haproxy_srvr.c                |    59 +-
 external/ibm-public/postfix/dist/src/global/hfrom_format.c                |     2 +-
 external/ibm-public/postfix/dist/src/global/hfrom_format.h                |     2 +-
 external/ibm-public/postfix/dist/src/global/login_sender_match.c          |     2 +-
 external/ibm-public/postfix/dist/src/global/login_sender_match.h          |     2 +-
 external/ibm-public/postfix/dist/src/global/mail_addr_find.c              |     5 +-
 external/ibm-public/postfix/dist/src/global/mail_command_client.c         |    26 +-
 external/ibm-public/postfix/dist/src/global/mail_conf_time.c              |     4 +-
 external/ibm-public/postfix/dist/src/global/mail_copy.c                   |     4 +-
 external/ibm-public/postfix/dist/src/global/mail_params.c                 |    96 +-
 external/ibm-public/postfix/dist/src/global/mail_params.h                 |   214 +-
 external/ibm-public/postfix/dist/src/global/mail_proto.h                  |    27 +-
 external/ibm-public/postfix/dist/src/global/mail_stream.c                 |    16 +-
 external/ibm-public/postfix/dist/src/global/mail_task.c                   |     8 +-
 external/ibm-public/postfix/dist/src/global/mail_version.h                |     8 +-
 external/ibm-public/postfix/dist/src/global/maillog_client.c              |     8 +-
 external/ibm-public/postfix/dist/src/global/map_search.c                  |     3 +-
 external/ibm-public/postfix/dist/src/global/memcache_proto.c              |     4 +-
 external/ibm-public/postfix/dist/src/global/msg_stats.h                   |     2 +-
 external/ibm-public/postfix/dist/src/global/msg_stats_print.c             |    15 +-
 external/ibm-public/postfix/dist/src/global/msg_stats_scan.c              |    11 +-
 external/ibm-public/postfix/dist/src/global/normalize_mailhost_addr.c     |     6 +-
 external/ibm-public/postfix/dist/src/global/post_mail.c                   |    17 +-
 external/ibm-public/postfix/dist/src/global/quote_822_local.c             |    11 +-
 external/ibm-public/postfix/dist/src/global/rcpt_buf.c                    |    11 +-
 external/ibm-public/postfix/dist/src/global/rcpt_buf.h                    |     2 +-
 external/ibm-public/postfix/dist/src/global/rcpt_print.c                  |    15 +-
 external/ibm-public/postfix/dist/src/global/rcpt_print.h                  |     2 +-
 external/ibm-public/postfix/dist/src/global/record.c                      |    11 +-
 external/ibm-public/postfix/dist/src/global/resolve_clnt.c                |    25 +-
 external/ibm-public/postfix/dist/src/global/rewrite_clnt.c                |    30 +-
 external/ibm-public/postfix/dist/src/global/sasl_mech_filter.c            |     2 +-
 external/ibm-public/postfix/dist/src/global/sasl_mech_filter.h            |     2 +-
 external/ibm-public/postfix/dist/src/global/scache_clnt.c                 |    21 +-
 external/ibm-public/postfix/dist/src/global/server_acl.c                  |    19 +-
 external/ibm-public/postfix/dist/src/global/smtp_stream.c                 |    50 +-
 external/ibm-public/postfix/dist/src/global/smtp_stream.h                 |     6 +-
 external/ibm-public/postfix/dist/src/global/strip_addr.c                  |     9 +-
 external/ibm-public/postfix/dist/src/global/test_main.c                   |     2 +-
 external/ibm-public/postfix/dist/src/global/test_main.h                   |     2 +-
 external/ibm-public/postfix/dist/src/global/trace.c                       |    13 +-
 external/ibm-public/postfix/dist/src/global/verify.c                      |     6 +-
 external/ibm-public/postfix/dist/src/global/verify_clnt.c                 |    41 +-
 external/ibm-public/postfix/dist/src/global/verify_sender_addr.c          |     4 +-
 external/ibm-public/postfix/dist/src/local/forward.c                      |     3 +-
 external/ibm-public/postfix/dist/src/local/local.c                        |    52 +-
 external/ibm-public/postfix/dist/src/local/mailbox.c                      |     4 +-
 external/ibm-public/postfix/dist/src/local/unknown.c                      |     4 +-
 external/ibm-public/postfix/dist/src/master/dgram_server.c                |     4 +-
 external/ibm-public/postfix/dist/src/master/event_server.c                |     9 +-
 external/ibm-public/postfix/dist/src/master/mail_server.h                 |     7 +-
 external/ibm-public/postfix/dist/src/master/master.c                      |     8 +-
 external/ibm-public/postfix/dist/src/master/master_ent.c                  |     7 +-
 external/ibm-public/postfix/dist/src/master/master_monitor.c              |    10 +-
 external/ibm-public/postfix/dist/src/master/master_vars.c                 |     8 +-
 external/ibm-public/postfix/dist/src/master/multi_server.c                |    32 +-
 external/ibm-public/postfix/dist/src/master/single_server.c               |     4 +-
 external/ibm-public/postfix/dist/src/master/trigger_server.c              |     4 +-
 external/ibm-public/postfix/dist/src/milter/milter.c                      |     4 +-
 external/ibm-public/postfix/dist/src/milter/milter.h                      |     8 +-
 external/ibm-public/postfix/dist/src/milter/milter8.c                     |    16 +-
 external/ibm-public/postfix/dist/src/milter/milter_macros.c               |    19 +-
