diff --git a/AUTHORS b/AUTHORS
index df9d543..5c9ad9e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -21,3 +21,8 @@ websites for further details.
 
 This product includes software developed by the OpenSSL Project
 for use in the OpenSSL Toolkit (http://www.openssl.org/).
+
+Translations
+------------
+Thanks to Per-Arne Christensen for the Norwegian translation of 
+the GUI.
diff --git a/ChangeLog b/ChangeLog
index c8edbf9..cbf3ae9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,12 @@
 E-MailRelay Change Log
 ======================
 
-2.2 -> 2.2.1
-------------
+2.2 -> 2.3
+----------
 * Unix domain sockets supported (eg. "--interface=/tmp/smtp.s").
 * Windows event log not used for verbose logging (prefer "--log-file").
 * New admin 'forward' command to trigger forwarding without waiting.
+* Optional base64 encoding of passwords in secrets files ("plain:b").
 * Support for MbedTLS version 3.
 
 2.1 -> 2.2
diff --git a/Makefile.am b/Makefile.am
index 0ec2fa3..4b011a5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -22,7 +22,7 @@
 # Additional pseudo-targets:
 #	* rpm - builds an rpm package using rpmbuild
 #	* deb - builds a deb package using debhelper
-#	* cmake - generates simplistic cmake files under ./build/
+#	* cmake - generates cmake files under ./build/
 #	* tidy - runs cmake-tidy
 #	* format - runs cmake-format
 #
@@ -41,7 +41,7 @@
 #	$ sudo make deb
 #
 # and possibly:
-#	$ make cmake ; cd build ; make
+#	$ make cmake ; make -C build
 #	$ make tidy TIDY=clang-tidy-10
 #	$ make format FORMAT=clang-format-10
 #	$ make distcheck DISTCHECK_CONFIGURE_FLAGS=--disable-testing
@@ -126,6 +126,7 @@ format:
 cmake:
 	@chmod +x bin/make2cmake || true
 	bin/make2cmake
-	mkdir build || true
+	test -d build || mkdir build
 	cd build && cmake -DCMAKE_MAKE_PROGRAM:FILEPATH=/usr/bin/make -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ..
+	@echo now run make from the '"build"' directory
 
diff --git a/Makefile.in b/Makefile.in
index 54124f9..e24e46a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -24,7 +24,7 @@
 # Additional pseudo-targets:
 #	* rpm - builds an rpm package using rpmbuild
 #	* deb - builds a deb package using debhelper
-#	* cmake - generates simplistic cmake files under ./build/
+#	* cmake - generates cmake files under ./build/
 #	* tidy - runs cmake-tidy
 #	* format - runs cmake-format
 #
@@ -43,7 +43,7 @@
 #	$ sudo make deb
 #
 # and possibly:
-#	$ make cmake ; cd build ; make
+#	$ make cmake ; make -C build
 #	$ make tidy TIDY=clang-tidy-10
 #	$ make format FORMAT=clang-format-10
 #	$ make distcheck DISTCHECK_CONFIGURE_FLAGS=--disable-testing
@@ -952,8 +952,9 @@ format:
 cmake:
 	@chmod +x bin/make2cmake || true
 	bin/make2cmake
-	mkdir build || true
+	test -d build || mkdir build
 	cd build && cmake -DCMAKE_MAKE_PROGRAM:FILEPATH=/usr/bin/make -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ..
+	@echo now run make from the '"build"' directory
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/NEWS b/NEWS
index 3cd8551..d0d4d31 100644
--- a/NEWS
+++ b/NEWS
@@ -1,28 +1,5 @@
 News
 ----
-E-MailRelay 2.2 is now fully C++11, so older compilers will not work unless
-they have a "-std=c++11" option or similar, and this also means that
-"uclibc++" is no longer supported.
-
-The behaviour with respect to the "--remote-clients" command-line option is
-changed in this release: previously IPv4 connections were allowed only from
-the host's local address, as determined by a DNS lookup, unless using
-"--remote-clients". The new implementation allows connections from any
-loopback or 'private use' address, defined in RFC-1918 and RFC-5735. This
-brings the IPv4 behaviour in line with IPv6, and it still honours the intent
-of the "--remote-clients" option in protecting the naive user against
-accidental exposore to the public internet.
-
-Some internationalisation support has been added, using gettext() for the
-main program and Qt's tr() for the GUI. See "doc/developer.txt".
-
-A systemd unit file has been added, although by default it is only installed
-as an "examples" file. Use "e_systemddir=/usr/lib/systemd/system" on the
-"./configure" command-line to have it installed by "make install".
-
-This release has a new "make tidy" option that runs "clang-tidy" over the
-code and also "make cmake" to generate simple cmake files for a unix build.
-
-Version 2.2.1 adds support for unix-domain sockets. 
-
-Thanks to Per-Arne Christensen for the Norwegian translation of the GUI.
+Version 2.3 is a relatively minor release. The main functional change is to
+support unix domain sockets. Non-functional code changes include better 
+separation of interface and implementation in the SMTP message store.
diff --git a/VERSION b/VERSION
index c043eea..bb576db 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2.1
+2.3
diff --git a/bin/AutoMakeParser.pm b/bin/AutoMakeParser.pm
index 15fc9dc..8dadd3b 100644
--- a/bin/AutoMakeParser.pm
+++ b/bin/AutoMakeParser.pm
@@ -298,7 +298,7 @@ sub simplepath
 	for my $x ( @split )
 	{
 		next if( $x eq "" || $x eq "." ) ;
-		if( $x eq ".." && scalar(@out) && @out[-1] ne ".." )
+		if( $x eq ".." && scalar(@out) && $out[-1] ne ".." )
 		{
 			pop @out ;
 		}
diff --git a/bin/doxygen.sh b/bin/doxygen.sh
old mode 100644
new mode 100755
diff --git a/bin/emailrelay-bcc-check.pl b/bin/emailrelay-bcc-check.pl
index 3d0adc6..a549234 100755
--- a/bin/emailrelay-bcc-check.pl
+++ b/bin/emailrelay-bcc-check.pl
@@ -30,7 +30,7 @@ use strict ;
 use FileHandle ;
 $SIG{__DIE__} = sub { (my $e = join(" ",@_)) =~ s/\n/ /g ; print "<<error: $e>>\n" ; exit 99 } ;
 
-my $content = @ARGV[0] or die "usage error\n" ;
+my $content = $ARGV[0] or die "usage error\n" ;
 my $verbose = 1 ;
 
 # read the bcc list from the content file
diff --git a/bin/emailrelay-deliver.sh.in b/bin/emailrelay-deliver.sh.in
index a3120cd..09a3e1c 100644
--- a/bin/emailrelay-deliver.sh.in
+++ b/bin/emailrelay-deliver.sh.in
@@ -20,7 +20,6 @@
 # setup.
 #
 
-
 store="__SPOOL_DIR__"
 postmaster="root"
 procmail="procmail"
diff --git a/bin/emailrelay-rot13.pl b/bin/emailrelay-rot13.pl
index ffe2a70..68159eb 100755
--- a/bin/emailrelay-rot13.pl
+++ b/bin/emailrelay-rot13.pl
@@ -31,7 +31,7 @@ while(<$fh_in>)
 
 	if( $in_header && ( $line =~ m/^\s/ ) && scalar(@headers) ) # folding
 	{
-		@headers[-1] .= "\r\n$line" ;
+		$headers[-1] .= "\r\n$line" ;
 	}
 	elsif( $in_header && ( $line =~ m/^$/ ) )
 	{
diff --git a/bin/emailrelay-set-from.pl b/bin/emailrelay-set-from.pl
index 9790e49..f537a9a 100755
--- a/bin/emailrelay-set-from.pl
+++ b/bin/emailrelay-set-from.pl
@@ -25,7 +25,7 @@ my $new_from = 'noreply@example.com' ;
 my $new_sender = '' ;
 my $new_reply_to = $new_from ;
 
-my $content = @ARGV[0] or die "usage error\n" ;
+my $content = $ARGV[0] or die "usage error\n" ;
 
 my $in = new FileHandle( $content , "r" ) or die ;
 my $out = new FileHandle( "$content.tmp" , "w" ) or die ;
diff --git a/bin/make-format b/bin/make-format
index aafdec3..435d7d3 100755
--- a/bin/make-format
+++ b/bin/make-format
@@ -177,9 +177,9 @@ sub fixup
 		}
 
 		# add some more whitespace
-		$line =~ s:(\S);$:\1 ;: ;
-		$line =~ s:(\S); //(.*):\1 ; //\2: ;
-		$line =~ s:(\S),:\1 ,:g unless ( $line =~ m/["']/ or $line =~ m://.*,: ) ;
+		$line =~ s:(\S);$:$1 ;: ;
+		$line =~ s:(\S); //(.*):$1 ; //$2: ;
+		$line =~ s:(\S),:$1 ,:g unless ( $line =~ m/["']/ or $line =~ m://.*,: ) ;
 
 		print $fh_out $line , "\n" or die ;
 	}
diff --git a/bin/winbuild.pm b/bin/winbuild.pm
index 2cd9a1f..34a1d81 100644
--- a/bin/winbuild.pm
+++ b/bin/winbuild.pm
@@ -353,7 +353,8 @@ sub create_touchfile
 sub read_makefiles
 {
 	my ( $switches , $vars ) = @_ ;
-	return AutoMakeParser::readall( "." , $switches , $vars , 1 ) ;
+	my $verbose = 1 ;
+	return AutoMakeParser::readall( "." , $switches , $vars , $verbose ) ;
 }
 
 sub cache_value
diff --git a/bootstrap b/bootstrap
old mode 100644
new mode 100755
diff --git a/configure b/configure
index 1fbdf65..3207ae7 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for E-MailRelay 2.2.1.
+# Generated by GNU Autoconf 2.69 for E-MailRelay 2.3.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='E-MailRelay'
 PACKAGE_TARNAME='emailrelay'
-PACKAGE_VERSION='2.2.1'
-PACKAGE_STRING='E-MailRelay 2.2.1'
+PACKAGE_VERSION='2.3'
+PACKAGE_STRING='E-MailRelay 2.3'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -657,8 +657,6 @@ GCONFIG_TESTING_FALSE
 GCONFIG_TESTING_TRUE
 GCONFIG_MAC_FALSE
 GCONFIG_MAC_TRUE
-GCONFIG_IPV6_FALSE
-GCONFIG_IPV6_TRUE
 GCONFIG_INTERFACE_NAMES_FALSE
 GCONFIG_INTERFACE_NAMES_TRUE
 GCONFIG_INSTALL_HOOK_FALSE
@@ -796,7 +794,6 @@ enable_epoll
 enable_gui
 enable_install_hook
 enable_interface_names
-enable_ipv6
 enable_mac
 enable_std_thread
 enable_testing
@@ -1378,7 +1375,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures E-MailRelay 2.2.1 to adapt to many kinds of systems.
+\`configure' configures E-MailRelay 2.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1445,7 +1442,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of E-MailRelay 2.2.1:";;
+     short | recursive ) echo "Configuration of E-MailRelay 2.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1473,7 +1470,6 @@ Optional Features:
   --enable-interface-names
                           allow network interface names for defining listening
                           addresses (default yes)
-  --enable-ipv6           enable ipv6 (default auto)
   --enable-mac            enable building for mac os x (default auto)
   --enable-std-thread     use std::thread or not (default auto)
   --enable-testing        enable make check tests (default yes)
@@ -1579,7 +1575,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-E-MailRelay configure 2.2.1
+E-MailRelay configure 2.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2015,7 +2011,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by E-MailRelay $as_me 2.2.1, which was
+It was created by E-MailRelay $as_me 2.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2880,7 +2876,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='emailrelay'
- VERSION='2.2.1'
+ VERSION='2.3'
 
 
 # Some tools Automake needs.
@@ -9368,52 +9364,6 @@ else
 fi
 
 
-# Check whether --enable-ipv6 was given.
-if test "${enable_ipv6+set}" = set; then :
-  enableval=$enable_ipv6;
-fi
-
-
-	if test "$enable_ipv6" = "no"
-	then
-		gconfig_use_ipv6="no"
-	else
-		if test "$gconfig_cv_ipv6" = "no"
-		then
-			if test "$enable_ipv6" = "yes"
-			then
-				{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ignoring --enable-ipv6" >&5
-$as_echo "$as_me: WARNING: ignoring --enable-ipv6" >&2;}
-			fi
-			gconfig_use_ipv6="no"
-		else
-			gconfig_use_ipv6="yes"
-		fi
-	fi
-
-	if test "$enable_ipv6" != "no" -a "$gconfig_use_ipv6" = "no"
-	then
-		gconfig_warnings="$gconfig_warnings ipv6_ipv6_networking"
-	fi
-
-	if test "$gconfig_use_ipv6" = "yes" ; then
-
-$as_echo "#define GCONFIG_ENABLE_IPV6 1" >>confdefs.h
-
-	else
-
-$as_echo "#define GCONFIG_ENABLE_IPV6 0" >>confdefs.h
-
-	fi
-	 if test "$gconfig_use_ipv6" = "yes"; then
-  GCONFIG_IPV6_TRUE=
-  GCONFIG_IPV6_FALSE='#'
-else
-  GCONFIG_IPV6_TRUE='#'
-  GCONFIG_IPV6_FALSE=
-fi
-
-
 # Check whether --enable-mac was given.
 if test "${enable_mac+set}" = set; then :
   enableval=$enable_mac;
@@ -10337,10 +10287,6 @@ if test -z "${GCONFIG_INTERFACE_NAMES_TRUE}" && test -z "${GCONFIG_INTERFACE_NAM
   as_fn_error $? "conditional \"GCONFIG_INTERFACE_NAMES\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${GCONFIG_IPV6_TRUE}" && test -z "${GCONFIG_IPV6_FALSE}"; then
-  as_fn_error $? "conditional \"GCONFIG_IPV6\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${GCONFIG_MAC_TRUE}" && test -z "${GCONFIG_MAC_FALSE}"; then
   as_fn_error $? "conditional \"GCONFIG_MAC\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -10782,7 +10728,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by E-MailRelay $as_me 2.2.1, which was
+This file was extended by E-MailRelay $as_me 2.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -10848,7 +10794,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-E-MailRelay config.status 2.2.1
+E-MailRelay config.status 2.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index d04917d..b3a5ef2 100755
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@ dnl
 dnl Process this file with autoconf to produce a configure script.
 dnl
 
-AC_INIT([E-MailRelay],[2.2.1],[],[emailrelay])
+AC_INIT([E-MailRelay],[2.3],[],[emailrelay])
 AC_CONFIG_SRCDIR([src/glib/gdef.h])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([no-define])
@@ -90,8 +90,6 @@ AC_ARG_ENABLE([install-hook],AS_HELP_STRING([--enable-install-hook],[enable fixi
 GCONFIG_FN_ENABLE_INSTALL_HOOK
 AC_ARG_ENABLE([interface-names],AS_HELP_STRING([--enable-interface-names],[allow network interface names for defining listening addresses (default yes)]))
 GCONFIG_FN_ENABLE_INTERFACE_NAMES
-AC_ARG_ENABLE([ipv6],AS_HELP_STRING([--enable-ipv6],[enable ipv6 (default auto)]))
-GCONFIG_FN_ENABLE_IPV6
 AC_ARG_ENABLE([mac],AS_HELP_STRING([--enable-mac],[enable building for mac os x (default auto)]))
 GCONFIG_FN_ENABLE_MAC
 AC_ARG_ENABLE([std-thread],AS_HELP_STRING([--enable-std-thread],[use std::thread or not (default auto)]))
diff --git a/configure.sh b/configure.sh
index a26b2d1..663ff2b 100755
--- a/configure.sh
+++ b/configure.sh
@@ -117,10 +117,10 @@ then
 fi
 if test -d "$MBEDTLS_DIR"
 then
-	echo "configure.sh: mbedtls directory exists: adding --with-mbedtls and CPPFLAGS=-I$MBEDTLS_DIR/include etc"
+	echo "configure.sh: mbedtls directory exists: adding --with-mbedtls and CXXFLAGS=-I$MBEDTLS_DIR/include etc"
 	with_mbedtls="--with-mbedtls"
 	make_mbedtls=1
-	export CPPFLAGS="$CPPFLAGS -I`pwd`/$MBEDTLS_DIR/include"
+	export CXXFLAGS="$CXXFLAGS -I`pwd`/$MBEDTLS_DIR/include"
 	export LDFLAGS="$LDFLAGS -L`pwd`/$MBEDTLS_DIR/library"
 fi
 
@@ -139,7 +139,7 @@ then
 	export GCONFIG_WINDMC="$TARGET-windmc"
 	export GCONFIG_WINDRES="$TARGET-windres"
 	export CXXFLAGS="$CXXFLAGS -std=c++11 -pthread"
-	#export CPPFLAGS="$CPPFLAGS -D_WIN32_WINNT=0x0501" eg. for Windows XP, otherwise whatever mingw defaults to
+	#export CXXFLAGS="$CXXFLAGS -D_WIN32_WINNT=0x0501" eg. for Windows XP, otherwise whatever mingw defaults to
 	export LDFLAGS="$LDFLAGS -pthread"
 	if test -x "`which $CXX`" ; then : ; else echo "error: no mingw c++ compiler: [$CXX]\n" ; exit 1 ; fi
 	( echo msbuild . ; echo qt-x86 . ; echo qt-x64 . ; echo cmake . ; echo msvc . ) > winbuild.cfg
@@ -184,35 +184,35 @@ then
 :
 elif test "0$opt_openwrt" -eq 1
 then
-    TARGET="mips-openwrt-linux-musl"
-    SDK_DIR="`find $HOME -maxdepth 3 -type d -iname openwrt-sdk\* 2>/dev/null | sort | head -1`"
-    SDK_TOOLCHAIN_DIR="`find \"$SDK_DIR/staging_dir\" -type d -iname toolchain-\* 2>/dev/null | sort | head -1`"
-    SDK_TARGET_DIR="`find \"$SDK_DIR/staging_dir\" -type d -iname target-\* 2>/dev/null | sort | head -1`"
-    export CC="$SDK_TOOLCHAIN_DIR/bin/$TARGET-gcc"
-    export CXX="$SDK_TOOLCHAIN_DIR/bin/$TARGET-c++"
-    export AR="$SDK_TOOLCHAIN_DIR/bin/$TARGET-ar"
-    export STRIP="$SDK_TOOLCHAIN_DIR/bin/$TARGET-strip"
-    export CXXFLAGS="-fno-rtti -fno-threadsafe-statics -Os $CXXFLAGS"
-    export CPPFLAGS="$CPPFLAGS -DG_SMALL"
+	TARGET="mips-openwrt-linux-musl"
+	SDK_DIR="`find $HOME -maxdepth 3 -type d -iname openwrt-sdk\* 2>/dev/null | sort | head -1`"
+	SDK_TOOLCHAIN_DIR="`find \"$SDK_DIR/staging_dir\" -type d -iname toolchain-\* 2>/dev/null | sort | head -1`"
+	SDK_TARGET_DIR="`find \"$SDK_DIR/staging_dir\" -type d -iname target-\* 2>/dev/null | sort | head -1`"
+	export CC="$SDK_TOOLCHAIN_DIR/bin/$TARGET-gcc"
+	export CXX="$SDK_TOOLCHAIN_DIR/bin/$TARGET-c++"
+	export AR="$SDK_TOOLCHAIN_DIR/bin/$TARGET-ar"
+	export STRIP="$SDK_TOOLCHAIN_DIR/bin/$TARGET-strip"
+	export CXXFLAGS="-fno-rtti -fno-threadsafe-statics -Os $CXXFLAGS"
+	export CXXFLAGS="$CXXFLAGS -DG_SMALL"
 	export LDFLAGS="$LDFLAGS -static"
 	export LIBS="-lgcc_eh"
 	if test -x "$CXX" ; then : ; else echo "error: no c++ compiler for target [$TARGET]: CXX=[$CXX]\n" ; exit 1 ; fi
-    $thisdir/configure $enable_debug --host $TARGET \
+	$thisdir/configure $enable_debug --host $TARGET \
 		--disable-gui --without-pam --without-doxygen \
 		$with_mbedtls --disable-std-thread \
 		--prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \
 		--localstatedir=/var $opt_passthrough e_initdir=/etc/init.d "$@"
 	echo :
 	echo "build with..."
-    #echo "  export PATH=\"$SDK_TOOLCHAIN_DIR/bin:\$PATH\""
-    #echo "  export STAGING_DIR=\"$SDK_DIR/staging_dir\""
+	#echo "  export PATH=\"$SDK_TOOLCHAIN_DIR/bin:\$PATH\""
+	#echo "  export STAGING_DIR=\"$SDK_DIR/staging_dir\""
 	test "$make_mbedtls" -eq 1 && echo "  make -C $MBEDTLS_DIR/library CC=$CC AR=$AR"
 	echo "  make"
 	echo "  make -C src/main strip"
 :
 elif test "`uname`" = "NetBSD"
 then
-	export CPPFLAGS="$CPPFLAGS -I/usr/X11R7/include"
+	export CXXFLAGS="$CXXFLAGS -I/usr/X11R7/include"
 	export LDFLAGS="$LDFLAGS -L/usr/X11R7/lib"
 	$thisdir/configure $enable_debug $with_mbedtls \
 		--prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \
@@ -220,7 +220,7 @@ then
 :
 elif test "`uname`" = "FreeBSD"
 then
-	export CPPFLAGS="$CPPFLAGS -I/usr/local/include -I/usr/local/include/libav"
+	export CXXFLAGS="$CXXFLAGS -I/usr/local/include -I/usr/local/include/libav"
 	export LDFLAGS="$LDFLAGS -L/usr/local/lib -L/usr/local/lib/libav"
 	$thisdir/configure $enable_debug $with_mbedtls \
 		--prefix=/usr/local --mandir=/usr/local/man \
@@ -228,7 +228,7 @@ then
 :
 elif test "`uname`" = "OpenBSD"
 then
-	export CPPFLAGS="$CPPFLAGS -I/usr/X11R6/include"
+	export CXXFLAGS="$CXXFLAGS -I/usr/X11R6/include"
 	export LDFLAGS="$LDFLAGS -L/usr/X11R6/lib"
 	$thisdir/configure $enable_debug $with_mbedtls \
 		--prefix=/usr/local --mandir=/usr/local/man \
@@ -236,14 +236,14 @@ then
 :
 elif test "`uname`" = "Darwin"
 then
-	export CPPFLAGS="$CPPFLAGS -I/opt/local/include -I/opt/X11/include"
+	export CXXFLAGS="$CXXFLAGS -I/opt/local/include -I/opt/X11/include"
 	export LDFLAGS="$LDFLAGS -L/opt/local/lib -L/opt/X11/lib"
 	$thisdir/configure $enable_debug $with_mbedtls \
 		--prefix=/opt/local --mandir=/opt/local/man $opt_passthrough "$@"
 :
 elif test "`uname`" = "Linux"
 then
-	export CPPFLAGS
+	export CXXFLAGS
 	export LDFLAGS
 	$thisdir/configure $enable_debug $with_mbedtls \
 		--prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \
@@ -251,7 +251,7 @@ then
 		$opt_passthrough e_rundir=/run/emailrelay "$@"
 :
 else
-	export CPPFLAGS="$CPPFLAGS -I/usr/X11R7/include -I/usr/X11R6/include -I/usr/local/include -I/opt/local/include -I/opt/X11/include"
+	export CXXFLAGS="$CXXFLAGS -I/usr/X11R7/include -I/usr/X11R6/include -I/usr/local/include -I/opt/local/include -I/opt/X11/include"
 	export LDFLAGS="$LDFLAGS -L/usr/X11R7/lib -L/usr/X11R6/lib -L/usr/local/lib -L/opt/local/lib -L/opt/X11/lib"
 	$thisdir/configure $enable_debug $with_mbedtls $opt_passthrough "$@"
 fi
diff --git a/debian/changelog b/debian/changelog
index 293fd35..0a024f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
-emailrelay (2.2.1) unstable; urgency=low
+emailrelay (2.3) unstable; urgency=low
   * Unix domain sockets supported (eg. "--interface=/tmp/smtp.s").
   * Windows event log not used for verbose logging (prefer "--log-file").
   * New admin 'forward' command to trigger forwarding without waiting.
+  * Optional base64 encoding of passwords in secrets files ("plain:b").
   * Support for MbedTLS version 3.
  -- maintainer graeme_walker <graeme_walker@users.sourceforge.net>  Tue, 14 Feb 2022 00:00:00 +0000
 
@@ -27,7 +28,7 @@ emailrelay (2.1) unstable; urgency=low
   * New "--idle-timeout" option for server-side connections.
   * Support for RFC-5782 DNSBL blocking ("--dnsbl").
   * Filter scripts are given the path of the envelope file in argv2.
-  * Message files can be editied by "--client-filter" scripts.
+  * Message files can be edited by "--client-filter" scripts.
   * Better support for CRAM-SHAx authentication.
   * New "--client-auth-config" and "--server-auth-config" options.
   * New "--show" option on windows to better control the user interface style.
diff --git a/debian/postinst b/debian/postinst
index a2f33b1..9de64ae 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -27,7 +27,7 @@ emailrelay_fix_html()
 
 emailrelay_create_config()
 {
-	if test ! -f /etc/emailrelay.conf -a -f /etc/emailrelay.conf.template
+	if test ! -e /etc/emailrelay.conf -a -f /etc/emailrelay.conf.template
 	then
 		cp /etc/emailrelay.conf.template /etc/emailrelay.conf
 	fi
diff --git a/doc/changelog.html b/doc/changelog.html
index a11da41..bd5062b 100644
--- a/doc/changelog.html
+++ b/doc/changelog.html
@@ -9,11 +9,12 @@
   <!-- index:0::::E-MailRelay Change Log -->
  <div class="div-main">
   <h1><a class="a-header" name="H_1">E-MailRelay Change Log</a></h1> <!-- index:1:H:E-MailRelay Change Log -->
-   <h2><a class="a-header" name="SH_1_1">2.2 -> 2.2.1</a></h2> <!-- index:2:SH:1:1:2.2 -> 2.2.1 -->
+   <h2><a class="a-header" name="SH_1_1">2.2 -> 2.3</a></h2> <!-- index:2:SH:1:1:2.2 -> 2.3 -->
     <ul>
      <li>Unix domain sockets supported (eg. <em>--interface=/tmp/smtp.s</em>.</li>
      <li>Windows event log not used for verbose logging (prefer <em>--log-file</em>).</li>
      <li>New admin <em>forward</em> command to trigger forwarding without waiting.</li>
+     <li>Optional base64 encoding of passwords in secrets files (<em>plain:b</em>).</li>
      <li>Support for MbedTLS version 3.</li>
     </ul>
    <h2><a class="a-header" name="SH_1_2">2.1 -> 2.2</a></h2> <!-- index:2:SH:1:2:2.1 -> 2.2 -->
diff --git a/doc/changelog.md b/doc/changelog.md
index 398e380..ec4e9dc 100644
--- a/doc/changelog.md
+++ b/doc/changelog.md
@@ -1,12 +1,13 @@
 E-MailRelay Change Log
 ======================
 
-2.2 -> 2.2.1
-------------
+2.2 -> 2.3
+----------
 
 * Unix domain sockets supported (eg. `--interface=/tmp/smtp.s`).
 * Windows event log not used for verbose logging (prefer `--log-file`).
 * New admin `forward` command to trigger forwarding without waiting.
+* Optional base64 encoding of passwords in secrets files (`plain:b`).
 * Support for MbedTLS version 3.
 
 2.1 -> 2.2
@@ -34,7 +35,7 @@ E-MailRelay Change Log
 * New `--idle-timeout` option for server-side connections.
 * Support for [RFC-5782][] [DNSBL][] blocking (`--dnsbl`).
 * Filter scripts are given the path of the envelope file in argv2.
-* Message files can be editied by `--client-filter` scripts.
+* Message files can be edited by `--client-filter` scripts.
 * Better support for CRAM-SHAx authentication.
 * New `--client-auth-config` and `--server-auth-config` options.
 * New `--show` option on windows to better control the user interface style.
diff --git a/doc/changelog.rst b/doc/changelog.rst
index 241978f..3312174 100644
--- a/doc/changelog.rst
+++ b/doc/changelog.rst
@@ -2,12 +2,13 @@
 E-MailRelay Change Log
 **********************
 
-2.2 -> 2.2.1
-============
+2.2 -> 2.3
+==========
 
 * Unix domain sockets supported (eg. *--interface=/tmp/smtp.s*).
 * Windows event log not used for verbose logging (prefer *--log-file*).
 * New admin *forward* command to trigger forwarding without waiting.
+* Optional base64 encoding of passwords in secrets files (*plain:b*).
 * Support for MbedTLS version 3.
 
 2.1 -> 2.2
diff --git a/doc/changelog.txt b/doc/changelog.txt
index 242e721..a2cb5eb 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,11 +1,12 @@
 E-MailRelay Change Log
 ======================
 
-2.2 -> 2.2.1
-------------
+2.2 -> 2.3
+----------
 * Unix domain sockets supported (eg. "--interface=/tmp/smtp.s").
 * Windows event log not used for verbose logging (prefer "--log-file").
 * New admin "forward" command to trigger forwarding without waiting.
+* Optional base64 encoding of passwords in secrets files ("plain:b").
 * Support for MbedTLS version 3.
 
 2.1 -> 2.2
diff --git a/doc/conf.py.sphinx b/doc/conf.py.sphinx
index c7bae5d..d02c370 100644
--- a/doc/conf.py.sphinx
+++ b/doc/conf.py.sphinx
@@ -7,10 +7,10 @@ templates_path = ['_templates']
 source_suffix = '.rst'
 master_doc = 'index'
 project = u'E-MailRelay'
-copyright = u'2021, Graeme Walker'
+copyright = u'2022, Graeme Walker'
 author = u'Graeme Walker'
-version = u'2.2'
-release = u'2.2'
+version = u'2.3'
+release = u'2.3'
 language = None
 today_fmt = '%Y-%m-%d'
 exclude_patterns = []
diff --git a/doc/emailrelay-man.html b/doc/emailrelay-man.html
index 24dd93d..0a43183 100644
--- a/doc/emailrelay-man.html
+++ b/doc/emailrelay-man.html
@@ -195,7 +195,7 @@ Displays help text and then exits. Use with <I>--verbose</I> for more complete o
 <DT><B>-H, --hidden</B>
 
 <DD>
-Windows only. Hides the application window and disables all message boxes, overriding any <I></I><I>--show</I><I></I> option. This is useful when running  as a windows service.
+Windows only. Hides the application window and disables all message boxes, overriding any <I>--show</I> option. This is useful when running as a windows service.
 <DT><B>--idle-timeout </B><I>&lt;time&gt;</I>
 
 <DD>
@@ -211,7 +211,7 @@ Specifies the IP network addresses or interface names used to bind listening por
 <DT><B>--localedir </B><I>&lt;dir&gt;</I>
 
 <DD>
-Specifies a locale base directory where localisation message catalogues  can be found. An empty directory can be used for the built-in default.
+Enables localisation and specifies the locale base directory where message catalogues can be found. An empty directory can be used for the built-in default.
 <DT><B>-l, --log</B>
 
 <DD>
@@ -331,7 +331,7 @@ Selects and configures the low-level TLS library, using a comma-separated list o
 <DT><B>-u, --user </B><I>&lt;username&gt;</I>
 
 <DD>
-When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. Specify <I>root</I> to disable all user-id switching. Ignored on Windows.
+When started as root the program switches to a non-privileged effective user-id when idle. This option can be used to define the idle user-id and also the group ownership of new files and sockets. Specify <I>root</I> to  disable all user-id switching. Ignored on Windows.
 <DT><B>-v, --verbose</B>
 
 <DD>
@@ -366,7 +366,8 @@ Graeme Walker, mailto:<A HREF="mailto:graeme_walker@users.sourceforge.net">graem
 </DL>
 <HR>
 This document was created by
-<A HREF="lynxcgi:./cgi-bin/man/man2html">man2html</A>,
+<A HREF="lynxcgi:FOO/cgi-bin/man/man2html">man2html</A>,
 using the manual pages.<BR>
 </BODY>
 </HTML>
+<!-- Copyright (C) 2001-2021 Graeme Walker <graeme_walker@users.sourceforge.net>. All rights reserved. -->
diff --git a/doc/emailrelay.1 b/doc/emailrelay.1
index 0706a65..3bb3d6b 100644
--- a/doc/emailrelay.1
+++ b/doc/emailrelay.1
@@ -146,7 +146,7 @@ Allow forwarding to continue even if some recipient addresses on an e-mail envel
 Displays help text and then exits. Use with \fI--verbose\fR for more complete output.
 .TP
 .B \-H, --hidden
-Windows only. Hides the application window and disables all message boxes, overriding any \fI\fR\fI--show\fR\fI\fR option. This is useful when running  as a windows service.
+Windows only. Hides the application window and disables all message boxes, overriding any \fI--show\fR option. This is useful when running as a windows service.
 .TP
 .B --idle-timeout \fI<time>\fR
 Specifies a timeout (in seconds) for receiving network traffic from remote SMTP and POP clients. The default is 1800 seconds.
@@ -158,7 +158,7 @@ Causes mail messages to be forwarded as they are received, even before they have
 Specifies the IP network addresses or interface names used to bind listening ports. By default listening ports for incoming SMTP, POP and administration connections will bind the 'any' address for IPv4 and for IPv6, ie. \fI0.0.0.0\fR and \fI::\fR. Multiple addresses can be specified by using the option more than once or by using a comma-separated list. Use a prefix of \fIsmtp=\fR, \fIpop=\fR or \fIadmin=\fR on addresses that should apply only to those types of listening port. Any link-local IPv6 addresses must include a zone name or scope id.  Interface names can be used instead of addresses, in which case all the addresses associated with that interface at startup will used for listening. When an interface name is decorated with a \fI-ipv4\fR or \fI-ipv6\fR suffix only their IPv4 or IPv6 addresses will be used (eg. \fIppp0-ipv4\fR).
 .TP
 .B --localedir \fI<dir>\fR
-Specifies a locale base directory where localisation message catalogues  can be found. An empty directory can be used for the built-in default.
+Enables localisation and specifies the locale base directory where message catalogues can be found. An empty directory can be used for the built-in default.
 .TP
 .B \-l, --log
 Enables logging to the standard error stream and to the syslog. The \fI--close-stderr\fR and \fI--no-syslog\fR options can be used to disable output to standard error stream and the syslog separately. Note that \fI--as-server\fR, \fI--as-client\fR and \fI--as-proxy\fR imply \fI--log\fR, and \fI--as-server\fR and \fI--as-proxy\fR also imply \fI--close-stderr\fR.
@@ -248,7 +248,7 @@ When used with \fI--log\fR this option enables logging to the syslog even if the
 Selects and configures the low-level TLS library, using a comma-separated list of keywords. If OpenSSL and mbedTLS are both built in then keywords of \fIopenssl\fR and \fImbedtls\fR will select one or the other. Keywords like \fItlsv1.0\fR can be used to set a minimum TLS protocol version, or \fI-tlsv1.2\fR to set a maximum version.
 .TP
 .B \-u, --user \fI<username>\fR
-When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. Specify \fIroot\fR to disable all user-id switching. Ignored on Windows.
+When started as root the program switches to a non-privileged effective user-id when idle. This option can be used to define the idle user-id and also the group ownership of new files and sockets. Specify \fIroot\fR to  disable all user-id switching. Ignored on Windows.
 .TP
 .B \-v, --verbose
 Enables more verbose logging when used with \fI--log\fR, and more verbose help when used with \fI--help\fR.
diff --git a/doc/reference.html b/doc/reference.html
index 2c6df19..32aa189 100644
--- a/doc/reference.html
+++ b/doc/reference.html
@@ -1,4 +1,4 @@
-<!DOCTYPE HTML PUBLIC "%-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<!DOCTYPE html>
 <html>
  <head>
   <title>E-MailRelay Reference</title>
@@ -8,7 +8,7 @@
  <body>
   <!-- index:0::::E-MailRelay Reference -->
  <div class="div-main">
-  <h1><a class="a-header" name="H_1">E-MailRelay Reference</a></h1> <!-- index:1:H:1::E-MailRelay Reference -->
+  <h1><a class="a-header" name="H_1">E-MailRelay Reference</a></h1> <!-- index:1:H:E-MailRelay Reference -->
    <h2><a class="a-header" name="SH_1_1">Command line usage</a></h2> <!-- index:2:SH:1:1:Command line usage -->
     <p>
      The <em>emailrelay</em> program supports the following command-line usage:
@@ -224,7 +224,7 @@
      <dt>--hidden (-H)</dt>
       <dd>
        Windows only. Hides the application window and disables all message boxes,
-       overriding any <em></em>--show<em></em> option. This is useful when running  as a windows
+       overriding any <em>--show</em> option. This is useful when running as a windows
        service.
       </dd>
      <dt>--idle-timeout &lt;time&gt;</dt>
@@ -255,8 +255,9 @@
       </dd>
      <dt>--localedir &lt;dir&gt;</dt>
       <dd>
-       Specifies a locale base directory where localisation message catalogues  can
-       be found. An empty directory can be used for the built-in default.
+       Enables localisation and specifies the locale base directory where message
+       catalogues can be found. An empty directory can be used for the built-in
+       default.
       </dd>
      <dt>--log (-l)</dt>
       <dd>
@@ -437,9 +438,10 @@
       </dd>
      <dt>--user &lt;username&gt; (-u)</dt>
       <dd>
-       When started as root the program switches to an non-privileged effective
-       user-id when idle. This option can be used to define which user-id is used.
-       Specify <em>root</em> to disable all user-id switching. Ignored on Windows.
+       When started as root the program switches to a non-privileged effective
+       user-id when idle. This option can be used to define the idle user-id and
+       also the group ownership of new files and sockets. Specify <em>root</em> to
+       disable all user-id switching. Ignored on Windows.
       </dd>
      <dt>--verbose (-v)</dt>
       <dd>
@@ -503,7 +505,7 @@
      <li>as each message is submitted, just before receipt is acknowledged (<em>--immediate</em>)</li>
      <li>as soon as the submitting client connection disconnects (<em>--forward-on-disconnect</em>)</li>
      <li>periodically (<em>--poll=<seconds></em>)</li>
-     <li>on demand using the administration interface's <em>flush</em> command (<em>--admin=<port></em>)</li>
+     <li>on demand using the administration interface's <em>forward</em> command (<em>--admin=<port></em>)</li>
      <li>when a <em>--filter</em> script exits with an exit code of 103</li>
     </ul>
 
