diff --git a/doc/postfwd.CHANGELOG b/doc/postfwd.CHANGELOG
index e1391eb..eacb5b0 100644
--- a/doc/postfwd.CHANGELOG
+++ b/doc/postfwd.CHANGELOG
@@ -1,3 +1,41 @@
+1.35
+====
+- code:    rate(), size() and rcpt() function index is now case insensitive by default
+	   (same limit counters for from@example.org and fRom@eXample.org)
+           if you need to treat the localpart case-sensitive according to rfc5321
+	   you may use rate5321(), size5321() and rcpt5321()
+
+1.34
+====
+- bugfix:  fixed taint mode logging error for verbose --showconfig and --stdoutlog
+	   options and newer perl versions.
+- bugfix:  check_* functions use print/getline instead of send/recv for large 
+	   --dumpcache output (thanks to Alexandre Simon)
+- code:    log_* routines added to allow the same plugins for postfwd1 and postfwd2
+- code:    added more information when using --debug=cleanup
+- docs:    documentation updates
+- feature: new sendmail(sendmail-path::from::to::subject::body) action.
+           Please take a look at the manual, especially about
+           it's limitations, before using it!
+    ------------------------------------------------------------
+     # alert
+     action=sendmail(/usr/sbin/sendmail::from@example.org::to@example.org::Subject::Text)
+    ------------------------------------------------------------
+
+
+1.33
+====
+- feature: new compare operators *
+        ====================================================================
+         *ITEM > VALUE                true if ITEM > VALUE
+         *ITEM < VALUE                true if ITEM < VALUE
+        ====================================================================
+- bugfix:  fixed bug when computing scores with more than 1 digit after the "." (n.nn)
+- bugfix:  fixed bug when computing negative values with the set action
+- bugfix:  ITEMS plugins returning zero values were handled incorrectly
+- bugfix:  max command recursion was not reset for each rule
+
+
 1.32
 ====
 - feature: new option --save_rates=<file> allows to load and save
diff --git a/doc/postfwd.html b/doc/postfwd.html
index c3023ff..7f7233a 100644
--- a/doc/postfwd.html
+++ b/doc/postfwd.html
@@ -1,14 +1,18 @@
+<?xml version="1.0" ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>postfwd - postfix firewall daemon</title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
 <link rev="made" href="mailto:root@localhost" />
 </head>
 
 <body style="background-color: white">
 
-<p><a name="__index__"></a></p>
+
 <!-- INDEX BEGIN -->
+<div name="index">
+<p><a name="__index__"></a></p>
 
 <ul>
 
@@ -37,9 +41,11 @@
 	<li><a href="#license">LICENSE</a></li>
 	<li><a href="#author">AUTHOR</a></li>
 </ul>
+
+<hr name="index" />
+</div>
 <!-- INDEX END -->
 
-<hr />
 <p>
 </p>
 <h1><a name="name">NAME</a></h1>
@@ -111,7 +117,8 @@
             --config_timeout &lt;i&gt;     parser timeout in seconds
             --keep_rates             do not clear rate limit counters on reload
             --save_rates &lt;file&gt;      save and load rate limits on disk
-            --fast_limit_evaluation  evaluate rate limits before ruleset is parsed</pre>
+            --fast_limit_evaluation  evaluate rate limits before ruleset is parsed
+                                     (please note the limitations)</pre>
 <pre>
         Plugins:
             --plugins &lt;file&gt;        loads postfwd plugins from file</pre>
@@ -165,6 +172,8 @@ is not important. So the following would lead to the same result as the previous
          ITEM == VALUE                true if ITEM equals VALUE
          ITEM =&gt; VALUE                true if ITEM &gt;= VALUE
          ITEM =&lt; VALUE                true if ITEM &lt;= VALUE
+         ITEM &gt;  VALUE                true if ITEM &gt;  VALUE
+         ITEM &lt;  VALUE                true if ITEM &lt;  VALUE
          ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
          ITEM != VALUE                false if ITEM equals VALUE
          ITEM !&gt; VALUE                false if ITEM &gt;= VALUE
@@ -442,7 +451,7 @@ necessary. Of course this might increase the system load, so please use it with
 <pre>
         -- FILE /etc/postfwd/clients_west.cf --
         192.168.3.0/24</pre>
-<p>Remind that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
+<p>Note that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
 with postfwd1 v1.15 and postfwd2 v0.18 and higher.</p>
 <p>
 </p>
@@ -456,7 +465,7 @@ request attributes by preceeding $$ characters, like:</p>
         id=R-003; client_name = !!$$helo_name; action=WARN helo '$$(helo_name)' does not match DNS '$$(client_name)'</pre>
 <p><em>postfix actions</em></p>
 <p>Actions will be replied to postfix as result to policy delegation requests. Any action that postfix understands is allowed - see
-``man 5 access'' or <a href="http://www.postfix.org/access.5.html">http://www.postfix.org/access.5.html</a> for a description. If no action is specified, the postfix WARN action
+&quot;man 5 access&quot; or <a href="http://www.postfix.org/access.5.html">http://www.postfix.org/access.5.html</a> for a description. If no action is specified, the postfix WARN action
 which simply logs the event will be used for the corresponding rule.</p>
 <p>postfwd will return dunno if it has reached the end of the ruleset and no rule has matched. This can be changed by placing a last
 rule containing only an action statement:</p>
@@ -494,7 +503,7 @@ rule containing only an action statement:</p>
         this command creates a counter for the given &lt;item&gt;, which will be increased any time a request
         containing it arrives. if it exceeds &lt;max&gt; within &lt;time&gt; seconds it will return &lt;action&gt; to postfix.
         rate counters are very fast as they are executed before the ruleset is parsed.
-        please note that &lt;action&gt; is currently limited to postfix actions (no postfwd actions)!
+        please note that &lt;action&gt; was limited to postfix actions (no postfwd actions) for postfwd versions &lt;1.33!
             # no more than 3 requests per 5 minutes
             # from the same &quot;unknown&quot; client
             id=RATE01 ;  client_name==unknown
@@ -525,6 +534,11 @@ rule containing only an action statement:</p>
            # recipient count limit 3 per hour per client
            id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address!=10.1.1.1
               action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)</pre>
+<pre>
+        rate5321,size5321,rcpt5321 (&lt;item&gt;/&lt;max&gt;/&lt;time&gt;/&lt;action&gt;)
+        same as the corresponding non-5321 functions, with the difference that the localpart of
+        sender oder recipient addresses are evaluated case-sensitive according to rfc5321. That
+        means that requests from bob@example.local and BoB@example.local will be treated differently</pre>
 <pre>
         ask (&lt;addr&gt;:&lt;port&gt;[:&lt;ignore&gt;])
         allows to delegate the policy decision to another policy service (e.g. postgrey). the first
@@ -537,9 +551,15 @@ rule containing only an action statement:</p>
            id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)</pre>
 <pre>
         mail(server/helo/from/to/subject/body)
+        This command is deprecated. You should try to use the sendmail() action instead.
         Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
         This basically performs a telnet. No authentication or TLS are available. Additionally it does
         not track notification state and will notify you any time, the corresponding rule hits.</pre>
+<pre>
+        sendmail(sendmail-path::from::to::subject::body)
+        Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+        LIMITATIONS: The command does not track notification state and will notify you any time, the
+        corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).</pre>
 <pre>
         wait (&lt;delay&gt;)
         pauses the program execution for &lt;delay&gt; seconds. use this for
@@ -680,6 +700,10 @@ will be used.</p>
                                         $myresult = ($myitem &lt;= $val);
                                 } elsif ($cmp eq '=&gt;') {
                                         $myresult = ($myitem &gt;= $val);
+                                } elsif ($cmp eq '&lt;') {
+                                        $myresult = ($myitem &lt; $val);
+                                } elsif ($cmp eq '&gt;') {
+                                        $myresult = ($myitem &gt; $val);
                                 } elsif ($cmp eq '!=') {
                                         $myresult = not($myitem == $val);
                                 } elsif ($cmp eq '!&lt;') {
@@ -709,15 +733,15 @@ continue or to stop parsing the ruleset.</p>
                         # note(&lt;logstring&gt;) command
                         &quot;note&quot;  =&gt; sub {
                                 my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                my($myaction) = $default_action; my($stop) = 0;
-                                mylogs 'info', &quot;[RULES] &quot;.$myline.&quot; - note: &quot;.$myarg if $myarg;
+                                my($myaction) = 'dunno'; my($stop) = 0;
+                                log_info &quot;[RULES] &quot;.$myline.&quot; - note: &quot;.$myarg if $myarg;
                                 return ($stop,$index,$myaction,$myline,%request);
                         },
         
                         # skips next &lt;myarg&gt; rules
                         &quot;skip&quot; =&gt; sub {
                                 my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                my($myaction) = $default_action; my($stop) = 0;
+                                my($myaction) = 'dunno'; my($stop) = 0;
                                 $index += $myarg if ( $myarg and not(($index + $myarg) &gt; $#Rules) );
                                 return ($stop,$index,$myaction,$myline,%request);
                         },
@@ -725,8 +749,8 @@ continue or to stop parsing the ruleset.</p>
                         # dumps current request contents to syslog
                         &quot;dumprequest&quot; =&gt; sub {
                                 my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                my($myaction) = $default_action; my($stop) = 0;
-                                map { mylogs 'info', &quot;[DUMP] rule=$index, Attribute: $_=$request{$_}&quot; } (keys %request);
+                                my($myaction) = 'dunno'; my($stop) = 0;
+                                map { log_info &quot;[DUMP] rule=$index, Attribute: $_=$request{$_}&quot; } (keys %request);
                                 return ($stop,$index,$myaction,$myline,%request);
                         },</pre>
 <pre>
@@ -979,7 +1003,10 @@ The following arguments will control it's behaviour in this case.</p>
         Once a ratelimit was set by the ruleset, future requests will be evaluated against it
         before consulting the ruleset. This mode was the default behaviour until v1.30.
         With this mode rate limits will be faster, but also eventually set up
-        whitelisting-rules within the ruleset might not work as expected.</pre>
+        whitelisting-rules within the ruleset might not work as expected.
+        LIMITATIONS: This option does not allow nested postfwd commands like
+                action=rate(sender/3/60/wait(3))
+        This option doe not work with the strict-rfc5321 rate() functions.</pre>
 <p><em>Informational arguments</em></p>
 <p>These arguments are for command line usage only. Never ever use them with postfix spawn!</p>
 <pre>
@@ -1193,7 +1220,7 @@ check the parser with the -C | --showconfig switch at the command line before ap
         Rule   0: id-&gt;&quot;RBL001&quot;; action-&gt;&quot;REJECT listed on spamcop and bad rdns&quot;; rbl-&gt;&quot;bl.spamcop.net&quot;; client_name-&gt;&quot;^unknown$&quot;</pre>
 <p><em>Request processing</em></p>
 <p>When a policy delegation request arrives it will be compared against postfwd`s ruleset. To inspect the processing in detail you should increase
-verbority using use the ``-v'' or ``-vv'' switch. ``-L'' redirects log messages to stdout.</p>
+verbority using use the &quot;-v&quot; or &quot;-vv&quot; switch. &quot;-L&quot; redirects log messages to stdout.</p>
 <p>Keeping the order of the ruleset in general, items will be compared in random order, which basically means that</p>
 <pre>
         id=R001; action=dunno; client_address=192.168.1.1; sender=bob@alice.local</pre>
@@ -1232,7 +1259,7 @@ to compare against the request attribute the parser will jump to the next rule i
 <p>If a rule matches, there are two options:</p>
 <p>* Rule returns postfix action (dunno, reject, ...)
 The parser stops rule processing and returns the action to postfix. Other rules will not be evaluated.</p>
-<p>* Rule returns postfwd action (jump(), note(), ...)
+<p>* Rule returns postfwd action (jump(), <code>note()</code>, ...)
 The parser evaluates the given action and continues with the next rule (except for the <code>jump()</code> or <code>quit()</code> actions - please see the <a href="#actions">ACTIONS</a> section
 for more information). Nothing will be sent to postfix.</p>
 <p>If no rule has matched and the end of the ruleset is reached postfwd will return dunno without logging anything unless in verbose mode. You may
@@ -1252,7 +1279,7 @@ it`s internal caching in that case. Start postfwd with the following parameters:
         postfwd -d -f /etc/postfwd.cf -i 127.0.0.1 -p 10040 -u nobody -g nobody -S</pre>
 <p>For efficient caching you should check if you can use the options --cache-rdomain-only, --cache-no-sender
 and --cache-no-size.</p>
-<p>Now check your syslogs (default facility ``mail'') for a line like:</p>
+<p>Now check your syslogs (default facility &quot;mail&quot;) for a line like:</p>
 <pre>
         Aug  9 23:00:24 mail postfwd[5158]: postfwd n.nn ready for input</pre>
 <p>and use `netstat -an|grep 10040` to check for something like</p>
@@ -1307,7 +1334,7 @@ I won`t discuss that here. If you plan to do so, just add the following line to
                 disable         = no
         }</pre>
 <p>and restart the xinetd daemon (usually a SIGHUP should be fine). If you experience problems
-you might want to check your system's log for xinetd errors like ``socket already in use''.</p>
+you might want to check your system's log for xinetd errors like &quot;socket already in use&quot;.</p>
 <p>The integration with postfix is similar to the <em>Integration via daemon mode</em> section above.
 Reload postfix and watch your logs to see if everything works.</p>
 <p>
diff --git a/doc/postfwd.txt b/doc/postfwd.txt
index 299e75e..29b039f 100644
--- a/doc/postfwd.txt
+++ b/doc/postfwd.txt
@@ -66,6 +66,7 @@ SYNOPSIS
                 --keep_rates             do not clear rate limit counters on reload
                 --save_rates <file>      save and load rate limits on disk
                 --fast_limit_evaluation  evaluate rate limits before ruleset is parsed
+                                         (please note the limitations)
 
             Plugins:
                 --plugins <file>        loads postfwd plugins from file
@@ -133,6 +134,8 @@ DESCRIPTION
              ITEM == VALUE                true if ITEM equals VALUE
              ITEM => VALUE                true if ITEM >= VALUE
              ITEM =< VALUE                true if ITEM <= VALUE
+             ITEM >  VALUE                true if ITEM >  VALUE
+             ITEM <  VALUE                true if ITEM <  VALUE
              ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
              ITEM != VALUE                false if ITEM equals VALUE
              ITEM !> VALUE                false if ITEM >= VALUE
@@ -457,7 +460,7 @@ DESCRIPTION
             -- FILE /etc/postfwd/clients_west.cf --
             192.168.3.0/24
 
-    Remind that there is currently no loop detection (/a/file calls /a/file)
+    Note that there is currently no loop detection (/a/file calls /a/file)
     and that this feature is only available with postfwd1 v1.15 and postfwd2
     v0.18 and higher.
 
@@ -520,7 +523,7 @@ DESCRIPTION
             this command creates a counter for the given <item>, which will be increased any time a request
             containing it arrives. if it exceeds <max> within <time> seconds it will return <action> to postfix.
             rate counters are very fast as they are executed before the ruleset is parsed.
-            please note that <action> is currently limited to postfix actions (no postfwd actions)!
+            please note that <action> was limited to postfix actions (no postfwd actions) for postfwd versions <1.33!
                 # no more than 3 requests per 5 minutes
                 # from the same "unknown" client
                 id=RATE01 ;  client_name==unknown
@@ -552,6 +555,11 @@ DESCRIPTION
                id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address!=10.1.1.1
                   action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
 
+            rate5321,size5321,rcpt5321 (<item>/<max>/<time>/<action>)
+            same as the corresponding non-5321 functions, with the difference that the localpart of
+            sender oder recipient addresses are evaluated case-sensitive according to rfc5321. That
+            means that requests from bob@example.local and BoB@example.local will be treated differently
+
             ask (<addr>:<port>[:<ignore>])
             allows to delegate the policy decision to another policy service (e.g. postgrey). the first
             and the second argument (address and port) are mandatory. a third optional argument may be
@@ -563,10 +571,16 @@ DESCRIPTION
                id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)
 
             mail(server/helo/from/to/subject/body)
+            This command is deprecated. You should try to use the sendmail() action instead.
             Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
             This basically performs a telnet. No authentication or TLS are available. Additionally it does
             not track notification state and will notify you any time, the corresponding rule hits.
 
+            sendmail(sendmail-path::from::to::subject::body)
+            Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+            LIMITATIONS: The command does not track notification state and will notify you any time, the
+            corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).
+
             wait (<delay>)
             pauses the program execution for <delay> seconds. use this for
             delaying or throtteling connections.
@@ -724,6 +738,10 @@ DESCRIPTION
                                             $myresult = ($myitem <= $val);
                                     } elsif ($cmp eq '=>') {
                                             $myresult = ($myitem >= $val);
+                                    } elsif ($cmp eq '<') {
+                                            $myresult = ($myitem < $val);
+                                    } elsif ($cmp eq '>') {
+                                            $myresult = ($myitem > $val);
                                     } elsif ($cmp eq '!=') {
                                             $myresult = not($myitem == $val);
                                     } elsif ($cmp eq '!<') {
@@ -755,15 +773,15 @@ DESCRIPTION
                             # note(<logstring>) command
                             "note"  => sub {
                                     my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                    my($myaction) = $default_action; my($stop) = 0;
-                                    mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+                                    my($myaction) = 'dunno'; my($stop) = 0;
+                                    log_info "[RULES] ".$myline." - note: ".$myarg if $myarg;
                                     return ($stop,$index,$myaction,$myline,%request);
                             },
         
                             # skips next <myarg> rules
                             "skip" => sub {
                                     my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                    my($myaction) = $default_action; my($stop) = 0;
+                                    my($myaction) = 'dunno'; my($stop) = 0;
                                     $index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
                                     return ($stop,$index,$myaction,$myline,%request);
                             },
@@ -771,8 +789,8 @@ DESCRIPTION
                             # dumps current request contents to syslog
                             "dumprequest" => sub {
                                     my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                    my($myaction) = $default_action; my($stop) = 0;
-                                    map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+                                    my($myaction) = 'dunno'; my($stop) = 0;
+                                    map { log_info "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
                                     return ($stop,$index,$myaction,$myline,%request);
                             },
 
@@ -1038,6 +1056,9 @@ DESCRIPTION
             before consulting the ruleset. This mode was the default behaviour until v1.30.
             With this mode rate limits will be faster, but also eventually set up
             whitelisting-rules within the ruleset might not work as expected.
+            LIMITATIONS: This option does not allow nested postfwd commands like
+                    action=rate(sender/3/60/wait(3))
+            This option doe not work with the strict-rfc5321 rate() functions.
 
     *Informational arguments*
 
diff --git a/doc/postfwd2.CHANGELOG b/doc/postfwd2.CHANGELOG
index 1aa694a..4c99d51 100644
--- a/doc/postfwd2.CHANGELOG
+++ b/doc/postfwd2.CHANGELOG
@@ -1,3 +1,41 @@
+postfwd2 1.35
+=============
+- code:    rate(), size() and rcpt() function index is now case insensitive by default
+           (same limit counters for from@example.org and fRom@eXample.org)
+           if you need to treat the localpart case-sensitive according to rfc5321
+           you may use rate5321(), size5321() and rcpt5321().
+- bugfix:  fixed segfault when using new perl versions (prevented to work with upstart)
+
+postfwd2 1.34
+=============
+- bugfix:  fixed taint mode logging error for verbose --showconfig and --stdoutlog
+           options and newer perl versions.
+- bugfix:  check_* functions use print/getline instead of send/recv for large
+           --dumpcache output (thanks to Alexandre Simon)
+- code:    added more information when using --debug=cleanup
+- docs:    documentation updates
+- feature: new sendmail(sendmail-path::from::to::subject::body) action.
+           Please take a look at the manual, especially about
+           it's limitations, before using it!
+    ------------------------------------------------------------
+     # alert
+     action=sendmail(/usr/sbin/sendmail::from@example.org::to@example.org::Subject::Text)
+    ------------------------------------------------------------
+
+postfwd2 1.33
+=============
+- feature: new compare operators *
+        ====================================================================
+         ITEM > VALUE                true if ITEM > VALUE
+         ITEM < VALUE                true if ITEM < VALUE
+        ====================================================================
+- bugfix:  fixed bug when computing scores with more than 1 digit after the "." (n.nn)
+- bugfix:  fixed bug when computing negative values with the set action
+- bugfix:  ITEMS plugins returning zero values were handled incorrectly
+- bugfix:  max command recursion was not reset for each rule
+- bugfix:  fixed warning about use of (uninitialized value) when STORABLE is available
+           but no cache file was defined
+
 postfwd2 1.32
 =============
 - feature: new option --save_rates=<file> allows to load and save
diff --git a/doc/postfwd2.html b/doc/postfwd2.html
index 8bcfc90..e4d1ec7 100644
--- a/doc/postfwd2.html
+++ b/doc/postfwd2.html
@@ -1,14 +1,18 @@
+<?xml version="1.0" ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>postfwd2 - postfix firewall daemon</title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
 <link rev="made" href="mailto:root@localhost" />
 </head>
 
 <body style="background-color: white">
 
-<p><a name="__index__"></a></p>
+
 <!-- INDEX BEGIN -->
+<div name="index">
+<p><a name="__index__"></a></p>
 
 <ul>
 
@@ -38,9 +42,11 @@
 	<li><a href="#license">LICENSE</a></li>
 	<li><a href="#author">AUTHOR</a></li>
 </ul>
+
+<hr name="index" />
+</div>
 <!-- INDEX END -->
 
-<hr />
 <p>
 </p>
 <h1><a name="name">NAME</a></h1>
@@ -125,7 +131,8 @@
             --config_timeout &lt;i&gt;        parser timeout in seconds
             --keep_rates                do not clear rate limit counters on reload
             --save_rates &lt;file&gt;         save and load rate limits on disk
-            --fast_limit_evaluation     evaluate rate limits before ruleset is parsed</pre>
+            --fast_limit_evaluation     evaluate rate limits before ruleset is parsed
+                                        (please note the limitations)</pre>
 <pre>
         Plugins:
             --plugins &lt;file&gt;            loads postfwd plugins from file</pre>
@@ -194,6 +201,8 @@ is not important. So the following would lead to the same result as the previous
          ITEM == VALUE                true if ITEM equals VALUE
          ITEM =&gt; VALUE                true if ITEM &gt;= VALUE
          ITEM =&lt; VALUE                true if ITEM &lt;= VALUE
+         ITEM &gt;  VALUE                true if ITEM &gt;  VALUE
+         ITEM &lt;  VALUE                true if ITEM &lt;  VALUE
          ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
          ITEM != VALUE                false if ITEM equals VALUE
          ITEM !&gt; VALUE                false if ITEM &gt;= VALUE
@@ -471,7 +480,7 @@ necessary. Of course this might increase the system load, so please use it with
 <pre>
         -- FILE /etc/postfwd/clients_west.cf --
         192.168.3.0/24</pre>
-<p>Remind that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
+<p>Note that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
 with postfwd1 v1.15 and postfwd2 v0.18 and higher.</p>
 <p>
 </p>
@@ -485,7 +494,7 @@ request attributes by preceeding $$ characters, like:</p>
         id=R-003; client_name = !!$$helo_name; action=WARN helo '$$(helo_name)' does not match DNS '$$(client_name)'</pre>
 <p><em>postfix actions</em></p>
 <p>Actions will be replied to postfix as result to policy delegation requests. Any action that postfix understands is allowed - see
-``man 5 access'' or <a href="http://www.postfix.org/access.5.html">http://www.postfix.org/access.5.html</a> for a description. If no action is specified, the postfix WARN action
+&quot;man 5 access&quot; or <a href="http://www.postfix.org/access.5.html">http://www.postfix.org/access.5.html</a> for a description. If no action is specified, the postfix WARN action
 which simply logs the event will be used for the corresponding rule.</p>
 <p>postfwd2 will return dunno if it has reached the end of the ruleset and no rule has matched. This can be changed by placing a last
 rule containing only an action statement:</p>
@@ -523,7 +532,7 @@ rule containing only an action statement:</p>
         this command creates a counter for the given &lt;item&gt;, which will be increased any time a request
         containing it arrives. if it exceeds &lt;max&gt; within &lt;time&gt; seconds it will return &lt;action&gt; to postfix.
         rate counters are very fast as they are executed before the ruleset is parsed.
-        please note that &lt;action&gt; is currently limited to postfix actions (no postfwd actions)!
+        please note that &lt;action&gt; was limited to postfix actions (no postfwd actions) for postfwd versions &lt;1.33!
             # no more than 3 requests per 5 minutes
             # from the same &quot;unknown&quot; client
             id=RATE01 ;  client_name==unknown
@@ -545,6 +554,11 @@ rule containing only an action statement:</p>
            # recipient count limit 3 per hour per client
            id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address==!!(10.1.1.1)
               action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)</pre>
+<pre>
+        rate5321,size5321,rcpt5321 (&lt;item&gt;/&lt;max&gt;/&lt;time&gt;/&lt;action&gt;)
+        same as the corresponding non-5321 functions, with the difference that the localpart of
+        sender oder recipient addresses are evaluated case-sensitive according to rfc5321. That
+        means that requests from bob@example.local and BoB@example.local will be treated differently</pre>
 <pre>
         ask (&lt;addr&gt;:&lt;port&gt;[:&lt;ignore&gt;])
         allows to delegate the policy decision to another policy service (e.g. postgrey). the first
@@ -557,9 +571,15 @@ rule containing only an action statement:</p>
            id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)</pre>
 <pre>
         mail(server/helo/from/to/subject/body)
+        This command is deprecated. You should try to use the sendmail() action instead.
         Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
         This basically performs a telnet. No authentication or TLS are available. Additionally it does
         not track notification state and will notify you any time, the corresponding rule hits.</pre>
+<pre>
+        sendmail(sendmail-path::from::to::subject::body)
+        Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+        LIMITATIONS: The command does not track notification state and will notify you any time, the
+        corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).</pre>
 <pre>
         wait (&lt;delay&gt;)
         pauses the program execution for &lt;delay&gt; seconds. use this for
@@ -700,6 +720,10 @@ will be used.</p>
                                         $myresult = ($myitem &lt;= $val);
                                 } elsif ($cmp eq '=&gt;') {
                                         $myresult = ($myitem &gt;= $val);
+                                } elsif ($cmp eq '&lt;') {
+                                        $myresult = ($myitem &lt; $val);
+                                } elsif ($cmp eq '&gt;') {
+                                        $myresult = ($myitem &gt; $val);
                                 } elsif ($cmp eq '!=') {
                                         $myresult = not($myitem == $val);
                                 } elsif ($cmp eq '!&lt;') {
@@ -729,15 +753,15 @@ continue or to stop parsing the ruleset.</p>
                         # note(&lt;logstring&gt;) command
                         &quot;note&quot;  =&gt; sub {
                                 my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                my($myaction) = $default_action; my($stop) = 0;
-                                mylogs 'info', &quot;[RULES] &quot;.$myline.&quot; - note: &quot;.$myarg if $myarg;
+                                my($myaction) = 'dunno'; my($stop) = 0;
+                                log_info &quot;[RULES] &quot;.$myline.&quot; - note: &quot;.$myarg if $myarg;
                                 return ($stop,$index,$myaction,$myline,%request);
                         },
         
                         # skips next &lt;myarg&gt; rules
                         &quot;skip&quot; =&gt; sub {
                                 my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                my($myaction) = $default_action; my($stop) = 0;
+                                my($myaction) = 'dunno'; my($stop) = 0;
                                 $index += $myarg if ( $myarg and not(($index + $myarg) &gt; $#Rules) );
                                 return ($stop,$index,$myaction,$myline,%request);
                         },
@@ -745,8 +769,8 @@ continue or to stop parsing the ruleset.</p>
                         # dumps current request contents to syslog
                         &quot;dumprequest&quot; =&gt; sub {
                                 my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                my($myaction) = $default_action; my($stop) = 0;
-                                map { mylogs 'info', &quot;[DUMP] rule=$index, Attribute: $_=$request{$_}&quot; } (keys %request);
+                                my($myaction) = 'dunno'; my($stop) = 0;
+                                map { log_info &quot;[DUMP] rule=$index, Attribute: $_=$request{$_}&quot; } (keys %request);
                                 return ($stop,$index,$myaction,$myline,%request);
                         },</pre>
 <pre>
@@ -978,7 +1002,10 @@ The following arguments will control it's behaviour in this case.</p>
         Once a ratelimit was set by the ruleset, future requests will be evaluated against it
         before consulting the ruleset. This mode was the default behaviour until v1.30.
         With this mode rate limits will be faster, but also eventually set up
-        whitelisting-rules within the ruleset might not work as expected.</pre>
+        whitelisting-rules within the ruleset might not work as expected.
+        LIMITATIONS: This option does not allow nested postfwd commands like
+                action=rate(sender/3/60/wait(3))
+        This option doe not work with the strict-rfc5321 rate() functions.</pre>
 <p><em>Informational arguments</em></p>
 <p>These arguments are for command line usage only. Never ever use them with postfix!</p>
 <pre>
@@ -1215,7 +1242,7 @@ check the parser with the -C | --showconfig switch at the command line before ap
         Rule   0: id-&gt;&quot;RBL001&quot;; action-&gt;&quot;REJECT listed on spamcop and bad rdns&quot;; rbl-&gt;&quot;bl.spamcop.net&quot;; client_name-&gt;&quot;^unknown$&quot;</pre>
 <p><em>Request processing</em></p>
 <p>When a policy delegation request arrives it will be compared against postfwd`s ruleset. To inspect the processing in detail you should increase
-verbority using use the ``-v'' or ``-vv'' switch. ``-L'' redirects log messages to stdout.</p>
+verbority using use the &quot;-v&quot; or &quot;-vv&quot; switch. &quot;-L&quot; redirects log messages to stdout.</p>
 <p>Keeping the order of the ruleset in general, items will be compared in random order, which basically means that</p>
 <pre>
         id=R001; action=dunno; client_address=192.168.1.1; sender=bob@alice.local</pre>
@@ -1254,7 +1281,7 @@ to compare against the request attribute the parser will jump to the next rule i
 <p>If a rule matches, there are two options:</p>
 <p>* Rule returns postfix action (dunno, reject, ...)
 The parser stops rule processing and returns the action to postfix. Other rules will not be evaluated.</p>
-<p>* Rule returns postfwd2 action (jump(), note(), ...)
+<p>* Rule returns postfwd2 action (jump(), <code>note()</code>, ...)
 The parser evaluates the given action and continues with the next rule (except for the <code>jump()</code> or <code>quit()</code> actions - please see the <a href="#actions">ACTIONS</a> section
 for more information). Nothing will be sent to postfix.</p>
 <p>If no rule has matched and the end of the ruleset is reached postfwd2 will return dunno without logging anything unless in verbose mode. You may
@@ -1283,7 +1310,7 @@ the prefered way to use postfwd2 in high volume environments. Start postfwd2 wit
         postfwd2 -d -f /etc/postfwd.cf -i 127.0.0.1 -p 10045 -u nobody -g nobody -S</pre>
 <p>For efficient caching you should check if you can use the options --cacheid, --cache-rdomain-only,
 --cache-no-sender and --cache-no-size.</p>
-<p>Now check your syslogs (default facility ``mail'') for a line like:</p>
+<p>Now check your syslogs (default facility &quot;mail&quot;) for a line like:</p>
 <pre>
         Aug  9 23:00:24 mail postfwd[5158]: postfwd2 n.nn ready for input</pre>
 <p>and use `netstat -an|grep 10045` to check for something like</p>
diff --git a/doc/postfwd2.txt b/doc/postfwd2.txt
index be5c72c..17e0e71 100644
--- a/doc/postfwd2.txt
+++ b/doc/postfwd2.txt
@@ -79,6 +79,8 @@ SYNOPSIS
                 --keep_rates                do not clear rate limit counters on reload
                 --save_rates <file>         save and load rate limits on disk
                 --fast_limit_evaluation     evaluate rate limits before ruleset is parsed
+                                            (please note the limitations)
+
 
             Plugins:
                 --plugins <file>            loads postfwd plugins from file
@@ -161,6 +163,8 @@ DESCRIPTION
              ITEM == VALUE                true if ITEM equals VALUE
              ITEM => VALUE                true if ITEM >= VALUE
              ITEM =< VALUE                true if ITEM <= VALUE
+             ITEM >  VALUE                true if ITEM >  VALUE
+             ITEM <  VALUE                true if ITEM <  VALUE
              ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
              ITEM != VALUE                false if ITEM equals VALUE
              ITEM !> VALUE                false if ITEM >= VALUE
@@ -485,7 +489,7 @@ DESCRIPTION
             -- FILE /etc/postfwd/clients_west.cf --
             192.168.3.0/24
 
-    Remind that there is currently no loop detection (/a/file calls /a/file)
+    Note that there is currently no loop detection (/a/file calls /a/file)
     and that this feature is only available with postfwd1 v1.15 and postfwd2
     v0.18 and higher.
 
@@ -548,7 +552,7 @@ DESCRIPTION
             this command creates a counter for the given <item>, which will be increased any time a request
             containing it arrives. if it exceeds <max> within <time> seconds it will return <action> to postfix.
             rate counters are very fast as they are executed before the ruleset is parsed.
-            please note that <action> is currently limited to postfix actions (no postfwd actions)!
+            please note that <action> was limited to postfix actions (no postfwd actions) for postfwd versions <1.33!
                 # no more than 3 requests per 5 minutes
                 # from the same "unknown" client
                 id=RATE01 ;  client_name==unknown
@@ -571,6 +575,11 @@ DESCRIPTION
                id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address==!!(10.1.1.1)
                   action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
 
+            rate5321,size5321,rcpt5321 (<item>/<max>/<time>/<action>)
+            same as the corresponding non-5321 functions, with the difference that the localpart of
+            sender oder recipient addresses are evaluated case-sensitive according to rfc5321. That
+            means that requests from bob@example.local and BoB@example.local will be treated differently
+
             ask (<addr>:<port>[:<ignore>])
             allows to delegate the policy decision to another policy service (e.g. postgrey). the first
             and the second argument (address and port) are mandatory. a third optional argument may be
@@ -582,10 +591,16 @@ DESCRIPTION
                id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)
 
             mail(server/helo/from/to/subject/body)
+            This command is deprecated. You should try to use the sendmail() action instead.
             Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
             This basically performs a telnet. No authentication or TLS are available. Additionally it does
             not track notification state and will notify you any time, the corresponding rule hits.
 
+            sendmail(sendmail-path::from::to::subject::body)
+            Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+            LIMITATIONS: The command does not track notification state and will notify you any time, the
+            corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).
+
             wait (<delay>)
             pauses the program execution for <delay> seconds. use this for
             delaying or throtteling connections.
@@ -743,6 +758,10 @@ DESCRIPTION
                                             $myresult = ($myitem <= $val);
                                     } elsif ($cmp eq '=>') {
                                             $myresult = ($myitem >= $val);
+                                    } elsif ($cmp eq '<') {
+                                            $myresult = ($myitem < $val);
+                                    } elsif ($cmp eq '>') {
+                                            $myresult = ($myitem > $val);
                                     } elsif ($cmp eq '!=') {
                                             $myresult = not($myitem == $val);
                                     } elsif ($cmp eq '!<') {
@@ -774,15 +793,15 @@ DESCRIPTION
                             # note(<logstring>) command
                             "note"  => sub {
                                     my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                    my($myaction) = $default_action; my($stop) = 0;
-                                    mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+                                    my($myaction) = 'dunno'; my($stop) = 0;
+                                    log_info "[RULES] ".$myline." - note: ".$myarg if $myarg;
                                     return ($stop,$index,$myaction,$myline,%request);
                             },
         
                             # skips next <myarg> rules
                             "skip" => sub {
                                     my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                    my($myaction) = $default_action; my($stop) = 0;
+                                    my($myaction) = 'dunno'; my($stop) = 0;
                                     $index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
                                     return ($stop,$index,$myaction,$myline,%request);
                             },
@@ -790,8 +809,8 @@ DESCRIPTION
                             # dumps current request contents to syslog
                             "dumprequest" => sub {
                                     my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-                                    my($myaction) = $default_action; my($stop) = 0;
-                                    map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+                                    my($myaction) = 'dunno'; my($stop) = 0;
+                                    map { log_info "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
                                     return ($stop,$index,$myaction,$myline,%request);
                             },
 
@@ -1035,6 +1054,9 @@ DESCRIPTION
             before consulting the ruleset. This mode was the default behaviour until v1.30.
             With this mode rate limits will be faster, but also eventually set up
             whitelisting-rules within the ruleset might not work as expected.
+            LIMITATIONS: This option does not allow nested postfwd commands like
+                    action=rate(sender/3/60/wait(3))
+            This option doe not work with the strict-rfc5321 rate() functions.
 