 external/ibm-public/postfix/dist/src/oqmgr/qmgr_deliver.c                 |    16 +-
 external/ibm-public/postfix/dist/src/oqmgr/qmgr_entry.c                   |     4 +-
 external/ibm-public/postfix/dist/src/oqmgr/qmgr_feedback.c                |     2 +-
 external/ibm-public/postfix/dist/src/oqmgr/qmgr_message.c                 |    27 +-
 external/ibm-public/postfix/dist/src/pickup/pickup.c                      |     3 +-
 external/ibm-public/postfix/dist/src/pipe/pipe.c                          |     8 +-
 external/ibm-public/postfix/dist/src/postalias/postalias.c                |    23 +-
 external/ibm-public/postfix/dist/src/postcat/postcat.c                    |    55 +-
 external/ibm-public/postfix/dist/src/postconf/install_vars.h              |     2 +-
 external/ibm-public/postfix/dist/src/postconf/postconf.c                  |    31 +-
 external/ibm-public/postfix/dist/src/postconf/postconf_builtin.c          |    20 +-
 external/ibm-public/postfix/dist/src/postconf/postconf_dbms.c             |     4 +-
 external/ibm-public/postfix/dist/src/postconf/postconf_lookup.c           |    14 +-
 external/ibm-public/postfix/dist/src/postconf/postconf_main.c             |     8 +-
 external/ibm-public/postfix/dist/src/postconf/postconf_master.c           |    21 +-
 external/ibm-public/postfix/dist/src/postconf/postconf_user.c             |     4 +-
 external/ibm-public/postfix/dist/src/postdrop/postdrop.c                  |   135 +-
 external/ibm-public/postfix/dist/src/postfix/postfix.c                    |    43 +-
 external/ibm-public/postfix/dist/src/postkick/postkick.c                  |     7 +-
 external/ibm-public/postfix/dist/src/postlock/postlock.c                  |     7 +-
 external/ibm-public/postfix/dist/src/postlog/postlog.c                    |    92 +-
 external/ibm-public/postfix/dist/src/postlogd/postlogd.c                  |     6 +-
 external/ibm-public/postfix/dist/src/postmap/postmap.c                    |    36 +-
 external/ibm-public/postfix/dist/src/postmulti/postmulti.c                |    16 +-
 external/ibm-public/postfix/dist/src/postqueue/postqueue.c                |    58 +-
 external/ibm-public/postfix/dist/src/postqueue/showq_compat.c             |    10 +-
 external/ibm-public/postfix/dist/src/postqueue/showq_json.c               |     8 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen.c              |   137 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen.h              |    16 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_dnsbl.c        |    12 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_early.c        |    26 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_endpt.c        |     4 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_misc.c         |     8 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_smtpd.c        |    24 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_starttls.c     |   149 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_state.c        |     6 +-
 external/ibm-public/postfix/dist/src/postscreen/postscreen_tests.c        |     8 +-
 external/ibm-public/postfix/dist/src/postsuper/postsuper.c                |    13 +-
 external/ibm-public/postfix/dist/src/posttls-finger/posttls-finger.c      |   167 +-
 external/ibm-public/postfix/dist/src/proxymap/proxymap.c                  |   138 +-
 external/ibm-public/postfix/dist/src/qmgr/qmgr_deliver.c                  |    16 +-
 external/ibm-public/postfix/dist/src/qmgr/qmgr_entry.c                    |     4 +-
 external/ibm-public/postfix/dist/src/qmgr/qmgr_feedback.c                 |     2 +-
 external/ibm-public/postfix/dist/src/qmgr/qmgr_message.c                  |    27 +-
 external/ibm-public/postfix/dist/src/qmqpd/qmqpd.c                        |    13 +-
 external/ibm-public/postfix/dist/src/qmqpd/qmqpd_peer.c                   |    12 +-
 external/ibm-public/postfix/dist/src/scache/scache.c                      |    18 +-
 external/ibm-public/postfix/dist/src/sendmail/sendmail.c                  |    89 +-
 external/ibm-public/postfix/dist/src/showq/showq.c                        |     9 +-
 external/ibm-public/postfix/dist/src/smtp/lmtp_params.c                   |    10 +-
 external/ibm-public/postfix/dist/src/smtp/smtp.c                          |    91 +-
 external/ibm-public/postfix/dist/src/smtp/smtp.h                          |    23 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_addr.c                     |    17 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_chat.c                     |    15 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_connect.c                  |    34 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_params.c                   |    10 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_proto.c                    |    76 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_sasl_proto.c               |    45 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_session.c                  |     5 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_state.c                    |    12 +-
 external/ibm-public/postfix/dist/src/smtp/smtp_tls_policy.c               |    20 +-
 external/ibm-public/postfix/dist/src/smtpd/smtpd.c                        |   153 +-
 external/ibm-public/postfix/dist/src/smtpd/smtpd.h                        |     7 +-