@@ -753,13 +755,20 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut
     </p>
 
     <p>
-     The first two fields are case-insensitive. The <em>xtext</em> encoding scheme is
-     defined properly in RFC-3461, but basically it says that non-alphanumeric
-     characters (including space, <em>+</em>, <em>#</em> and <em>=</em>) should be represented in
-     uppercase hexadecimal ascii as <em>+XX</em>. So a space should be written as <em>+20</em>;
-     <em>+</em> as <em>+2B</em>; <em>#</em> as <em>+23</em>; and <em>=</em> as <em>+3D</em>. Also note that modern email
-     services will expect userids and passwords containing non-ASCII characters to
-     use UTF-8 encoding with RFC-4013 normalisation applied.
+     The <em>xtext</em> encoding scheme is defined properly in RFC-3461, but basically it
+     says that non-alphanumeric characters (including space, <em>+</em>, <em>#</em> and <em>=</em>) should
+     be represented in uppercase hexadecimal ascii as <em>+XX</em>. So a space should be
+     written as <em>+20</em>; <em>+</em> as <em>+2B</em>; <em>#</em> as <em>+23</em>; and <em>=</em> as <em>+3D</em>.
+    </p>
+
+    <p>
+     Base64 encoding can be used instead of xtext encoding for the user identifier
+     and plain password by replacing <em>plain</em> by <em>plain:b</em>.
+    </p>
+
+    <p>
+     Note that modern email services will expect userids and passwords containing
+     non-ASCII characters to use UTF-8 encoding with RFC-4013 normalisation applied.
     </p>
 
     <p>
@@ -775,10 +784,10 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut
     <p>
      The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored
      in the secrets file using a password-type of <em>plain</em>. In addition, the
-     CRAM-MD5 mechanism can also use hashed passwords generated by the
+     CRAM-MD5 mechanism can also make use of hashed passwords generated by the
      <em>emailrelay-passwd</em> program and these are stored in the secrets file with a
      password-type of <em>md5</em>. (Hashed passwords are marginally more secure because
-     the plaintext password which might be used on other accounts, is not easily
+     the plaintext password which might be used on other accounts is not easily
      recovered. However, hashed passwords can only be used for HMAC authentication
      mechanisms that are based on the same hash function.) The XOAUTH2 mechanism
      can be used for client-side authentication using tokens that have been
@@ -872,10 +881,10 @@ server plain carol my+20password
     </p>
    <h2><a class="a-header" name="SH_1_6">TLS encryption</a></h2> <!-- index:2:SH:1:6:TLS encryption -->
     <p>
-     E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: to enable
-     client-side TLS encryption when E-MailRelay is acting as an SMTP client use the
-     <em>--client-tls</em> command-line option, and to enable server-side TLS when
-     E-MailRelay is acting as an SMTP or POP server use <em>--server-tls</em>. The
+     E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: use the
+     <em>--client-tls</em> command-line option to enable client-side TLS encryption when
+     E-MailRelay is acting as an SMTP client, and use <em>--server-tls</em> to enable
+     server-side TLS when E-MailRelay is acting as an SMTP or POP server. The
      connections start off as unencrypted and the SMTP command <em>STARTTLS</em> (or the
      POP <em>STLS</em> command) can be used to negotiate TLS encryption before any
      passwords are exchanged.
@@ -1083,7 +1092,7 @@ password required pam_deny.so
        <pre>--as-client ipv4or6.example.com:25 --client-interface 0.0.0.0
 --as-client ipv4or6.example.com:25 --client-interface ::</pre>
       </div><!-- div-pre -->
-   <h2><a class="a-header" name="SH_1_99">Unix domain sockets</a></h2> <!-- index:2:SH:1:99:Unix domain sockets -->
+   <h2><a class="a-header" name="SH_1_9">Unix domain sockets</a></h2> <!-- index:2:SH:1:9:Unix domain sockets -->
     <p>
      E-MailRelay on Unix will listen on unix-domain sockets instead of IPv4 or IPv6
      if the <em>--interface</em> option is given as an absolute file-system path:
@@ -1093,31 +1102,37 @@ password required pam_deny.so
      Eg:
     </p>
       <div class="div-pre">
-       <pre>--interface=/run/smtp.s --port=0</pre>
+       <pre>--interface=/run/smtp.s --port=0
+</pre>
       </div><!-- div-pre -->
     <p>
      When listening on more than one unix-domain socket use the extended form of the
-     "--interface" option with a prefix of "smtp=", "pop=", or "admin=":
+     <em>--interface</em> option with a prefix of <em>smtp=</em>, <em>pop=</em>, or <em>admin=</em>:
     </p>
+
     <p>
      Eg:
     </p>
       <div class="div-pre">
-       <pre>--interface=smtp=/run/smtp.s --port=0 --interface=pop=/run/pop.s --pop --pop-port=0</pre>
+       <pre>--interface=smtp=/run/smtp.s --port=0 --interface=pop=/run/pop.s --pop --pop-port=0
+</pre>
       </div><!-- div-pre -->
     <p>
      The forwarding address can also be a unix-domain address:
     </p>
+
     <p>
      Eg:
     </p>
       <div class="div-pre">
-       <pre>--forward-to=/run/smtp.s</pre>
+       <pre>--forward-to=/run/smtp.s
+</pre>
       </div><!-- div-pre -->
     <p>
      And it is also possible to communicate with message filters over a unix-domain
      socket:
     </p>
+
     <p>
      Eg:
     </p>
@@ -1126,7 +1141,7 @@ password required pam_deny.so
 --filter=spam:/run/spamd.s
 --filter=spam-edit:/run/spamd.s</pre>
       </div><!-- div-pre -->
-   <h2><a class="a-header" name="SH_1_9">SOCKS</a></h2> <!-- index:2:SH:1:9:SOCKS -->
+   <h2><a class="a-header" name="SH_1_10">SOCKS</a></h2> <!-- index:2:SH:1:10:SOCKS -->
     <p>
      E-MailRelay can use a SOCKS 4a proxy for establishing outgoing SMTP
      connections; just append the SOCKS proxy address to the SMTP server's address,
@@ -1147,7 +1162,7 @@ password required pam_deny.so
      establish the connection. The target SMTP server will see a connection coming
      from the Tor exit node rather than from the E-MailRelay server.
     </p>
-   <h2><a class="a-header" name="SH_1_10">Address verification</a></h2> <!-- index:2:SH:1:10:Address verification -->
+   <h2><a class="a-header" name="SH_1_11">Address verification</a></h2> <!-- index:2:SH:1:11:Address verification -->
     <p>
      By default the E-MailRelay server will accept all recipient addresses for
      incoming e-mails as valid. This default behaviour can be modified by using an
@@ -1350,7 +1365,7 @@ catch( e )
      information as returned by verifier scripts but in reverse, such as
      <em>0|postmaster|Local Postmaster <postmaster@eg.com></em> or <em>2|mailbox unavailable</em>.
     </p>
-   <h2><a class="a-header" name="SH_1_11">Connection blocking</a></h2> <!-- index:2:SH:1:11:Connection blocking -->
+   <h2><a class="a-header" name="SH_1_12">Connection blocking</a></h2> <!-- index:2:SH:1:12:Connection blocking -->
     <p>
      All incoming connections from remote network addresses are blocked by default,
      but can be allowed by using the <em>--remote-clients</em>/<em>-r</em> option. This is to
@@ -1390,7 +1405,7 @@ catch( e )
      Connections from loopback and private (RFC-1918) network addresses are never
      checked.
     </p>
-   <h2><a class="a-header" name="SH_1_12">Security issues</a></h2> <!-- index:2:SH:1:12:Security issues -->
+   <h2><a class="a-header" name="SH_1_13">Security issues</a></h2> <!-- index:2:SH:1:13:Security issues -->
     <p>
      The following are some security issues that have been taken into consideration:
     </p>
@@ -1477,7 +1492,7 @@ catch( e )
      The <em>Authentication</em>, <em>PAM Authentication</em> and <em>TLS encryption</em> sections
      above also relate to security.
     </p>
-   <h2><a class="a-header" name="SH_1_13">Administration interface</a></h2> <!-- index:2:SH:1:13:Administration interface -->
+   <h2><a class="a-header" name="SH_1_14">Administration interface</a></h2> <!-- index:2:SH:1:14:Administration interface -->
     <p>
      If enabled with the <em>--admin</em> command-line option, the E-MailRelay server will
      provide a network interface for performing administration tasks. This is a
@@ -1492,9 +1507,18 @@ E-MailRelay&gt; quit
 </pre>
       </div><!-- div-pre -->
     <p>
-     The <em>flush</em> command is used to get the E-MailRelay server to forward spooled
-     mail to the next SMTP server. The <em>forward</em> command does the same but without
-     waiting for completion.
+     The <em>forward</em> command is used to trigger the E-MailRelay server into forwarding
+     spooled mail to the next SMTP server.
+    </p>
+
+    <p>
+     The <em>flush</em> command is similar but it uses its own connection to the SMTP
+     server and waits for the messages to be sent.
+    </p>
+
+    <p>
+     The <em>unfail-all</em> command can be used to remove the <em>.bad</em> filename extension
+     from files in the spool directory.
     </p>
 
     <p>
@@ -1502,7 +1526,7 @@ E-MailRelay&gt; quit
      network status information and activity statistics, and <em>notify</em> enables
      asynchronous event notification.
     </p>
-   <h2><a class="a-header" name="SH_1_14">Bcc handling</a></h2> <!-- index:2:SH:1:14:Bcc handling -->
+   <h2><a class="a-header" name="SH_1_15">Bcc handling</a></h2> <!-- index:2:SH:1:15:Bcc handling -->
     <p>
      E-MailRelay transfers e-mail messages without changing their content in any
      way, other than by adding a <em>Received</em> header. In particular, if a message
@@ -1523,7 +1547,7 @@ E-MailRelay&gt; quit
      An E-MailRelay <em>--filter</em> script can be used to reject messages with incorrect
      <em>Bcc:</em> headers, and an example script is included.
     </p>
-   <h2><a class="a-header" name="SH_1_15">Files and directories</a></h2> <!-- index:2:SH:1:15:Files and directories -->
+   <h2><a class="a-header" name="SH_1_16">Files and directories</a></h2> <!-- index:2:SH:1:16:Files and directories -->
     <p>
      On Unix-like systems E-MailRelay installs by default under <em>/usr/local</em>, but
      binary distributions will probably have been built to install elsewhere.
@@ -1569,7 +1593,7 @@ E-MailRelay&gt; quit
      It is possible to change the installation root directory after building by
      using <em>make DESTDIR=<root> install</em> or <em>DESTDIR=<root> make -e install</em>.
      However, this will not change the default spool directory path built into the
-     scripts and executables so the correct spool directory will have to be
+     scripts and executables so the correct spool directory will then have to be
      specified at run-time with the <em>--spool-dir</em> command-line option.
     </p>
 
diff --git a/doc/reference.md b/doc/reference.md
index 1da955c..e23157c 100644
--- a/doc/reference.md
+++ b/doc/reference.md
@@ -210,7 +210,7 @@ where &lt;option&gt; is:
 *   \-\-hidden (-H)
 
     Windows only. Hides the application window and disables all message boxes,
-    overriding any `--show` option. This is useful when running  as a windows
+    overriding any `--show` option. This is useful when running as a windows
     service.
 
 *   \-\-idle-timeout &lt;time&gt;
@@ -241,8 +241,9 @@ where &lt;option&gt; is:
 
 *   \-\-localedir &lt;dir&gt;
 
-    Specifies a locale base directory where localisation message catalogues  can
-    be found. An empty directory can be used for the built-in default.
+    Enables localisation and specifies the locale base directory where message
+    catalogues can be found. An empty directory can be used for the built-in
+    default.
 
 *   \-\-log (-l)
 
@@ -423,9 +424,10 @@ where &lt;option&gt; is:
 
 *   \-\-user &lt;username&gt; (-u)
 
-    When started as root the program switches to an non-privileged effective
-    user-id when idle. This option can be used to define which user-id is used.
-    Specify `root` to disable all user-id switching. Ignored on Windows.
+    When started as root the program switches to a non-privileged effective
+    user-id when idle. This option can be used to define the idle user-id and
+    also the group ownership of new files and sockets. Specify `root` to
+    disable all user-id switching. Ignored on Windows.
 
 *   \-\-verbose (-v)
 
@@ -475,7 +477,7 @@ command-line options:
 * as each message is submitted, just before receipt is acknowledged (`--immediate`)
 * as soon as the submitting client connection disconnects (`--forward-on-disconnect`)
 * periodically (`--poll=<seconds>`)
-* on demand using the administration interface's `flush` command (`--admin=<port>`)
+* on demand using the administration interface's `forward` command (`--admin=<port>`)
 * when a `--filter` script exits with an exit code of 103
 
 These can be mixed.
@@ -660,13 +662,16 @@ user identifier; and the `password` field is the xtext-encoded plain password
 or a base64-encoded `HMAC-MD5` state. For `client` lines the password-type can
 also be `oauth`.
 
-The first two fields are case-insensitive. The `xtext` encoding scheme is
-defined properly in [RFC-3461][], but basically it says that non-alphanumeric
-characters (including space, `+`, `#` and `=`) should be represented in
-uppercase hexadecimal ascii as `+XX`. So a space should be written as `+20`;
-`+` as `+2B`; `#` as `+23`; and `=` as `+3D`. Also note that modern email
-services will expect userids and passwords containing non-ASCII characters to
-use UTF-8 encoding with [RFC-4013][] normalisation applied.
+The `xtext` encoding scheme is defined properly in [RFC-3461][], but basically it
+says that non-alphanumeric characters (including space, `+`, `#` and `=`) should
+be represented in uppercase hexadecimal ascii as `+XX`. So a space should be
+written as `+20`; `+` as `+2B`; `#` as `+23`; and `=` as `+3D`.
+
+Base64 encoding can be used instead of xtext encoding for the user identifier
+and plain password by replacing `plain` by `plain:b`.
+
+Note that modern email services will expect userids and passwords containing
+non-ASCII characters to use UTF-8 encoding with [RFC-4013][] normalisation applied.
 
 Authentication proceeds according to an authentication 'mechanism' that is
 advertised by the server and selected by the client. Many authentication
@@ -678,10 +683,10 @@ available via PAM (see below).
 
 The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored
 in the secrets file using a password-type of `plain`. In addition, the
-CRAM-MD5 mechanism can also use hashed passwords generated by the
+CRAM-MD5 mechanism can also make use of hashed passwords generated by the
 `emailrelay-passwd` program and these are stored in the secrets file with a
 password-type of `md5`. (Hashed passwords are marginally more secure because
-the plaintext password which might be used on other accounts, is not easily
+the plaintext password which might be used on other accounts is not easily
 recovered. However, hashed passwords can only be used for HMAC authentication
 mechanisms that are based on the same hash function.) The XOAUTH2 mechanism
 can be used for client-side authentication using tokens that have been
@@ -753,10 +758,10 @@ described below.
 
 TLS encryption
 --------------
-E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: to enable
-client-side TLS encryption when E-MailRelay is acting as an SMTP client use the
-`--client-tls` command-line option, and to enable server-side TLS when
-E-MailRelay is acting as an SMTP or POP server use `--server-tls`. The
+E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: use the
+`--client-tls` command-line option to enable client-side TLS encryption when
+E-MailRelay is acting as an SMTP client, and use `--server-tls` to enable
+server-side TLS when E-MailRelay is acting as an SMTP or POP server. The
 connections start off as unencrypted and the SMTP command `STARTTLS` (or the
 POP `STLS` command) can be used to negotiate TLS encryption before any
 passwords are exchanged.
@@ -1169,7 +1174,7 @@ The following are some security issues that have been taken into consideration:
     `root.daemon` with permissions of `-rwxrwxr-x` and messages files are created
     with permissions of `-rw-rw----`. This allows normal users to list messages
     files but not read them.
-
+    
     The `emailrelay-submit` program is given group ownership of `daemon` with its
     group set-user-id flag set. This allows it to create message files in the
     spool directory, and the files created end up owned by the submitter but with
@@ -1179,7 +1184,7 @@ The following are some security issues that have been taken into consideration:
 
     Logging output is conditioned so that ANSI escape sequences cannot appear
     in the log.
-
+    
     Passwords and message content are not logged (except if using the `--debug`
     option at run time with debug logging enabled at build time).
 
@@ -1214,9 +1219,14 @@ simple command-line interface which is compatible with `netcat` and `telnet`:
         E-MailRelay> help
         E-MailRelay> quit
 
-The `flush` command is used to get the E-MailRelay server to forward spooled
-mail to the next SMTP server. The `forward` command does the same but without
-waiting for completion.
+The `forward` command is used to trigger the E-MailRelay server into forwarding
+spooled mail to the next SMTP server.
+
+The `flush` command is similar but it uses its own connection to the SMTP
+server and waits for the messages to be sent.
+
+The `unfail-all` command can be used to remove the `.bad` filename extension
+from files in the spool directory.
 
 The `list` command lists the messages in the spool directory, `status` provides
 network status information and activity statistics, and `notify` enables
@@ -1274,7 +1284,7 @@ Standard ([FHS][]) use this configure command:
 It is possible to change the installation root directory after building by
 using `make DESTDIR=<root> install` or `DESTDIR=<root> make -e install`.
 However, this will not change the default spool directory path built into the
-scripts and executables so the correct spool directory will have to be
+scripts and executables so the correct spool directory will then have to be
 specified at run-time with the `--spool-dir` command-line option.
 
 On Windows the installation GUI prompts for two installation directories,
diff --git a/doc/reference.rst b/doc/reference.rst
index deb0950..81d6826 100644
--- a/doc/reference.rst
+++ b/doc/reference.rst
@@ -213,7 +213,7 @@ where \<option\> is:
 *   --hidden (-H)
 
     Windows only. Hides the application window and disables all message boxes,
-    overriding any *--show* option. This is useful when running  as a windows
+    overriding any *--show* option. This is useful when running as a windows
     service.
 
 *   --idle-timeout \<time\>
@@ -244,8 +244,9 @@ where \<option\> is:
 
 *   --localedir \<dir\>
 
-    Specifies a locale base directory where localisation message catalogues  can
-    be found. An empty directory can be used for the built-in default.
+    Enables localisation and specifies the locale base directory where message
+    catalogues can be found. An empty directory can be used for the built-in
+    default.
 
 *   --log (-l)
 
@@ -426,9 +427,10 @@ where \<option\> is:
 
 *   --user \<username\> (-u)
 
-    When started as root the program switches to an non-privileged effective
-    user-id when idle. This option can be used to define which user-id is used.
-    Specify *root* to disable all user-id switching. Ignored on Windows.
+    When started as root the program switches to a non-privileged effective
+    user-id when idle. This option can be used to define the idle user-id and
+    also the group ownership of new files and sockets. Specify *root* to
+    disable all user-id switching. Ignored on Windows.
 
 *   --verbose (-v)
 
@@ -478,7 +480,7 @@ command-line options:
 * as each message is submitted, just before receipt is acknowledged (\ *--immediate*\ )
 * as soon as the submitting client connection disconnects (\ *--forward-on-disconnect*\ )
 * periodically (\ *--poll=<seconds>*\ )
-* on demand using the administration interface's *flush* command (\ *--admin=<port>*\ )
+* on demand using the administration interface's *forward* command (\ *--admin=<port>*\ )
 * when a *--filter* script exits with an exit code of 103
 
 These can be mixed.
@@ -675,13 +677,16 @@ user identifier; and the *password* field is the xtext-encoded plain password
 or a base64-encoded *HMAC-MD5* state. For *client* lines the password-type can
 also be *oauth*.
 
-The first two fields are case-insensitive. The *xtext* encoding scheme is
-defined properly in RFC-3461_, but basically it says that non-alphanumeric
-characters (including space, *+*, *#* and *=*) should be represented in
-uppercase hexadecimal ascii as *+XX*. So a space should be written as *+20*;
-*+* as *+2B*; *#* as *+23*; and *=* as *+3D*. Also note that modern email
-services will expect userids and passwords containing non-ASCII characters to
-use UTF-8 encoding with RFC-4013_ normalisation applied.
+The *xtext* encoding scheme is defined properly in RFC-3461_, but basically it
+says that non-alphanumeric characters (including space, *+*, *#* and *=*) should
+be represented in uppercase hexadecimal ascii as *+XX*. So a space should be
+written as *+20*; *+* as *+2B*; *#* as *+23*; and *=* as *+3D*.
+
+Base64 encoding can be used instead of xtext encoding for the user identifier
+and plain password by replacing *plain* by *plain:b*.
+
+Note that modern email services will expect userids and passwords containing
+non-ASCII characters to use UTF-8 encoding with RFC-4013_ normalisation applied.
 
 Authentication proceeds according to an authentication 'mechanism' that is
 advertised by the server and selected by the client. Many authentication
@@ -693,10 +698,10 @@ available via PAM (see below).
 
 The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored
 in the secrets file using a password-type of *plain*. In addition, the
-CRAM-MD5 mechanism can also use hashed passwords generated by the
+CRAM-MD5 mechanism can also make use of hashed passwords generated by the
 *emailrelay-passwd* program and these are stored in the secrets file with a
 password-type of *md5*. (Hashed passwords are marginally more secure because
-the plaintext password which might be used on other accounts, is not easily
+the plaintext password which might be used on other accounts is not easily
 recovered. However, hashed passwords can only be used for HMAC authentication
 mechanisms that are based on the same hash function.) The XOAUTH2 mechanism
 can be used for client-side authentication using tokens that have been
@@ -774,10 +779,10 @@ described below.
 
 TLS encryption
 ==============
-E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: to enable
-client-side TLS encryption when E-MailRelay is acting as an SMTP client use the
-*--client-tls* command-line option, and to enable server-side TLS when
-E-MailRelay is acting as an SMTP or POP server use *--server-tls*. The
+E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: use the
+*--client-tls* command-line option to enable client-side TLS encryption when
+E-MailRelay is acting as an SMTP client, and use *--server-tls* to enable
+server-side TLS when E-MailRelay is acting as an SMTP or POP server. The
 connections start off as unencrypted and the SMTP command *STARTTLS* (or the
 POP *STLS* command) can be used to negotiate TLS encryption before any
 passwords are exchanged.
@@ -1289,9 +1294,14 @@ simple command-line interface which is compatible with *netcat* and *telnet*:
     E-MailRelay> help
     E-MailRelay> quit
 
-The *flush* command is used to get the E-MailRelay server to forward spooled
-mail to the next SMTP server. The *forward* command does the same but without
-waiting for completion.
+The *forward* command is used to trigger the E-MailRelay server into forwarding
+spooled mail to the next SMTP server.
+
+The *flush* command is similar but it uses its own connection to the SMTP
+server and waits for the messages to be sent.
+
+The *unfail-all* command can be used to remove the *.bad* filename extension
+from files in the spool directory.
 
 The *list* command lists the messages in the spool directory, *status* provides
 network status information and activity statistics, and *notify* enables
@@ -1351,7 +1361,7 @@ Standard (FHS_) use this configure command:
 It is possible to change the installation root directory after building by
 using *make DESTDIR=<root> install* or *DESTDIR=<root> make -e install*.
 However, this will not change the default spool directory path built into the
-scripts and executables so the correct spool directory will have to be
+scripts and executables so the correct spool directory will then have to be
 specified at run-time with the *--spool-dir* command-line option.
 
 On Windows the installation GUI prompts for two installation directories,
diff --git a/doc/reference.txt b/doc/reference.txt
index 1d6f335..a92ca4f 100644
--- a/doc/reference.txt
+++ b/doc/reference.txt
@@ -178,7 +178,7 @@ where <option> is:
 
 # --hidden (-H)
   Windows only. Hides the application window and disables all message boxes,
-  overriding any "--show" option. This is useful when running  as a windows
+  overriding any "--show" option. This is useful when running as a windows
   service.
 
 # --idle-timeout <time>
@@ -205,8 +205,9 @@ where <option> is:
   suffix only their IPv4 or IPv6 addresses will be used (eg. "ppp0-ipv4").
 
 # --localedir <dir>
-  Specifies a locale base directory where localisation message catalogues  can
-  be found. An empty directory can be used for the built-in default.
+  Enables localisation and specifies the locale base directory where message
+  catalogues can be found. An empty directory can be used for the built-in
+  default.
 
 # --log (-l)
   Enables logging to the standard error stream and to the syslog. The
@@ -357,9 +358,10 @@ where <option> is:
   to set a maximum version.
 
 # --user <username> (-u)
-  When started as root the program switches to an non-privileged effective
-  user-id when idle. This option can be used to define which user-id is used.
-  Specify "root" to disable all user-id switching. Ignored on Windows.
+  When started as root the program switches to a non-privileged effective
+  user-id when idle. This option can be used to define the idle user-id and
+  also the group ownership of new files and sockets. Specify "root" to
+  disable all user-id switching. Ignored on Windows.
 
 # --verbose (-v)
   Enables more verbose logging when used with "--log", and more verbose help
@@ -407,7 +409,7 @@ command-line options:
 * as each message is submitted, just before receipt is acknowledged ("--immediate")
 * as soon as the submitting client connection disconnects ("--forward-on-disconnect")
 * periodically ("--poll=<seconds>")
-* on demand using the administration interface's "flush" command ("--admin=<port>")
+* on demand using the administration interface's "forward" command ("--admin=<port>")
 * when a "--filter" script exits with an exit code of 103
 
 These can be mixed.
@@ -592,13 +594,16 @@ user identifier; and the "password" field is the xtext-encoded plain password
 or a base64-encoded "HMAC-MD5" state. For "client" lines the password-type can
 also be "oauth".
 
-The first two fields are case-insensitive. The "xtext" encoding scheme is
-defined properly in RFC-3461, but basically it says that non-alphanumeric
-characters (including space, "+", "#" and "=") should be represented in
-uppercase hexadecimal ascii as "+XX". So a space should be written as "+20";
-"+" as "+2B"; "#" as "+23"; and "=" as "+3D". Also note that modern email
-services will expect userids and passwords containing non-ASCII characters to
-use UTF-8 encoding with RFC-4013 normalisation applied.
+The "xtext" encoding scheme is defined properly in RFC-3461, but basically it
+says that non-alphanumeric characters (including space, "+", "#" and "=") should
+be represented in uppercase hexadecimal ascii as "+XX". So a space should be
+written as "+20"; "+" as "+2B"; "#" as "+23"; and "=" as "+3D".
+
+Base64 encoding can be used instead of xtext encoding for the user identifier
+and plain password by replacing "plain" by "plain:b".
+
+Note that modern email services will expect userids and passwords containing
+non-ASCII characters to use UTF-8 encoding with RFC-4013 normalisation applied.
 
 Authentication proceeds according to an authentication 'mechanism' that is
 advertised by the server and selected by the client. Many authentication
@@ -610,10 +615,10 @@ available via PAM (see below).
 
 The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored
 in the secrets file using a password-type of "plain". In addition, the
-CRAM-MD5 mechanism can also use hashed passwords generated by the
+CRAM-MD5 mechanism can also make use of hashed passwords generated by the
 "emailrelay-passwd" program and these are stored in the secrets file with a
 password-type of "md5". (Hashed passwords are marginally more secure because
-the plaintext password which might be used on other accounts, is not easily
+the plaintext password which might be used on other accounts is not easily
 recovered. However, hashed passwords can only be used for HMAC authentication
 mechanisms that are based on the same hash function.) The XOAUTH2 mechanism
 can be used for client-side authentication using tokens that have been
@@ -685,10 +690,10 @@ described below.
 
 TLS encryption
 --------------
-E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: to enable
-client-side TLS encryption when E-MailRelay is acting as an SMTP client use the
-"--client-tls" command-line option, and to enable server-side TLS when
-E-MailRelay is acting as an SMTP or POP server use "--server-tls". The
+E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: use the
+"--client-tls" command-line option to enable client-side TLS encryption when
+E-MailRelay is acting as an SMTP client, and use "--server-tls" to enable
+server-side TLS when E-MailRelay is acting as an SMTP or POP server. The
 connections start off as unencrypted and the SMTP command "STARTTLS" (or the
 POP "STLS" command) can be used to negotiate TLS encryption before any
 passwords are exchanged.
@@ -1135,9 +1140,14 @@ simple command-line interface which is compatible with "netcat" and "telnet":
 	E-MailRelay> help
 	E-MailRelay> quit
 
-The "flush" command is used to get the E-MailRelay server to forward spooled
-mail to the next SMTP server. The "forward" command does the same but without
-waiting for completion.
+The "forward" command is used to trigger the E-MailRelay server into forwarding
+spooled mail to the next SMTP server.
+
+The "flush" command is similar but it uses its own connection to the SMTP
+server and waits for the messages to be sent.
+
+The "unfail-all" command can be used to remove the ".bad" filename extension
+from files in the spool directory.
 
 The "list" command lists the messages in the spool directory, "status" provides
 network status information and activity statistics, and "notify" enables
@@ -1194,7 +1204,7 @@ Standard (FHS) use this configure command:
 It is possible to change the installation root directory after building by
 using "make DESTDIR=<root> install" or "DESTDIR=<root> make -e install".
 However, this will not change the default spool directory path built into the
-scripts and executables so the correct spool directory will have to be
+scripts and executables so the correct spool directory will then have to be
 specified at run-time with the "--spool-dir" command-line option.
 
 On Windows the installation GUI prompts for two installation directories,
diff --git a/doc/windows.html b/doc/windows.html
index ea8c4f5..8b39834 100644
--- a/doc/windows.html
+++ b/doc/windows.html
@@ -20,6 +20,11 @@
      into protected directories like <em>Program Files</em>.
     </p>
 
+    <p>
+     You may need to run <em>vc_redist.x64.exe</em> first to install the Microsoft C++
+     run-time files.
+    </p>
+
     <p>
      The setup GUI will take you through the installation options and then install
      the run-time files into your chosen locations.
diff --git a/doc/windows.md b/doc/windows.md
index 1a93556..c617078 100644
--- a/doc/windows.md
+++ b/doc/windows.md
@@ -9,6 +9,9 @@ setup program `emailrelay-setup.exe` and its associated `payload` files.
 Run `emailrelay-setup.exe` as an administrator if you are going to be installing
 into protected directories like `Program Files`.
 
+You may need to run `vc_redist.x64.exe` first to install the Microsoft C++
+run-time files.
+
 The setup GUI will take you through the installation options and then install
 the run-time files into your chosen locations.
 
diff --git a/doc/windows.rst b/doc/windows.rst
index 194f016..0af1c98 100644
--- a/doc/windows.rst
+++ b/doc/windows.rst
@@ -10,6 +10,9 @@ setup program *emailrelay-setup.exe* and its associated *payload* files.
 Run *emailrelay-setup.exe* as an administrator if you are going to be installing
 into protected directories like *Program Files*.
 