     *Informational arguments*
 
diff --git a/man/man8/postfwd.8 b/man/man8/postfwd.8
index 814cb23..3e4354b 100644
--- a/man/man8/postfwd.8
+++ b/man/man8/postfwd.8
@@ -1,15 +1,7 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
@@ -25,11 +17,11 @@
 ..
 .\" Set up some character translations and predefined strings.  \*(-- will
 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
-.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
-.\" expand to `' in nroff, nothing in troff, for use with C<>.
-.tr \(*W-|\(bv\*(Tr
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
 .    ds -- \(*W-
@@ -48,22 +40,25 @@
 .    ds R" ''
 'br\}
 .\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
 .\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.if \nF \{\
+.ie \nF \{\
 .    de IX
 .    tm Index:\\$1\t\\n%\t"\\$2"
 ..
 .    nr % 0
 .    rr F
 .\}
-.\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.hy 0
-.if n .na
+.el \{\
+.    de IX
+..
+.\}
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +124,11 @@
 .\" ========================================================================
 .\"
 .IX Title "POSTFWD1-ALL-IN-ONE 1"
-.TH POSTFWD1-ALL-IN-ONE 1 "2011-12-18" "perl v5.8.5" "User Contributed Perl Documentation"
+.TH POSTFWD1-ALL-IN-ONE 1 "2013-04-18" "perl v5.14.2" "User Contributed Perl Documentation"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
 .SH "NAME"
 postfwd \- postfix firewall daemon
 .SH "SYNOPSIS"
@@ -138,100 +137,87 @@ postfwd [\s-1OPTIONS\s0] [\s-1SOURCE1\s0, \s-1SOURCE2\s0, ...]
 .PP
 .Vb 3
 \&        Ruleset: (at least one, multiple use is allowed):
-\&        -f, --file <file>            reads rules from <file>
-\&        -r, --rule <rule>            adds <rule> to config
-.Ve
-.PP
-.Vb 2
+\&        \-f, \-\-file <file>            reads rules from <file>
+\&        \-r, \-\-rule <rule>            adds <rule> to config
+\&
 \&        Scoring:
-\&        -s, --scores <v>=<r>         returns <r> when score exceeds <v>
-.Ve
-.PP
-.Vb 8
+\&        \-s, \-\-scores <v>=<r>         returns <r> when score exceeds <v>
+\&
 \&        Control:
-\&        -d, --daemon                 run postfwd as daemon
-\&        -k, --kill                   stops daemon
-\&            --reload                 reloads configuration
-\&            --dumpstats              displays usage statistics
-\&            --dumpcache              displays cache contents
-\&            --delcache <item>        removes an item from the request cache
-\&            --delrate <item>         removes an item from the rate cache
-.Ve
-.PP
-.Vb 13
+\&        \-d, \-\-daemon                 run postfwd as daemon
+\&        \-k, \-\-kill                   stops daemon
+\&            \-\-reload                 reloads configuration
+\&            \-\-dumpstats              displays usage statistics
+\&            \-\-dumpcache              displays cache contents
+\&            \-\-delcache <item>        removes an item from the request cache
+\&            \-\-delrate <item>         removes an item from the rate cache
+\&
 \&        Networking:
-\&        -i, --interface <dev>        listen on interface <dev>
-\&        -p, --port <port>            listen on port <port>
-\&            --proto <proto>          socket type (tcp or unix)
-\&        -u, --user <name>            set uid to user <name>
-\&        -g, --group <name>           set gid to group <name>
-\&            --umask <mask>           set umask for file permissions
-\&        -R, --chroot <path>          chroot the daemon to <path>
-\&            --pidfile <path>         create pidfile under <path>
-\&            --facility <f>           syslog facility
-\&            --socktype <s>           syslog socktype
-\&        -l, --logname <label>        label for syslog messages
-\&            --loglen <int>           truncates syslogs after <int> chars
-.Ve
-.PP
-.Vb 11
+\&        \-i, \-\-interface <dev>        listen on interface <dev>
+\&        \-p, \-\-port <port>            listen on port <port>
+\&            \-\-proto <proto>          socket type (tcp or unix)
+\&        \-u, \-\-user <name>            set uid to user <name>
+\&        \-g, \-\-group <name>           set gid to group <name>
+\&            \-\-umask <mask>           set umask for file permissions
+\&        \-R, \-\-chroot <path>          chroot the daemon to <path>
+\&            \-\-pidfile <path>         create pidfile under <path>
+\&            \-\-facility <f>           syslog facility
+\&            \-\-socktype <s>           syslog socktype
+\&        \-l, \-\-logname <label>        label for syslog messages
+\&            \-\-loglen <int>           truncates syslogs after <int> chars
+\&
 \&        Caching:
-\&        -c, --cache <int>            sets the request-cache timeout to <int> seconds
-\&            --cache-no-size          ignores size attribute for caching
-\&            --cache-no-sender        ignores sender address in cache
-\&            --cache-rdomain-only     ignores localpart of recipient address in cache
-\&            --cache-rbl-timeout      default rbl timeout, if not specified in ruleset
-\&            --cache-rbl-default      default rbl response pattern to match (regexp)
-\&            --cacheid <item>, ..     list of attributes for request cache identifier
-\&            --cleanup-requests       cleanup interval in seconds for request cache
-\&            --cleanup-rbls           cleanup interval in seconds for rbl cache
-\&            --cleanup-rates          cleanup interval in seconds for rate cache
-.Ve
-.PP
-.Vb 20
+\&        \-c, \-\-cache <int>            sets the request\-cache timeout to <int> seconds
+\&            \-\-cache\-no\-size          ignores size attribute for caching
+\&            \-\-cache\-no\-sender        ignores sender address in cache
+\&            \-\-cache\-rdomain\-only     ignores localpart of recipient address in cache
+\&            \-\-cache\-rbl\-timeout      default rbl timeout, if not specified in ruleset
+\&            \-\-cache\-rbl\-default      default rbl response pattern to match (regexp)
+\&            \-\-cacheid <item>, ..     list of attributes for request cache identifier
+\&            \-\-cleanup\-requests       cleanup interval in seconds for request cache
+\&            \-\-cleanup\-rbls           cleanup interval in seconds for rbl cache
+\&            \-\-cleanup\-rates          cleanup interval in seconds for rate cache
+\&
 \&        Optional:
-\&        -t, --test                   testing, always returns "dunno"
-\&        -v, --verbose                verbose logging, use twice (-vv) to increase level
-\&        -S, --summary <int>          show some usage statistics every <int> seconds
-\&            --norulelog              disbles rule logging
-\&            --norulestats            disables per rule statistics
-\&            --noidlestats            disables statistics when idle
-\&        -n, --nodns                  disable dns
-\&            --nodnslog               disable dns logging
-\&            --dns_async_txt          perform dnsbl A and TXT lookups simultaneously
-\&            --dns_timeout            timeout in seconds for asynchonous dns queries
-\&            --dns_timeout_max        maximum of dns timeouts until a dnsbl will be deactivated
-\&            --dns_timeout_interval   interval in seconds for dns timeout maximum counter
-\&            --dns_max_ns_lookups     max names to look up with sender_ns_addrs
-\&            --dns_max_mx_lookups     max names to look up with sender_mx_addrs
-\&        -I, --instantcfg             re-reads rulefiles for every new request
-\&            --config_timeout <i>     parser timeout in seconds
-\&            --keep_rates             do not clear rate limit counters on reload
-\&            --save_rates <file>      save and load rate limits on disk
-\&            --fast_limit_evaluation  evaluate rate limits before ruleset is parsed
-.Ve
-.PP
-.Vb 2
+\&        \-t, \-\-test                   testing, always returns "dunno"
+\&        \-v, \-\-verbose                verbose logging, use twice (\-vv) to increase level
+\&        \-S, \-\-summary <int>          show some usage statistics every <int> seconds
+\&            \-\-norulelog              disbles rule logging
+\&            \-\-norulestats            disables per rule statistics
+\&            \-\-noidlestats            disables statistics when idle
+\&        \-n, \-\-nodns                  disable dns
+\&            \-\-nodnslog               disable dns logging
+\&            \-\-dns_async_txt          perform dnsbl A and TXT lookups simultaneously
+\&            \-\-dns_timeout            timeout in seconds for asynchonous dns queries
+\&            \-\-dns_timeout_max        maximum of dns timeouts until a dnsbl will be deactivated
+\&            \-\-dns_timeout_interval   interval in seconds for dns timeout maximum counter
+\&            \-\-dns_max_ns_lookups     max names to look up with sender_ns_addrs
+\&            \-\-dns_max_mx_lookups     max names to look up with sender_mx_addrs
+\&        \-I, \-\-instantcfg             re\-reads rulefiles for every new request
+\&            \-\-config_timeout <i>     parser timeout in seconds
+\&            \-\-keep_rates             do not clear rate limit counters on reload
+\&            \-\-save_rates <file>      save and load rate limits on disk
+\&            \-\-fast_limit_evaluation  evaluate rate limits before ruleset is parsed
+\&                                     (please note the limitations)
+\&
 \&        Plugins:
-\&            --plugins <file>        loads postfwd plugins from file
-.Ve
-.PP
-.Vb 7
-\&        Informational (use only at command-line!):
-\&        -C, --showconfig            shows ruleset summary, -v for verbose
-\&        -L, --stdoutlog             redirect syslog messages to stdout
-\&        -P, --perfmon               no syslogging, no stdout
-\&        -V, --version               shows program version
-\&        -h, --help                  shows usage
-\&        -m, --manual                shows program manual
+\&            \-\-plugins <file>        loads postfwd plugins from file
+\&
+\&        Informational (use only at command\-line!):
+\&        \-C, \-\-showconfig            shows ruleset summary, \-v for verbose
+\&        \-L, \-\-stdoutlog             redirect syslog messages to stdout
+\&        \-P, \-\-perfmon               no syslogging, no stdout
+\&        \-V, \-\-version               shows program version
+\&        \-h, \-\-help                  shows usage
+\&        \-m, \-\-manual                shows program manual
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-.Sh "\s-1INTRODUCTION\s0"
+.SS "\s-1INTRODUCTION\s0"
 .IX Subsection "INTRODUCTION"
 postfwd is written to combine complex postfix restrictions in a ruleset similar to those of the most firewalls.
 The program uses the postfix policy delegation protocol to control access to the mail system before a message
-has been accepted (please visit <http://www.postfix.org/SMTPD_POLICY_README.html> for more information). 
+has been accepted (please visit <http://www.postfix.org/SMTPD_POLICY_README.html> for more information).
 .PP
 postfwd allows you to choose an action (e.g. reject, dunno) for a combination of several smtp parameters
 (like sender and recipient address, size or the client's \s-1TLS\s0 fingerprint). Also it offers simple macros/acls
@@ -254,7 +240,7 @@ which should allow straightforward and easy-to-read configurations.
 * Internal caching for requests and dns lookups
 .PP
 * Built in statistics for rule efficiency analysis
-.Sh "\s-1CONFIGURATION\s0"
+.SS "\s-1CONFIGURATION\s0"
 .IX Subsection "CONFIGURATION"
 A configuration line consists of optional item=value pairs, separated by semicolons
 (`;`) and the appropriate desired action:
@@ -278,11 +264,13 @@ is not important. So the following would lead to the same result as the previous
 .PP
 The way how request items are compared to the ruleset can be influenced in the following way:
 .PP
-.Vb 11
+.Vb 10
 \&        ====================================================================
 \&         ITEM == VALUE                true if ITEM equals VALUE
 \&         ITEM => VALUE                true if ITEM >= VALUE
 \&         ITEM =< VALUE                true if ITEM <= VALUE
+\&         ITEM >  VALUE                true if ITEM >  VALUE
+\&         ITEM <  VALUE                true if ITEM <  VALUE
 \&         ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
 \&         ITEM != VALUE                false if ITEM equals VALUE
 \&         ITEM !> VALUE                false if ITEM >= VALUE
@@ -323,101 +311,75 @@ postfwd versions prior to 1.30 require trailing ';' and '\e'\-characters:
 \&                sender==no@bad.local; \e
 \&                action=REJECT no access
 .Ve
-.Sh "\s-1ITEMS\s0"
+.SS "\s-1ITEMS\s0"
 .IX Subsection "ITEMS"
 .Vb 2
-\&        id                      - a unique rule id, which can be used for log analysis
+\&        id                      \- a unique rule id, which can be used for log analysis
 \&                                  ids also serve as targets for the "jump" command.
-.Ve
-.PP
-.Vb 10
-\&        date, time              - a time or date range within the specified rule shall hit
+\&
+\&        date, time              \- a time or date range within the specified rule shall hit
 \&                                  # FORMAT:
 \&                                  # Feb, 29th
 \&                                  date=29.02.2008
-\&                                  # Dec, 24th - 26th
-\&                                  date=24.12.2008-26.12.2008
+\&                                  # Dec, 24th \- 26th
+\&                                  date=24.12.2008\-26.12.2008
 \&                                  # from today until Nov, 23rd
-\&                                  date=-23.09.2008
+\&                                  date=\-23.09.2008
 \&                                  # from April, 1st until today
-\&                                  date=01.04.2008-
-.Ve
-.PP
-.Vb 2
-\&        days, months            - a range of weekdays (Sun-Sat) or months (Jan-Dec)
+\&                                  date=01.04.2008\-
+\&
+\&        days, months            \- a range of weekdays (Sun\-Sat) or months (Jan\-Dec)
 \&                                  within the specified rule shall hit
-.Ve
-.PP
-.Vb 3
-\&        score                   - when the specified score is hit (see ACTIONS section)
+\&
+\&        score                   \- when the specified score is hit (see ACTIONS section)
 \&                                  the specified action will be returned to postfix
 \&                                  scores are set global until redefined!
-.Ve
-.PP
-.Vb 2
-\&        request_score           - this value allows to access a request's score. it
+\&
+\&        request_score           \- this value allows to access a request\*(Aqs score. it
 \&                                  may be used as variable ($$request_score).
-.Ve
-.PP
-.Vb 5
-\&        rbl, rhsbl,             - query the specified RBLs/RHSBLs, possible values are:
+\&
+\&        rbl, rhsbl,             \- query the specified RBLs/RHSBLs, possible values are:
 \&        rhsbl_client,             <name>[/<reply>/<maxcache>, <name>/<reply>/<maxcache>]
 \&        rhsbl_sender,             (defaults: reply=^127\e.0\e.0\e.\ed+$ maxcache=3600)
 \&        rhsbl_reverse_client      the results of all rhsbl_* queries will be combined
 \&                                  in rhsbl_count (see below).
-.Ve
-.PP
-.Vb 5
-\&        rblcount, rhsblcount    - minimum RBL/RHSBL hitcounts to match. if not specified
+\&
+\&        rblcount, rhsblcount    \- minimum RBL/RHSBL hitcounts to match. if not specified
 \&                                  a single RBL/RHSBL hit will match the rbl/rhsbl items.
-\&                                  you may specify 'all' to evaluate all items, and use
+\&                                  you may specify \*(Aqall\*(Aq to evaluate all items, and use
 \&                                  it as variable in an action (see ACTIONS section)
 \&                                  (default: 1)
-.Ve
-.PP
-.Vb 2
-\&        sender_localpart,       - the local-/domainpart of the sender address
+\&
+\&        sender_localpart,       \- the local\-/domainpart of the sender address
 \&        sender_domain
-.Ve
-.PP
-.Vb 2
-\&        recipient_localpart,    - the local-/domainpart of the recipient address
+\&
+\&        recipient_localpart,    \- the local\-/domainpart of the recipient address
 \&        recipient_domain
-.Ve
-.PP
-.Vb 4
-\&        helo_address            - postfwd tries to look up the helo_name. use
+\&
+\&        helo_address            \- postfwd tries to look up the helo_name. use
 \&                                  helo_address=!!(0.0.0.0/0) to check for unknown.
 \&                                  Please do not use this for positive access control
 \&                                  (whitelisting), as it might be forged.
-.Ve
-.PP
-.Vb 4
-\&        sender_ns_names,        - postfwd tries to look up the names/ip addresses
+\&
+\&        sender_ns_names,        \- postfwd tries to look up the names/ip addresses
 \&        sender_ns_addrs           of the nameservers for the sender domain part.
 \&                                  Please do not use this for positive access control
 \&                                  (whitelisting), as it might be forged.
-.Ve
-.PP
-.Vb 4
-\&        sender_mx_names,        - postfwd tries to look up the names/ip addresses
+\&
+\&        sender_mx_names,        \- postfwd tries to look up the names/ip addresses
 \&        sender_mx_addrs           of the mx records for the sender domain part.
 \&                                  Please do not use this for positive access control
 \&                                  (whitelisting), as it might be forged.
-.Ve
-.PP
-.Vb 7
-\&        version                 - postfwd version, contains "postfwd n.nn"
+\&
+\&        version                 \- postfwd version, contains "postfwd n.nn"
 \&                                  this enables version based checks in your rulesets
 \&                                  (e.g. for migration). works with old versions too,
-\&                                  because a non-existing item always returns false:
+\&                                  because a non\-existing item always returns false:
 \&                                  # version >= 1.10
-\&                                  id=R01; version~=1\e.[1-9][0-9]; sender_domain==some.org \e
+\&                                  id=R01; version~=1\e.[1\-9][0\-9]; sender_domain==some.org \e
 \&                                        ; action=REJECT sorry no access
-.Ve
-.PP
-.Vb 4
-\&        ratecount               - only available for rate(), size() and rcpt() actions.
+\&
+\&        ratecount               \- only available for rate(), size() and rcpt() actions.
 \&                                  contains the actual limit counter:
 \&                                        id=R01; action=rate(sender/200/600/REJECT limit of 200 exceeded [$$ratecount hits])
 \&                                        id=R02; action=rate(sender/100/600/WARN limit of 100 exceeded [$$ratecount hits])
@@ -429,15 +391,15 @@ Feel free to combine them the way you need it (have a look at the \s-1EXAMPLES\s
 Most values can be specified as regular expressions (\s-1PCRE\s0). Please see the table below
 for details:
 .PP
-.Vb 43
+.Vb 10
 \&        # ==========================================================
 \&        # ITEM=VALUE                            TYPE
 \&        # ==========================================================
 \&        id=something                            mask = string
-\&        date=01.04.2007-22.04.2007              mask = date (DD.MM.YYYY-DD.MM.YYYY)
-\&        time=08:30:00-17:00:00                  mask = time (HH:MM:SS-HH:MM:SS)
-\&        days=Mon-Wed                            mask = weekdays (Mon-Wed) or numeric (1-3)
-\&        months=Feb-Apr                          mask = months (Feb-Apr) or numeric (1-3)
+\&        date=01.04.2007\-22.04.2007              mask = date (DD.MM.YYYY\-DD.MM.YYYY)
+\&        time=08:30:00\-17:00:00                  mask = time (HH:MM:SS\-HH:MM:SS)
+\&        days=Mon\-Wed                            mask = weekdays (Mon\-Wed) or numeric (1\-3)
+\&        months=Feb\-Apr                          mask = months (Feb\-Apr) or numeric (1\-3)
 \&        score=5.0                               mask = maximum floating point value
 \&        rbl=zen.spamhaus.org                    mask = <name>/<reply>/<maxcache>[,...]
 \&        rblcount=2                              mask = numeric, will match if rbl hits >= 2
@@ -446,9 +408,9 @@ for details:
 \&        sender_mx_names=some.domain.tld         mask = PCRE
 \&        sender_ns_addrs=<a.b.c.d/nn>            mask = CIDR[,CIDR,...]
 \&        sender_mx_addrs=<a.b.c.d/nn>            mask = CIDR[,CIDR,...]
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        # Postfix version 2.1 and later:
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        client_address=<a.b.c.d/nn>             mask = CIDR[,CIDR,...]
 \&        client_name=another.domain.tld          mask = PCRE
 \&        reverse_client_name=another.domain.tld  mask = PCRE
@@ -456,9 +418,9 @@ for details:
 \&        sender=foo@bar.tld                      mask = PCRE
 \&        recipient=bar@foo.tld                   mask = PCRE
 \&        recipient_count=5                       mask = numeric, will match if recipients >= 5
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        # Postfix version 2.2 and later:
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        sasl_method=plain                       mask = PCRE
 \&        sasl_username=you                       mask = PCRE
 \&        sasl_sender=                            mask = PCRE
@@ -466,11 +428,11 @@ for details:
 \&        ccert_subject=blackhole.nowhere.local   mask = PCRE (only if tls verified)
 \&        ccert_issuer=John+20Doe                 mask = PCRE (only if tls verified)
 \&        ccert_fingerprint=AA:BB:CC:DD:EE:...    mask = PCRE (do NOT use "..." here)
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        # Postfix version 2.3 and later:
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        encryption_protocol=TLSv1/SSLv3         mask = PCRE
-\&        encryption_cipher=DHE-RSA-AES256-SHA    mask = PCRE
+\&        encryption_cipher=DHE\-RSA\-AES256\-SHA    mask = PCRE
 \&        encryption_keysize=256                  mask = numeric, will match if keysize >= 256
 \&        ...
 .Ve
@@ -525,9 +487,9 @@ To avoid confusion with regexps or simply for better visibility you can use '!!(
 Request attributes can be compared by preceeding '$$' characters, e.g.:
 .PP
 .Vb 3
-\&        id=R-003 ;  client_name = !! $$helo_name      ;  action=WARN helo does not match DNS
+\&        id=R\-003 ;  client_name = !! $$helo_name      ;  action=WARN helo does not match DNS
 \&        # or
-\&        id=R-003 ;  client_name = !!($$(helo_name))   ;  action=WARN helo does not match DNS
+\&        id=R\-003 ;  client_name = !!($$(helo_name))   ;  action=WARN helo does not match DNS
 .Ve
 .PP
 This is only valid for \s-1PCRE\s0 values (see list above). The comparison will be performed as case insensitive exact match.
@@ -536,17 +498,17 @@ Use the '\-vv' option to debug.
 These special items will be reset for any new rule:
 .PP
 .Vb 5
-\&        rblcount        - contains the number of RBL answers
-\&        rhsblcount      - contains the number of RHSBL answers
-\&        matches         - contains the number of matched items
-\&        dnsbltext       - contains the dns TXT part of all RBL and RHSBL replies in the form
+\&        rblcount        \- contains the number of RBL answers
+\&        rhsblcount      \- contains the number of RHSBL answers
+\&        matches         \- contains the number of matched items
+\&        dnsbltext       \- contains the dns TXT part of all RBL and RHSBL replies in the form
 \&                          rbltype:rblname:<txt>; rbltype:rblname:<txt>; ...
 .Ve
 .PP
 These special items will be changed for any matching rule:
 .PP
 .Vb 1
-\&        request_hits    - contains ids of all matching rules
+\&        request_hits    \- contains ids of all matching rules
 .Ve
 .PP
 This means that it might be necessary to save them, if you plan to use these values in later rules:
@@ -558,15 +520,13 @@ This means that it might be necessary to save them, if you plan to use these val
 \&                rbl=list.dsbl.org, bl.spamcop.net, dnsbl.sorbs.net, zen.spamhaus.org
 \&                rhsbl_client=rddn.dnsbl.net.au, rhsbl.ahbl.org, rhsbl.sorbs.net
 \&                rhsbl_sender=rddn.dnsbl.net.au, rhsbl.ahbl.org, rhsbl.sorbs.net
-.Ve
-.PP
-.Vb 4
+\&
 \&        # compare
 \&        id=RBL02 ; HIT_rhls>=1 ; HIT_rbls>=1 ; action=554 5.7.1 blocked using $$HIT_rhls RHSBLs and $$HIT_rbls RBLs [INFO: $$HIT_txt]
 \&        id=RBL03 ; HIT_rhls>=2               ; action=554 5.7.1 blocked using $$HIT_rhls RHSBLs [INFO: $$HIT_txt]
 \&        id=RBL04 ; HIT_rbls>=2               ; action=554 5.7.1 blocked using $$HIT_rbls RBLs [INFO: $$HIT_txt]
 .Ve
-.Sh "\s-1FILES\s0"
+.SS "\s-1FILES\s0"
 .IX Subsection "FILES"
 Since postfwd1 v1.15 and postfwd2 v0.18 long item lists can be stored in separate files:
 .PP
@@ -604,9 +564,7 @@ and for non pcre (comma separated) items:
 .Vb 2
 \&        id=R003 ;  action=REJECT
 \&                client_address==10.1.1.1, file:/etc/postfwd/blacklisted
-.Ve
-.PP
-.Vb 2
+\&
 \&        id=R004 ;  action=REJECT
 \&                rbl=myrbl.home.local, zen.spamhaus.org, file:/etc/postfwd/rbls_changing
 .Ve
@@ -614,21 +572,21 @@ and for non pcre (comma separated) items:
 You can check your configuration with the \-\-show_config option at the command line:
 .PP
 .Vb 1
-\&        # postfwd --showconfig --rule='action=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1'
+\&        # postfwd \-\-showconfig \-\-rule=\*(Aqaction=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1\*(Aq
 .Ve
 .PP
 should give something like:
 .PP
 .Vb 1
-\&        Rule   0: id->"R-0"; action->"DUNNO"; client_address->"=;10.1.0.0/16, =;194.123.86.10, =;186.4.6.12, =;192.168.2.1"
+\&        Rule   0: id\->"R\-0"; action\->"DUNNO"; client_address\->"=;10.1.0.0/16, =;194.123.86.10, =;186.4.6.12, =;192.168.2.1"
 .Ve
 .PP
 If a file can not be read, it will be ignored:
 .PP
 .Vb 3
-\&        # postfwd --showconfig --rule='action=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1'
-\&        [LOG warning]: error: file /etc/postfwd/wl_clients not found - file will be ignored ?
-\&        Rule   0: id->"R-0"; action->"DUNNO"; client_address->"=;10.1.0.0/16, =;192.168.2.1"
+\&        # postfwd \-\-showconfig \-\-rule=\*(Aqaction=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1\*(Aq
+\&        [LOG warning]: error: file /etc/postfwd/wl_clients not found \- file will be ignored ?
+\&        Rule   0: id\->"R\-0"; action\->"DUNNO"; client_address\->"=;10.1.0.0/16, =;192.168.2.1"
 .Ve
 .PP
 File items are evaluated at configuration stage. Therefore postfwd needs to be reloaded if a file has changed.
@@ -646,43 +604,35 @@ The \-\-showconfig option illustrates the difference:
 .PP
 .Vb 3
 \&        ## evaluated at configuration stage
-\&        # postfwd2 --nodaemon -L --rule='client_address=table:/etc/postfwd/clients; action=dunno' -C
-\&        Rule   0: id->"R-0"; action->"dunno"; client_address->"=;1.1.1.1, =;1.1.1.2, =;1.1.1.3"
-.Ve
-.PP
-.Vb 3
+\&        # postfwd2 \-\-nodaemon \-L \-\-rule=\*(Aqclient_address=table:/etc/postfwd/clients; action=dunno\*(Aq \-C
+\&        Rule   0: id\->"R\-0"; action\->"dunno"; client_address\->"=;1.1.1.1, =;1.1.1.2, =;1.1.1.3"
+\&
 \&        ## evaluated for any rulehit
-\&        # postfwd2 --nodaemon -L --rule='client_address=ltable:/etc/postfwd/clients; action=dunno' -C
-\&        Rule   0: id->"R-0"; action->"dunno"; client_address->"=;ltable:/etc/postfwd/clients"
+\&        # postfwd2 \-\-nodaemon \-L \-\-rule=\*(Aqclient_address=ltable:/etc/postfwd/clients; action=dunno\*(Aq \-C
+\&        Rule   0: id\->"R\-0"; action\->"dunno"; client_address\->"=;ltable:/etc/postfwd/clients"
 .Ve
 .PP
 Files can refer to other files. The following is valid.
 .PP
 .Vb 2
-\&        -- FILE /etc/postfwd/rules.cf --
+\&        \-\- FILE /etc/postfwd/rules.cf \-\-
 \&        id=R001; client_address=file:/etc/postfwd/clients_master.cf; action=DUNNO
-.Ve
-.PP
-.Vb 4
-\&        -- FILE /etc/postfwd/clients_master.cf --
+\&
+\&        \-\- FILE /etc/postfwd/clients_master.cf \-\-
 \&        192.168.1.0/24
 \&        file:/etc/postfwd/clients_east.cf
 \&        file:/etc/postfwd/clients_west.cf
-.Ve
-.PP
-.Vb 2
-\&        -- FILE /etc/postfwd/clients_east.cf --
+\&
+\&        \-\- FILE /etc/postfwd/clients_east.cf \-\-
 \&        192.168.2.0/24
-.Ve
-.PP
-.Vb 2
-\&        -- FILE /etc/postfwd/clients_west.cf --
+\&
+\&        \-\- FILE /etc/postfwd/clients_west.cf \-\-
 \&        192.168.3.0/24
 .Ve
 .PP
-Remind that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
+Note that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
 with postfwd1 v1.15 and postfwd2 v0.18 and higher.
-.Sh "\s-1ACTIONS\s0"
+.SS "\s-1ACTIONS\s0"
 .IX Subsection "ACTIONS"
 \&\fIGeneral\fR
 .PP
@@ -690,9 +640,9 @@ Actions will be executed, when all rule items have matched a request (or at leas
 request attributes by preceeding $$ characters, like:
 .PP
 .Vb 3
-\&        id=R-003; client_name = !!$$helo_name; action=WARN helo '$$helo_name' does not match DNS '$$client_name'
+\&        id=R\-003; client_name = !!$$helo_name; action=WARN helo \*(Aq$$helo_name\*(Aq does not match DNS \*(Aq$$client_name\*(Aq
 \&        # or
-\&        id=R-003; client_name = !!$$helo_name; action=WARN helo '$$(helo_name)' does not match DNS '$$(client_name)'
+\&        id=R\-003; client_name = !!$$helo_name; action=WARN helo \*(Aq$$(helo_name)\*(Aq does not match DNS \*(Aq$$(client_name)\*(Aq
 .Ve
 .PP
 \&\fIpostfix actions\fR
@@ -717,38 +667,32 @@ postfwd actions control the behaviour of the program. Currently you can specify
 .Vb 4
 \&        jump (<id>)
 \&        jumps to rule with id <id>, use this to skip certain rules.
-\&        you can jump backwards - but remember that there is no loop
-\&        detection at the moment! jumps to non-existing ids will be skipped.
-.Ve
-.PP
-.Vb 11
+\&        you can jump backwards \- but remember that there is no loop
+\&        detection at the moment! jumps to non\-existing ids will be skipped.
+\&
 \&        score (<score>)
-\&        the request's score will be modified by the specified <score>,
+\&        the request\*(Aqs score will be modified by the specified <score>,
 \&        which must be a floating point value. the modificator can be either
 \&                +n.nn   adds n.nn to current score
-\&                -n.nn   sustracts n.nn from the current score
+\&                \-n.nn   sustracts n.nn from the current score
 \&                *n.nn   multiplies the current score by n.nn
 \&                /n.nn   divides the current score through n.nn
 \&                =n.nn   sets the current score to n.nn
-\&        if the score exceeds the maximum set by `--scores` option (see
+\&        if the score exceeds the maximum set by \`\-\-scores\` option (see
 \&        COMMAND LINE) or the score item (see ITEMS section), the action
 \&        defined for this case will be returned (default: 5.0=>"REJECT postfwd score exceeded").
-.Ve
-.PP
-.Vb 5
+\&
 \&        set (<item>=<value>,<item>=<value>,...)
 \&        this command allows you to insert or override request attributes, which then may be
 \&        compared to your further ruleset. use this to speed up repeated comparisons to large item lists.
 \&        please see the EXAMPLES section for more information. you may separate multiple key=value pairs
 \&        by "," characters.
-.Ve
-.PP
-.Vb 18
+\&
 \&        rate (<item>/<max>/<time>/<action>)
 \&        this command creates a counter for the given <item>, which will be increased any time a request
 \&        containing it arrives. if it exceeds <max> within <time> seconds it will return <action> to postfix.
 \&        rate counters are very fast as they are executed before the ruleset is parsed.
-\&        please note that <action> is currently limited to postfix actions (no postfwd actions)!
+\&        please note that <action> was limited to postfix actions (no postfwd actions) for postfwd versions <1.33!
 \&            # no more than 3 requests per 5 minutes
 \&            # from the same "unknown" client
 \&            id=RATE01 ;  client_name==unknown
@@ -762,72 +706,69 @@ postfwd actions control the behaviour of the program. Currently you can specify
 \&                # rule R002 never gets executed
 \&                id=R001; action=rcpt(sender/200/3600/WARN state YELLOW for sender $$sender)
 \&                id=R002; action=rcpt(sender/500/3600/REJECT limit of 500 recipients per hour for sender $$sender exceeded)
-.Ve
-.PP
-.Vb 7
+\&
 \&        size (<item>/<max>/<time>/<action>)
 \&        this command works similar to the rate() command with the difference, that the rate counter is
-\&        increased by the request's size attribute. to do this reliably you should call postfwd from
+\&        increased by the request\*(Aqs size attribute. to do this reliably you should call postfwd from
 \&        smtpd_end_of_data_restrictions. if you want to be sure, you could check it within the ruleset:
 \&           # size limit 1.5mb per hour per client
-\&           id=SIZE01 ;  protocol_state==END-OF-MESSAGE ;  client_address!=10.1.1.1
+\&           id=SIZE01 ;  protocol_state==END\-OF\-MESSAGE ;  client_address!=10.1.1.1
 \&              action=size(client_address/1572864/3600/450 4.7.1 sorry, max 1.5mb per hour)
-.Ve
-.PP
-.Vb 8
+\&
 \&        rcpt (<item>/<max>/<time>/<action>)
 \&        this command works similar to the rate() command with the difference, that the rate counter is
-\&        increased by the request's recipient_count attribute. to do this reliably you should call postfwd
+\&        increased by the request\*(Aqs recipient_count attribute. to do this reliably you should call postfwd
 \&        from smtpd_data_restrictions or smtpd_end_of_data_restrictions. if you want to be sure, you could
 \&        check it within the ruleset:
 \&           # recipient count limit 3 per hour per client
-\&           id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address!=10.1.1.1
+\&           id=RCPT01 ;  protocol_state==END\-OF\-MESSAGE ;  client_address!=10.1.1.1
 \&              action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
-.Ve
-.PP
-.Vb 9
+\&
+\&        rate5321,size5321,rcpt5321 (<item>/<max>/<time>/<action>)
+\&        same as the corresponding non\-5321 functions, with the difference that the localpart of
+\&        sender oder recipient addresses are evaluated case\-sensitive according to rfc5321. That
+\&        means that requests from bob@example.local and BoB@example.local will be treated differently
+\&
 \&        ask (<addr>:<port>[:<ignore>])
 \&        allows to delegate the policy decision to another policy service (e.g. postgrey). the first
 \&        and the second argument (address and port) are mandatory. a third optional argument may be
 \&        specified to tell postfwd to ignore certain answers and go on parsing the ruleset:
-\&           # example1: query postgrey and return it's answer to postfix
+\&           # example1: query postgrey and return it\*(Aqs answer to postfix
 \&           id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031)
-\&           # example2: query postgrey but ignore the answer, if it matches 'DUNNO'
-\&           # and continue parsing postfwd's ruleset
+\&           # example2: query postgrey but ignore the answer, if it matches \*(AqDUNNO\*(Aq
+\&           # and continue parsing postfwd\*(Aqs ruleset
 \&           id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)
-.Ve
-.PP
-.Vb 4
+\&
 \&        mail(server/helo/from/to/subject/body)
+\&        This command is deprecated. You should try to use the sendmail() action instead.
 \&        Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
 \&        This basically performs a telnet. No authentication or TLS are available. Additionally it does
 \&        not track notification state and will notify you any time, the corresponding rule hits.
-.Ve
-.PP
-.Vb 3
+\&
+\&        sendmail(sendmail\-path::from::to::subject::body)
+\&        Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+\&        LIMITATIONS: The command does not track notification state and will notify you any time, the
+\&        corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).
+\&
 \&        wait (<delay>)
 \&        pauses the program execution for <delay> seconds. use this for
 \&        delaying or throtteling connections.
-.Ve
-.PP
-.Vb 3
+\&
 \&        note (<string>)
 \&        just logs the given string and continues parsing the ruleset.
 \&        if the string is empty, nothing will be logged (noop).
-.Ve
-.PP
-.Vb 3
+\&
 \&        quit (<code>)
-\&        terminates the program with the given exit-code. postfix doesn`t
+\&        terminates the program with the given exit\-code. postfix doesn\`t
 \&        like that too much, so use it with care.
 .Ve
 .PP
 You can reference to request attributes, like
 .PP
 .Vb 1
-\&        id=R-HELO ;  helo_name=^[^\e.]+$ ;  action=REJECT invalid helo '$$helo_name'
+\&        id=R\-HELO ;  helo_name=^[^\e.]+$ ;  action=REJECT invalid helo \*(Aq$$helo_name\*(Aq
 .Ve
-.Sh "\s-1MACROS/ACLS\s0"
+.SS "\s-1MACROS/ACLS\s0"
 .IX Subsection "MACROS/ACLS"
 Multiple use of long items or combinations of them may be abbreviated by macros. Those must be prefixed by '&&' (two '&' characters).
 First the macros have to be defined as follows:
@@ -840,8 +781,8 @@ Then these may be used in your rules, like:
 .PP
 .Vb 3
 \&        &&RBLS ;  client_name=^unknown$                         ; action=REJECT
-\&        &&RBLS ;  client_name=(\ed+[\e.-_]){4}                    ; action=REJECT
-\&        &&RBLS ;  client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]   ; action=REJECT
+\&        &&RBLS ;  client_name=(\ed+[\e.\-_]){4}                    ; action=REJECT
+\&        &&RBLS ;  client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]   ; action=REJECT
 .Ve
 .PP
 Macros can contain actions, too:
@@ -851,13 +792,13 @@ Macros can contain actions, too:
 \&        &&GONOW { action=REJECT your request caused our spam detection policy to reject this message. More info at http://www.domain.local; };
 \&        # rules
 \&        &&GONOW ;  &&RBLS ;  client_name=^unknown$
-\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.-_]){4}
-\&        &&GONOW ;  &&RBLS ;  client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
+\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.\-_]){4}
+\&        &&GONOW ;  &&RBLS ;  client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
 .Ve
 .PP
 Macros can contain macros, too:
 .PP
-.Vb 16
+.Vb 10
 \&        # definition
 \&        &&RBLS{
 \&                rbl=zen.spamhaus.org
@@ -868,8 +809,8 @@ Macros can contain macros, too:
 \&        };
 \&        &&DYNAMIC{
 \&                client_name=^unknown$
-\&                client_name=(\ed+[\e.-_]){4}
-\&                client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
+\&                client_name=(\ed+[\e.\-_]){4}
+\&                client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
 \&        };
 \&        &&GOAWAY { &&RBLS; &&DYNAMIC; };
 \&        # rules
@@ -877,7 +818,7 @@ Macros can contain macros, too:
 .Ve
 .PP
 Basically macros are simple text substitutions \- see the \*(L"\s-1PARSER\s0\*(R" section for more information.
-.Sh "\s-1PLUGINS\s0"
+.SS "\s-1PLUGINS\s0"
 .IX Subsection "PLUGINS"
 \&\fBDescription\fR
 .PP
@@ -922,13 +863,9 @@ the policy delegation request and therefore may be used in postfwd's ruleset.
 .Vb 2
 \&        # do NOT remove the next line
 \&        %postfwd_items_plugin = (
-.Ve
-.PP
-.Vb 1
-\&                # EXAMPLES - integrated in postfwd. no need to activate them here.
-.Ve
-.PP
-.Vb 8
+\&
+\&                # EXAMPLES \- integrated in postfwd. no need to activate them here.
+\&                
 \&                        # allows to check postfwd version in ruleset
 \&                        "version" => sub {
 \&                                my(%request) = @_;
@@ -937,22 +874,18 @@ the policy delegation request and therefore may be used in postfwd's ruleset.
 \&                                );
 \&                                return %result;
 \&                        },
-.Ve
-.PP
-.Vb 10
+\&                
 \&                        # sender_domain and recipient_domain
 \&                        "address_parts" => sub {
 \&                                my(%request) = @_;
 \&                                my(%result) = ();
 \&                                $request{sender} =~ /@([^@]*)$/;
-\&                                $result{sender_domain} = ($1 || '');
+\&                                $result{sender_domain} = ($1 || \*(Aq\*(Aq);
 \&                                $request{recipient} =~ /@([^@]*)$/;
-\&                                $result{recipient_domain} = ($1 || '');
+\&                                $result{recipient_domain} = ($1 || \*(Aq\*(Aq);
 \&                                return %result;
 \&                        },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        );
 .Ve
@@ -965,51 +898,45 @@ will be used.
 .PP
 .Vb 1
 \&        SYNOPSIS:  <item> => sub { return &{$postfwd_compare{<type>}}(@_); },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        %postfwd_compare_plugin = (
-.Ve
-.PP
-.Vb 1
-\&                EXAMPLES - integrated in postfwd. no need to activate them here.
-.Ve
-.PP
-.Vb 5
+\&
+\&                EXAMPLES \- integrated in postfwd. no need to activate them here.
+\&        
 \&                        # Simple example
 \&                        # SYNOPSIS:  <result> = <item> (return &{$postfwd_compare{<type>}}(@_))
 \&                        "client_address"  => sub { return &{$postfwd_compare{cidr}}(@_); },
 \&                        "size"            => sub { return &{$postfwd_compare{numeric}}(@_); },
 \&                        "recipient_count" => sub { return &{$postfwd_compare{numeric}}(@_); },
-.Ve
-.PP
-.Vb 22
+\&        
 \&                        # Complex example
 \&                        # SYNOPSIS:  <result> = <item>(<operator>, <ruleset value>, <request value>, <request>)
 \&                        "numeric" => sub {
 \&                                my($cmp,$val,$myitem,%request) = @_;
 \&                                my($myresult) = undef;  $myitem ||= "0"; $val ||= "0";
-\&                                if ($cmp eq '==') {
+\&                                if ($cmp eq \*(Aq==\*(Aq) {
 \&                                        $myresult = ($myitem == $val);
-\&                                } elsif ($cmp eq '=<') {
+\&                                } elsif ($cmp eq \*(Aq=<\*(Aq) {
 \&                                        $myresult = ($myitem <= $val);
-\&                                } elsif ($cmp eq '=>') {
+\&                                } elsif ($cmp eq \*(Aq=>\*(Aq) {
 \&                                        $myresult = ($myitem >= $val);
-\&                                } elsif ($cmp eq '!=') {
+\&                                } elsif ($cmp eq \*(Aq<\*(Aq) {
+\&                                        $myresult = ($myitem < $val);
+\&                                } elsif ($cmp eq \*(Aq>\*(Aq) {
+\&                                        $myresult = ($myitem > $val);
+\&                                } elsif ($cmp eq \*(Aq!=\*(Aq) {
 \&                                        $myresult = not($myitem == $val);
-\&                                } elsif ($cmp eq '!<') {
+\&                                } elsif ($cmp eq \*(Aq!<\*(Aq) {
 \&                                        $myresult = not($myitem <= $val);
-\&                                } elsif ($cmp eq '!>') {
+\&                                } elsif ($cmp eq \*(Aq!>\*(Aq) {
 \&                                        $myresult = not($myitem >= $val);
 \&                                } else {
 \&                                        $myresult = ($myitem >= $val);
 \&                                };
 \&                                return $myresult;
 \&                        },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        );
 .Ve
@@ -1022,52 +949,40 @@ continue or to stop parsing the ruleset.
 .Vb 2
 \&        SYNOPSIS:  (<stop rule parsing>, <next rule index>, <return action>, <logprefix>, <request>) =
 \&                        <action> (<current rule index>, <current time>, <command name>, <argument>, <logprefix>, <request>)
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        %postfwd_actions_plugin = (
-.Ve
-.PP
-.Vb 1
-\&                # EXAMPLES - integrated in postfwd. no need to activate them here.
-.Ve
-.PP
-.Vb 7
+\&
+\&                # EXAMPLES \- integrated in postfwd. no need to activate them here.
+\&        
 \&                        # note(<logstring>) command
 \&                        "note"  => sub {
 \&                                my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-\&                                my($myaction) = $default_action; my($stop) = 0;
-\&                                mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+\&                                my($myaction) = \*(Aqdunno\*(Aq; my($stop) = 0;
+\&                                log_info "[RULES] ".$myline." \- note: ".$myarg if $myarg;
 \&                                return ($stop,$index,$myaction,$myline,%request);
 \&                        },
-.Ve
-.PP
-.Vb 7
+\&        
 \&                        # skips next <myarg> rules
 \&                        "skip" => sub {
 \&                                my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-\&                                my($myaction) = $default_action; my($stop) = 0;
+\&                                my($myaction) = \*(Aqdunno\*(Aq; my($stop) = 0;