 external/ibm-public/postfix/dist/src/smtpd/smtpd_chat.c                   |    18 +-
 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c                  |   151 +-
 external/ibm-public/postfix/dist/src/smtpd/smtpd_peer.c                   |     7 +-
 external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_glue.c              |    23 +-
 external/ibm-public/postfix/dist/src/smtpstone/smtp-sink.c                |     8 +-
 external/ibm-public/postfix/dist/src/spawn/spawn.c                        |     4 +-
 external/ibm-public/postfix/dist/src/tls/tls.h                            |   133 +-
 external/ibm-public/postfix/dist/src/tls/tls_certkey.c                    |    66 +-
 external/ibm-public/postfix/dist/src/tls/tls_client.c                     |   882 +-
 external/ibm-public/postfix/dist/src/tls/tls_dane.c                       |  1919 ++----
 external/ibm-public/postfix/dist/src/tls/tls_dh.c                         |   387 +-
 external/ibm-public/postfix/dist/src/tls/tls_fprint.c                     |   186 +-
 external/ibm-public/postfix/dist/src/tls/tls_mgr.c                        |    17 +-
 external/ibm-public/postfix/dist/src/tls/tls_misc.c                       |   369 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy.h                      |    56 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_client_misc.c          |   142 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_client_print.c         |   184 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_client_scan.c          |   273 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_clnt.c                 |    10 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_context_print.c        |    16 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_context_scan.c         |    10 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_server_print.c         |    22 +-
 external/ibm-public/postfix/dist/src/tls/tls_proxy_server_scan.c          |    10 +-
 external/ibm-public/postfix/dist/src/tls/tls_rsa.c                        |   129 +-
 external/ibm-public/postfix/dist/src/tls/tls_scache.c                     |    12 +-
 external/ibm-public/postfix/dist/src/tls/tls_server.c                     |   126 +-
 external/ibm-public/postfix/dist/src/tls/tls_verify.c                     |   128 +-
 external/ibm-public/postfix/dist/src/tlsmgr/tlsmgr.c                      |    21 +-
 external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c                  |    96 +-
 external/ibm-public/postfix/dist/src/trivial-rewrite/resolve.c            |     4 +-
 external/ibm-public/postfix/dist/src/trivial-rewrite/transport.c          |     4 +-
 external/ibm-public/postfix/dist/src/trivial-rewrite/trivial-rewrite.c    |    27 +-
 external/ibm-public/postfix/dist/src/util/alldig.c                        |     2 +-
 external/ibm-public/postfix/dist/src/util/argv.c                          |     4 +-
 external/ibm-public/postfix/dist/src/util/argv.h                          |     6 +-
 external/ibm-public/postfix/dist/src/util/argv_attr.h                     |     6 +-
 external/ibm-public/postfix/dist/src/util/argv_attr_print.c               |    10 +-
 external/ibm-public/postfix/dist/src/util/argv_attr_scan.c                |     6 +-
 external/ibm-public/postfix/dist/src/util/argv_split_at.c                 |     2 +-
 external/ibm-public/postfix/dist/src/util/attr.h                          |    23 +-
 external/ibm-public/postfix/dist/src/util/attr_clnt.c                     |    17 +-
 external/ibm-public/postfix/dist/src/util/attr_clnt.h                     |     9 +-
 external/ibm-public/postfix/dist/src/util/attr_print0.c                   |    13 +-
 external/ibm-public/postfix/dist/src/util/attr_print64.c                  |    13 +-
 external/ibm-public/postfix/dist/src/util/attr_print_plain.c              |    13 +-
 external/ibm-public/postfix/dist/src/util/attr_scan0.c                    |    41 +-
 external/ibm-public/postfix/dist/src/util/attr_scan64.c                   |    51 +-
 external/ibm-public/postfix/dist/src/util/attr_scan_plain.c               |    46 +-
 external/ibm-public/postfix/dist/src/util/auto_clnt.c                     |    52 +-
 external/ibm-public/postfix/dist/src/util/auto_clnt.h                     |     2 +-
 external/ibm-public/postfix/dist/src/util/binhash.c                       |   112 +-
 external/ibm-public/postfix/dist/src/util/binhash.h                       |     9 +-
 external/ibm-public/postfix/dist/src/util/check_arg.h                     |     4 +-
 external/ibm-public/postfix/dist/src/util/cidr_match.c                    |    19 +-
 external/ibm-public/postfix/dist/src/util/dict.h                          |    11 +-
 external/ibm-public/postfix/dist/src/util/dict_cache.c                    |     4 +-
 external/ibm-public/postfix/dist/src/util/dict_cdb.c                      |     4 +-
 external/ibm-public/postfix/dist/src/util/dict_cidr.c                     |    10 +-
 external/ibm-public/postfix/dist/src/util/dict_db.c                       |     7 +-
 external/ibm-public/postfix/dist/src/util/dict_fail.c                     |     2 +-
 external/ibm-public/postfix/dist/src/util/dict_file.c                     |     4 +-
 external/ibm-public/postfix/dist/src/util/dict_inline.c                   |     8 +-