+You may need to run *vc_redist.x64.exe* first to install the Microsoft C++
+run-time files.
+
 The setup GUI will take you through the installation options and then install
 the run-time files into your chosen locations.
 
diff --git a/emailrelay.spec b/emailrelay.spec
index 17f33d8..6666ee1 100644
--- a/emailrelay.spec
+++ b/emailrelay.spec
@@ -1,11 +1,11 @@
 Summary: Simple e-mail message transfer agent and proxy using SMTP
 Name: emailrelay
-Version: 2.2.1
+Version: 2.3
 Release: 1
 License: GPL3
 Group: System Environment/Daemons
 URL: http://emailrelay.sourceforge.net
-Source: http://sourceforge.net/projects/emailrelay/files/emailrelay/2.2/emailrelay-2.2.1-src.tar.gz
+Source: http://sourceforge.net/projects/emailrelay/files/emailrelay/2.3/emailrelay-2.3-src.tar.gz
 BuildRoot: /tmp/emailrelay-install
 
 %description
diff --git a/etc/Makefile.am b/etc/Makefile.am
index d777bfb..725402b 100644
--- a/etc/Makefile.am
+++ b/etc/Makefile.am
@@ -63,7 +63,7 @@ install-data-hook:
 	if test -f "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" ; then : ; else sed -e "s:^#spool-dir .*:spool-dir $(e_spooldir):g" -e 's:"/var/spool/emailrelay":"'"$(e_spooldir)"'":g' -e "s:/etc:$(e_sysconfdir):g" -e "s:/usr/local/bin:$(e_libexecdir):g" < "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.template" > "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" ; fi
 	cp "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.makeinstall"
 
-# remove the .conf file if it has not been editied
+# remove the .conf file if it has not been edited
 uninstall-hook:
 	if diff -q "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.makeinstall" ; then rm "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" ; fi
 	-rm "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.makeinstall"
diff --git a/etc/Makefile.in b/etc/Makefile.in
index 80803ba..a17ff42 100644
--- a/etc/Makefile.in
+++ b/etc/Makefile.in
@@ -606,7 +606,7 @@ emailrelay.service: emailrelay.service.in
 @GCONFIG_INSTALL_HOOK_TRUE@	if test -f "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" ; then : ; else sed -e "s:^#spool-dir .*:spool-dir $(e_spooldir):g" -e 's:"/var/spool/emailrelay":"'"$(e_spooldir)"'":g' -e "s:/etc:$(e_sysconfdir):g" -e "s:/usr/local/bin:$(e_libexecdir):g" < "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.template" > "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" ; fi
 @GCONFIG_INSTALL_HOOK_TRUE@	cp "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.makeinstall"
 
-# remove the .conf file if it has not been editied
+# remove the .conf file if it has not been edited
 @GCONFIG_INSTALL_HOOK_TRUE@uninstall-hook:
 @GCONFIG_INSTALL_HOOK_TRUE@	if diff -q "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.makeinstall" ; then rm "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf" ; fi
 @GCONFIG_INSTALL_HOOK_TRUE@	-rm "$(DESTDIR)$(e_sysconfdir)/emailrelay.conf.makeinstall"
diff --git a/etc/emailrelay.auth.template b/etc/emailrelay.auth.template
index b097450..efd3a75 100644
--- a/etc/emailrelay.auth.template
+++ b/etc/emailrelay.auth.template
@@ -36,5 +36,8 @@
 # "password" fields should be encoded using the RFC-1891 "xtext" encoding
 # scheme so that they are representing as hexadecimal ascii as "+XX".
 #
+# Alternatively use "plain:b" instead of "plain" and then use Base64 encoding 
+# for the id and password.
+#
 # The "none" rows allow trusted IP addresses to bypass authentication.
 #
diff --git a/etc/emailrelay.conf.template b/etc/emailrelay.conf.template
index 9e8faad..68662e2 100644
--- a/etc/emailrelay.conf.template
+++ b/etc/emailrelay.conf.template
@@ -277,8 +277,8 @@
 # Name: hidden
 # Format: hidden
 # Description: Windows only. Hides the application window and disables all
-# message boxes, overriding any ""--show"" option. This is useful when
-# running  as a windows service.
+# message boxes, overriding any "--show" option. This is useful when
+# running as a windows service.
 #
 #hidden
 
@@ -317,9 +317,9 @@
 
 # Name: localedir
 # Format: localedir <dir>
-# Description: Specifies a locale base directory where localisation message
-# catalogues  can be found. An empty directory can be used for the built-in
-# default.
+# Description: Enables localisation and specifies the locale base directory
+# where message catalogues can be found. An empty directory can be used for
+# the built-in default.
 #
 #localedir /opt/share/locale
 
@@ -568,10 +568,10 @@
 
 # Name: user
 # Format: user <username>
-# Description: When started as root the program switches to an non-privileged
-# effective user-id when idle. This option can be used to define which
-# user-id is used. Specify "root" to disable all user-id switching. Ignored
-# on Windows.
+# Description: When started as root the program switches to a non-privileged
+# effective user-id when idle. This option can be used to define the idle
+# user-id and also the group ownership of new files and sockets. Specify
+# "root" to  disable all user-id switching. Ignored on Windows.
 #
 #user nobody
 
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 1dc22b9..3ed143c 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -138,11 +138,10 @@
 ./src/gnet/glocation.cpp
 ./src/gnet/gtimer.cpp
 ./src/gnet/gtimerlist.cpp
-./src/gnet/gaddress_ipv6.cpp
+./src/gnet/gaddress.cpp
 ./src/gnet/gsocket_unix.cpp
 ./src/gnet/geventloggingcontext.cpp
 ./src/gnet/gconnection.cpp
-./src/gnet/gaddress_ipv4.cpp
 ./src/gnet/gclient.cpp
 ./src/gnet/gexceptionhandler.cpp
 ./src/gnet/gexceptionsource.cpp
diff --git a/src/.clang-tidy b/src/.clang-tidy
index f2d9382..2ddf287 100644
--- a/src/.clang-tidy
+++ b/src/.clang-tidy
@@ -5,6 +5,8 @@
 #
 Checks: "\
 bugprone-*,\
+-bugprone-easily-swappable-parameters,\
+-bugprone-throw-keyword-missing,\
 -bugprone-macro-parentheses,\
 -bugprone-branch-clone,\
 cert-*,\
@@ -20,7 +22,9 @@ cppcoreguidelines-pro-type-member-init,\
 -cppcoreguidelines-avoid-magic-numbers,\
 -cppcoreguidelines-macro-usage,\
 -cppcoreguidelines-avoid-non-const-global-variables,\
+-cppcoreguidelines-prefer-member-initializer,\
 modernize-*,\
+-modernize-avoid-bind,\
 -modernize-use-auto,\
 -modernize-use-default-member-init,\
 -modernize-return-braced-init-list,\
@@ -28,7 +32,9 @@ modernize-*,\
 -modernize-raw-string-literal,\
 -modernize-use-trailing-return-type,\
 performance-*,\
+-performance-unnecessary-value-param,\
 readability-*,\
+-readability-function-cognitive-complexity,\
 -readability-qualified-auto,\
 -readability-simplify-boolean-expr,\
 -readability-else-after-return,\
diff --git a/src/gauth/gcram.cpp b/src/gauth/gcram.cpp
index daa1b46..ce498a5 100644
--- a/src/gauth/gcram.cpp
+++ b/src/gauth/gcram.cpp
@@ -39,7 +39,7 @@ namespace GAuth
 		GSsl::Library & lib()
 		{
 			GSsl::Library * p = GSsl::Library::instance() ;
-			if( p == nullptr ) throw std::runtime_error( "no tsl library" ) ;
+			if( p == nullptr ) throw G::Exception( "no tls library" ) ;
 			return *p ;
 		}
 		struct DigesterAdaptor /// Used by GAuth::Cram to use GSsl::Digester.
diff --git a/src/gauth/gsaslclient.cpp b/src/gauth/gsaslclient.cpp
index eb1ca9d..58cd1ea 100644
--- a/src/gauth/gsaslclient.cpp
+++ b/src/gauth/gsaslclient.cpp
@@ -112,15 +112,15 @@ std::string GAuth::SaslClientImp::mechanism( const G::StringArray & server_mecha
 		our_list.push_back( LOGIN ) ;
 	}
 
-	// use the configuration string as a mechanism whitelist and/or blacklist
+	// use the configuration string as a mechanism whitelist and/or blocklist
 	if( !m_config.empty() )
 	{
 		bool simple = G::Str::imatch( our_list , m_config ) ; // eg. allow "plain" as well as "m:plain"
 		G::StringArray list = G::Str::splitIntoTokens( G::Str::upper(m_config) , ";" ) ;
 		G::StringArray whitelist = G::Str::splitIntoTokens( simple?G::Str::upper(m_config): G::Str::headMatchResidue( list , "M:" ) , "," ) ;
-		G::StringArray blacklist = G::Str::splitIntoTokens( G::Str::headMatchResidue( list , "X:" ) , "," ) ;
+		G::StringArray blocklist = G::Str::splitIntoTokens( G::Str::headMatchResidue( list , "X:" ) , "," ) ;
 		our_list.erase( G::Str::keepMatch( our_list.begin() , our_list.end() , whitelist , true ) , our_list.end() ) ;
-		our_list.erase( G::Str::removeMatch( our_list.begin() , our_list.end() , blacklist , true ) , our_list.end() ) ;
+		our_list.erase( G::Str::removeMatch( our_list.begin() , our_list.end() , blocklist , true ) , our_list.end() ) ;
 	}
 
 	// build the list of mechanisms that we can use with the server
diff --git a/src/gauth/gsaslclient.h b/src/gauth/gsaslclient.h
index 6c6e240..f98dfba 100644
--- a/src/gauth/gsaslclient.h
+++ b/src/gauth/gsaslclient.h
@@ -25,6 +25,7 @@
 #include "gsaslclientsecrets.h"
 #include "gexception.h"
 #include "gstrings.h"
+#include <memory>
 
 namespace GAuth
 {
@@ -73,8 +74,8 @@ public:
 		///< Returns the empty string if none is supported or if not active().
 
 	bool next() ;
-		///< Moves to the next preferred mechanism. Returns the empty
-		///< string if there are no more mechanisms.
+		///< Moves to the next preferred mechanism. Returns false if there
+		///< are no more mechanisms.
 
 	std::string next( const std::string & ) ;
 		///< A convenience overload that moves to the next() mechanism
diff --git a/src/gauth/gsaslclientsecrets.h b/src/gauth/gsaslclientsecrets.h
index c3396a0..cf52ec8 100644
--- a/src/gauth/gsaslclientsecrets.h
+++ b/src/gauth/gsaslclientsecrets.h
@@ -33,13 +33,14 @@ namespace GAuth
 //| \class GAuth::SaslClientSecrets
 /// An interface used by GAuth::SaslClient to obtain a client id and
 /// its authentication secret. Conceptually there is one client and
-/// they can have a secrets encoded in multiple ways.
+/// they can have secrets encoded in multiple ways.
 ///
 class GAuth::SaslClientSecrets : public virtual Valid
 {
 public:
-	virtual Secret clientSecret( const std::string & encoding_type ) const = 0 ;
-		///< Returns the client secret for the given encoding type.
+	virtual Secret clientSecret( const std::string & type ) const = 0 ;
+		///< Returns the client secret for the given type.
+		///< The type is "plain" or the CRAM hash algorithm or "oauth".
 		///< Returns an invalid secret if none.
 } ;
 
diff --git a/src/gauth/gsaslserverpam.cpp b/src/gauth/gsaslserverpam.cpp
index f1bb16e..9e02317 100644
--- a/src/gauth/gsaslserverpam.cpp
+++ b/src/gauth/gsaslserverpam.cpp
@@ -45,9 +45,11 @@ public:
 	std::string id() const ;
 	bool authenticated() const ;
 
-private:
-	SaslServerPamImp( const SaslServerPamImp & ) ;
-	void operator=( const SaslServerPamImp & ) ;
+public:
+	SaslServerPamImp( const SaslServerPamImp & ) = delete ;
+	SaslServerPamImp( SaslServerPamImp && ) = delete ;
+	void operator=( const SaslServerPamImp & ) = delete ;
+	void operator=( SaslServerPamImp && ) = delete ;
 
 private:
 	bool m_active ;
@@ -76,9 +78,11 @@ protected:
 	void converse( ItemArray & ) override ;
 	void delay( unsigned int usec ) override ;
 
-private:
-	PamImp( const PamImp & ) ;
-	void operator=( const PamImp & ) ;
+public:
+	PamImp( const PamImp & ) = delete ;
+	PamImp( PamImp && ) = delete ;
+	void operator=( const PamImp & ) = delete ;
+	void operator=( PamImp && ) = delete ;
 
 private:
 	std::string m_app ;
@@ -159,7 +163,7 @@ bool GAuth::SaslServerPamImp::init( const std::string & mechanism )
 
 std::string GAuth::SaslServerPamImp::id() const
 {
-	return m_pam.get() ? m_pam->id() : std::string() ;
+	return m_pam ? m_pam->id() : std::string() ;
 }
 
 std::string GAuth::SaslServerPamImp::apply( const std::string & response , bool & done )
diff --git a/src/gauth/gsaslserverpam.h b/src/gauth/gsaslserverpam.h
index 51e36da..a41227d 100644
--- a/src/gauth/gsaslserverpam.h
+++ b/src/gauth/gsaslserverpam.h
@@ -53,11 +53,11 @@ public:
 		///< Constructor.
 
 public:
-	~SaslServerPam() ;
+	~SaslServerPam() override ;
 	SaslServerPam( const SaslServerPam & ) = delete ;
 	SaslServerPam( SaslServerPam && ) = delete ;
-	void operator=( const SaslServerPam & ) = delete ;
-	void operator=( SaslServerPam && ) = delete ;
+	SaslServerPam & operator=( const SaslServerPam & ) = delete ;
+	SaslServerPam & operator=( SaslServerPam && ) = delete ;
 
 private: // overrides
 	bool requiresEncryption() const override ; // Override from GAuth::SaslServer.
diff --git a/src/gauth/gsaslserversecrets.h b/src/gauth/gsaslserversecrets.h
index d1db1c8..95fd868 100644
--- a/src/gauth/gsaslserversecrets.h
+++ b/src/gauth/gsaslserversecrets.h
@@ -39,8 +39,9 @@ namespace GAuth
 class GAuth::SaslServerSecrets : public virtual Valid
 {
 public:
-	virtual Secret serverSecret( const std::string & encoding_type , const std::string & id ) const = 0 ;
+	virtual Secret serverSecret( const std::string & type , const std::string & id ) const = 0 ;
 		///< Returns the server secret for the given client id.
+		///< The type is "plain" or the CRAM hash algorithm.
 		///< Returns an invalid secret if not found.
 
 	virtual std::pair<std::string,std::string> serverTrust( const std::string & address_range ) const = 0 ;
diff --git a/src/gauth/gsecret.cpp b/src/gauth/gsecret.cpp
index 66efb05..8aebb3b 100644
--- a/src/gauth/gsecret.cpp
+++ b/src/gauth/gsecret.cpp
@@ -150,7 +150,8 @@ bool GAuth::Secret::isDotted( const std::string & s )
 
 std::string GAuth::Secret::undotted( const std::string & s )
 {
-	G::StringArray decimals = G::Str::splitIntoFields( s , "." ) ; decimals.resize( 8U ) ;
+	G::StringArray decimals = G::Str::splitIntoFields( s , "." ) ;
+	decimals.resize( 8U ) ;
 	std::string result ;
 	for( std::size_t i = 0U ; i < 8U ; i++ )
 	{
diff --git a/src/gauth/gsecrets.cpp b/src/gauth/gsecrets.cpp
index 1a0762a..aee08c8 100644
--- a/src/gauth/gsecrets.cpp
+++ b/src/gauth/gsecrets.cpp
@@ -37,18 +37,18 @@ void GAuth::Secrets::check( const std::string & p1 , const std::string & p2 , co
 	std::for_each( list.begin() , list.end() , &SecretsFile::check ) ;
 }
 
-GAuth::Secrets::Secrets( const std::string & path , const std::string & name , const std::string & type ) :
+GAuth::Secrets::Secrets( const std::string & path , const std::string & name ) :
 	m_source(path)
 {
 	G_DEBUG( "GAuth::Secrets:ctor: [" << path << "]" ) ;
 	if( m_source != "/pam" )
-		m_imp = std::make_unique<SecretsFile>( path , true , name , type ) ;
+		m_imp = std::make_unique<SecretsFile>( path , true , name ) ;
 }
 
 GAuth::Secrets::Secrets()
 {
 	if( m_source != "/pam" )
-		m_imp = std::make_unique<SecretsFile>( std::string() , true , std::string() , std::string() ) ;
+		m_imp = std::make_unique<SecretsFile>( std::string() , false , std::string() ) ;
 }
 
 GAuth::Secrets::~Secrets()
@@ -64,14 +64,14 @@ bool GAuth::Secrets::valid() const
 	return m_source == "/pam" || m_imp->valid() ;
 }
 
-GAuth::Secret GAuth::Secrets::clientSecret( const std::string & mechanism ) const
+GAuth::Secret GAuth::Secrets::clientSecret( const std::string & type ) const
 {
-	return valid() ? m_imp->clientSecret(mechanism) : Secret::none() ;
+	return valid() ? m_imp->clientSecret(type) : Secret::none() ;
 }
 
-GAuth::Secret GAuth::Secrets::serverSecret( const std::string & mechanism , const std::string & id ) const
+GAuth::Secret GAuth::Secrets::serverSecret( const std::string & type , const std::string & id ) const
 {
-	return valid() ? m_imp->serverSecret( mechanism , id ) : Secret::none() ;
+	return valid() ? m_imp->serverSecret( type , id ) : Secret::none() ;
 }
 
 std::pair<std::string,std::string> GAuth::Secrets::serverTrust( const std::string & address_range ) const
@@ -79,8 +79,8 @@ std::pair<std::string,std::string> GAuth::Secrets::serverTrust( const std::strin
 	return valid() ? m_imp->serverTrust( address_range ) : std::make_pair(std::string(),std::string()) ;
 }
 
-bool GAuth::Secrets::contains( const std::string & mechanism ) const
+bool GAuth::Secrets::contains( const std::string & type ) const
 {
-	return valid() ? m_imp->contains( mechanism ) : false ;
+	return valid() ? m_imp->contains( type ) : false ;
 }
 
diff --git a/src/gauth/gsecrets.h b/src/gauth/gsecrets.h
index d86b98f..df1ef9d 100644
--- a/src/gauth/gsecrets.h
+++ b/src/gauth/gsecrets.h
@@ -46,21 +46,15 @@ public:
 		///< Checks the given secret sources. Logs warnings and throws
 		///< an exception if there are any fatal errors.
 
-	Secrets( const std::string & source_storage_path , const std::string & debug_name ,
-		const std::string & server_type = std::string() ) ;
-			///< Constructor. The connection string is a secrets file path
-			///< or "/pam".
-			///<
-			///< The 'debug-name' is used in log and error messages to
-			///< identify the repository.
-			///<
-			///< The 'server-type' parameter can be used to select
-			///< a different set of server-side authentication records
-			///< that may be stored in the same repository such as
-			///< "smtp" or "pop". The default is "server".
-			///<
-			///< Throws on error, although an empty path is not
-			///< considered an error: see valid().
+	Secrets( const std::string & source_storage_path , const std::string & debug_name ) ;
+		///< Constructor. The connection string is a secrets file path
+		///< or "/pam".
+		///<
+		///< The 'debug-name' is used in log and error messages to
+		///< identify the repository.
+		///<
+		///< Throws on error, although an empty path is not
+		///< considered an error: see valid().
 
 	Secrets() ;
 		///< Default constructor for an in-valid(), empty-path object.
@@ -68,10 +62,10 @@ public:
 	bool valid() const override ;
 		///< Override from GAuth::Valid virtual base.
 
-	Secret serverSecret( const std::string & mechanism , const std::string & id ) const override ;
+	Secret serverSecret( const std::string & type , const std::string & id ) const override ;
 		///< Override from GAuth::SaslServerSecrets.
 
-	bool contains( const std::string & mechanism ) const override ;
+	bool contains( const std::string & type ) const override ;
 		///< Override from GAuth::SaslServerSecrets.
 
 public:
@@ -83,7 +77,7 @@ public:
 
 private: // overrides
 	std::string source() const override ; // Override from GAuth::SaslServerSecrets.
-	Secret clientSecret( const std::string & mechanism ) const override ; // Override from GAuth::SaslClientSecrets.
+	Secret clientSecret( const std::string & type ) const override ; // Override from GAuth::SaslClientSecrets.
 	std::pair<std::string,std::string> serverTrust( const std::string & address_range ) const override ; // Override from GAuth::SaslServerSecrets.
 
 private:
diff --git a/src/gauth/gsecretsfile.cpp b/src/gauth/gsecretsfile.cpp
index ae8c426..6f4f544 100644
--- a/src/gauth/gsecretsfile.cpp
+++ b/src/gauth/gsecretsfile.cpp
@@ -23,6 +23,7 @@
 #include "gsecrets.h"
 #include "groot.h"
 #include "gxtext.h"
+#include "gbase64.h"
 #include "gstr.h"
 #include "gdatetime.h"
 #include "gfile.h"
@@ -35,31 +36,23 @@
 #include <utility> // std::swap(), std::pair
 #include <sstream>
 
-GAuth::SecretsFile::SecretsFile( const G::Path & path , bool auto_reread , const std::string & debug_name ,
-	const std::string & server_type ) :
-		m_path(path) ,
-		m_auto(auto_reread) ,
-		m_debug_name(debug_name) ,
-		m_server_type(G::Str::lower(server_type)) ,
-		m_file_time(0) ,
-		m_check_time(G::SystemTime::now())
+GAuth::SecretsFile::SecretsFile( const G::Path & path , bool auto_reread , const std::string & debug_name ) :
+	m_path(path) ,
+	m_auto(auto_reread) ,
+	m_debug_name(debug_name) ,
+	m_file_time(0) ,
+	m_check_time(G::SystemTime::now())
 {
-	m_server_type = m_server_type.empty() ? std::string("server") : m_server_type ;
 	m_valid = ! path.str().empty() ;
 	if( m_valid )
-		read( path , false ) ;
+		read( path ) ;
 }
 
 void GAuth::SecretsFile::check( const std::string & path )
-{
-	checkImp( path , true , "server" ) ; // allow only 'client' or 'server' lines
-}
-
-void GAuth::SecretsFile::checkImp( const std::string & path , bool strict_side , const std::string & server_type )
 {
 	if( !path.empty() )
 	{
-		Contents contents = readContents( path , server_type , strict_side ) ;
+		Contents contents = readContents( path ) ;
 		showWarnings( contents.m_warnings , path ) ;
 		if( !contents.m_warnings.empty() )
 			throw Error() ;
@@ -90,16 +83,16 @@ void GAuth::SecretsFile::reread( int )
 			if( t != m_file_time )
 			{
 				G_LOG_S( "GAuth::Secrets: re-reading secrets file: " << m_path ) ;
-				read( m_path , false ) ;
+				read( m_path ) ;
 			}
 		}
 	}
 }
 
-void GAuth::SecretsFile::read( const G::Path & path , bool strict_side )
+void GAuth::SecretsFile::read( const G::Path & path )
 {
 	m_file_time = readFileTime( path ) ;
-	m_contents = readContents( path , m_server_type , strict_side ) ;
+	m_contents = readContents( path ) ;
 	showWarnings( m_contents.m_warnings , path , m_debug_name ) ;
 }
 
@@ -109,7 +102,7 @@ G::SystemTime GAuth::SecretsFile::readFileTime( const G::Path & path )
 	return G::File::time( path ) ;
 }
 
-GAuth::SecretsFile::Contents GAuth::SecretsFile::readContents( const G::Path & path , const std::string & server_type , bool strict_side )
+GAuth::SecretsFile::Contents GAuth::SecretsFile::readContents( const G::Path & path )
 {
 	std::unique_ptr<std::ifstream> file ;
 	{
@@ -121,10 +114,10 @@ GAuth::SecretsFile::Contents GAuth::SecretsFile::readContents( const G::Path & p
 		throw Secrets::OpenError( path.str() ) ;
 	}
 
-	return readContents( *file , server_type , strict_side ) ;
+	return readContents( *file ) ;
 }
 
-GAuth::SecretsFile::Contents GAuth::SecretsFile::readContents( std::istream & file , const std::string & server_type , bool strict_side )
+GAuth::SecretsFile::Contents GAuth::SecretsFile::readContents( std::istream & file )
 {
 	Contents contents ;
 	for( unsigned int line_number = 1U ; file.good() ; ++line_number )
@@ -141,61 +134,80 @@ GAuth::SecretsFile::Contents GAuth::SecretsFile::readContents( std::istream & fi
 			if( word_array.size() >= 4U )
 			{
 				// 0=<client-server> 1=<encoding-type> 2=<userid-or-ipaddress> 3=<secret-or-verifier-hint>
-				processLine( contents , server_type , line_number , word_array[0U] , word_array[1U] , word_array[2U] , word_array[3U] , strict_side ) ;
+				processLine( contents , line_number , word_array[0U] , word_array[1U] , word_array[2U] , word_array[3U] ) ;
 			}
 			else
 			{
-				addWarning( contents , line_number , "too few fields" , "" ) ;
+				addWarning( contents , line_number , "too few fields" ) ;
 			}
 		}
 	}
 	return contents ;
 }
 
-void GAuth::SecretsFile::processLine( Contents & contents , const std::string & server_type ,
-	unsigned int line_number , const std::string & side_in , const std::string & encoding_type_in ,
-	const std::string & id_xtext_or_ip , const std::string & secret , bool strict_side )
+void GAuth::SecretsFile::processLine( Contents & contents ,
+	unsigned int line_number , const std::string & side , const std::string & type_in ,
+	const std::string & id_or_ip_in , const std::string & secret_in )
 {
-	G_ASSERT( !side_in.empty() && !encoding_type_in.empty() && !id_xtext_or_ip.empty() && !secret.empty() ) ;
-	std::string encoding_type = G::Str::lower( encoding_type_in ) ;
-	std::string side = G::Str::lower( side_in ) ;
-
-	if( !G::Xtext::valid(id_xtext_or_ip) ) // (ip address ranges are valid xtext)
-		addWarning( contents , line_number , "invalid xtext encoding in third field" , id_xtext_or_ip ) ;
-
-	if( encoding_type == "client" || encoding_type == "server" || encoding_type == server_type ) // old-style field order, eg. "cram-md5 server ..."
+	std::string type = G::Str::lower( type_in ) ;
+	std::string id_or_ip = id_or_ip_in ;
+	std::string secret = secret_in ;
+	if( type == "plain:b" )
 	{
-		const bool plain = side == "plain" || side == "login" ;
-		addWarning( contents , line_number , "incorrect field order: use \"" + encoding_type + " " + (plain?"plain":"md5") + " <id> <" + (plain?"pwd":"hash") + ">\"" , "" ) ;
+		// for now just re-encode to xtext -- TODO rework secrets-file encodings
+        bool valid_id = G::Base64::valid( id_or_ip ) ;
+		bool valid_secret = G::Base64::valid( secret ) ;
+		if( !valid_id )
+            addWarning( contents , line_number , "invalid base64 encoding in third field" , id_or_ip ) ;
+        if( !valid_secret )
+            addWarning( contents , line_number , "invalid base64 encoding in fourth field" ) ;
+		if( !valid_id || !valid_secret )
+			return ;
+		type = "plain" ;
+        id_or_ip = G::Xtext::encode( G::Base64::decode(id_or_ip) ) ;
+        secret = G::Xtext::encode( G::Base64::decode(secret) ) ;
 	}
-	else if( side == server_type )
+	processLineImp( contents , line_number , G::Str::lower(side) , type , id_or_ip , secret ) ;
+}
+
+void GAuth::SecretsFile::processLineImp( Contents & contents ,
+	unsigned int line_number , const std::string & side , const std::string & type ,
+	const std::string & id_or_ip , const std::string & secret )
+{
+	G_ASSERT( !side.empty() && !type.empty() && !id_or_ip.empty() && !secret.empty() ) ;
+
+	if( type == "plain" )
+	{
+		if( !G::Xtext::valid(id_or_ip) ) // (ip address ranges are valid xtext)
+			addWarning( contents , line_number , "invalid xtext encoding in third field" , id_or_ip ) ;
+		if( !G::Xtext::valid(secret) )
+			addWarning( contents , line_number , "invalid xtext encoding in fourth field" ) ; // (new)
+	}
+
+	if( side == "server" )
 	{
 		// server-side
-		std::string key = serverKey( encoding_type , id_xtext_or_ip ) ;
+		std::string key = serverKey( type , id_or_ip ) ;
 		Value value( secret , line_number ) ;
 		bool inserted = contents.m_map.insert(std::make_pair(key,value)).second ;
 		if( inserted )
-			contents.m_types.insert( canonical(encoding_type) ) ;
+			contents.m_types.insert( canonical(type) ) ;
 		else
 			addWarning( contents , line_number , "duplicate server secret" , key ) ;
 	}
 	else if( side == "client" )
 	{
 		// client-side
-		const std::string & id = id_xtext_or_ip ;
-		std::string key = clientKey( encoding_type ) ; // not including user id
+		const std::string & id = id_or_ip ;
+		std::string key = clientKey( type ) ; // not including user id
 		Value value( id + " " + secret , line_number ) ;
 		bool inserted = contents.m_map.insert(std::make_pair(key,value)).second ;
 		if( !inserted )
 			addWarning( contents , line_number , "too many client secrets" , key ) ;
 	}
-	else if( strict_side )
-	{
-		addWarning( contents , line_number , "invalid value in first field: expecting 'client' or '" + server_type + "'" , side ) ;
-	}
 	else
 	{
-		G_DEBUG( "GAuth::SecretsFile::processLine: ignoring line number " << line_number << ": not 'client' or '" << server_type << "'" ) ;
+		addWarning( contents , line_number , "invalid value in first field" , side ) ;
 	}
 }
 
@@ -218,38 +230,40 @@ void GAuth::SecretsFile::showWarnings( const Warnings & warnings , const G::Path
 	}
 }
 
-std::string GAuth::SecretsFile::canonical( const std::string & encoding_type )
+std::string GAuth::SecretsFile::canonical( const std::string & type_in )
 {
-	std::string type = G::Str::lower( encoding_type ) ;
+	// (cram-md5, apop and login are for backwards compatibility -- new
+	// code exects plain, md5, sha1, sha512 etc)
+	std::string type = G::Str::lower( type_in ) ;
 	if( type == "cram-md5" ) type = "md5" ;
 	if( type == "apop" ) type = "md5" ;
 	if( type == "login" ) type = "plain" ;
 	return type ;
 }
 
-std::string GAuth::SecretsFile::serverKey( const std::string & encoding_type , const std::string & id_xtext )
+std::string GAuth::SecretsFile::serverKey( const std::string & type , const std::string & id_xtext )
 {
 	// eg. key -> value...
 	// "server plain bob" -> "e+3Dmc2"
 	// "server md5 bob" -> "xbase64x=="
 	// "server none 192.168.0.0/24" -> "trustee"
 	// "server none ::1/128" -> "trustee"
-	return "server " + canonical(encoding_type) + " " + id_xtext ;
+	return "server " + canonical(type) + " " + id_xtext ;
 }
 
-std::string GAuth::SecretsFile::clientKey( const std::string & encoding_type )
+std::string GAuth::SecretsFile::clientKey( const std::string & type )
 {
 	// eg. key -> value...
 	// "client plain" -> "alice secret+21"
 	// "client md5" -> "alice xbase64x=="
-	return "client " + canonical(encoding_type) ;
+	return "client " + canonical(type) ;
 }
 
-GAuth::Secret GAuth::SecretsFile::clientSecret( const std::string & encoding_type ) const
+GAuth::Secret GAuth::SecretsFile::clientSecret( const std::string & type ) const
 {
 	reread() ;
 
-	auto p = m_contents.m_map.find( clientKey(encoding_type) ) ;
+	auto p = m_contents.m_map.find( clientKey(type) ) ;
 	if( p == m_contents.m_map.end() )
 	{
 		return Secret::none() ;
@@ -258,25 +272,25 @@ GAuth::Secret GAuth::SecretsFile::clientSecret( const std::string & encoding_typ
 	{
 		std::string id_xtext = G::Str::head( (*p).second.s , " " ) ;
 		std::string secret_encoded = G::Str::tail( (*p).second.s , " " ) ;
-		return Secret( secret_encoded , canonical(encoding_type) , id_xtext , true , line((*p).second.n) ) ;
+		return Secret( secret_encoded , canonical(type) , id_xtext , true , line((*p).second.n) ) ;
 	}
 }
 
-GAuth::Secret GAuth::SecretsFile::serverSecret( const std::string & encoding_type , const std::string & id ) const
+GAuth::Secret GAuth::SecretsFile::serverSecret( const std::string & type , const std::string & id ) const
 {
 	if( id.empty() )
 		return Secret::none() ;
 
 	reread() ;
 
-	auto p = m_contents.m_map.find( serverKey(encoding_type,G::Xtext::encode(id)) ) ;
+	auto p = m_contents.m_map.find( serverKey(type,G::Xtext::encode(id)) ) ;
 	if( p == m_contents.m_map.end() )
 	{
 		return Secret::none( id ) ;
 	}
 	else
 	{
-		return Secret( (*p).second.s , canonical(encoding_type) , id , false , line((*p).second.n) ) ;
+		return Secret( (*p).second.s , canonical(type) , id , false , line((*p).second.n) ) ;
 	}
 }
 
@@ -285,9 +299,9 @@ std::pair<std::string,std::string> GAuth::SecretsFile::serverTrust( const std::s
 	reread() ; // (new)
 
 	std::pair<std::string,std::string> result ;
-	std::string encoding_type = "none" ;
+	std::string type = "none" ;
 	const std::string & id = address_range ; // the address-range lives in the id field
-	auto p = m_contents.m_map.find( serverKey(encoding_type,G::Xtext::encode(id)) ) ;
+	auto p = m_contents.m_map.find( serverKey(type,G::Xtext::encode(id)) ) ;
 	if( p != m_contents.m_map.end() )
 	{
 		result.first = (*p).second.s ; // the trustee name lives in the shared-secret field
@@ -301,9 +315,11 @@ std::string GAuth::SecretsFile::path() const
 	return m_path.str() ;
 }
 
-bool GAuth::SecretsFile::contains( const std::string & encoding_type ) const
+bool GAuth::SecretsFile::contains( const std::string & type , const std::string & id ) const
 {
-	return m_contents.m_types.find(canonical(encoding_type)) != m_contents.m_types.end() ;
+	return id.empty() ?
+		m_contents.m_types.find( canonical(type) ) != m_contents.m_types.end() :
+		m_contents.m_map.find( serverKey(type,G::Xtext::encode(id)) ) != m_contents.m_map.end() ;
 }
 
 std::string GAuth::SecretsFile::line( unsigned int line_number )
diff --git a/src/gauth/gsecretsfile.h b/src/gauth/gsecretsfile.h
index 4a4a85b..9d4700f 100644
--- a/src/gauth/gsecretsfile.h
+++ b/src/gauth/gsecretsfile.h
@@ -51,21 +51,19 @@ public:
 		///< Checks the given file. Logs warnings and throws an exception
 		///< if there are any fatal errors.
 
-	SecretsFile( const G::Path & path , bool auto_reread , const std::string & debug_name ,
-		const std::string & server_type = std::string() ) ;
-			///< Constructor to read "client" and "<server-type>" records
-			///< from the named file. The server type defaults to "server".
-			///< The filename path is optional; see valid().
+	SecretsFile( const G::Path & path , bool auto_reread , const std::string & debug_name ) ;
+		///< Constructor to read "client" and "server" records from
+		///< the named file. The path is optional; see valid().
 
 	bool valid() const ;
 		///< Returns true if the file path was supplied in the ctor.
 
-	Secret clientSecret( const std::string & encoding_type ) const ;
-		///< Returns the client id and secret for the given encoding-type.
+	Secret clientSecret( const std::string & type ) const ;
+		///< Returns the client id and secret for the given type.
 		///< Returns the empty string if none.
 
-	Secret serverSecret( const std::string & encoding_type , const std::string & id ) const ;
-		///< Returns the server secret for the given id and encoding-type.
+	Secret serverSecret( const std::string & type , const std::string & id ) const ;
+		///< Returns the server secret for the given id and type.
 		///< Returns the empty string if none.
 
 	std::pair<std::string,std::string> serverTrust( const std::string & address_range ) const ;
@@ -75,8 +73,9 @@ public:
 	std::string path() const ;
 		///< Returns the file path, as supplied to the ctor.
 
-	bool contains( const std::string & server_encoding_type ) const ;
-		///< Returns true if the given server encoding-type is represented.
+	bool contains( const std::string & type , const std::string & id = {} ) const ;
+		///< Returns true if a server secret of the given type
+		///< is available for the particular user or any user.
 
 private:
 	struct Value
@@ -97,16 +96,17 @@ private:
 	} ;
 
 private:
-	void read( const G::Path & , bool ) ;
+	void read( const G::Path & ) ;
 	void reread() const ;
 	void reread( int ) ;
-	static void checkImp( const std::string & path , bool strict , const std::string & server_type ) ;
-	static Contents readContents( const G::Path & , const std::string & , bool ) ;
-	static Contents readContents( std::istream & , const std::string & , bool ) ;
-	static void processLine( Contents & , const std::string & server_type ,
-		unsigned int , const std::string & side , const std::string & , const std::string & , const std::string & , bool ) ;
-	static void showWarnings( const Warnings & warnings , const G::Path & path , const std::string & debug_name = std::string() ) ;
-	static void addWarning( Contents & , unsigned int , const std::string & , const std::string & ) ;
+	static Contents readContents( const G::Path & ) ;
+	static Contents readContents( std::istream & ) ;
+	static void processLine( Contents & ,
+		unsigned int , const std::string & side , const std::string & , const std::string & , const std::string & ) ;
+	static void processLineImp( Contents & ,
+		unsigned int , const std::string & side , const std::string & , const std::string & , const std::string & ) ;
+	static void showWarnings( const Warnings & warnings , const G::Path & path , const std::string & debug_name = {} ) ;
+	static void addWarning( Contents & , unsigned int , const std::string & , const std::string & = {} ) ;
 	static std::string canonical( const std::string & encoding_type ) ;
 	static std::string serverKey( const std::string & , const std::string & ) ;
 	static std::string clientKey( const std::string & ) ;
@@ -117,7 +117,6 @@ private:
 	G::Path m_path ;
 	bool m_auto ;
 	std::string m_debug_name ;
-	std::string m_server_type ;
 	bool m_valid ;
 	Contents m_contents ;
 	G::SystemTime m_file_time ;
diff --git a/src/gconfig_defs.h.in b/src/gconfig_defs.h.in
index df6b9f4..dae83e4 100644
--- a/src/gconfig_defs.h.in
+++ b/src/gconfig_defs.h.in
@@ -3,9 +3,6 @@
 /* Define true to use epoll */
 #undef GCONFIG_ENABLE_EPOLL
 
-/* Define true to use IPv6 */
-#undef GCONFIG_ENABLE_IPV6
-
 /* Define true to use std::thread */
 #undef GCONFIG_ENABLE_STD_THREAD
 
diff --git a/src/glib/garg.cpp b/src/glib/garg.cpp
index 03d536a..00ac2e5 100644
--- a/src/glib/garg.cpp
+++ b/src/glib/garg.cpp
@@ -121,7 +121,7 @@ std::size_t G::Arg::match( const std::string & prefix ) const
 {
 	for( std::size_t i = 1U ; i < m_array.size() ; i++ )
 	{
-		if( G::Str::headMatch(m_array[i],prefix) )
+		if( Str::headMatch(m_array[i],prefix) )
 		{
 			return i ;
 		}
@@ -205,8 +205,8 @@ void G::Arg::parseImp( const std::string & command_line )
 	string_view nbws( "\0\0" , 2U ) ;
 	const char esc = '\\' ;
 	const char qq = '\"' ;
-	G::Str::splitIntoTokens( G::Str::dequote(command_line,qq,esc,ws,nbws) , m_array , ws , esc ) ;
-	G::Str::replace( m_array , '\0' , ' ' ) ;
+	Str::splitIntoTokens( Str::dequote(command_line,qq,esc,ws,nbws) , m_array , ws , esc ) ;
+	Str::replace( m_array , '\0' , ' ' ) ;
 }
 
 std::string G::Arg::exe( bool do_throw )
diff --git a/src/glib/gbase64.cpp b/src/glib/gbase64.cpp
index 9d56538..f6280c1 100644
--- a/src/glib/gbase64.cpp
+++ b/src/glib/gbase64.cpp
@@ -112,7 +112,7 @@ void G::Base64Imp::encode_imp( iterator_out result_p , string_in input , string_
 	auto const end = input.end() ;
 	for( auto p = input.begin() ; p != end ; blocks++ )
 	{
-		if( !eol.empty() && blocks && (blocks % blocks_per_line) == 0U )
+		if( !eol.empty() && blocks != 0U && (blocks % blocks_per_line) == 0U )
 			std::copy( eol.begin() , eol.end() , result_p ) ;
 
 		uint32_type n = 0UL ;
@@ -252,7 +252,7 @@ void G::Base64Imp::generate_8( g_uint32_t & n , std::size_t & bits , iterator_ou
 		*result++ = to_char(hi_8(n)) ;
 		n <<= 8U ;
 	}
-	else if( hi_8(n) )
+	else if( hi_8(n) != 0U )
 	{
 		error = true ;
 	}
@@ -261,7 +261,7 @@ void G::Base64Imp::generate_8( g_uint32_t & n , std::size_t & bits , iterator_ou
 std::size_t G::Base64Imp::index( char c , bool & error ) noexcept
 {
 	std::size_t pos = character_map.find( c ) ;
-	error = error || !c || pos == std::string::npos ;
+	error = error || (c=='\0') || pos == std::string::npos ;
 	return pos == std::string::npos ? std::size_t(0) : pos ;
 }
 
diff --git a/src/glib/gbatchfile.h b/src/glib/gbatchfile.h
index 026d476..4220482 100644
--- a/src/glib/gbatchfile.h
+++ b/src/glib/gbatchfile.h
@@ -44,10 +44,10 @@ class G::BatchFile
 public:
 	G_EXCEPTION( Error , "batch file error" ) ;
 
-	explicit BatchFile( const G::Path & ) ;
+	explicit BatchFile( const Path & ) ;
 		///< Constructor that reads from a file.
 
