diff --git a/SOURCES/postfix-2.10.1-canonical-maps-doc-fix.patch b/SOURCES/postfix-2.10.1-canonical-maps-doc-fix.patch
new file mode 100644
index 0000000..f668303
--- /dev/null
+++ b/SOURCES/postfix-2.10.1-canonical-maps-doc-fix.patch
@@ -0,0 +1,240 @@
+diff --git a/conf/canonical b/conf/canonical
+index 720db18..26937ce 100644
+--- a/conf/canonical
++++ b/conf/canonical
+@@ -82,9 +82,14 @@
+ # 
+ # TABLE SEARCH ORDER
+ #        With lookups from indexed files such as DB or DBM, or from
+-#        networked  tables  such  as NIS, LDAP or SQL, patterns are
+-#        tried in the order as listed below:
+-# 
++#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
++#        user@domain query produces a sequence of query patterns as
++#        described below.
++#
++#        Each  query pattern is sent to each specified lookup table
++#        before trying the next query pattern,  until  a  match  is
++#        found.
++#
+ #        user@domain address
+ #               Replace user@domain by address. This form  has  the
+ #               highest precedence.
+diff --git a/conf/generic b/conf/generic
+index d5ab42a..f66c2f4 100644
+--- a/conf/generic
++++ b/conf/generic
+@@ -72,9 +72,14 @@
+ # 
+ # TABLE SEARCH ORDER
+ #        With lookups from indexed files such as DB or DBM, or from
+-#        networked  tables  such  as NIS, LDAP or SQL, patterns are
+-#        tried in the order as listed below:
+-# 
++#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
++#        user@domain query produces a sequence of query patterns as
++#        described below.
++#
++#        Each  query pattern is sent to each specified lookup table
++#        before trying the next query pattern,  until  a  match  is
++#        found.
++#
+ #        user@domain address
+ #               Replace user@domain by address. This form  has  the
+ #               highest precedence.
+diff --git a/conf/virtual b/conf/virtual
+index 3be6ab9..1843622 100644
+--- a/conf/virtual
++++ b/conf/virtual
+@@ -81,9 +81,14 @@
+ # 
+ # TABLE SEARCH ORDER
+ #        With lookups from indexed files such as DB or DBM, or from
+-#        networked tables such as NIS, LDAP or  SQL,  patterns  are
+-#        tried in the order as listed below:
+-# 
++#        networked  tables  such  as  NIS,  LDAP   or   SQL,   each
++#        user@domain query produces a sequence of query patterns as
++#        described below.
++#
++#        Each query pattern is sent to each specified lookup  table
++#        before  trying  the  next  query pattern, until a match is
++#        found.
++#
+ #        user@domain address, address, ...
+ #               Redirect  mail  for  user@domain  to address.  This
+ #               form has the highest precedence.
+diff --git a/html/canonical.5.html b/html/canonical.5.html
+index c97f910..1ef4aac 100644
+--- a/html/canonical.5.html
++++ b/html/canonical.5.html
+@@ -87,9 +87,12 @@ CANONICAL(5)                                                      CANONICAL(5)
+               cal line.
+ 
+ <b>TABLE SEARCH ORDER</b>
+-       With lookups from indexed files such as DB or DBM, or from
+-       networked  tables  such  as NIS, LDAP or SQL, patterns are
+-       tried in the order as listed below:
++       With lookups from indexed files such as DB or DBM, or from networked
++       tables  such  as  NIS,  LDAP  or SQL, each <i>user</i>@<i>domain</i> query produces a
++       sequence of query patterns as described below.
++
++       Each query pattern is sent to each specified lookup table before trying
++       the next query pattern, until a match is found.
+ 
+        <i>user</i>@<i>domain address</i>
+               Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form  has  the
+diff --git a/html/generic.5.html b/html/generic.5.html
+index debee93..3294832 100644
+--- a/html/generic.5.html
++++ b/html/generic.5.html
+@@ -77,9 +77,12 @@ GENERIC(5)                                                          GENERIC(5)
+               cal line.
+ 
+ <b>TABLE SEARCH ORDER</b>
+-       With lookups from indexed files such as DB or DBM, or from
+-       networked  tables  such  as NIS, LDAP or SQL, patterns are
+-       tried in the order as listed below:
++       With lookups from indexed files such as DB or DBM, or from networked
++       tables such as NIS, LDAP or SQL,  each  <i>user</i>@<i>domain</i>  query  produces  a
++       sequence of query patterns as described below.
++
++       Each query pattern is sent to each specified lookup table before trying
++       the next query pattern, until a match is found.