 \&                                $index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
 \&                                return ($stop,$index,$myaction,$myline,%request);
 \&                        },
-.Ve
-.PP
-.Vb 7
+\&        
 \&                        # dumps current request contents to syslog
 \&                        "dumprequest" => sub {
 \&                                my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-\&                                my($myaction) = $default_action; my($stop) = 0;
-\&                                map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+\&                                my($myaction) = \*(Aqdunno\*(Aq; my($stop) = 0;
+\&                                map { log_info "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
 \&                                return ($stop,$index,$myaction,$myline,%request);
 \&                        },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        );
 .Ve
-.Sh "\s-1COMMAND\s0 \s-1LINE\s0"
+.SS "\s-1COMMAND\s0 \s-1LINE\s0"
 .IX Subsection "COMMAND LINE"
 \&\fIRuleset\fR
 .PP
@@ -1075,13 +990,11 @@ The following arguments are used to specify the source of the postfwd ruleset. T
 that at least one of the following is required for postfwd to work.
 .PP
 .Vb 3
-\&        -f, --file <file>
+\&        \-f, \-\-file <file>
 \&        Reads rules from <file>. Please see the CONFIGURATION section
 \&        below for more information.
-.Ve
-.PP
-.Vb 3
-\&        -r, --rule <rule>
+\&
+\&        \-r, \-\-rule <rule>
 \&        Adds <rule> to ruleset. Remember that you might have to quote
 \&        strings that contain whitespaces or shell characters.
 .Ve
@@ -1089,16 +1002,16 @@ that at least one of the following is required for postfwd to work.
 \&\fIScoring\fR
 .PP
 .Vb 2
-\&        -s, --scores <val>=<action>
-\&        Returns <action> to postfix, when the request's score exceeds <val>
+\&        \-s, \-\-scores <val>=<action>
+\&        Returns <action> to postfix, when the request\*(Aqs score exceeds <val>
 .Ve
 .PP
 Multiple usage is allowed. Just chain your arguments, like:
 .PP
 .Vb 3
-\&        postfwd -r "<item>=<value>;action=<result>" -f <file> -f <file> ...
+\&        postfwd \-r "<item>=<value>;action=<result>" \-f <file> \-f <file> ...
 \&          or
-\&        postfwd --scores 4.5="WARN high score" --scores 5.0="REJECT postfwd score too high" ...
+\&        postfwd \-\-scores 4.5="WARN high score" \-\-scores 5.0="REJECT postfwd score too high" ...
 .Ve
 .PP
 In case of multiple scores, the highest match will count. The order of the arguments will be
@@ -1107,47 +1020,35 @@ reflected in the postfwd ruleset.
 \&\fIControl\fR
 .PP
 .Vb 3
-\&        -d, --daemon
+\&        \-d, \-\-daemon
 \&        postfwd will run as daemon and listen on the network for incoming
 \&        queries (default 127.0.0.1:10040).
-.Ve
-.PP
-.Vb 2
-\&        -k, --kill
+\&
+\&        \-k, \-\-kill
 \&        Stops a running postfwd daemon.
-.Ve
-.PP
-.Vb 2
-\&        --reload
+\&
+\&        \-\-reload
 \&        Reloads configuration.
-.Ve
-.PP
-.Vb 2
-\&        --dumpstats
+\&
+\&        \-\-dumpstats
 \&        Displays program usage statistics.
-.Ve
-.PP
-.Vb 2
-\&        --dumpcache
+\&
+\&        \-\-dumpcache
 \&        Displays cache contents.
-.Ve
-.PP
-.Vb 10
-\&        --delcache <item>
-\&        Removes an item from the request cache. Use --dumpcache to identify objects.
+\&
+\&        \-\-delcache <item>
+\&        Removes an item from the request cache. Use \-\-dumpcache to identify objects.
 \&        E.g.:
-\&                # postfwd --dumpcache
+\&                # postfwd \-\-dumpcache
 \&                ...
-\&                %rate_cache -> %sender=gmato@jqvo.org -> %RATE002+2_600 -> @count    -> '1'
-\&                %rate_cache -> %sender=gmato@jqvo.org -> %RATE002+2_600 -> @maxcount -> '2'
+\&                %rate_cache \-> %sender=gmato@jqvo.org \-> %RATE002+2_600 \-> @count    \-> \*(Aq1\*(Aq
+\&                %rate_cache \-> %sender=gmato@jqvo.org \-> %RATE002+2_600 \-> @maxcount \-> \*(Aq2\*(Aq
 \&                ...
-\&                # postfwd --delrate="sender=gmato@jqvo.org"
-\&                rate cache item 'sender=gmato@jqvo.org' removed
-.Ve
-.PP
-.Vb 2
-\&        --delrate <item>
-\&        Removes an item from the rate cache. Use --dumpcache to identify objects.
+\&                # postfwd \-\-delrate="sender=gmato@jqvo.org"
+\&                rate cache item \*(Aqsender=gmato@jqvo.org\*(Aq removed
+\&
+\&        \-\-delrate <item>
+\&        Removes an item from the rate cache. Use \-\-dumpcache to identify objects.
 .Ve
 .PP
 \&\fINetworking\fR
@@ -1156,76 +1057,54 @@ postfwd can be run as daemon so that it listens on the network for incoming requ
 The following arguments will control it's behaviour in this case.
 .PP
 .Vb 2
-\&        -i, --interface <dev>
+\&        \-i, \-\-interface <dev>
 \&        Bind postfwd to the specified interface (default 127.0.0.1).
-.Ve
-.PP
-.Vb 2
-\&        -p, --port <port>
+\&
+\&        \-p, \-\-port <port>
 \&        postfwd listens on the specified port (default tcp/10040).
-.Ve
-.PP
-.Vb 4
-\&        --proto <type>
-\&        The protocol type for postfwd's socket. Currently you may use 'tcp' or 'unix' here.
+\&
+\&        \-\-proto <type>
+\&        The protocol type for postfwd\*(Aqs socket. Currently you may use \*(Aqtcp\*(Aq or \*(Aqunix\*(Aq here.
 \&        To use postfwd with a unix domain socket, run it as follows:
-\&            postfwd --proto=unix --port=/somewhere/postfwd.socket
-.Ve
-.PP
-.Vb 2
-\&        -u, --user <name>
+\&            postfwd \-\-proto=unix \-\-port=/somewhere/postfwd.socket
+\&
+\&        \-u, \-\-user <name>
 \&        Changes real and effective user to <name>.
-.Ve
-.PP
-.Vb 2
-\&        -g, --group <name>
+\&
+\&        \-g, \-\-group <name>
 \&        Changes real and effective group to <name>.
-.Ve
-.PP
-.Vb 4
-\&        --umask <mask>
+\&
+\&        \-\-umask <mask>
 \&        Changes the umask for filepermissions (unix domain sockets, pidfiles).
-\&        Attention: This is umask, not chmod - you have to specify the bits that
+\&        Attention: This is umask, not chmod \- you have to specify the bits that
 \&        should NOT apply. E.g.: umask 077 equals to chmod 700.
-.Ve
-.PP
-.Vb 3
-\&        -R, --chroot <path>
+\&
+\&        \-R, \-\-chroot <path>
 \&        Chroot the process to the specified path.
-\&        Test this before using - you might need some libs there.
-.Ve
-.PP
-.Vb 2
-\&        --pidfile <path>
+\&        Test this before using \- you might need some libs there.
+\&
+\&        \-\-pidfile <path>
 \&        The process id will be saved in the specified file.
-.Ve
-.PP
-.Vb 2
-\&        --facility <f>
-\&        sets the syslog facility, default is 'mail'
-.Ve
-.PP
-.Vb 3
-\&        --socktype <s>
-\&        sets the Sys::Syslog socktype to 'native', 'inet' or 'unix'.
-\&        Default is to auto-detect this depening on module version and os.
-.Ve
-.PP
-.Vb 3
-\&        -l, --logname <label>
+\&
+\&        \-\-facility <f>
+\&        sets the syslog facility, default is \*(Aqmail\*(Aq
+\&
+\&        \-\-socktype <s>
+\&        sets the Sys::Syslog socktype to \*(Aqnative\*(Aq, \*(Aqinet\*(Aq or \*(Aqunix\*(Aq.
+\&        Default is to auto\-detect this depening on module version and os.
+\&
+\&        \-l, \-\-logname <label>
 \&        Labels the syslog messages. Useful when running multiple
 \&        instances of postfwd.
-.Ve
-.PP
-.Vb 2
-\&        --loglen <int>
+\&
+\&        \-\-loglen <int>
 \&        Truncates any syslog message after <int> characters.
 .Ve
 .PP
 \&\fIPlugins\fR
 .PP
 .Vb 3
-\&        --plugins <file>
+\&        \-\-plugins <file>
 \&        Loads postfwd plugins from file. Please see http://postfwd.org/postfwd.plugins
 \&        or the plugins.postfwd.sample that is available from the tarball for more info.
 .Ve
@@ -1235,200 +1114,147 @@ The following arguments will control it's behaviour in this case.
 These parameters influence the way postfwd is working. Any of them can be combined.
 .PP
 .Vb 4
-\&        -v, --verbose
+\&        \-v, \-\-verbose
 \&        Verbose logging displays a lot of useful information but can cause
 \&        your logfiles to grow noticeably. So use it with caution. Set the option
-\&        twice (-vv) to get more information (logs all request attributes).
-.Ve
-.PP
-.Vb 4
-\&        -c, --cache <int>    (default=600)
+\&        twice (\-vv) to get more information (logs all request attributes).
+\&
+\&        \-c, \-\-cache <int>    (default=600)
 \&        Timeout for request cache, results for identical requests will be
 \&        cached until config is reloaded or this time (in seconds) expired.
 \&        A setting of 0 disables this feature.
-.Ve
-.PP
-.Vb 4
-\&        --cache-no-size
+\&
+\&        \-\-cache\-no\-size
 \&        Ignores size attribute for cache comparisons which will lead to better
-\&        cache-hit rates. You should set this option, if you don't use the size
+\&        cache\-hit rates. You should set this option, if you don\*(Aqt use the size
 \&        item in your ruleset.
-.Ve
-.PP
-.Vb 4
-\&        --cache-no-sender
+\&
+\&        \-\-cache\-no\-sender
 \&        Ignores sender address for cache comparisons which will lead to better
-\&        cache-hit rates. You should set this option, if you don't use the sender
+\&        cache\-hit rates. You should set this option, if you don\*(Aqt use the sender
 \&        item in your ruleset.
-.Ve
-.PP
-.Vb 3
-\&        --cache-rdomain-only 
-\&        This will strip the localpart of the recipient's address before filling the
-\&        cache. This may considerably increase cache-hit rates.
-.Ve
-.PP
-.Vb 3
-\&        --cache-rbl-timeout <timeout>     (default=3600)
+\&
+\&        \-\-cache\-rdomain\-only 
+\&        This will strip the localpart of the recipient\*(Aqs address before filling the
+\&        cache. This may considerably increase cache\-hit rates.
+\&
+\&        \-\-cache\-rbl\-timeout <timeout>     (default=3600)
 \&        This default value will be used as timeout in seconds for rbl cache items,
 \&        if not specified in the ruleset.
-.Ve
-.PP
-.Vb 2
-\&        --cache-rbl-default <pattern>    (default=^127\e.0\e.0\e.\ed+$)
+\&
+\&        \-\-cache\-rbl\-default <pattern>    (default=^127\e.0\e.0\e.\ed+$)
 \&        Matches <pattern> to rbl/rhsbl answers (regexp) if not specified in the ruleset.
-.Ve
-.PP
-.Vb 8
-\&        --cacheid <item>, <item>, ...
-\&        This csv-separated list of request attributes will be used to construct
+\&
+\&        \-\-cacheid <item>, <item>, ...
+\&        This csv\-separated list of request attributes will be used to construct
 \&        the request cache identifier. Use this only, if you know exactly what you
 \&        are doing. If you, for example, use postfwd only for RBL/RHSBL control,
 \&        you may set this to
-\&                postfwd --cache=3600 --cacheid=client_name,client_address
-\&        This increases efficiency of caching and improves postfwd's performance.
+\&                postfwd \-\-cache=3600 \-\-cacheid=client_name,client_address
+\&        This increases efficiency of caching and improves postfwd\*(Aqs performance.
 \&        Warning: You should list all items here, which are used in your ruleset!
-.Ve
-.PP
-.Vb 4
-\&        --cleanup-requests <interval>    (default=600)
+\&
+\&        \-\-cleanup\-requests <interval>    (default=600)
 \&        The request cache will be searched for timed out items after this <interval> in
 \&        seconds. It is a minimum value. The cleanup process will only take place, when
 \&        a new request arrives.
-.Ve
-.PP
-.Vb 4
-\&        --cleanup-rbls <interval>    (default=600)
+\&
+\&        \-\-cleanup\-rbls <interval>    (default=600)
 \&        The rbl cache will be searched for timed out items after this <interval> in
 \&        seconds. It is a minimum value. The cleanup process will only take place, when
 \&        a new request arrives.
-.Ve
-.PP
-.Vb 4
-\&        --cleanup-rates <interval>    (default=600)
+\&
+\&        \-\-cleanup\-rates <interval>    (default=600)
 \&        The rate cache will be searched for timed out items after this <interval> in
 \&        seconds. It is a minimum value. The cleanup process will only take place, when
 \&        a new request arrives.
-.Ve
-.PP
-.Vb 5
-\&        -S, --summary <int>    (default=600)
+\&
+\&        \-S, \-\-summary <int>    (default=600)
 \&        Shows some usage statistics (program uptime, request counter, matching rules)
-\&        every <int> seconds. This option is included by the -v switch.
+\&        every <int> seconds. This option is included by the \-v switch.
 \&        This feature uses the alarm signal, so you can force postfwd to dump the stats
-\&        using `kill -ALRM <pid>` (where <pid> is the process id of postfwd).
-.Ve
-.PP
-.Vb 9
+\&        using \`kill \-ALRM <pid>\` (where <pid> is the process id of postfwd).
+\&
 \&        Example:
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Counters: 213000 seconds uptime, 39 rules
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Requests: 71643 overall, 49 last interval, 62.88% cache hits
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Averages: 20.18 overall, 4.90 last interval, 557.30 top
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Contents: 44 cached requests, 239 cached dnsbl results
-\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R-001   matched: 2704 times
-\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R-002   matched: 9351 times
-\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R-003   matched: 3116 times
+\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R\-001   matched: 2704 times
+\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R\-002   matched: 9351 times
+\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R\-003   matched: 3116 times
 \&        ...
-.Ve
-.PP
-.Vb 3
-\&        --no-rulestats
+\&
+\&        \-\-no\-rulestats
 \&        Disables per rule statistics. Keeps your log clean, if you do not use them.
-\&        This option has no effect without --summary or --verbose set.
-.Ve
-.PP
-.Vb 2
-\&        -L, --stdoutlog
+\&        This option has no effect without \-\-summary or \-\-verbose set.
+\&
+\&        \-L, \-\-stdoutlog
 \&        Redirects all syslog messages to stdout for debugging. Never use this with postfix!
-.Ve
-.PP
-.Vb 3
-\&        -t, --test
+\&
+\&        \-t, \-\-test
 \&        In test mode postfwd always returns "dunno", but logs according
-\&        to it`s ruleset. -v will be set automatically with this option.
-.Ve
-.PP
-.Vb 3
-\&        -n, --nodns
+\&        to it\`s ruleset. \-v will be set automatically with this option.
+\&
+\&        \-n, \-\-nodns
 \&        Disables all DNS based checks like RBL checks. Rules containing
 \&        such elements will be ignored.
-.Ve
-.PP
-.Vb 2
-\&        -n, --nodnslog
+\&
+\&        \-n, \-\-nodnslog
 \&        Disables logging of dns events.
-.Ve
-.PP
-.Vb 3
-\&        --dns_timeout     (default: 14)
+\&
+\&        \-\-dns_timeout     (default: 14)
 \&        Sets the timeout for asynchonous dns queries in seconds. This value will apply to
 \&        all dns items in a rule.
-.Ve
-.PP
-.Vb 3
-\&        --dns_timeout_max    (default: 10)
+\&
+\&        \-\-dns_timeout_max    (default: 10)
 \&        Sets the maximum timeout counter for dnsbl lookups. If the timeouts exceed this value
-\&        the corresponding dnsbl will be deactivated for a while (see --dns_timeout_interval).
-.Ve
-.PP
-.Vb 3
-\&        --dns_timeout_interval    (default=1200)
+\&        the corresponding dnsbl will be deactivated for a while (see \-\-dns_timeout_interval).
+\&
+\&        \-\-dns_timeout_interval    (default=1200)
 \&        The dnsbl timeout counter will be cleaned after this interval in seconds. Use this
-\&        in conjunction with the --dns_timeout_max parameter.
-.Ve
-.PP
-.Vb 4
-\&        --dns_async_txt
+\&        in conjunction with the \-\-dns_timeout_max parameter.
+\&
+\&        \-\-dns_async_txt
 \&        Perform dnsbl A and TXT lookups simultaneously (otherwise only for listings with at
 \&        least one A record). This needs more network bandwidth due to increased queries but
 \&        might increase throughput because the lookups can be parallelized.
-.Ve
-.PP
-.Vb 2
-\&        --dns_max_ns_lookups     (default=0)
+\&
+\&        \-\-dns_max_ns_lookups     (default=0)
 \&        maximum ns names to lookup up with sender_ns_addrs item. use 0 for no maximum.
-.Ve
-.PP
-.Vb 2
-\&        --dns_max_mx_lookups     (default=0)
+\&
+\&        \-\-dns_max_mx_lookups     (default=0)
 \&        maximum mx names to lookup up with sender_mx_addrs item. use 0 for no maximum.
-.Ve
-.PP
-.Vb 6
-\&        -I, --instantcfg
-\&        The config files, specified by -f will be re-read for every request
-\&        postfwd receives. This enables on-the-fly configuration changes
+\&
+\&        \-I, \-\-instantcfg
+\&        The config files, specified by \-f will be re\-read for every request
+\&        postfwd receives. This enables on\-the\-fly configuration changes
 \&        without restarting. Though files will be read only if necessary
 \&        (which means their access times changed since last read) this might
 \&        significantly increase system load.
-.Ve
-.PP
-.Vb 3
-\&        --config_timeout    (default=3)
+\&
+\&        \-\-config_timeout    (default=3)
 \&        timeout in seconds to parse a single configuration line. if exceeded, the rule will
 \&        be skipped. this is used to prevent problems due to large files or loops.
-.Ve
-.PP
-.Vb 4
-\&        --keep_rates    (default=0)
+\&        
+\&        \-\-keep_rates    (default=0)
 \&        With this option set postfwd does not clear the rate limit counters on reload. Please
 \&        note that you have to restart (not reload) postfwd with this option if you change
 \&        any rate limit rules.
-.Ve
-.PP
-.Vb 4
-\&        --save_rates    (default=none)
+\&
+\&        \-\-save_rates    (default=none)
 \&        With this option postfwd saves existing rate limit counters to disk and reloads them
 \&        on program start. This allows persistent rate limits across program restarts or reboots.
 \&        Please note that postfwd needs read and write access to the specified file.
-.Ve
-.PP
-.Vb 5
-\&        --fast_limit_evaluation    (default=0)
+\&
+\&        \-\-fast_limit_evaluation    (default=0)
 \&        Once a ratelimit was set by the ruleset, future requests will be evaluated against it
 \&        before consulting the ruleset. This mode was the default behaviour until v1.30.
 \&        With this mode rate limits will be faster, but also eventually set up
-\&        whitelisting-rules within the ruleset might not work as expected.
+\&        whitelisting\-rules within the ruleset might not work as expected.
+\&        LIMITATIONS: This option does not allow nested postfwd commands like
+\&                action=rate(sender/3/60/wait(3))
+\&        This option doe not work with the strict\-rfc5321 rate() functions.
 .Ve
 .PP
 \&\fIInformational arguments\fR
@@ -1436,35 +1262,27 @@ These parameters influence the way postfwd is working. Any of them can be combin
 These arguments are for command line usage only. Never ever use them with postfix spawn!
 .PP
 .Vb 2
-\&        -C, --showconfig
-\&        Displays the current ruleset. Use -v for verbose output.
-.Ve
-.PP
-.Vb 3
-\&        -P, --perfmon
+\&        \-C, \-\-showconfig
+\&        Displays the current ruleset. Use \-v for verbose output.
+\&
+\&        \-P, \-\-perfmon
 \&        This option turns of any syslogging and output. It is included
 \&        for performance testing.
-.Ve
-.PP
-.Vb 2
-\&        -V, --version
+\&
+\&        \-V, \-\-version
 \&        Displays the program version.
-.Ve
-.PP
-.Vb 2
-\&        -h, --help
+\&
+\&        \-h, \-\-help
 \&        Shows program usage.
-.Ve
-.PP
-.Vb 2
-\&        -m, --manual
+\&
+\&        \-m, \-\-manual
 \&        Displays the program manual.
 .Ve
-.Sh "\s-1REFRESH\s0"
+.SS "\s-1REFRESH\s0"
 .IX Subsection "REFRESH"
 In daemon mode postfwd reloads it's ruleset after receiving a \s-1HUP\s0 signal. Please see the description of
 the '\-I' switch to have your configuration refreshed for every request postfwd receives.
-.Sh "\s-1EXAMPLES\s0"
+.SS "\s-1EXAMPLES\s0"
 .IX Subsection "EXAMPLES"
 .Vb 7
 \&        ## whitelisting
@@ -1474,18 +1292,14 @@ the '\-I' switch to have your configuration refreshed for every request postfwd
 \&        id=WL001; action=dunno ; client_address=192.168.1.0/24, 192.168.2.4
 \&        id=WL002; action=dunno ; client_name=\e.gmx\e.(net|de)$
 \&        id=WL003; action=dunno ; sender=@someshop\e.tld$ ; client_address=11.22.33.44
-.Ve
-.PP
-.Vb 6
+\&
 \&        ## TLS control
 \&        # 1. *@authority.tld only with correct TLS fingerprint
 \&        # 2. *@secret.tld only with keysizes >=64
 \&        id=TL001; action=dunno                          ; sender=@authority\e.tld$ ; ccert_fingerprint=AA:BB:CC..
 \&        id=TL002; action=REJECT wrong TLS fingerprint   ; sender=@authority\e.tld$
 \&        id=TL003; action=REJECT tls keylength < 64      ; sender=@secret\e.tld$ ; encryption_keysize=64
-.Ve
-.PP
-.Vb 10
+\&
 \&        ## Combined RBL checks
 \&        # This will reject mail if
 \&        # 1. listed on ix.dnsbl.manitu.net
@@ -1493,23 +1307,19 @@ the '\-I' switch to have your configuration refreshed for every request postfwd
 \&        # 3. listed on min 2 of bl.spamcop.net, list.dsbl.org, dnsbl.sorbs.net
 \&        # 4. listed on bl.spamcop.net and one of rhsbl.ahbl.org, rhsbl.sorbs.net
 \&        id=RBL01 ; action=REJECT listed on ix.dnsbl.manitu.net  ; rbl=ix.dnsbl.manitu.net
-\&        id=RBL02 ; action=REJECT listed on zen.spamhaus.org     ; rbl=zen.spamhaus.org/127.0.0.[2-8]/1200
+\&        id=RBL02 ; action=REJECT listed on zen.spamhaus.org     ; rbl=zen.spamhaus.org/127.0.0.[2\-8]/1200
 \&        id=RBL03 ; action=REJECT listed on too many RBLs        ; rblcount=2 ; rbl=bl.spamcop.net, list.dsbl.org, dnsbl.sorbs.net
 \&        id=RBL04 ; action=REJECT combined RBL+RHSBL check       ; rbl=bl.spamcop.net ; rhsbl=rhsbl.ahbl.org, rhsbl.sorbs.net
-.Ve
-.PP
-.Vb 8
+\&
 \&        ## Message size (requires message_size_limit to be set to 30000000)
 \&        # 1. 30MB for systems in *.customer1.tld
 \&        # 2. 20MB for SASL user joejob
 \&        # 3. 10MB default
-\&        id=SZ001; protocol_state==END-OF-MESSAGE; action=DUNNO; size<=30000000 ; client_name=\e.customer1.tld$
-\&        id=SZ002; protocol_state==END-OF-MESSAGE; action=DUNNO; size<=20000000 ; sasl_username==joejob
-\&        id=SZ002; protocol_state==END-OF-MESSAGE; action=DUNNO; size<=10000000
-\&        id=SZ100; protocol_state==END-OF-MESSAGE; action=REJECT message too large
-.Ve
-.PP
-.Vb 14
+\&        id=SZ001; protocol_state==END\-OF\-MESSAGE; action=DUNNO; size<=30000000 ; client_name=\e.customer1.tld$
+\&        id=SZ002; protocol_state==END\-OF\-MESSAGE; action=DUNNO; size<=20000000 ; sasl_username==joejob
+\&        id=SZ002; protocol_state==END\-OF\-MESSAGE; action=DUNNO; size<=10000000
+\&        id=SZ100; protocol_state==END\-OF\-MESSAGE; action=REJECT message too large
+\&
 \&        ## Selective Greylisting
 \&        ##
 \&        ## Note that postfwd does not include greylisting. This setup requires a running postgrey service
@@ -1523,20 +1333,16 @@ the '\-I' switch to have your configuration refreshed for every request postfwd
 \&        # 3. Client comes from several dialin domains
 \&        id=GR001; action=check_postgrey ; rbl=dul.dnsbl.sorbs.net, zen.spamhaus.org/127.0.0.1[01]/1200
 \&        id=GR002; action=check_postgrey ; client_name=^unknown$
-\&        id=GR003; action=check_postgrey ; client_name=\e.(t-ipconnect|alicedsl|ish)\e.de$
-.Ve
-.PP
-.Vb 7
+\&        id=GR003; action=check_postgrey ; client_name=\e.(t\-ipconnect|alicedsl|ish)\e.de$
+\&
 \&        ## Date Time
-\&        date=24.12.2007-26.12.2007          ;  action=450 4.7.1 office closed during christmas
-\&        time=04:00:00-05:00:00              ;  action=450 4.7.1 maintenance ongoing, try again later
-\&        time=-07:00:00 ;  sasl_username=jim ;  action=450 4.7.1 to early for you, jim
-\&        time=22:00:00- ;  sasl_username=jim ;  action=450 4.7.1 to late now, jim
-\&        months=-Apr                         ;  action=450 4.7.1 see you in may
-\&        days=!!Mon-Fri                      ;  action=check_postgrey
-.Ve
-.PP
-.Vb 10
+\&        date=24.12.2007\-26.12.2007          ;  action=450 4.7.1 office closed during christmas
+\&        time=04:00:00\-05:00:00              ;  action=450 4.7.1 maintenance ongoing, try again later
+\&        time=\-07:00:00 ;  sasl_username=jim ;  action=450 4.7.1 to early for you, jim
+\&        time=22:00:00\- ;  sasl_username=jim ;  action=450 4.7.1 to late now, jim
+\&        months=\-Apr                         ;  action=450 4.7.1 see you in may
+\&        days=!!Mon\-Fri                      ;  action=check_postgrey
+\&
 \&        ## Usage of jump
 \&        # The following allows a message size of 30MB for different
 \&        # users/clients while others will only have 10MB.
@@ -1545,50 +1351,42 @@ the '\-I' switch to have your configuration refreshed for every request postfwd
 \&        id=R003 ; action=jump(R100) ; ccert_fingerprint=AA:BB:CC:DD:...
 \&        id=R004 ; action=jump(R100) ; ccert_fingerprint=AF:BE:CD:DC:...
 \&        id=R005 ; action=jump(R100) ; ccert_fingerprint=DD:CC:BB:DD:...
-\&        id=R099 ; protocol_state==END-OF-MESSAGE; action=REJECT message too big (max. 10MB); size=10000000
-\&        id=R100 ; protocol_state==END-OF-MESSAGE; action=REJECT message too big (max. 30MB); size=30000000
-.Ve
-.PP
-.Vb 14
+\&        id=R099 ; protocol_state==END\-OF\-MESSAGE; action=REJECT message too big (max. 10MB); size=10000000
+\&        id=R100 ; protocol_state==END\-OF\-MESSAGE; action=REJECT message too big (max. 30MB); size=30000000
+\&
 \&        ## Usage of score
 \&        # The following rejects a mail, if the client
-\&        # - is listed on 1 RBL and 1 RHSBL
-\&        # - is listed in 1 RBL or 1 RHSBL and has no correct rDNS
-\&        # - other clients without correct rDNS will be greylist-checked
-\&        # - some whitelists are used to lower the score
+\&        # \- is listed on 1 RBL and 1 RHSBL
+\&        # \- is listed in 1 RBL or 1 RHSBL and has no correct rDNS
+\&        # \- other clients without correct rDNS will be greylist\-checked
+\&        # \- some whitelists are used to lower the score
 \&        id=S01 ; score=2.6              ; action=check_postgrey
 \&        id=S02 ; score=5.0              ; action=REJECT postfwd score too high
-\&        id=R00 ; action=score(-1.0)     ; rbl=exemptions.ahbl.org,list.dnswl.org,query.bondedsender.org,spf.trusted-forwarder.org
+\&        id=R00 ; action=score(\-1.0)     ; rbl=exemptions.ahbl.org,list.dnswl.org,query.bondedsender.org,spf.trusted\-forwarder.org
 \&        id=R01 ; action=score(2.5)      ; rbl=bl.spamcop.net, list.dsbl.org, dnsbl.sorbs.net
 \&        id=R02 ; action=score(2.5)      ; rhsbl=rhsbl.ahbl.org, rhsbl.sorbs.net
-\&        id=N01 ; action=score(-0.2)     ; client_name==$$helo_name
+\&        id=N01 ; action=score(\-0.2)     ; client_name==$$helo_name
 \&        id=N02 ; action=score(2.7)      ; client_name=^unknown$
 \&        ...
-.Ve
-.PP
-.Vb 8
+\&
 \&        ## Usage of rate and size
 \&        # The following temporary rejects requests from "unknown" clients, if they
 \&        # 1. exceeded 30 requests per hour or
 \&        # 2. tried to send more than 1.5mb within 10 minutes
 \&        id=RATE01 ;  client_name==unknown ;  protocol_state==RCPT
 \&                action=rate(client_address/30/3600/450 4.7.1 sorry, max 30 requests per hour)
-\&        id=SIZE01 ;  client_name==unknown ;  protocol_state==END-OF-MESSAGE
+\&        id=SIZE01 ;  client_name==unknown ;  protocol_state==END\-OF\-MESSAGE
 \&                action=size(client_address/1572864/600/450 4.7.1 sorry, max 1.5mb per 10 minutes)
-.Ve
-.PP
-.Vb 8
+\&
 \&        ## Macros
 \&        # definition
 \&        &&RBLS { rbl=zen.spamhaus.org,list.dsbl.org,bl.spamcop.net,dnsbl.sorbs.net,ix.dnsbl.manitu.net; };
 \&        &&GONOW { action=REJECT your request caused our spam detection policy to reject this message. More info at http://www.domain.local; };
 \&        # rules
 \&        &&GONOW ;  &&RBLS ;  client_name=^unknown$
-\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.-_]){4}
-\&        &&GONOW ;  &&RBLS ;  client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
-.Ve
-.PP
-.Vb 34
+\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.\-_]){4}
+\&        &&GONOW ;  &&RBLS ;  client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
+\&
 \&        ## Groups
 \&        # definition
 \&        &&RBLS{
@@ -1603,8 +1401,8 @@ the '\-I' switch to have your configuration refreshed for every request postfwd
 \&        };
 \&        &&DYNAMIC{
 \&                client_name==unknown
-\&                client_name~=(\ed+[\e.-_]){4}
-\&                client_name~=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
+\&                client_name~=(\ed+[\e.\-_]){4}
+\&                client_name~=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
 \&                ...
 \&        };
 \&        &&BAD_HELO{
@@ -1618,32 +1416,28 @@ the '\-I' switch to have your configuration refreshed for every request postfwd
 \&                date=15.04.2007
 \&                date=15.07.2007
 \&                date=15.10.2007
-\&                time=03:00:00 - 04:00:00
+\&                time=03:00:00 \- 04:00:00
 \&        };
 \&        # rules
 \&        id=COMBINED    ;  &&RBLS ;  &&DYNAMIC ;  action=REJECT dynamic client and listed on RBL
-\&        id=MAINTENANCE ;  &&MAINTENANCE       ;  action=DEFER maintenance time - please try again later
-.Ve
-.PP
-.Vb 8
+\&        id=MAINTENANCE ;  &&MAINTENANCE       ;  action=DEFER maintenance time \- please try again later
+\&        
 \&        # now with the set() command, note that long item
-\&        # lists don't have to be compared twice
+\&        # lists don\*(Aqt have to be compared twice
 \&        id=RBL01    ;  &&RBLS      ;  action=set(HIT_rbls=1)
 \&        id=HELO01   ;  &&BAD_HELO  ;  action=set(HIT_helo=1)
 \&        id=DYNA01   ;  &&DYNAMIC   ;  action=set(HIT_dyna=1)
 \&        id=REJECT01 ;  HIT_rbls==1 ;  HIT_helo==1  ; action=REJECT please see http://some.org/info?reject=01 for more info
 \&        id=REJECT02 ;  HIT_rbls==1 ;  HIT_dyna==1  ; action=REJECT please see http://some.org/info?reject=02 for more info
 \&        id=REJECT03 ;  HIT_helo==1 ;  HIT_dyna==1  ; action=REJECT please see http://some.org/info?reject=03 for more info
-.Ve
-.PP
-.Vb 5
+\&
 \&        ## combined with enhanced rbl features
 \&        #
 \&        id=RBL01 ; rhsblcount=all ; rblcount=all ; &&RBLS ; &&RHSBLS
 \&             action=set(HIT_dnsbls=$$rhsblcount,HIT_dnsbls+=$$rblcount,HIT_dnstxt=$$dnsbltext)
 \&        id=RBL02 ; HIT_dnsbls>=2  ; action=554 5.7.1 blocked using $$HIT_dnsbls DNSBLs [INFO: $$HIT_dnstxt]
 .Ve
-.Sh "\s-1PARSER\s0"
+.SS "\s-1PARSER\s0"
 .IX Subsection "PARSER"
 \&\fIConfiguration\fR
 .PP
@@ -1651,47 +1445,47 @@ The postfwd ruleset can be specified at the commandline (\-r option) or be read
 check the parser with the \-C | \-\-showconfig switch at the command line before applying a new config. The following call:
 .PP
 .Vb 4
-\&        postfwd --showconfig \e
-\&                -r "id=TEST; recipient_count=100; action=WARN mail with 100+ recipients" \e
-\&                -f /etc/postfwd.cf \e
-\&                -r "id=DEFAULT; action=dunno";
+\&        postfwd \-\-showconfig \e
+\&                \-r "id=TEST; recipient_count=100; action=WARN mail with 100+ recipients" \e
+\&                \-f /etc/postfwd.cf \e
+\&                \-r "id=DEFAULT; action=dunno";
 .Ve
 .PP
 will produce the following output:
 .PP
 .Vb 5
-\&        Rule   0: id->"TEST" action->"WARN mail with 100+ recipients"; recipient_count->"100"
+\&        Rule   0: id\->"TEST" action\->"WARN mail with 100+ recipients"; recipient_count\->"100"
 \&        ...
 \&        ... <content of /etc/postfwd.cf> ...
 \&        ...
-\&        Rule <n>: id->"DEFAULT" action->"dunno"
+\&        Rule <n>: id\->"DEFAULT" action\->"dunno"
 .Ve
 .PP
 Multiple items of the same type will be added to lists (see the \*(L"\s-1ITEMS\s0\*(R" section for more info):
 .PP
 .Vb 2
-\&        postfwd --showconfig \e
-\&                -r "client_address=192.168.1.0/24; client_address=172.16.26.32; action=dunno"
+\&        postfwd \-\-showconfig \e
+\&                \-r "client_address=192.168.1.0/24; client_address=172.16.26.32; action=dunno"
 .Ve
 .PP
 will result in:
 .PP
 .Vb 1
-\&        Rule   0: id->"R-0"; action->"dunno"; client_address->"192.168.1.0/24, 172.16.26.32"
+\&        Rule   0: id\->"R\-0"; action\->"dunno"; client_address\->"192.168.1.0/24, 172.16.26.32"
 .Ve
 .PP
 Macros are evaluated at configuration stage, which means that
 .PP
 .Vb 3
-\&        postfwd --showconfig \e
-\&                -r "&&RBLS { rbl=bl.spamcop.net; client_name=^unknown$; };" \e
-\&                -r "id=RBL001; &&RBLS; action=REJECT listed on spamcop and bad rdns";
+\&        postfwd \-\-showconfig \e
+\&                \-r "&&RBLS { rbl=bl.spamcop.net; client_name=^unknown$; };" \e
+\&                \-r "id=RBL001; &&RBLS; action=REJECT listed on spamcop and bad rdns";
 .Ve
 .PP
 will result in:
 .PP
 .Vb 1
-\&        Rule   0: id->"RBL001"; action->"REJECT listed on spamcop and bad rdns"; rbl->"bl.spamcop.net"; client_name->"^unknown$"
+\&        Rule   0: id\->"RBL001"; action\->"REJECT listed on spamcop and bad rdns"; rbl\->"bl.spamcop.net"; client_name\->"^unknown$"
 .Ve
 .PP
 \&\fIRequest processing\fR
@@ -1714,21 +1508,21 @@ equals to
 Lists will be evaluated in the specified order. This allows to place faster expressions at first:
 .PP
 .Vb 1
-\&        postfwd -vv -L -r "id=RBL001; rbl=localrbl.local zen.spamhaus.org; action=REJECT" /some/where/request.sample
+\&        postfwd \-vv \-L \-r "id=RBL001; rbl=localrbl.local zen.spamhaus.org; action=REJECT" /some/where/request.sample
 .Ve
 .PP
 produces the following
 .PP
 .Vb 11
-\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  ->  "localrbl.local"
-\&        [LOGS info]: count1 rbl:  "2"  ->  "0"
+\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  \->  "localrbl.local"
+\&        [LOGS info]: count1 rbl:  "2"  \->  "0"
 \&        [LOGS info]: query rbl:   localrbl.local 7.1.10.68 (7.1.10.68.localrbl.local)
-\&        [LOGS info]: count2 rbl:  "2"  ->  "0"
+\&        [LOGS info]: count2 rbl:  "2"  \->  "0"
 \&        [LOGS info]: match rbl:   FALSE
-\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  ->  "zen.spamhaus.org"
-\&        [LOGS info]: count1 rbl:  "2"  ->  "0"
+\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  \->  "zen.spamhaus.org"
+\&        [LOGS info]: count1 rbl:  "2"  \->  "0"
 \&        [LOGS info]: query rbl:   zen.spamhaus.org 7.1.10.68 (7.1.10.68.zen.spamhaus.org)
-\&        [LOGS info]: count2 rbl:  "2"  ->  "0"
+\&        [LOGS info]: count2 rbl:  "2"  \->  "0"
 \&        [LOGS info]: match rbl:   FALSE
 \&        [LOGS info]: Action: dunno
 .Ve
@@ -1736,15 +1530,15 @@ produces the following
 The negation operator !!(<value>) has the highest priority and therefore will be evaluated first. Then variable substitutions are performed:
 .PP
 .Vb 1
-\&        postfwd -vv -L -r "id=TEST; action=REJECT; client_name=!!($$heloname)" /some/where/request.sample
+\&        postfwd \-vv \-L \-r "id=TEST; action=REJECT; client_name=!!($$heloname)" /some/where/request.sample
 .Ve
 .PP
 will give
 .PP
 .Vb 5
-\&        [LOGS info]: compare client_name:     "unknown"  ->  "!!($$helo_name)"
-\&        [LOGS info]: negate client_name:      "unknown"  ->  "$$helo_name"
-\&        [LOGS info]: substitute client_name:  "unknown"  ->  "english-breakfast.cloud8.net"
+\&        [LOGS info]: compare client_name:     "unknown"  \->  "!!($$helo_name)"
+\&        [LOGS info]: negate client_name:      "unknown"  \->  "$$helo_name"
+\&        [LOGS info]: substitute client_name:  "unknown"  \->  "english\-breakfast.cloud8.net"
 \&        [LOGS info]: match client_name:  TRUE
 \&        [LOGS info]: Action: REJECT
 .Ve
@@ -1764,7 +1558,7 @@ The parser evaluates the given action and continues with the next rule (except f
 for more information). Nothing will be sent to postfix.
 .PP
 If no rule has matched and the end of the ruleset is reached postfwd will return dunno without logging anything unless in verbose mode. You may
-simply place a last `catch\-all´ rule to change that behaviour:
+simply place a last `catch\-allA\*^X rule to change that behaviour:
 .PP
 .Vb 2
 \&        ... <your rules> ...
@@ -1772,7 +1566,7 @@ simply place a last `catch\-all´ rule to change that behaviour:
 .Ve
 .PP
 will log any request that passes the ruleset without having hit a prior rule.
-.Sh "\s-1INTEGRATION\s0"
+.SS "\s-1INTEGRATION\s0"
 .IX Subsection "INTEGRATION"
 \&\fIIntegration via daemon mode\fR
 .PP
@@ -1781,7 +1575,7 @@ As postfwd will run in a single instance (multiplexing mode), it will take most
 it`s internal caching in that case. Start postfwd with the following parameters:
 .PP
 .Vb 1
-\&        postfwd -d -f /etc/postfwd.cf -i 127.0.0.1 -p 10040 -u nobody -g nobody -S
+\&        postfwd \-d \-f /etc/postfwd.cf \-i 127.0.0.1 \-p 10040 \-u nobody \-g nobody \-S
 .Ve
 .PP
 For efficient caching you should check if you can use the options \-\-cache\-rdomain\-only, \-\-cache\-no\-sender
@@ -1802,17 +1596,17 @@ and use `netstat \-an|grep 10040` to check for something like
 If everything works, open your postfix main.cf and insert the following
 .PP
 .Vb 4
-\&        127.0.0.1:10040_time_limit      = 3600                                          <--- integration
-\&        smtpd_recipient_restrictions    = permit_mynetworks                             <--- recommended
-\&                                          reject_unauth_destination                     <--- recommended
-\&                                          check_policy_service inet:127.0.0.1:10040     <--- integration
+\&        127.0.0.1:10040_time_limit      = 3600                                          <\-\-\- integration
+\&        smtpd_recipient_restrictions    = permit_mynetworks                             <\-\-\- recommended
+\&                                          reject_unauth_destination                     <\-\-\- recommended
+\&                                          check_policy_service inet:127.0.0.1:10040     <\-\-\- integration
 .Ve
 .PP
 Reload your configuration with `postfix reload` and watch your logs. In it works you should see
 lines like the following in your mail log:
 .PP
 .Vb 1
-\&        Aug  9 23:01:24 mail postfwd[5158]: rule=22, id=ML_POSTFIX, client=english-breakfast.cloud9.net[168.100.1.7], sender=owner-postfix-users@postfix.tld, recipient=someone@domain.local, helo=english-breakfast.cloud9.net, proto=ESMTP, state=RCPT, action=dunno
+\&        Aug  9 23:01:24 mail postfwd[5158]: rule=22, id=ML_POSTFIX, client=english\-breakfast.cloud9.net[168.100.1.7], sender=owner\-postfix\-users@postfix.tld, recipient=someone@domain.local, helo=english\-breakfast.cloud9.net, proto=ESMTP, state=RCPT, action=dunno
 .Ve
 .PP
 If you want to check for size or rcpt_count items you must integrate postfwd in smtp_data_restrictions or
@@ -1829,17 +1623,15 @@ Then postmap that file (`postmap hash:/etc/postfix/policy`), open your main.cf a
 .PP
 .Vb 3
 \&        # Restriction Classes
-\&        smtpd_restriction_classes       = postfwdcheck, <some more>...                          <--- integration
-\&        postfwdcheck                    = check_policy_service inet:127.0.0.1:10040             <--- integration
-.Ve
-.PP
-.Vb 6
-\&        127.0.0.1:10040_time_limit      = 3600                                                  <--- integration
-\&        smtpd_recipient_restrictions    = permit_mynetworks,                                    <--- recommended
-\&                                          reject_unauth_destination,                            <--- recommended
-\&                                          ...                                                   <--- optional
-\&                                          check_recipient_access hash:/etc/postfix/policy,      <--- integration
-\&                                          ...                                                   <--- optional
+\&        smtpd_restriction_classes       = postfwdcheck, <some more>...                          <\-\-\- integration
+\&        postfwdcheck                    = check_policy_service inet:127.0.0.1:10040             <\-\-\- integration
+\&
+\&        127.0.0.1:10040_time_limit      = 3600                                                  <\-\-\- integration
+\&        smtpd_recipient_restrictions    = permit_mynetworks,                                    <\-\-\- recommended
+\&                                          reject_unauth_destination,                            <\-\-\- recommended
+\&                                          ...                                                   <\-\-\- optional
+\&                                          check_recipient_access hash:/etc/postfix/policy,      <\-\-\- integration
+\&                                          ...                                                   <\-\-\- optional
 .Ve
 .PP
 Reload postfix and watch your logs.
@@ -1864,7 +1656,7 @@ Then create a file '/etc/xinetd.d/postfwd':
 \&                wait            = no
 \&                user            = nobody
 \&                server          = /usr/local/bin/postfwd
-\&                server_args     = -f /etc/postfwd.cf
+\&                server_args     = \-f /etc/postfwd.cf
 \&                disable         = no
 \&        }
 .Ve
@@ -1874,19 +1666,19 @@ you might want to check your system's log for xinetd errors like \*(L"socket alr
 .PP
 The integration with postfix is similar to the \fIIntegration via daemon mode\fR section above.
 Reload postfix and watch your logs to see if everything works.
-.Sh "\s-1TESTING\s0"
+.SS "\s-1TESTING\s0"
 .IX Subsection "TESTING"
 First you have to create a ruleset (see Configuration section). Check it with
 .PP
 .Vb 1
-\&        postfwd -f /etc/postfwd.cf -C
+\&        postfwd \-f /etc/postfwd.cf \-C
 .Ve
 .PP
 There is an example policy request distributed with postfwd, called 'request.sample'.
 Simply change it to meet your requirements and use
 .PP
 .Vb 1
-\&        postfwd -f /etc/postfwd.cf <request.sample
+\&        postfwd \-f /etc/postfwd.cf <request.sample
 .Ve
 .PP
 You should get an answer like
@@ -1903,20 +1695,20 @@ For network tests I use netcat:
 .PP
 to send a request to postfwd. If you receive nothing, make sure that postfwd is running and
 listening on the specified network settings.
-.Sh "\s-1PERFORMANCE\s0"
+.SS "\s-1PERFORMANCE\s0"
 .IX Subsection "PERFORMANCE"
 Some of these proposals might not match your environment. Please check your requirements and test new options carefully!
 .PP
 .Vb 7
-\&        - use caching options
-\&        - use the correct match operator ==, <=, >=
-\&        - use ^ and/or $ in regular expressions
-\&        - use item lists (faster than single rules)
-\&        - use set() action on repeated item lists
-\&        - use jumps and rate limits
-\&        - use a pre-lookup rule for rbl/rhsbls with empty note() action
+\&        \- use caching options
+\&        \- use the correct match operator ==, <=, >=
+\&        \- use ^ and/or $ in regular expressions
+\&        \- use item lists (faster than single rules)
+\&        \- use set() action on repeated item lists
+\&        \- use jumps and rate limits
+\&        \- use a pre\-lookup rule for rbl/rhsbls with empty note() action
 .Ve
-.Sh "\s-1SEE\s0 \s-1ALSO\s0"
+.SS "\s-1SEE\s0 \s-1ALSO\s0"
 .IX Subsection "SEE ALSO"
 See <http://www.postfix.org/SMTPD_POLICY_README.html> for a description
 of how Postfix policy servers work.
diff --git a/man/man8/postfwd2.8 b/man/man8/postfwd2.8
index 77ab7ae..11319fd 100644
--- a/man/man8/postfwd2.8
+++ b/man/man8/postfwd2.8
@@ -1,15 +1,7 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
@@ -25,11 +17,11 @@
 ..
 .\" Set up some character translations and predefined strings.  \*(-- will
 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
-.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
-.\" expand to `' in nroff, nothing in troff, for use with C<>.
-.tr \(*W-|\(bv\*(Tr
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
 .    ds -- \(*W-
@@ -48,22 +40,25 @@
 .    ds R" ''
 'br\}
 .\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
 .\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.if \nF \{\
+.ie \nF \{\
 .    de IX
 .    tm Index:\\$1\t\\n%\t"\\$2"
 ..
 .    nr % 0
 .    rr F
 .\}
-.\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.hy 0
-.if n .na
+.el \{\
+.    de IX
+..
+.\}
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +124,11 @@
 .\" ========================================================================
 .\"
 .IX Title "POSTFWD2-ALL-IN-ONE 1"
-.TH POSTFWD2-ALL-IN-ONE 1 "2011-12-18" "perl v5.8.5" "User Contributed Perl Documentation"
+.TH POSTFWD2-ALL-IN-ONE 1 "2013-04-18" "perl v5.14.2" "User Contributed Perl Documentation"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
 .SH "NAME"
 postfwd2 \- postfix firewall daemon
 .SH "SYNOPSIS"
@@ -138,134 +137,116 @@ postfwd2 \- postfix firewall daemon
 .PP
 .Vb 4
 \&        Ruleset: (at least one, multiple use is allowed):
-\&        -f, --file <file>               reads rules from <file>
-\&        -r, --rule <rule>               adds <rule> to config
-\&        -s, --scores <v>=<r>            returns <r> when score exceeds <v>
-.Ve
-.PP
-.Vb 14
+\&        \-f, \-\-file <file>               reads rules from <file>
+\&        \-r, \-\-rule <rule>               adds <rule> to config
+\&        \-s, \-\-scores <v>=<r>            returns <r> when score exceeds <v>
+\&
 \&        Server:
-\&        -i, --interface <dev>           listen on interface <dev>
-\&        -p, --port <port>               listen on port <port>
-\&            --proto <proto>             socket type (tcp or unix)