-	BatchFile( const G::Path & , std::nothrow_t ) ;
+	BatchFile( const Path & , std::nothrow_t ) ;
 		///< Constructor that reads from a file that might be missing
 		///< or empty.
 
@@ -61,14 +61,14 @@ public:
 	std::string name() const ;
 		///< Returns the "start" window name, if any.
 
-	const G::StringArray & args() const ;
+	const StringArray & args() const ;
 		///< Returns the startup command-line broken up into de-quoted pieces.
 		///< The first item in the list will be the executable.
 
 	std::size_t lineArgsPos() const ;
 		///< Returns the position in line() where the arguments start.
 
-	static void write( const G::Path & , const StringArray & args ,
+	static void write( const Path & , const StringArray & args ,
 		const std::string & start_window_name = std::string() ) ;
 			///< Writes a startup batch file, including a "start" prefix.
 			///< If the "start" window name is not supplied then it is
@@ -87,7 +87,7 @@ private:
 private:
 	std::string m_line ;
 	std::string m_name ;
-	G::StringArray m_args ;
+	StringArray m_args ;
 } ;
 
 #endif
diff --git a/src/glib/gbuffer.h b/src/glib/gbuffer.h
index 7770ccf..2d44a21 100644
--- a/src/glib/gbuffer.h
+++ b/src/glib/gbuffer.h
@@ -87,10 +87,14 @@ namespace G
 		const T & at( std::size_t i ) const { checkindex( i ) ; return *(m_p+i) ; }
 		T & at( std::size_t i ) { checkindex( i ) ; return *(m_p+i) ; }
 		std::size_t size() const noexcept { return m_n ; }
+		std::size_t capacity() const noexcept { return m_c ; }
 		bool empty() const noexcept { return m_n == 0U ; }
 		void clear() noexcept { m_n = 0 ; }
+		void shrink_to_fit() noexcept { if( empty() && m_p ) { std::free(m_p) ; m_p = nullptr ; m_c = 0U ; } } // NOLINT cppcoreguidelines-no-malloc
 		iterator begin() noexcept { return m_p ? m_p : &m_c0 ; }
 		iterator end() noexcept { return m_p ? (m_p+m_n) : &m_c0 ; }
+		const value_type * data() const noexcept { return m_p ? m_p : &m_c0 ; }
+		value_type * data() noexcept { return m_p ? m_p : &m_c0 ; }
 		const_iterator begin() const noexcept { return m_p ? m_p : &m_c0 ; }
 		const_iterator end() const noexcept { return m_p ? (m_p+m_n) : &m_c0 ; }
 		const_iterator cbegin() const noexcept { return m_p ? m_p : &m_c0 ; }
@@ -182,7 +186,7 @@ namespace G
 		char * m_p{nullptr} ;
 		std::size_t m_n{0U} ;
 		std::size_t m_c{0U} ;
-		char m_c0{'\0'} ;
+		value_type m_c0{'\0'} ;
 	} ;
 
 	template <typename Uptr, typename T = char>
@@ -193,7 +197,7 @@ namespace G
 		G_ASSERT( p == nullptr || p == &buffer[0] ) ; // assert malloc is behaving
 		if( p != &buffer[0] )
 			throw std::bad_cast() ; // buffer too small for a U
-		return new(p) U ; // placement new
+		return new(p) U ;
 	}
 
 	template <typename Uptr, typename T = char>
@@ -204,7 +208,7 @@ namespace G
 		G_ASSERT( p == nullptr || p == &buffer[0] ) ; // assert malloc is behaving
 		if( p != &buffer[0] )
 			return nullptr ; // buffer too small for a U
-		return new(p) U ; // placement new
+		return new(p) U ;
 	}
 
 	template <typename Uptr, typename T = char>
@@ -214,7 +218,7 @@ namespace G
 		return const_cast<Uptr>( buffer_cast<U*>( const_cast<Buffer<T>&>(buffer) ) ) ;
 	}
 
-	template <typename T> void swap( Buffer<T> & a , Buffer<T> & b )
+	template <typename T> void swap( Buffer<T> & a , Buffer<T> & b ) noexcept
 	{
 		a.swap( b ) ;
 	}
diff --git a/src/glib/gcleanup_unix.cpp b/src/glib/gcleanup_unix.cpp
index 4234d86..de652f7 100644
--- a/src/glib/gcleanup_unix.cpp
+++ b/src/glib/gcleanup_unix.cpp
@@ -186,9 +186,9 @@ void G::CleanupImp::installHandler( int signum )
 bool G::CleanupImp::ignored( int signum )
 {
 	struct ::sigaction action {} ;
-	if( ::sigaction( signum , nullptr , &action ) )
+	if( ::sigaction( signum , nullptr , &action ) != 0 )
 		throw Cleanup::Error( "sigaction" ) ;
-	return action.sa_handler == SIG_IGN ;
+	return action.sa_handler == SIG_IGN ; // NOLINT
 }
 
 void G::CleanupImp::installDefault( int signum )
@@ -203,7 +203,7 @@ void G::CleanupImp::installDefault( const G::SignalSafe & , int signum )
 
 void G::CleanupImp::installIgnore( int signum )
 {
-	install( signum , SIG_IGN , true ) ;
+	install( signum , SIG_IGN , true ) ; // NOLINT
 }
 
 void G::CleanupImp::install( int signum , Handler fn , bool do_throw )
@@ -211,7 +211,7 @@ void G::CleanupImp::install( int signum , Handler fn , bool do_throw )
 	// install the given handler, or the system default if null
 	struct ::sigaction action {} ;
 	action.sa_handler = fn ;
-	if( ::sigaction( signum , &action , nullptr ) && do_throw )
+	if( ::sigaction( signum , &action , nullptr ) != 0 && do_throw )
 		throw Cleanup::Error( "sigaction" ) ;
 }
 
diff --git a/src/glib/gdatetime.cpp b/src/glib/gdatetime.cpp
index c6a479c..c550d6e 100644
--- a/src/glib/gdatetime.cpp
+++ b/src/glib/gdatetime.cpp
@@ -57,7 +57,8 @@ namespace G
 	}
 }
 
-G::BrokenDownTime::BrokenDownTime()
+G::BrokenDownTime::BrokenDownTime() :
+	m_tm{}
 {
 	m_tm.tm_isdst = -1 ;
 }
@@ -97,7 +98,7 @@ std::time_t G::BrokenDownTime::epochTimeFromUtcImp() const
 std::time_t G::BrokenDownTime::epochTimeFromUtcImp( bool & diff_set , std::time_t & diff ) const
 {
 	constexpr int day = 24 * 60 * 60 ;
-	constexpr std::time_t dt = 60 * 15 ; // india 30mins, nepal 45mins
+	constexpr std::time_t dt = 60 * 15 ; // india 30mins, nepal 45mins // NOLINT
 	constexpr std::time_t day_and_a_bit = day + dt ;
 	constexpr std::time_t t_rounding = 30 ;
 
@@ -136,7 +137,7 @@ G::BrokenDownTime G::BrokenDownTime::local( SystemTime t )
 {
 	BrokenDownTime tm ;
 	std::time_t s = t.s() ;
-	if( ! localtime_r( &s , &tm.m_tm ) )
+	if( localtime_r( &s , &tm.m_tm ) == nullptr )
 		throw DateTime::Error() ;
 	return tm ;
 }
@@ -145,7 +146,7 @@ G::BrokenDownTime G::BrokenDownTime::utc( SystemTime t )
 {
 	BrokenDownTime tm ;
 	std::time_t s = t.s() ;
-	if( ! gmtime_r( &s , &tm.m_tm ) )
+	if( gmtime_r( &s , &tm.m_tm ) == nullptr )
 		throw DateTime::Error() ;
 	return tm ;
 }
@@ -364,7 +365,7 @@ void G::SystemTime::operator+=( TimeInterval i )
 
 void G::SystemTime::streamOut( std::ostream & stream ) const
 {
-	std::streamsize w = stream.width() ;
+	int w = static_cast<int>( stream.width() ) ;
 	char c = stream.fill() ;
 	stream
 		<< s() << "."
@@ -630,7 +631,7 @@ void G::TimeInterval::operator-=( TimeInterval i )
 
 void G::TimeInterval::streamOut( std::ostream & stream ) const
 {
-	std::streamsize w = stream.width() ;
+	int w = static_cast<int>( stream.width() ) ;
 	char c = stream.fill() ;
 	stream
 		<< s() << "."
diff --git a/src/glib/gdef.h b/src/glib/gdef.h
index eae03cb..bc16fd1 100644
--- a/src/glib/gdef.h
+++ b/src/glib/gdef.h
@@ -1363,7 +1363,7 @@
 		#endif
 
 		#if ! GCONFIG_HAVE_CXX_ALIGNMENT
-			namespace std
+			namespace std // NOLINT
 			{
 				// missing in gcc 4.8.4 -- original copyright 2001-2016 FSF Inc, GPLv3
 				inline void * align( size_t align , size_t size , void * & ptr_inout , size_t & space ) noexcept
diff --git a/src/glib/gexception.cpp b/src/glib/gexception.cpp
index 62e4811..9a02e3e 100644
--- a/src/glib/gexception.cpp
+++ b/src/glib/gexception.cpp
@@ -100,18 +100,3 @@ G::Exception::Exception( const std::string & what , const std::string & more1 ,
 {
 }
 
-G::Exception G::Exception::translated() const
-{
-	try
-	{
-		std::string head = G::Str::head( what() , ": " , false ) ;
-		std::string tail = G::Str::tail( what() , ": " ) ;
-		std::string new_head = G::gettext( head.c_str() ) ;
-		return G::Exception( new_head , tail ) ;
-	}
-	catch( std::exception & )
-	{
-		return *this ;
-	}
-}
-
diff --git a/src/glib/gexception.h b/src/glib/gexception.h
index 0dfb244..23b21ca 100644
--- a/src/glib/gexception.h
+++ b/src/glib/gexception.h
@@ -67,11 +67,6 @@ public:
 
 	Exception( const std::string & what , const std::string & more1 , const std::string & more2 , const std::string & more3 ) ;
 		///< Constructor.
-
-	Exception translated() const ;
-		///< Returns a new exception that is possibly translated using
-		///< gettext(). (Use gettext_noop() in G_EXCEPTION declarations
-		///< to mark the string for translation.)
 } ;
 
 #define G_EXCEPTION_CLASS( class_name , description ) class class_name : public G::Exception { public: class_name() : G::Exception((description)) {} explicit class_name(const char *more) : G::Exception((description),more) {} explicit class_name(const std::string &more) : G::Exception((description),more) {} class_name(const std::string &more1,const std::string &more2) : G::Exception((description),more1,more2) {} class_name(const std::string &more1,const std::string &more2,const std::string &more3) : G::Exception((description),more1,more2,more3) {} }
diff --git a/src/glib/gfile.cpp b/src/glib/gfile.cpp
index fc49321..63d2d03 100644
--- a/src/glib/gfile.cpp
+++ b/src/glib/gfile.cpp
@@ -274,13 +274,14 @@ bool G::File::mkdirsr( int * ep , const Path & path , int limit )
 bool G::File::mkdirs( const Path & path , std::nothrow_t , int limit )
 {
 	int e = 0 ;
-	return mkdirsr( &e , path , limit ) ;
+	bool ok = mkdirsr( &e , path , limit ) ;
+	return ok || e == EEXIST ;
 }
 
 void G::File::mkdirs( const Path & path , int limit )
 {
 	int e = 0 ;
-	if( !mkdirsr(&e,path,limit) )
+	if( !mkdirsr(&e,path,limit) && e != EEXIST )
 		throw CannotMkdir( path.str() , e ? G::Process::strerror(e) : std::string() ) ;
 }
 
diff --git a/src/glib/gfile_win32.cpp b/src/glib/gfile_win32.cpp
index 6938703..3c00f5d 100644
--- a/src/glib/gfile_win32.cpp
+++ b/src/glib/gfile_win32.cpp
@@ -93,7 +93,7 @@ std::filebuf * G::File::open( std::filebuf & fb , const Path & path , InOut inou
 	inout == InOut::In ?
 		FileImp::open( fb , path.cstr() , std::ios_base::in | std::ios_base::binary ) :
 		FileImp::open( fb , path.cstr() , std::ios_base::out | std::ios_base::binary ) ;
-	return &fb ;
+	return fb.is_open() ? &fb : nullptr ;
 }
 
 int G::File::open( const char * path , InOutAppend mode ) noexcept
@@ -146,12 +146,16 @@ void G::File::close( int fd ) noexcept
 int G::File::mkdirImp( const Path & dir ) noexcept
 {
 	int rc = _mkdir( dir.cstr() ) ;
-	if( rc != 0 )
+	if( rc == 0 )
 	{
-		rc = G::Process::errno_() ;
-		if( rc == 0 ) rc = EINVAL ;
+		return 0 ;
+	}
+	else
+	{
+		int e = G::Process::errno_() ;
+		if( e == 0 ) e = EINVAL ;
+		return e ;
 	}
-	return rc ;
 }
 
 G::File::Stat G::File::statImp( const char * path , bool ) noexcept
diff --git a/src/glib/ghashstate.h b/src/glib/ghashstate.h
index 9e6aac8..8c5cf4d 100644
--- a/src/glib/ghashstate.h
+++ b/src/glib/ghashstate.h
@@ -38,7 +38,7 @@ class G::HashStateImp
 {
 public:
 	template <typename U> static std::string extension( U n ) ;
-		///< Returns the given data size a four-character
+		///< Returns the given data size as a four-character
 		///< string.
 
 protected:
@@ -115,7 +115,7 @@ std::string G::HashState<N,U,S>::encode( const uint_type * values )
 	std::string result( N , '\0' ) ;
 	for( std::size_t i = 0U ; i < N/4 ; i++ )
 	{
-		convert_( values[i] , result.begin() + (i*4U) ) ;
+		convert_( values[i] , result.begin() + (i*4U) ) ; // NOLINT narrowing
 	}
 	return result ;
 }
@@ -126,7 +126,7 @@ std::string G::HashState<N,U,S>::encode( const uint_type * values , size_type n
 	std::string result( N+4U , '\0' ) ;
 	for( std::size_t i = 0U ; i < N/4 ; i++ )
 	{
-		convert_( values[i] , result.begin() + (i*4U) ) ;
+		convert_( values[i] , result.begin() + (i*4U) ) ; // NOLINT narrowing
 	}
 	convert_( n , result.begin() + N ) ;
 	return result ;
@@ -229,7 +229,7 @@ void G::HashState<N,U,S>::convert( const std::string & str , uint_type & n_out )
 template <unsigned int N, typename U, typename S>
 void G::HashState<N,U,S>::convert( const std::string & str , uint_type * state_out )
 {
-	for( unsigned int i = 0U ; i < (N/4U) ; i++ )
+	for( std::size_t i = 0U ; i < (N/4U) ; i++ )
 	{
 		convert( str.at(i*4U+3U) , str.at(i*4U+2U) , str.at(i*4U+1U) , str.at(i*4U+0U) , state_out[i] ) ;
 	}
diff --git a/src/glib/gidentity_win32.cpp b/src/glib/gidentity_win32.cpp
index aef5bd6..9bea086 100644
--- a/src/glib/gidentity_win32.cpp
+++ b/src/glib/gidentity_win32.cpp
@@ -98,12 +98,12 @@ bool G::Identity::isRoot() const noexcept
 	return false ;
 }
 
-bool G::Identity::operator==( const Identity & other ) const noexcept
+bool G::Identity::operator==( const Identity & ) const noexcept
 {
 	return true ;
 }
 
-bool G::Identity::operator!=( const Identity & other ) const noexcept
+bool G::Identity::operator!=( const Identity & ) const noexcept
 {
 	return false ;
 }
diff --git a/src/glib/glogoutput.cpp b/src/glib/glogoutput.cpp
index c9126e3..3f70c89 100644
--- a/src/glib/glogoutput.cpp
+++ b/src/glib/glogoutput.cpp
@@ -209,6 +209,7 @@ std::ostream & G::LogOutput::start( Log::Severity severity )
 		open( m_path , false ) ;
 
 	std::ostream & ss = LogOutputImp::ostream1() ;
+	ss << std::dec ;
 	if( m_exename.length() )
 		ss << m_exename << ": " ;
 	if( m_config.m_with_timestamp )
diff --git a/src/glib/gmd5.cpp b/src/glib/gmd5.cpp
index 24a9035..4773eb9 100644
--- a/src/glib/gmd5.cpp
+++ b/src/glib/gmd5.cpp
@@ -298,8 +298,8 @@ G::Md5Imp::big_t G::Md5Imp::digest::op( const block & m , aux_fn_t aux , big_t a
 G::Md5Imp::big_t G::Md5Imp::digest::rot32( small_t places , big_t n )
 {
 	// circular rotate of 32 LSBs, with corruption of higher bits
-	big_t overflow_mask = ( 1UL << places ) - 1UL ; // in case big_t is more than 32 bits
-	big_t overflow = ( n >> ( 32U - places ) ) ;
+	big_t overflow_mask = ( big_t(1U) << places ) - big_t(1U) ; // in case big_t is more than 32 bits
+	big_t overflow = ( n >> ( small_t(32U) - places ) ) ;
 	return ( n << places ) | ( overflow & overflow_mask ) ;
 }
 
diff --git a/src/glib/gnewprocess.h b/src/glib/gnewprocess.h
index 985a06f..9058ce1 100644
--- a/src/glib/gnewprocess.h
+++ b/src/glib/gnewprocess.h
@@ -29,6 +29,8 @@
 #include "gprocess.h"
 #include "gpath.h"
 #include "gstrings.h"
+#include <memory>
+#include <new>
 #include <string>
 #include <future>
 
@@ -207,7 +209,7 @@ public:
 		///< \code
 		///< std::promise<int,std::string> p ;
 		///< std::future<int,std::string> f = p.get_future() ;
-		///< std::thread t( std::bind(&NewPromiseWaitable::waitp,waitable,_1) , std::move(p) ) ;
+		///< std::thread t( std::bind(&NewProcessWaitable::waitp,waitable,_1) , std::move(p) ) ;
 		///< f.wait() ;
 		///< t.join() ;
 		///< int e = f.get() ;
diff --git a/src/glib/gnewprocess_unix.cpp b/src/glib/gnewprocess_unix.cpp
index 0d2ba77..8077183 100644
--- a/src/glib/gnewprocess_unix.cpp
+++ b/src/glib/gnewprocess_unix.cpp
@@ -142,7 +142,7 @@ void G::NewProcess::kill( bool yield ) noexcept
 	if( yield )
 	{
 		G::threading::yield() ;
-		::close( ::open( "/dev/null" , O_RDONLY ) ) ; // hmm
+		::close( ::open( "/dev/null" , O_RDONLY ) ) ; // hmm // NOLINT
 		G::threading::yield() ;
 	}
 }
@@ -322,7 +322,7 @@ bool G::NewProcessImp::duplicate( Fd fd , int fd_std )
 	G_ASSERT( !(fd==Fd::pipe()) ) ;
 	if( fd == Fd::devnull() )
 	{
-		int fd_null = ::open( G::Path::nullDevice().cstr() , fd_std == STDIN_FILENO ? O_RDONLY : O_WRONLY ) ;
+		int fd_null = ::open( G::Path::nullDevice().cstr() , fd_std == STDIN_FILENO ? O_RDONLY : O_WRONLY ) ; // NOLINT
 		if( fd_null < 0 ) throw NewProcess::Error( "failed to open /dev/null" ) ;
 		::dup2( fd_null , fd_std ) ;
 		return true ;
@@ -429,7 +429,7 @@ G::NewProcessWaitable & G::NewProcessWaitable::wait()
 {
 	// (worker thread - keep it simple - never throws - does read then waitpid)
 	{
-		std::array<char,64U> discard ; // NOLINT cppcoreguidelines-pro-type-member-init
+		std::array<char,64U> discard {} ;
 		char * p = &m_buffer[0] ;
 		std::size_t space = m_buffer.size() ;
 		std::size_t size = 0U ;
@@ -469,7 +469,7 @@ G::NewProcessWaitable & G::NewProcessWaitable::wait()
 		errno = 0 ;
 		m_rc = ::waitpid( m_pid , &m_status , 0 ) ;
 		m_error = errno ;
-		if( m_rc >= 0 && ( WIFSTOPPED(m_status) || WIFCONTINUED(m_status) ) )
+		if( m_rc >= 0 && ( WIFSTOPPED(m_status) || WIFCONTINUED(m_status) ) ) // NOLINT
 			; // keep waiting
 		else if( m_rc == -1 && m_error == EINTR )
 			; // keep waiting
@@ -498,18 +498,18 @@ int G::NewProcessWaitable::get() const
 			ss << "errno=" << (m_read_error?m_read_error:m_error) ;
 			throw NewProcess::WaitError( ss.str() ) ;
 		}
-		else if( !WIFEXITED(m_status) )
+		else if( !WIFEXITED(m_status) ) // NOLINT
 		{
 			// uncaught signal
 			std::ostringstream ss ;
 			ss << "pid=" << m_pid ;
-			if( WIFSIGNALED(m_status) )
-				ss << " signal=" << WTERMSIG(m_status) ;
+			if( WIFSIGNALED(m_status) ) // NOLINT
+				ss << " signal=" << WTERMSIG(m_status) ; // NOLINT
 			throw NewProcess::ChildError( ss.str() ) ;
 		}
 		else
 		{
-			result = WEXITSTATUS( m_status ) ;
+			result = WEXITSTATUS( m_status ) ; // NOLINT
 		}
 	}
 	return result ;
diff --git a/src/glib/gpam.h b/src/glib/gpam.h
index 05ee578..2c9a5e6 100644
--- a/src/glib/gpam.h
+++ b/src/glib/gpam.h
@@ -63,7 +63,7 @@ public:
 		const std::string in_type ; // "password", "prompt", "error", "info"
 		const std::string in ; // password prompt, non-password prompt, error text, infomation message, etc
 		std::string out ; // password, or whatever was prompted for
-		bool out_defined ; // to be set to true if 'out' is assigned
+		bool out_defined{false} ; // to be set to true if 'out' is assigned
 	} ;
 	class Error : public G::Exception /// An exception class for G::Pam.
 	{
diff --git a/src/glib/gpam_linux.cpp b/src/glib/gpam_linux.cpp
index 473975d..3fb3841 100644
--- a/src/glib/gpam_linux.cpp
+++ b/src/glib/gpam_linux.cpp
@@ -54,24 +54,8 @@ class G::PamImp
 {
 public:
 	using Handle = pam_handle_t * ;
-
-private:
 	using Conversation = struct pam_conv ;
-	using Error = Pam::Error ;
-	using ItemArray = Pam::ItemArray ;
-	static constexpr int MAGIC = 3456 ;
-
-public:
-	Pam & m_pam ;
-	int m_magic ;
-	mutable int m_rc ; // required for pam_end()
-	Handle m_hpam ;
-	Conversation m_conv ;
-	bool m_silent ;
-
-public:
 	PamImp( Pam & pam , const std::string & app , const std::string & user , bool silent ) ;
-	~PamImp() ;
 	Handle hpam() const ;
 	bool silent() const ;
 	bool authenticate( bool ) ;
@@ -84,8 +68,24 @@ public:
 	std::string name() const ;
 
 public:
+	~PamImp() ;
 	PamImp( const PamImp & ) = delete ;
-	void operator=( const PamImp & ) = delete ;
+	PamImp( PamImp && ) = delete ;
+	PamImp & operator=( const PamImp & ) = delete ;
+	PamImp & operator=( PamImp && ) = delete ;
+
+public:
+	Pam & m_pam ;
+	int m_magic ;
+	mutable int m_rc ; // required for pam_end()
+	Handle m_hpam ;
+	Conversation m_conv ;
+	bool m_silent ;
+
+private:
+	using Error = Pam::Error ;
+	using ItemArray = Pam::ItemArray ;
+	static constexpr int MAGIC = 3456 ;
 
 private:
 	static int converseCallback( int n , G_PAM_CONST struct pam_message ** in ,
@@ -102,6 +102,8 @@ G::PamImp::PamImp( G::Pam & pam , const std::string & application , const std::s
 	m_pam(pam) ,
 	m_magic(MAGIC) ,
 	m_rc(PAM_SUCCESS) ,
+	m_hpam(nullptr) ,
+	m_conv{} ,
 	m_silent(silent)
 {
 	G_DEBUG( "G::PamImp::ctor: [" << application << "] [" << user << "]" ) ;
@@ -207,10 +209,10 @@ void G::PamImp::release( struct pam_response * rsp , std::size_t n )
 		for( std::size_t i = 0U ; i < n ; i++ )
 		{
 			if( rsp[i].resp != nullptr )
-				std::free( rsp[i].resp ) ;
+				std::free( rsp[i].resp ) ; // NOLINT
 		}
 	}
-	std::free( rsp ) ;
+	std::free( rsp ) ; // NOLINT
 }
 
 int G::PamImp::converseCallback( int n_in , G_PAM_CONST struct pam_message ** in ,
@@ -266,7 +268,7 @@ int G::PamImp::converseCallback( int n_in , G_PAM_CONST struct pam_message ** in
 		// allocate the response - treat "out" as a pointer to a pointer
 		// to a contiguous array of structures (see linux man pam_conv)
 		//
-		rsp = static_cast<struct pam_response*>( std::malloc(n*sizeof(struct pam_response)) ) ;
+		rsp = static_cast<struct pam_response*>( std::malloc(n*sizeof(struct pam_response)) ) ; // NOLINT
 		if( rsp == nullptr )
 			throw std::bad_alloc() ;
 		for( std::size_t j = 0U ; j < n ; j++ )
@@ -349,7 +351,7 @@ void G::PamImp::check( const std::string & op , int rc ) const
 char * G::PamImp::strdup_( const char * p )
 {
 	p = p ? p : "" ;
-	char * copy = static_cast<char*>( std::malloc(std::strlen(p)+1U) ) ;
+	char * copy = static_cast<char*>( std::malloc(std::strlen(p)+1U) ) ; // NOLINT
 	if( copy != nullptr )
 		std::strcpy( copy , p ) ; // NOLINT
 	return copy ;
diff --git a/src/glib/gpath.h b/src/glib/gpath.h
index 509d372..b5f70b4 100644
--- a/src/glib/gpath.h
+++ b/src/glib/gpath.h
@@ -140,7 +140,7 @@ public:
 		///< Returns !isRelative().
 
 	bool isRelative() const ;
-		///< Returns true if the path is a relative path.
+		///< Returns true if the path is a relative path or empty().
 
 	void pathAppend( const std::string & tail ) ;
 		///< Appends a filename or a relative path to this path.
diff --git a/src/glib/gprocess_unix.cpp b/src/glib/gprocess_unix.cpp
index 56b04f0..1fc7fe5 100644
--- a/src/glib/gprocess_unix.cpp
+++ b/src/glib/gprocess_unix.cpp
@@ -235,9 +235,9 @@ std::string G::Process::exe()
 
 // ==
 
-G::Process::Id::Id() noexcept
+G::Process::Id::Id() noexcept :
+	m_pid(::getpid())
 {
-	m_pid = ::getpid() ;
 }
 
 std::string G::Process::Id::str() const
diff --git a/src/glib/groot.cpp b/src/glib/groot.cpp
index b92d76a..473eeff 100644
--- a/src/glib/groot.cpp
+++ b/src/glib/groot.cpp
@@ -54,12 +54,14 @@ G::Root::Root( bool change_group ) :
 	}
 }
 
-G::Root::~Root()
+G::Root::~Root() // NOLINT bugprone-exception-escape
 {
 	if( m_this == this && m_initialised )
 	{
 		m_this = nullptr ;
-		Process::beOrdinary( m_nobody , m_change_group ) ; // std::terminate on error
+		int e_saved = Process::errno_() ;
+		Process::beOrdinary( m_nobody , m_change_group ) ; // can throw - std::terminate is correct
+		Process::errno_( SignalSafe() , e_saved ) ;
 	}
 }
 
diff --git a/src/glib/groot.h b/src/glib/groot.h
index c2956b1..2a66de4 100644
--- a/src/glib/groot.h
+++ b/src/glib/groot.h
@@ -64,7 +64,7 @@ public:
 		///< Constructor overload with explicit control over whether to change the
 		///< group-id or not.
 
-	~Root() ;
+	~Root() ; // NOLINT
 		///< Desctructor. Releases special privileges if this instance acquired them.
 		///< The implementation uses G::Process::beOrdinary(). Errors from seteuid()
 		///< will call Process::terminate().
diff --git a/src/glib/gstr.cpp b/src/glib/gstr.cpp
index 264982f..baf2334 100644
--- a/src/glib/gstr.cpp
+++ b/src/glib/gstr.cpp
@@ -666,7 +666,7 @@ unsigned long G::StrImp::toULongHex( const std::string & s , bool limited )
 		else if( c >= 65U && c <= 70U ) c -= 55U ;
 		else if( c >= 48U && c <= 57U ) c -= 48U ;
 		else throw Str::InvalidFormat( "invalid hexadecimal" , s ) ;
-		n <<= 4 ;
+		n <<= 4U ;
 		n += c ;
 	}
 	return n ;
@@ -764,8 +764,8 @@ std::size_t G::StrImp::outputHex( Tout out , char c )
 	namespace imp = G::StrImp ;
 	std::size_t n = static_cast<unsigned char>( c ) ;
 	n &= 0xFFU ;
-	*out++ = imp::chars_hexmap[(n>>4)%16U] ;
-	*out++ = imp::chars_hexmap[(n>>0)%16U] ;
+	*out++ = imp::chars_hexmap[(n>>4U)%16U] ;
+	*out++ = imp::chars_hexmap[(n>>0U)%16U] ;
 	return 2U ;
 }
 
@@ -776,10 +776,10 @@ std::size_t G::StrImp::outputHex( Tout out , wchar_t c )
 	using uwchar_t = typename std::make_unsigned<wchar_t>::type ;
 	std::size_t n = static_cast<uwchar_t>( c ) ;
 	n &= 0xFFFFU ;
-	*out++ = imp::chars_hexmap[(n>>12)%16U] ;
-	*out++ = imp::chars_hexmap[(n>>8)%16U] ;
-	*out++ = imp::chars_hexmap[(n>>4)%16U] ;
-	*out++ = imp::chars_hexmap[(n>>0)%16U] ;
+	*out++ = imp::chars_hexmap[(n>>12U)%16U] ;
+	*out++ = imp::chars_hexmap[(n>>8U)%16U] ;
+	*out++ = imp::chars_hexmap[(n>>4U)%16U] ;
+	*out++ = imp::chars_hexmap[(n>>0U)%16U] ;
 	return 4U ;
 }
 