 external/ibm-public/postfix/dist/src/util/dict_lmdb.c                     |     6 +-
 external/ibm-public/postfix/dist/src/util/dict_pcre.c                     |   278 +-
 external/ibm-public/postfix/dist/src/util/dict_random.c                   |     4 +-
 external/ibm-public/postfix/dist/src/util/dict_random.h                   |     4 +-
 external/ibm-public/postfix/dist/src/util/dict_regexp.c                   |    13 +-
 external/ibm-public/postfix/dist/src/util/dict_static.c                   |     4 +-
 external/ibm-public/postfix/dist/src/util/dict_stream.c                   |     2 +-
 external/ibm-public/postfix/dist/src/util/dict_thash.c                    |    23 +-
 external/ibm-public/postfix/dist/src/util/dup2_pass_on_exec.c             |     2 +-
 external/ibm-public/postfix/dist/src/util/edit_file.c                     |     6 +-
 external/ibm-public/postfix/dist/src/util/extpar.c                        |    26 +-
 external/ibm-public/postfix/dist/src/util/find_inet.c                     |   159 +-
 external/ibm-public/postfix/dist/src/util/gccw.c                          |     2 +-
 external/ibm-public/postfix/dist/src/util/hash_fnv.c                      |     2 +-
 external/ibm-public/postfix/dist/src/util/hash_fnv.h                      |     2 +-
 external/ibm-public/postfix/dist/src/util/hex_code.c                      |    81 +-
 external/ibm-public/postfix/dist/src/util/hex_code.h                      |    15 +-
 external/ibm-public/postfix/dist/src/util/htable.c                        |    20 +-
 external/ibm-public/postfix/dist/src/util/inet_addr_host.c                |     9 +-
 external/ibm-public/postfix/dist/src/util/inet_connect.c                  |     2 +-
 external/ibm-public/postfix/dist/src/util/inet_listen.c                   |    18 +-
 external/ibm-public/postfix/dist/src/util/inet_proto.c                    |    13 +-
 external/ibm-public/postfix/dist/src/util/inet_proto.h                    |     2 +-
 external/ibm-public/postfix/dist/src/util/known_tcp_ports.c               |     2 +-
 external/ibm-public/postfix/dist/src/util/known_tcp_ports.h               |     2 +-
 external/ibm-public/postfix/dist/src/util/ldseed.c                        |     2 +-
 external/ibm-public/postfix/dist/src/util/ldseed.h                        |     2 +-
 external/ibm-public/postfix/dist/src/util/load_lib.c                      |     6 +-
 external/ibm-public/postfix/dist/src/util/mac_expand.c                    |   216 +-
 external/ibm-public/postfix/dist/src/util/mac_expand.h                    |    28 +-
 external/ibm-public/postfix/dist/src/util/mac_parse.h                     |     7 +-
 external/ibm-public/postfix/dist/src/util/msg_logger.c                    |    16 +-
 external/ibm-public/postfix/dist/src/util/msg_output.c                    |     5 +-
 external/ibm-public/postfix/dist/src/util/myaddrinfo.c                    |    21 +-
 external/ibm-public/postfix/dist/src/util/mymalloc.c                      |     8 +-
 external/ibm-public/postfix/dist/src/util/mymalloc.h                      |     4 +-
 external/ibm-public/postfix/dist/src/util/mystrtok.c                      |   157 +-
 external/ibm-public/postfix/dist/src/util/name_mask.c                     |     4 +-
 external/ibm-public/postfix/dist/src/util/percentm.c                      |    86 -
 external/ibm-public/postfix/dist/src/util/percentm.h                      |    37 -
 external/ibm-public/postfix/dist/src/util/sane_link.c                     |     2 +-
 external/ibm-public/postfix/dist/src/util/sane_rename.c                   |     2 +-
 external/ibm-public/postfix/dist/src/util/sane_strtol.c                   |     2 +-
 external/ibm-public/postfix/dist/src/util/sane_strtol.h                   |     2 +-
 external/ibm-public/postfix/dist/src/util/slmdb.c                         |   109 +-
 external/ibm-public/postfix/dist/src/util/stringops.h                     |    10 +-
 external/ibm-public/postfix/dist/src/util/sys_defs.h                      |    23 +-
 external/ibm-public/postfix/dist/src/util/unix_dgram_connect.c            |     4 +-
 external/ibm-public/postfix/dist/src/util/unix_dgram_listen.c             |     4 +-
 external/ibm-public/postfix/dist/src/util/unix_pass_fd_fix.c              |     2 +-
 external/ibm-public/postfix/dist/src/util/vbuf_print.c                    |     5 +-
 external/ibm-public/postfix/dist/src/util/vstream.c                       |   260 +-
 external/ibm-public/postfix/dist/src/util/vstream.h                       |     7 +-
 external/ibm-public/postfix/dist/src/util/vstring.c                       |     4 +-
 external/ibm-public/postfix/dist/src/util/vstring.h                       |     3 +-
 external/ibm-public/postfix/dist/src/verify/verify.c                      |    24 +-
 external/ibm-public/postfix/dist/src/virtual/virtual.c                    |     6 +-
 external/ibm-public/postfix/dist/src/xsasl/xsasl_dovecot_server.c         |     7 +-
 external/ibm-public/postfix/lib/dns/Makefile                              |     3 +-
 external/ibm-public/postfix/lib/global/Makefile                           |     7 +-
 external/ibm-public/postfix/lib/util/Makefile                             |     9 +-
 368 files changed, 13316 insertions(+), 8345 deletions(-)