-\&            --server_socket <sock>      e.g. tcp:127.0.0.1:10045
-\&        -u, --user <name>               set uid to user <name>
-\&        -g, --group <name>              set gid to group <name>
-\&            --umask <mask>              umask for master filepermissions
-\&            --server_umask <mask>       umask for server filepermissions
-\&            --pidfile <path>            create pidfile under <path>
-\&            --min_servers <i>           spawn at least <i> children
-\&            --max_servers <i>           do not spawn more than <i> children
-\&            --min_spare_servers <i>     minimum idle children
-\&            --max_spare_servers <i>     maximum idle children
-.Ve
-.PP
-.Vb 16
+\&        \-i, \-\-interface <dev>           listen on interface <dev>
+\&        \-p, \-\-port <port>               listen on port <port>
+\&            \-\-proto <proto>             socket type (tcp or unix)
+\&            \-\-server_socket <sock>      e.g. tcp:127.0.0.1:10045
+\&        \-u, \-\-user <name>               set uid to user <name>
+\&        \-g, \-\-group <name>              set gid to group <name>
+\&            \-\-umask <mask>              umask for master filepermissions
+\&            \-\-server_umask <mask>       umask for server filepermissions
+\&            \-\-pidfile <path>            create pidfile under <path>
+\&            \-\-min_servers <i>           spawn at least <i> children
+\&            \-\-max_servers <i>           do not spawn more than <i> children
+\&            \-\-min_spare_servers <i>     minimum idle children
+\&            \-\-max_spare_servers <i>     maximum idle children
+\&
 \&        Cache:
-\&        -c, --cache <int>               sets the request-cache timeout to <int> seconds
-\&            --cleanup-requests <int>    cleanup interval in seconds for request cache
-\&            --cache_interface <dev>     listen on interface <dev>
-\&            --cache_port <port>         listen on port <port>
-\&            --cache_proto <proto>       socket type (tcp or unix)
-\&            --cache_socket <sock>       e.g. tcp:127.0.0.1:10043
-\&            --cache_umask <mask>        umask for cache filepermissions
-\&            --cacheid <list>            list of request items for cache-id
-\&            --cache-rdomain-only        skip recipient localpart for cache-id
-\&            --cache-no-sender           skip sender address for cache-id
-\&            --cache-no-size             skip size for cache-id
-\&            --no_parent_request_cache   disable parent request cache
-\&            --no_parent_rate_cache      disable parent rate cache
-\&            --no_parent_dns_cache       disable parent dns cache (default)
-\&            --no_parent_cache           disable all parent caches
-.Ve
-.PP
-.Vb 2
+\&        \-c, \-\-cache <int>               sets the request\-cache timeout to <int> seconds
+\&            \-\-cleanup\-requests <int>    cleanup interval in seconds for request cache
+\&            \-\-cache_interface <dev>     listen on interface <dev>
+\&            \-\-cache_port <port>         listen on port <port>
+\&            \-\-cache_proto <proto>       socket type (tcp or unix)
+\&            \-\-cache_socket <sock>       e.g. tcp:127.0.0.1:10043
+\&            \-\-cache_umask <mask>        umask for cache filepermissions
+\&            \-\-cacheid <list>            list of request items for cache\-id
+\&            \-\-cache\-rdomain\-only        skip recipient localpart for cache\-id
+\&            \-\-cache\-no\-sender           skip sender address for cache\-id
+\&            \-\-cache\-no\-size             skip size for cache\-id
+\&            \-\-no_parent_request_cache   disable parent request cache
+\&            \-\-no_parent_rate_cache      disable parent rate cache
+\&            \-\-no_parent_dns_cache       disable parent dns cache (default)
+\&            \-\-no_parent_cache           disable all parent caches
+\&
 \&        Rates:
-\&            --cleanup-rates <int>       cleanup interval in seconds for rate cache
-.Ve
-.PP
-.Vb 12
+\&            \-\-cleanup\-rates <int>       cleanup interval in seconds for rate cache
+\&
 \&        Control:
-\&        -k, --kill, --stop              terminate postfwd2
-\&            --reload, --hup             reload postfwd2
-\&            --watchdog <w>              watchdog timer in seconds
-\&            --respawn <r>               respawn delay in seconds
-\&            --failures <f>              max respawn failure counter
-\&            --daemons <list>            list of daemons to start
-\&            --dumpcache                 show cache contents
-\&            --dumpstats                 show statistics
-\&        -R, --chroot <path>             chroot to <path> before start
-\&            --delcache <item>           removes an item from the request cache
-\&            --delrate <item>            removes an item from the rate cache
-.Ve
-.PP
-.Vb 11
+\&        \-k, \-\-kill, \-\-stop              terminate postfwd2
+\&            \-\-reload, \-\-hup             reload postfwd2
+\&            \-\-watchdog <w>              watchdog timer in seconds
+\&            \-\-respawn <r>               respawn delay in seconds
+\&            \-\-failures <f>              max respawn failure counter
+\&            \-\-daemons <list>            list of daemons to start
+\&            \-\-dumpcache                 show cache contents
+\&            \-\-dumpstats                 show statistics
+\&        \-R, \-\-chroot <path>             chroot to <path> before start
+\&            \-\-delcache <item>           removes an item from the request cache
+\&            \-\-delrate <item>            removes an item from the rate cache
+\&
 \&        DNS:
-\&        -n, --nodns                     skip any dns based test
-\&            --dns_timeout <i>           dns query timeout in seconds
-\&            --dns_timeout_max <i>       disable dnsbl after <i> timeouts
-\&            --dns_timeout_interval <i>  reenable dnsbl after <i> seconds
-\&            --cache-rbl-timeout <i>     default dns ttl if not specified in ruleset
-\&            --cache-rbl-default <s>     default dns pattern if not specified in ruleset
-\&            --cleanup-rbls <i>          cleanup old dns cache items every <i> seconds
-\&            --dns_async_txt             perform dnsbl A and TXT lookups simultaneously
-\&            --dns_max_ns_lookups        max names to look up with sender_ns_addrs
-\&            --dns_max_mx_lookups        max names to look up with sender_mx_addrs
-.Ve
-.PP
-.Vb 10
+\&        \-n, \-\-nodns                     skip any dns based test
+\&            \-\-dns_timeout <i>           dns query timeout in seconds
+\&            \-\-dns_timeout_max <i>       disable dnsbl after <i> timeouts
+\&            \-\-dns_timeout_interval <i>  reenable dnsbl after <i> seconds
+\&            \-\-cache\-rbl\-timeout <i>     default dns ttl if not specified in ruleset
+\&            \-\-cache\-rbl\-default <s>     default dns pattern if not specified in ruleset
+\&            \-\-cleanup\-rbls <i>          cleanup old dns cache items every <i> seconds
+\&            \-\-dns_async_txt             perform dnsbl A and TXT lookups simultaneously
+\&            \-\-dns_max_ns_lookups        max names to look up with sender_ns_addrs
+\&            \-\-dns_max_mx_lookups        max names to look up with sender_mx_addrs
+\&
 \&        Optional:
-\&        -t, --test                      testing, always returns "dunno"
-\&        -S, --summary <i>               show stats every <i> seconds
-\&            --noidlestats               disables statistics when idle
-\&            --norulestats               disables per rule statistics
-\&        -I, --instantcfg                reloads ruleset on every new request
-\&            --config_timeout <i>        parser timeout in seconds
-\&            --keep_rates                do not clear rate limit counters on reload
-\&            --save_rates <file>         save and load rate limits on disk
-\&            --fast_limit_evaluation     evaluate rate limits before ruleset is parsed
-.Ve
-.PP
-.Vb 2
+\&        \-t, \-\-test                      testing, always returns "dunno"
+\&        \-S, \-\-summary <i>               show stats every <i> seconds
+\&            \-\-noidlestats               disables statistics when idle
+\&            \-\-norulestats               disables per rule statistics
+\&        \-I, \-\-instantcfg                reloads ruleset on every new request
+\&            \-\-config_timeout <i>        parser timeout in seconds
+\&            \-\-keep_rates                do not clear rate limit counters on reload
+\&            \-\-save_rates <file>         save and load rate limits on disk
+\&            \-\-fast_limit_evaluation     evaluate rate limits before ruleset is parsed
+\&                                        (please note the limitations)
+\&
+\&
 \&        Plugins:
-\&            --plugins <file>            loads postfwd plugins from file
-.Ve
-.PP
-.Vb 10
+\&            \-\-plugins <file>            loads postfwd plugins from file
+\&
 \&        Logging:
-\&        -l, --logname <label>           label for syslog messages
-\&            --facility <s>              use syslog facility <s>
-\&            --socktype <s>              use syslog socktype <s>
-\&            --nodnslog                  do not log dns results
-\&            --anydnslog                 log any dns (even cached) results
-\&            --norulelog                 do not log rule actions
-\&            --nolog|--perfmon           no logging at all
-\&        -v, --verbose                   verbose logging, use twice to increase
-\&            --debug <s>                 list of debugging classes
-.Ve
-.PP
-.Vb 8
-\&        Information (use only at command-line!):
-\&        -h, --help                      display this help and exit
-\&        -m, --manual                    shows program manual
-\&        -V, --version                   output version information and exit
-\&        -D, --defaults                  show postfwd2 settings and exit
-\&        -C, --showconfig                show postfwd2 ruleset and exit (-v allowed)
-\&        -L, --stdout                    redirect syslog messages to stdout
-\&        -q, --quiet                     no syslogging, no stdout (-P works for compatibility)
-.Ve
-.PP
-.Vb 2
+\&        \-l, \-\-logname <label>           label for syslog messages
+\&            \-\-facility <s>              use syslog facility <s>
+\&            \-\-socktype <s>              use syslog socktype <s>
+\&            \-\-nodnslog                  do not log dns results
+\&            \-\-anydnslog                 log any dns (even cached) results
+\&            \-\-norulelog                 do not log rule actions
+\&            \-\-nolog|\-\-perfmon           no logging at all
+\&        \-v, \-\-verbose                   verbose logging, use twice to increase
+\&            \-\-debug <s>                 list of debugging classes
+\&
+\&        Information (use only at command\-line!):
+\&        \-h, \-\-help                      display this help and exit
+\&        \-m, \-\-manual                    shows program manual
+\&        \-V, \-\-version                   output version information and exit
+\&        \-D, \-\-defaults                  show postfwd2 settings and exit
+\&        \-C, \-\-showconfig                show postfwd2 ruleset and exit (\-v allowed)
+\&        \-L, \-\-stdout                    redirect syslog messages to stdout
+\&        \-q, \-\-quiet                     no syslogging, no stdout (\-P works for compatibility)
+\&
 \&        Obsolete (only for compatibility with postfwd v1):
-\&        -d|--daemon, --shortlog, --dns_queuesize, --dns_retries
+\&        \-d|\-\-daemon, \-\-shortlog, \-\-dns_queuesize, \-\-dns_retries
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-.Sh "\s-1INTRODUCTION\s0"
+.SS "\s-1INTRODUCTION\s0"
 .IX Subsection "INTRODUCTION"
 postfwd2 is written to combine complex postfix restrictions in a ruleset similar to those of the most firewalls.
 The program uses the postfix policy delegation protocol to control access to the mail system before a message
-has been accepted (please visit <http://www.postfix.org/SMTPD_POLICY_README.html> for more information). 
+has been accepted (please visit <http://www.postfix.org/SMTPD_POLICY_README.html> for more information).
 .PP
 postfwd2 allows you to choose an action (e.g. reject, dunno) for a combination of several smtp parameters
 (like sender and recipient address, size or the client's \s-1TLS\s0 fingerprint). Also it offers simple macros/acls
@@ -288,7 +269,7 @@ which should allow straightforward and easy-to-read configurations.
 * Internal caching for requests and dns lookups
 .PP
 * Built in statistics for rule efficiency analysis
-.Sh "\s-1CONFIGURATION\s0"
+.SS "\s-1CONFIGURATION\s0"
 .IX Subsection "CONFIGURATION"
 A configuration line consists of optional item=value pairs, separated by semicolons
 (`;`) and the appropriate desired action:
@@ -312,11 +293,13 @@ is not important. So the following would lead to the same result as the previous
 .PP
 The way how request items are compared to the ruleset can be influenced in the following way:
 .PP
-.Vb 11
+.Vb 10
 \&        ====================================================================
 \&         ITEM == VALUE                true if ITEM equals VALUE
 \&         ITEM => VALUE                true if ITEM >= VALUE
 \&         ITEM =< VALUE                true if ITEM <= VALUE
+\&         ITEM >  VALUE                true if ITEM >  VALUE
+\&         ITEM <  VALUE                true if ITEM <  VALUE
 \&         ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
 \&         ITEM != VALUE                false if ITEM equals VALUE
 \&         ITEM !> VALUE                false if ITEM >= VALUE
@@ -357,101 +340,75 @@ postfwd versions prior to 1.30 require trailing ';' and '\e'\-characters:
 \&                sender==no@bad.local; \e
 \&                action=REJECT no access
 .Ve
-.Sh "\s-1ITEMS\s0"
+.SS "\s-1ITEMS\s0"
 .IX Subsection "ITEMS"
 .Vb 2
-\&        id                      - a unique rule id, which can be used for log analysis
+\&        id                      \- a unique rule id, which can be used for log analysis
 \&                                  ids also serve as targets for the "jump" command.
-.Ve
-.PP
-.Vb 10
-\&        date, time              - a time or date range within the specified rule shall hit
+\&
+\&        date, time              \- a time or date range within the specified rule shall hit
 \&                                  # FORMAT:
 \&                                  # Feb, 29th
 \&                                  date=29.02.2008
-\&                                  # Dec, 24th - 26th
-\&                                  date=24.12.2008-26.12.2008
+\&                                  # Dec, 24th \- 26th
+\&                                  date=24.12.2008\-26.12.2008
 \&                                  # from today until Nov, 23rd
-\&                                  date=-23.09.2008
+\&                                  date=\-23.09.2008
 \&                                  # from April, 1st until today
-\&                                  date=01.04.2008-
-.Ve
-.PP
-.Vb 2
-\&        days, months            - a range of weekdays (Sun-Sat) or months (Jan-Dec)
+\&                                  date=01.04.2008\-
+\&
+\&        days, months            \- a range of weekdays (Sun\-Sat) or months (Jan\-Dec)
 \&                                  within the specified rule shall hit
-.Ve
-.PP
-.Vb 3
-\&        score                   - when the specified score is hit (see ACTIONS section)
+\&
+\&        score                   \- when the specified score is hit (see ACTIONS section)
 \&                                  the specified action will be returned to postfix
 \&                                  scores are set global until redefined!
-.Ve
-.PP
-.Vb 2
-\&        request_score           - this value allows to access a request's score. it
+\&
+\&        request_score           \- this value allows to access a request\*(Aqs score. it
 \&                                  may be used as variable ($$request_score).
-.Ve
-.PP
-.Vb 5
-\&        rbl, rhsbl,             - query the specified RBLs/RHSBLs, possible values are:
+\&
+\&        rbl, rhsbl,             \- query the specified RBLs/RHSBLs, possible values are:
 \&        rhsbl_client,             <name>[/<reply>/<maxcache>, <name>/<reply>/<maxcache>]
 \&        rhsbl_sender,             (defaults: reply=^127\e.0\e.0\e.\ed+$ maxcache=3600)
 \&        rhsbl_reverse_client      the results of all rhsbl_* queries will be combined
 \&                                  in rhsbl_count (see below).
-.Ve
-.PP
-.Vb 5
-\&        rblcount, rhsblcount    - minimum RBL/RHSBL hitcounts to match. if not specified
+\&
+\&        rblcount, rhsblcount    \- minimum RBL/RHSBL hitcounts to match. if not specified
 \&                                  a single RBL/RHSBL hit will match the rbl/rhsbl items.
-\&                                  you may specify 'all' to evaluate all items, and use
+\&                                  you may specify \*(Aqall\*(Aq to evaluate all items, and use
 \&                                  it as variable in an action (see ACTIONS section)
 \&                                  (default: 1)
-.Ve
-.PP
-.Vb 2
-\&        sender_localpart,       - the local-/domainpart of the sender address
+\&
+\&        sender_localpart,       \- the local\-/domainpart of the sender address
 \&        sender_domain
-.Ve
-.PP
-.Vb 2
-\&        recipient_localpart,    - the local-/domainpart of the recipient address
+\&
+\&        recipient_localpart,    \- the local\-/domainpart of the recipient address
 \&        recipient_domain
-.Ve
-.PP
-.Vb 4
-\&        helo_address            - postfwd2 tries to look up the helo_name. use
+\&
+\&        helo_address            \- postfwd2 tries to look up the helo_name. use
 \&                                  helo_address=!!(0.0.0.0/0) to check for unknown.
 \&                                  Please do not use this for positive access control
 \&                                  (whitelisting), as it might be forged.
-.Ve
-.PP
-.Vb 4
-\&        sender_ns_names,        - postfwd2 tries to look up the names/ip addresses
+\&
+\&        sender_ns_names,        \- postfwd2 tries to look up the names/ip addresses
 \&        sender_ns_addrs           of the nameservers for the sender domain part.
 \&                                  Please do not use this for positive access control
 \&                                  (whitelisting), as it might be forged.
-.Ve
-.PP
-.Vb 4
-\&        sender_mx_names,        - postfwd2 tries to look up the names/ip addresses
+\&
+\&        sender_mx_names,        \- postfwd2 tries to look up the names/ip addresses
 \&        sender_mx_addrs           of the mx records for the sender domain part.
 \&                                  Please do not use this for positive access control
 \&                                  (whitelisting), as it might be forged.
-.Ve
-.PP
-.Vb 7
-\&        version                 - postfwd2 version, contains "postfwd2 n.nn"
+\&
+\&        version                 \- postfwd2 version, contains "postfwd2 n.nn"
 \&                                  this enables version based checks in your rulesets
 \&                                  (e.g. for migration). works with old versions too,
-\&                                  because a non-existing item always returns false:
+\&                                  because a non\-existing item always returns false:
 \&                                  # version >= 1.10
-\&                                  id=R01; version~=1\e.[1-9][0-9]; sender_domain==some.org \e
+\&                                  id=R01; version~=1\e.[1\-9][0\-9]; sender_domain==some.org \e
 \&                                        ; action=REJECT sorry no access
-.Ve
-.PP
-.Vb 4
-\&        ratecount               - only available for rate(), size() and rcpt() actions.
+\&
+\&        ratecount               \- only available for rate(), size() and rcpt() actions.
 \&                                  contains the actual limit counter:
 \&                                        id=R01; action=rate(sender/200/600/REJECT limit of 200 exceeded [$$ratecount hits])
 \&                                        id=R02; action=rate(sender/100/600/WARN limit of 100 exceeded [$$ratecount hits])
@@ -463,15 +420,15 @@ Feel free to combine them the way you need it (have a look at the \s-1EXAMPLES\s
 Most values can be specified as regular expressions (\s-1PCRE\s0). Please see the table below
 for details:
 .PP
-.Vb 43
+.Vb 10
 \&        # ==========================================================
 \&        # ITEM=VALUE                            TYPE
 \&        # ==========================================================
 \&        id=something                            mask = string
-\&        date=01.04.2007-22.04.2007              mask = date (DD.MM.YYYY-DD.MM.YYYY)
-\&        time=08:30:00-17:00:00                  mask = time (HH:MM:SS-HH:MM:SS)
-\&        days=Mon-Wed                            mask = weekdays (Mon-Wed) or numeric (1-3)
-\&        months=Feb-Apr                          mask = months (Feb-Apr) or numeric (1-3)
+\&        date=01.04.2007\-22.04.2007              mask = date (DD.MM.YYYY\-DD.MM.YYYY)
+\&        time=08:30:00\-17:00:00                  mask = time (HH:MM:SS\-HH:MM:SS)
+\&        days=Mon\-Wed                            mask = weekdays (Mon\-Wed) or numeric (1\-3)
+\&        months=Feb\-Apr                          mask = months (Feb\-Apr) or numeric (1\-3)
 \&        score=5.0                               mask = maximum floating point value
 \&        rbl=zen.spamhaus.org                    mask = <name>/<reply>/<maxcache>[,...]
 \&        rblcount=2                              mask = numeric, will match if rbl hits >= 2
@@ -480,9 +437,9 @@ for details:
 \&        sender_mx_names=some.domain.tld         mask = PCRE
 \&        sender_ns_addrs=<a.b.c.d/nn>            mask = CIDR[,CIDR,...]
 \&        sender_mx_addrs=<a.b.c.d/nn>            mask = CIDR[,CIDR,...]
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        # Postfix version 2.1 and later:
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        client_address=<a.b.c.d/nn>             mask = CIDR[,CIDR,...]
 \&        client_name=another.domain.tld          mask = PCRE
 \&        reverse_client_name=another.domain.tld  mask = PCRE
@@ -490,9 +447,9 @@ for details:
 \&        sender=foo@bar.tld                      mask = PCRE
 \&        recipient=bar@foo.tld                   mask = PCRE
 \&        recipient_count=5                       mask = numeric, will match if recipients >= 5
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        # Postfix version 2.2 and later:
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        sasl_method=plain                       mask = PCRE
 \&        sasl_username=you                       mask = PCRE
 \&        sasl_sender=                            mask = PCRE
@@ -500,11 +457,11 @@ for details:
 \&        ccert_subject=blackhole.nowhere.local   mask = PCRE (only if tls verified)
 \&        ccert_issuer=John+20Doe                 mask = PCRE (only if tls verified)
 \&        ccert_fingerprint=AA:BB:CC:DD:EE:...    mask = PCRE (do NOT use "..." here)
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        # Postfix version 2.3 and later:
-\&        # ------------------------------
+\&        # \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
 \&        encryption_protocol=TLSv1/SSLv3         mask = PCRE
-\&        encryption_cipher=DHE-RSA-AES256-SHA    mask = PCRE
+\&        encryption_cipher=DHE\-RSA\-AES256\-SHA    mask = PCRE
 \&        encryption_keysize=256                  mask = numeric, will match if keysize >= 256
 \&        ...
 .Ve
@@ -559,9 +516,9 @@ To avoid confusion with regexps or simply for better visibility you can use '!!(
 Request attributes can be compared by preceeding '$$' characters, e.g.:
 .PP
 .Vb 3
-\&        id=R-003 ;  client_name = !! $$helo_name      ;  action=WARN helo does not match DNS
+\&        id=R\-003 ;  client_name = !! $$helo_name      ;  action=WARN helo does not match DNS
 \&        # or
-\&        id=R-003 ;  client_name = !!($$(helo_name))   ;  action=WARN helo does not match DNS
+\&        id=R\-003 ;  client_name = !!($$(helo_name))   ;  action=WARN helo does not match DNS
 .Ve
 .PP
 This is only valid for \s-1PCRE\s0 values (see list above). The comparison will be performed as case insensitive exact match.
@@ -570,17 +527,17 @@ Use the '\-vv' option to debug.
 These special items will be reset for any new rule:
 .PP
 .Vb 5
-\&        rblcount        - contains the number of RBL answers
-\&        rhsblcount      - contains the number of RHSBL answers
-\&        matches         - contains the number of matched items
-\&        dnsbltext       - contains the dns TXT part of all RBL and RHSBL replies in the form
+\&        rblcount        \- contains the number of RBL answers
+\&        rhsblcount      \- contains the number of RHSBL answers
+\&        matches         \- contains the number of matched items
+\&        dnsbltext       \- contains the dns TXT part of all RBL and RHSBL replies in the form
 \&                          rbltype:rblname:<txt>; rbltype:rblname:<txt>; ...
 .Ve
 .PP
 These special items will be changed for any matching rule:
 .PP
 .Vb 1
-\&        request_hits    - contains ids of all matching rules
+\&        request_hits    \- contains ids of all matching rules
 .Ve
 .PP
 This means that it might be necessary to save them, if you plan to use these values in later rules:
@@ -592,15 +549,13 @@ This means that it might be necessary to save them, if you plan to use these val
 \&                rbl=list.dsbl.org, bl.spamcop.net, dnsbl.sorbs.net, zen.spamhaus.org
 \&                rhsbl_client=rddn.dnsbl.net.au, rhsbl.ahbl.org, rhsbl.sorbs.net
 \&                rhsbl_sender=rddn.dnsbl.net.au, rhsbl.ahbl.org, rhsbl.sorbs.net
-.Ve
-.PP
-.Vb 4
+\&
 \&        # compare
 \&        id=RBL02 ; HIT_rhls>=1 ; HIT_rbls>=1 ; action=554 5.7.1 blocked using $$HIT_rhls RHSBLs and $$HIT_rbls RBLs [INFO: $$HIT_txt]
 \&        id=RBL03 ; HIT_rhls>=2               ; action=554 5.7.1 blocked using $$HIT_rhls RHSBLs [INFO: $$HIT_txt]
 \&        id=RBL04 ; HIT_rbls>=2               ; action=554 5.7.1 blocked using $$HIT_rbls RBLs [INFO: $$HIT_txt]
 .Ve
-.Sh "\s-1FILES\s0"
+.SS "\s-1FILES\s0"
 .IX Subsection "FILES"
 Since postfwd1 v1.15 and postfwd2 v0.18 long item lists can be stored in separate files:
 .PP
@@ -638,9 +593,7 @@ and for non pcre (comma separated) items:
 .Vb 2
 \&        id=R003 ;  action=REJECT
 \&                client_address==10.1.1.1, file:/etc/postfwd/blacklisted
-.Ve
-.PP
-.Vb 2
+\&
 \&        id=R004 ;  action=REJECT
 \&                rbl=myrbl.home.local, zen.spamhaus.org, file:/etc/postfwd/rbls_changing
 .Ve
@@ -648,21 +601,21 @@ and for non pcre (comma separated) items:
 You can check your configuration with the \-\-show_config option at the command line:
 .PP
 .Vb 1
-\&        # postfwd2 --showconfig --rule='action=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1'
+\&        # postfwd2 \-\-showconfig \-\-rule=\*(Aqaction=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1\*(Aq
 .Ve
 .PP
 should give something like:
 .PP
 .Vb 1
-\&        Rule   0: id->"R-0"; action->"DUNNO"; client_address->"=;10.1.0.0/16, =;194.123.86.10, =;186.4.6.12, =;192.168.2.1"
+\&        Rule   0: id\->"R\-0"; action\->"DUNNO"; client_address\->"=;10.1.0.0/16, =;194.123.86.10, =;186.4.6.12, =;192.168.2.1"
 .Ve
 .PP
 If a file can not be read, it will be ignored:
 .PP
 .Vb 3
-\&        # postfwd2 --showconfig --rule='action=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1'
-\&        [LOG warning]: error: file /etc/postfwd/wl_clients not found - file will be ignored ?
-\&        Rule   0: id->"R-0"; action->"DUNNO"; client_address->"=;10.1.0.0/16, =;192.168.2.1"
+\&        # postfwd2 \-\-showconfig \-\-rule=\*(Aqaction=DUNNO; client_address=10.1.0.0/16, file:/etc/postfwd/wl_clients, 192.168.2.1\*(Aq
+\&        [LOG warning]: error: file /etc/postfwd/wl_clients not found \- file will be ignored ?
+\&        Rule   0: id\->"R\-0"; action\->"DUNNO"; client_address\->"=;10.1.0.0/16, =;192.168.2.1"
 .Ve
 .PP
 File items are evaluated at configuration stage. Therefore postfwd2 needs to be reloaded if a file has changed
@@ -680,43 +633,35 @@ The \-\-showconfig option illustrates the difference:
 .PP
 .Vb 3
 \&        ## evaluated at configuration stage
-\&        # postfwd2 --nodaemon -L --rule='client_address=table:/etc/postfwd/clients; action=dunno' -C
-\&        Rule   0: id->"R-0"; action->"dunno"; client_address->"=;1.1.1.1, =;1.1.1.2, =;1.1.1.3"
-.Ve
-.PP
-.Vb 3
+\&        # postfwd2 \-\-nodaemon \-L \-\-rule=\*(Aqclient_address=table:/etc/postfwd/clients; action=dunno\*(Aq \-C
+\&        Rule   0: id\->"R\-0"; action\->"dunno"; client_address\->"=;1.1.1.1, =;1.1.1.2, =;1.1.1.3"
+\&
 \&        ## evaluated for any rulehit
-\&        # postfwd2 --nodaemon -L --rule='client_address=ltable:/etc/postfwd/clients; action=dunno' -C
-\&        Rule   0: id->"R-0"; action->"dunno"; client_address->"=;ltable:/etc/postfwd/clients"
+\&        # postfwd2 \-\-nodaemon \-L \-\-rule=\*(Aqclient_address=ltable:/etc/postfwd/clients; action=dunno\*(Aq \-C
+\&        Rule   0: id\->"R\-0"; action\->"dunno"; client_address\->"=;ltable:/etc/postfwd/clients"
 .Ve
 .PP
 Files can refer to other files. The following is valid.
 .PP
 .Vb 2
-\&        -- FILE /etc/postfwd/rules.cf --
+\&        \-\- FILE /etc/postfwd/rules.cf \-\-
 \&        id=R01; client_address=file:/etc/postfwd/clients_master.cf; action=DUNNO
-.Ve
-.PP
-.Vb 4
-\&        -- FILE /etc/postfwd/clients_master.cf --
+\&
+\&        \-\- FILE /etc/postfwd/clients_master.cf \-\-
 \&        192.168.1.0/24
 \&        file:/etc/postfwd/clients_east.cf
 \&        file:/etc/postfwd/clients_west.cf
-.Ve
-.PP
-.Vb 2
-\&        -- FILE /etc/postfwd/clients_east.cf --
+\&
+\&        \-\- FILE /etc/postfwd/clients_east.cf \-\-
 \&        192.168.2.0/24
-.Ve
-.PP
-.Vb 2
-\&        -- FILE /etc/postfwd/clients_west.cf --
+\&
+\&        \-\- FILE /etc/postfwd/clients_west.cf \-\-
 \&        192.168.3.0/24
 .Ve
 .PP
-Remind that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
+Note that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
 with postfwd1 v1.15 and postfwd2 v0.18 and higher.
-.Sh "\s-1ACTIONS\s0"
+.SS "\s-1ACTIONS\s0"
 .IX Subsection "ACTIONS"
 \&\fIGeneral\fR
 .PP
@@ -724,9 +669,9 @@ Actions will be executed, when all rule items have matched a request (or at leas
 request attributes by preceeding $$ characters, like:
 .PP
 .Vb 3
-\&        id=R-003; client_name = !!$$helo_name; action=WARN helo '$$helo_name' does not match DNS '$$client_name'
+\&        id=R\-003; client_name = !!$$helo_name; action=WARN helo \*(Aq$$helo_name\*(Aq does not match DNS \*(Aq$$client_name\*(Aq
 \&        # or
-\&        id=R-003; client_name = !!$$helo_name; action=WARN helo '$$(helo_name)' does not match DNS '$$(client_name)'
+\&        id=R\-003; client_name = !!$$helo_name; action=WARN helo \*(Aq$$(helo_name)\*(Aq does not match DNS \*(Aq$$(client_name)\*(Aq
 .Ve
 .PP
 \&\fIpostfix actions\fR
@@ -751,108 +696,99 @@ postfwd2 actions control the behaviour of the program. Currently you can specify
 .Vb 4
 \&        jump (<id>)
 \&        jumps to rule with id <id>, use this to skip certain rules.
-\&        you can jump backwards - but remember that there is no loop
-\&        detection at the moment! jumps to non-existing ids will be skipped.
-.Ve
-.PP
-.Vb 11
+\&        you can jump backwards \- but remember that there is no loop
+\&        detection at the moment! jumps to non\-existing ids will be skipped.
+\&
 \&        score (<score>)
-\&        the request's score will be modified by the specified <score>,
+\&        the request\*(Aqs score will be modified by the specified <score>,
 \&        which must be a floating point value. the modificator can be either
 \&                +n.nn   adds n.nn to current score
-\&                -n.nn   sustracts n.nn from the current score
+\&                \-n.nn   sustracts n.nn from the current score
 \&                *n.nn   multiplies the current score by n.nn
 \&                /n.nn   divides the current score through n.nn
 \&                =n.nn   sets the current score to n.nn
-\&        if the score exceeds the maximum set by `--scores` option (see
+\&        if the score exceeds the maximum set by \`\-\-scores\` option (see
 \&        COMMAND LINE) or the score item (see ITEMS section), the action
 \&        defined for this case will be returned (default: 5.0=>"REJECT postfwd2 score exceeded").
-.Ve
-.PP
-.Vb 5
+\&
 \&        set (<item>=<value>,<item>=<value>,...)
 \&        this command allows you to insert or override request attributes, which then may be
 \&        compared to your further ruleset. use this to speed up repeated comparisons to large item lists.
 \&        please see the EXAMPLES section for more information. you may separate multiple key=value pairs
 \&        by "," characters.
-.Ve
-.PP
-.Vb 9
+\&
 \&        rate (<item>/<max>/<time>/<action>)
 \&        this command creates a counter for the given <item>, which will be increased any time a request
 \&        containing it arrives. if it exceeds <max> within <time> seconds it will return <action> to postfix.
 \&        rate counters are very fast as they are executed before the ruleset is parsed.
-\&        please note that <action> is currently limited to postfix actions (no postfwd actions)!
+\&        please note that <action> was limited to postfix actions (no postfwd actions) for postfwd versions <1.33!
 \&            # no more than 3 requests per 5 minutes
 \&            # from the same "unknown" client
 \&            id=RATE01 ;  client_name==unknown
 \&               action=rate(client_address/3/300/450 4.7.1 sorry, max 3 requests per 5 minutes)
-.Ve
-.PP
-.Vb 7
+\&
 \&        size (<item>/<max>/<time>/<action>)
 \&        this command works similar to the rate() command with the difference, that the rate counter is
-\&        increased by the request's size attribute. to do this reliably you should call postfwd2 from
+\&        increased by the request\*(Aqs size attribute. to do this reliably you should call postfwd2 from
 \&        smtpd_end_of_data_restrictions. if you want to be sure, you could check it within the ruleset:
 \&           # size limit 1.5mb per hour per client
-\&           id=SIZE01 ;  protocol_state==END-OF-MESSAGE ;  client_address==!!(10.1.1.1)
+\&           id=SIZE01 ;  protocol_state==END\-OF\-MESSAGE ;  client_address==!!(10.1.1.1)
 \&              action=size(client_address/1572864/3600/450 4.7.1 sorry, max 1.5mb per hour)
-.Ve
-.PP
-.Vb 8
+\&
 \&        rcpt (<item>/<max>/<time>/<action>)
 \&        this command works similar to the rate() command with the difference, that the rate counter is
-\&        increased by the request's recipient_count attribute. to do this reliably you should call postfwd
+\&        increased by the request\*(Aqs recipient_count attribute. to do this reliably you should call postfwd
 \&        from smtpd_data_restrictions or smtpd_end_of_data_restrictions. if you want to be sure, you could
 \&        check it within the ruleset:
 \&           # recipient count limit 3 per hour per client
-\&           id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address==!!(10.1.1.1)
+\&           id=RCPT01 ;  protocol_state==END\-OF\-MESSAGE ;  client_address==!!(10.1.1.1)
 \&              action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
-.Ve
-.PP
-.Vb 9
+\&
+\&        rate5321,size5321,rcpt5321 (<item>/<max>/<time>/<action>)
+\&        same as the corresponding non\-5321 functions, with the difference that the localpart of
+\&        sender oder recipient addresses are evaluated case\-sensitive according to rfc5321. That
+\&        means that requests from bob@example.local and BoB@example.local will be treated differently
+\&
 \&        ask (<addr>:<port>[:<ignore>])
 \&        allows to delegate the policy decision to another policy service (e.g. postgrey). the first
 \&        and the second argument (address and port) are mandatory. a third optional argument may be
 \&        specified to tell postfwd2 to ignore certain answers and go on parsing the ruleset:
-\&           # example1: query postgrey and return it's answer to postfix
+\&           # example1: query postgrey and return it\*(Aqs answer to postfix
 \&           id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031)
-\&           # example2: query postgrey but ignore it's answer, if it matches 'DUNNO'
-\&           # and continue parsing postfwd's ruleset
+\&           # example2: query postgrey but ignore it\*(Aqs answer, if it matches \*(AqDUNNO\*(Aq
+\&           # and continue parsing postfwd\*(Aqs ruleset
 \&           id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)
-.Ve
-.PP
-.Vb 4
+\&
 \&        mail(server/helo/from/to/subject/body)
+\&        This command is deprecated. You should try to use the sendmail() action instead.
 \&        Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
 \&        This basically performs a telnet. No authentication or TLS are available. Additionally it does
 \&        not track notification state and will notify you any time, the corresponding rule hits.
-.Ve
-.PP
-.Vb 3
+\&
+\&        sendmail(sendmail\-path::from::to::subject::body)
+\&        Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+\&        LIMITATIONS: The command does not track notification state and will notify you any time, the
+\&        corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).
+\&
 \&        wait (<delay>)
 \&        pauses the program execution for <delay> seconds. use this for
 \&        delaying or throtteling connections.
-.Ve
-.PP
-.Vb 3
+\&
 \&        note (<string>)
 \&        just logs the given string and continues parsing the ruleset.
 \&        if the string is empty, nothing will be logged (noop).
-.Ve
-.PP
-.Vb 3
+\&
 \&        quit (<code>)
-\&        terminates the program with the given exit-code. postfix doesn`t
+\&        terminates the program with the given exit\-code. postfix doesn\`t
 \&        like that too much, so use it with care.
 .Ve
 .PP
 You can reference to request attributes, like
 .PP
 .Vb 1
-\&        id=R-HELO ;  helo_name=^[^\e.]+$ ;  action=REJECT invalid helo '$$helo_name'
+\&        id=R\-HELO ;  helo_name=^[^\e.]+$ ;  action=REJECT invalid helo \*(Aq$$helo_name\*(Aq
 .Ve
-.Sh "\s-1MACROS/ACLS\s0"
+.SS "\s-1MACROS/ACLS\s0"
 .IX Subsection "MACROS/ACLS"
 Multiple use of long items or combinations of them may be abbreviated by macros. Those must be prefixed by '&&' (two '&' characters).
 First the macros have to be defined as follows:
@@ -865,8 +801,8 @@ Then these may be used in your rules, like:
 .PP
 .Vb 3
 \&        &&RBLS ;  client_name=^unknown$                         ; action=REJECT
-\&        &&RBLS ;  client_name=(\ed+[\e.-_]){4}                    ; action=REJECT
-\&        &&RBLS ;  client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]   ; action=REJECT
+\&        &&RBLS ;  client_name=(\ed+[\e.\-_]){4}                    ; action=REJECT
+\&        &&RBLS ;  client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]   ; action=REJECT
 .Ve
 .PP
 Macros can contain actions, too:
@@ -876,13 +812,13 @@ Macros can contain actions, too:
 \&        &&GONOW { action=REJECT your request caused our spam detection policy to reject this message. More info at http://www.domain.local; };
 \&        # rules
 \&        &&GONOW ;  &&RBLS ;  client_name=^unknown$
-\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.-_]){4}
-\&        &&GONOW ;  &&RBLS ;  client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
+\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.\-_]){4}
+\&        &&GONOW ;  &&RBLS ;  client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
 .Ve
 .PP
 Macros can contain macros, too:
 .PP
-.Vb 16
+.Vb 10
 \&        # definition
 \&        &&RBLS{
 \&                rbl=zen.spamhaus.org
@@ -893,8 +829,8 @@ Macros can contain macros, too:
 \&        };
 \&        &&DYNAMIC{
 \&                client_name=^unknown$
-\&                client_name=(\ed+[\e.-_]){4}
-\&                client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
+\&                client_name=(\ed+[\e.\-_]){4}
+\&                client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
 \&        };
 \&        &&GOAWAY { &&RBLS; &&DYNAMIC; };
 \&        # rules
@@ -902,7 +838,7 @@ Macros can contain macros, too:
 .Ve
 .PP
 Basically macros are simple text substitutions \- see the \*(L"\s-1PARSER\s0\*(R" section for more information.
-.Sh "\s-1PLUGINS\s0"
+.SS "\s-1PLUGINS\s0"
 .IX Subsection "PLUGINS"
 \&\fBDescription\fR
 .PP
@@ -947,13 +883,9 @@ the policy delegation request and therefore may be used in postfwd's ruleset.
 .Vb 2
 \&        # do NOT remove the next line
 \&        %postfwd_items_plugin = (
-.Ve
-.PP
-.Vb 1
-\&                # EXAMPLES - integrated in postfwd. no need to activate them here.
-.Ve
-.PP
-.Vb 8
+\&
+\&                # EXAMPLES \- integrated in postfwd. no need to activate them here.
+\&                
 \&                        # allows to check postfwd version in ruleset
 \&                        "version" => sub {
 \&                                my(%request) = @_;
@@ -962,22 +894,18 @@ the policy delegation request and therefore may be used in postfwd's ruleset.
 \&                                );
 \&                                return %result;
 \&                        },
-.Ve
-.PP
-.Vb 10
+\&                
 \&                        # sender_domain and recipient_domain
 \&                        "address_parts" => sub {
 \&                                my(%request) = @_;
 \&                                my(%result) = ();
 \&                                $request{sender} =~ /@([^@]*)$/;
-\&                                $result{sender_domain} = ($1 || '');
+\&                                $result{sender_domain} = ($1 || \*(Aq\*(Aq);
 \&                                $request{recipient} =~ /@([^@]*)$/;
-\&                                $result{recipient_domain} = ($1 || '');
+\&                                $result{recipient_domain} = ($1 || \*(Aq\*(Aq);
 \&                                return %result;
 \&                        },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        );
 .Ve
@@ -990,51 +918,45 @@ will be used.
 .PP
 .Vb 1
 \&        SYNOPSIS:  <item> => sub { return &{$postfwd_compare{<type>}}(@_); },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        %postfwd_compare_plugin = (
-.Ve
-.PP
-.Vb 1
-\&                EXAMPLES - integrated in postfwd. no need to activate them here.
-.Ve
-.PP
-.Vb 5
+\&
+\&                EXAMPLES \- integrated in postfwd. no need to activate them here.
+\&        
 \&                        # Simple example
 \&                        # SYNOPSIS:  <result> = <item> (return &{$postfwd_compare{<type>}}(@_))
 \&                        "client_address"  => sub { return &{$postfwd_compare{cidr}}(@_); },
 \&                        "size"            => sub { return &{$postfwd_compare{numeric}}(@_); },
 \&                        "recipient_count" => sub { return &{$postfwd_compare{numeric}}(@_); },
-.Ve
-.PP
-.Vb 22
+\&        
 \&                        # Complex example
 \&                        # SYNOPSIS:  <result> = <item>(<operator>, <ruleset value>, <request value>, <request>)
 \&                        "numeric" => sub {
 \&                                my($cmp,$val,$myitem,%request) = @_;
 \&                                my($myresult) = undef;  $myitem ||= "0"; $val ||= "0";
-\&                                if ($cmp eq '==') {
+\&                                if ($cmp eq \*(Aq==\*(Aq) {
 \&                                        $myresult = ($myitem == $val);
-\&                                } elsif ($cmp eq '=<') {
+\&                                } elsif ($cmp eq \*(Aq=<\*(Aq) {
 \&                                        $myresult = ($myitem <= $val);
-\&                                } elsif ($cmp eq '=>') {
+\&                                } elsif ($cmp eq \*(Aq=>\*(Aq) {
 \&                                        $myresult = ($myitem >= $val);
-\&                                } elsif ($cmp eq '!=') {
+\&                                } elsif ($cmp eq \*(Aq<\*(Aq) {
+\&                                        $myresult = ($myitem < $val);
+\&                                } elsif ($cmp eq \*(Aq>\*(Aq) {
+\&                                        $myresult = ($myitem > $val);
+\&                                } elsif ($cmp eq \*(Aq!=\*(Aq) {
 \&                                        $myresult = not($myitem == $val);
-\&                                } elsif ($cmp eq '!<') {
+\&                                } elsif ($cmp eq \*(Aq!<\*(Aq) {
 \&                                        $myresult = not($myitem <= $val);
-\&                                } elsif ($cmp eq '!>') {
+\&                                } elsif ($cmp eq \*(Aq!>\*(Aq) {
 \&                                        $myresult = not($myitem >= $val);
 \&                                } else {
 \&                                        $myresult = ($myitem >= $val);
 \&                                };
 \&                                return $myresult;
 \&                        },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        );
 .Ve
@@ -1047,52 +969,40 @@ continue or to stop parsing the ruleset.
 .Vb 2
 \&        SYNOPSIS:  (<stop rule parsing>, <next rule index>, <return action>, <logprefix>, <request>) =
 \&                        <action> (<current rule index>, <current time>, <command name>, <argument>, <logprefix>, <request>)
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        %postfwd_actions_plugin = (
-.Ve
-.PP
-.Vb 1
-\&                # EXAMPLES - integrated in postfwd. no need to activate them here.
-.Ve
-.PP
-.Vb 7
+\&