@@ -1443,7 +1443,7 @@ std::size_t G::Str::ifind( const std::string & s , const std::string & key , std
 {
 	namespace imp = G::StrImp ;
 	if( s.empty() || key.empty() || pos > s.length() ) return std::string::npos ;
-	auto p = std::search( s.begin()+pos , s.end() , key.begin() , key.end() , imp::imatchc ) ;
+	auto p = std::search( s.begin()+pos , s.end() , key.begin() , key.end() , imp::imatchc ) ; // NOLINT narrowing
 	return p == s.end() ? std::string::npos : std::distance(s.begin(),p) ;
 }
 
diff --git a/src/glib/gstringview.h b/src/glib/gstringview.h
index 68a77da..cc02349 100644
--- a/src/glib/gstringview.h
+++ b/src/glib/gstringview.h
@@ -97,7 +97,7 @@ public:
 	}
 	constexpr static bool same( basic_string_view a , basic_string_view b ) noexcept
 	{
-		return a.size() == b.size() && StringViewImp::same( a.size() , a.data() , b.data() ) ;
+		return a.size() == b.size() && ( a.empty() || StringViewImp::same( a.size() , a.data() , b.data() ) ) ;
 	}
 	constexpr std::size_t size() const noexcept { return m_n ; }
 	constexpr std::size_t length() const noexcept { return m_n ; }
@@ -106,10 +106,10 @@ public:
 	void swap( basic_string_view<Tchar> & other ) noexcept { std::swap(m_p,other.m_p) ; std::swap(m_n,other.m_n) ; }
 	constexpr const Tchar & operator[]( std::size_t i ) const { return m_p[i] ; }
 	const Tchar & at( std::size_t i ) const { if( i >= m_n ) throw std::out_of_range("string_view") ; return m_p[i] ; }
-	const Tchar * begin() const noexcept { return m_p ; }
-	const Tchar * cbegin() const noexcept { return m_p ; }
-	const Tchar * end() const noexcept { return m_p + m_n ; }
-	const Tchar * cend() const noexcept { return m_p + m_n ; }
+	const Tchar * begin() const noexcept { return empty() ? nullptr : m_p ; }
+	const Tchar * cbegin() const noexcept { return empty() ? nullptr : m_p ; }
+	const Tchar * end() const noexcept { return empty() ? nullptr : (m_p+m_n) ; }
+	const Tchar * cend() const noexcept { return empty() ? nullptr : (m_p+m_n) ; }
 	bool operator==( const basic_string_view<Tchar> & other ) const noexcept { return compare(other) == 0 ; }
 	bool operator!=( const basic_string_view<Tchar> & other ) const noexcept { return compare(other) != 0 ; }
 	bool operator<( const basic_string_view<Tchar> & other ) const noexcept { return compare(other) < 0 ; }
@@ -118,16 +118,17 @@ public:
 	bool operator>=( const basic_string_view<Tchar> & other ) const noexcept { return compare(other) >= 0 ; }
 	int compare( const basic_string_view<Tchar> & other ) const noexcept
 	{
-		int rc = std::char_traits<Tchar>::compare( m_p , other.m_p , std::min(m_n,other.m_n) ) ;
+		int rc = ( empty() || other.empty() ) ? 0 : std::char_traits<Tchar>::compare( m_p , other.m_p , std::min(m_n,other.m_n) ) ;
 		return rc == 0 ? ( m_n < other.m_n ? -1 : (m_n==other.m_n?0:1) ) : rc ;
 	}
 	string_view substr( std::size_t pos , std::size_t count = npos ) const
 	{
-		if( pos > m_n ) throw std::out_of_range( "string_view" ) ;
+		if( empty() || pos > m_n ) throw std::out_of_range( "string_view" ) ;
 		return string_view( m_p + pos , std::min(m_n-pos,count) ) ;
 	}
 	std::size_t find( Tchar c ) const noexcept
 	{
+		if( empty() ) return std::string::npos ;
 		const Tchar * p = m_p ;
 		std::size_t n = m_n ;
 		for( std::size_t pos = 0U ; n ; p++ , n-- , pos++ )
@@ -137,11 +138,28 @@ public:
 		}
 		return std::string::npos ;
 	}
-	std::size_t find_first_of( basic_string_view<Tchar> chars ) const noexcept
+	std::size_t find( const Tchar * substr_p , std::size_t pos , std::size_t substr_n ) const
 	{
-		const Tchar * p = m_p ;
-		std::size_t n = m_n ;
-		for( std::size_t pos = 0U ; n ; p++ , n-- , pos++ )
+		return find( basic_string_view<Tchar>(substr_p,substr_n) , pos ) ;
+	}
+	std::size_t find( basic_string_view<Tchar> substr , std::size_t pos = 0U ) const
+	{
+		if( empty() || pos >= m_n ) return std::string::npos ;
+		if( substr.empty() ) return pos ;
+		auto const end = m_p + m_n ;
+		auto p = std::search( m_p+pos , end , substr.m_p , substr.m_p+substr.m_n ) ;
+		return p == end ? std::string::npos : std::distance(m_p,p) ;
+	}
+	std::size_t find_first_of( const Tchar * chars , std::size_t pos , std::size_t chars_size ) const noexcept
+	{
+		return find_first_of( basic_string_view<Tchar>(chars,chars_size) , pos ) ;
+	}
+	std::size_t find_first_of( basic_string_view<Tchar> chars , std::size_t pos = 0U ) const noexcept
+	{
+		if( empty() || pos >= m_n || chars.empty() ) return std::string::npos ;
+		const Tchar * p = m_p + pos ;
+		std::size_t n = m_n - pos ;
+		for( ; n ; p++ , n-- , pos++ )
 		{
 			const std::size_t i_end = chars.size() ;
 			for( std::size_t i = 0U ; i < i_end ; i++ )
@@ -152,11 +170,16 @@ public:
 		}
 		return std::string::npos ;
 	}
-	std::size_t find_first_not_of( basic_string_view<Tchar> chars ) const noexcept
+	std::size_t find_first_not_of( const Tchar * chars , std::size_t pos , std::size_t chars_size ) const noexcept
 	{
-		const Tchar * p = m_p ;
-		std::size_t n = m_n ;
-		for( std::size_t pos = 0U ; n ; p++ , n-- , pos++ )
+		return find_first_not_of( basic_string_view<Tchar>(chars,chars_size) , pos ) ;
+	}
+	std::size_t find_first_not_of( basic_string_view<Tchar> chars , std::size_t pos = 0U ) const noexcept
+	{
+		if( empty() || pos >= m_n || chars.empty() ) return std::string::npos ;
+		const Tchar * p = m_p + pos ;
+		std::size_t n = m_n - pos ;
+		for( ; n ; p++ , n-- , pos++ )
 		{
 			bool match = false ;
 			const std::size_t i_end = chars.size() ;
@@ -172,7 +195,7 @@ public:
 	}
 	std::basic_string<Tchar> sv_to_string_imp() const
 	{
-		return std::basic_string<Tchar>( m_p , m_n ) ;
+		return empty() ? std::basic_string<Tchar>() : std::basic_string<Tchar>( m_p , m_n ) ;
 	}
 
 private:
@@ -180,8 +203,6 @@ private:
 	std::size_t m_n{0U} ;
 } ;
 
-static_assert( G::string_view("foo",nullptr).length() == 3U , "" ) ;
-
 namespace G
 {
 	template <typename Tchar> std::basic_string<Tchar> sv_to_string( basic_string_view<Tchar> sv )
@@ -189,18 +210,38 @@ namespace G
 		// (greppable name -- remove when using c++17 std::string_view)
 		return std::basic_string<Tchar>( sv.sv_to_string_imp() ) ;
 	}
-	inline std::ostream & operator<<( std::ostream & stream , const string_view & s )
+	inline std::ostream & operator<<( std::ostream & stream , const string_view & sv )
 	{
-		return stream.write( s.data() , s.size() ) ;
+		if( !sv.empty() )
+			stream.write( sv.data() , sv.size() ) ; // NOLINT narrowing
+		return stream ;
 	}
-	inline std::wostream & operator<<( std::wostream & stream , const wstring_view & s )
+	inline std::wostream & operator<<( std::wostream & stream , const wstring_view & sv )
 	{
-		return stream.write( s.data() , s.size() ) ;
+		if( !sv.empty() )
+			stream.write( sv.data() , sv.size() ) ; // NOLINT narrowing
+		return stream ;
 	}
 	template <typename Tchar> void swap( basic_string_view<Tchar> & a , basic_string_view<Tchar> b ) noexcept
 	{
 		a.swap( b ) ;
 	}
+	inline bool operator==( const std::string & s , string_view sv )
+	{
+		return sv.empty() ? s.empty() : ( 0 == s.compare( 0 , s.size() , sv.data() , sv.size() ) ) ;
+	}
+	inline bool operator==( string_view sv , const std::string & s )
+	{
+		return sv.empty() ? s.empty() : ( 0 == s.compare( 0 , s.size() , sv.data() , sv.size() ) ) ;
+	}
+	inline bool operator!=( const std::string & s , string_view sv )
+	{
+		return !(s == sv) ;
+	}
+	inline bool operator!=( string_view sv , const std::string & s )
+	{
+		return !(sv == s) ;
+	}
 }
 
 #endif
diff --git a/src/glib/gstrmacros.h b/src/glib/gstrmacros.h
index bf9172c..23e5928 100644
--- a/src/glib/gstrmacros.h
+++ b/src/glib/gstrmacros.h
@@ -25,11 +25,19 @@
 #ifdef G_STR_IMP
 #undef G_STR_IMP
 #endif
-#define G_STR_IMP(X) #X
-
 #ifdef G_STR
 #undef G_STR
 #endif
-#define G_STR(X) G_STR_IMP(X)
+#ifdef G_STR_PASTE_IMP
+#undef G_STR_PASTE_IMP
+#endif
+#ifdef G_STR_PASTE
+#undef G_STR_PASTE
+#endif
+
+#define G_STR_IMP(a) #a
+#define G_STR(a) G_STR_IMP(a)
+#define G_STR_PASTE_IMP(a,b) a##b
+#define G_STR_PASTE(a,b) G_STR_PASTE_IMP(a,b)
 
 #endif
diff --git a/src/glib/gtime.cpp b/src/glib/gtime.cpp
index 646207a..eb9a24a 100644
--- a/src/glib/gtime.cpp
+++ b/src/glib/gtime.cpp
@@ -31,43 +31,31 @@ G::Time::Time( int hh , int mm , int ss ) :
 {
 }
 
-G::Time::Time( const BrokenDownTime & tm )
+G::Time::Time( const BrokenDownTime & tm ) :
+	m_hh(tm.hour()) ,
+	m_mm(tm.min()) ,
+	m_ss(tm.sec())
 {
-	m_hh = tm.hour() ;
-	m_mm = tm.min() ;
-	m_ss = tm.sec() ;
 }
 
-G::Time::Time()
+G::Time::Time() :
+	Time(SystemTime::now().utc())
 {
-	BrokenDownTime tm = SystemTime::now().utc() ;
-	m_hh = tm.hour() ;
-	m_mm = tm.min() ;
-	m_ss = tm.sec() ;
 }
 
-G::Time::Time( SystemTime t )
+G::Time::Time( SystemTime t ) :
+	Time(t.utc())
 {
-	BrokenDownTime tm = t.utc() ;
-	m_hh = tm.hour() ;
-	m_mm = tm.min() ;
-	m_ss = tm.sec() ;
 }
 
-G::Time::Time( const LocalTime & )
+G::Time::Time( const LocalTime & ) :
+	Time(SystemTime::now().local())
 {
-	BrokenDownTime tm = SystemTime::now().local() ;
-	m_hh = tm.hour() ;
-	m_mm = tm.min() ;
-	m_ss = tm.sec() ;
 }
 
-G::Time::Time( SystemTime t , const LocalTime & )
+G::Time::Time( SystemTime t , const LocalTime & ) :
+	Time(t.local())
 {
-	BrokenDownTime tm = t.local() ;
-	m_hh = tm.hour() ;
-	m_mm = tm.min() ;
-	m_ss = tm.sec() ;
 }
 
 int G::Time::hours() const
@@ -121,9 +109,9 @@ G::Time G::Time::at( unsigned int s )
 	unsigned int hh = s / 3600U ;
 	unsigned int mm_ss = s - (hh*3600U) ;
 	return {
-		std::max(0,std::min(static_cast<int>(hh),23)) ,
-		std::max(0,std::min(static_cast<int>(mm_ss/60U),59)) ,
-		std::max(0,std::min(static_cast<int>(mm_ss%60U),59)) } ;
+		std::max(0,std::min(23,static_cast<int>(hh))) ,
+		std::max(0,std::min(59,static_cast<int>(mm_ss/60U))) ,
+		std::max(0,std::min(59,static_cast<int>(mm_ss%60U))) } ;
 }
 
 bool G::Time::operator==( const Time & other ) const
diff --git a/src/gnet/Makefile.am b/src/gnet/Makefile.am
index 57406f4..2138c86 100644
--- a/src/gnet/Makefile.am
+++ b/src/gnet/Makefile.am
@@ -17,14 +17,6 @@
 
 noinst_LIBRARIES = libgnet.a
 
-if GCONFIG_IPV6
-IP46_SOURCES = gaddress_ipv6.cpp
-EXTRA_DIST_IP46 = gaddress_ipv4.cpp
-else
-IP46_SOURCES = gaddress_ipv4.cpp
-EXTRA_DIST_IP46 = gaddress_ipv6.cpp
-endif
-
 if GCONFIG_WINDOWS
 
 AM_CPPFLAGS = -I$(top_srcdir)/src/glib -I$(top_srcdir)/src/gssl -I$(top_srcdir)/src/win32
@@ -41,7 +33,6 @@ if GCONFIG_INTERFACE_NAMES
 
 EXTRA_DIST = \
 	$(EXTRA_DIST_COMMON) \
-	$(EXTRA_DIST_IP46) \
 	ginterfaces_unix.cpp \
 	ginterfaces_none.cpp
 
@@ -53,7 +44,6 @@ else
 
 EXTRA_DIST = \
 	$(EXTRA_DIST_COMMON) \
-	$(EXTRA_DIST_IP46) \
 	ginterfaces_unix.cpp \
 	ginterfaces_common.cpp \
 	ginterfaces_win32.cpp
@@ -64,13 +54,13 @@ INTERFACES_SOURCES = \
 endif
 
 libgnet_a_SOURCES = \
-	$(IP46_SOURCES) \
 	gaddresslocal_none.cpp \
 	gaddresslocal.h \
 	gaddress4.cpp \
 	gaddress4.h \
 	gaddress6.cpp \
 	gaddress6.h \
+	gaddress.cpp \
 	gaddress.h \
 	gclient.cpp \
 	gclient.h \
@@ -215,12 +205,11 @@ EXTRA_DIST = \
 	$(EXTRA_DIST_COMMON) \
 	$(EXTRA_DIST_UDS) \
 	$(EXTRA_DIST_INTERFACES) \
-	$(EXTRA_DIST_EVENTLOOP) \
-	$(EXTRA_DIST_IP46)
+	$(EXTRA_DIST_EVENTLOOP)
 
 libgnet_a_SOURCES = \
-	$(IP46_SOURCES) \
 	$(UDS_SOURCES) \
+	gaddress.cpp \
 	gaddress.h \
 	gaddresslocal.h \
 	gaddress4.h \
diff --git a/src/gnet/Makefile.in b/src/gnet/Makefile.in
index 4c37154..d6212dd 100644
--- a/src/gnet/Makefile.in
+++ b/src/gnet/Makefile.in
@@ -110,11 +110,11 @@ am__v_AR_0 = @echo "  AR      " $@;
 am__v_AR_1 = 
 libgnet_a_AR = $(AR) $(ARFLAGS)
 libgnet_a_LIBADD =
-am__libgnet_a_SOURCES_DIST = gaddress_ipv4.cpp gaddress_ipv6.cpp \
-	gaddresslocal_none.cpp gaddresslocal_unix.cpp gaddress.h \
-	gaddresslocal.h gaddress4.h gaddress4.cpp gaddress6.h \
-	gaddress6.cpp gclient.cpp gclient.h gclientptr.cpp \
-	gclientptr.h gconnection.cpp gconnection.h gdescriptor.h \
+am__libgnet_a_SOURCES_DIST = gaddresslocal_none.cpp \
+	gaddresslocal_unix.cpp gaddress.cpp gaddress.h gaddresslocal.h \
+	gaddress4.h gaddress4.cpp gaddress6.h gaddress6.cpp \
+	gclient.cpp gclient.h gclientptr.cpp gclientptr.h \
+	gconnection.cpp gconnection.h gdescriptor.h \
 	gdescriptor_unix.cpp gdnsblock.cpp gdnsblock.h gdnsmessage.cpp \
 	gdnsmessage.h gevent.h geventhandler.cpp geventhandler.h \
 	geventhandlerlist.cpp geventhandlerlist.h \
@@ -135,20 +135,18 @@ am__libgnet_a_SOURCES_DIST = gaddress_ipv4.cpp gaddress_ipv6.cpp \
 	gtask.cpp gtask.h gtimer.cpp gtimer.h gtimerlist.cpp \
 	gtimerlist.h gdescriptor_win32.cpp geventloop_win32.cpp \
 	gfutureevent_win32.cpp gsocket_win32.cpp
-@GCONFIG_IPV6_FALSE@am__objects_1 = gaddress_ipv4.$(OBJEXT)
-@GCONFIG_IPV6_TRUE@am__objects_1 = gaddress_ipv6.$(OBJEXT)
-@GCONFIG_UDS_FALSE@@GCONFIG_WINDOWS_FALSE@am__objects_2 = gaddresslocal_none.$(OBJEXT)
-@GCONFIG_UDS_TRUE@@GCONFIG_WINDOWS_FALSE@am__objects_2 = gaddresslocal_unix.$(OBJEXT)
-@GCONFIG_EPOLL_FALSE@@GCONFIG_WINDOWS_FALSE@am__objects_3 = geventloop_select.$(OBJEXT)
-@GCONFIG_EPOLL_TRUE@@GCONFIG_WINDOWS_FALSE@am__objects_3 = geventloop_epoll.$(OBJEXT)
-@GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_FALSE@am__objects_4 = ginterfaces_none.$(OBJEXT)
-@GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@am__objects_4 = ginterfaces_none.$(OBJEXT)
-@GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_FALSE@am__objects_4 = ginterfaces_unix.$(OBJEXT) \
+@GCONFIG_UDS_FALSE@@GCONFIG_WINDOWS_FALSE@am__objects_1 = gaddresslocal_none.$(OBJEXT)
+@GCONFIG_UDS_TRUE@@GCONFIG_WINDOWS_FALSE@am__objects_1 = gaddresslocal_unix.$(OBJEXT)
+@GCONFIG_EPOLL_FALSE@@GCONFIG_WINDOWS_FALSE@am__objects_2 = geventloop_select.$(OBJEXT)
+@GCONFIG_EPOLL_TRUE@@GCONFIG_WINDOWS_FALSE@am__objects_2 = geventloop_epoll.$(OBJEXT)
+@GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_FALSE@am__objects_3 = ginterfaces_none.$(OBJEXT)
+@GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@am__objects_3 = ginterfaces_none.$(OBJEXT)
+@GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_FALSE@am__objects_3 = ginterfaces_unix.$(OBJEXT) \
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_FALSE@	ginterfaces_common.$(OBJEXT)
-@GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@am__objects_4 = ginterfaces_common.$(OBJEXT) \
+@GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@am__objects_3 = ginterfaces_common.$(OBJEXT) \
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_win32.$(OBJEXT)
 @GCONFIG_WINDOWS_FALSE@am_libgnet_a_OBJECTS = $(am__objects_1) \
-@GCONFIG_WINDOWS_FALSE@	$(am__objects_2) gaddress4.$(OBJEXT) \
+@GCONFIG_WINDOWS_FALSE@	gaddress.$(OBJEXT) gaddress4.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gaddress6.$(OBJEXT) gclient.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gclientptr.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gconnection.$(OBJEXT) \
@@ -158,12 +156,12 @@ am__libgnet_a_SOURCES_DIST = gaddress_ipv4.cpp gaddress_ipv6.cpp \
 @GCONFIG_WINDOWS_FALSE@	geventhandler.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	geventhandlerlist.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	geventloggingcontext.$(OBJEXT) \
-@GCONFIG_WINDOWS_FALSE@	geventloop.$(OBJEXT) $(am__objects_3) \
+@GCONFIG_WINDOWS_FALSE@	geventloop.$(OBJEXT) $(am__objects_2) \
 @GCONFIG_WINDOWS_FALSE@	gexceptionhandler.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gexceptionsink.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gexceptionsource.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gfutureevent_unix.$(OBJEXT) \
-@GCONFIG_WINDOWS_FALSE@	$(am__objects_4) glinebuffer.$(OBJEXT) \
+@GCONFIG_WINDOWS_FALSE@	$(am__objects_3) glinebuffer.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	glinestore.$(OBJEXT) glocal.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	glocation.$(OBJEXT) gmonitor.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gmultiserver.$(OBJEXT) \
@@ -175,10 +173,11 @@ am__libgnet_a_SOURCES_DIST = gaddress_ipv4.cpp gaddress_ipv6.cpp \
 @GCONFIG_WINDOWS_FALSE@	gsocketprotocol.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gsocks.$(OBJEXT) gtask.$(OBJEXT) \
 @GCONFIG_WINDOWS_FALSE@	gtimer.$(OBJEXT) gtimerlist.$(OBJEXT)
-@GCONFIG_WINDOWS_TRUE@am_libgnet_a_OBJECTS = $(am__objects_1) \
+@GCONFIG_WINDOWS_TRUE@am_libgnet_a_OBJECTS =  \
 @GCONFIG_WINDOWS_TRUE@	gaddresslocal_none.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gaddress4.$(OBJEXT) gaddress6.$(OBJEXT) \
-@GCONFIG_WINDOWS_TRUE@	gclient.$(OBJEXT) gclientptr.$(OBJEXT) \
+@GCONFIG_WINDOWS_TRUE@	gaddress.$(OBJEXT) gclient.$(OBJEXT) \
+@GCONFIG_WINDOWS_TRUE@	gclientptr.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gconnection.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gdescriptor_win32.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gdnsblock.$(OBJEXT) \
@@ -193,7 +192,7 @@ am__libgnet_a_SOURCES_DIST = gaddress_ipv4.cpp gaddress_ipv6.cpp \
 @GCONFIG_WINDOWS_TRUE@	gexceptionsink.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gexceptionsource.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gfutureevent_win32.$(OBJEXT) \
-@GCONFIG_WINDOWS_TRUE@	$(am__objects_4) glinebuffer.$(OBJEXT) \
+@GCONFIG_WINDOWS_TRUE@	$(am__objects_3) glinebuffer.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	glinestore.$(OBJEXT) glocal.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	glocation.$(OBJEXT) gmonitor.$(OBJEXT) \
 @GCONFIG_WINDOWS_TRUE@	gmultiserver.$(OBJEXT) \
@@ -221,9 +220,8 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/gaddress4.Po \
-	./$(DEPDIR)/gaddress6.Po ./$(DEPDIR)/gaddress_ipv4.Po \
-	./$(DEPDIR)/gaddress_ipv6.Po ./$(DEPDIR)/gaddresslocal_none.Po \
+am__depfiles_remade = ./$(DEPDIR)/gaddress.Po ./$(DEPDIR)/gaddress4.Po \
+	./$(DEPDIR)/gaddress6.Po ./$(DEPDIR)/gaddresslocal_none.Po \
 	./$(DEPDIR)/gaddresslocal_unix.Po ./$(DEPDIR)/gclient.Po \
 	./$(DEPDIR)/gclientptr.Po ./$(DEPDIR)/gconnection.Po \
 	./$(DEPDIR)/gdescriptor_unix.Po \
@@ -432,10 +430,6 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 noinst_LIBRARIES = libgnet.a
-@GCONFIG_IPV6_FALSE@IP46_SOURCES = gaddress_ipv4.cpp
-@GCONFIG_IPV6_TRUE@IP46_SOURCES = gaddress_ipv6.cpp
-@GCONFIG_IPV6_FALSE@EXTRA_DIST_IP46 = gaddress_ipv6.cpp
-@GCONFIG_IPV6_TRUE@EXTRA_DIST_IP46 = gaddress_ipv4.cpp
 @GCONFIG_WINDOWS_FALSE@AM_CPPFLAGS = -I$(top_srcdir)/src/glib -I$(top_srcdir)/src/gssl
 @GCONFIG_WINDOWS_TRUE@AM_CPPFLAGS = -I$(top_srcdir)/src/glib -I$(top_srcdir)/src/gssl -I$(top_srcdir)/src/win32
 @GCONFIG_WINDOWS_FALSE@EXTRA_DIST_COMMON = \
@@ -454,14 +448,12 @@ noinst_LIBRARIES = libgnet.a
 
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@EXTRA_DIST = \
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@	$(EXTRA_DIST_COMMON) \
-@GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@	$(EXTRA_DIST_IP46) \
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_unix.cpp \
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_common.cpp \
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_win32.cpp
 
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@EXTRA_DIST = \
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@	$(EXTRA_DIST_COMMON) \
-@GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@	$(EXTRA_DIST_IP46) \
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_unix.cpp \
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_none.cpp
 
@@ -469,8 +461,7 @@ noinst_LIBRARIES = libgnet.a
 @GCONFIG_WINDOWS_FALSE@	$(EXTRA_DIST_COMMON) \
 @GCONFIG_WINDOWS_FALSE@	$(EXTRA_DIST_UDS) \
 @GCONFIG_WINDOWS_FALSE@	$(EXTRA_DIST_INTERFACES) \
-@GCONFIG_WINDOWS_FALSE@	$(EXTRA_DIST_EVENTLOOP) \
-@GCONFIG_WINDOWS_FALSE@	$(EXTRA_DIST_IP46)
+@GCONFIG_WINDOWS_FALSE@	$(EXTRA_DIST_EVENTLOOP)
 
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_FALSE@INTERFACES_SOURCES = \
 @GCONFIG_INTERFACE_NAMES_FALSE@@GCONFIG_WINDOWS_FALSE@	ginterfaces_none.cpp
@@ -487,8 +478,8 @@ noinst_LIBRARIES = libgnet.a
 @GCONFIG_INTERFACE_NAMES_TRUE@@GCONFIG_WINDOWS_TRUE@	ginterfaces_win32.cpp
 
 @GCONFIG_WINDOWS_FALSE@libgnet_a_SOURCES = \
-@GCONFIG_WINDOWS_FALSE@	$(IP46_SOURCES) \
 @GCONFIG_WINDOWS_FALSE@	$(UDS_SOURCES) \
+@GCONFIG_WINDOWS_FALSE@	gaddress.cpp \
 @GCONFIG_WINDOWS_FALSE@	gaddress.h \
 @GCONFIG_WINDOWS_FALSE@	gaddresslocal.h \
 @GCONFIG_WINDOWS_FALSE@	gaddress4.h \
@@ -565,13 +556,13 @@ noinst_LIBRARIES = libgnet.a
 @GCONFIG_WINDOWS_FALSE@	gtimerlist.h
 
 @GCONFIG_WINDOWS_TRUE@libgnet_a_SOURCES = \
-@GCONFIG_WINDOWS_TRUE@	$(IP46_SOURCES) \
 @GCONFIG_WINDOWS_TRUE@	gaddresslocal_none.cpp \
 @GCONFIG_WINDOWS_TRUE@	gaddresslocal.h \
 @GCONFIG_WINDOWS_TRUE@	gaddress4.cpp \
 @GCONFIG_WINDOWS_TRUE@	gaddress4.h \
 @GCONFIG_WINDOWS_TRUE@	gaddress6.cpp \
 @GCONFIG_WINDOWS_TRUE@	gaddress6.h \
+@GCONFIG_WINDOWS_TRUE@	gaddress.cpp \
 @GCONFIG_WINDOWS_TRUE@	gaddress.h \
 @GCONFIG_WINDOWS_TRUE@	gclient.cpp \
 @GCONFIG_WINDOWS_TRUE@	gclient.h \
@@ -725,10 +716,9 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddress.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddress4.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddress6.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddress_ipv4.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddress_ipv6.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddresslocal_none.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gaddresslocal_unix.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gclient.Po@am__quote@ # am--include-marker
@@ -918,10 +908,9 @@ clean: clean-am
 clean-am: clean-generic clean-noinstLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/gaddress4.Po
+		-rm -f ./$(DEPDIR)/gaddress.Po
+	-rm -f ./$(DEPDIR)/gaddress4.Po
 	-rm -f ./$(DEPDIR)/gaddress6.Po
-	-rm -f ./$(DEPDIR)/gaddress_ipv4.Po
-	-rm -f ./$(DEPDIR)/gaddress_ipv6.Po
 	-rm -f ./$(DEPDIR)/gaddresslocal_none.Po
 	-rm -f ./$(DEPDIR)/gaddresslocal_unix.Po
 	-rm -f ./$(DEPDIR)/gclient.Po
@@ -1011,10 +1000,9 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/gaddress4.Po
+		-rm -f ./$(DEPDIR)/gaddress.Po
+	-rm -f ./$(DEPDIR)/gaddress4.Po
 	-rm -f ./$(DEPDIR)/gaddress6.Po
-	-rm -f ./$(DEPDIR)/gaddress_ipv4.Po
-	-rm -f ./$(DEPDIR)/gaddress_ipv6.Po
 	-rm -f ./$(DEPDIR)/gaddresslocal_none.Po
 	-rm -f ./$(DEPDIR)/gaddresslocal_unix.Po
 	-rm -f ./$(DEPDIR)/gclient.Po
diff --git a/src/gnet/gaddress_ipv6.cpp b/src/gnet/gaddress.cpp
similarity index 99%
rename from src/gnet/gaddress_ipv6.cpp
rename to src/gnet/gaddress.cpp
index f4957b9..d1f9b2d 100644
--- a/src/gnet/gaddress_ipv6.cpp
+++ b/src/gnet/gaddress.cpp
@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 // ===
 ///
-/// \file gaddress_ipv6.cpp
+/// \file gaddress.cpp
 ///
 
 #include "gdef.h"
@@ -108,7 +108,8 @@ GNet::Address::Address( const sockaddr * addr , socklen_t len , bool ipv6_scope_
 
 GNet::Address::Address( const std::string & s )
 {
-	std::string r1 , r2 ;
+	std::string r1 ;
+	std::string r2 ;
 	if( s.empty() )
 		throw Address::Error( "empty string" ) ;
 	else if( AddressLocal::af() && isFamilyLocal(s) )
@@ -123,7 +124,8 @@ GNet::Address::Address( const std::string & s )
 
 GNet::Address::Address( const std::string & s , NotLocal )
 {
-	std::string r1 , r2 ;
+	std::string r1 ;
+	std::string r2 ;
 	if( s.empty() )
 		throw Address::Error( "empty string" ) ;
 	else if( Address4::af() && Address4::validString(s,&r1) )
@@ -136,7 +138,8 @@ GNet::Address::Address( const std::string & s , NotLocal )
 
 GNet::Address::Address( const std::string & host_part , const std::string & port_part )
 {
-	std::string r1 , r2 ;
+	std::string r1 ;
+	std::string r2 ;
 	if( host_part.empty() )
 		throw Address::Error( "empty string" ) ;
 	else if( AddressLocal::af() && isFamilyLocal( host_part ) )
@@ -151,7 +154,8 @@ GNet::Address::Address( const std::string & host_part , const std::string & port
 
 GNet::Address::Address( const std::string & host_part , unsigned int port )
 {
-	std::string r1 , r2 ;
+	std::string r1 ;
+	std::string r2 ;
 	if( host_part.empty() )
 		throw Address::Error( "empty string" ) ;
 	else if( AddressLocal::af() && isFamilyLocal( host_part ) )
diff --git a/src/gnet/gaddress_ipv4.cpp b/src/gnet/gaddress_ipv4.cpp
deleted file mode 100644
index 9f8bf96..0000000
--- a/src/gnet/gaddress_ipv4.cpp
+++ /dev/null
@@ -1,421 +0,0 @@
-//
-// Copyright (C) 2001-2021 Graeme Walker <graeme_walker@users.sourceforge.net>
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-// ===
-///
-/// \file gaddress_ipv4.cpp
-///
-
-#include "gdef.h"
-#include "gaddress4.h"
-#include "gaddress.h"
-#include "gassert.h"
-#include <algorithm> // std::swap()
-#include <utility> // std::swap()
-#include <cstring>
-
-namespace GNet
-{
-	class Address6
-	{
-	} ;
-	class AddressLocal
-	{
-	} ;
-	namespace AddressImp
-	{
-		void check( GNet::Address::Family f )
-		{
-			if( !Address::supports(f) )
-				throw Address::BadFamily() ;
-		}
-	}
-}
-
-bool GNet::Address::supports( Family f )
-{
-	return f == Family::ipv4 ;
-}
-
-bool GNet::Address::supports( int af , int )
-{
-	return af == AF_INET ;
-}
-
-bool GNet::Address::supports( const Address::Domain & , int domain )
-{
-	return domain == Address4::domain() ;
-}
-
-GNet::Address GNet::Address::defaultAddress()
-{
-	return { Family::ipv4 , 0U } ;
-}
-
-GNet::Address::Address( Family f , unsigned int port ) :
-	m_ipv4(std::make_unique<Address4>(port))
-{
-	AddressImp::check( f ) ;
-}
-
-GNet::Address::Address( const AddressStorage & storage ) :
-	m_ipv4(std::make_unique<Address4>(storage.p(),storage.n()))
-{
-}
-
-GNet::Address::Address( const sockaddr * addr , socklen_t len ) :
-	m_ipv4(std::make_unique<Address4>(addr,len))
-{
-}
-
-GNet::Address::Address( const sockaddr * addr , socklen_t len , bool ) :
-	m_ipv4(std::make_unique<Address4>(addr,len))
-{
-}
-
-GNet::Address::Address( const std::string & s ) :
-	m_ipv4(std::make_unique<Address4>(s))
-{
-}
-
-GNet::Address::Address( const std::string & s , NotLocal ) :
-	m_ipv4(std::make_unique<Address4>(s))
-{
-}
-
-GNet::Address::Address( const std::string & host_part , const std::string & port_part ) :
-	m_ipv4(std::make_unique<Address4>(host_part,port_part))
-{
-}
-
-GNet::Address::Address( const std::string & s , unsigned int port ) :
-	m_ipv4(std::make_unique<Address4>(s,port))
-{
-}
-
-GNet::Address::Address( Family f , unsigned int port , int loopback_overload ) :
-	m_ipv4(std::make_unique<Address4>(port,loopback_overload))
-{
-	AddressImp::check( f ) ;
-}
-
-GNet::Address::Address( const Address & other ) :
-	m_ipv4(std::make_unique<Address4>(*other.m_ipv4))
-{
-}
-
-GNet::Address::Address( Address && other ) noexcept
-= default ;
-
-GNet::Address::~Address()
-= default;
-
-void GNet::Address::swap( Address & other ) noexcept
-{
-	using std::swap ;
-	swap( m_ipv4 , other.m_ipv4 ) ;
-}
-
-GNet::Address & GNet::Address::operator=( const Address & other )
-{
-	Address(other).swap( *this ) ;
-	return *this ;
-}
-
-GNet::Address & GNet::Address::operator=( Address && other ) noexcept
-= default ;
-
-GNet::Address GNet::Address::parse( const std::string & s )
-{
-	return Address( s ) ;
-}
-
-GNet::Address GNet::Address::parse( const std::string & s , Address::NotLocal not_local )
-{
-	return { s , not_local } ;
-}
-
-GNet::Address GNet::Address::parse( const std::string & host_part , unsigned int port )
-{
-	return { host_part , port } ;
-}
-
-GNet::Address GNet::Address::parse( const std::string & host_part , const std::string & port_part )
-{
-	return { host_part , port_part } ;
-}
-
-bool GNet::Address::isFamilyLocal( const std::string & )
-{
-	return false ;
-}
-
-GNet::Address GNet::Address::loopback( Family f , unsigned int port )
-{
-	return Address( f , port , 1 ) ;
-}
-
-GNet::Address & GNet::Address::setPort( unsigned int port )
-{
-	m_ipv4->setPort( port ) ;
-	return *this ;
-}
-
-GNet::Address & GNet::Address::setScopeId( unsigned long )
-{
-	return *this ; // not relevant for ipv4
-}
-
-bool GNet::Address::setZone( const std::string & )
-{
-	return true ; // not relevant for ipv4
-}
-
-unsigned int GNet::Address::bits() const
-{
-	return m_ipv4->bits() ;
-}
-
-bool GNet::Address::isLoopback() const
-{
-	return m_ipv4->isLoopback() ;
-}
-
-bool GNet::Address::isLocal( std::string & reason ) const
-{
-	return m_ipv4->isLocal( reason ) ;
-}
-
-bool GNet::Address::isLinkLocal() const
-{
-	return m_ipv4->isLinkLocal() ;
-}
-
-bool GNet::Address::isUniqueLocal() const
-{
-	return m_ipv4->isUniqueLocal() ;
-}
-
-bool GNet::Address::isAny() const
-{
-	return m_ipv4->isAny() ;
-}
-
-bool GNet::Address::is4() const
-{
-	return true ;
-}
-
-bool GNet::Address::is6() const
-{
-	return false ;
-}
-
-bool GNet::Address::same( const Address & other , bool ) const
-{
-	return m_ipv4->same( *other.m_ipv4 ) ;
-}
-
-bool GNet::Address::operator==( const Address & other ) const
-{
-	return m_ipv4->same( *other.m_ipv4 ) ;
-}
-
-bool GNet::Address::operator!=( const Address & other ) const
-{
-	return !( *this == other ) ;
-}
-
-bool GNet::Address::sameHostPart( const Address & other ) const
-{
-	return m_ipv4->sameHostPart(*other.m_ipv4) ;
-}
-
-std::string GNet::Address::displayString( bool ) const
-{
-	return m_ipv4->displayString() ;
-}
-
-std::string GNet::Address::hostPartString( bool ) const
-{
-	return m_ipv4->hostPartString() ;
-}
-
-std::string GNet::Address::queryString() const
-{
-	return m_ipv4->queryString() ;
-}
-
-bool GNet::Address::validString( const std::string & s , std::string * reason_p )
-{
-	return Address4::validString( s , reason_p ) ;
-}
-
-bool GNet::Address::validString( const std::string & s , NotLocal , std::string * reason_p )
-{
-	return Address4::validString( s , reason_p ) ;
-}
-
-bool GNet::Address::validStrings( const std::string & s1 , const std::string & s2 , std::string * reason_p )
-{
-	return Address4::validStrings( s1 , s2 , reason_p ) ;
-}
-
-sockaddr * GNet::Address::address()
-{
-	return m_ipv4->address() ;
-}
-
-const sockaddr * GNet::Address::address() const
-{
-	return m_ipv4->address() ;
-}
-
-socklen_t GNet::Address::length() const
-{
-	return Address4::length() ;
-}
-
-unsigned int GNet::Address::port() const
-{
-	return m_ipv4->port() ;
-}
-
-unsigned long GNet::Address::scopeId( unsigned long default_ ) const
-{
-	return default_ ;
-}
-
-bool GNet::Address::validPort( unsigned int port )
-{
-	return Address4::validPort( port ) ;
-}
-
-bool GNet::Address::validData( const sockaddr * addr , socklen_t len )
-{
-	return Address4::validData( addr , len ) ;
-}
-
-int GNet::Address::domain( Family family )
-{
-	return family == Family::ipv4 ? Address4::domain() : 0 ;
-}
-
-GNet::Address::Family GNet::Address::family() const
-{
-	return Family::ipv4 ;
-}
-
-int GNet::Address::af() const
-{
-	return AF_INET ;
-}
-
-G::StringArray GNet::Address::wildcards() const
-{
-	return m_ipv4->wildcards() ;
-}
-
-// ==
-
-//| \class GNet::AddressStorageImp
-/// A pimple-pattern implementation class used by GNet::AddressStorage.
-///
-class GNet::AddressStorageImp
-{
-public:
-	sockaddr_storage u ;
-	socklen_t n ;
-} ;
-
-// ==
-
-GNet::AddressStorage::AddressStorage() :
-	m_imp(std::make_unique<AddressStorageImp>())
-{
-	static_assert( sizeof(Address4::sockaddr_type) <= sizeof(sockaddr_storage) , "" ) ;
-	static_assert( alignof(Address4::sockaddr_type) <= alignof(sockaddr_storage) , "" ) ;
-	m_imp->n = sizeof( sockaddr_storage ) ;
-}
-
-GNet::AddressStorage::~AddressStorage()
-= default;
-
-sockaddr * GNet::AddressStorage::p1()
-{
-	return reinterpret_cast<sockaddr*>(&(m_imp->u)) ;
-}
-
-socklen_t * GNet::AddressStorage::p2()
-{
-	return &m_imp->n ;
-}
-
-const sockaddr * GNet::AddressStorage::p() const
-{
-	return reinterpret_cast<const sockaddr*>(&(m_imp->u)) ;
-}
-
-socklen_t GNet::AddressStorage::n() const
-{
-	return m_imp->n ;
-}
-
-// ==
-
-#if ! GCONFIG_HAVE_INET_PTON
-// fallback implementation for inet_pton() -- see gdef.h
-int GNet::inet_pton_imp( int f , const char * p , void * result )
-{
-	if( p == nullptr || result == nullptr )
-	{
-		return 0 ; // just in case
-	}
-	else if( f == AF_INET )
-	{
-		sockaddr_in sa {} ;
-		sa.sin_family = AF_INET ;
-		sa.sin_addr.s_addr = inet_addr( p ) ;
-		std::memcpy( result , &sa.sin_addr , sizeof(sa.sin_addr) ) ;
-		return 1 ;
-	}
-	else
-	{
-		return -1 ;
-	}
-}
-#endif
-
-#if ! GCONFIG_HAVE_INET_NTOP
-// fallback implementation for inet_ntop() -- see gdef.h
-const char * GNet::inet_ntop_imp( int f , void * ap , char * buffer , std::size_t n )
-{
-	if( f == AF_INET )
-	{
-		std::ostringstream ss ;
-		struct in_addr a ;
-		std::memcpy( &a , ap , sizeof(a) ) ;
-		ss << inet_ntoa( a ) ; // ignore warnings - this is not used if inet_ntop is available
-		if( n <= ss.str().length() ) return nullptr ;
-		std::strncpy( buffer , ss.str().c_str() , n ) ;
-		return buffer ;
-	}
-	else
-	{
-		return nullptr ;
-	}
-}
-#endif
-
diff --git a/src/gnet/gdnsmessage.cpp b/src/gnet/gdnsmessage.cpp
index 827c532..4d1979d 100644
--- a/src/gnet/gdnsmessage.cpp
+++ b/src/gnet/gdnsmessage.cpp
@@ -27,6 +27,7 @@
 #include <vector>
 #include <iomanip>
 #include <sstream>
+#include <stdexcept>
 