+ 
+        <i>user</i>@<i>domain address</i>
+               Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form  has  the
+diff --git a/html/virtual.5.html b/html/virtual.5.html
+index c92826c..7fa6329 100644
+--- a/html/virtual.5.html
++++ b/html/virtual.5.html
+@@ -86,9 +86,12 @@ VIRTUAL(5)                                                          VIRTUAL(5)
+               cal line.
+ 
+ <b>TABLE SEARCH ORDER</b>
+-       With lookups from indexed files such as DB or DBM, or from
+-       networked tables such as NIS, LDAP or  SQL,  patterns  are
+-       tried in the order as listed below:
++       With lookups from indexed files such as DB or DBM, or from networked
++       tables  such  as  NIS,  LDAP  or SQL, each <i>user</i>@<i>domain</i> query produces a
++       sequence of query patterns as described below.
++
++       Each query pattern is sent to each specified lookup table before trying
++       the next query pattern, until a match is found.
+ 
+        <i>user</i>@<i>domain address, address, ...</i>
+               Redirect  mail  for  <i>user</i>@<i>domain</i>  to <i>address</i>.  This
+diff --git a/man/man5/canonical.5 b/man/man5/canonical.5
+index 1bf8d53..267495f 100644
+--- a/man/man5/canonical.5
++++ b/man/man5/canonical.5
+@@ -88,8 +88,12 @@ starts with whitespace continues a logical line.
+ .ad
+ .fi
+ With lookups from indexed files such as DB or DBM, or from networked
+-tables such as NIS, LDAP or SQL, patterns are tried in the order as
+-listed below:
++tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
++query produces a sequence of query patterns as described below.
++
++Each query pattern is sent to each specified lookup table
++before trying the next query pattern, until a match is
++found.
+ .IP "\fIuser\fR@\fIdomain address\fR"
+ Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
+ has the highest precedence.
+diff --git a/man/man5/generic.5 b/man/man5/generic.5
+index 13b9dd0..1153f58 100644
+--- a/man/man5/generic.5
++++ b/man/man5/generic.5
+@@ -80,8 +80,12 @@ starts with whitespace continues a logical line.
+ .ad
+ .fi
+ With lookups from indexed files such as DB or DBM, or from networked
+-tables such as NIS, LDAP or SQL, patterns are tried in the order as
+-listed below:
++tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
++query produces a sequence of query patterns as described below.
++
++Each query pattern is sent to each specified lookup table
++before trying the next query pattern, until a match is
++found.
+ .IP "\fIuser\fR@\fIdomain address\fR"
+ Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
+ has the highest precedence.
+diff --git a/man/man5/virtual.5 b/man/man5/virtual.5
+index da139f8..241bf10 100644
+--- a/man/man5/virtual.5
++++ b/man/man5/virtual.5
+@@ -86,8 +86,12 @@ starts with whitespace continues a logical line.
+ .ad
+ .fi
+ With lookups from indexed files such as DB or DBM, or from networked
+-tables such as NIS, LDAP or SQL, patterns are tried in the order as
+-listed below:
++tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
++query produces a sequence of query patterns as described below.
++
++Each query pattern is sent to each specified lookup table
++before trying the next query pattern, until a match is
++found.
+ .IP "\fIuser\fR@\fIdomain address, address, ...\fR"
+ Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR.
+ This form has the highest precedence.
+diff --git a/proto/canonical b/proto/canonical
+index cdda918..6255ba2 100644
+--- a/proto/canonical
++++ b/proto/canonical
+@@ -76,8 +76,12 @@
+ # .ad
+ # .fi
+ #	With lookups from indexed files such as DB or DBM, or from networked
+-#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
+-#	listed below:
++#	tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
++#	query produces a sequence of query patterns as described below.
++#
++#	Each query pattern is sent to each specified lookup table
++#	before trying the next query pattern, until a match is
++#	found.
+ # .IP "\fIuser\fR@\fIdomain address\fR"
+ #	Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
+ #	has the highest precedence.
+diff --git a/proto/generic b/proto/generic
+index b2e730a..25db840 100644
+--- a/proto/generic
++++ b/proto/generic
+@@ -68,8 +68,12 @@
+ # .ad
+ # .fi
+ #	With lookups from indexed files such as DB or DBM, or from networked
+-#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
+-#	listed below:
++#	tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
++#	query produces a sequence of query patterns as described below.
++#
++#	Each query pattern is sent to each specified lookup table
++#	before trying the next query pattern, until a match is
++#	found.
+ # .IP "\fIuser\fR@\fIdomain address\fR"
+ #	Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
+ #	has the highest precedence.
+diff --git a/proto/virtual b/proto/virtual
+index 8a2d28f..1fc30aa 100644
+--- a/proto/virtual
++++ b/proto/virtual
+@@ -74,8 +74,12 @@
+ # .ad
+ # .fi
+ #	With lookups from indexed files such as DB or DBM, or from networked
+-#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
+-#	listed below:
++#	tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
++#	query produces a sequence of query patterns as described below.