+\&                # EXAMPLES \- integrated in postfwd. no need to activate them here.
+\&        
 \&                        # note(<logstring>) command
 \&                        "note"  => sub {
 \&                                my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-\&                                my($myaction) = $default_action; my($stop) = 0;
-\&                                mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+\&                                my($myaction) = \*(Aqdunno\*(Aq; my($stop) = 0;
+\&                                log_info "[RULES] ".$myline." \- note: ".$myarg if $myarg;
 \&                                return ($stop,$index,$myaction,$myline,%request);
 \&                        },
-.Ve
-.PP
-.Vb 7
+\&        
 \&                        # skips next <myarg> rules
 \&                        "skip" => sub {
 \&                                my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-\&                                my($myaction) = $default_action; my($stop) = 0;
+\&                                my($myaction) = \*(Aqdunno\*(Aq; my($stop) = 0;
 \&                                $index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
 \&                                return ($stop,$index,$myaction,$myline,%request);
 \&                        },
-.Ve
-.PP
-.Vb 7
+\&        
 \&                        # dumps current request contents to syslog
 \&                        "dumprequest" => sub {
 \&                                my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-\&                                my($myaction) = $default_action; my($stop) = 0;
-\&                                map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+\&                                my($myaction) = \*(Aqdunno\*(Aq; my($stop) = 0;
+\&                                map { log_info "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
 \&                                return ($stop,$index,$myaction,$myline,%request);
 \&                        },
-.Ve
-.PP
-.Vb 2
+\&
 \&        # do NOT remove the next line
 \&        );
 .Ve
-.Sh "\s-1COMMAND\s0 \s-1LINE\s0"
+.SS "\s-1COMMAND\s0 \s-1LINE\s0"
 .IX Subsection "COMMAND LINE"
 \&\fIRuleset\fR
 .PP
@@ -1100,13 +1010,11 @@ The following arguments are used to specify the source of the postfwd2 ruleset.
 that at least one of the following is required for postfwd2 to work.
 .PP
 .Vb 3
-\&        -f, --file <file>
+\&        \-f, \-\-file <file>
 \&        Reads rules from <file>. Please see the CONFIGURATION section
 \&        below for more information.
-.Ve
-.PP
-.Vb 3
-\&        -r, --rule <rule>
+\&
+\&        \-r, \-\-rule <rule>
 \&        Adds <rule> to ruleset. Remember that you might have to quote
 \&        strings that contain whitespaces or shell characters.
 .Ve
@@ -1114,16 +1022,16 @@ that at least one of the following is required for postfwd2 to work.
 \&\fIScoring\fR
 .PP
 .Vb 2
-\&        -s, --scores <val>=<action>
-\&        Returns <action> to postfix, when the request's score exceeds <val>
+\&        \-s, \-\-scores <val>=<action>
+\&        Returns <action> to postfix, when the request\*(Aqs score exceeds <val>
 .Ve
 .PP
 Multiple usage is allowed. Just chain your arguments, like:
 .PP
 .Vb 3
-\&        postfwd2 -r "<item>=<value>;action=<result>" -f <file> -f <file> ...
+\&        postfwd2 \-r "<item>=<value>;action=<result>" \-f <file> \-f <file> ...
 \&          or
-\&        postfwd2 --scores 4.5="WARN high score" --scores 5.0="REJECT postfwd2 score too high" ...
+\&        postfwd2 \-\-scores 4.5="WARN high score" \-\-scores 5.0="REJECT postfwd2 score too high" ...
 .Ve
 .PP
 In case of multiple scores, the highest match will count. The order of the arguments will be
@@ -1135,92 +1043,64 @@ postfwd2 can be run as daemon so that it listens on the network for incoming req
 The following arguments will control it's behaviour in this case.
 .PP
 .Vb 3
-\&        -d, --daemon
+\&        \-d, \-\-daemon
 \&        postfwd2 will run as daemon and listen on the network for incoming
 \&        queries (default 127.0.0.1:10045).
-.Ve
-.PP
-.Vb 2
-\&        -i, --interface <dev>
+\&
+\&        \-i, \-\-interface <dev>
 \&        Bind postfwd2 to the specified interface (default 127.0.0.1).
-.Ve
-.PP
-.Vb 2
-\&        -p, --port <port>
+\&
+\&        \-p, \-\-port <port>
 \&        postfwd2 listens on the specified port (default tcp/10045).
-.Ve
-.PP
-.Vb 4
-\&        --proto <type>
-\&        The protocol type for postfwd's socket. Currently you may use 'tcp' or 'unix' here.
+\&
+\&        \-\-proto <type>
+\&        The protocol type for postfwd\*(Aqs socket. Currently you may use \*(Aqtcp\*(Aq or \*(Aqunix\*(Aq here.
 \&        To use postfwd2 with a unix domain socket, run it as follows:
-\&            postfwd2 --proto=unix --port=/somewhere/postfwd.socket
-.Ve
-.PP
-.Vb 2
-\&        -u, --user <name>
+\&            postfwd2 \-\-proto=unix \-\-port=/somewhere/postfwd.socket
+\&
+\&        \-u, \-\-user <name>
 \&        Changes real and effective user to <name>.
-.Ve
-.PP
-.Vb 2
-\&        -g, --group <name>
+\&
+\&        \-g, \-\-group <name>
 \&        Changes real and effective group to <name>.
-.Ve
-.PP
-.Vb 4
-\&        --umask <mask>
+\&
+\&        \-\-umask <mask>
 \&        Changes the umask for filepermissions of the master process (pidfile).
-\&        Attention: This is umask, not chmod - you have to specify the bits that
+\&        Attention: This is umask, not chmod \- you have to specify the bits that
 \&        should NOT apply. E.g.: umask 077 equals to chmod 700.
-.Ve
-.PP
-.Vb 2
-\&        --cache_umask <mask>
+\&
+\&        \-\-cache_umask <mask>
 \&        Changes the umask for filepermissions of the cache process (unix domain socket).
-.Ve
-.PP
-.Vb 2
-\&        --server_umask <mask>
+\&
+\&        \-\-server_umask <mask>
 \&        Changes the umask for filepermissions of the server process (unix domain socket).
-.Ve
-.PP
-.Vb 3
-\&        -R, --chroot <path>
+\&
+\&        \-R, \-\-chroot <path>
 \&        Chroot the process to the specified path.
-\&        Please look at http://postfwd.org/postfwd2-chroot.html before use!
-.Ve
-.PP
-.Vb 2
-\&        --pidfile <path>
+\&        Please look at http://postfwd.org/postfwd2\-chroot.html before use!
+\&
+\&        \-\-pidfile <path>
 \&        The process id will be saved in the specified file.
-.Ve
-.PP
-.Vb 2
-\&        --facility <f>
-\&        sets the syslog facility, default is 'mail'
-.Ve
-.PP
-.Vb 3
-\&        --socktype <s>
-\&        sets the Sys::Syslog socktype to 'native', 'inet' or 'unix'.
-\&        Default is to auto-detect this depening on module version and os.
-.Ve
-.PP
-.Vb 3
-\&        -l, --logname <label>
+\&
+\&        \-\-facility <f>
+\&        sets the syslog facility, default is \*(Aqmail\*(Aq
+\&
+\&        \-\-socktype <s>
+\&        sets the Sys::Syslog socktype to \*(Aqnative\*(Aq, \*(Aqinet\*(Aq or \*(Aqunix\*(Aq.
+\&        Default is to auto\-detect this depening on module version and os.
+\&
+\&        \-l, \-\-logname <label>
 \&        Labels the syslog messages. Useful when running multiple
 \&        instances of postfwd.
-.Ve
-.PP
-.Vb 2
-\&        --loglen <int>
+\&
+\&        \-\-loglen <int>
 \&        Truncates any syslog message after <int> characters.
 .Ve
 .PP
 \&\fIPlugins\fR
 .PP
 .Vb 3
-\&        --plugins <file>
+\&        \-\-plugins <file>
 \&        Loads postfwd plugins from file. Please see http://postfwd.org/postfwd.plugins
 \&        or the plugins.postfwd.sample that is available from the tarball for more info.
 .Ve
@@ -1230,200 +1110,147 @@ The following arguments will control it's behaviour in this case.
 These parameters influence the way postfwd2 is working. Any of them can be combined.
 .PP
 .Vb 4
-\&        -v, --verbose
+\&        \-v, \-\-verbose
 \&        Verbose logging displays a lot of useful information but can cause
 \&        your logfiles to grow noticeably. So use it with caution. Set the option
-\&        twice (-vv) to get more information (logs all request attributes).
-.Ve
-.PP
-.Vb 4
-\&        -c, --cache <int>    (default=600)
+\&        twice (\-vv) to get more information (logs all request attributes).
+\&
+\&        \-c, \-\-cache <int>    (default=600)
 \&        Timeout for request cache, results for identical requests will be
 \&        cached until config is reloaded or this time (in seconds) expired.
 \&        A setting of 0 disables this feature.
-.Ve
-.PP
-.Vb 4
-\&        --cache-no-size
+\&
+\&        \-\-cache\-no\-size
 \&        Ignores size attribute for cache comparisons which will lead to better
-\&        cache-hit rates. You should set this option, if you don't use the size
+\&        cache\-hit rates. You should set this option, if you don\*(Aqt use the size
 \&        item in your ruleset.
-.Ve
-.PP
-.Vb 4
-\&        --cache-no-sender
+\&
+\&        \-\-cache\-no\-sender
 \&        Ignores sender address for cache comparisons which will lead to better
-\&        cache-hit rates. You should set this option, if you don't use the sender
+\&        cache\-hit rates. You should set this option, if you don\*(Aqt use the sender
 \&        item in your ruleset.
-.Ve
-.PP
-.Vb 3
-\&        --cache-rdomain-only 
-\&        This will strip the localpart of the recipient's address before filling the
-\&        cache. This may considerably increase cache-hit rates.
-.Ve
-.PP
-.Vb 3
-\&        --cache-rbl-timeout <timeout>     (default=3600)
+\&
+\&        \-\-cache\-rdomain\-only 
+\&        This will strip the localpart of the recipient\*(Aqs address before filling the
+\&        cache. This may considerably increase cache\-hit rates.
+\&
+\&        \-\-cache\-rbl\-timeout <timeout>     (default=3600)
 \&        This default value will be used as timeout in seconds for rbl cache items,
 \&        if not specified in the ruleset.
-.Ve
-.PP
-.Vb 2
-\&        --cache-rbl-default <pattern>    (default=^127\e.0\e.0\e.\ed+$)
+\&
+\&        \-\-cache\-rbl\-default <pattern>    (default=^127\e.0\e.0\e.\ed+$)
 \&        Matches <pattern> to rbl/rhsbl answers (regexp) if not specified in the ruleset.
-.Ve
-.PP
-.Vb 8
-\&        --cacheid <item>, <item>, ...
-\&        This csv-separated list of request attributes will be used to construct
+\&
+\&        \-\-cacheid <item>, <item>, ...
+\&        This csv\-separated list of request attributes will be used to construct
 \&        the request cache identifier. Use this only, if you know exactly what you
 \&        are doing. If you, for example, use postfwd2 only for RBL/RHSBL control,
 \&        you may set this to
-\&                postfwd2 --cache=3600 --cacheid=client_name,client_address
-\&        This increases efficiency of caching and improves postfwd's performance.
+\&                postfwd2 \-\-cache=3600 \-\-cacheid=client_name,client_address
+\&        This increases efficiency of caching and improves postfwd\*(Aqs performance.
 \&        Warning: You should list all items here, which are used in your ruleset!
-.Ve
-.PP
-.Vb 4
-\&        --cleanup-requests <interval>    (default=600)
+\&
+\&        \-\-cleanup\-requests <interval>    (default=600)
 \&        The request cache will be searched for timed out items after this <interval> in
 \&        seconds. It is a minimum value. The cleanup process will only take place, when
 \&        a new request arrives.
-.Ve
-.PP
-.Vb 4
-\&        --cleanup-rbls <interval>    (default=600)
+\&
+\&        \-\-cleanup\-rbls <interval>    (default=600)
 \&        The rbl cache will be searched for timed out items after this <interval> in
 \&        seconds. It is a minimum value. The cleanup process will only take place, when
 \&        a new request arrives.
-.Ve
-.PP
-.Vb 4
-\&        --cleanup-rates <interval>    (default=600)
+\&
+\&        \-\-cleanup\-rates <interval>    (default=600)
 \&        The rate cache will be searched for timed out items after this <interval> in
 \&        seconds. It is a minimum value. The cleanup process will only take place, when
 \&        a new request arrives.
-.Ve
-.PP
-.Vb 5
-\&        -S, --summary <int>    (default=600)
+\&
+\&        \-S, \-\-summary <int>    (default=600)
 \&        Shows some usage statistics (program uptime, request counter, matching rules)
-\&        every <int> seconds. This option is included by the -v switch.
+\&        every <int> seconds. This option is included by the \-v switch.
 \&        This feature uses the alarm signal, so you can force postfwd2 to dump the stats
-\&        using `kill -ALRM <pid>` (where <pid> is the process id of postfwd).
-.Ve
-.PP
-.Vb 9
+\&        using \`kill \-ALRM <pid>\` (where <pid> is the process id of postfwd).
+\&
 \&        Example:
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Counters: 213000 seconds uptime, 39 rules
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Requests: 71643 overall, 49 last interval, 62.88% cache hits
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Averages: 20.18 overall, 4.90 last interval, 557.30 top
 \&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Contents: 44 cached requests, 239 cached dnsbl results
-\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R-001   matched: 2704 times
-\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R-002   matched: 9351 times
-\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R-003   matched: 3116 times
+\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R\-001   matched: 2704 times
+\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R\-002   matched: 9351 times
+\&        Aug 19 12:39:45 mail1 postfwd[666]: [STATS] Rule ID: R\-003   matched: 3116 times
 \&        ...
-.Ve
-.PP
-.Vb 3
-\&        --no-rulestats
+\&
+\&        \-\-no\-rulestats
 \&        Disables per rule statistics. Keeps your log clean, if you do not use them.
-\&        This option has no effect without --summary or --verbose set.
-.Ve
-.PP
-.Vb 2
-\&        -L, --stdout
+\&        This option has no effect without \-\-summary or \-\-verbose set.
+\&
+\&        \-L, \-\-stdout
 \&        Redirects all syslog messages to stdout for debugging. Never use this with postfix!
-.Ve
-.PP
-.Vb 3
-\&        -t, --test
+\&
+\&        \-t, \-\-test
 \&        In test mode postfwd2 always returns "dunno", but logs according
-\&        to it`s ruleset. -v will be set automatically with this option.
-.Ve
-.PP
-.Vb 3
-\&        -n, --nodns
+\&        to it\`s ruleset. \-v will be set automatically with this option.
+\&
+\&        \-n, \-\-nodns
 \&        Disables all DNS based checks like RBL checks. Rules containing
 \&        such elements will be ignored.
-.Ve
-.PP
-.Vb 2
-\&        -n, --nodnslog
+\&
+\&        \-n, \-\-nodnslog
 \&        Disables logging of dns events.
-.Ve
-.PP
-.Vb 3
-\&        --dns_timeout     (default: 14)
+\&
+\&        \-\-dns_timeout     (default: 14)
 \&        Sets the timeout for asynchonous dns queries in seconds. This value will apply to
 \&        all dns items in a rule.
-.Ve
-.PP
-.Vb 3
-\&        --dns_timeout_max    (default: 10)
+\&
+\&        \-\-dns_timeout_max    (default: 10)
 \&        Sets the maximum timeout counter for dnsbl lookups. If the timeouts exceed this value
-\&        the corresponding dnsbl will be deactivated for a while (see --dns_timeout_interval).
-.Ve
-.PP
-.Vb 3
-\&        --dns_timeout_interval    (default=1200)
+\&        the corresponding dnsbl will be deactivated for a while (see \-\-dns_timeout_interval).
+\&
+\&        \-\-dns_timeout_interval    (default=1200)
 \&        The dnsbl timeout counter will be cleaned after this interval in seconds. Use this
-\&        in conjunction with the --dns_timeout_max parameter.
-.Ve
-.PP
-.Vb 4
-\&        --dns_async_txt
+\&        in conjunction with the \-\-dns_timeout_max parameter.
+\&
+\&        \-\-dns_async_txt
 \&        Perform dnsbl A and TXT lookups simultaneously (otherwise only for listings with at
 \&        least one A record). This needs more network bandwidth due to increased queries but
 \&        might increase throughput because the lookups can be parallelized.
-.Ve
-.PP
-.Vb 2
-\&        --dns_max_ns_lookups     (default=0)
+\&
+\&        \-\-dns_max_ns_lookups     (default=0)
 \&        maximum ns names to lookup up with sender_ns_addrs item. use 0 for no maximum.
-.Ve
-.PP
-.Vb 2
-\&        --dns_max_mx_lookups     (default=0)
+\&
+\&        \-\-dns_max_mx_lookups     (default=0)
 \&        maximum mx names to lookup up with sender_mx_addrs item. use 0 for no maximum.
-.Ve
-.PP
-.Vb 6
-\&        -I, --instantcfg
-\&        The config files, specified by -f will be re-read for every request
-\&        postfwd2 receives. This enables on-the-fly configuration changes
+\&
+\&        \-I, \-\-instantcfg
+\&        The config files, specified by \-f will be re\-read for every request
+\&        postfwd2 receives. This enables on\-the\-fly configuration changes
 \&        without restarting. Though files will be read only if necessary
 \&        (which means their access times changed since last read) this might
 \&        significantly increase system load.
-.Ve
-.PP
-.Vb 3
-\&        --config_timeout    (default=3)
+\&
+\&        \-\-config_timeout    (default=3)
 \&        timeout in seconds to parse a single configuration line. if exceeded, the rule will
 \&        be skipped. this is used to prevent problems due to large files or loops.
-.Ve
-.PP
-.Vb 4
-\&        --keep_rates    (default=0)
+\&        
+\&        \-\-keep_rates    (default=0)
 \&        With this option set postfwd2 does not clear the rate limit counters on reload. Please
 \&        note that you have to restart (not reload) postfwd with this option if you change
 \&        any rate limit rules.
-.Ve
-.PP
-.Vb 4
-\&        --save_rates    (default=none)
+\&
+\&        \-\-save_rates    (default=none)
 \&        With this option postfwd saves existing rate limit counters to disk and reloads them
 \&        on program start. This allows persistent rate limits across program restarts or reboots.
 \&        Please note that postfwd needs read and write access to the specified file.
-.Ve
-.PP
-.Vb 5
-\&        --fast_limit_evaluation    (default=0)
+\&
+\&        \-\-fast_limit_evaluation    (default=0)
 \&        Once a ratelimit was set by the ruleset, future requests will be evaluated against it
 \&        before consulting the ruleset. This mode was the default behaviour until v1.30.
 \&        With this mode rate limits will be faster, but also eventually set up
-\&        whitelisting-rules within the ruleset might not work as expected.
+\&        whitelisting\-rules within the ruleset might not work as expected.
+\&        LIMITATIONS: This option does not allow nested postfwd commands like
+\&                action=rate(sender/3/60/wait(3))
+\&        This option doe not work with the strict\-rfc5321 rate() functions.
 .Ve
 .PP
 \&\fIInformational arguments\fR
@@ -1431,68 +1258,50 @@ These parameters influence the way postfwd2 is working. Any of them can be combi
 These arguments are for command line usage only. Never ever use them with postfix!
 .PP
 .Vb 2
-\&        -C, --showconfig
-\&        Displays the current ruleset. Use -v for verbose output.
-.Ve
-.PP
-.Vb 2
-\&        -V, --version
+\&        \-C, \-\-showconfig
+\&        Displays the current ruleset. Use \-v for verbose output.
+\&
+\&        \-V, \-\-version
 \&        Displays the program version.
-.Ve
-.PP
-.Vb 2
-\&        -h, --help
+\&
+\&        \-h, \-\-help
 \&        Shows program usage.
-.Ve
-.PP
-.Vb 2
-\&        -m, --manual
+\&
+\&        \-m, \-\-manual
 \&        Displays the program manual.
-.Ve
-.PP
-.Vb 2
-\&        -D, --defaults
+\&
+\&        \-D, \-\-defaults
 \&        displays complete postfwd2 settings.
-.Ve
-.PP
-.Vb 3
-\&        -P, --perfmon
+\&
+\&        \-P, \-\-perfmon
 \&        This option turns of any syslogging and output. It is included
 \&        for performance testing.
-.Ve
-.PP
-.Vb 2
-\&        --dumpstats
+\&
+\&        \-\-dumpstats
 \&        Displays program usage statistics.
-.Ve
-.PP
-.Vb 2
-\&        --dumpcache
+\&
+\&        \-\-dumpcache
 \&        Displays cache contents.
-.Ve
-.PP
-.Vb 10
-\&        --delcache <item>
-\&        Removes an item from the request cache. Use --dumpcache to identify objects.
+\&
+\&        \-\-delcache <item>
+\&        Removes an item from the request cache. Use \-\-dumpcache to identify objects.
 \&        E.g.:
-\&                # postfwd --dumpcache
+\&                # postfwd \-\-dumpcache
 \&                ...
-\&                %rate_cache -> %sender=gmato@jqvo.org -> %RATE002+2_600 -> @count    -> '1'
-\&                %rate_cache -> %sender=gmato@jqvo.org -> %RATE002+2_600 -> @maxcount -> '2'
+\&                %rate_cache \-> %sender=gmato@jqvo.org \-> %RATE002+2_600 \-> @count    \-> \*(Aq1\*(Aq
+\&                %rate_cache \-> %sender=gmato@jqvo.org \-> %RATE002+2_600 \-> @maxcount \-> \*(Aq2\*(Aq
 \&                ...
-\&                # postfwd --delrate="sender=gmato@jqvo.org"
-\&                rate cache item 'sender=gmato@jqvo.org' removed
+\&                # postfwd \-\-delrate="sender=gmato@jqvo.org"
+\&                rate cache item \*(Aqsender=gmato@jqvo.org\*(Aq removed
+\&
+\&        \-\-delrate <item>
+\&        Removes an item from the rate cache. Use \-\-dumpcache to identify objects.
 .Ve
-.PP
-.Vb 2
-\&        --delrate <item>
-\&        Removes an item from the rate cache. Use --dumpcache to identify objects.
-.Ve
-.Sh "\s-1REFRESH\s0"
+.SS "\s-1REFRESH\s0"
 .IX Subsection "REFRESH"
 In daemon mode postfwd2 reloads it's ruleset after receiving a \s-1HUP\s0 signal. Please see the description of
 the '\-I' switch to have your configuration refreshed for every request postfwd2 receives.
-.Sh "\s-1EXAMPLES\s0"
+.SS "\s-1EXAMPLES\s0"
 .IX Subsection "EXAMPLES"
 .Vb 7
 \&        ## whitelisting
@@ -1502,18 +1311,14 @@ the '\-I' switch to have your configuration refreshed for every request postfwd2
 \&        id=WL001; action=dunno ; client_address=192.168.1.0/24, 192.168.2.4
 \&        id=WL002; action=dunno ; client_name=\e.gmx\e.(net|de)$
 \&        id=WL003; action=dunno ; sender=@someshop\e.tld$ ; client_address=11.22.33.44
-.Ve
-.PP
-.Vb 6
+\&
 \&        ## TLS control
 \&        # 1. *@authority.tld only with correct TLS fingerprint
 \&        # 2. *@secret.tld only with keysizes >=64
 \&        id=TL001; action=dunno                          ; sender=@authority\e.tld$ ; ccert_fingerprint=AA:BB:CC..
 \&        id=TL002; action=REJECT wrong TLS fingerprint   ; sender=@authority\e.tld$
 \&        id=TL003; action=REJECT tls keylength < 64      ; sender=@secret\e.tld$ ; encryption_keysize=64
-.Ve
-.PP
-.Vb 10
+\&
 \&        ## Combined RBL checks
 \&        # This will reject mail if
 \&        # 1. listed on ix.dnsbl.manitu.net
@@ -1521,23 +1326,19 @@ the '\-I' switch to have your configuration refreshed for every request postfwd2
 \&        # 3. listed on min 2 of bl.spamcop.net, list.dsbl.org, dnsbl.sorbs.net
 \&        # 4. listed on bl.spamcop.net and one of rhsbl.ahbl.org, rhsbl.sorbs.net
 \&        id=RBL01 ; action=REJECT listed on ix.dnsbl.manitu.net  ; rbl=ix.dnsbl.manitu.net
-\&        id=RBL02 ; action=REJECT listed on zen.spamhaus.org     ; rbl=zen.spamhaus.org/127.0.0.[2-8]/1200
+\&        id=RBL02 ; action=REJECT listed on zen.spamhaus.org     ; rbl=zen.spamhaus.org/127.0.0.[2\-8]/1200
 \&        id=RBL03 ; action=REJECT listed on too many RBLs        ; rblcount=2 ; rbl=bl.spamcop.net, list.dsbl.org, dnsbl.sorbs.net
 \&        id=RBL04 ; action=REJECT combined RBL+RHSBL check       ; rbl=bl.spamcop.net ; rhsbl=rhsbl.ahbl.org, rhsbl.sorbs.net
-.Ve
-.PP
-.Vb 8
+\&
 \&        ## Message size (requires message_size_limit to be set to 30000000)
 \&        # 1. 30MB for systems in *.customer1.tld
 \&        # 2. 20MB for SASL user joejob
 \&        # 3. 10MB default
-\&        id=SZ001; protocol_state==END-OF-MESSAGE; action=DUNNO; size<=30000000 ; client_name=\e.customer1.tld$
-\&        id=SZ002; protocol_state==END-OF-MESSAGE; action=DUNNO; size<=20000000 ; sasl_username==joejob
-\&        id=SZ002; protocol_state==END-OF-MESSAGE; action=DUNNO; size<=10000000
-\&        id=SZ100; protocol_state==END-OF-MESSAGE; action=REJECT message too large
-.Ve
-.PP
-.Vb 14
+\&        id=SZ001; protocol_state==END\-OF\-MESSAGE; action=DUNNO; size<=30000000 ; client_name=\e.customer1.tld$
+\&        id=SZ002; protocol_state==END\-OF\-MESSAGE; action=DUNNO; size<=20000000 ; sasl_username==joejob
+\&        id=SZ002; protocol_state==END\-OF\-MESSAGE; action=DUNNO; size<=10000000
+\&        id=SZ100; protocol_state==END\-OF\-MESSAGE; action=REJECT message too large
+\&
 \&        ## Selective Greylisting
 \&        ##
 \&        ## Note that postfwd does not include greylisting. This setup requires a running postgrey service
@@ -1551,20 +1352,16 @@ the '\-I' switch to have your configuration refreshed for every request postfwd2
 \&        # 3. Client comes from several dialin domains
 \&        id=GR001; action=check_postgrey ; rbl=dul.dnsbl.sorbs.net, zen.spamhaus.org/127.0.0.1[01]/1200
 \&        id=GR002; action=check_postgrey ; client_name=^unknown$
-\&        id=GR003; action=check_postgrey ; client_name=\e.(t-ipconnect|alicedsl|ish)\e.de$
-.Ve
-.PP
-.Vb 7
+\&        id=GR003; action=check_postgrey ; client_name=\e.(t\-ipconnect|alicedsl|ish)\e.de$
+\&
 \&        ## Date Time
-\&        date=24.12.2007-26.12.2007          ;  action=450 4.7.1 office closed during christmas
-\&        time=04:00:00-05:00:00              ;  action=450 4.7.1 maintenance ongoing, try again later
-\&        time=-07:00:00 ;  sasl_username=jim ;  action=450 4.7.1 to early for you, jim
-\&        time=22:00:00- ;  sasl_username=jim ;  action=450 4.7.1 to late now, jim
-\&        months=-Apr                         ;  action=450 4.7.1 see you in may
-\&        days=!!Mon-Fri                      ;  action=check_postgrey
-.Ve
-.PP
-.Vb 10
+\&        date=24.12.2007\-26.12.2007          ;  action=450 4.7.1 office closed during christmas
+\&        time=04:00:00\-05:00:00              ;  action=450 4.7.1 maintenance ongoing, try again later
+\&        time=\-07:00:00 ;  sasl_username=jim ;  action=450 4.7.1 to early for you, jim
+\&        time=22:00:00\- ;  sasl_username=jim ;  action=450 4.7.1 to late now, jim
+\&        months=\-Apr                         ;  action=450 4.7.1 see you in may
+\&        days=!!Mon\-Fri                      ;  action=check_postgrey
+\&
 \&        ## Usage of jump
 \&        # The following allows a message size of 30MB for different
 \&        # users/clients while others will only have 10MB.
@@ -1573,50 +1370,42 @@ the '\-I' switch to have your configuration refreshed for every request postfwd2
 \&        id=R003 ; action=jump(R100) ; ccert_fingerprint=AA:BB:CC:DD:...
 \&        id=R004 ; action=jump(R100) ; ccert_fingerprint=AF:BE:CD:DC:...
 \&        id=R005 ; action=jump(R100) ; ccert_fingerprint=DD:CC:BB:DD:...
-\&        id=R099 ; protocol_state==END-OF-MESSAGE; action=REJECT message too big (max. 10MB); size=10000000
-\&        id=R100 ; protocol_state==END-OF-MESSAGE; action=REJECT message too big (max. 30MB); size=30000000
-.Ve
-.PP
-.Vb 14
+\&        id=R099 ; protocol_state==END\-OF\-MESSAGE; action=REJECT message too big (max. 10MB); size=10000000
+\&        id=R100 ; protocol_state==END\-OF\-MESSAGE; action=REJECT message too big (max. 30MB); size=30000000
+\&
 \&        ## Usage of score
 \&        # The following rejects a mail, if the client
-\&        # - is listed on 1 RBL and 1 RHSBL
-\&        # - is listed in 1 RBL or 1 RHSBL and has no correct rDNS
-\&        # - other clients without correct rDNS will be greylist-checked
-\&        # - some whitelists are used to lower the score
+\&        # \- is listed on 1 RBL and 1 RHSBL
+\&        # \- is listed in 1 RBL or 1 RHSBL and has no correct rDNS
+\&        # \- other clients without correct rDNS will be greylist\-checked
+\&        # \- some whitelists are used to lower the score
 \&        id=S01 ; score=2.6              ; action=check_postgrey
 \&        id=S02 ; score=5.0              ; action=REJECT postfwd score too high
-\&        id=R00 ; action=score(-1.0)     ; rbl=exemptions.ahbl.org,list.dnswl.org,query.bondedsender.org,spf.trusted-forwarder.org
+\&        id=R00 ; action=score(\-1.0)     ; rbl=exemptions.ahbl.org,list.dnswl.org,query.bondedsender.org,spf.trusted\-forwarder.org
 \&        id=R01 ; action=score(2.5)      ; rbl=bl.spamcop.net, list.dsbl.org, dnsbl.sorbs.net
 \&        id=R02 ; action=score(2.5)      ; rhsbl=rhsbl.ahbl.org, rhsbl.sorbs.net
-\&        id=N01 ; action=score(-0.2)     ; client_name==$$helo_name
+\&        id=N01 ; action=score(\-0.2)     ; client_name==$$helo_name
 \&        id=N02 ; action=score(2.7)      ; client_name=^unknown$
 \&        ...
-.Ve
-.PP
-.Vb 8
+\&
 \&        ## Usage of rate and size
 \&        # The following temporary rejects requests from "unknown" clients, if they
 \&        # 1. exceeded 30 requests per hour or
 \&        # 2. tried to send more than 1.5mb within 10 minutes
 \&        id=RATE01 ;  client_name==unknown ;  protocol_state==RCPT
 \&                action=rate(client_address/30/3600/450 4.7.1 sorry, max 30 requests per hour)
-\&        id=SIZE01 ;  client_name==unknown ;  protocol_state==END-OF-MESSAGE
+\&        id=SIZE01 ;  client_name==unknown ;  protocol_state==END\-OF\-MESSAGE
 \&                action=size(client_address/1572864/600/450 4.7.1 sorry, max 1.5mb per 10 minutes)
-.Ve
-.PP
-.Vb 8
+\&
 \&        ## Macros
 \&        # definition
 \&        &&RBLS { rbl=zen.spamhaus.org,list.dsbl.org,bl.spamcop.net,dnsbl.sorbs.net,ix.dnsbl.manitu.net; };
 \&        &&GONOW { action=REJECT your request caused our spam detection policy to reject this message. More info at http://www.domain.local; };
 \&        # rules
 \&        &&GONOW ;  &&RBLS ;  client_name=^unknown$
-\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.-_]){4}
-\&        &&GONOW ;  &&RBLS ;  client_name=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
-.Ve
-.PP
-.Vb 34
+\&        &&GONOW ;  &&RBLS ;  client_name=(\ed+[\e.\-_]){4}
+\&        &&GONOW ;  &&RBLS ;  client_name=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
+\&
 \&        ## Groups
 \&        # definition
 \&        &&RBLS{
@@ -1631,8 +1420,8 @@ the '\-I' switch to have your configuration refreshed for every request postfwd2
 \&        };
 \&        &&DYNAMIC{
 \&                client_name==unknown
-\&                client_name~=(\ed+[\e.-_]){4}
-\&                client_name~=[\e.-_](adsl|dynamic|ppp|)[\e.-_]
+\&                client_name~=(\ed+[\e.\-_]){4}
+\&                client_name~=[\e.\-_](adsl|dynamic|ppp|)[\e.\-_]
 \&                ...
 \&        };
 \&        &&BAD_HELO{
@@ -1646,32 +1435,28 @@ the '\-I' switch to have your configuration refreshed for every request postfwd2
 \&                date=15.04.2007
 \&                date=15.07.2007
 \&                date=15.10.2007
-\&                time=03:00:00 - 04:00:00
+\&                time=03:00:00 \- 04:00:00
 \&        };
 \&        # rules
 \&        id=COMBINED    ;  &&RBLS ;  &&DYNAMIC ;  action=REJECT dynamic client and listed on RBL
-\&        id=MAINTENANCE ;  &&MAINTENANCE       ;  action=DEFER maintenance time - please try again later
-.Ve
-.PP
-.Vb 8
+\&        id=MAINTENANCE ;  &&MAINTENANCE       ;  action=DEFER maintenance time \- please try again later
+\&        
 \&        # now with the set() command, note that long item
-\&        # lists don't have to be compared twice
+\&        # lists don\*(Aqt have to be compared twice
 \&        id=RBL01    ;  &&RBLS      ;  action=set(HIT_rbls=1)
 \&        id=HELO01   ;  &&BAD_HELO  ;  action=set(HIT_helo=1)
 \&        id=DYNA01   ;  &&DYNAMIC   ;  action=set(HIT_dyna=1)
 \&        id=REJECT01 ;  HIT_rbls==1 ;  HIT_helo==1  ; action=REJECT please see http://some.org/info?reject=01 for more info
 \&        id=REJECT02 ;  HIT_rbls==1 ;  HIT_dyna==1  ; action=REJECT please see http://some.org/info?reject=02 for more info
 \&        id=REJECT03 ;  HIT_helo==1 ;  HIT_dyna==1  ; action=REJECT please see http://some.org/info?reject=03 for more info
-.Ve
-.PP
-.Vb 5
+\&
 \&        ## combined with enhanced rbl features
 \&        #
 \&        id=RBL01 ; rhsblcount=all ; rblcount=all ; &&RBLS ; &&RHSBLS
 \&             action=set(HIT_dnsbls=$$rhsblcount,HIT_dnsbls+=$$rblcount,HIT_dnstxt=$$dnsbltext)
 \&        id=RBL02 ; HIT_dnsbls>=2  ; action=554 5.7.1 blocked using $$HIT_dnsbls DNSBLs [INFO: $$HIT_dnstxt]
 .Ve
-.Sh "\s-1PARSER\s0"
+.SS "\s-1PARSER\s0"
 .IX Subsection "PARSER"
 \&\fIConfiguration\fR
 .PP
@@ -1679,47 +1464,47 @@ The postfwd2 ruleset can be specified at the commandline (\-r option) or be read
 check the parser with the \-C | \-\-showconfig switch at the command line before applying a new config. The following call:
 .PP
 .Vb 4
-\&        postfwd2 --showconfig \e
-\&                -r "id=TEST; recipient_count=100; action=WARN mail with 100+ recipients" \e
-\&                -f /etc/postfwd.cf \e
-\&                -r "id=DEFAULT; action=dunno";
+\&        postfwd2 \-\-showconfig \e
+\&                \-r "id=TEST; recipient_count=100; action=WARN mail with 100+ recipients" \e
+\&                \-f /etc/postfwd.cf \e
+\&                \-r "id=DEFAULT; action=dunno";
 .Ve
 .PP
 will produce the following output:
 .PP
 .Vb 5
-\&        Rule   0: id->"TEST" action->"WARN mail with 100+ recipients"; recipient_count->"100"
+\&        Rule   0: id\->"TEST" action\->"WARN mail with 100+ recipients"; recipient_count\->"100"
 \&        ...
 \&        ... <content of /etc/postfwd.cf> ...
 \&        ...
-\&        Rule <n>: id->"DEFAULT" action->"dunno"
+\&        Rule <n>: id\->"DEFAULT" action\->"dunno"
 .Ve
 .PP
 Multiple items of the same type will be added to lists (see the \*(L"\s-1ITEMS\s0\*(R" section for more info):
 .PP
 .Vb 2
-\&        postfwd2 --showconfig \e
-\&                -r "client_address=192.168.1.0/24; client_address=172.16.26.32; action=dunno"
+\&        postfwd2 \-\-showconfig \e
+\&                \-r "client_address=192.168.1.0/24; client_address=172.16.26.32; action=dunno"
 .Ve
 .PP
 will result in:
 .PP
 .Vb 1
-\&        Rule   0: id->"R-0"; action->"dunno"; client_address->"192.168.1.0/24, 172.16.26.32"
+\&        Rule   0: id\->"R\-0"; action\->"dunno"; client_address\->"192.168.1.0/24, 172.16.26.32"
 .Ve
 .PP
 Macros are evaluated at configuration stage, which means that
 .PP
 .Vb 3
-\&        postfwd2 --showconfig \e
-\&                -r "&&RBLS { rbl=bl.spamcop.net; client_name=^unknown$; };" \e
-\&                -r "id=RBL001; &&RBLS; action=REJECT listed on spamcop and bad rdns";
+\&        postfwd2 \-\-showconfig \e
+\&                \-r "&&RBLS { rbl=bl.spamcop.net; client_name=^unknown$; };" \e
+\&                \-r "id=RBL001; &&RBLS; action=REJECT listed on spamcop and bad rdns";
 .Ve
 .PP
 will result in:
 .PP
 .Vb 1
-\&        Rule   0: id->"RBL001"; action->"REJECT listed on spamcop and bad rdns"; rbl->"bl.spamcop.net"; client_name->"^unknown$"
+\&        Rule   0: id\->"RBL001"; action\->"REJECT listed on spamcop and bad rdns"; rbl\->"bl.spamcop.net"; client_name\->"^unknown$"
 .Ve
 .PP
 \&\fIRequest processing\fR
@@ -1742,21 +1527,21 @@ equals to
 Lists will be evaluated in the specified order. This allows to place faster expressions at first:
 .PP
 .Vb 1
-\&        postfwd2 --nodaemon -vv -L -r "id=RBL001; rbl=localrbl.local zen.spamhaus.org; action=REJECT" /some/where/request.sample
+\&        postfwd2 \-\-nodaemon \-vv \-L \-r "id=RBL001; rbl=localrbl.local zen.spamhaus.org; action=REJECT" /some/where/request.sample
 .Ve
 .PP
 produces the following
 .PP
 .Vb 11
-\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  ->  "localrbl.local"
-\&        [LOGS info]: count1 rbl:  "2"  ->  "0"
+\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  \->  "localrbl.local"
+\&        [LOGS info]: count1 rbl:  "2"  \->  "0"
 \&        [LOGS info]: query rbl:   localrbl.local 7.1.10.68 (7.1.10.68.localrbl.local)
-\&        [LOGS info]: count2 rbl:  "2"  ->  "0"
+\&        [LOGS info]: count2 rbl:  "2"  \->  "0"
 \&        [LOGS info]: match rbl:   FALSE
-\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  ->  "zen.spamhaus.org"
-\&        [LOGS info]: count1 rbl:  "2"  ->  "0"
+\&        [LOGS info]: compare rbl: "remotehost.remote.net[68.10.1.7]"  \->  "zen.spamhaus.org"
+\&        [LOGS info]: count1 rbl:  "2"  \->  "0"
 \&        [LOGS info]: query rbl:   zen.spamhaus.org 7.1.10.68 (7.1.10.68.zen.spamhaus.org)
-\&        [LOGS info]: count2 rbl:  "2"  ->  "0"
+\&        [LOGS info]: count2 rbl:  "2"  \->  "0"
 \&        [LOGS info]: match rbl:   FALSE
 \&        [LOGS info]: Action: dunno
 .Ve
@@ -1764,15 +1549,15 @@ produces the following
 The negation operator !!(<value>) has the highest priority and therefore will be evaluated first. Then variable substitutions are performed:
 .PP
 .Vb 1
-\&        postfwd2 --nodaemon -vv -L -r "id=TEST; action=REJECT; client_name=!!($$heloname)" /some/where/request.sample
+\&        postfwd2 \-\-nodaemon \-vv \-L \-r "id=TEST; action=REJECT; client_name=!!($$heloname)" /some/where/request.sample
 .Ve
 .PP
 will give
 .PP
 .Vb 5
-\&        [LOGS info]: compare client_name:     "unknown"  ->  "!!($$helo_name)"
-\&        [LOGS info]: negate client_name:      "unknown"  ->  "$$helo_name"
-\&        [LOGS info]: substitute client_name:  "unknown"  ->  "english-breakfast.cloud8.net"
+\&        [LOGS info]: compare client_name:     "unknown"  \->  "!!($$helo_name)"
+\&        [LOGS info]: negate client_name:      "unknown"  \->  "$$helo_name"
+\&        [LOGS info]: substitute client_name:  "unknown"  \->  "english\-breakfast.cloud8.net"
 \&        [LOGS info]: match client_name:  TRUE
 \&        [LOGS info]: Action: REJECT
 .Ve
@@ -1800,7 +1585,7 @@ place a last catch-all rule to change that behaviour:
 .Ve
 .PP
 will log any request that passes the ruleset without having hit a prior rule.
-.Sh "\s-1DEBUGGING\s0"
+.SS "\s-1DEBUGGING\s0"
 .IX Subsection "DEBUGGING"
 To debug special steps of the parser the '\-\-debug' switch takes a list of debug classes. Currently the following classes are defined:
 .PP
@@ -1810,7 +1595,7 @@ To debug special steps of the parser the '\-\-debug' switch takes a list of debu
 \&        parent_cache parent_dns_cache parent_rate_cache parent_request_cache
 \&        child_cache  child_dns_cache  child_rate_cache  child_request_cache
 .Ve
-.Sh "\s-1INTEGRATION\s0"
+.SS "\s-1INTEGRATION\s0"
 .IX Subsection "INTEGRATION"
 \&\fIIntegration via daemon mode\fR
 .PP
@@ -1819,7 +1604,7 @@ postfwd2 will spawn multiple child processes which communicate with a parent cac
 the prefered way to use postfwd2 in high volume environments. Start postfwd2 with the following parameters:
 .PP
 .Vb 1
-\&        postfwd2 -d -f /etc/postfwd.cf -i 127.0.0.1 -p 10045 -u nobody -g nobody -S
+\&        postfwd2 \-d \-f /etc/postfwd.cf \-i 127.0.0.1 \-p 10045 \-u nobody \-g nobody \-S
 .Ve
 .PP
 For efficient caching you should check if you can use the options \-\-cacheid, \-\-cache\-rdomain\-only,
@@ -1840,17 +1625,17 @@ and use `netstat \-an|grep 10045` to check for something like
 If everything works, open your postfix main.cf and insert the following
 .PP
 .Vb 4
-\&        127.0.0.1:10045_time_limit      = 3600                                          <--- integration
-\&        smtpd_recipient_restrictions    = permit_mynetworks                             <--- recommended
-\&                                          reject_unauth_destination                     <--- recommended
-\&                                          check_policy_service inet:127.0.0.1:10045     <--- integration
+\&        127.0.0.1:10045_time_limit      = 3600                                          <\-\-\- integration
+\&        smtpd_recipient_restrictions    = permit_mynetworks                             <\-\-\- recommended
+\&                                          reject_unauth_destination                     <\-\-\- recommended
+\&                                          check_policy_service inet:127.0.0.1:10045     <\-\-\- integration
 .Ve
 .PP
 Reload your configuration with `postfix reload` and watch your logs. In it works you should see
 lines like the following in your mail log:
 .PP
 .Vb 1
-\&        Aug  9 23:01:24 mail postfwd[5158]: rule=22, id=ML_POSTFIX, client=english-breakfast.cloud9.net[168.100.1.7], sender=owner-postfix-users@postfix.tld, recipient=someone@domain.local, helo=english-breakfast.cloud9.net, proto=ESMTP, state=RCPT, action=dunno
+\&        Aug  9 23:01:24 mail postfwd[5158]: rule=22, id=ML_POSTFIX, client=english\-breakfast.cloud9.net[168.100.1.7], sender=owner\-postfix\-users@postfix.tld, recipient=someone@domain.local, helo=english\-breakfast.cloud9.net, proto=ESMTP, state=RCPT, action=dunno
 .Ve
 .PP
 If you want to check for size or rcpt_count items you must integrate postfwd2 in smtp_data_restrictions or
@@ -1867,33 +1652,31 @@ Then postmap that file (`postmap hash:/etc/postfix/policy`), open your main.cf a
 .PP
 .Vb 3
 \&        # Restriction Classes
-\&        smtpd_restriction_classes       = postfwdcheck, <some more>...                          <--- integration
-\&        postfwdcheck                    = check_policy_service inet:127.0.0.1:10045             <--- integration
-.Ve
-.PP
-.Vb 6
-\&        127.0.0.1:10045_time_limit      = 3600                                                  <--- integration
-\&        smtpd_recipient_restrictions    = permit_mynetworks,                                    <--- recommended
-\&                                          reject_unauth_destination,                            <--- recommended
-\&                                          ...                                                   <--- optional
-\&                                          check_recipient_access hash:/etc/postfix/policy,      <--- integration
-\&                                          ...                                                   <--- optional
+\&        smtpd_restriction_classes       = postfwdcheck, <some more>...                          <\-\-\- integration
+\&        postfwdcheck                    = check_policy_service inet:127.0.0.1:10045             <\-\-\- integration
+\&
+\&        127.0.0.1:10045_time_limit      = 3600                                                  <\-\-\- integration
+\&        smtpd_recipient_restrictions    = permit_mynetworks,                                    <\-\-\- recommended
+\&                                          reject_unauth_destination,                            <\-\-\- recommended
+\&                                          ...                                                   <\-\-\- optional
+\&                                          check_recipient_access hash:/etc/postfix/policy,      <\-\-\- integration
+\&                                          ...                                                   <\-\-\- optional
 .Ve
 .PP
 Reload postfix and watch your logs.
-.Sh "\s-1TESTING\s0"
+.SS "\s-1TESTING\s0"
 .IX Subsection "TESTING"
 First you have to create a ruleset (see Configuration section). Check it with
 .PP
 .Vb 1
-\&        postfwd2 -f /etc/postfwd.cf -C
+\&        postfwd2 \-f /etc/postfwd.cf \-C
 .Ve
 .PP
 There is an example policy request distributed with postfwd, called 'request.sample'.
 Simply change it to meet your requirements and use
 .PP
 .Vb 1
-\&        postfwd2 -f /etc/postfwd.cf <request.sample
+\&        postfwd2 \-f /etc/postfwd.cf <request.sample
 .Ve
 .PP
 You should get an answer like
@@ -1910,20 +1693,20 @@ For network tests I use netcat:
 .PP
 to send a request to postfwd. If you receive nothing, make sure that postfwd2 is running and
 listening on the specified network settings.
-.Sh "\s-1PERFORMANCE\s0"
+.SS "\s-1PERFORMANCE\s0"
 .IX Subsection "PERFORMANCE"
 Some of these proposals might not match your environment. Please check your requirements and test new options carefully!
 .PP
 .Vb 7
-\&        - use caching options
-\&        - use the correct match operator ==, <=, >=
-\&        - use ^ and/or $ in regular expressions
-\&        - use item lists (faster than single rules)
-\&        - use set() action on repeated item lists
-\&        - use jumps and rate limits
-\&        - use a pre-lookup rule for rbl/rhsbls with empty note() action
+\&        \- use caching options
+\&        \- use the correct match operator ==, <=, >=
+\&        \- use ^ and/or $ in regular expressions
+\&        \- use item lists (faster than single rules)
+\&        \- use set() action on repeated item lists
+\&        \- use jumps and rate limits
+\&        \- use a pre\-lookup rule for rbl/rhsbls with empty note() action
 .Ve
-.Sh "\s-1SEE\s0 \s-1ALSO\s0"
+.SS "\s-1SEE\s0 \s-1ALSO\s0"
 .IX Subsection "SEE ALSO"
 See <http://www.postfix.org/SMTPD_POLICY_README.html> for a description
 of how Postfix policy servers work.
diff --git a/plugins/postfwd.plugins.sample b/plugins/postfwd.plugins.sample
index 608bf9f..776f35d 100644
--- a/plugins/postfwd.plugins.sample
+++ b/plugins/postfwd.plugins.sample
@@ -137,15 +137,15 @@
 	#	# note(<logstring>) command
 	#	"note"  => sub {
 	#		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-	#		my($myaction) = $default_action; my($stop) = 0;
-	#		mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+	#		my($myaction) = 'dunno'; my($stop) = 0;
+	#		log_info ("[RULES] ".$myline." - note: ".$myarg) if $myarg;
 	#		return ($stop,$index,$myaction,$myline,%request);
 	#	},
 	#
 	#	# skips next <myarg> rules
         #	"skip" => sub {
 	#		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-	#		my($myaction) = $default_action; my($stop) = 0;
+	#		my($myaction) = 'dunno'; my($stop) = 0;
 	#		$index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
 	#		return ($stop,$index,$myaction,$myline,%request);
         #	},
@@ -153,8 +153,8 @@
 	#	# dumps current request contents to syslog
         #	"dumprequest" => sub {
 	#		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-	#		my($myaction) = $default_action; my($stop) = 0;
-	#		map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+	#		my($myaction) = 'dunno'; my($stop) = 0;
+	#		map { log_info ("[DUMP] rule=$index, Attribute: $_=$request{$_}") } (keys %request);
 	#		return ($stop,$index,$myaction,$myline,%request);
         #	},
 