 GNet::DnsMessageRequest::DnsMessageRequest( const std::string & type , const std::string & hostname , unsigned int id )
 {
@@ -224,10 +225,14 @@ GNet::DnsMessage GNet::DnsMessage::rejection( const DnsMessage & message , unsig
 
 void GNet::DnsMessage::reject( unsigned int rcode )
 {
-	m_buffer.at(2U) |= 0x80 ; // QR
-	m_buffer.at(3U) &= 0xf0 ; m_buffer.at(3U) |= ( rcode & 0x0f ) ; // RCODE
-	m_buffer.at(6U) = 0U ; m_buffer.at(7U) = 0U ; // ANCOUNT
-	m_buffer.at(8U) = 0U ; m_buffer.at(9U) = 0U ; // NSCOUNT
+	if( m_buffer.size() < 10U )
+		throw std::out_of_range( "dns message buffer too small" ) ;
+
+	unsigned char * buffer = reinterpret_cast<unsigned char*>(&m_buffer[0]) ;
+	buffer[2U] |= 0x80U ; // QR
+	buffer[3U] &= 0xf0U ; buffer[3U] |= ( rcode & 0x0fU ) ; // RCODE
+	buffer[6U] = 0U ; buffer[7U] = 0U ; // ANCOUNT
+	buffer[8U] = 0U ; buffer[9U] = 0U ; // NSCOUNT
 
 	// chop off RRs
 	unsigned int new_size = 12U ; // HEADER size
@@ -266,7 +271,8 @@ GNet::Address GNet::DnsMessage::rrAddress( unsigned int record_index ) const
 
 // ==
 
-GNet::DnsMessageQuestion::DnsMessageQuestion( const DnsMessage & msg , unsigned int offset )
+GNet::DnsMessageQuestion::DnsMessageQuestion( const DnsMessage & msg , unsigned int offset ) :
+	m_size(0U)
 {
 	m_qname = DnsMessageNameParser::read( msg , offset ) ;
 	m_size = DnsMessageNameParser::size( msg , offset ) + 2U + 2U ; // QNAME + QTYPE + QCLASS
@@ -341,6 +347,7 @@ GNet::DnsMessageRR::DnsMessageRR( const DnsMessage & msg , unsigned int offset )
 	m_offset(offset) ,
 	m_size(0U) ,
 	m_type(0U) ,
+	m_class(0U) ,
 	m_rdata_offset(0U) ,
 	m_rdata_size(0U)
 {
diff --git a/src/gnet/ginterfaces_common.cpp b/src/gnet/ginterfaces_common.cpp
index b0ebfb3..b85b717 100644
--- a/src/gnet/ginterfaces_common.cpp
+++ b/src/gnet/ginterfaces_common.cpp
@@ -103,7 +103,7 @@ std::vector<GNet::Address> GNet::Interfaces::addresses( const G::StringArray & n
 	AddressList result ;
 	for( const auto & name : names )
 	{
-		if( Address::validStrings(name,G::Str::fromUInt(port)) )
+		if( Address::validStrings( name , G::Str::fromUInt(port) ) )
 		{
 			result.push_back( Address::parse(name,port) ) ;
 		}
diff --git a/src/gnet/ginterfaces_none.cpp b/src/gnet/ginterfaces_none.cpp
index 67fac4b..4785025 100644
--- a/src/gnet/ginterfaces_none.cpp
+++ b/src/gnet/ginterfaces_none.cpp
@@ -20,6 +20,7 @@
 
 #include "gdef.h"
 #include "ginterfaces.h"
+#include "gstr.h"
 
 GNet::Interfaces::Interfaces()
 = default;
diff --git a/src/gnet/glinebuffer.cpp b/src/gnet/glinebuffer.cpp
index 4147c41..f74689b 100644
--- a/src/gnet/glinebuffer.cpp
+++ b/src/gnet/glinebuffer.cpp
@@ -44,12 +44,7 @@ void GNet::LineBuffer::clear()
 	if( !transparent() )
 		m_expect = 0U ;
 
-	G_ASSERT( m_in.empty() && empty() ) ;
-}
-
-bool GNet::LineBuffer::empty() const
-{
-	return state().empty() ;
+	G_ASSERT( m_in.empty() && state().empty() ) ;
 }
 
 void GNet::LineBuffer::add( const char * data , std::size_t size )
@@ -244,8 +239,8 @@ GNet::LineBufferConfig::LineBufferConfig( const std::string & eol , std::size_t
 
 GNet::LineBufferConfig GNet::LineBufferConfig::transparent()
 {
-	const std::size_t inf = ~(std::size_t(0)) ;
-	//G_ASSERT( (inf+1U) == 0U ) ;
+	static constexpr std::size_t inf = ~(std::size_t(0)) ;
+	static_assert( (inf+1U) == 0U , "" ) ;
 	return LineBufferConfig( std::string(1U,'\n') , 0U , 0U , inf ) ;
 }
 
diff --git a/src/gnet/glinebuffer.h b/src/gnet/glinebuffer.h
index 641c552..0b6db59 100644
--- a/src/gnet/glinebuffer.h
+++ b/src/gnet/glinebuffer.h
@@ -188,9 +188,6 @@ public:
 		///< line ending.
 		///< Precondition: more()
 
-	bool empty() const ;
-		///< Returns state().empty().
-
 	std::size_t eolsize() const ;
 		///< Returns the size of line-ending associated with the
 		///< current data(). This will be zero for a fixed-size
diff --git a/src/gnet/glinestore.cpp b/src/gnet/glinestore.cpp
index c6d7e5c..d4309ff 100644
--- a/src/gnet/glinestore.cpp
+++ b/src/gnet/glinestore.cpp
@@ -336,7 +336,7 @@ std::size_t GNet::LineStore::find( const std::string & s , std::size_t startpos
 std::size_t GNet::LineStore::search( std::string::const_iterator begin , std::string::const_iterator end ,
 	std::size_t startpos ) const
 {
-	return std::search( LineStoreIterator(*this)+startpos , LineStoreIterator(*this,true) , begin , end ).pos() ;
+	return std::search( LineStoreIterator(*this)+startpos , LineStoreIterator(*this,true) , begin , end ).pos() ; // NOLINT narrowing
 }
 
 std::size_t GNet::LineStore::findSubStringAtEnd( const std::string & s , std::size_t startpos ) const
@@ -359,7 +359,7 @@ std::size_t GNet::LineStore::findSubStringAtEnd( const std::string & s , std::si
 			{
 				// compare leading substring with the end of the store
 				const LineStoreIterator end( *this , true ) ;
-				LineStoreIterator p = end - s_size ;
+				LineStoreIterator p = end - s_size ; // NOLINT narrowing
 				if( imp::std_equal(s_start,s_end,p,end) )
 				{
 					result = p.pos() ;
diff --git a/src/gnet/glocal.cpp b/src/gnet/glocal.cpp
index dfc7b96..b7b1a60 100644
--- a/src/gnet/glocal.cpp
+++ b/src/gnet/glocal.cpp
@@ -22,7 +22,6 @@
 #include "glocal.h"
 #include "ghostname.h"
 #include "gresolver.h"
-#include "ginterfaces.h"
 #include "glog.h"
 #include <sstream>
 
diff --git a/src/gnet/gmultiserver.cpp b/src/gnet/gmultiserver.cpp
index 4ed785e..7e0f356 100644
--- a/src/gnet/gmultiserver.cpp
+++ b/src/gnet/gmultiserver.cpp
@@ -44,8 +44,8 @@ GNet::MultiServer::MultiServer( ExceptionSink es , const G::StringArray & interf
 	m_interfaces.erase( std::unique(m_interfaces.begin(),m_interfaces.end()) , m_interfaces.end() ) ;
 
 	// build a listening address list from explicit addresses and/or interface names
-	G::StringArray empty_names ; // interface names having no addresses
 	G::StringArray used_names ; // interface names having one or more addresses
+	G::StringArray empty_names ; // interface names having no addresses
 	G::StringArray bad_names ; // non-address non-interface names
 	AddressList address_list = addresses( port , used_names , empty_names , bad_names ) ;
 
diff --git a/src/gnet/gresolverfuture.cpp b/src/gnet/gresolverfuture.cpp
index 991dab1..98c7a84 100644
--- a/src/gnet/gresolverfuture.cpp
+++ b/src/gnet/gresolverfuture.cpp
@@ -29,7 +29,7 @@
 
 GNet::ResolverFuture::ResolverFuture( const std::string & host , const std::string & service , int family ,
 	bool dgram , bool for_async_hint ) :
-		m_numeric_service(false) ,
+		m_numeric_service(!service.empty() && G::Str::isNumeric(service)) ,
 		m_socktype(dgram?SOCK_DGRAM:SOCK_STREAM) ,
 		m_host(host) ,
 		m_host_p(m_host.c_str()) ,
@@ -40,9 +40,8 @@ GNet::ResolverFuture::ResolverFuture( const std::string & host , const std::stri
 		m_rc(0) ,
 		m_ai(nullptr)
 {
-	m_numeric_service = !service.empty() && G::Str::isNumeric(service) ;
 	std::memset( &m_ai_hint , 0 , sizeof(m_ai_hint) ) ;
-	m_ai_hint.ai_flags = AI_CANONNAME |
+	m_ai_hint.ai_flags = AI_CANONNAME | // NOLINT
 		( family == AF_UNSPEC ? AI_ADDRCONFIG : 0 ) |
 		( m_numeric_service ? AI_NUMERICSERV : 0 ) ;
 	m_ai_hint.ai_family = family ;
diff --git a/src/gnet/gsocket.cpp b/src/gnet/gsocket.cpp
index 74386df..4825145 100644
--- a/src/gnet/gsocket.cpp
+++ b/src/gnet/gsocket.cpp
@@ -31,7 +31,7 @@ namespace GNet
 {
 	namespace StreamSocketImp /// An implementation namespace for G::StreamSocket.
 	{
-		struct Options /// StreamSocket options
+		struct Options /// StreamSocket options.
 		{
 			enum class Linger { default_ , zero , nolinger } ;
 			Linger create_linger {Linger::nolinger} ;
@@ -42,7 +42,7 @@ namespace GNet
 	}
 	namespace SocketImp /// An implementation namespace for G::Socket.
 	{
-		struct Options /// Socket options
+		struct Options /// Socket options.
 		{
 			bool connect_pureipv6 {true} ;
 			bool bind_pureipv6 {true} ;
diff --git a/src/gnet/gsocketprotocol.cpp b/src/gnet/gsocketprotocol.cpp
index 295fb08..664dd90 100644
--- a/src/gnet/gsocketprotocol.cpp
+++ b/src/gnet/gsocketprotocol.cpp
@@ -32,6 +32,7 @@
 #include "glog.h"
 #include <memory>
 #include <numeric>
+#include <algorithm>
 
 //| \class GNet::SocketProtocolImp
 /// A pimple-pattern implementation class used by GNet::SocketProtocol.
@@ -165,9 +166,7 @@ GNet::SocketProtocolImp::~SocketProtocolImp()
 
 void GNet::SocketProtocolImp::setReadBufferSize( std::size_t n )
 {
-	m_read_buffer_size = n ;
-	if( m_read_buffer_size == 0U )
-		m_read_buffer_size = 1U ;
+	m_read_buffer_size = std::max( std::size_t(1U) , n ) ;
 }
 
 void GNet::SocketProtocolImp::onSecureConnectionTimeout()
diff --git a/src/gnet/gsocks.cpp b/src/gnet/gsocks.cpp
index 58eadf0..e3dc89f 100644
--- a/src/gnet/gsocks.cpp
+++ b/src/gnet/gsocks.cpp
@@ -30,7 +30,7 @@ GNet::Socks::Socks( const Location & location ) :
 	if( location.socks() )
 	{
 		unsigned int far_port = location.socksFarPort() ;
-		if( !Address::validPort(far_port) )
+		if( !Address::validPort(far_port) || far_port > 0xffffU )
 			throw SocksError( "invalid port" ) ;
 
 		m_request = buildPdu( location.socksFarHost() , far_port ) ;
diff --git a/src/gnet/gtimerlist.cpp b/src/gnet/gtimerlist.cpp
index fdf2db7..3b62b6f 100644
--- a/src/gnet/gtimerlist.cpp
+++ b/src/gnet/gtimerlist.cpp
@@ -138,11 +138,10 @@ const GNet::TimerBase * GNet::TimerList::findSoonest() const
 {
 	G_ASSERT( !m_locked ) ;
 	TimerBase * result = nullptr ;
-	auto end = m_list.cend() ;
-	for( auto p = m_list.cbegin() ; p != end ; ++p )
+	for( const auto & t : m_list )
 	{
-		if( (*p).m_timer != nullptr && (*p).m_timer->active() && ( result == nullptr || (*p).m_timer->t() < result->t() ) )
-			result = (*p).m_timer ;
+		if( t.m_timer != nullptr && t.m_timer->active() && ( result == nullptr || t.m_timer->t() < result->t() ) )
+			result = t.m_timer ;
 	}
 	return result ;
 }
diff --git a/src/gpop/gpopserverprotocol.cpp b/src/gpop/gpopserverprotocol.cpp
index 08bbe57..1820e8b 100644
--- a/src/gpop/gpopserverprotocol.cpp
+++ b/src/gpop/gpopserverprotocol.cpp
@@ -179,7 +179,7 @@ bool GPop::ServerProtocol::sendContentLine( std::string & line , bool & stop )
 
 	// read the line of text
 	line.erase( 1U ) ; // leave "."
-	G::Str::readLineFrom( *(m_content.get()) , crlf() , line , false/*erase*/ ) ;
+	G::Str::readLineFrom( *m_content , crlf() , line , false/*erase*/ ) ;
 
 	// add crlf and choose an offset
 	bool eof = m_content->fail() || m_content->bad() ;
diff --git a/src/gsmtp/gadminserver.cpp b/src/gsmtp/gadminserver.cpp
index 93155a1..c3c0cbf 100644
--- a/src/gsmtp/gadminserver.cpp
+++ b/src/gsmtp/gadminserver.cpp
@@ -222,7 +222,7 @@ void GSmtp::AdminServerPeer::flush()
 	else
 	{
 		m_client_ptr.reset( std::make_unique<GSmtp::Client>( GNet::ExceptionSink(m_client_ptr,m_es.esrc()) ,
-			GNet::Location(m_remote_address) , m_server.clientSecrets() , m_server.clientConfig() ) ) ;
+			m_server.ff() , GNet::Location(m_remote_address) , m_server.clientSecrets() , m_server.clientConfig() ) ) ;
 
 		m_client_ptr->sendMessagesFrom( m_server.store() ) ; // once connected
 		// no sendLine() -- sends "OK" or "error:" when complete -- see AdminServerPeer::clientDone()
@@ -317,7 +317,7 @@ void GSmtp::AdminServerPeer::sendList( std::shared_ptr<MessageStore::Iterator> i
 		std::unique_ptr<StoredMessage> message( ++iter ) ;
 		if( message == nullptr ) break ;
 		if( !first ) ss << eol() ;
-		ss << message->name() ;
+		ss << message->id().str() ;
 	}
 
 	std::string result = ss.str() ;
@@ -340,9 +340,9 @@ bool GSmtp::AdminServerPeer::notifying() const
 // ===
 
 GSmtp::AdminServer::AdminServer( GNet::ExceptionSink es , MessageStore & store ,
-	G::Slot::Signal<const std::string&> & forward_request ,
+	FilterFactory & ff , G::Slot::Signal<const std::string&> & forward_request ,
 	const GNet::ServerPeerConfig & server_peer_config , const GNet::ServerConfig & server_config ,
-	const GSmtp::Client::Config & client_config , const GAuth::Secrets & client_secrets ,
+	const GSmtp::Client::Config & client_config , const GAuth::SaslClientSecrets & client_secrets ,
 	const G::StringArray & interfaces , unsigned int port , bool allow_remote ,
 	const std::string & remote_address , unsigned int connection_timeout ,
 	const G::StringMap & info_commands , const G::StringMap & config_commands ,
@@ -350,6 +350,7 @@ GSmtp::AdminServer::AdminServer( GNet::ExceptionSink es , MessageStore & store ,
 		GNet::MultiServer(es,interfaces,port,"admin",server_peer_config,server_config) ,
 		m_forward_timer(*this,&AdminServer::onForwardTimeout,es) ,
 		m_store(store) ,
+		m_ff(ff) ,
 		m_forward_request(forward_request) ,
 		m_client_config(client_config) ,
 		m_client_secrets(client_secrets) ,
@@ -436,7 +437,12 @@ GSmtp::MessageStore & GSmtp::AdminServer::store()
 	return m_store ;
 }
 
-const GAuth::Secrets & GSmtp::AdminServer::clientSecrets() const
+GSmtp::FilterFactory & GSmtp::AdminServer::ff()
+{
+	return m_ff ;
+}
+
+const GAuth::SaslClientSecrets & GSmtp::AdminServer::clientSecrets() const
 {
 	return m_client_secrets ;
 }
diff --git a/src/gsmtp/gadminserver.h b/src/gsmtp/gadminserver.h
index 2774d69..4afe861 100644
--- a/src/gsmtp/gadminserver.h
+++ b/src/gsmtp/gadminserver.h
@@ -119,10 +119,10 @@ private:
 class GSmtp::AdminServer : public GNet::MultiServer
 {
 public:
-	AdminServer( GNet::ExceptionSink , MessageStore & store ,
+	AdminServer( GNet::ExceptionSink , MessageStore & store , FilterFactory & ff ,
 		G::Slot::Signal<const std::string&> & forward_request ,
 		const GNet::ServerPeerConfig & server_peer_config , const GNet::ServerConfig & server_config ,
-		const GSmtp::Client::Config & client_config , const GAuth::Secrets & client_secrets ,
+		const GSmtp::Client::Config & client_config , const GAuth::SaslClientSecrets & client_secrets ,
 		const G::StringArray & interfaces , unsigned int port , bool allow_remote ,
 		const std::string & remote_address , unsigned int connection_timeout ,
 		const G::StringMap & info_commands , const G::StringMap & config_commands ,
@@ -139,7 +139,11 @@ public:
 		///< Returns a reference to the message store, as
 		///< passed in to the constructor.
 
-	const GAuth::Secrets & clientSecrets() const ;
+	FilterFactory & ff() ;
+		///< Returns a reference to the filter factory, as
+		///< passed in to the constructor.
+
+	const GAuth::SaslClientSecrets & clientSecrets() const ;
 		///< Returns a reference to the client secrets object, as passed
 		///< in to the constructor. This is a client-side secrets file,
 		///< used to authenticate ourselves with a remote server.
@@ -178,9 +182,10 @@ private:
 private:
 	GNet::Timer<AdminServer> m_forward_timer ;
 	MessageStore & m_store ;
+	FilterFactory & m_ff ;
 	G::Slot::Signal<const std::string&> & m_forward_request ;
 	GSmtp::Client::Config m_client_config ;
-	const GAuth::Secrets & m_client_secrets ;
+	const GAuth::SaslClientSecrets & m_client_secrets ;
 	bool m_allow_remote ;
 	std::string m_remote_address ;
 	unsigned int m_connection_timeout ;
diff --git a/src/gsmtp/genvelope.cpp b/src/gsmtp/genvelope.cpp
index 71f2894..9f11e80 100644
--- a/src/gsmtp/genvelope.cpp
+++ b/src/gsmtp/genvelope.cpp
@@ -247,7 +247,7 @@ std::string GSmtp::EnvelopeImp::readValue( std::istream & stream , const std::st
 	// RFC-2822 unfolding
 	for(;;)
 	{
-		char c = stream.peek() ;
+		int c = stream.peek() ;
 		if( c == ' ' || c == '\t' )
 		{
 			std::string next_line = readLine( stream ) ;
diff --git a/src/gsmtp/gexecutablefilter.cpp b/src/gsmtp/gexecutablefilter.cpp
index 27ecadc..960cadc 100644
--- a/src/gsmtp/gexecutablefilter.cpp
+++ b/src/gsmtp/gexecutablefilter.cpp
@@ -29,12 +29,15 @@
 #include "gassert.h"
 #include <tuple>
 
-GSmtp::ExecutableFilter::ExecutableFilter( GNet::ExceptionSink es ,
-	bool server_side , const std::string & path ) :
+GSmtp::ExecutableFilter::ExecutableFilter( GNet::ExceptionSink es , FileStore & file_store ,
+	bool server_side , const std::string & path , unsigned int timeout ) :
+		m_file_store(file_store) ,
 		m_server_side(server_side) ,
 		m_prefix(server_side?"filter":"client filter") ,
 		m_exit(0,server_side) ,
 		m_path(path) ,
+		m_timeout(timeout) ,
+		m_timer(*this,&ExecutableFilter::onTimeout,es) ,
 		m_task(*this,es,"<<filter exec error: __strerror__>>",G::Root::nobody())
 {
 }
@@ -75,24 +78,38 @@ std::string GSmtp::ExecutableFilter::reason() const
 		return m_reason ;
 }
 
-void GSmtp::ExecutableFilter::start( const std::string & location )
+void GSmtp::ExecutableFilter::start( const MessageId & message_id )
 {
-	// run the program
+	G::Path cpath = m_file_store.contentPath( message_id ) ;
+	G::Path epath = m_file_store.envelopePath( message_id , m_server_side ? ".new" : ".busy" ) ;
+
 	G::StringArray args ;
-	G::Path content_path( location ) ;
-	args.push_back( G::Path(content_path).str() ) ;
-	if( content_path.extension() == "content" )
-	{
-		G::Path envelope_path( content_path.withExtension("envelope") ) ;
-		args.push_back( G::Path(envelope_path).str() + (m_server_side?".new":".busy") ) ;
-	}
+	args.push_back( cpath.str() ) ;
+	args.push_back( epath.str() ) ;
+
 	G::ExecutableCommand commandline( m_path.str() , args ) ;
 	G_LOG( "GSmtp::ExecutableFilter::start: " << m_prefix << ": running " << commandline.displayString() ) ;
 	m_task.start( commandline ) ;
+
+	if( m_timeout )
+		m_timer.startTimer( m_timeout ) ;
+}
+
+void GSmtp::ExecutableFilter::onTimeout()
+{
+	G_WARNING( "GSmtp::ExecutableFilter::onTimeout: " << m_prefix << " timed out after " << m_timeout << "s" ) ;
+	m_task.stop() ;
+	m_exit = Exit( 1 , m_server_side ) ;
+	G_ASSERT( m_exit.fail() && !special() && !abandoned() ) ;
+	m_response = "error" ;
+	m_reason = "timeout" ;
+	m_done_signal.emit( static_cast<int>(m_exit.result) ) ;
 }
 
 void GSmtp::ExecutableFilter::onTaskDone( int exit_code , const std::string & output )
 {
+	m_timer.cancelTimer() ;
+
 	// search the output for diagnostics
 	std::tie(m_response,m_reason) = parseOutput( output , "rejected" ) ;
 	if( m_response.find("filter exec error") == 0U ) // see ctor
@@ -161,6 +178,7 @@ G::Slot::Signal<int> & GSmtp::ExecutableFilter::doneSignal()
 
 void GSmtp::ExecutableFilter::cancel()
 {
+	m_timer.cancelTimer() ;
 	m_task.stop() ;
 }
 
diff --git a/src/gsmtp/gexecutablefilter.h b/src/gsmtp/gexecutablefilter.h
index 9201933..68a2ab4 100644
--- a/src/gsmtp/gexecutablefilter.h
+++ b/src/gsmtp/gexecutablefilter.h
@@ -24,8 +24,10 @@
 #include "gdef.h"
 #include "gpath.h"
 #include "gfilter.h"
+#include "gfilestore.h"
 #include "geventhandler.h"
 #include "gfutureevent.h"
+#include "gtimer.h"
 #include "gtask.h"
 #include <utility>
 
@@ -40,8 +42,9 @@ namespace GSmtp
 class GSmtp::ExecutableFilter : public Filter, private GNet::TaskCallback
 {
 public:
-	ExecutableFilter( GNet::ExceptionSink , bool server_side , const std::string & ) ;
-		///< Constructor.
+	ExecutableFilter( GNet::ExceptionSink , FileStore & , bool server_side ,
+		const std::string & path , unsigned int timeout ) ;
+			///< Constructor.
 
 	~ExecutableFilter() override ;
 		///< Destructor.
@@ -50,7 +53,7 @@ private: // overrides
 	std::string id() const override ; // Override from from GSmtp::Filter.
 	bool simple() const override ; // Override from from GSmtp::Filter.
 	G::Slot::Signal<int> & doneSignal() override ; // Override from from GSmtp::Filter.
-	void start( const std::string & path ) override ; // Override from from GSmtp::Filter.
+	void start( const MessageId & ) override ; // Override from from GSmtp::Filter.
 	void cancel() override ; // Override from from GSmtp::Filter.
 	bool abandoned() const override ; // Override from from GSmtp::Filter.
 	std::string response() const override ; // Override from from GSmtp::Filter.
@@ -66,13 +69,17 @@ public:
 
 private:
 	std::pair<std::string,std::string> parseOutput( std::string , const std::string & ) const ;
+	void onTimeout() ;
 
 private:
+	FileStore & m_file_store ;
 	G::Slot::Signal<int> m_done_signal ;
 	bool m_server_side ;
 	std::string m_prefix ;
 	Exit m_exit ;
 	G::Path m_path ;
+	unsigned int m_timeout ;
+	GNet::Timer<ExecutableFilter> m_timer ;
 	std::string m_response ;
 	std::string m_reason ;
 	GNet::Task m_task ;
diff --git a/src/gsmtp/gexecutableverifier.cpp b/src/gsmtp/gexecutableverifier.cpp
index cd8c8c6..7e59a34 100644
--- a/src/gsmtp/gexecutableverifier.cpp
+++ b/src/gsmtp/gexecutableverifier.cpp
@@ -56,53 +56,58 @@ void GSmtp::ExecutableVerifier::verify( const std::string & to_address ,
 	m_task.start( commandline ) ;
 }
 
-void GSmtp::ExecutableVerifier::onTaskDone( int exit_code , const std::string & response_in )
+void GSmtp::ExecutableVerifier::onTaskDone( int exit_code , const std::string & result_in )
 {
-	std::string response( response_in ) ;
-	G::Str::trimRight( response , {" \n\t",3U} ) ;
-	G::Str::replaceAll( response , "\r\n" , "\n" ) ;
-	G::Str::replaceAll( response , "\r" , "" ) ;
+	std::string result( result_in ) ;
+	G::Str::trimRight( result , {" \n\t",3U} ) ;
+	G::Str::replaceAll( result , "\r\n" , "\n" ) ;
+	G::Str::replaceAll( result , "\r" , "" ) ;
 
-	G::StringArray response_parts ;
-	response_parts.reserve( 2U ) ;
-	G::Str::splitIntoFields( response , response_parts , "\n" ) ;
-	std::size_t parts = response_parts.size() ;
-	response_parts.resize( 2U ) ;
+	G::StringArray result_parts ;
+	result_parts.reserve( 2U ) ;
+	G::Str::splitIntoFields( result , result_parts , {"\n",1U} ) ;
+	std::size_t parts = result_parts.size() ;
+	result_parts.resize( 2U ) ;
 
 	G_LOG( "GSmtp::ExecutableVerifier: address verifier: exit code " << exit_code << ": "
-		<< "[" << G::Str::printable(response_parts[0]) << "] [" << G::Str::printable(response_parts[1]) << "]" ) ;
+		<< "[" << G::Str::printable(result_parts[0]) << "] [" << G::Str::printable(result_parts[1]) << "]" ) ;
 
-	VerifierStatus status ;
-	if( ( exit_code == 0 || exit_code == 1 ) && parts >= 2 )
+	VerifierStatus status = VerifierStatus::invalid( m_to_address ) ;
+	if( exit_code == 0 && parts >= 2 )
 	{
-		status.is_valid = true ;
-		status.is_local = exit_code == 0 ;
-		status.full_name = G::Str::printable( response_parts.at(0U) ) ;
-		status.address = G::Str::printable( response_parts.at(1U) ) ;
+		std::string full_name = G::Str::printable( result_parts.at(0U) ) ;
+		std::string mbox = G::Str::printable( result_parts.at(1U) ) ;
+		status = VerifierStatus::local( m_to_address , full_name , mbox ) ;
+	}
+	else if( exit_code == 1 && parts >= 2 )
+	{
+		std::string address = G::Str::printable( result_parts.at(1U) ) ;
+		status = VerifierStatus::remote( m_to_address , address ) ;
 	}
 	else if( exit_code == 100 )
 	{
-		status.is_valid = false ;
 		status.abort = true ;
 	}
 	else
 	{
-		status.is_valid = false ;
-		status.temporary = exit_code == 3 ;
+		bool temporary = exit_code == 3 ;
 
-		status.response = parts > 0U ?
-			G::Str::printable(response_parts.at(0U)) :
+		std::string response = parts > 0U ?
+			G::Str::printable(result_parts.at(0U)) :
 			std::string("mailbox unavailable") ;
 
-		status.reason = parts > 1U ?
-			G::Str::printable(response_parts.at(1U)) :
+		std::string reason = parts > 1U ?
+			G::Str::printable(result_parts.at(1U)) :
 			( "exit code " + G::Str::fromInt(exit_code) ) ;
+
+		status = VerifierStatus::invalid( m_to_address ,
+			temporary , response , reason ) ;
 	}
 
-	doneSignal().emit( std::string(m_to_address) , status ) ;
+	doneSignal().emit( status ) ;
 }
 
-G::Slot::Signal<const std::string&,const GSmtp::VerifierStatus&> & GSmtp::ExecutableVerifier::doneSignal()
+G::Slot::Signal<const GSmtp::VerifierStatus&> & GSmtp::ExecutableVerifier::doneSignal()
 {
 	return m_done_signal ;
 }
diff --git a/src/gsmtp/gexecutableverifier.h b/src/gsmtp/gexecutableverifier.h
index ea48e09..a7d9bf3 100644
--- a/src/gsmtp/gexecutableverifier.h
+++ b/src/gsmtp/gexecutableverifier.h
@@ -41,7 +41,7 @@ public:
 		///< Constructor.
 
 private: // overrides
-	G::Slot::Signal<const std::string&,const VerifierStatus&> & doneSignal() override ; // Override from GSmtp::Verifier.
+	G::Slot::Signal<const VerifierStatus&> & doneSignal() override ; // Override from GSmtp::Verifier.
 	void cancel() override ; // Override from GSmtp::Verifier.
 	void onTaskDone( int , const std::string & ) override ; // override from GNet::TaskCallback
 	void verify( const std::string & rcpt_to_parameter ,
@@ -57,7 +57,7 @@ public:
 
 private:
 	G::Path m_path ;
-	G::Slot::Signal<const std::string&,const VerifierStatus&> m_done_signal ;
+	G::Slot::Signal<const VerifierStatus&> m_done_signal ;
 	std::string m_to_address ;
 	GNet::Task m_task ;
 } ;
diff --git a/src/gsmtp/gfactoryparser.h b/src/gsmtp/gfactoryparser.h
index f483c5b..a320383 100644
--- a/src/gsmtp/gfactoryparser.h
+++ b/src/gsmtp/gfactoryparser.h
@@ -31,9 +31,9 @@ namespace GSmtp
 }
 
 //| \class GSmtp::FactoryParser
-/// A simple static class to parse identifiers that can be a
-/// program in the file system or a network address. Used by
-/// the filter factory and the address-verifier factory.
+/// A simple static class to parse identifiers that are either a
+/// program path or a network address. Used by the filter factory
+/// and the address-verifier factory.
 ///
 class GSmtp::FactoryParser
 {
@@ -50,9 +50,10 @@ public:
 
 	static Result parse( const std::string & identifier , bool allow_spam ) ;
 		///< Parses an identifier like "/usr/bin/foo" or "net:127.0.0.1:99"
-		///< returning the type and the specification in a result tuple, eg.
-		///< ("file","/usr/bin/foo") or ("net","127.0.0.1:99"). Returns
-		///< a default-constructed Result if not parsable.
+		///< or "net:/run/spamd.s", returning the type and the specification
+		///< in a result tuple, eg. ("file","/usr/bin/foo") or
+		///< ("net","127.0.0.1:99"). Returns a default-constructed Result
+		///< if not parsable.
 