++#
++#	Each query pattern is sent to each specified lookup table
++#	before trying the next query pattern, until a match is
++#	found.
+ # .IP "\fIuser\fR@\fIdomain address, address, ...\fR"
+ #	Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR.
+ #	This form has the highest precedence.
diff --git a/SOURCES/postfix-2.10.1-haproxy-tls-fix.patch b/SOURCES/postfix-2.10.1-haproxy-tls-fix.patch
new file mode 100644
index 0000000..0605594
--- /dev/null
+++ b/SOURCES/postfix-2.10.1-haproxy-tls-fix.patch
@@ -0,0 +1,33 @@
+diff --git a/src/smtpd/smtpd_haproxy.c b/src/smtpd/smtpd_haproxy.c
+index 599e3ed..a4c527c 100644
+--- a/src/smtpd/smtpd_haproxy.c
++++ b/src/smtpd/smtpd_haproxy.c
+@@ -96,6 +96,14 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
+     VSTRING *escape_buf;
+ 
+     /*
++     * While reading HAProxy handshake information, don't buffer input beyond
++     * the end-of-line. That would break the TLS wrappermode handshake.
++     */
++    vstream_control(state->client,
++		    VSTREAM_CTL_BUFSIZE, 1,
++		    VSTREAM_CTL_END);
++
++    /*
+      * Note: the haproxy_srvr_parse() routine performs address protocol
+      * checks, address and port syntax checks, and converts IPv4-in-IPv6
+      * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted
+@@ -142,6 +150,13 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
+ 	 * Avoid surprises in the Dovecot authentication server.
+ 	 */
+ 	state->dest_addr = mystrdup(smtp_server_addr.buf);
++
++	/*
++	 * Enable normal buffering.
++	 */
++	vstream_control(state->client,
++			VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
++			VSTREAM_CTL_END);
+ 	return (0);
+     }
+ }
diff --git a/SOURCES/postfix-2.10.1-kernel-4-fix.patch b/SOURCES/postfix-2.10.1-kernel-4-fix.patch
new file mode 100644
index 0000000..2c620ab
--- /dev/null
+++ b/SOURCES/postfix-2.10.1-kernel-4-fix.patch
@@ -0,0 +1,13 @@
+diff --git a/makedefs b/makedefs
+index 93b5949..b83a908 100644
+--- a/makedefs
++++ b/makedefs
+@@ -347,7 +347,7 @@ EOF
+ 		       fi;;
+ 		esac
+ 		;;
+-    Linux.3*)	SYSTYPE=LINUX3
++    Linux.[34]*)	SYSTYPE=LINUX3
+ 		case "$CCARGS" in
+ 		 *-DNO_DB*) ;;
+ 		 *) if [ -f /usr/include/db.h ]
diff --git a/SPECS/postfix.spec b/SPECS/postfix.spec
index a2ebda7..9c998e8 100644
--- a/SPECS/postfix.spec
+++ b/SPECS/postfix.spec
@@ -41,7 +41,7 @@
 Name: postfix
 Summary: Postfix Mail Transport Agent
 Version: 2.10.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 2
 Group: System Environment/Daemons
 URL: http://www.postfix.org
@@ -83,6 +83,9 @@ Patch2: postfix-2.6.1-files.patch
 Patch3: postfix-alternatives.patch
 Patch8: postfix-large-fs.patch
 Patch9: pflogsumm-1.1.3-datecalc.patch
+Patch10: postfix-2.10.1-haproxy-tls-fix.patch
+Patch11: postfix-2.10.1-canonical-maps-doc-fix.patch
+Patch12: postfix-2.10.1-kernel-4-fix.patch
 
 # Optional patches - set the appropriate environment variables to include
 #		     them when building the package/spec file
@@ -151,6 +154,10 @@ pushd pflogsumm-%{pflogsumm_ver}
 popd
 %endif
 
+%patch10 -p1 -b .haproxy-tls-fix
+%patch11 -p1 -b .canonical-maps-doc-fix
+%patch12 -p1 -b .kernel-4-fix
+
 for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
 		touch -r ${f}{,_} && mv -f ${f}{_,}
@@ -527,6 +534,14 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Mon May  7 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:2.10.1-7
+- Fixed haproxy with TLS
+  Resolves: rhbz#1370455
+- Fixed documentation about canonical maps
+  Resolves: rhbz#1381871
+- Fixed build with kernel-4.*
+  Resolves: rhbz#1575658
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2:2.10.1-6
 - Mass rebuild 2014-01-24