diff --git a/sbin/postfwd b/sbin/postfwd
index 8443a3f..e17a729 100755
--- a/sbin/postfwd
+++ b/sbin/postfwd
@@ -41,7 +41,7 @@ BEGIN {
 
 # Program constants
 our($NAME) 			= 'postfwd';
-our($VERSION)			= '1.32';
+our($VERSION)			= '1.35';
 
 # Networking options (use -i, -p and -R to change)
 our($def_net_pid)		= "/var/run/".$NAME.".pid";
@@ -155,7 +155,7 @@ our($COMP_HITS)			= "request_hits";
 # item match counter
 our($COMP_MATCHES)		= "matches";
 # separator
-our($COMP_SEPARATOR)		= "[=\~\<\>]=|[=\!][=\~\<\>]|=";
+our($COMP_SEPARATOR)		= "[=\~\<\>]=|[\<\>]|[=\!][=\~\<\>]|=";
 # macros
 our($COMP_ACL)			= "[\&][\&]";
 # negation
@@ -268,7 +268,7 @@ sub mylog {
 				syslog $prio, "$msg", @_;
 			};
 		} else { syslog $prio, "$msg", @_; };
-	} else { $msg =~ s/\%/%%/g; printf "[LOG $prio]: $msg\n", @_; };
+	} else { $msg =~ s/\%/%%/g; $msg =~ /^(.*)$/; printf "[LOG $prio]: $1\n", @_; };
     };
 };
 #
@@ -297,6 +297,14 @@ sub myprintf {
 	unless $opt_perfmon;
 };
 #
+# short versions
+#
+sub log_info { mylogs ('info', @_) };
+sub log_note { mylogs ('notice', @_) };
+sub log_warn { mylogs ('warning', @_) };
+sub log_err  { mylogs ('err', @_) };
+sub log_crit { mylogs ('crit', @_) };
+#
 # tests debug levels
 #
 sub wantsdebug {
@@ -323,7 +331,7 @@ sub end_program {
     show_stats() if $opt_summary;
     $net_pid ||= $def_net_pid; unlink $net_pid if (-T $net_pid);
     save_rates();
-    mylogs "notice", $NAME." ".$VERSION." terminated" if $opt_daemon;
+    log_note $NAME." ".$VERSION." terminated" if $opt_daemon;
     exit;
 };
 # get pid of running master process
@@ -437,11 +445,11 @@ sub cleanup_dns_cache {
     foreach my $checkitem (keys %DNS_Cache) {
 	# remove inclomplete objects (dns timeouts)
 	if ( !defined($DNS_Cache{$checkitem}{"time"}) or !defined($DNS_Cache{$checkitem}{ttl}) ) {
-		mylogs $syslog_priority, "[CLEANUP] deleting incomplete dns-cache item '$checkitem'" if (wantsdebug(qw[ all cleanup ]));
+		log_info "[CLEANUP] deleting incomplete dns-cache item '$checkitem'" if (wantsdebug(qw[ all cleanup ]));
 		delete $DNS_Cache{$checkitem};
 	# remove timed out objects
 	} elsif ( ($now - $DNS_Cache{$checkitem}{"time"}) > $DNS_Cache{$checkitem}{ttl} ) {
-		mylogs $syslog_priority, "[CLEANUP] removing dns-cache item '$checkitem' after ttl ".$DNS_Cache{$checkitem}{ttl}."s"
+		log_info "[CLEANUP] removing dns-cache item '$checkitem' after ttl ".$DNS_Cache{$checkitem}{ttl}."s"
 			if (wantsdebug(qw[ all cleanup ]));
 		delete $DNS_Cache{$checkitem};
 	};
@@ -454,10 +462,10 @@ sub cleanup_request_cache {
     my($now) = $_[0];
     foreach my $checkitem (keys %Request_Cache) {
 	if ( not(defined $Request_Cache{$checkitem}{'until'}) ) {
-		mylogs $syslog_priority, "[CLEANUP] deleting incomplete request-cache item '$checkitem'" if (wantsdebug(qw[ all cleanup ]));
+		log_info "[CLEANUP] deleting incomplete request-cache item '$checkitem'" if (wantsdebug(qw[ all cleanup ]));
 		delete $Request_Cache{$checkitem};
 	} elsif ( $now > $Request_Cache{$checkitem}{'until'} ) {
-		mylogs $syslog_priority, "[CLEANUP] removing request-cache item '$checkitem' after ttl ".$REQUEST_MAX_CACHE."s"
+		log_info "[CLEANUP] removing request-cache item '$checkitem' after ttl ".$REQUEST_MAX_CACHE."s"
 			if (wantsdebug(qw[ all cleanup ]));
 		delete $Request_Cache{$checkitem};
 	};
@@ -475,10 +483,10 @@ sub cleanup_rate_cache {
 		my @i = ();
 		foreach my $crate (@{$Rates{$checkitem}{'list'}}) {
 			if ( not(defined $Rates{$checkitem}{$crate}{'until'}) ) {
-				mylogs $syslog_priority, "[CLEANUP] deleting incomplete rate-cache item '$checkitem'->'$crate'" if (wantsdebug(qw[ all cleanup ]));
+				log_info "[CLEANUP] deleting incomplete rate-cache item '$checkitem'->'$crate'" if (wantsdebug(qw[ all cleanup ]));
 				delete $Rates{$checkitem}{$crate};
 			} elsif ( $now > $Rates{$checkitem}{$crate}{'until'} ) {
-				mylogs $syslog_priority, "[CLEANUP] removing rate-cache item '$checkitem'->'$crate' after ttl ".$Rates{$checkitem}{$crate}{ttl}."s"
+				log_info "[CLEANUP] removing rate-cache item '$checkitem'->'$crate' after ttl ".$Rates{$checkitem}{$crate}{ttl}."s"
 					if (wantsdebug(qw[ all cleanup ]));
 				delete $Rates{$checkitem}{$crate};
 			} else {
@@ -486,10 +494,10 @@ sub cleanup_rate_cache {
 			};
 		};
 		unless ($i[0]) {
-			mylogs $syslog_priority, "[CLEANUP] deleting complete rate-cache item '$checkitem'" if (wantsdebug(qw[ all cleanup ]));
+			log_info "[CLEANUP] deleting complete rate-cache item '$checkitem'" if (wantsdebug(qw[ all cleanup ]));
 			delete $Rates{$checkitem};
 		} else {
-			mylogs $syslog_priority, "[CLEANUP] new index list for rate-cache item '$checkitem': ".(join ', ', @i) if (wantsdebug(qw[ all cleanup ]));
+			log_info "[CLEANUP] new index list for rate-cache item '$checkitem': ".(join ', ', @i) if (wantsdebug(qw[ all cleanup ]));
 			@{$Rates{$checkitem}{'list'}} = @i;
 		};
 	};
@@ -502,8 +510,8 @@ sub modify_score {
 	(my($myscore), my($myaction)) = @_;
 
 	( exists($MAX_SCORES{$myscore}) )
-		? mylogs "notice", "redefined score $myscore with action=\"$myaction\""
-		: mylogs "notice", "setting new score $myscore with action=\"$myaction\""
+		? log_note "redefined score $myscore with action=\"$myaction\""
+		: log_note "setting new score $myscore with action=\"$myaction\""
 		if wantsdebug(qw[ all thisrequest verbose score ]);
 	$MAX_SCORES{$myscore} = $myaction;
 };
@@ -593,7 +601,7 @@ sub devar_item {
 	} elsif (defined $request{$var}) {
 		$myresult=$val=$pre.$request{$var}.$post;
 	};
-	mylogs $syslog_priority, "substitute :  \"$myitem\"  \"$cmp\"  \"$val\""
+	log_info "substitute :  \"$myitem\"  \"$cmp\"  \"$val\""
 		if (wantsdebug(qw[ all thisrequest devar ]));
     };
     return $myresult;
@@ -616,7 +624,7 @@ sub acl_parser {
 				$myline =~ s/\s*$acl\s*/$ACLs{$acl}/g;
 			} else {
 				#return "action=note(undefined macro '$acl')";
-				mylogs 'warning', "file $file, ignoring line $num: undefined macro '$acl'";
+				log_warn "file $file, ignoring line $num: undefined macro '$acl'";
 				return "";
 			};
 		};
@@ -645,7 +653,7 @@ sub prepare_file {
 	my($forced_reload,$type,$cmp,$file) = @_; my(@result) = (); undef my $fh;
 	my($is_table) = ($type =~ /^$COMP_TABLES$/);
 	unless (-e $file) {
-		mylogs 'warning', "error: $type:$file not found - will be ignored";
+		log_warn "error: $type:$file not found - will be ignored";
 		return @result;
 	};
 	if ( not($forced_reload) and (defined $Config_Cache{$file}{lastread}) and ($Config_Cache{$file}{lastread} > (stat $file)[9]) ) {
@@ -655,10 +663,10 @@ sub prepare_file {
 		return  @{$Config_Cache{$file}{content}};
 	};
 	unless (open ($fh, "<$file")) {
-		mylogs 'warning', "error: could not open $type:$file - $! - will be ignored";
+		log_warn "error: could not open $type:$file - $! - will be ignored";
 		return @result;
 	};
-	mylogs $syslog_priority, "reading $type:$file" if (wantsdebug(qw[ all thisrequest config ]));
+	log_info "reading $type:$file" if (wantsdebug(qw[ all thisrequest config ]));
 	while (<$fh>) {
 		chomp;
 		s/#.*//g;
@@ -670,7 +678,7 @@ sub prepare_file {
 	# update Config_Cache
 	$Config_Cache{$file}{lastread}   = time();
 	@{$Config_Cache{$file}{content}} = @result;
-	mylogs $syslog_priority, "read ".($#result + 1)." items from $type:$file" if (wantsdebug(qw[ all thisrequest config ]));
+	log_info "read ".($#result + 1)." items from $type:$file" if (wantsdebug(qw[ all thisrequest config ]));
 	return @result;
 };
 #
@@ -694,11 +702,11 @@ sub check_for_old_syntax {
   if ($mykey =~ /^action$/) {
     if ($myvalue =~ /^(\w[\-\w]+)\s*\(\s*(.*?)\s*\)$/) {
         my($mycmd,$myarg) = ($1, $2);
-        if ($mycmd =~ /^(rate|size|rcpt)$/i) {
+        if ($mycmd =~ /^(rate|size|rcpt)(5321)?$/i) {
           if ($myarg =~ /^\$\$(.*)$/) {
             $myarg = $1;
             $myvalue = "$mycmd($myarg)";
-            mylogs "notice", "notice: Rule $myindex ($myfile line $mynum): "
+            log_note "notice: Rule $myindex ($myfile line $mynum): "
             ."removing obsolete '\$\$' for $mycmd limit index. See man page for new syntax." if wantsdebug(qw[ all thisrequest verbose config ]);
           };
           push @Rate_Items, (split '/', $myarg)[0];
@@ -716,11 +724,11 @@ sub parse_config_line {
 	my($mykey, $myvalue, $mycomp);
 	eval {
 	    local $SIG{'__DIE__'};
-	    local $SIG{'ALRM'}  = sub { $myline =~ s/[ \t][ \t]*/ /g; mylogs 'warning', "timeout after ".$config_timeout."s at parsing Rule $myindex ($myfile line $mynum): \"$myline\""; %myrule = (); die };
+	    local $SIG{'ALRM'}  = sub { $myline =~ s/[ \t][ \t]*/ /g; log_warn "timeout after ".$config_timeout."s at parsing Rule $myindex ($myfile line $mynum): \"$myline\""; %myrule = (); die };
 	    my $prevalert = alarm($config_timeout) if $config_timeout;
 	    if ( $myline = acl_parser ($myfile, $mynum, $myline) ) {
 		unless ( $myline =~ /^\s*[^=\s]+\s*$COMP_SEPARATOR\s*([^;\s]+\s*)+(;\s*[^=\s]+\s*$COMP_SEPARATOR\s*([^;\s]+\s*)+)*[;\s]*$/ ) {
-			mylogs 'warning', "ignoring invalid $myfile line ".$mynum.": \"".$myline."\"";
+			log_warn "ignoring invalid $myfile line ".$mynum.": \"".$myline."\"";
 		} else {
 			# separate items
 			foreach (split ";", $myline) {
@@ -729,7 +737,7 @@ sub parse_config_line {
 				( ($mycomp = $2) =~ /^([\<\>\~])=$/ ) and $mycomp = "=$1";
 				($mykey, $myvalue) = split /$COMP_SEPARATOR/, $_, 2;
 				if ($mykey =~ /^$COMP_SINGLE$/) {
-					mylogs 'notice', "notice: Rule $myindex ($myfile line $mynum):"
+					log_note "notice: Rule $myindex ($myfile line $mynum):"
 						." overriding $mykey=\"".$myrule{$mykey}."\""
 						." with $mykey=\"$myvalue\""
 						if (defined $myrule{$mykey});
@@ -743,14 +751,14 @@ sub parse_config_line {
 				};
 			};
 			unless (exists($myrule{$COMP_ACTION})) {
-				mylogs 'warning', "Rule ".$myindex." ($myfile line ".$mynum."): contains no action and will be ignored";
+				log_warn "Rule ".$myindex." ($myfile line ".$mynum."): contains no action and will be ignored";
 				return (%myrule = ());
 			};
 			unless (exists($myrule{$COMP_ID})) {
 				$myrule{$COMP_ID} = "R-".$myindex;
-				 mylogs 'notice', "notice: Rule $myindex ($myfile line $mynum): contains no rule identifier - will use \"$myrule{id}\"" if wantsdebug(qw[ all thisrequest verbose config ]);
+				 log_note "notice: Rule $myindex ($myfile line $mynum): contains no rule identifier - will use \"$myrule{id}\"" if wantsdebug(qw[ all thisrequest verbose config ]);
 			};
-			mylogs $syslog_priority, "loaded: Rule $myindex ($myfile line $mynum): id->\"$myrule{id}\" action->\"$myrule{action}\"" if wantsdebug(qw[ all thisrequest verbose config ]);
+			log_info "loaded: Rule $myindex ($myfile line $mynum): id->\"$myrule{id}\" action->\"$myrule{action}\"" if wantsdebug(qw[ all thisrequest verbose config ]);
 		};
 	    };
 	    alarm($prevalert) if $config_timeout;
@@ -771,7 +779,7 @@ sub read_config_file {
 	unless (open ($fh, "<$myfile")) {
 		warn "error: could not open ".$myfile." - $! - file will be ignored";
 	} else {
-		mylogs $syslog_priority, "reading file $myfile" if wantsdebug(qw[ all thisrequest verbose config ]);
+		log_info "reading file $myfile" if wantsdebug(qw[ all thisrequest verbose config ]);
 		while (<$fh>) {
 			chomp;
 			s/(\"|#.*)//g;
@@ -786,12 +794,12 @@ sub read_config_file {
 			$mybuffer = "";
 		};
 		map {
-			mylogs $syslog_priority, "parsing line: '$_'" if wantsdebug(qw[ all thisrequest config ]);
+			log_info "parsing line: '$_'" if wantsdebug(qw[ all thisrequest config ]);
 			%myrule = parse_config_line ($forced_reload, $myfile, $., ($#myruleset+$myindex+1), $_);
 			push ( @myruleset, { %myrule } ) if (%myrule);
 		} @lines;
 		close ($fh);
-		mylogs $syslog_priority, "loaded: Rules $myindex - ".($myindex + $#myruleset)." from file \"$myfile\"" if wantsdebug(qw[ all thisrequest verbose config ]);
+		log_info "loaded: Rules $myindex - ".($myindex + $#myruleset)." from file \"$myfile\"" if wantsdebug(qw[ all thisrequest verbose config ]);
 	};
     };
     return @myruleset;
@@ -832,17 +840,17 @@ sub read_config {
 	};
     };
     if ($#Rules < 0) {
-	mylogs 'warning', "critical: no rules found - i feel useless (have you set -f or -r?)";
+	log_warn "critical: no rules found - i feel useless (have you set -f or -r?)";
     } else {
 	# update Rule by ID hash
 	map { $Rule_by_ID{$Rules[$_]{$COMP_ID}} = $_ } (0 .. $#Rules);
 	if (@Rate_Items) {
 		@Rate_Items = uniq(@Rate_Items);
-		mylogs $syslog_priority, "rate items: ".(join ', ', @Rate_Items) if wantsdebug(qw[ all thisrequest verbose config rates ]);
+		log_info "rate items: ".(join ', ', @Rate_Items) if wantsdebug(qw[ all thisrequest verbose config rates ]);
 		# disable request cache with ratelimits unless --fast_limit_evaluation is set
 		unless ($opt_fast_limits) {
 			$REQUEST_MAX_CACHE = 0;
-			mylogs "notice", "disabling request cache due to ratelimits in configuration. may be changed with the --fast_limit_evaluation option"
+			log_note "disabling request cache due to ratelimits in configuration. may be changed with the --fast_limit_evaluation option"
 				if wantsdebug (qw[ all thisrequest verbose ]);
 		};
 	};
@@ -881,12 +889,13 @@ sub show_config {
 #
 sub save_rates {
     return unless ($STORABLE and $opt_saverates and %Rates);
+    cleanup_rate_cache(time());
     umask oct('0177');
     eval { store (\%Rates, $opt_saverates) };
     if ( $@ ) {
-	mylogs 'notice', "ERROR: Could not store rate limits to ".$opt_saverates." ('$!': '@_')";
+	log_note "ERROR: Could not store rate limits to ".$opt_saverates." ('$!': '@_')";
     } else {
-	mylogs $syslog_priority, "Saved ".(scalar %Rates)." rates to ".$opt_saverates
+	log_info "Saved ".(scalar %Rates)." rates to ".$opt_saverates
 		if wantsdebug(qw[ all verbose rates loadrates saverates ]);
     };
     umask oct($net_umask);
@@ -898,10 +907,11 @@ sub load_rates {
     return unless ($STORABLE and $opt_saverates and (-f $opt_saverates));
     eval { %Rates = %{ retrieve($opt_saverates) } };
     if ( $@ ) {
-	mylogs 'notice', "Could not load rate limits from ".$opt_saverates." ('$!': '@_')";
+	log_note "Could not load rate limits from ".$opt_saverates." ('$!': '@_')";
     } else {
-	mylogs $syslog_priority, "Fetched ".(scalar %Rates)." rates from ".$opt_saverates
+	log_info "Fetched ".(scalar %Rates)." rates from ".$opt_saverates
 		if wantsdebug(qw[ all verbose rates loadrates saverates ]);
+    	cleanup_rate_cache(time());
     };
 };
 
@@ -945,7 +955,7 @@ sub rbl_read_dns {
 			if ( exists($DNS_Cache{$que}) ) {
 				if ($typ eq 'A') {
 					$ttl = ( $DNS_Cache{$que}{ttl} > ($ttl||=0) ) ? $DNS_Cache{$que}{ttl} : $ttl;
-					mylogs $syslog_priority, "[DNSBL] object "
+					log_info "[DNSBL] object "
 						.( ($DNS_Cache{$que}{type} eq $COMP_RBL_KEY)
 							? join(".", reverse(split(/\./,$DNS_Cache{$que}{value})))
 							: $DNS_Cache{$que}{value} )
@@ -967,12 +977,12 @@ sub rbl_read_dns {
 					$DNS_Cache{$que}{ttl}  = $ttl unless $DNS_Cache{$que}{ttl};
 				};
 			} else {
-				mylogs "notice", "[DNSBL] ignoring unknown query $que";
+				log_note "[DNSBL] ignoring unknown query $que";
 			};
 		};
 	};
     } else {
-	mylogs "notice", "[DNSBL] dns timeout";
+	log_note "[DNSBL] dns timeout";
     };
     return $que if (@addrs || $res);
 };
@@ -1007,7 +1017,7 @@ sub rbl_prepare_lookups {
 		ANSWER: foreach (@{$DNS_Cache{$myquery}{A}}) {
 			last ANSWER if $myresult = ( $_ =~ /$myrblans/ );
 		};
-		mylogs $syslog_priority, "[DNSQUERY] cached $mytype: $myrbl $myval ($myquery) - answer: \'".(join ", ", @{$DNS_Cache{$myquery}{A}})."\'"
+		log_info "[DNSQUERY] cached $mytype: $myrbl $myval ($myquery) - answer: \'".(join ", ", @{$DNS_Cache{$myquery}{A}})."\'"
 			if ( ($myresult and wantsdebug(qw[ verbose ])) or (wantsdebug(qw[ all thisrequest ])) );
 