 	static std::string check( const std::string & identifier , bool allow_spam ) ;
 		///< Parses and checks an identifier. Returns a diagnostic if
diff --git a/src/gsmtp/gfilestore.cpp b/src/gsmtp/gfilestore.cpp
index e291adf..e3d0902 100644
--- a/src/gsmtp/gfilestore.cpp
+++ b/src/gsmtp/gfilestore.cpp
@@ -30,6 +30,7 @@
 #include "gpath.h"
 #include "gfile.h"
 #include "gstr.h"
+#include "gassert.h"
 #include "gtest.h"
 #include "glog.h"
 #include <iostream>
@@ -47,7 +48,7 @@ public:
 	~FileIterator() override ;
 
 private: // overrides
-	std::unique_ptr<GSmtp::StoredMessage> next() override ;
+	std::unique_ptr<StoredMessage> next() override ;
 
 public:
 	FileIterator( const FileIterator & ) = delete ;
@@ -79,6 +80,9 @@ std::unique_ptr<GSmtp::StoredMessage> GSmtp::FileIterator::next()
 	while( m_iter.more() )
 	{
 		auto m = std::make_unique<StoredFile>( m_store , m_iter.filePath() ) ;
+		if( !m->id().valid() )
+			continue ;
+
 		if( m_lock && !m->lock() )
 		{
 			G_WARNING( "GSmtp::MessageStore: cannot lock file: \"" << m_iter.filePath() << "\"" ) ;
@@ -88,25 +92,21 @@ std::unique_ptr<GSmtp::StoredMessage> GSmtp::FileIterator::next()
 		std::string reason ;
 		const bool check_recipients = m_lock ; // check for no-remote-recipients
 		bool ok = m->readEnvelope(reason,check_recipients) && m->openContent(reason) ;
-		if( ok )
-			return std::unique_ptr<StoredMessage>( m.release() ) ; // up-cast
-
-		if( m_lock )
+		if( !ok && m_lock )
 			m->fail( reason , 0 ) ;
-		else
+		else if( !ok )
 			G_WARNING( "GSmtp::MessageStore: ignoring \"" << m_iter.filePath() << "\": " << reason ) ;
+		else
+			return std::unique_ptr<StoredMessage>( m.release() ) ; // up-cast
 	}
 	return {} ;
 }
 
 // ===
 
-GSmtp::FileStore::FileStore( const G::Path & dir , bool optimise ,
-	unsigned long max_size , bool test_for_eight_bit ) :
+GSmtp::FileStore::FileStore( const G::Path & dir , unsigned long max_size , bool test_for_eight_bit ) :
 		m_seq(1UL) ,
 		m_dir(dir) ,
-		m_optimise(optimise) ,
-		m_empty(false) ,
 		m_max_size(max_size) ,
 		m_test_for_eight_bit(test_for_eight_bit)
 {
@@ -182,6 +182,11 @@ void GSmtp::FileStore::checkPath( const G::Path & directory_path )
 	}
 }
 
+std::string GSmtp::FileStore::location( const MessageId & id ) const
+{
+	return envelopePath(id).str() ;
+}
+
 std::unique_ptr<std::ofstream> GSmtp::FileStore::stream( const G::Path & path )
 {
 	auto stream_ptr = std::make_unique<std::ofstream>() ;
@@ -192,59 +197,31 @@ std::unique_ptr<std::ofstream> GSmtp::FileStore::stream( const G::Path & path )
 	return stream_ptr ;
 }
 
-G::Path GSmtp::FileStore::contentPath( unsigned long seq ) const
+G::Path GSmtp::FileStore::contentPath( const MessageId & id ) const
 {
-	return fullPath( filePrefix(seq) + ".content" ) ;
+	return envelopePath(id).withExtension( "content" ) ;
 }
 
-G::Path GSmtp::FileStore::envelopePath( unsigned long seq ) const
+G::Path GSmtp::FileStore::envelopePath( const MessageId & id , const char * modifier ) const
 {
-	return fullPath( filePrefix(seq) + ".envelope" ) ;
+	G_ASSERT( modifier != nullptr ) ;
+	return m_dir + id.str().append(".envelope").append(modifier) ;
 }
 
-G::Path GSmtp::FileStore::envelopeWorkingPath( unsigned long seq ) const
+GSmtp::MessageId GSmtp::FileStore::newId()
 {
-	return fullPath( filePrefix(seq) + ".envelope.new" ) ;
-}
+	unsigned long timestamp = static_cast<unsigned long>(G::SystemTime::now().s()) ;
 
-std::string GSmtp::FileStore::filePrefix( unsigned long seq ) const
-{
-	std::ostringstream ss ;
-	G::Process::Id pid ;
-	ss << "emailrelay." << pid.str() << "." << m_pid_modifier << "." << seq ;
-	return ss.str() ;
-}
-
-G::Path GSmtp::FileStore::fullPath( const std::string & filename ) const
-{
-	G::Path p( m_dir ) ;
-	p.pathAppend( filename ) ;
-	return p ;
-}
-
-unsigned long GSmtp::FileStore::newSeq()
-{
 	m_seq++ ;
 	if( m_seq == 0UL )
 		m_seq++ ;
-	return m_seq ;
+
+	std::ostringstream ss ;
+	ss << "emailrelay." << G::Process::Id().str() << "." << timestamp << "." << m_seq ;
+	return MessageId( ss.str() ) ;
 }
 
 bool GSmtp::FileStore::empty() const
-{
-	if( m_optimise )
-	{
-		if( !m_empty )
-			m_empty = emptyCore() ;
-		return m_empty ;
-	}
-	else
-	{
-		return emptyCore() ;
-	}
-}
-
-bool GSmtp::FileStore::emptyCore() const
 {
 	G::DirectoryList list ;
 	DirectoryReader claim_reader ;
@@ -268,7 +245,7 @@ std::shared_ptr<GSmtp::MessageStore::Iterator> GSmtp::FileStore::failures()
 	return std::make_shared<FileIterator>( *this , m_dir , false , true ) ; // up-cast
 }
 
-std::unique_ptr<GSmtp::StoredMessage> GSmtp::FileStore::get( unsigned long id )
+std::unique_ptr<GSmtp::StoredMessage> GSmtp::FileStore::get( const MessageId & id )
 {
 	G::Path path = envelopePath( id ) ;
 
@@ -284,15 +261,12 @@ std::unique_ptr<GSmtp::StoredMessage> GSmtp::FileStore::get( unsigned long id )
 	if( !message->openContent(reason) )
 		throw GetError( path.str() + ": cannot read the content: " + reason ) ;
 
-	G_LOG( "GSmtp::FileStore::get: processing message \"" << message->name() << "\"" ) ;
-
 	return std::unique_ptr<StoredMessage>( message.release() ) ; // up-cast
 }
 
 std::unique_ptr<GSmtp::NewMessage> GSmtp::FileStore::newMessage( const std::string & from ,
 	const std::string & from_auth_in , const std::string & from_auth_out )
 {
-	m_empty = false ;
 	return std::make_unique<NewFile>( *this , from , from_auth_in , from_auth_out ,
 		m_max_size , m_test_for_eight_bit ) ; // up-cast
 }
@@ -331,7 +305,7 @@ void GSmtp::FileStore::unfailAllImp()
 		std::unique_ptr<StoredMessage> message = iter->next() ;
 		if( message == nullptr )
 			break ;
-		G_DEBUG( "GSmtp::FileStore::unfailAllImp: " << message->name() ) ;
+		G_DEBUG( "GSmtp::FileStore::unfailAllImp: " << message->location() ) ;
 		message->unfail() ;
 	}
 }
diff --git a/src/gsmtp/gfilestore.h b/src/gsmtp/gfilestore.h
index 7fe4fb0..43c503e 100644
--- a/src/gsmtp/gfilestore.h
+++ b/src/gsmtp/gfilestore.h
@@ -60,40 +60,29 @@ public:
 	G_EXCEPTION( InvalidDirectory , "invalid spool directory" ) ;
 	G_EXCEPTION( GetError , "error reading specific message" ) ;
 
-	FileStore( const G::Path & dir , bool optimise_empty_test ,
-		unsigned long max_size , bool test_for_eight_bit ) ;
-			///< Constructor. Throws an exception if the storage directory
-			///< is invalid.
-			///<
-			///< If the optimise flag is set then the implementation of
-			///< empty() will be efficient for an empty filestore
-			///< (ignoring failed and local-delivery messages). This
-			///< might be useful for applications in which the main
-			///< event loop is used to check for pending jobs. The
-			///< disadvantage is that this process will not be
-			///< sensititive to messages deposited into its spool
-			///< directory by other processes.
+	FileStore( const G::Path & dir , unsigned long max_size , bool test_for_eight_bit ) ;
+		///< Constructor. Throws an exception if the storage directory
+		///< is invalid.
 
-	unsigned long newSeq() ;
-		///< Hands out a new non-zero sequence number.
+	MessageId newId() ;
+		///< Hands out a new message id.
 
 	std::unique_ptr<std::ofstream> stream( const G::Path & path ) ;
 		///< Returns a stream to the given content.
 
-	G::Path contentPath( unsigned long seq ) const ;
+	G::Path contentPath( const MessageId & ) const ;
 		///< Returns the path for a content file.
 
-	G::Path envelopePath( unsigned long seq ) const ;
+	G::Path envelopePath( const MessageId & , const char * modifier = "" ) const ;
 		///< Returns the path for an envelope file.
 
-	G::Path envelopeWorkingPath( unsigned long seq ) const ;
-		///< Returns the path for an envelope file
-		///< which is in the process of being written.
-
 	bool empty() const override ;
 		///< Override from GSmtp::MessageStore.
 
-	std::unique_ptr<StoredMessage> get( unsigned long id ) override ;
+	std::string location( const MessageId & ) const override ;
+		///< Override from GSmtp::MessageStore.
+
+	std::unique_ptr<StoredMessage> get( const MessageId & ) override ;
 		///< Override from GSmtp::MessageStore.
 
 	std::shared_ptr<MessageStore::Iterator> iterator( bool lock ) override ;
@@ -152,8 +141,6 @@ private:
 private:
 	unsigned long m_seq ;
 	G::Path m_dir ;
-	bool m_optimise ;
-	mutable bool m_empty ;
 	unsigned long m_max_size ;
 	bool m_test_for_eight_bit ;
 	unsigned long m_pid_modifier ;
diff --git a/src/gsmtp/gfilter.cpp b/src/gsmtp/gfilter.cpp
index ba30d26..485c8b4 100644
--- a/src/gsmtp/gfilter.cpp
+++ b/src/gsmtp/gfilter.cpp
@@ -69,7 +69,7 @@ GSmtp::Filter::Exit::Exit( int exit_code , bool server_side ) :
 		{
 			result = Result::f_ok ; special = rescan ;
 		}
-		else if( exit_code == 104 && server_side )
+		else if( exit_code == 104 )
 		{
 			result = Result::f_fail ; special = rescan ;
 		}
diff --git a/src/gsmtp/gfilter.h b/src/gsmtp/gfilter.h
index 12b627d..86616b1 100644
--- a/src/gsmtp/gfilter.h
+++ b/src/gsmtp/gfilter.h
@@ -22,6 +22,7 @@
 #define G_SMTP_FILTER_H
 
 #include "gdef.h"
+#include "gmessagestore.h"
 #include "gslot.h"
 
 namespace GSmtp
@@ -58,8 +59,8 @@ public:
 		///< Returns true if the concrete filter class is one that can
 		///< never change the file (eg. a do-nothing filter class).
 
-	virtual void start( const std::string & path ) = 0 ;
-		///< Starts the filter for the given message file. Any previous,
+	virtual void start( const MessageId & ) = 0 ;
+		///< Starts the filter for the given message. Any previous,
 		///< incomplete filtering is cancel()ed. Asynchronous completion
 		///< is indicated by a doneSignal().
 
diff --git a/src/gsmtp/gfilterfactory.cpp b/src/gsmtp/gfilterfactory.cpp
index 4f44afb..bf109f7 100644
--- a/src/gsmtp/gfilterfactory.cpp
+++ b/src/gsmtp/gfilterfactory.cpp
@@ -28,12 +28,12 @@
 #include "gexception.h"
 #include "gfactoryparser.h"
 
-std::string GSmtp::FilterFactory::check( const std::string & identifier )
+GSmtp::FilterFactoryFileStore::FilterFactoryFileStore( FileStore & file_store ) :
+	m_file_store(file_store)
 {
-	return FactoryParser::check( identifier , true ) ;
 }
 
-std::unique_ptr<GSmtp::Filter> GSmtp::FilterFactory::newFilter( GNet::ExceptionSink es ,
+std::unique_ptr<GSmtp::Filter> GSmtp::FilterFactoryFileStore::newFilter( GNet::ExceptionSink es ,
 	bool server_side , const std::string & identifier , unsigned int timeout )
 {
 	FactoryParser::Result p = FactoryParser::parse( identifier , true ) ;
@@ -48,11 +48,11 @@ std::unique_ptr<GSmtp::Filter> GSmtp::FilterFactory::newFilter( GNet::ExceptionS
 		bool edit = p.third == 1 ;
 		bool read_only = !edit ;
 		bool always_pass = edit ;
-		return std::make_unique<SpamFilter>( es , p.second , read_only , always_pass , timeout , timeout ) ; // up-cast
+		return std::make_unique<SpamFilter>( es , m_file_store , p.second , read_only , always_pass , timeout , timeout ) ; // up-cast
 	}
 	else if( p.first == "net" )
 	{
-		return std::make_unique<NetworkFilter>( es , p.second , timeout , timeout ) ; // up-cast
+		return std::make_unique<NetworkFilter>( es , m_file_store , p.second , timeout , timeout ) ; // up-cast
 	}
 	else if( p.first == "exit" )
 	{
@@ -60,7 +60,7 @@ std::unique_ptr<GSmtp::Filter> GSmtp::FilterFactory::newFilter( GNet::ExceptionS
 	}
 	else
 	{
-		return std::make_unique<ExecutableFilter>( es , server_side , p.second ) ; // up-cast
+		return std::make_unique<ExecutableFilter>( es , m_file_store , server_side , p.second , timeout ) ; // up-cast
 	}
 }
 
diff --git a/src/gsmtp/gfilterfactory.h b/src/gsmtp/gfilterfactory.h
index 67930b3..43d6ad7 100644
--- a/src/gsmtp/gfilterfactory.h
+++ b/src/gsmtp/gfilterfactory.h
@@ -23,6 +23,8 @@
 
 #include "gdef.h"
 #include "gfilter.h"
+#include "gfilestore.h"
+#include "gfactoryparser.h"
 #include "gexceptionsink.h"
 #include <string>
 #include <utility>
@@ -30,26 +32,52 @@
 namespace GSmtp
 {
 	class FilterFactory ;
+	class FilterFactoryFileStore ;
 }
 
 //| \class GSmtp::FilterFactory
-/// A factory for message processors.
+/// A factory interface for GSmtp::Filter message processors.
 ///
 class GSmtp::FilterFactory
 {
 public:
-	static std::unique_ptr<Filter> newFilter( GNet::ExceptionSink ,
-		bool server_side , const std::string & identifier , unsigned int timeout ) ;
+	virtual std::unique_ptr<Filter> newFilter( GNet::ExceptionSink ,
+		bool server_side , const std::string & identifier , unsigned int timeout ) = 0 ;
 			///< Returns a Filter on the heap. The identifier
 			///< is normally prefixed with a processor type, or it
 			///< is the file system path of an exectuable.
 
+	virtual ~FilterFactory() = default ;
+		///< Destructor.
+
 	static std::string check( const std::string & identifier ) ;
 		///< Checks an identifier. Returns an empty string if okay,
 		///< or a diagnostic reason string.
-
-public:
-	FilterFactory() = delete ;
 } ;
 
+//| \class GSmtp::FilterFactoryFileStore
+/// A filter factory that holds a GSmtp::FileStore reference so that
+/// it can instantiate filters that operate on message files.
+///
+class GSmtp::FilterFactoryFileStore : public FilterFactory
+{
+public:
+	explicit FilterFactoryFileStore( FileStore & ) ;
+		///< Constructor. The FileStore reference is retained and passed
+		///< to new filter objects so that they can derive the paths of
+		///< the content and envelope files that they process.
+
+	std::unique_ptr<Filter> newFilter( GNet::ExceptionSink ,
+		bool server_side , const std::string & identifier , unsigned int timeout ) override ;
+
+private:
+	FileStore & m_file_store ;
+} ;
+
+inline
+std::string GSmtp::FilterFactory::check( const std::string & identifier )
+{
+	return FactoryParser::check( identifier , true ) ;
+}
+
 #endif
diff --git a/src/gsmtp/ginternalverifier.cpp b/src/gsmtp/ginternalverifier.cpp
index f893d70..af8569f 100644
--- a/src/gsmtp/ginternalverifier.cpp
+++ b/src/gsmtp/ginternalverifier.cpp
@@ -27,22 +27,13 @@ GSmtp::InternalVerifier::InternalVerifier()
 
 void GSmtp::InternalVerifier::verify( const std::string & to , const std::string & , const GNet::Address & ,
 	const std::string & , const std::string & )
-{
-	VerifierStatus status = verifyInternal( to ) ;
-	doneSignal().emit( std::string(to) , status ) ;
-}
-
-GSmtp::VerifierStatus GSmtp::InternalVerifier::verifyInternal( const std::string & address ) const
 {
 	// accept all addresses as if remote
-	VerifierStatus status ;
-	status.is_valid = true ;
-	status.is_local = false ;
-	status.address = address ;
-	return status ;
+	VerifierStatus status = VerifierStatus::remote( to ) ;
+	doneSignal().emit( status ) ;
 }
 
-G::Slot::Signal<const std::string&,const GSmtp::VerifierStatus&> & GSmtp::InternalVerifier::doneSignal()
+G::Slot::Signal<const GSmtp::VerifierStatus&> & GSmtp::InternalVerifier::doneSignal()
 {
 	return m_done_signal ;
 }
diff --git a/src/gsmtp/ginternalverifier.h b/src/gsmtp/ginternalverifier.h
index 16ebbe5..65a9042 100644
--- a/src/gsmtp/ginternalverifier.h
+++ b/src/gsmtp/ginternalverifier.h
@@ -42,7 +42,7 @@ public:
 		///< Constructor.
 
 private: // overrides
-	G::Slot::Signal<const std::string&,const VerifierStatus&> & doneSignal() override ; // Override from GSmtp::Verifier.
+	G::Slot::Signal<const VerifierStatus&> & doneSignal() override ; // Override from GSmtp::Verifier.
 	void cancel() override ; // Override from GSmtp::Verifier.
 	void verify( const std::string & rcpt_to_parameter ,
 		const std::string & mail_from_parameter , const GNet::Address & client_ip ,
@@ -56,7 +56,7 @@ public:
 	void operator=( InternalVerifier && ) = delete ;
 
 private:
-	G::Slot::Signal<const std::string&,const VerifierStatus&> m_done_signal ;
+	G::Slot::Signal<const VerifierStatus&> m_done_signal ;
 	VerifierStatus verifyInternal( const std::string & address ) const ;
 } ;
 
diff --git a/src/gsmtp/gmessagestore.cpp b/src/gsmtp/gmessagestore.cpp
index 8c03ed7..0a35b83 100644
--- a/src/gsmtp/gmessagestore.cpp
+++ b/src/gsmtp/gmessagestore.cpp
@@ -20,5 +20,10 @@
 
 #include "gdef.h"
 #include "gmessagestore.h"
+#include "gstoredmessage.h"
+
+std::unique_ptr<GSmtp::StoredMessage> GSmtp::operator++( std::shared_ptr<MessageStore::Iterator> & iter )
+{
+	return iter.get() ? iter->next() : std::unique_ptr<StoredMessage>() ;
+}
 
-// empty
diff --git a/src/gsmtp/gmessagestore.h b/src/gsmtp/gmessagestore.h
index 976608b..d9bfd02 100644
--- a/src/gsmtp/gmessagestore.h
+++ b/src/gsmtp/gmessagestore.h
@@ -22,18 +22,48 @@
 #define G_SMTP_MESSAGE_STORE_H
 
 #include "gdef.h"
-#include "gnewmessage.h"
-#include "gstoredmessage.h"
 #include "gexception.h"
 #include "gslot.h"
 #include "gstrings.h"
 #include "gpath.h"
+#include <memory>
 
 namespace GSmtp
 {
+	class NewMessage ;
+	class StoredMessage ;
+	class MessageId ;
 	class MessageStore ;
 }
 
+//| \class GSmtp::MessageId
+/// A somewhat opaque identifer for a MessageStore message.
+///
+class GSmtp::MessageId
+{
+public:
+	explicit MessageId( const std::string & ) ;
+		///< Constructor.
+
+	static MessageId none() ;
+		///< Returns an in-valid() id.
+
+	bool valid() const ;
+		///< Returns true if valid.
+
+	std::string str() const ;
+		///< Returns the id string.
+
+public:
+	explicit MessageId( int ) = delete ;
+
+private:
+	MessageId() = default ;
+
+private:
+	std::string m_s ;
+} ;
+
 //| \class GSmtp::MessageStore
 /// A class which allows SMTP messages to be stored and retrieved.
 ///
@@ -46,7 +76,6 @@ public:
 	{
 		virtual std::unique_ptr<StoredMessage> next() = 0 ;
 			///< Returns the next stored message or a null pointer.
-			///< See also GSmtp::operator++(std::shared_ptr<Iterator>).
 
 		virtual ~Iterator() = default ;
 			///< Destructor.
@@ -66,12 +95,13 @@ public:
 	virtual bool empty() const = 0 ;
 		///< Returns true if the message store is empty.
 
-	virtual std::unique_ptr<StoredMessage> get( unsigned long id ) = 0 ;
+	virtual std::string location( const MessageId & ) const = 0 ;
+		///< Returns the location of the given message.
+
+	virtual std::unique_ptr<StoredMessage> get( const MessageId & ) = 0 ;
 		///< Pulls the specified message out of the store. Throws
 		///< execptions on error.
 		///<
-		///< See also NewMessage::id().
-		///<
 		///< As a side effect some stored messages may be marked as bad,
 		///< or deleted (if they have no recipients).
 
@@ -115,10 +145,12 @@ public:
 
 namespace GSmtp
 {
-	inline std::unique_ptr<StoredMessage> operator++( std::shared_ptr<MessageStore::Iterator> & iter )
-	{
-		return iter.get() ? iter->next() : std::unique_ptr<StoredMessage>() ;
-	}
+	std::unique_ptr<StoredMessage> operator++( std::shared_ptr<MessageStore::Iterator> & iter ) ;
 }
 
+inline GSmtp::MessageId::MessageId( const std::string & s ) : m_s(s) {}
+inline GSmtp::MessageId GSmtp::MessageId::none() { return MessageId() ; }
+inline std::string GSmtp::MessageId::str() const { return m_s ; }
+inline bool GSmtp::MessageId::valid() const { return !m_s.empty() ; }
+
 #endif
diff --git a/src/gsmtp/gnetworkfilter.cpp b/src/gsmtp/gnetworkfilter.cpp
index 62d9004..c15c5ca 100644
--- a/src/gsmtp/gnetworkfilter.cpp
+++ b/src/gsmtp/gnetworkfilter.cpp
@@ -23,9 +23,10 @@
 #include "gstr.h"
 #include "glog.h"
 
-GSmtp::NetworkFilter::NetworkFilter( GNet::ExceptionSink es , const std::string & server ,
-	unsigned int connection_timeout , unsigned int response_timeout ) :
+GSmtp::NetworkFilter::NetworkFilter( GNet::ExceptionSink es , FileStore & file_store ,
+	const std::string & server , unsigned int connection_timeout , unsigned int response_timeout ) :
 		m_es(es) ,
+		m_file_store(file_store) ,
 		m_location(server) ,
 		m_connection_timeout(connection_timeout) ,
 		m_response_timeout(response_timeout)
@@ -50,7 +51,7 @@ bool GSmtp::NetworkFilter::simple() const
 	return false ;
 }
 
-void GSmtp::NetworkFilter::start( const std::string & path )
+void GSmtp::NetworkFilter::start( const MessageId & message_id )
 {
 	m_text.erase() ;
 	if( m_client_ptr.get() == nullptr )
@@ -60,7 +61,7 @@ void GSmtp::NetworkFilter::start( const std::string & path )
 			"scanner" , "ok" ,
 			m_location , m_connection_timeout , m_response_timeout ) ) ;
 	}
-	m_client_ptr->request( path ) ; // (no need to wait for connection)
+	m_client_ptr->request( m_file_store.contentPath(message_id).str() ) ; // (no need to wait for connection)
 }
 
 void GSmtp::NetworkFilter::clientDeleted( const std::string & reason )
diff --git a/src/gsmtp/gnetworkfilter.h b/src/gsmtp/gnetworkfilter.h
index 8745b94..6ba104c 100644
--- a/src/gsmtp/gnetworkfilter.h
+++ b/src/gsmtp/gnetworkfilter.h
@@ -23,6 +23,7 @@
 
 #include "gdef.h"
 #include "gfilter.h"
+#include "gfilestore.h"
 #include "gclientptr.h"
 #include "grequestclient.h"
 #include "geventhandler.h"
@@ -40,7 +41,7 @@ namespace GSmtp
 class GSmtp::NetworkFilter : public Filter
 {
 public:
-	NetworkFilter( GNet::ExceptionSink , const std::string & server_location ,
+	NetworkFilter( GNet::ExceptionSink , FileStore & , const std::string & server_location ,
 		unsigned int connection_timeout , unsigned int response_timeout ) ;
 			///< Constructor.
 
@@ -51,7 +52,7 @@ private: // overrides
 	std::string id() const override ; // Override from from GSmtp::Filter.
 	bool simple() const override ; // Override from from GSmtp::Filter.
 	G::Slot::Signal<int> & doneSignal() override ; // Override from from GSmtp::Filter.
-	void start( const std::string & path ) override ; // Override from from GSmtp::Filter.
+	void start( const MessageId & ) override ; // Override from from GSmtp::Filter.
 	void cancel() override ; // Override from from GSmtp::Filter.
 	bool abandoned() const override ; // Override from from GSmtp::Filter.
 	std::string response() const override ; // Override from from GSmtp::Filter.
@@ -70,6 +71,7 @@ private:
 
 private:
 	GNet::ExceptionSink m_es ;
+	FileStore & m_file_store ;
 	G::Slot::Signal<int> m_done_signal ;
 	GNet::Location m_location ;
 	unsigned int m_connection_timeout ;
diff --git a/src/gsmtp/gnetworkverifier.cpp b/src/gsmtp/gnetworkverifier.cpp
index cfa8084..50d2c7f 100644
--- a/src/gsmtp/gnetworkverifier.cpp
+++ b/src/gsmtp/gnetworkverifier.cpp
@@ -74,12 +74,11 @@ void GSmtp::NetworkVerifier::clientDeleted( const std::string & reason )
 	{
 		std::string to_address = m_to_address ;
 		m_to_address.erase() ;
-		VerifierStatus status( to_address ) ;
-		status.is_valid = false ;
-		status.temporary = true ;
-		status.response = "cannot verify" ;
-		status.reason = reason ;
-		doneSignal().emit( G::Str::printable(to_address) , status ) ;
+
+		VerifierStatus status = VerifierStatus::invalid( to_address ,
+			true , "cannot verify" , reason ) ;
+
+		doneSignal().emit( status ) ;
 	}
 }
 
@@ -88,13 +87,12 @@ void GSmtp::NetworkVerifier::clientEvent( const std::string & s1 , const std::st
 	G_DEBUG( "GSmtp::NetworkVerifier::clientEvent: [" << s1 << "] [" << s2 << "]" ) ;
 	if( s1 == "verify" )
 	{
-		VerifierStatus status ;
-
 		// parse the output from the remote verifier using pipe-delimited
 		// fields based on the script-based verifier interface, but backwards
 		//
 		G::StringArray parts ;
-		G::Str::splitIntoFields( s2 , parts , "|" ) ;
+		G::Str::splitIntoFields( s2 , parts , {"|",1U} ) ;
+		VerifierStatus status = VerifierStatus::invalid( m_to_address ) ;
 		if( !parts.empty() && parts[0U] == "100" )
 		{
 			status.is_valid = false ;
@@ -102,36 +100,29 @@ void GSmtp::NetworkVerifier::clientEvent( const std::string & s1 , const std::st
 		}
 		else if( parts.size() >= 2U && parts[0U] == "1" )
 		{
-			status.is_valid = true ;
-			status.is_local = false ;
-			status.address = parts[1U] ;
+			const std::string & address = parts[1U] ;
+			status = VerifierStatus::remote( m_to_address , address ) ;
 		}
 		else if( parts.size() >= 3U && parts[0U] == "0" )
 		{
-			status.is_valid = true ;
-			status.is_local = true ;
-			status.address = parts[1U] ;
-			status.full_name = parts[2U] ;
+			const std::string & mbox = parts[1U] ;
+			const std::string & full_name = parts[2U] ;
+			status = VerifierStatus::local( m_to_address , full_name , mbox ) ;
 		}
 		else if( parts.size() >= 2U && ( parts[0U] == "2" || parts[0U] == "3" ) )
 		{
-			status.is_valid = false ;
-			status.response = parts[1U] ;
-			status.temporary = parts[0U] == "3" ;
-			if( parts.size() >= 3U )
-				status.reason = parts[2U] ; // (new)
-		}
-		else
-		{
-			status.is_valid = false ;
-			status.temporary = false ;
+			bool temporary = parts[0U] == "3" ;
+			const std::string & response = parts[1U] ;
+			std::string reason = parts.size() >= 3 ? parts[2U] : std::string() ;
+			status = VerifierStatus::invalid( m_to_address ,
+				temporary , response , reason ) ;
 		}
 
-		doneSignal().emit( G::Str::printable(m_to_address) , status ) ;
+		doneSignal().emit( status ) ;
 	}
 }
 
-G::Slot::Signal<const std::string&,const GSmtp::VerifierStatus&> & GSmtp::NetworkVerifier::doneSignal()
+G::Slot::Signal<const GSmtp::VerifierStatus&> & GSmtp::NetworkVerifier::doneSignal()
 {
 	return m_done_signal ;
 }
diff --git a/src/gsmtp/gnetworkverifier.h b/src/gsmtp/gnetworkverifier.h
index 4b90e4f..ab26a7c 100644
--- a/src/gsmtp/gnetworkverifier.h
+++ b/src/gsmtp/gnetworkverifier.h
@@ -49,7 +49,7 @@ private: // overrides
 	void verify( const std::string & rcpt_to_parameter ,
 		const std::string & mail_from_parameter , const GNet::Address & client_ip ,
 		const std::string & auth_mechanism , const std::string & auth_extra ) override ; // Override from GSmtp::Verifier.
-	G::Slot::Signal<const std::string&,const VerifierStatus&> & doneSignal() override ; // Override from GSmtp::Verifier.
+	G::Slot::Signal<const VerifierStatus&> & doneSignal() override ; // Override from GSmtp::Verifier.
 	void cancel() override ; // Override from GSmtp::Verifier.
 
 public:
@@ -64,7 +64,7 @@ private:
 
 private:
 	GNet::ExceptionSink m_es ;
-	G::Slot::Signal<const std::string&,const VerifierStatus&> m_done_signal ;
+	G::Slot::Signal<const VerifierStatus&> m_done_signal ;
 	GNet::Location m_location ;
 	unsigned int m_connection_timeout ;
 	unsigned int m_response_timeout ;
diff --git a/src/gsmtp/gnewfile.cpp b/src/gsmtp/gnewfile.cpp
index 4abe32b..b8e68e3 100644
--- a/src/gsmtp/gnewfile.cpp
+++ b/src/gsmtp/gnewfile.cpp
@@ -38,6 +38,7 @@ GSmtp::NewFile::NewFile( FileStore & store , const std::string & from ,
 	const std::string & from_auth_in , const std::string & from_auth_out ,
 	std::size_t max_size , bool test_for_eight_bit ) :
 		m_store(store) ,
+		m_id(store.newId()) ,
 		m_committed(false) ,
 		m_test_for_eight_bit(test_for_eight_bit) ,
 		m_saved(false) ,
@@ -48,20 +49,16 @@ GSmtp::NewFile::NewFile( FileStore & store , const std::string & from ,
 	m_env.m_from_auth_in = from_auth_in ;
 	m_env.m_from_auth_out = from_auth_out ;
 
-	// ask the store for a unique id
-	m_seq = store.newSeq() ;
-
 	// ask the store for a content stream
-	m_content_path = m_store.contentPath( m_seq ) ;
-	G_LOG( "GSmtp::NewMessage: content file: " << m_content_path ) ;
-	m_content = m_store.stream( m_content_path ) ;
+	G_LOG( "GSmtp::NewMessage: content file: " << cpath() ) ;
+	m_content = m_store.stream( cpath() ) ;
 }
 
 GSmtp::NewFile::~NewFile()
 {
 	try
 	{
-		G_DEBUG( "GSmtp::NewFile::dtor: " << m_content_path ) ;
+		G_DEBUG( "GSmtp::NewFile::dtor: " << cpath() ) ;
 		cleanup() ;
 	}
 	catch(...) // dtor
@@ -79,47 +76,47 @@ void GSmtp::NewFile::cleanup()
 	}
 }
 
-std::string GSmtp::NewFile::prepare( const std::string & session_auth_id , const std::string & peer_socket_address ,
+bool GSmtp::NewFile::prepare( const std::string & session_auth_id , const std::string & peer_socket_address ,
 	const std::string & peer_certificate )
 {
 	// flush and close the content file
-	//
-	flushContent() ;
+	G_ASSERT( m_content != nullptr ) ;
+	m_content->close() ;
+	if( m_content->fail() ) // trap failbit/badbit
+		throw FileError( "cannot write content file " + cpath().str() ) ;
+	m_content.reset() ;
 
 	// write the envelope
-	//
 	m_env.m_authentication = session_auth_id ;
 	m_env.m_client_socket_address = peer_socket_address ;
 	m_env.m_client_certificate = peer_certificate ;
-	m_envelope_path_0 = m_store.envelopeWorkingPath( m_seq ) ;
-	m_envelope_path_1 = m_store.envelopePath( m_seq ) ;
 	if( !saveEnvelope() )
-		throw FileError( "cannot write envelope file " + m_envelope_path_0.str() ) ;
+		throw FileError( "cannot write envelope file " + epath(State::New).str() ) ;
 
 	// copy or move aside for local mailboxes
-	//
 	if( !m_env.m_to_local.empty() && m_env.m_to_remote.empty() )
 	{
-		moveToLocal( m_content_path , m_envelope_path_0 , m_envelope_path_1 ) ;
-		return std::string() ;
+		moveToLocal( cpath() , epath(State::New) , epath(State::Normal) ) ;
+		m_store.updated() ; // (new)
+		return true ; // no commit() needed
 	}
 	else if( !m_env.m_to_local.empty() )
 	{
-		copyToLocal( m_content_path , m_envelope_path_0 , m_envelope_path_1 ) ;
-		return m_content_path.str() ;
+		copyToLocal( cpath() , epath(State::New) , epath(State::Normal) ) ;
+		return false ;
 	}
 	else
 	{
-		return m_content_path.str() ;
+		return false ;
 	}
 }
 
-void GSmtp::NewFile::commit( bool strict )
+void GSmtp::NewFile::commit( bool throw_on_error )
 {
 	m_committed = true ;
 	bool ok = commitEnvelope() ;
-	if( !ok && strict )
-		throw FileError( "cannot rename envelope file to " + m_envelope_path_1.str() ) ;
+	if( !ok && throw_on_error )
+		throw FileError( "cannot rename envelope file to " + epath(State::Normal).str() ) ;
 	if( ok )
 		m_store.updated() ;
 }
@@ -148,20 +145,11 @@ bool GSmtp::NewFile::addText( const char * line_data , std::size_t line_size )
 		m_env.m_eight_bit = isEightBit(line_data,line_size) ? 1 : 0 ;
 
 	std::ostream & stream = *m_content ;
-	stream.write( line_data , line_size ) ;
+	stream.write( line_data , line_size ) ; // NOLINT narrowing
 
 	return m_max_size == 0UL || m_size < m_max_size ;
 }
 
-void GSmtp::NewFile::flushContent()
-{
-	G_ASSERT( m_content != nullptr ) ;
-	m_content->close() ;
-	if( m_content->fail() ) // trap failbit/badbit
-		throw FileError( "cannot write content file " + m_content_path.str() ) ;
-	m_content.reset() ;
-}
-
 void GSmtp::NewFile::discardContent()
 {
 	m_content.reset() ;
@@ -170,16 +158,13 @@ void GSmtp::NewFile::discardContent()
 void GSmtp::NewFile::deleteContent()
 {
 	FileWriter claim_writer ;
-	G::File::remove( m_content_path , std::nothrow ) ;
+	G::File::remove( cpath() , std::nothrow ) ;
 }
 
 void GSmtp::NewFile::deleteEnvelope()
 {
-	if( ! m_envelope_path_0.str().empty() )
-	{
-		FileWriter claim_writer ;
-		G::File::remove( m_envelope_path_0 , std::nothrow ) ;
-	}
+	FileWriter claim_writer ;
+	G::File::remove( epath(State::New) , std::nothrow ) ;
 }
 
 bool GSmtp::NewFile::isEightBit( const char * line_data , std::size_t line_size )
@@ -189,8 +174,8 @@ bool GSmtp::NewFile::isEightBit( const char * line_data , std::size_t line_size
 
 bool GSmtp::NewFile::saveEnvelope()
 {
-	G_LOG( "GSmtp::NewMessage: envelope file: " << m_envelope_path_0.str() ) ;
-	std::unique_ptr<std::ofstream> envelope_stream = m_store.stream( m_envelope_path_0 ) ;
+	G_LOG( "GSmtp::NewMessage: envelope file: " << epath(State::New).basename() ) ; // (was full path)
+	std::unique_ptr<std::ofstream> envelope_stream = m_store.stream( epath(State::New) ) ;
 	m_env.m_endpos = GSmtp::Envelope::write( *envelope_stream , m_env ) ;
 	m_env.m_crlf = true ;
 	envelope_stream->close() ;
@@ -200,7 +185,7 @@ bool GSmtp::NewFile::saveEnvelope()
 bool GSmtp::NewFile::commitEnvelope()
 {
 	FileWriter claim_writer ;
-	m_saved = G::File::rename( m_envelope_path_0 , m_envelope_path_1 , std::nothrow ) ;
+	m_saved = G::File::rename( epath(State::New) , epath(State::Normal) , std::nothrow ) ;
 	return m_saved ;
 }
 
@@ -222,13 +207,25 @@ void GSmtp::NewFile::copyToLocal( const G::Path & content_path , const G::Path &
 	G::File::copy( envelope_path_now.str() , envelope_path_later.str()+".local" ) ;
 }
 
-unsigned long GSmtp::NewFile::id() const
+GSmtp::MessageId GSmtp::NewFile::id() const
 {
-	return m_seq ;
+	return m_id ;
 }
 
-G::Path GSmtp::NewFile::contentPath() const
+std::string GSmtp::NewFile::location() const
 {
-	return m_content_path ;
+	return cpath().str() ;
+}
+
+G::Path GSmtp::NewFile::cpath() const
+{
+	return m_store.contentPath( m_id ) ;
+}
+
+G::Path GSmtp::NewFile::epath( State state ) const
+{
+	return state == State::Normal ?
+		m_store.envelopePath(m_id) :
+		G::Path( m_store.envelopePath(m_id).str() + ".new" ) ;
 }
 
diff --git a/src/gsmtp/gnewfile.h b/src/gsmtp/gnewfile.h
index b1c7ee8..98f0f21 100644
--- a/src/gsmtp/gnewfile.h
+++ b/src/gsmtp/gnewfile.h
@@ -44,6 +44,7 @@ class GSmtp::NewFile : public NewMessage
 public:
 	G_EXCEPTION( InvalidPath , "invalid path: must be absolute" ) ;
 	G_EXCEPTION( FileError , "message store error" ) ;
+	G_EXCEPTION( TooBig , "message too big" ) ;
 
 	NewFile( FileStore & store , const std::string & from , const std::string & from_auth_in ,
 		const std::string & from_auth_out , std::size_t max_size , bool test_for_eight_bit ) ;
@@ -64,15 +65,18 @@ public:
 
 private: // overrides
 	void commit( bool strict ) override ; // Override from GSmtp::NewMessage.
-	unsigned long id() const override ; // Override from GSmtp::NewMessage.
+	std::string location() const override ; // Override from GSmtp::NewMessage.
+	MessageId id() const override ; // Override from GSmtp::NewMessage.
 	void addTo( const std::string & to , bool local ) override ; // Override from GSmtp::NewMessage.
 	bool addText( const char * , std::size_t ) override ; // Override from GSmtp::NewMessage.
-	std::string prepare( const std::string & auth_id , const std::string & peer_socket_address ,
+	bool prepare( const std::string & auth_id , const std::string & peer_socket_address ,
 		const std::string & peer_certificate ) override ; // Override from GSmtp::NewMessage.
 
 private:
+	enum class State { New , Normal } ;
+	G::Path cpath() const ;
+	G::Path epath( State ) const ;
 	void cleanup() ;
-	void flushContent() ;
 	void discardContent() ;
 	bool commitEnvelope() ;
 	void deleteContent() ;
@@ -84,11 +88,8 @@ private:
 
 private:
 	FileStore & m_store ;
-	unsigned long m_seq ;
+	MessageId m_id ;
 	std::unique_ptr<std::ofstream> m_content ;
-	G::Path m_content_path ;
-	G::Path m_envelope_path_0 ;
-	G::Path m_envelope_path_1 ;
 	bool m_committed ;
 	bool m_test_for_eight_bit ;
 	bool m_saved ;
diff --git a/src/gsmtp/gnewmessage.h b/src/gsmtp/gnewmessage.h
index e84dfa8..3c3417f 100644
--- a/src/gsmtp/gnewmessage.h
+++ b/src/gsmtp/gnewmessage.h
@@ -44,20 +44,22 @@ public:
 		///< Adds a line of content, typically ending with CR-LF.
 		///< Returns false on overflow.
 