diffs (truncated from 43996 to 300 lines):

diff -r 05f567067cdd -r f1c41dfd5976 external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README
--- a/external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README Sat Oct 08 16:08:59 2022 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README Sat Oct 08 16:12:43 2022 +0000
@@ -6,7 +6,7 @@
 
 Recipient address verification may cause an increased load on down-stream
 servers in the case of a dictionary attack or a flood of backscatter bounces.
-Sender address verification may cause your site to be blacklisted by some
+Sender address verification may cause your site to be denylisted by some
 providers. See also the "Limitations" section below for more.
 
 WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu
@@ -89,11 +89,11 @@
     mail for a remote address can bounce AFTER a preferred MTA accepts the
     recipient address, or AFTER a preferred MTA accepts the message content.
 
-  * Some sites may blacklist you when you are probing them too often (a probe
-    is an SMTP session that does not deliver mail), or when you are probing
-    them too often for a non-existent address. This is one reason why you
-    should use sender address verification sparingly, if at all, when your site
-    receives lots of email.
+  * Some sites may denylist you when you are probing them too often (a probe is
+    an SMTP session that does not deliver mail), or when you are probing them
+    too often for a non-existent address. This is one reason why you should use
+    sender address verification sparingly, if at all, when your site receives
+    lots of email.
 
   * Normally, address verification probe messages follow the same path as
     regular mail. However, some sites send mail to the Internet via an
@@ -125,7 +125,7 @@
     "double-bounce@$myorigin" would succeed.
 
