diff --git a/TODO b/TODO
index 3e76e00ce0bebbf07d5e90a0756195b3621a4c7a..76de62c5fd20f97322493a0524642517e2cf3102 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,8 @@
+Support CBV to local domains and cache results so that invalid users
+can be rejected without maintaining valid user lists.
+
+Now that we blacklist IPs for too many bad rcpts, delay SPF until RCPT TO.
+
 Convert DSN to REJECT unless sender gets SPF pass or best guess pass.  Make
 configurable by SPF result with NOTSPAM policy (reject or deliver without DSN).
 Maybe policy should be NODSN - still verify sender with CBV.
diff --git a/bms.py b/bms.py
index bee0e42f21fec888a99adf6a71804f9cb3a0f67e..084afc5a0a6c80a8b4997316d665383fe283e0bf 100644
--- a/bms.py
+++ b/bms.py
@@ -1,6 +1,9 @@
 #!/usr/bin/env python
 # A simple milter that has grown quite a bit.
 # $Log$
+# Revision 1.116  2007/11/01 20:09:14  customdesigned
+# Support temperror policy in access.
+#
 # Revision 1.115  2007/10/10 18:23:54  customdesigned
 # Send quarantine DSN to SPF pass (official or guessed) only.
 # Reject blacklisted email too big for dspam.
@@ -740,9 +743,9 @@ class bmsMilter(Milter.Milter):
 
     self.user = self.getsymval('{auth_authen}')
     if self.user:
-      # Very simple SMTP AUTH policy by defaul:
+      # Very simple SMTP AUTH policy by default:
       #   any successful authentication is considered INTERNAL
-      # FIXME: configure allowed MAIL FROM by user
+      # Detailed authorization policy is configured in the access file below.
       self.internal_connection = True
       self.log(
         "SMTP AUTH:",self.user, self.getsymval('{auth_type}'),
diff --git a/milter.cfg b/milter.cfg
index c99e689dc5c21b567dda5c7ab88021dc4b8381da..fd9a35e38dce4fdad7b45d265f5d0aaafe242490 100644
--- a/milter.cfg
+++ b/milter.cfg
@@ -1,4 +1,5 @@
 [milter]
+datadir = /var/log/milter
 # the socket used to communicate with sendmail.  Must match sendmail.cf
 socket=/var/run/milter/pythonsock
 # where to save original copies of defanged and failed messages
@@ -186,6 +187,11 @@ blind = 1
 
 # Map email addresses and aliases to dspam users
 ;dspam_users=david,goliath,spam,falsepositive
+# List dspam users which train on all delivered messages, as opposed to
+# "train on error" which trains only when a spam or falsepositive is reported.
+# Training mode will build the dictionary faster, but requires close attention
+# so as not to miss any spam or false positives.
+;dspam_train=goliath
 ;david=david@foocorp.com,david.yelnetz@foocorp.com,david@bar.foocorp.com
 ;goliath=giant@foocorp.com,goliath.philistine@foocorp.com
 # address to forward spam to.  milter will process these and not deliver
diff --git a/milter.rc b/milter.rc
index 3fad6c5b4c3093ceed122a6d7b2b34ed811a7951..133d68e980b877a92ba8f022114ae869fa85bf03 100755
--- a/milter.rc
+++ b/milter.rc
@@ -46,7 +46,7 @@ start() {
 stop() {
 	# Stop daemons.
 	echo -n "Shutting down $prog: "
-	killproc milter
+	killproc -d 5 milter
 	RETVAL=$?
 	echo
 	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/milter
diff --git a/pymilter.spec b/pymilter.spec
index c952583d8558388fd9041afabb476772ff94f974..cc24627105404ba2d3f775d6ff1a6a8e05d14f34 100644
--- a/pymilter.spec
+++ b/pymilter.spec
@@ -1,5 +1,9 @@
+# This spec file contains 2 noarch packages in addition to the pymilter
+# module.  To compile all three on 32-bit Intel, use:
+# rpmbuild -ba --target=i386,noarch pymilter.spec
+
 %define version 0.8.9
-%define release 1
+%define release 2
 # what version of RH are we building for?
 %define redhat7 0
 
@@ -29,10 +33,6 @@
 %define libdir /usr/lib/pymilter
 %endif
 
-# This spec file contains 2 noarch packages in addition to the pymilter
-# module.  To compile all three, use:
-# rpmbuild -ba --target=i386,noarch pymilter.spec
-
 %ifarch noarch
 Name: milter
 Group: Applications/System
@@ -112,16 +112,7 @@ find /var/log/milter/save -mtime +7 | xargs $R rm
 EOF
 chmod a+x $RPM_BUILD_ROOT/etc/cron.daily/milter
 
-%ifos aix4.1
-cat >$RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-#!/bin/sh
-cd /var/log/milter
-# uncomment to enable sgmlop if installed
-#export PYTHONPATH=/usr/local/lib/python2.1/site-packages
-exec /usr/local/bin/python bms.py >>milter.log 2>&1
-EOF
-%else # not aix4.1
-cp start.sh $RPM_BUILD_ROOT%{libdir}
+%ifnos aix4.1
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 cp %{sysvinit} $RPM_BUILD_ROOT/etc/rc.d/init.d/milter
 cp spfmilter.rc $RPM_BUILD_ROOT/etc/rc.d/init.d/spfmilter
@@ -141,18 +132,8 @@ python="%{python}"
 w
 q
 EOF
-ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
-/^python=/
-c
-python="%{python}"
-.
-w
-q
-EOF
 %endif	# aix4.1
-chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
 
-mkdir -p $RPM_BUILD_ROOT/var/run/milter
 mkdir -p $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
 cp -p rhsbl.m4 $RPM_BUILD_ROOT/usr/share/sendmail-cf/hack
 
@@ -185,7 +166,6 @@ fi
 
 %files 
 %defattr(-,root,root)
-%config %{libdir}/start.sh
 /etc/logrotate.d/milter
 /etc/cron.daily/milter
 %{libdir}/bms.py?
@@ -254,13 +234,39 @@ env CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$LDFLAGS" %{python} setup.py build
 %install
 rm -rf $RPM_BUILD_ROOT
 %{python} setup.py install --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
+mkdir -p $RPM_BUILD_ROOT/var/run/milter
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+%ifos aix4.1
+cat >$RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
+#!/bin/sh
+cd /var/log/milter
+# uncomment to enable sgmlop if installed
+#export PYTHONPATH=/usr/local/lib/python2.1/site-packages
+exec /usr/local/bin/python bms.py >>milter.log 2>&1
+EOF
+%else # not aix4.1
+cp start.sh $RPM_BUILD_ROOT%{libdir}
+ed $RPM_BUILD_ROOT%{libdir}/start.sh <<'EOF'
+/^python=/
+c
+python="%{python}"
+.
+w
+q
+EOF
+%endif
+chmod a+x $RPM_BUILD_ROOT%{libdir}/start.sh
 %if !%{redhat7}
 grep '.pyc$' INSTALLED_FILES | sed -e 's/c$/o/' >>INSTALLED_FILES
 %endif
 
+# start.sh is used by spfmilter and milter, and could be used by
+# other milters running on redhat
 %files -f INSTALLED_FILES
 %defattr(-,root,root)
 %doc README HOWTO ChangeLog NEWS TODO CREDITS sample.py milter-template.py
+%config %{libdir}/start.sh
+%dir /var/run/milter
 
 %endif # noarch