 	# not found -> prepare dns query
@@ -1020,7 +1030,7 @@ sub rbl_prepare_lookups {
 			value		=> $myval,
 			type		=> $mytype,
 		};
-		mylogs $syslog_priority, "[DNSQUERY] query $mytype:  $myrbl $myval ($myquery)" if (wantsdebug(qw[ all thisrequest ]));
+		log_info "[DNSQUERY] query $mytype:  $myrbl $myval ($myquery)" if (wantsdebug(qw[ all thisrequest ]));
 		push @lookups, $myquery;
 	};
     };
@@ -1049,7 +1059,7 @@ sub rbl_check {
     if ( $myresult ) {
 	ANSWER: foreach (@{$DNS_Cache{$myquery}{A}}) {
 		if ( $myresult = ( ($_) and ($_ =~ /$myrblans/)) ) {
-			mylogs $syslog_priority, "[DNSBL] query $myval listed on "
+			log_info "[DNSBL] query $myval listed on "
 				.uc($mytype).":$myrbl (answer: ".(join ", ", @{$DNS_Cache{$myquery}{A}})
 				.", cached: ".ts($now - $DNS_Cache{$myquery}{"time"})."s ago)"
 				if wantsdebug(qw[ all thisrequest verbose ]);
@@ -1067,7 +1077,7 @@ sub rbl_check {
 sub dns_query {
     my (@queries) = @_; undef my @result;
     eval {
-	local $SIG{__DIE__} = sub { mylogs 'notice', "dns err: \"$!\", detail: \"@_\""; return if $^S; };
+	local $SIG{__DIE__} = sub { log_note "dns err: \"$!\", detail: \"@_\""; return if $^S; };
 	@result = dns_query_net_dns(@queries);
     };
     return @result;
@@ -1091,10 +1101,10 @@ sub dns_query_net_dns {
         # query child cache
         if ( (defined $DNS_Cache{$item}{$type}) and (defined $DNS_Cache{$item}{'until'}) and ($DNS_Cache{$item}{'until'} >= time()) ) {
             $DNS_Cache{$item}{$type} = [ $DNS_Cache{$item}{$type} ] unless (ref $DNS_Cache{$item}{$type} eq 'ARRAY');
-            mylogs $syslog_priority, "dnsccache: item=$item, type=$type -> ".(join ',', @{$DNS_Cache{$item}{$type}})." (ttl: ".($DNS_Cache{$item}{ttl} || 0).")" if (wantsdebug(qw[ all thisrequest verbose ]));
+            log_info "dnsccache: item=$item, type=$type -> ".(join ',', @{$DNS_Cache{$item}{$type}})." (ttl: ".($DNS_Cache{$item}{ttl} || 0).")" if (wantsdebug(qw[ all thisrequest verbose ]));
             push @result, @{$DNS_Cache{$item}{$type}};
 	} else {
-            mylogs $syslog_priority, "dnsquery: item=$item, type=$type" if (wantsdebug(qw[ all thisrequest verbose ]));
+            log_info "dnsquery: item=$item, type=$type" if (wantsdebug(qw[ all thisrequest verbose ]));
 	    $bgsock = $dns->bgsend ($item, $type);
 	    $ownsel->add($bgsock);
 	    $ownsock{$bgsock} = $item.','.$type;
@@ -1113,7 +1123,7 @@ sub dns_query_net_dns {
 		    # sort MX records by preference
 		    @rrs = sort { $a->preference <=> $b->preference } @rrs if ($type eq 'MX');
 		    foreach my $rr (@rrs) {
-			mylogs $syslog_priority, "dnsanswer: item=$item, type=$type -> $rname=".$rr->$rname." (ttl: ".$rr->ttl.")" if wantsdebug(qw[ all thisrequest verbose ]);
+			log_info "dnsanswer: item=$item, type=$type -> $rname=".$rr->$rname." (ttl: ".$rr->ttl.")" if wantsdebug(qw[ all thisrequest verbose ]);
 			push @ans, $rr->$rname;
 		    };
 		    push @result, @ans;
@@ -1131,7 +1141,7 @@ sub dns_query_net_dns {
 	};
     };
     # show timeouts
-    map { mylogs 'notice', "dnsquery: timeout for $_ after $dns_timeout seconds" } (values %ownsock);
+    map { log_note "dnsquery: timeout for $_ after $dns_timeout seconds" } (values %ownsock);
     return @result;
 };
 
@@ -1172,12 +1182,12 @@ sub postfwd_items {
     my(%request) = @_;
     my(%result) = ();
     foreach (sort keys %postfwd_items) {
-	mylogs $syslog_priority, "[PLUGIN] executing postfwd-item ".$_
+	log_info "[PLUGIN] executing postfwd-item ".$_
 		if (wantsdebug(qw[ all thisrequest ]));
 	%result = (%result, &{$postfwd_items{$_}}((%request,%result)))
 		if (defined $postfwd_items{$_});
     };
-    map { $result{$_} = '' unless $result{$_}; mylogs $syslog_priority, "[PLUGIN]  Added key: $_=$result{$_}" if (wantsdebug(qw[ all thisrequest ])) } (keys %result);
+    map { $result{$_} = '' unless (defined $result{$_}); log_info "[PLUGIN]  Added key: $_=$result{$_}" if (wantsdebug(qw[ all thisrequest ])) } (keys %result);
     return %result;
 };
 #
@@ -1188,7 +1198,7 @@ sub postfwd_items {
 	"cidr" => sub {
 		my($cmp,$val,$myitem,%request) = @_;
 		my($myresult) = ($val and $myitem);
-		mylogs $syslog_priority, "type cidr :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+		log_info "type cidr :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 		if ($myresult) {
 			# always true
 			$myresult = ($val eq '0.0.0.0/0');
@@ -1199,7 +1209,7 @@ sub postfwd_items {
 					$val .= '/32' unless ($val =~ /\/\d{1,2}$/);
 					$myresult = cidr_match((cidr_parse($val)),$myitem);
 				} else {
-					mylogs $syslog_priority, "Non IPv4 address. Using type default" if (wantsdebug(qw[ all thisrequest ]));
+					log_info "Non IPv4 address. Using type default" if (wantsdebug(qw[ all thisrequest ]));
 					return &{$postfwd_compare{default}}($cmp,$val,$myitem,%request);
 				};
 			};
@@ -1210,7 +1220,7 @@ sub postfwd_items {
 	"numeric" => sub {
 		my($cmp,$val,$myitem,%request) = @_;
 		my($myresult) = undef;
-		mylogs $syslog_priority, "type numeric :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+		log_info "type numeric :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 		$myitem ||= "0"; $val ||= "0";
 		if ($cmp eq '==') {
 			$myresult = ($myitem == $val);
@@ -1218,6 +1228,10 @@ sub postfwd_items {
 			$myresult = ($myitem <= $val);
 		} elsif ($cmp eq '=>') {
 			$myresult = ($myitem >= $val);
+                } elsif ($cmp eq '<') {
+                        $myresult = ($myitem < $val);
+                } elsif ($cmp eq '>') {
+                        $myresult = ($myitem > $val);
 		} elsif ($cmp eq '!=') {
 			$myresult = not($myitem == $val);
 		} elsif ($cmp eq '!<') {
@@ -1232,7 +1246,7 @@ sub postfwd_items {
 	$COMP_RBL_KEY => sub {
 		my($cmp,$val,$myitem,%request) = @_;
 		my($myresult) = not($opt_nodns);
-		mylogs $syslog_priority, "type rbl :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+		log_info "type rbl :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 		$myresult = ( rbl_check ($COMP_RBL_KEY, $val, $myitem) ) if $myresult;
 		$myresult = not($myresult) if ($cmp eq '!=');
 		return $myresult;
@@ -1240,7 +1254,7 @@ sub postfwd_items {
 	$COMP_RHSBL_KEY => sub {
 		my($cmp,$val,$myitem,%request) = @_;
 		my($myresult) = not($opt_nodns);
-		mylogs $syslog_priority, "type rhsbl :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+		log_info "type rhsbl :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 		$myresult = ( rbl_check ($COMP_RHSBL_KEY, $val, $myitem) ) if $myresult;
 		$myresult = not($myresult) if ($cmp eq '!=');
 		return $myresult;
@@ -1252,7 +1266,7 @@ sub postfwd_items {
 		my($rmin,$rmax) = split (/\s*-\s*/, $val);
 		$rmin = ($rmin) ? (($rmin =~ /^\d$/) ? $rmin : $months{$rmin}) : $imon;
 		$rmax = ($rmax) ? (($rmax =~ /^\d$/) ? $rmax : $months{$rmax}) : (($val =~ /-/) ? $imon : $rmin);
-		mylogs $syslog_priority, "type months :  \"$imon\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
+		log_info "type months :  \"$imon\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
 			if (wantsdebug(qw[ all thisrequest ]));
 		$myresult = (($rmin <= $imon) and ($rmax >= $imon));
 		$myresult = not($myresult) if ($cmp eq '!=');
@@ -1265,7 +1279,7 @@ sub postfwd_items {
 		my($rmin,$rmax) = split (/\s*-\s*/, $val);
 		$rmin = ($rmin) ? (($rmin =~ /^\d$/) ? $rmin : $weekdays{$rmin}) : $iday;
 		$rmax = ($rmax) ? (($rmax =~ /^\d$/) ? $rmax : $weekdays{$rmax}) : (($val =~ /-/) ? $iday : $rmin);
-		mylogs $syslog_priority, "type days :  \"$iday\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
+		log_info "type days :  \"$iday\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
 			if (wantsdebug(qw[ all thisrequest ]));
 		$myresult = (($rmin <= $iday) and ($rmax >= $iday));
 		$myresult = not($myresult) if ($cmp eq '!=');
@@ -1279,7 +1293,7 @@ sub postfwd_items {
 		my($idat) = ($iyear + 1900) . ((($imon+1) < 10) ? '0'.($imon+1) : ($imon+1)) . (($iday < 10) ? '0'.$iday : $iday);
 		$rmin = ($rmin) ? join ('', reverse split ('\.', $rmin)) : $idat;
 		$rmax = ($rmax) ? join ('', reverse split ('\.', $rmax)) : (($val =~ /-/) ? $idat : $rmin);
-		mylogs $syslog_priority, "type date :  \"$idat\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
+		log_info "type date :  \"$idat\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
 			if (wantsdebug(qw[ all thisrequest ]));
 		$myresult = (($rmin <= $idat) and ($rmax >= $idat));
 		$myresult = not($myresult) if ($cmp eq '!=');
@@ -1293,7 +1307,7 @@ sub postfwd_items {
 		my($idat) = (($ihour < 10) ? '0'.$ihour : $ihour) . (($imin < 10) ? '0'.$imin : $imin) . (($isec < 10) ? '0'.$isec : $isec);
 		$rmin = ($rmin) ? join ('', split ('\:', $rmin)) : $idat;
 		$rmax = ($rmax) ? join ('', split ('\:', $rmax)) : (($val =~ /-/) ? $idat : $rmin);
-		mylogs $syslog_priority, "type time :  \"$idat\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
+		log_info "type time :  \"$idat\"  \"$cmp\"  \"$rmin\"-\"$rmax\""
 			if (wantsdebug(qw[ all thisrequest ]));
 		$myresult = (($rmin <= $idat) and ($rmax >= $idat));
 		$myresult = not($myresult) if ($cmp eq '!=');
@@ -1305,7 +1319,7 @@ sub postfwd_items {
 		return $myresult if $opt_nodns;
 		return $myresult unless $myitem =~ /\./;
 		if ( my @answers = dns_query ("$myitem,A") ) {
-			mylogs $syslog_priority, "type $COMP_HELO_ADDR : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+			log_info "type $COMP_HELO_ADDR : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 			map { $myresult = ( &{$postfwd_compare{cidr}}(($cmp,$val,$_,%request)) ); return $myresult if $myresult } @answers;
 		};
 		return $myresult;
@@ -1316,7 +1330,7 @@ sub postfwd_items {
 		return $myresult if $opt_nodns;
 		return $myresult unless $myitem =~ /\./;
 		if ( my @answers = dns_query ("$myitem,NS") ) {
-			mylogs $syslog_priority, "type $COMP_NS_NAME : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+			log_info "type $COMP_NS_NAME : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 			map { $myresult = ( &{$postfwd_compare{default}}(($cmp,$val,$_,%request)) ); return $myresult if $myresult } @answers;
 		} else {
 			$myresult = ( &{$postfwd_compare{default}}(($cmp,$val,'',%request)) );
@@ -1329,7 +1343,7 @@ sub postfwd_items {
 		return $myresult if $opt_nodns;
 		return $myresult unless $myitem =~ /\./;
 		if ( my @answers = dns_query ("$myitem,MX") ) {
-			mylogs $syslog_priority, "type $COMP_MX_NAME : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+			log_info "type $COMP_MX_NAME : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 			map { $myresult = ( &{$postfwd_compare{default}}(($cmp,$val,$_,%request)) ); return $myresult if $myresult } @answers;
 		} else {
 			$myresult = ( &{$postfwd_compare{default}}(($cmp,$val,'',%request)) );
@@ -1344,7 +1358,7 @@ sub postfwd_items {
 		if ( my @answers = dns_query ("$myitem,NS") ) {
 			splice (@answers, $opt_max_ns_lookups) if $opt_max_ns_lookups and $#answers > $opt_max_ns_lookups;
 			if ( @answers = dns_query (@answers) ) {
-				mylogs $syslog_priority, "type $COMP_NS_ADDR : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+				log_info "type $COMP_NS_ADDR : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 				map { $myresult = ( &{$postfwd_compare{cidr}}(($cmp,$val,$_,%request)) ); return $myresult if $myresult } @answers;
 			};
 		};
@@ -1358,7 +1372,7 @@ sub postfwd_items {
 		if ( my @answers = dns_query ("$myitem,MX") ) {
 			splice (@answers, $opt_max_mx_lookups) if $opt_max_mx_lookups and $#answers > $opt_max_mx_lookups;
 			if ( @answers = dns_query (@answers) ) {
-				mylogs $syslog_priority, "type $COMP_MX_ADDR : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+				log_info "type $COMP_MX_ADDR : \"".(join ',', @answers)."\" \"$cmp\" \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 				map { $myresult = ( &{$postfwd_compare{cidr}}(($cmp,$val,$_,%request)) ); return $myresult if $myresult } @answers;
 			};
 		};
@@ -1367,7 +1381,7 @@ sub postfwd_items {
 	"default" => sub {
 		my($cmp,$val,$myitem,%request) = @_;
 		my($var,$myresult) = undef;
-		mylogs $syslog_priority, "type default :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+		log_info "type default :  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 		# backward compatibility
 		$cmp = '==' if ( ($var) and ($cmp eq '=') );
 		if ($cmp eq '==') {
@@ -1376,10 +1390,14 @@ sub postfwd_items {
 			$myresult = not( lc($myitem) eq lc($val) ) if $myitem;
 		} elsif ($cmp eq '=<') {
 			$myresult = (($myitem || 0) <= $val);
+		} elsif ($cmp eq '<') {
+			$myresult = (($myitem || 0) < $val);
 		} elsif ($cmp eq '!<') {
 			$myresult = not(($myitem || 0) <= $val);
 		} elsif ($cmp eq '=>') {
 			$myresult = (($myitem || 0) >= $val);
+		} elsif ($cmp eq '>') {
+			$myresult = (($myitem || 0) > $val);
 		} elsif ($cmp eq '!>') {
 			$myresult = not(($myitem || 0) >= $val);
 		} elsif ($cmp eq '=~') {
@@ -1420,7 +1438,7 @@ sub postfwd_items {
 		my($myaction) = $default_action; my($stop) = 0;
 		if (defined $Rule_by_ID{$myarg}) {
 			my($ruleno) = $Rule_by_ID{$myarg};
-			mylogs $syslog_priority, "[RULES] ".$myline
+			log_info "[RULES] ".$myline
 				.", jump to rule $ruleno (id $myarg)"
 				if wantsdebug(qw[ all thisrequest verbose ]);
 			$index = $ruleno - 1;
@@ -1442,21 +1460,21 @@ sub postfwd_items {
 					$m_val = $r_val;
 				} elsif ( ($mod eq '.=') or ($mod eq '=.') ) {
 					$m_val .= $r_val;
-				} elsif ( (($mod eq '+=') or ($mod eq '=+')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '+=') or ($mod eq '=+')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val += $r_val;
-				} elsif ( (($mod eq '-=') or ($mod eq '=-')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '-=') or ($mod eq '=-')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val -= $r_val;
-				} elsif ( (($mod eq '*=') or ($mod eq '=*')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '*=') or ($mod eq '=*')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val *= $r_val;
-				} elsif ( (($mod eq '/=') or ($mod eq '=/')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '/=') or ($mod eq '=/')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val /= (($r_val == 0) ? 1 : $r_val);
 				} else {
 					$m_val = $r_val;
 				};
 				$m_val = $1.($2 || '').($3 || '') if ( $m_val =~ /^(\-?\d+)([\.,]\d+)?(.*)$/ );
 				(defined $request{$r_var})
-					? mylogs "notice", "[RULES] ".$myline.", redefining existing ".$r_var."=".$request{$r_var}." with ".$r_var."=".$m_val
-					: mylogs $syslog_priority, "[RULES] ".$myline.", defining ".$r_var."=".$m_val
+					? log_note "[RULES] ".$myline.", redefining existing ".$r_var."=".$request{$r_var}." with ".$r_var."=".$m_val
+					: log_info "[RULES] ".$myline.", defining ".$r_var."=".$m_val
 					if wantsdebug(qw[ all thisrequest verbose ]);
 				$request{$r_var} = $m_val;
 			} else {
@@ -1471,7 +1489,7 @@ sub postfwd_items {
 		my($myaction) = $default_action; my($stop) = 0;
 		my($score) = (defined $request{request_score}) ? $request{request_score} : 0;
 		if ($myarg =~/^([\+\-\*\/\=]?)(\d+)([\.,](\d+))?$/) {
-			my($mod, $val) = ($1, $2 + ((defined $4) ? ($4 / 10) : 0));
+			my($mod, $val) = ($1, $2 + ((defined $4) ? "0.$4" : 0));
 			if ($mod eq '-') {
 				$score -= $val;
 			} elsif ($mod eq '*') {
@@ -1484,7 +1502,7 @@ sub postfwd_items {
 				$score += $val;
 			};
 			$score = $1.((defined $2) ? $2 : '.0') if ( $score =~ /^(\-?\d+)([\.,]\d\d?)?/ );
-			mylogs $syslog_priority, "[SCORE] ".$myline.", modifying score about ".$myarg." points to ". $score
+			log_info "[SCORE] ".$myline.", modifying score about ".$myarg." points to ". $score
 				if wantsdebug(qw[ all thisrequest verbose ]);
 			$request{score} = $request{request_score} = $score;
 		} elsif ($myarg) {
@@ -1515,7 +1533,7 @@ sub postfwd_items {
 		);
 		if ( my $socket = IO::Socket::INET->new(
 			PeerAddr => $mserver,
-			PeerPort => ($mport || 25),
+			PeerPort => ($mport ||= 25),
 			Proto    => 'tcp',
 			Timeout  => 30,
 			Type     => SOCK_STREAM,
@@ -1525,9 +1543,27 @@ sub postfwd_items {
 				last SMTP unless $res =~ /^[23][0-9][0-9] /;
 			};
 			close($socket);
-			mylogs $syslog_priority, "[MAIL] ".$myline.", mail server=<$mserver:$mport>, from=<$mfrom>, to=<$mto>, subject=<$msubject>, status=<$res>";
+			log_info "[MAIL] ".$myline.", mail server=<$mserver:$mport>, from=<$mfrom>, to=<$mto>, subject=<$msubject>, status=<$res>";
 		} else {
-			mylogs 'notice', "[MAIL] ".$myline.", could not open socket to $mserver:$mport: '$!'";
+			log_note "[MAIL] ".$myline.", could not open socket to $mserver:$mport: '$!'";
+		};
+		return ($stop,$index,$myaction,$myline,%request);
+	},
+	# sendmail()
+	"sendmail" => sub {
+		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
+		my($myaction) = $default_action; my($stop) = 0;
+		my($mcmd,$mfrom,$mto,$msubject,$mbody) = split '::', $myarg, 5;
+		my($msg) = "From: $mfrom\nTo: $mto\nSubject: $msubject\n\n$mbody\n";
+		if ( (-x $mcmd) and open (SM, "| $mcmd -i -f $mfrom $mto") ) {
+			if ( print SM "$msg" ) {
+				log_info "[SENDMAIL] ".$myline.", $mcmd from=<$mfrom>, to=<$mto>, subject=<$msubject>";
+			} else {
+				log_note "[SENDMAIL] ".$myline.", could not print to $mcmd pipe: '$!'";
+			};
+			close(SM);
+		} else {
+			log_note "[SENDMAIL] ".$myline.", could not open pipe to $mcmd: '$!'";
 		};
 		return ($stop,$index,$myaction,$myline,%request);
 	},
@@ -1536,11 +1572,17 @@ sub postfwd_items {
 		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
 		my($myaction) = $default_action; my($stop) = 0;
 		my($ratetype,$ratecount,$ratetime,$ratecmd) = split "/", $myarg, 4;
-		my($rcount) =  ( ($mycmd eq 'size') ? $request{size} : (($mycmd eq 'rcpt') ? $request{recipient_count} : 1 ) );
+		my($rcount) =  ( ($mycmd =~ /^size/) ? $request{size} : (($mycmd =~ /^rcpt/) ? $request{recipient_count} : 1 ) );
 		if ($ratetype and $ratecount and $ratetime and $ratecmd and $rcount) {
 		  my $crate = $Rules[$index]{$COMP_ID}.'+'.$ratecount.'_'.$ratetime;
 		  if ( defined $request{$ratetype} ) {
-			$ratetype .= "=".$request{$ratetype};
+			my $r = $request{$ratetype};
+			unless ($mycmd =~ /5321$/) {
+				$r = lc($r);
+			} else {
+				$r = ($r =~ /^([^@]+)@(\S+)$/) ? $1.'@'.lc($2) : lc($r);
+			};
+			$ratetype .= "=".$r;
 			unless ( defined $Rates{$ratetype}{$crate} ) {
 				 # create rate object
 				push @{$Rates{$ratetype}{'list'}}, $crate;
@@ -1554,7 +1596,7 @@ sub postfwd_items {
 					'rule'		=> $Rules[$index]{$COMP_ID},
 					'action'	=> $ratecmd,
 				};
-				mylogs $syslog_priority, "[RATES] ".$myline
+				log_info "[RATES] ".$myline
 					.", creating rate object ".$ratetype
 					." [type: ".$mycmd.", max: ".$ratecount.", time: ".$ratetime."s]"
 					if (wantsdebug(qw[ all thisrequest rates ]));
@@ -1564,7 +1606,7 @@ sub postfwd_items {
 					$Rates{$ratetype}{$crate}{'count'} = $rcount;
 					$Rates{$ratetype}{$crate}{'time'}  = $now;
 					$Rates{$ratetype}{$crate}{'until'} = $now + $Rates{$ratetype}{$crate}{ttl};
-					mylogs $syslog_priority, "[RATES] ".$myline
+					log_info "[RATES] ".$myline
 						.", renewing rate object '".$ratetype."/".$crate."'"
 						." [type: ".$Rates{$ratetype}{$crate}{type}
 						.", max: ".$Rates{$ratetype}{$crate}{maxcount}
@@ -1573,7 +1615,7 @@ sub postfwd_items {
 				} elsif (not (($rcount+=$Rates{$ratetype}{$crate}{count}) > $Rates{$ratetype}{$crate}{maxcount})) {
 					# increase rate
 					$Rates{$ratetype}{$crate}{count} = $rcount;
-					mylogs $syslog_priority, "[RATES] ".$myline
+					log_info "[RATES] ".$myline
 						.", increasing rate object '".$ratetype."/".$crate."'"
 						." to ".$Rates{$ratetype}{$crate}{count}
 						." [type: ".$Rates{$ratetype}{$crate}{type}
@@ -1591,10 +1633,10 @@ sub postfwd_items {
 				$myline .= ", rate=".$Rates{$ratetype}{$crate}{type}."/".$rcount."/".ts($now - $Rates{$ratetype}{$crate}{'time'})."s";
 			};
 		  } else {
-			mylogs $syslog_priority, "[RULES] ".$myline.", ignoring empty index for ".$mycmd." limit '".$ratetype."'" if (wantsdebug(qw[ all thisrequest ]));
+			log_info "[RULES] ".$myline.", ignoring empty index for ".$mycmd." limit '".$ratetype."'" if (wantsdebug(qw[ all thisrequest ]));
 		  };
 		} else {
-			mylogs "notice", "[RULES] ".$myline.(($rcount) ? ", ignoring unknown ".$mycmd."() attribute \'".$myarg."\'" : ", ignoring empty counter");
+			log_note "[RULES] ".$myline.(($rcount) ? ", ignoring unknown ".$mycmd."() attribute \'".$myarg."\'" : ", ignoring empty counter");
 		};
 		return ($stop,$index,$myaction,$myline,%request);
 	},
@@ -1602,11 +1644,17 @@ sub postfwd_items {
 	"size"	=> sub { return &{$postfwd_actions{rate}}(@_); },
 	# rcpt() command
 	"rcpt"	=> sub { return &{$postfwd_actions{rate}}(@_); },
+	# rate() command, according to rfc5321 case-sensivity
+	"rate5321"	=> sub { return &{$postfwd_actions{rate}}(@_); },
+	# rcpt() command, according to rfc5321 case-sensivity
+	"rcpt5321"	=> sub { return &{$postfwd_actions{rate}}(@_); },
+	# size() command, according to rfc5321 case-sensivity
+	"size5321"	=> sub { return &{$postfwd_actions{rate}}(@_); },
 	# wait() command
 	"wait"	=> sub {
 		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
 		my($myaction) = $default_action; my($stop) = 0;
-		mylogs $syslog_priority, "[RULES] ".$myline.", delaying for $myarg seconds";
+		log_info "[RULES] ".$myline.", delaying for $myarg seconds";
 		sleep $myarg;
 		return ($stop,$index,$myaction,$myline,%request);
 	},
@@ -1614,14 +1662,14 @@ sub postfwd_items {
 	"note"	=> sub {
 		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
 		my($myaction) = $default_action; my($stop) = 0;
-		mylogs $syslog_priority, "[RULES] ".$myline." - note: ".$myarg if $myarg;
+		log_info "[RULES] ".$myline." - note: ".$myarg if $myarg;
 		return ($stop,$index,$myaction,$myline,%request);
 	},
 	# debug() command
 	"debug"	=> sub {
 		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
 		my($myaction) = $default_action; my($stop) = 0;
-		mylogs $syslog_priority, "[RULES] ".$myline.", DEBUG=$myarg";
+		log_info "[RULES] ".$myline.", DEBUG=$myarg";
 		($myarg =~ /^(1|y(es)?|on)$/i) ? $DEBUG{thisrequest} = 1 : delete $DEBUG{thisrequest};
 		return ($stop,$index,$myaction,$myline,%request);
 	},
@@ -1693,9 +1741,9 @@ sub get_plugins {
 		map { delete $postfwd_items_plugin{$_}   unless ($_ and defined $postfwd_items_plugin{$_})   } (keys %postfwd_items_plugin);
 		map { delete $postfwd_compare_plugin{$_} unless ($_ and defined $postfwd_compare_plugin{$_}) } (keys %postfwd_compare_plugin);
 		map { delete $postfwd_actions_plugin{$_} unless ($_ and defined $postfwd_actions_plugin{$_}) } (keys %postfwd_actions_plugin);
-		map { mylogs "notice", "[PLUGIN] overriding prior item \'".$_."\'" 		if (defined $postfwd_items{$_})   } (keys %postfwd_items_plugin);
-		map { mylogs "notice", "[PLUGIN] overriding prior compare function \'".$_."\'" 	if (defined $postfwd_compare{$_}) } (keys %postfwd_compare_plugin);
-		map { mylogs "notice", "[PLUGIN] overriding prior action \'".$_."\'" 		if (defined $postfwd_actions{$_}) } (keys %postfwd_actions_plugin);
+		map { log_note "[PLUGIN] overriding prior item \'".$_."\'" 		if (defined $postfwd_items{$_})   } (keys %postfwd_items_plugin);
+		map { log_note "[PLUGIN] overriding prior compare function \'".$_."\'" 	if (defined $postfwd_compare{$_}) } (keys %postfwd_compare_plugin);
+		map { log_note "[PLUGIN] overriding prior action \'".$_."\'" 		if (defined $postfwd_actions{$_}) } (keys %postfwd_actions_plugin);
 		%postfwd_items   = ( %postfwd_items, %postfwd_items_plugin )     if %postfwd_items_plugin;
 		%postfwd_compare = ( %postfwd_compare, %postfwd_compare_plugin ) if %postfwd_compare_plugin;
 		%postfwd_actions = ( %postfwd_actions, %postfwd_actions_plugin ) if %postfwd_actions_plugin;
@@ -1706,7 +1754,7 @@ sub get_plugins {
 			if %postfwd_compare_plugin;
 		$pluginlog .= " actions: \"".(join ", ", (sort keys %postfwd_actions_plugin))."\""
 			if %postfwd_actions_plugin;
-		mylogs $syslog_priority, $pluginlog;
+		log_info $pluginlog;
 	};
     };
 };
@@ -1732,30 +1780,30 @@ sub compare_item {
     # now compare request to every single item
     ITEM: foreach (@items) {
 	($cmp, $val) = split ";";
-	next ITEM unless ($cmp and $val and $mykey);
+	next ITEM unless ($cmp and (defined $val) and $mykey);
 	# prepare_file
 	if ($val =~ /$COMP_LIVE_FILE_TABLE/) {
 		push @items, prepare_file (0, $1, $cmp, $2);
 		next ITEM;
 	};
-	mylogs $syslog_priority, "compare $mykey:  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
+	log_info "compare $mykey:  \"$myitem\"  \"$cmp\"  \"$val\"" if (wantsdebug(qw[ all thisrequest ]));
 	$val = $neg if ($neg = deneg_item($val));
-	mylogs $syslog_priority, "deneg $mykey:  \"$myitem\"  \"$cmp\"  \"$val\"" if ($neg and (wantsdebug(qw[ all thisrequest ])));
-	next ITEM unless $val;
+	log_info "deneg $mykey:  \"$myitem\"  \"$cmp\"  \"$val\"" if ($neg and (wantsdebug(qw[ all thisrequest ])));
+	next ITEM unless (defined $val);
 	# substitute check for $$vars in rule item
 	if ( $var = devar_item ($cmp,$val,$myitem,%request) ) {
 		$val = $var; $val =~ s/([^-_@\.\w\s])/\\$1/g unless ($cmp eq '==');
 	};
 	$myresult = &{$postfwd_compare{$postfwd_compare_proc}}($cmp,$val,$myitem,%request);
-	mylogs $syslog_priority, "match $mykey:  ".($myresult ? "TRUE" : "FALSE") if (wantsdebug(qw[ all thisrequest ]));
+	log_info "match $mykey:  ".($myresult ? "TRUE" : "FALSE") if (wantsdebug(qw[ all thisrequest ]));
 	if ($neg) {
 		$myresult = not($myresult);
-		mylogs $syslog_priority, "negate match $mykey:  ".($myresult ? "TRUE" : "FALSE") if (wantsdebug(qw[ all thisrequest ]));
+		log_info "negate match $mykey:  ".($myresult ? "TRUE" : "FALSE") if (wantsdebug(qw[ all thisrequest ]));
 	};
 	$rcount++ if $myresult;
 	$myresult = not($mymin eq 'all');
 	$myresult = ( $rcount >= $mymin ) if $myresult;
-	mylogs $syslog_priority, "count $mykey:  request=$rcount  minimum: $mymin  result: ".($myresult ? "TRUE" : "FALSE") if (wantsdebug(qw[ all thisrequest ]));
+	log_info "count $mykey:  request=$rcount  minimum: $mymin  result: ".($myresult ? "TRUE" : "FALSE") if (wantsdebug(qw[ all thisrequest ]));
 	last ITEM if $myresult;
     };
     $myresult = $rcount if ($myresult or ($mymin eq 'all'));
@@ -1792,7 +1840,7 @@ sub compare_rule {
     my @ownready = ();
     my $bgsock = undef;
 
-    mylogs $syslog_priority, "[RULES] rule: $index, id: $Rules[$index]{$COMP_ID}, items: '".((@ruleitems) ? join ';', @ruleitems: '')."'" if (wantsdebug(qw[ all thisrequest ]));
+    log_info "[RULES] rule: $index, id: $Rules[$index]{$COMP_ID}, items: '".((@ruleitems) ? join ';', @ruleitems: '')."'" if (wantsdebug(qw[ all thisrequest ]));
 
     # COMPARE-ITEMS
     # check all non-dns items
@@ -1816,7 +1864,7 @@ sub compare_rule {
 			? $date
 			# default: compare against request attribute
 			: $request{$mykey};
-		$myresult[0] = ($res = compare_item($mykey, $Rules[$index]{$mykey}, $num, ($val || ''), %request)) ? ($myresult[0] + $res) : 0;
+		$myresult[0] = ($res = compare_item($mykey, $Rules[$index]{$mykey}, $num, ((defined $val) ? $val : ''), %request)) ? ($myresult[0] + $res) : 0;
 	};
 	last ITEM unless ($myresult[0] > 0);
     };
@@ -1828,7 +1876,7 @@ sub compare_rule {
     if ($hasdns and $myresult[0]) {
 
 	map { $timed .= (($timed) ? ", $_" : $_) if $Timeouts{$_} > $MAX_DNSBL_TIMEOUTS } (keys %Timeouts);
-	mylogs "notice", "[DNSQUERY] skipping rbls: $timed - too much timeouts" if $timed;
+	log_note "[DNSQUERY] skipping rbls: $timed - too much timeouts" if $timed;
 
 	push @queries, rbl_prepare_lookups ( $COMP_RBL_KEY, $request{reverse_address}, @{$Rules[$index]{$COMP_RBL_KEY}} )
 		if ( exists($Rules[$index]{$COMP_RBL_KEY}) and not($request{client_address} =~ /:/) );
@@ -1847,7 +1895,7 @@ sub compare_rule {
 	if ( @queries ) {
 		@queries = uniq(@queries);
 		foreach my $query (@queries) {
-			mylogs $syslog_priority, "[SENDDNS] sending query \'$query\'"
+			log_info "[SENDDNS] sending query \'$query\'"
 				if (wantsdebug(qw[ all thisrequest ]));
 			# send A query
 			$bgsock = $ownres->bgsend($query, 'A');
@@ -1860,7 +1908,7 @@ sub compare_rule {
 				$ownsock{$bgsock} = 'TXT:'.$query;
 			};
 		};
-		mylogs $syslog_priority, "[SENDDNS] rule: $index, id: $Rules[$index]{$COMP_ID}, lookups: ".($#queries + 1)
+		log_info "[SENDDNS] rule: $index, id: $Rules[$index]{$COMP_ID}, lookups: ".($#queries + 1)
 			if (wantsdebug(qw[ all thisrequest ]));
 	};
 
@@ -1900,9 +1948,9 @@ sub compare_rule {
 	# perform outstanding TXT queries unless --dns_async_txt is set
 	if (not($dns_async_txt) and @queries) {
 		@queries = uniq(@queries);
-		mylogs $syslog_priority, "[DNSBL] sending TXT queries for ".(join ',', @queries) if (wantsdebug(qw[ all thisrequest ]));
+		log_info "[DNSBL] sending TXT queries for ".(join ',', @queries) if (wantsdebug(qw[ all thisrequest ]));
 		foreach my $query (@queries) {
-			mylogs $syslog_priority, "[SENDDNS] sending TXT query \'$query\'" if (wantsdebug(qw[ all thisrequest ]));
+			log_info "[SENDDNS] sending TXT query \'$query\'" if (wantsdebug(qw[ all thisrequest ]));
 			# send TXT query
 			$bgsock = $ownres->bgsend($query, 'TXT');
 			$ownsel->add($bgsock);
@@ -2029,8 +2077,8 @@ sub compare_rule {
 	$myline  = "[RULES]  RULE: ".$index."  MATCHES: ".((($myresult[0] - 2) > 0) ? ($myresult[0] - 2) : 0);
 	$myline .= "  RBLCOUNT: ".$myresult[1] if ($myresult[1] > 0);
 	$myline .= "  RHSBLCOUNT: ".$myresult[2] if ($myresult[2] > 0);
-	$myline .= "  DNSBLTEXT: ".(join ("; ", @DNSBL_Text)) if ( (defined @DNSBL_Text) and (($myresult[1] > 0) or ($myresult[2] > 0)) );
-	mylogs $syslog_priority, $myline;
+	$myline .= "  DNSBLTEXT: ".(join ("; ", @DNSBL_Text)) if ( (@DNSBL_Text) and (($myresult[1] > 0) or ($myresult[2] > 0)) );
+	log_info $myline;
     };
     return @myresult;
 }
@@ -2073,7 +2121,7 @@ sub smtpd_access_policy {
     # clear dnsbl timeout counters
     if ( ($MAX_DNSBL_INTERVAL > 0) and (($now - $Cleanup_Timeouts) > $MAX_DNSBL_INTERVAL) ) {
 	undef %Timeouts;
-	mylogs $syslog_priority, "[CLEANUP] clearing dnsbl timeout counters" if wantsdebug(qw[ all thisrequest verbose ]);
+	log_info "[CLEANUP] clearing dnsbl timeout counters" if wantsdebug(qw[ all thisrequest verbose ]);
 	$Cleanup_Timeouts = $now;
     };
 
@@ -2083,11 +2131,11 @@ sub smtpd_access_policy {
 	$t3 = scalar keys %Rates;
 	cleanup_rate_cache($now);
 	$t2 = time();
-	mylogs $syslog_priority, "[CLEANUP] needed ".ts($t2 - $t1)
+	log_info "[CLEANUP] needed ".ts($t2 - $t1)
 		." seconds for rate cleanup of "
 		.($t3 - scalar keys %Rates)." out of ".$t3
 		." cached items after cleanup time ".$CLEANUP_RATE_CACHE."s"
-		if ( wantsdebug(qw[ all thisrequest verbose ]) or (($t2 - $t1) >= 1) );
+		if ( wantsdebug(qw[ all thisrequest verbose cleanup ]) or (($t2 - $t1) >= 1) );
 	$Cleanup_Rates = $t1;
     };
 
@@ -2095,7 +2143,7 @@ sub smtpd_access_policy {
     if (@Rate_Items and $opt_fast_limits) {
       RATES: foreach $checkreq (@Rate_Items) {
 	next RATES unless $request{$checkreq};
-	my $checkval = $checkreq."=".$request{$checkreq};
+	my $checkval = $checkreq."=".lc($request{$checkreq});
 	next RATES unless ( defined $Rates{$checkval} and defined $Rates{$checkval}{'list'} );
 	CRATE: foreach my $crate (@{$Rates{$checkval}{'list'}}) {
 		$rcount = ( ($Rates{$checkval}{$crate}{type} eq 'size') ? $request{size} :
@@ -2105,7 +2153,7 @@ sub smtpd_access_policy {
 			$Rates{$checkval}{$crate}{'count'} = $rcount;
 			$Rates{$checkval}{$crate}{'time'}  = $now;
 			$Rates{$checkval}{$crate}{'until'} = $now + $Rates{$checkval}{$crate}{ttl};
-			mylogs $syslog_priority, "[RATES] renewing rate object '".$checkval."/".$crate."'"
+			log_info "[RATES] renewing rate object '".$checkval."/".$crate."'"
 				." [type: ".$Rates{$checkval}{$crate}{type}
 				.", max: ".$Rates{$checkval}{$crate}{maxcount}
 				.", time: ".$Rates{$checkval}{$crate}{ttl}."s]"
@@ -2113,7 +2161,7 @@ sub smtpd_access_policy {
 		} elsif (not (($rcount+=$Rates{$checkval}{$crate}{count}) > $Rates{$checkval}{$crate}{maxcount})) {
 			# increase rate
 			$Rates{$checkval}{$crate}{count} = $rcount;
-			mylogs $syslog_priority, "[RATES] increasing rate object '".$checkval."/".$crate."'"
+			log_info "[RATES] increasing rate object '".$checkval."/".$crate."'"
 				." to ".$Rates{$checkval}{$crate}{count}
 				." [type: ".$Rates{$checkval}{$crate}{type}
 				.", max: ".$Rates{$checkval}{$crate}{maxcount}
@@ -2150,7 +2198,7 @@ sub smtpd_access_policy {
 			};
 		};
 	};
-	mylogs $syslog_priority, "created cache-id: $cacheid" if (wantsdebug(qw[ all thisrequest ]));
+	log_info "created cache-id: $cacheid" if (wantsdebug(qw[ all thisrequest ]));
 