   * The downside of using a non-empty sender address is that the address may
-    end op on spammer mailing lists. Although Postfix always discards mail to
+    end up on spammer mailing lists. Although Postfix always discards mail to
     the double-bounce address, this still results in wasted network bandwidth
     and server capacity. To defeat address harvesting, Postfix 2.9 and later
     support time-dependent sender addresses when you specify a non-zero
@@ -234,7 +234,7 @@
 
 Unfortunately, sender address verification cannot simply be turned on for all
 email - you are likely to lose legitimate mail from mis-configured systems. You
-almost certainly will have to set up white lists for specific addresses, or
+almost certainly will have to set up allow lists for specific addresses, or
 even for entire domains.
 
 To find out how sender address verification would affect your mail, specify
@@ -260,11 +260,11 @@
 This is also a good way to populate your cache with address verification
 results before you start to actually reject mail.
 
-The sender_access restriction is needed to whitelist domains or addresses that
+The sender_access restriction is needed to allowlist domains or addresses that
 are known to be OK. Although Postfix will not mark a known-to-be-good address
 as bad after a probe fails, it is better to be safe than sorry.
 
-NOTE: You will have to whitelist sites such as securityfocus.com and other
+NOTE: You will have to allowlist sites such as securityfocus.com and other
 sites that operate mailing lists that use a different sender address for each
 posting (VERP). Such addresses pollute the address verification cache quickly,
 and generate unnecessary sender verification probes.
diff -r 05f567067cdd -r f1c41dfd5976 external/ibm-public/postfix/dist/README_FILES/CYRUS_README
--- a/external/ibm-public/postfix/dist/README_FILES/CYRUS_README        Sat Oct 08 16:08:59 2022 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
-PPoossttffiixx CCyyrruuss HHoowwttoo
-
--------------------------------------------------------------------------------
-This document will be made available via http://www.postfix.org/.
-
diff -r 05f567067cdd -r f1c41dfd5976 external/ibm-public/postfix/dist/README_FILES/INSTALL
--- a/external/ibm-public/postfix/dist/README_FILES/INSTALL     Sat Oct 08 16:08:59 2022 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/INSTALL     Sat Oct 08 16:12:43 2022 +0000
@@ -331,7 +331,7 @@
     # make upgrade meta_directory=/usr/libexec/postfix ...
     # make install meta_directory=/usr/libexec/postfix ...
 
-As with the command "make makefiles, the command "make install/upgrade
+As with the command "make makefiles", the command "make install/upgrade
 name=value..." will replace the string MAIL_VERSION at the end of a
 configuration parameter value with the Postfix release version. Do not try to
 specify something like $mail_version on this command line. This produces
@@ -593,6 +593,9 @@
 ||-DNO_POSIX_GETPW_R            |getpwuid_r. By default Postfix uses these    |
 ||                              |where they are known to be available.        |
 |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ |
+||-DNO_RES_NCALLS               |Do not build with the threadsafe resolver(5) |
+||                              |API (res_ninit() etc.).                      |
+|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ |
 ||                              |Use setjmp()/longjmp() instead of sigsetjmp  |
 ||-DNO_SIGSETJMP                |()/siglongjmp(). By default, Postfix uses    |
 ||                              |sigsetjmp()/siglongjmp() when they are known |
@@ -1085,6 +1088,7 @@
 
     # newaliases
     # sendmail -bi
+    # postalias /etc/aliases (pathname is system dependent!)
 
 1111 -- TToo cchhrroooott oorr nnoott ttoo cchhrroooott
 
diff -r 05f567067cdd -r f1c41dfd5976 external/ibm-public/postfix/dist/README_FILES/TLS_README
--- a/external/ibm-public/postfix/dist/README_FILES/TLS_README  Sat Oct 08 16:08:59 2022 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/TLS_README  Sat Oct 08 16:12:43 2022 +0000
@@ -12,7 +12,7 @@
 encrypt mail and to authenticate remote SMTP clients or servers. You also turn
 on hundreds of thousands of lines of OpenSSL library code. Assuming that
 OpenSSL is written as carefully as Wietse's own code, every 1000 lines
-introduce one additional bug into Postfix.
+introduces one additional bug into Postfix.
 
 Topics covered in this document:
 
@@ -101,10 +101,10 @@
 certificates.
 
 Note that server certificates are nnoott optional in TLS 1.3. To run without
-certificates you'd have to disable the TLS 1.3 protocol by including '!TLSv1.3'
-in "smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols". It
-is simpler instead to just configure a certificate chain. Certificate-less
-operation is not recommended.
+certificates you'd have to disable the TLS 1.3 protocol by including
+"<=TLSv1.2" (or, for Postfix < 3.6, "!TLSv1.3") in "smtpd_tls_protocols" and
+perhaps also "smtpd_tls_mandatory_protocols". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not recommended.
 
 RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. Most sites only
 have RSA certificates. You can configure all three at the same time, in which
@@ -121,7 +121,7 @@
 receive the issuing CA certificates via the TLS handshake or via public-key
 infrastructure. This means that the Postfix server public-key certificate file
 must include the server certificate first, then the issuing CA(s) (bottom-up
-order). The Postfix SMTP server certificate must be usable as SSL server
+order). The Postfix SMTP server certificate must be usable as an SSL server
 certificate and hence pass the "openssl verify -purpose sslserver ..." test.
 
 The examples that follow show how to create a server certificate file. We
@@ -178,7 +178,8 @@
 cert, [chain]) sequences, one per algorithm. It is typically simpler to keep
 the chain for each algorithm in its own file. Most users are likely to deploy
 just a single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to
-five chains, one each for RSA, ECDSA, ED25519, ED448 and even the obsolete DSA.
+five chains, one each for RSA, ECDSA, ED25519, ED448, and even the obsolete
+DSA.
 
         # Postfix >= 3.4.  Preferred configuration interface.  Each file
         # starts with the private key, followed by the corresponding
@@ -364,11 +365,11 @@
     /etc/postfix/main.cf:
         smtpd_tls_security_level = encrypt
 
-TLS is sometimes used in the non-standard "wrapper" mode where a server always
-uses TLS, instead of announcing STARTTLS support and waiting for remote SMTP
-clients to request TLS service. Some clients, namely Outlook [Express] prefer
-the "wrapper" mode. This is true for OE (Win32 < 5.0 and Win32 >=5.0 when run
-on a port<>25 and OE (5.01 Mac on all ports).
+TLS is also used in the "wrapper" mode where a server always uses TLS, instead
+of announcing STARTTLS support and waiting for remote SMTP clients to request
+TLS service. Some clients, namely Outlook [Express] prefer the "wrapper" mode.
+This is true for OE (Win32 < 5.0 and Win32 >=5.0 when run on a port<>25 and OE
+(5.01 Mac on all ports).
 
 It is strictly discouraged to use this mode from main.cf. If you want to
 support this service, enable a special port in master.cf and specify "-
@@ -545,12 +546,17 @@
 
 The digest algorithm used to compute the client certificate fingerprints is
 specified with the main.cf smtpd_tls_fingerprint_digest parameter. The default
-is "md5", for compatibility with Postfix versions < 2.5.
+algorithm is sshhaa225566 with Postfix >= 3.6 and the ccoommppaattiibbiilliittyy__lleevveell set to 3.6
+or higher. With Postfix <= 3.5, the default algorithm is mmdd55. The best-practice
+algorithm is now sshhaa225566. Recent advances in hash function cryptanalysis have
+led to md5 and sha1 being deprecated in favor of sha256. However, as long as
+there are no known "second pre-image" attacks against the older algorithms,
+their use in this context, though not recommended, is still likely safe.
 
 The permit_tls_all_clientcerts feature must be used with caution, because it
 can result in too many access permissions. Use this feature only if a special
-CA issues the client certificates, and only if this CA is listed as trusted CA.
-If other CAs are trusted, any owner of a valid client certificate would be
+CA issues the client certificates, and only if this CA is listed as a trusted
+CA. If other CAs are trusted, any owner of a valid client certificate would be
 authorized. The permit_tls_all_clientcerts feature can be practical for a
 specially created email relay server.
 
@@ -596,26 +602,12 @@
 another OpenSSL command that converts the key to DER and then to the "dgst"
 command to compute the fingerprint.
 
-The actual command to transform the key to DER format depends on the version of
-OpenSSL used. With OpenSSL 1.0.0 and later, the "pkey" command supports all key
-types. With OpenSSL 0.9.8 and earlier, the key type is always RSA (nobody uses
-DSA, and EC keys are not fully supported by 0.9.8), so the "rsa" command is
-used.
-
-    # OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+Example:
+
     $ openssl x509 -in cert.pem -noout -pubkey |
         openssl pkey -pubin -outform DER |
-        openssl dgst -sha1 -c
-    (stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
-
-    # OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
-    $ openssl x509 -in cert.pem -noout -pubkey |
-        openssl rsa -pubin -outform DER |
-        openssl dgst -md5 -c
-    (stdin)= f4:62:60:f6:12:8f:d5:8d:28:4d:13:a7:db:b2:ff:50
-
-Note: Postfix 2.9.0-2.9.5 computed the public key fingerprint incorrectly. To
-use public-key fingerprints, upgrade to Postfix 2.9.6 or later.
+        openssl dgst -sha256 -c
+    (stdin)= 64:3f:1f:f6:e5:1e:d4:2a:...:8b:fc:09:1a:61:98:b5:bc:7c:60:58
 
 SSeerrvveerr--ssiiddee cciipphheerr ccoonnttrroollss
 
@@ -641,8 +633,8 @@
 default disables SSLv2 and SSLv3 with Postfix releases after the middle of
 2015; older releases only disable SSLv2 for mandatory TLS. The mandatory TLS
 protocol list is specified via the smtpd_tls_mandatory_protocols configuration
-parameter. The smtpd_tls_protocols parameter (Postfix >= 2.6) controls the SSL/
-TLS protocols used with opportunistic TLS.
+parameter. The smtpd_tls_protocols parameter (Postfix >= 2.6) controls the TLS
+protocols used with opportunistic TLS.
 
 Note that the OpenSSL library only supports protocol exclusion (not inclusion).
 For this reason, Postfix can exclude only protocols that are known at the time
@@ -658,8 +650,7 @@
 be explicitly disabled. Therefore, they are not recommended, it is better and
 simpler to just configure a suitable certificate.
 
-Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3, with high grade
-ciphers:
+Example, MSA that requires TLSv1.2 or higher, with high grade ciphers:
 
     /etc/postfix/main.cf:
         smtpd_tls_cert_file = /etc/postfix/cert.pem
@@ -667,10 +658,10 @@
         smtpd_tls_mandatory_ciphers = high
         smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
         smtpd_tls_security_level = encrypt
-        # Preferred syntax with Postfix >= 2.5:
-        smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+        # Preferred syntax with Postfix >= 3.6:
+        smtpd_tls_mandatory_protocols = >=TLSv1.2
         # Legacy syntax:
-        smtpd_tls_mandatory_protocols = TLSv1
+        smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 
 With Postfix >= 3.4, specify instead a single file that holds the key followed
 by the corresponding certificate and any associated issuing certificates,
@@ -933,9 +924,10 @@
     submission
 
     /etc/postfix/tls_policy:
-        [example.net]:587 encrypt protocols=TLSv1 ciphers=high
-        [example.net]:msa encrypt protocols=TLSv1 ciphers=high
-        [example.net]:submission encrypt protocols=TLSv1 ciphers=high
+        # Postfix >= 3.6 "protocols" syntax
+        [example.net]:587 encrypt protocols=>=TLSv1.2 ciphers=high
+        # Legacy "protocols" syntax
+        [example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
 
 DDAANNEE TTLLSS aauutthheennttiiccaattiioonn..
 
@@ -1033,8 +1025,9 @@
 The above client pre-requisites do not apply to the Postfix SMTP server. It
 will support DANE provided it supports TLSv1 and its TLSA records are published
 in a DNSSEC signed zone. To receive DANE secured mail for multiple domains, use
-the same hostname to add the server to each domain's MX records. There are no
-plans to implement SNI in the Postfix SMTP server.
+the same hostname to add the server to each domain's MX records. The Postfix
+SMTP server supports SNI (Postfix 3.4 and later), configured with
+tls_server_sni_maps.
 
 Note: The Postfix SMTP client's internal stub DNS resolver is DNSSEC-aware, but
 it does not itself validate DNSSEC records, rather it delegates DNSSEC
@@ -1129,6 +1122,14 @@
 or multiple match attributes can be employed. The ":" character is not used as
 a delimiter as it occurs between each pair of fingerprint (hexadecimal) digits.
 
+The default algorithm is sshhaa225566 with Postfix >= 3.6 and the ccoommppaattiibbiilliittyy__lleevveell
+set to 3.6 or higher; with Postfix <= 3.5, the default algorithm is mmdd55. The
+best-practice algorithm is now sshhaa225566. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of sha256.
+However, as long as there are no known "second pre-image" attacks against the
+older algorithms, their use in this context, though not recommended, is still
+likely safe.
+
 Example: fingerprint TLS security with an internal mailhub. Two matching
 fingerprints are listed. The relayhost may be multiple physical hosts behind a
 load-balancer, each with its own private/public key and self-signed
@@ -1138,22 +1139,22 @@
 
         relayhost = [mailhub.example.com]
         smtp_tls_security_level = fingerprint
-        smtp_tls_fingerprint_digest = md5
+        smtp_tls_fingerprint_digest = sha256
         smtp_tls_fingerprint_cert_match =
-            3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
-            EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35




Home | Main Index | Thread Index | Old Index