     	# wipe out old cache entries
 	if ( (scalar keys %Request_Cache > 0) and (($now - $Cleanup_Requests) > $CLEANUP_REQUEST_CACHE) ) {
@@ -2158,11 +2206,11 @@ sub smtpd_access_policy {
 		$t3 = scalar keys %Request_Cache;
 		cleanup_request_cache($now);
 		$t2 = time();
-		mylogs $syslog_priority, "[CLEANUP] needed ".ts($t2 - $t1)
+		log_info "[CLEANUP] needed ".ts($t2 - $t1)
 			." seconds for request cleanup of "
 			.($t3 - scalar keys %Request_Cache)." out of ".$t3
 			." cached items after cleanup time ".$CLEANUP_REQUEST_CACHE."s"
-			if ( wantsdebug(qw[ all thisrequest verbose ]) or (($t2 - $t1) >= 1) );
+			if ( wantsdebug(qw[ all thisrequest verbose cleanup ]) or (($t2 - $t1) >= 1) );
 		$Cleanup_Requests = $t1;
 	};
     };
@@ -2175,7 +2223,7 @@ sub smtpd_access_policy {
 	$myaction = $Rates{$ratehit}{$rateitem}{action};
 	# substitute check for $$vars in action
 	$myaction = $var if ( $var = devar_item ("==",$myaction,"action",%request) );
-	mylogs $syslog_priority, "[RATES] rule=".$Rule_by_ID{$Rates{$ratehit}{$rateitem}{rule}}
+	log_info "[RATES] rule=".$Rule_by_ID{$Rates{$ratehit}{$rateitem}{rule}}
 		. ", id=".$Rates{$ratehit}{$rateitem}{rule}
 		. ( ($request{queue_id}) ? ", queue=".$request{queue_id} : '' )
 		. ", client=".$request{client_name}."[".$request{client_address}."]"
@@ -2200,7 +2248,7 @@ sub smtpd_access_policy {
 	$myaction = $Request_Cache{$cacheid}{$COMP_ACTION};
 	if ( $Request_Cache{$cacheid}{hit} and $Request_Cache{$cacheid}{$COMP_ID}) {
 		map { $Matches{$_}++ } (split ';', $Request_Cache{$cacheid}{hits}) if $Request_Cache{$cacheid}{hits};
-		mylogs $syslog_priority, "[CACHE] rule=".$Rule_by_ID{$Request_Cache{$cacheid}{$COMP_ID}}
+		log_info "[CACHE] rule=".$Rule_by_ID{$Request_Cache{$cacheid}{$COMP_ID}}
 			. ", id=".$Request_Cache{$cacheid}{$COMP_ID}
 			. ( ($request{queue_id}) ? ", queue=".$request{queue_id} : '' )
 			. ", client=".$request{client_name}."[".$request{client_address}."]"
@@ -2223,7 +2271,7 @@ sub smtpd_access_policy {
 	read_config(0) if $opt_instantconfig;
 
 	if ($#Rules < 0) {
-		mylogs 'warning', "critical: no rules found - i feel useless (have you set -f or -r?)";
+		log_warn "critical: no rules found - i feel useless (have you set -f or -r?)";
 
 	} else {
 
@@ -2233,11 +2281,11 @@ sub smtpd_access_policy {
 			$t3 = scalar keys %DNS_Cache;
 			cleanup_dns_cache($now);
 			$t2 = time();
-			mylogs $syslog_priority, "[CLEANUP] needed ".ts($t2 - $t1)
+			log_info "[CLEANUP] needed ".ts($t2 - $t1)
 				." seconds for rbl cleanup of "
 				.($t3 - scalar keys %DNS_Cache)." out of ".$t3
 				." cached items after cleanup time ".$CLEANUP_RBL_CACHE."s"
-				if ( wantsdebug(qw[ all thisrequest verbose ]) or (($t2 - $t1) >= 1) );
+				if ( wantsdebug(qw[ all thisrequest verbose cleanup ]) or (($t2 - $t1) >= 1) );
 			$Cleanup_RBLs = $t1;
 		};
 
@@ -2277,10 +2325,11 @@ sub smtpd_access_policy {
 					. ", state=".$request{protocol_state};
 
 				# check for postfwd action
+				$ai = 0; # (re)set max_command_recursion counter
 				while ($ai++ < $max_command_recursion and $myaction =~ /^(\w[\-\w]+)\s*\(\s*(.*?)\s*\)$/) {
 					my($mycmd,$myarg) = ($1, $2); $stop = 0;
 					if (defined $postfwd_actions{$mycmd}) {
-						mylogs $syslog_priority, "[PLUGIN] executing postfwd-action $mycmd" if (wantsdebug(qw[ all thisrequest ]));
+						log_info "[PLUGIN] executing postfwd-action $mycmd" if (wantsdebug(qw[ all thisrequest ]));
 						($stop, $index, $myaction, $myline, %request) = &{$postfwd_actions{$mycmd}}($index, $now, $mycmd, $myarg, $myline, %request);
 						# substitute again after postfwd-actions
 						$myaction = $var if ( $var = devar_item ("==",$myaction,"action",%request) );
@@ -2292,7 +2341,7 @@ sub smtpd_access_policy {
 
 				if ($stop) {
 					$myline .= ", delay=".ts(time() - $now)."s, hits=".$request{$COMP_HITS}.", action=".$myaction;
-    					mylogs $syslog_priority, "[RULES] ".$myline unless $opt_norulelog;
+    					log_info "[RULES] ".$myline unless $opt_norulelog;
 					last RULE;
 				};
 			} else { undef $myline; };
@@ -2321,11 +2370,11 @@ sub process_input {
                 $$attr{$1} = $2;
         # evaluate request
         } elsif ( $msg eq '' ) {
-                map { mylogs $syslog_priority, "Attribute: $_=$$attr{$_}" } (keys %$attr) if (wantsdebug(qw[ all thisrequest ]));
+                map { log_info "Attribute: $_=$$attr{$_}" } (keys %$attr) if (wantsdebug(qw[ all thisrequest ]));
 		if (defined $$attr{request}) {
 	                if ( $$attr{request} eq "smtpd_access_policy" ) {
                         	my $action = smtpd_access_policy(%$attr) || $default_action;
-	                        mylogs $syslog_priority, "Action: $action" if (wantsdebug(qw[ all thisrequest ]));
+	                        log_info "Action: $action" if (wantsdebug(qw[ all thisrequest ]));
         	                if ($client) {
                 	                print $client ("action=$action\n\n");
                         	} else {
@@ -2334,42 +2383,42 @@ sub process_input {
 				$Counter_Requests++; $Counter_Interval++; %$attr = ();
 				delete $DEBUG{thisrequest};
 	                } elsif ( $$attr{request} eq "dumpstats" ) {
-	                        mylogs $syslog_priority, "STATS requested";
+	                        log_info "STATS requested";
 				map { print $client "[STATS]  $_\r\n" } list_stats();
 				close($client);
 	                } elsif ( $$attr{request} eq "dumpcache" ) {
-	                        mylogs $syslog_priority, "DUMP requested";
+	                        log_info "DUMP requested";
 				map { print $client "$_\r\n" } dump_cache();
 				close($client);
 	                } elsif ( $$attr{request} =~ /^delrate (.*)$/ ) {
 				my $del = $1; $del =~ s/^[%]?//g;
 				if (defined $Rates{$del}) {
-					mylogs "notice", "rate cache item '$del' removed";
+					log_note "rate cache item '$del' removed";
 					print $client "rate cache item '$del' removed\r\n";
 					delete $Rates{$del};
 				} else {
-					 mylogs "notice", "rate cache removal of '$del' failed: item not found";
+					 log_note "rate cache removal of '$del' failed: item not found";
 					 print $client "rate cache removal of '$del' failed: item not found\r\n";
 				};
 				close($client);
 	                } elsif ( $$attr{request} =~ /^delcache (.*)$/ ) {
 				my $del = $1; $del =~ s/^[%]?//g;
 				if (defined $Request_Cache{$del}) {
-					mylogs "notice", "request cache item '$del' removed";
+					log_note "request cache item '$del' removed";
 					print $client "request cache item '$del' removed\r\n";
 					delete $Request_Cache{$del};
 				} else {
-					 mylogs "notice", "request cache removal of '$del' failed: item not found";
+					 log_note "request cache removal of '$del' failed: item not found";
 					 print $client "request cache removal of '$del' failed: item not found\r\n";
 				};
 				close($client);
                 	} else {
-        	                mylogs 'warning', "Ignoring unrecognized request type: '".((defined $$attr{request}) ? substr($$attr{request},0,100) : '')."'";
+        	                log_warn "Ignoring unrecognized request type: '".((defined $$attr{request}) ? substr($$attr{request},0,100) : '')."'";
                 	};
 		};
         # unknown command
         } else {
-                mylogs 'warning', "Ignoring garbage '".substr($msg, 0, 100)."'";
+                log_warn "Ignoring garbage '".substr($msg, 0, 100)."'";
         };
 };
 
@@ -2478,8 +2527,8 @@ setlogsock $syslog_socktype;
 $syslog_options = 'cons,pid' unless $opt_daemon;
 openlog $syslog_name, $syslog_options, $syslog_facility;
 
-mylogs "notice", $NAME." ".$VERSION." starting" if $opt_daemon;
-mylogs "notice", "Net::DNS ".(Net::DNS->VERSION || '<undef>').", Net::Server ".(Net::Server->VERSION || '<undef>').", Sys::Syslog ".($Sys::Syslog::VERSION || '<undef>').", Perl ".$]." on ".$^O if (wantsdebug(qw[ all verbose ]));
+log_note $NAME." ".$VERSION." starting" if $opt_daemon;
+log_note "Net::DNS ".(Net::DNS->VERSION || '<undef>').", Net::Server ".(Net::Server->VERSION || '<undef>').", Sys::Syslog ".($Sys::Syslog::VERSION || '<undef>').", Perl ".$]." on ".$^O if (wantsdebug(qw[ all verbose ]));
 
 # query usage statistics
 if ($opt_dumpstats) {
@@ -2564,14 +2613,14 @@ if ($opt_showconfig) {
 };
 
 # check modes
-mylogs "notice", "TESTMODE: set - will return ".$default_action." to all requests" if ($opt_test);
+log_note "TESTMODE: set - will return ".$default_action." to all requests" if ($opt_test);
 if (wantsdebug(qw[ all verbose ])) {
 	$opt_summary ||= $Stat_Interval_Time;
-	mylogs "notice", "VERBOSE: set";
+	log_note "VERBOSE: set";
 };
 
 # -n - skip dns based checks
-mylogs "notice", "NODNS: set - will skip all dns based checks" if $opt_nodns;
+log_note "NODNS: set - will skip all dns based checks" if $opt_nodns;
 
 # set max lookups to default (set to 0 to disable)
 $opt_max_ns_lookups = $def_dns_max_ns_a_lookups unless defined $opt_max_ns_lookups;
@@ -2583,7 +2632,7 @@ map ( modify_score (each %opt_scores), (keys %opt_scores) );
 # get summary interval time, set next display time
 $Stat_Interval_Time = $opt_summary if $opt_summary;
 $Cleanup_Timeouts = $Cleanup_Requests = $Cleanup_RBLs = $Cleanup_Rates = $Starttime = time();
-mylogs $syslog_priority, "Overriding cacheid itemlist with: ".(join ",", @CacheID) if ( @CacheID );
+log_info "Overriding cacheid itemlist with: ".(join ",", @CacheID) if ( @CacheID );
 
 # load plugin-items
 get_plugins (@Plugins) if @Plugins;
@@ -2664,13 +2713,13 @@ if ($opt_daemon) {
 	# does not call read_config directly, to avoid
 	# possible race conditions when caches are cleared
 	sub sig_hup () {
-		mylogs "notice", "catched HUP signal - reloading ruleset on next request";
+		log_note "catched HUP signal - reloading ruleset on next request";
 		$Reload_Conf = 1;
 	};
 
 	# show stats on exit
 	sub pre_server_close_hook() {
-		mylogs "notice", "terminating..." if $opt_summary;
+		log_note "terminating..." if $opt_summary;
 		end_program;
 	};
 
@@ -2678,10 +2727,10 @@ if ($opt_daemon) {
 	sub pre_loop_hook() {
 
 		# install signal handlers
-		$SIG{__WARN__}	= sub { mylogs "crit", "warning - \"@_\""; };
+		$SIG{__WARN__}	= sub { log_crit "warning - \"@_\""; };
 		$SIG{__DIE__}	= sub { fatal_exit "last err: \"$!\", detail: \"@_\""; };
 		$SIG{ALRM} = sub { show_stats; alarm ($Stat_Interval_Time); } if $opt_summary;
-		mylogs $syslog_priority, "successfully installed signal handlers" if wantsdebug(qw[ all verbose ]);
+		log_info "successfully installed signal handlers" if wantsdebug(qw[ all verbose ]);
 
 		# process init
 		umask oct($net_umask);
@@ -2692,11 +2741,11 @@ if ($opt_daemon) {
 		# set first status interval time
 		if ($opt_summary) {
 			alarm ($Stat_Interval_Time);
-			mylogs $syslog_priority, "Setting status interval to $Stat_Interval_Time seconds";
+			log_info "Setting status interval to $Stat_Interval_Time seconds";
 		};
 
 		# let's go
-		mylogs $syslog_priority, "$NAME $VERSION ready for input";
+		log_info "$NAME $VERSION ready for input";
 	};
 
 	# main loop
@@ -2808,6 +2857,7 @@ postfwd [OPTIONS] [SOURCE1, SOURCE2, ...]
 	    --keep_rates             do not clear rate limit counters on reload
 	    --save_rates <file>	     save and load rate limits on disk
 	    --fast_limit_evaluation  evaluate rate limits before ruleset is parsed
+	                             (please note the limitations)
 
 	Plugins:
 	    --plugins <file>        loads postfwd plugins from file
@@ -2875,6 +2925,8 @@ The way how request items are compared to the ruleset can be influenced in the f
 	 ITEM == VALUE                true if ITEM equals VALUE
 	 ITEM => VALUE                true if ITEM >= VALUE
 	 ITEM =< VALUE                true if ITEM <= VALUE
+	 ITEM >  VALUE                true if ITEM >  VALUE
+	 ITEM <  VALUE                true if ITEM <  VALUE
 	 ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
 	 ITEM != VALUE                false if ITEM equals VALUE
 	 ITEM !> VALUE                false if ITEM >= VALUE
@@ -3185,7 +3237,7 @@ Files can refer to other files. The following is valid.
 	-- FILE /etc/postfwd/clients_west.cf --
 	192.168.3.0/24
 
-Remind that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
+Note that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
 with postfwd1 v1.15 and postfwd2 v0.18 and higher.
 
 
@@ -3244,7 +3296,7 @@ postfwd actions control the behaviour of the program. Currently you can specify
 	this command creates a counter for the given <item>, which will be increased any time a request
 	containing it arrives. if it exceeds <max> within <time> seconds it will return <action> to postfix.
 	rate counters are very fast as they are executed before the ruleset is parsed.
-	please note that <action> is currently limited to postfix actions (no postfwd actions)!
+	please note that <action> was limited to postfix actions (no postfwd actions) for postfwd versions <1.33!
 	    # no more than 3 requests per 5 minutes
 	    # from the same "unknown" client
 	    id=RATE01 ;  client_name==unknown
@@ -3276,6 +3328,11 @@ postfwd actions control the behaviour of the program. Currently you can specify
 	   id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address!=10.1.1.1
 	      action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
 
+	rate5321,size5321,rcpt5321 (<item>/<max>/<time>/<action>)
+	same as the corresponding non-5321 functions, with the difference that the localpart of
+	sender oder recipient addresses are evaluated case-sensitive according to rfc5321. That
+        means that requests from bob@example.local and BoB@example.local will be treated differently
+
 	ask (<addr>:<port>[:<ignore>])
 	allows to delegate the policy decision to another policy service (e.g. postgrey). the first
 	and the second argument (address and port) are mandatory. a third optional argument may be
@@ -3287,10 +3344,16 @@ postfwd actions control the behaviour of the program. Currently you can specify
 	   id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)
 
 	mail(server/helo/from/to/subject/body)
+	This command is deprecated. You should try to use the sendmail() action instead.
 	Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
 	This basically performs a telnet. No authentication or TLS are available. Additionally it does
 	not track notification state and will notify you any time, the corresponding rule hits.
 
+	sendmail(sendmail-path::from::to::subject::body)
+	Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+	LIMITATIONS: The command does not track notification state and will notify you any time, the
+	corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).
+
 	wait (<delay>)
 	pauses the program execution for <delay> seconds. use this for
 	delaying or throtteling connections.
@@ -3448,6 +3511,10 @@ will be used.
 					$myresult = ($myitem <= $val);
 				} elsif ($cmp eq '=>') {
 					$myresult = ($myitem >= $val);
+				} elsif ($cmp eq '<') {
+					$myresult = ($myitem < $val);
+				} elsif ($cmp eq '>') {
+					$myresult = ($myitem > $val);
 				} elsif ($cmp eq '!=') {
 					$myresult = not($myitem == $val);
 				} elsif ($cmp eq '!<') {
@@ -3479,15 +3546,15 @@ continue or to stop parsing the ruleset.
 			# note(<logstring>) command
 			"note"  => sub {
 				my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-				my($myaction) = $default_action; my($stop) = 0;
-				mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+				my($myaction) = 'dunno'; my($stop) = 0;
+				log_info "[RULES] ".$myline." - note: ".$myarg if $myarg;
 				return ($stop,$index,$myaction,$myline,%request);
 			},
 	
 			# skips next <myarg> rules
         		"skip" => sub {
 				my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-				my($myaction) = $default_action; my($stop) = 0;
+				my($myaction) = 'dunno'; my($stop) = 0;
 				$index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
 				return ($stop,$index,$myaction,$myline,%request);
         		},
@@ -3495,8 +3562,8 @@ continue or to stop parsing the ruleset.
 			# dumps current request contents to syslog
         		"dumprequest" => sub {
 				my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-				my($myaction) = $default_action; my($stop) = 0;
-				map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+				my($myaction) = 'dunno'; my($stop) = 0;
+				map { log_info "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
 				return ($stop,$index,$myaction,$myline,%request);
         		},
 
@@ -3761,6 +3828,9 @@ These parameters influence the way postfwd is working. Any of them can be combin
 	before consulting the ruleset. This mode was the default behaviour until v1.30.
 	With this mode rate limits will be faster, but also eventually set up
 	whitelisting-rules within the ruleset might not work as expected.
+	LIMITATIONS: This option does not allow nested postfwd commands like
+		action=rate(sender/3/60/wait(3))
+	This option doe not work with the strict-rfc5321 rate() functions.
 
 
 I<Informational arguments>
diff --git a/sbin/postfwd2 b/sbin/postfwd2
index 49bd152..37938e3 100755
--- a/sbin/postfwd2
+++ b/sbin/postfwd2
@@ -34,7 +34,7 @@ BEGIN {
 
 # basics
 our $NAME	= "postfwd2";
-our $VERSION	= "1.32";
+our $VERSION	= "1.35";
 our $DEFAULT	= 'DUNNO';
 
 # change this, to match your POD requirements
@@ -75,7 +75,6 @@ our %postfwd_settings = (
 		proto		 => (($nounixsock) ? "tcp" : "unix"),
 		check		 => (($nounixsock) ? \&check_inet : \&check_unix),
 		umask		 => "0177",
-		recvbuffer	 => 65535,
 	},
 	server => {
 		commandline	 => " ".$NAME."::policy",
@@ -85,7 +84,6 @@ our %postfwd_settings = (
 		proto            => "tcp",
 		check		 => \&check_inet,
 		umask		 => "0111",
-		recvbuffer	 => 65535,
 		# child control
 		#check_for_dead         => 30,
 		#check_for_waiting      => 10,
@@ -299,8 +297,8 @@ sub mylogs_new {
 
 # Syslog to stdout
 sub mylogs_stdout {
-	my($prio,$msg) = @_;
-	printf STDOUT "[LOG $prio]: $msg\n", @_;
+	my($prio,$msg) = @_; $msg =~ /^(.*)$/;
+	printf STDOUT "[LOG $prio]: $1\n", @_;
 };
 
 # send log message
@@ -345,8 +343,8 @@ sub check_inet {
 		Proto    => 'tcp',
 		Timeout  => $postfwd_settings{timeout}{$type},
 		Type     => SOCK_STREAM ) ) {
-		$socket->send("$send\n");
-		$socket->recv($send, $postfwd_settings{$type}{recvbuffer});
+		$socket->print("$send\n");
+		$send = $socket->getline();
 		$socket->close();
 		chomp($send);
 	} else {
@@ -363,8 +361,8 @@ sub check_unix {
 		Peer     => $postfwd_settings{$type}{port},
 		Timeout  => $postfwd_settings{timeout}{$type},
 		Type     => SOCK_STREAM ) ) {
-		$socket->send("$send\n");
-		$socket->recv($send, $postfwd_settings{$type}{recvbuffer});
+		$socket->print("$send\n");
+		$send = $socket->getline();
 		$socket->close();
 		chomp($send);
 	} else {
@@ -638,6 +636,7 @@ sub cleanup_cache {
 # saves rate limits to disk
 sub save_rates {
     return unless ($STORABLE and $postfwd_settings{rate}{store} and defined $Cache{rate});
+    cleanup_cache ('rate', time());
     eval {
 	local $SIG{__DIE__} = sub { log_note ("ERROR: Could not store rate limits to ".$postfwd_settings{rate}{store}.": $! @_") };
 	store ($Cache{rate}, $postfwd_settings{rate}{store});
@@ -651,7 +650,7 @@ sub save_rates {
 # loads rate limits from disk
 sub load_rates {
     my $loadrate = undef;
-    return unless ($STORABLE and (-f $postfwd_settings{rate}{store}));
+    return unless ($STORABLE and $postfwd_settings{rate}{store} and (-f $postfwd_settings{rate}{store}));
     eval {
 	local $SIG{__DIE__} = sub { log_note ("Could not load rate limits from ".$postfwd_settings{rate}{store}.": $! @_") };
 	$loadrate = retrieve($postfwd_settings{rate}{store});
@@ -660,6 +659,7 @@ sub load_rates {
 	$Cache{rate} = $loadrate;
         log_info ("Fetched ".(scalar %{$Cache{rate}})." rates from ".$postfwd_settings{rate}{store})
                 if wantsdebug(qw[ all verbose rates loadrates saverates ]);
+	cleanup_cache ('rate', time());
     };
 };
 
@@ -880,7 +880,7 @@ my $COMP_HITS                 = "request_hits";
 # item match counter
 my $COMP_MATCHES              = "matches";
 # separator
-my $COMP_SEPARATOR            = "[=\~\<\>]=|[=\!][=\~\<\>]|=";
+my $COMP_SEPARATOR            = "[=\~\<\>]=|[\<\>]|[=\!][=\~\<\>]|=";
 # macros
 my $COMP_ACL                  = "[\&][\&]";
 # negation
@@ -1141,7 +1141,7 @@ sub check_for_old_syntax {
   if ($mykey =~ /^action$/) {
     if ($myvalue =~ /^(\w[\-\w]+)\s*\(\s*(.*?)\s*\)$/) {
 	my($mycmd,$myarg) = ($1, $2);
-	if ($mycmd =~ /^(rate|size|rcpt)$/i) {
+	if ($mycmd =~ /^(rate|size|rcpt)(5321)?$/i) {
 	  if ($myarg =~ /^\$\$(.*)$/) {
 	    $myarg = $1;
 	    $myvalue = "$mycmd($myarg)";
@@ -1630,7 +1630,7 @@ sub postfwd_items {
 	%result = (%result, &{$postfwd_items{$_}}((%request,%result)))
 		if (defined $postfwd_items{$_});
     };
-    map { $result{$_} = '' unless $result{$_}; log_info ("[PLUGIN]  Added key: $_=$result{$_}") if wantsdebug (qw[ all thisrequest ]) } (keys %result);
+    map { $result{$_} = '' unless (defined $result{$_}); log_info ("[PLUGIN]  Added key: $_=$result{$_}") if wantsdebug (qw[ all thisrequest ]) } (keys %result);
     return %result;
 };
 #
@@ -1671,6 +1671,10 @@ sub postfwd_items {
                         $myresult = ($myitem <= $val);
                 } elsif ($cmp eq '=>') {
                         $myresult = ($myitem >= $val);
+                } elsif ($cmp eq '<') {
+                        $myresult = ($myitem < $val);
+                } elsif ($cmp eq '>') {
+                        $myresult = ($myitem > $val);
                 } elsif ($cmp eq '!=') {
                         $myresult = not($myitem == $val);
                 } elsif ($cmp eq '!<') {
@@ -1835,6 +1839,10 @@ sub postfwd_items {
 			$myresult = (($myitem || 0) >= $val);
 		} elsif ($cmp eq '!>') {
 			$myresult = not(($myitem || 0) >= $val);
+		} elsif ($cmp eq '<') {
+			$myresult = (($myitem || 0) < $val);
+		} elsif ($cmp eq '>') {
+			$myresult = (($myitem || 0) > $val);
 		} elsif ($cmp eq '=~') {
 			$myresult = ($myitem =~ /$val/i);
 		} elsif ($cmp eq '!~') {
@@ -1895,13 +1903,13 @@ sub postfwd_items {
 					$m_val = $r_val;
 				} elsif ( ($mod eq '.=') or ($mod eq '=.') ) {
 					$m_val .= $r_val;
-				} elsif ( (($mod eq '+=') or ($mod eq '=+')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '+=') or ($mod eq '=+')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val += $r_val;
-				} elsif ( (($mod eq '-=') or ($mod eq '=-')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '-=') or ($mod eq '=-')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val -= $r_val;
-				} elsif ( (($mod eq '*=') or ($mod eq '=*')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '*=') or ($mod eq '=*')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val *= $r_val;
-				} elsif ( (($mod eq '/=') or ($mod eq '=/')) and (($m_val=~/^\d+(\.\d+)?$/) and ($r_val=~/^\d+(\.\d+)?$/)) ) {
+				} elsif ( (($mod eq '/=') or ($mod eq '=/')) and (($m_val=~/^\-?\d+(\.\d+)?$/) and ($r_val=~/^\-?\d+(\.\d+)?$/)) ) {
 					$m_val /= (($r_val == 0) ? 1 : $r_val);
 				} else {
 					$m_val = $r_val;
@@ -1924,7 +1932,7 @@ sub postfwd_items {
 		my($myaction) = $postfwd_settings{default}; my($stop) = 0;
 		my($score) = (defined $request{request_score}) ? $request{request_score} : 0;
 		if ($myarg =~/^([\+\-\*\/\=]?)(\d+)([\.,](\d+))?$/) {
-			my($mod, $val) = ($1, $2 + ((defined $4) ? ($4 / 10) : 0));
+			my($mod, $val) = ($1, $2 + ((defined $4) ? "0.$4" : 0));
 			if ($mod eq '-') {
 				$score -= $val;
 			} elsif ($mod eq '*') {
@@ -1968,7 +1976,7 @@ sub postfwd_items {
 		);
 		if ( my $socket = IO::Socket::INET->new(
 			PeerAddr => $mserver,
-			PeerPort => ($mport || 25),
+			PeerPort => ($mport ||= 25),
 			Proto    => 'tcp',
 			Timeout  => 30,
 			Type     => SOCK_STREAM,
@@ -1984,16 +1992,40 @@ sub postfwd_items {
 		};
 		return ($stop,$index,$myaction,$myline,%request);
 	},
+	# sendmail()
+	"sendmail" => sub {
+		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
+		my($myaction) = $postfwd_settings{default}; my($stop) = 0;
+		my($mcmd,$mfrom,$mto,$msubject,$mbody) = split '::', $myarg, 5;
+		my($msg) = "From: $mfrom\nTo: $mto\nSubject: $msubject\n\n$mbody\n";
+		if ( (-x $mcmd) and open (SM, "| $mcmd -i -f $mfrom $mto") ) {
+			if ( print SM "$msg" ) {
+				log_info ("[SENDMAIL] ".$myline.", $mcmd from=<$mfrom>, to=<$mto>, subject=<$msubject>");
+			} else {
+				log_note ("[SENDMAIL] ".$myline.", could not print to $mcmd pipe: '$!'");
+			};
+			close(SM);
+		} else {
+			log_note ("[SENDMAIL] ".$myline.", could not open pipe to $mcmd: '$!'");
+		};
+		return ($stop,$index,$myaction,$myline,%request);
+	},
 	# rate() command
 	"rate"	=> sub {
 		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
 		my($myaction) = $postfwd_settings{default}; my($stop) = 0; my $prate = '';
 		my($ratetype,$ratecount,$ratetime,$ratecmd) = split "/", $myarg, 4;
-		my($rcount) = ( ($mycmd eq 'size') ? $request{size} : (($mycmd eq 'rcpt') ? $request{recipient_count} : 1 ) );
+		my($rcount) = ( ($mycmd =~ /^size/) ? $request{size} : (($mycmd =~ /^rcpt/) ? $request{recipient_count} : 1 ) );
 		if ($ratetype and $ratecount and $ratetime and $ratecmd and $rcount) {
 		  my $crate = $Rules[$index]{$COMP_ID}.'+'.$ratecount.'_'.$ratetime;
 		  if ( defined $request{$ratetype} ) {
-			$ratetype .= "=".$request{$ratetype};
+                        my $r = $request{$ratetype};
+                        unless ($mycmd =~ /5321$/) {
+                                $r = lc($r);
+                        } else {
+                                $r = ($r =~ /^([^@]+)@(\S+)$/) ? $1.'@'.lc($2) : lc($r);
+                        };
+                        $ratetype .= "=".$r;
 
 			if ( $postfwd_settings{rate}{fast_eval} ) {
 				# Check if rate already exists in cache
@@ -2077,6 +2109,12 @@ sub postfwd_items {
 	"size"	=> sub { return &{$postfwd_actions{rate}}(@_); },
 	# rcpt() command
 	"rcpt"	=> sub { return &{$postfwd_actions{rate}}(@_); },
+	# rate() command, according to rfc5321 case-sensivity
+	"rate5321"      => sub { return &{$postfwd_actions{rate}}(@_); },
+	# rcpt() command, according to rfc5321 case-sensivity
+	"rcpt5321"      => sub { return &{$postfwd_actions{rate}}(@_); },
+	# size() command, according to rfc5321 case-sensivity
+	"size5321"      => sub { return &{$postfwd_actions{rate}}(@_); },
 	# wait() command
 	"wait"	=> sub {
 		my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
@@ -2206,7 +2244,7 @@ sub compare_item {
     # now compare request to every single item
     ITEM: foreach (@items) {
 	($cmp, $val) = split ";";
-	next ITEM unless ($cmp and $val and $mykey);
+	next ITEM unless ($cmp and (defined $val) and $mykey);
 	# prepare_file
 	if ($val =~ /$COMP_LIVE_FILE_TABLE/) {
 		push @items, prepare_file (0, $1, $cmp, $2);
@@ -2215,7 +2253,7 @@ sub compare_item {
 	log_info ("compare $mykey:  \"$myitem\"  \"$cmp\"  \"$val\"") if wantsdebug (qw[ all thisrequest ]);
 	$val = $neg if ($neg = deneg_item($val));
 	log_info ("deneg $mykey:  \"$myitem\"  \"$cmp\"  \"$val\"") if ($neg and wantsdebug (qw[ all thisrequest ]));
-	next ITEM unless $val;
+	next ITEM unless (defined $val);
 	# substitute check for $$vars in rule item
 	if ( $var = devar_item ($cmp,$val,$myitem,%request) ) {
 		$val = $var; $val =~ s/([^-_@\.\w\s])/\\$1/g unless ($cmp eq '==');
@@ -2288,7 +2326,7 @@ sub compare_rule {
 			? $date
 			# default: compare against request attribute
 			: $request{$mykey};
-		$myresult[0] = ($res = compare_item($mykey, $Rules[$index]{$mykey}, $num, ($val || ''), %request)) ? ($myresult[0] + $res) : 0;
+		$myresult[0] = ($res = compare_item($mykey, $Rules[$index]{$mykey}, $num, ((defined $val) ? $val : ''), %request)) ? ($myresult[0] + $res) : 0;
 	};
 	last ITEM unless ($myresult[0] > 0);
     };
@@ -2493,7 +2531,7 @@ sub compare_rule {
 	$myline  = "[RULES]  RULE: ".$index."  MATCHES: ".((($myresult[0] - 2) > 0) ? ($myresult[0] - 2) : 0);
 	$myline .= "  RBLCOUNT: ".$myresult[1] if $myresult[1];
 	$myline .= "  RHSBLCOUNT: ".$myresult[2] if $myresult[2];
-	$myline .= "  DNSBLTEXT: ".(join ("; ", @DNSBL_Text)) if ( (defined @DNSBL_Text) and (($myresult[1] > 0) or ($myresult[2] > 0)) );
+	$myline .= "  DNSBLTEXT: ".(join ("; ", @DNSBL_Text)) if ( (@DNSBL_Text) and (($myresult[1] > 0) or ($myresult[2] > 0)) );
 	log_info ($myline);
     };
     return @myresult;
@@ -2549,7 +2587,7 @@ sub smtpd_access_policy {
 
     # increase rate limits
     if (@Rate_Items and $postfwd_settings{rate}{fast_eval}) {
-	map { $checkval .= $_."=".$request{$_}.$postfwd_settings{seplst} if $request{$_} } (@Rate_Items);
+	map { $checkval .= $_."=".lc($request{$_}).$postfwd_settings{seplst} if $request{$_} } (@Rate_Items);
 	if ($checkval) {
 		$checkval = "CMD=".$postfwd_commands{checkrate}.";TYPE=rate;ITEM=$checkval;SIZE=".($request{'size'} || 0).";RCPT=".($request{'recipient_count'} || 0);
 			log_info ("[RATES] parent rate limit query: ".$checkval) if wantsdebug (qw[ all thisrequest verbose rates ]);
@@ -2746,6 +2784,7 @@ sub smtpd_access_policy {
 					. ", state=".$request{protocol_state};
 
 				# check for postfwd action
+				$ai = 0; # (re)set max_command_recursion counter
 				while ($ai++ < $postfwd_settings{max_command_recursion} and $myaction =~ /^(\w[\-\w]+)\s*\(\s*(.*?)\s*\)$/) {
 					my($mycmd,$myarg) = ($1, $2); $stop = 0;
 					if (defined $postfwd_actions{$mycmd}) {
@@ -3199,6 +3238,7 @@ log_note ("NODNS: set - will skip all dns based checks") if $postfwd_settings{dn
 
 # check for --nodaemon option
 unless ($postfwd_settings{daemon}) {
+	log_note ("NODAEMON: Please note that rate() commands do not work with postfwd2 and --nodaemon option due to the missing cache daemon");
 	my(%attr) = ();
 	get_plugins (@{$postfwd_settings{Plugins}}) if $postfwd_settings{Plugins};
 	read_config(1);
@@ -3280,7 +3320,8 @@ die "master-daemon: should never see me!\n";
 
 # cleanup children and files and terminate
 sub end_program {
-	local $SIG{TERM} = 'IGNORE';
+	# ignore further TERM signals
+	$SIG{TERM} = 'IGNORE';
 	if ($postfwd_settings{summary}) {
 		undef $postfwd_settings{syslog}{noidlestats};
 		log_stats();
@@ -3445,6 +3486,8 @@ B<postfwd2> [OPTIONS] [SOURCE1, SOURCE2, ...]
             --keep_rates		do not clear rate limit counters on reload
             --save_rates <file>		save and load rate limits on disk
 	    --fast_limit_evaluation	evaluate rate limits before ruleset is parsed
+                                        (please note the limitations)
+
 
 	Plugins:
 	    --plugins <file>            loads postfwd plugins from file
@@ -3527,6 +3570,8 @@ The way how request items are compared to the ruleset can be influenced in the f
 	 ITEM == VALUE                true if ITEM equals VALUE
 	 ITEM => VALUE                true if ITEM >= VALUE
 	 ITEM =< VALUE                true if ITEM <= VALUE
+	 ITEM >  VALUE                true if ITEM >  VALUE
+	 ITEM <  VALUE                true if ITEM <  VALUE
 	 ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
 	 ITEM != VALUE                false if ITEM equals VALUE
 	 ITEM !> VALUE                false if ITEM >= VALUE
@@ -3837,7 +3882,7 @@ Files can refer to other files. The following is valid.
 	-- FILE /etc/postfwd/clients_west.cf --
 	192.168.3.0/24
 
-Remind that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
+Note that there is currently no loop detection (/a/file calls /a/file) and that this feature is only available
 with postfwd1 v1.15 and postfwd2 v0.18 and higher.
 
 
@@ -3896,7 +3941,7 @@ postfwd2 actions control the behaviour of the program. Currently you can specify
 	this command creates a counter for the given <item>, which will be increased any time a request
 	containing it arrives. if it exceeds <max> within <time> seconds it will return <action> to postfix.
 	rate counters are very fast as they are executed before the ruleset is parsed.
-	please note that <action> is currently limited to postfix actions (no postfwd actions)!
+	please note that <action> was limited to postfix actions (no postfwd actions) for postfwd versions <1.33!
 	    # no more than 3 requests per 5 minutes
 	    # from the same "unknown" client
 	    id=RATE01 ;  client_name==unknown
@@ -3919,6 +3964,11 @@ postfwd2 actions control the behaviour of the program. Currently you can specify
 	   id=RCPT01 ;  protocol_state==END-OF-MESSAGE ;  client_address==!!(10.1.1.1)
 	      action=rcpt(client_address/3/3600/450 4.7.1 sorry, max 3 recipients per hour)
 
+        rate5321,size5321,rcpt5321 (<item>/<max>/<time>/<action>)
+        same as the corresponding non-5321 functions, with the difference that the localpart of
+        sender oder recipient addresses are evaluated case-sensitive according to rfc5321. That
+	means that requests from bob@example.local and BoB@example.local will be treated differently
+
 	ask (<addr>:<port>[:<ignore>])
 	allows to delegate the policy decision to another policy service (e.g. postgrey). the first
 	and the second argument (address and port) are mandatory. a third optional argument may be
@@ -3930,10 +3980,16 @@ postfwd2 actions control the behaviour of the program. Currently you can specify
 	   id=GREY; client_address==10.1.1.1; action=ask(127.0.0.1:10031:^dunno$)
 
         mail(server/helo/from/to/subject/body)
+	This command is deprecated. You should try to use the sendmail() action instead.
         Very basic mail command, that sends a message with the given arguments. LIMITATIONS:
         This basically performs a telnet. No authentication or TLS are available. Additionally it does
         not track notification state and will notify you any time, the corresponding rule hits.
 
+	sendmail(sendmail-path::from::to::subject::body)
+	Mail command, that uses an existing sendmail binary and sends a message with the given arguments.
+	LIMITATIONS: The command does not track notification state and will notify you any time, the
+	corresponding rule hits (which could mean 100 mails for a mail with 100 recipients at RCPT stage).
+
 	wait (<delay>)
 	pauses the program execution for <delay> seconds. use this for
 	delaying or throtteling connections.
@@ -4091,6 +4147,10 @@ will be used.
 					$myresult = ($myitem <= $val);
 				} elsif ($cmp eq '=>') {
 					$myresult = ($myitem >= $val);
+				} elsif ($cmp eq '<') {
+					$myresult = ($myitem < $val);
+				} elsif ($cmp eq '>') {
+					$myresult = ($myitem > $val);
 				} elsif ($cmp eq '!=') {
 					$myresult = not($myitem == $val);
 				} elsif ($cmp eq '!<') {
@@ -4122,15 +4182,15 @@ continue or to stop parsing the ruleset.
 			# note(<logstring>) command
 			"note"  => sub {
 				my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-				my($myaction) = $default_action; my($stop) = 0;
-				mylogs 'info', "[RULES] ".$myline." - note: ".$myarg if $myarg;
+				my($myaction) = 'dunno'; my($stop) = 0;
+				log_info "[RULES] ".$myline." - note: ".$myarg if $myarg;
 				return ($stop,$index,$myaction,$myline,%request);
 			},
 	
 			# skips next <myarg> rules
         		"skip" => sub {
 				my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-				my($myaction) = $default_action; my($stop) = 0;
+				my($myaction) = 'dunno'; my($stop) = 0;
 				$index += $myarg if ( $myarg and not(($index + $myarg) > $#Rules) );
 				return ($stop,$index,$myaction,$myline,%request);
         		},
@@ -4138,8 +4198,8 @@ continue or to stop parsing the ruleset.
 			# dumps current request contents to syslog
         		"dumprequest" => sub {
 				my($index,$now,$mycmd,$myarg,$myline,%request) = @_;
-				my($myaction) = $default_action; my($stop) = 0;
-				map { mylogs 'info', "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
+				my($myaction) = 'dunno'; my($stop) = 0;
+				map { log_info "[DUMP] rule=$index, Attribute: $_=$request{$_}" } (keys %request);
 				return ($stop,$index,$myaction,$myline,%request);
         		},
 
@@ -4382,6 +4442,9 @@ These parameters influence the way postfwd2 is working. Any of them can be combi
 	before consulting the ruleset. This mode was the default behaviour until v1.30.
 	With this mode rate limits will be faster, but also eventually set up
 	whitelisting-rules within the ruleset might not work as expected.
+        LIMITATIONS: This option does not allow nested postfwd commands like
+                action=rate(sender/3/60/wait(3))
+        This option doe not work with the strict-rfc5321 rate() functions.
 
 I<Informational arguments>