-	virtual std::string prepare( const std::string & session_auth_id ,
+	virtual bool prepare( const std::string & session_auth_id ,
 		const std::string & peer_socket_address , const std::string & peer_certificate ) = 0 ;
 			///< Prepares to store the message in the message store.
-			///< Returns the location of the pre-commit()ed message,
-			///< or returns the empty string for a local-mailbox only
-			///< message that has already been fully written.
+			///< Returns true if a local-mailbox only message that
+			///< has been fully written and needs no commit().
 
 	virtual void commit( bool strict ) = 0 ;
 		///< Commits the prepare()d message to the store. Errors are
 		///< ignored (eg. missing files) if the 'strict' parameter
 		///< is false.
 
-	virtual unsigned long id() const = 0 ;
-		///< Returns the message's unique non-zero identifier.
+	virtual std::string location() const = 0 ;
+		///< Returns the message's unique location.
+
+	virtual MessageId id() const = 0 ;
+		///< Returns the message's unique identifier.
 
 	bool addTextLine( const std::string & ) ;
 		///< A convenience function that calls addText() taking
diff --git a/src/gsmtp/gnullfilter.cpp b/src/gsmtp/gnullfilter.cpp
index fefe007..90eb891 100644
--- a/src/gsmtp/gnullfilter.cpp
+++ b/src/gsmtp/gnullfilter.cpp
@@ -70,7 +70,7 @@ void GSmtp::NullFilter::cancel()
 {
 }
 
-void GSmtp::NullFilter::start( const std::string & )
+void GSmtp::NullFilter::start( const MessageId & )
 {
 	m_timer.startTimer( 0U ) ;
 }
diff --git a/src/gsmtp/gnullfilter.h b/src/gsmtp/gnullfilter.h
index b56dc2b..1b71089 100644
--- a/src/gsmtp/gnullfilter.h
+++ b/src/gsmtp/gnullfilter.h
@@ -48,7 +48,7 @@ private: // overrides
 	std::string id() const override ; // Override from from GSmtp::Filter.
 	bool simple() const override ; // Override from from GSmtp::Filter.
 	G::Slot::Signal<int> & doneSignal() override ; // Override from from GSmtp::Filter.
-	void start( const std::string & path ) override ; // Override from from GSmtp::Filter.
+	void start( const MessageId & ) override ; // Override from from GSmtp::Filter.
 	void cancel() override ; // Override from from GSmtp::Filter.
 	bool abandoned() const override ; // Override from from GSmtp::Filter.
 	std::string response() const override ; // Override from from GSmtp::Filter.
diff --git a/src/gsmtp/gprotocolmessage.h b/src/gsmtp/gprotocolmessage.h
index 7681047..d8ad6c3 100644
--- a/src/gsmtp/gprotocolmessage.h
+++ b/src/gsmtp/gprotocolmessage.h
@@ -22,6 +22,7 @@
 #define G_SMTP_PROTOCOL_MESSAGE_H
 
 #include "gdef.h"
+#include "gmessagestore.h"
 #include "gslot.h"
 #include "gstrings.h"
 #include "gverifier.h"
@@ -62,7 +63,7 @@ namespace GSmtp
 class GSmtp::ProtocolMessage
 {
 public:
-	using DoneSignal = G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> ;
+	using DoneSignal = G::Slot::Signal<bool,const MessageId&,const std::string&,const std::string&> ;
 
 	virtual ~ProtocolMessage() = default ;
 		///< Destructor.
@@ -73,7 +74,7 @@ public:
 		///<
 		///< The signal parameters are 'success', 'id', 'short-response' and
 		///< 'full-reason'. As a special case, if success is true and id
-		///< is zero then the message processing was either abandoned
+		///< is invalid then the message processing was either abandoned
 		///< or it only had local-mailbox recipients.
 
 	virtual void reset() = 0 ;
@@ -83,14 +84,12 @@ public:
 		///< Clears the message state and terminates any asynchronous
 		///< message processing.
 
-	virtual bool setFrom( const std::string & from_user , const std::string & from_auth ) = 0 ;
-		///< Sets the message envelope 'from'. Returns false if an
-		///< invalid user.
+	virtual MessageId setFrom( const std::string & from_user , const std::string & from_auth ) = 0 ;
+		///< Sets the message envelope 'from'.
 
-	virtual bool addTo( const std::string & to_user , VerifierStatus to_status ) = 0 ;
-		///< Adds an envelope 'to'. The 'to_status' parameter comes
-		///< from GSmtp::Verifier.verify(). Returns false if an
-		///< invalid user.
+	virtual bool addTo( VerifierStatus to_status ) = 0 ;
+		///< Adds an envelope 'to'. See also GSmtp::Verifier::verify().
+		///< Returns false if an invalid user.
 		///<
 		///< Precondition: setFrom() called since clear() or process().
 
diff --git a/src/gsmtp/gprotocolmessageforward.cpp b/src/gsmtp/gprotocolmessageforward.cpp
index dacf908..23742bc 100644
--- a/src/gsmtp/gprotocolmessageforward.cpp
+++ b/src/gsmtp/gprotocolmessageforward.cpp
@@ -28,16 +28,17 @@
 #include "glog.h"
 
 GSmtp::ProtocolMessageForward::ProtocolMessageForward( GNet::ExceptionSink es ,
-	MessageStore & store , std::unique_ptr<ProtocolMessage> pm ,
+	MessageStore & store , FilterFactory & ff , std::unique_ptr<ProtocolMessage> pm ,
 	const GSmtp::Client::Config & client_config ,
-	const GAuth::Secrets & client_secrets , const std::string & server ) :
+	const GAuth::SaslClientSecrets & client_secrets , const std::string & server ) :
 		m_es(es) ,
 		m_store(store) ,
+		m_ff(ff) ,
 		m_client_location(server) ,
 		m_client_config(client_config) ,
 		m_client_secrets(client_secrets) ,
 		m_pm(pm.release()) ,
-		m_id(0) ,
+		m_id(MessageId::none()) ,
 		m_done_signal(true) // one-shot, but reset()able
 {
 	// signal plumbing to receive 'done' events
@@ -58,7 +59,7 @@ GSmtp::ProtocolMessage::DoneSignal & GSmtp::ProtocolMessageForward::storageDoneS
 	return m_pm->doneSignal() ;
 }
 
-G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> & GSmtp::ProtocolMessageForward::doneSignal()
+GSmtp::ProtocolMessage::DoneSignal & GSmtp::ProtocolMessageForward::doneSignal()
 {
 	return m_done_signal ;
 }
@@ -74,14 +75,14 @@ void GSmtp::ProtocolMessageForward::clear()
 	m_pm->clear() ;
 }
 
-bool GSmtp::ProtocolMessageForward::setFrom( const std::string & from , const std::string & from_auth )
+GSmtp::MessageId GSmtp::ProtocolMessageForward::setFrom( const std::string & from , const std::string & from_auth )
 {
 	return m_pm->setFrom( from , from_auth ) ;
 }
 
-bool GSmtp::ProtocolMessageForward::addTo( const std::string & to , VerifierStatus to_status )
+bool GSmtp::ProtocolMessageForward::addTo( VerifierStatus to_status )
 {
-	return m_pm->addTo( to , to_status ) ;
+	return m_pm->addTo( to_status ) ;
 }
 
 void GSmtp::ProtocolMessageForward::addReceived( const std::string & line )
@@ -106,13 +107,13 @@ void GSmtp::ProtocolMessageForward::process( const std::string & auth_id , const
 	m_pm->process( auth_id , peer_socket_address , peer_certificate ) ;
 }
 
-void GSmtp::ProtocolMessageForward::processDone( bool success , unsigned long id , const std::string & response ,
+void GSmtp::ProtocolMessageForward::processDone( bool success , const MessageId & id , const std::string & response ,
 	const std::string & reason )
 {
 	G_DEBUG( "ProtocolMessageForward::processDone: " << (success?1:0) << " "
-		<< id << " [" << response << "] [" << reason << "]" ) ;
+		<< id.str() << " [" << response << "] [" << reason << "]" ) ;
 	G::CallFrame this_( m_call_stack ) ;
-	if( success && id != 0UL )
+	if( success && id.valid() )
 	{
 		m_id = id ;
 
@@ -133,14 +134,15 @@ void GSmtp::ProtocolMessageForward::processDone( bool success , unsigned long id
 	}
 }
 
-std::string GSmtp::ProtocolMessageForward::forward( unsigned long id , bool & nothing_to_do )
+std::string GSmtp::ProtocolMessageForward::forward( const MessageId & id , bool & nothing_to_do )
 {
 	try
 	{
 		nothing_to_do = false ;
-		G_DEBUG( "GSmtp::ProtocolMessageForward::forward: forwarding message " << id ) ;
+		G_DEBUG( "GSmtp::ProtocolMessageForward::forward: forwarding message " << id.str() ) ;
 
 		std::unique_ptr<StoredMessage> message = m_store.get( id ) ;
+		G_LOG( "GSmtp::ProtocolMessageForward::forward: processing message \"" << message->location() << "\"" ) ;
 
 		if( message->toCount() == 0U )
 		{
@@ -153,7 +155,7 @@ std::string GSmtp::ProtocolMessageForward::forward( unsigned long id , bool & no
 			if( m_client_ptr.get() == nullptr )
 			{
 				m_client_ptr.reset( std::make_unique<Client>( GNet::ExceptionSink(m_client_ptr,m_es.esrc()),
-					m_client_location , m_client_secrets , m_client_config ) ) ;
+					m_ff , m_client_location , m_client_secrets , m_client_config ) ) ;
 				m_client_ptr->messageDoneSignal().connect( G::Slot::slot( *this ,
 					&GSmtp::ProtocolMessageForward::messageDone ) ) ;
 			}
diff --git a/src/gsmtp/gprotocolmessageforward.h b/src/gsmtp/gprotocolmessageforward.h
index b75444b..b15002a 100644
--- a/src/gsmtp/gprotocolmessageforward.h
+++ b/src/gsmtp/gprotocolmessageforward.h
@@ -31,6 +31,7 @@
 #include "gmessagestore.h"
 #include "gnewmessage.h"
 #include "gverifierstatus.h"
+#include "gfilterfactory.h"
 #include "gcall.h"
 #include <string>
 #include <memory>
@@ -54,10 +55,10 @@ namespace GSmtp
 class GSmtp::ProtocolMessageForward : public ProtocolMessage
 {
 public:
-	ProtocolMessageForward( GNet::ExceptionSink , MessageStore & store ,
+	ProtocolMessageForward( GNet::ExceptionSink , MessageStore & store , FilterFactory & ,
 		std::unique_ptr<ProtocolMessage> pm ,
 		const GSmtp::Client::Config & client_config ,
-		const GAuth::Secrets & client_secrets ,
+		const GAuth::SaslClientSecrets & client_secrets ,
 		const std::string & remote_server_address ) ;
 			///< Constructor. The 'store' and 'client-secrets' references
 			///< are kept.
@@ -72,17 +73,17 @@ protected:
 		///< intercept the storage-done signal emit()ed by
 		///< the ProtocolMessageStore object.
 
-	void processDone( bool , unsigned long , const std::string & , const std::string & ) ;
+	void processDone( bool , const MessageId & , const std::string & , const std::string & ) ;
 		///< Called by derived classes that have intercepted
 		///< the storageDoneSignal() when their own post-storage
 		///< processing is complete.
 
 private: // overrides
-	G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> & doneSignal() override ; // Override from GSmtp::ProtocolMessage.
+	ProtocolMessage::DoneSignal & doneSignal() override ; // Override from GSmtp::ProtocolMessage.
 	void reset() override ; // Override from GSmtp::ProtocolMessage.
 	void clear() override ; // Override from GSmtp::ProtocolMessage.
-	bool setFrom( const std::string & from_user , const std::string & ) override ; // Override from GSmtp::ProtocolMessage.
-	bool addTo( const std::string & to_user , VerifierStatus to_status ) override ; // Override from GSmtp::ProtocolMessage.
+	MessageId setFrom( const std::string & from_user , const std::string & ) override ; // Override from GSmtp::ProtocolMessage.
+	bool addTo( VerifierStatus to_status ) override ; // Override from GSmtp::ProtocolMessage.
 	void addReceived( const std::string & ) override ; // Override from GSmtp::ProtocolMessage.
 	bool addText( const char * , std::size_t ) override ; // Override from GSmtp::ProtocolMessage.
 	std::string from() const override ; // Override from GSmtp::ProtocolMessage.
@@ -98,19 +99,20 @@ public:
 private:
 	void clientDone( const std::string & ) ; // GNet::Client::doneSignal()
 	void messageDone( const std::string & ) ; // GSmtp::Client::messageDoneSignal()
-	std::string forward( unsigned long , bool & ) ;
+	std::string forward( const MessageId & , bool & ) ;
 
 private:
 	GNet::ExceptionSink m_es ;
 	MessageStore & m_store ;
+	FilterFactory & m_ff ;
 	G::CallStack m_call_stack ;
 	GNet::Location m_client_location ;
 	Client::Config m_client_config ;
-	const GAuth::Secrets & m_client_secrets ;
+	const GAuth::SaslClientSecrets & m_client_secrets ;
 	std::unique_ptr<ProtocolMessage> m_pm ;
 	GNet::ClientPtr<GSmtp::Client> m_client_ptr ;
-	unsigned long m_id ;
-	G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> m_done_signal ;
+	MessageId m_id ;
+	ProtocolMessage::DoneSignal m_done_signal ;
 } ;
 
 #endif
diff --git a/src/gsmtp/gprotocolmessagestore.cpp b/src/gsmtp/gprotocolmessagestore.cpp
index 6ac03c3..ef608fa 100644
--- a/src/gsmtp/gprotocolmessagestore.cpp
+++ b/src/gsmtp/gprotocolmessagestore.cpp
@@ -51,7 +51,7 @@ void GSmtp::ProtocolMessageStore::clear()
 	m_filter->cancel() ;
 }
 
-bool GSmtp::ProtocolMessageStore::setFrom( const std::string & from , const std::string & from_auth )
+GSmtp::MessageId GSmtp::ProtocolMessageStore::setFrom( const std::string & from , const std::string & from_auth )
 {
 	G_DEBUG( "GSmtp::ProtocolMessageStore::setFrom: " << from ) ;
 
@@ -64,31 +64,27 @@ bool GSmtp::ProtocolMessageStore::setFrom( const std::string & from , const std:
 	m_new_msg = m_store.newMessage( from , from_auth , "" ) ;
 
 	m_from = from ;
-	return true ; // accept any name
+	return m_new_msg->id() ;
 }
 
-bool GSmtp::ProtocolMessageStore::addTo( const std::string & to , VerifierStatus to_status )
+bool GSmtp::ProtocolMessageStore::addTo( VerifierStatus to_status )
 {
-	G_DEBUG( "GSmtp::ProtocolMessageStore::addTo: " << to ) ;
-
+	G_DEBUG( "GSmtp::ProtocolMessageStore::addTo: " << to_status.recipient ) ;
 	G_ASSERT( m_new_msg != nullptr ) ;
-	if( to.length() > 0U && m_new_msg != nullptr )
+	if( to_status.recipient.empty() )
 	{
-		if( !to_status.is_valid )
-		{
-			G_WARNING( "GSmtp::ProtocolMessage: rejecting recipient \"" << to << "\": "
-				<< to_status.response << (to_status.reason.empty()?"":": ") << to_status.reason ) ;
-			return false ;
-		}
-		else
-		{
-			m_new_msg->addTo( to_status.address , to_status.is_local ) ;
-			return true ;
-		}
+		return false ;
+	}
+	else if( !to_status.is_valid )
+	{
+		G_WARNING( "GSmtp::ProtocolMessage: rejecting recipient \"" << to_status.recipient << "\": "
+			<< to_status.response << (to_status.reason.empty()?"":": ") << to_status.reason ) ;
+		return false ;
 	}
 	else
 	{
-		return false ;
+		m_new_msg->addTo( to_status.address , to_status.is_local ) ;
+		return true ;
 	}
 }
 
@@ -124,26 +120,26 @@ void GSmtp::ProtocolMessageStore::process( const std::string & session_auth_id ,
 			throw G::Exception( "internal error" ) ; // never gets here
 
 		// write ".new" envelope
-		std::string message_location = m_new_msg->prepare( session_auth_id , peer_socket_address , peer_certificate ) ;
-		if( message_location.empty() )
+		bool local_only = m_new_msg->prepare( session_auth_id , peer_socket_address , peer_certificate ) ;
+		if( local_only )
 		{
 			// local-mailbox only -- handle a bit like filter-abandonded
-			m_done_signal.emit( true , 0UL , std::string() , std::string() ) ;
+			m_done_signal.emit( true , MessageId::none() , std::string() , std::string() ) ;
 		}
 		else
 		{
 			// start the filter
 			if( !m_filter->simple() )
 				G_LOG( "GSmtp::ProtocolMessageStore::process: filter start: [" << m_filter->id() << "] "
-					<< "[" << message_location << "]" ) ;
-			m_filter->start( message_location ) ;
+					<< "[" << m_new_msg->location() << "]" ) ;
+			m_filter->start( m_new_msg->id() ) ;
 		}
 	}
 	catch( std::exception & e ) // catch filtering errors
 	{
 		G_WARNING( "GSmtp::ProtocolMessageStore::process: message processing exception: " << e.what() ) ;
 		clear() ;
-		m_done_signal.emit( false , 0UL , "failed" , e.what() ) ;
+		m_done_signal.emit( false , MessageId::none() , "failed" , e.what() ) ;
 	}
 }
 
@@ -164,7 +160,7 @@ void GSmtp::ProtocolMessageStore::filterDone( int filter_result )
 		if( !m_filter->simple() )
 			G_LOG( "GSmtp::ProtocolMessageStore::filterDone: filter done: " << m_filter->str(true) ) ;
 
-		unsigned long id = 0UL ;
+		MessageId id = MessageId::none() ;
 		if( ok )
 		{
 			// commit the message to the store
@@ -199,11 +195,11 @@ void GSmtp::ProtocolMessageStore::filterDone( int filter_result )
 	{
 		G_WARNING( "GSmtp::ProtocolMessageStore::filterDone: filter exception: " << e.what() ) ;
 		clear() ;
-		m_done_signal.emit( false , 0UL , "rejected" , e.what() ) ;
+		m_done_signal.emit( false , MessageId::none() , "rejected" , e.what() ) ;
 	}
 }
 
-G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> & GSmtp::ProtocolMessageStore::doneSignal()
+GSmtp::ProtocolMessage::DoneSignal & GSmtp::ProtocolMessageStore::doneSignal()
 {
 	return m_done_signal ;
 }
diff --git a/src/gsmtp/gprotocolmessagestore.h b/src/gsmtp/gprotocolmessagestore.h
index a215c75..715c0db 100644
--- a/src/gsmtp/gprotocolmessagestore.h
+++ b/src/gsmtp/gprotocolmessagestore.h
@@ -49,7 +49,7 @@ public:
 	~ProtocolMessageStore() override ;
 		///< Destructor.
 
-	G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> & doneSignal() override ;
+	ProtocolMessage::DoneSignal & doneSignal() override ;
 		///< Override from GSmtp::ProtocolMessage.
 
 	void reset() override ;
@@ -58,10 +58,10 @@ public:
 	void clear() override ;
 		///< Override from GSmtp::ProtocolMessage.
 
-	bool setFrom( const std::string & from_user , const std::string & ) override ;
+	MessageId setFrom( const std::string & from_user , const std::string & ) override ;
 		///< Override from GSmtp::ProtocolMessage.
 
-	bool addTo( const std::string & to_user , VerifierStatus to_status ) override ;
+	bool addTo( VerifierStatus to_status ) override ;
 		///< Override from GSmtp::ProtocolMessage.
 
 	void addReceived( const std::string & ) override ;
@@ -91,7 +91,7 @@ private:
 	std::unique_ptr<Filter> m_filter ;
 	std::unique_ptr<NewMessage> m_new_msg ;
 	std::string m_from ;
-	G::Slot::Signal<bool,unsigned long,const std::string&,const std::string&> m_done_signal ;
+	ProtocolMessage::DoneSignal m_done_signal ;
 } ;
 
 #endif
diff --git a/src/gsmtp/gsmtpclient.cpp b/src/gsmtp/gsmtpclient.cpp
index 3882585..36d334d 100644
--- a/src/gsmtp/gsmtpclient.cpp
+++ b/src/gsmtp/gsmtpclient.cpp
@@ -31,12 +31,12 @@
 #include "gassert.h"
 #include "glog.h"
 
-GSmtp::Client::Client( GNet::ExceptionSink es , const GNet::Location & remote ,
-	const GAuth::Secrets & secrets , const Config & config ) :
+GSmtp::Client::Client( GNet::ExceptionSink es , FilterFactory & ff , const GNet::Location & remote ,
+	const GAuth::SaslClientSecrets & client_secrets , const Config & config ) :
 		GNet::Client(es,remote,netConfig(config)) ,
 		m_store(nullptr) ,
-		m_filter(FilterFactory::newFilter(es,false,config.filter_address,config.filter_timeout)) ,
-		m_protocol(es,*this,secrets,config.sasl_client_config,config.client_protocol_config,config.secure_tunnel) ,
+		m_filter(ff.newFilter(es,false,config.filter_address,config.filter_timeout)) ,
+		m_protocol(es,*this,client_secrets,config.sasl_client_config,config.client_protocol_config,config.secure_tunnel) ,
 		m_secure_tunnel(config.secure_tunnel) ,
 		m_message_count(0U)
 {
@@ -153,7 +153,7 @@ void GSmtp::Client::start()
 	m_message_count++ ;
 
 	G::CallFrame this_( m_stack ) ;
-	eventSignal().emit( "sending" , message()->name() , std::string() ) ;
+	eventSignal().emit( "sending" , message()->location() , std::string() ) ;
 	if( this_.deleted() ) return ;
 
 	m_protocol.start( std::weak_ptr<StoredMessage>(message()) ) ;
@@ -183,7 +183,7 @@ void GSmtp::Client::filterStart()
 		G_LOG( "GSmtp::Client::filterStart: client filter: [" << m_filter->id() << "]" ) ;
 		message()->close() ; // allow external editing
 	}
-	m_filter->start( message()->location() ) ;
+	m_filter->start( message()->id() ) ;
 }
 
 void GSmtp::Client::filterDone( int filter_result )
@@ -234,7 +234,7 @@ void GSmtp::Client::protocolDone( int response_code , const std::string & respon
 	std::string response = response_in.empty() ? std::string() : ( "smtp client failure: " + response_in ) ;
 	std::string reason = reason_in.empty() ? response : reason_in ;
 	std::string short_reason = ( response_in.empty() || reason_in.empty() ) ? response_in : reason_in ;
-	std::string message_id = message()->name() ;
+	std::string message_location = message()->location() ;
 
 	if( response_code == -1 ) // filter abandon
 	{
@@ -267,7 +267,7 @@ void GSmtp::Client::protocolDone( int response_code , const std::string & respon
 	}
 
 	G::CallFrame this_( m_stack ) ;
-	eventSignal().emit( "sent" , message_id , short_reason ) ;
+	eventSignal().emit( "sent" , message_location , short_reason ) ;
 	if( this_.deleted() ) return ; // just in case
 
 	if( m_store != nullptr )
diff --git a/src/gsmtp/gsmtpclient.h b/src/gsmtp/gsmtpclient.h
index 18cba32..d027bbe 100644
--- a/src/gsmtp/gsmtpclient.h
+++ b/src/gsmtp/gsmtpclient.h
@@ -30,6 +30,7 @@
 #include "gmessagestore.h"
 #include "gstoredmessage.h"
 #include "gfilter.h"
+#include "gfilterfactory.h"
 #include "gcall.h"
 #include "gsocket.h"
 #include "gslot.h"
@@ -82,8 +83,8 @@ public:
 		Config & set_sasl_client_config( const std::string & ) ;
 	} ;
 
-	Client( GNet::ExceptionSink , const GNet::Location & remote ,
-		const GAuth::Secrets & secrets , const Config & config ) ;
+	Client( GNet::ExceptionSink , FilterFactory & , const GNet::Location & remote ,
+		const GAuth::SaslClientSecrets & client_secrets , const Config & config ) ;
 			///< Constructor. Starts connecting immediately.
 			///<
 			///< Use sendMessagesFrom() once, or use sendMessage()
diff --git a/src/gsmtp/gsmtpclientprotocol.cpp b/src/gsmtp/gsmtpclientprotocol.cpp
index 6782f3b..b7e4f9c 100644
--- a/src/gsmtp/gsmtpclientprotocol.cpp
+++ b/src/gsmtp/gsmtpclientprotocol.cpp
@@ -33,7 +33,7 @@
 #include "gassert.h"
 
 GSmtp::ClientProtocol::ClientProtocol( GNet::ExceptionSink es , Sender & sender ,
-	const GAuth::Secrets & secrets , const std::string & sasl_client_config ,
+	const GAuth::SaslClientSecrets & secrets , const std::string & sasl_client_config ,
 	const Config & config , bool in_secure_tunnel ) :
 		GNet::TimerBase(es) ,
 		m_sender(sender) ,
diff --git a/src/gsmtp/gsmtpclientprotocol.h b/src/gsmtp/gsmtpclientprotocol.h
index 0adf8be..10ef5f1 100644
--- a/src/gsmtp/gsmtpclientprotocol.h
+++ b/src/gsmtp/gsmtpclientprotocol.h
@@ -211,7 +211,7 @@ public:
 	} ;
 
 	ClientProtocol( GNet::ExceptionSink , Sender & sender ,
-		const GAuth::Secrets & secrets , const std::string & sasl_client_config ,
+		const GAuth::SaslClientSecrets & secrets , const std::string & sasl_client_config ,
 		const Config & config , bool in_secure_tunnel ) ;
 			///< Constructor. The Sender interface is used to send protocol
 			///< messages to the peer. The references are kept.
@@ -320,7 +320,7 @@ private:
 
 private:
 	Sender & m_sender ;
-	const GAuth::Secrets & m_secrets ;
+	const GAuth::SaslClientSecrets & m_secrets ;
 	std::unique_ptr<GAuth::SaslClient> m_sasl ;
 	std::weak_ptr<StoredMessage> m_message ;
 	Config m_config ;
diff --git a/src/gsmtp/gsmtpserver.cpp b/src/gsmtp/gsmtpserver.cpp
index dbba9ac..9d17634 100644
--- a/src/gsmtp/gsmtpserver.cpp
+++ b/src/gsmtp/gsmtpserver.cpp
@@ -76,7 +76,7 @@ std::string GSmtp::AnonymousText::received( const std::string & , bool , bool ,
 
 GSmtp::ServerPeer::ServerPeer( GNet::ExceptionSinkUnbound esu ,
 	const GNet::ServerPeerInfo & peer_info , Server & server ,
-	const GAuth::Secrets & server_secrets , const Server::Config & server_config ,
+	const GAuth::SaslServerSecrets & server_secrets , const Server::Config & server_config ,
 	std::unique_ptr<ServerProtocol::Text> ptext ) :
 		GNet::ServerPeer(esu.bind(this),peer_info,GNet::LineBufferConfig::transparent()) ,
 		m_server(server) ,
@@ -88,7 +88,7 @@ GSmtp::ServerPeer::ServerPeer( GNet::ExceptionSinkUnbound esu ,
 		m_pmessage(server.newProtocolMessage(esu.bind(this))) ,
 		m_ptext(ptext.release()) ,
 		m_line_buffer(GNet::LineBufferConfig::smtp()) ,
-		m_protocol(esu.bind(this),*this,*m_verifier,*m_pmessage,server_secrets,server_config.sasl_server_config,
+		m_protocol(*this,*m_verifier,*m_pmessage,server_secrets,server_config.sasl_server_config,
 			*m_ptext,peer_info.m_address,server_config.protocol_config)
 {
 	G_LOG_S( "GSmtp::ServerPeer: smtp connection from " << peer_info.m_address.displayString() ) ;
@@ -203,12 +203,13 @@ void GSmtp::ServerPeer::onCheckTimeout()
 
 // ===
 
-GSmtp::Server::Server( GNet::ExceptionSink es , MessageStore & store ,
-	const GAuth::Secrets & client_secrets , const GAuth::Secrets & server_secrets ,
+GSmtp::Server::Server( GNet::ExceptionSink es , MessageStore & store , FilterFactory & ff ,
+	const GAuth::SaslClientSecrets & client_secrets , const GAuth::SaslServerSecrets & server_secrets ,
 	const Config & server_config , const std::string & forward_to ,
 	const GSmtp::Client::Config & client_config ) :
 		GNet::MultiServer(es,server_config.interfaces,server_config.port,"smtp",server_config.server_peer_config,server_config.server_config) ,
 		m_store(store) ,
+		m_ff(ff) ,
 		m_server_config(server_config) ,
 		m_client_config(client_config) ,
 		m_server_secrets(server_secrets) ,
@@ -272,7 +273,7 @@ std::unique_ptr<GSmtp::ServerProtocol::Text> GSmtp::Server::newProtocolText( boo
 
 std::unique_ptr<GSmtp::Filter> GSmtp::Server::newFilter( GNet::ExceptionSink es ) const
 {
-	return FilterFactory::newFilter( es , true , m_server_config.filter_address , m_server_config.filter_timeout ) ;
+	return m_ff.newFilter( es , true , m_server_config.filter_address , m_server_config.filter_timeout ) ;
 }
 
 std::unique_ptr<GSmtp::ProtocolMessage> GSmtp::Server::newProtocolMessageStore( std::unique_ptr<Filter> filter )
@@ -284,7 +285,7 @@ std::unique_ptr<GSmtp::ProtocolMessage> GSmtp::Server::newProtocolMessageForward
 	std::unique_ptr<ProtocolMessage> pm )
 {
 	// wrap the given 'store' object in a 'forward' one
-	return std::make_unique<ProtocolMessageForward>( es , m_store , std::move(pm) , m_client_config ,
+	return std::make_unique<ProtocolMessageForward>( es , m_store , m_ff , std::move(pm) , m_client_config ,
 		m_client_secrets , m_forward_to ) ; // up-cast
 }
 
diff --git a/src/gsmtp/gsmtpserver.h b/src/gsmtp/gsmtpserver.h
index a913268..26eaf8d 100644
--- a/src/gsmtp/gsmtpserver.h
+++ b/src/gsmtp/gsmtpserver.h
@@ -24,6 +24,7 @@
 #include "gdef.h"
 #include "gmultiserver.h"
 #include "gsmtpclient.h"
+#include "gfilterfactory.h"
 #include "gdnsblock.h"
 #include "glinebuffer.h"
 #include "gverifier.h"
@@ -90,8 +91,8 @@ public:
 		Config & set_dnsbl_config( const std::string & ) ;
 	} ;
 
-	Server( GNet::ExceptionSink es , MessageStore & store ,
-		const GAuth::Secrets & client_secrets , const GAuth::Secrets & server_secrets ,
+	Server( GNet::ExceptionSink es , MessageStore & store , FilterFactory & ,
+		const GAuth::SaslClientSecrets & client_secrets , const GAuth::SaslServerSecrets & server_secrets ,
 		const Config & server_config , const std::string & forward_to ,
 		const GSmtp::Client::Config & client_config ) ;
 			///< Constructor. Listens on the given port number using INET_ANY
@@ -130,12 +131,13 @@ private:
 
 private:
 	MessageStore & m_store ;
+	FilterFactory & m_ff ;
 	Config m_server_config ;
 	Client::Config m_client_config ;
-	const GAuth::Secrets & m_server_secrets ;
+	const GAuth::SaslServerSecrets & m_server_secrets ;
 	std::string m_sasl_server_config ;
 	std::string m_forward_to ;
-	const GAuth::Secrets & m_client_secrets ;
+	const GAuth::SaslClientSecrets & m_client_secrets ;
 	std::string m_sasl_client_config ;
 	G::Slot::Signal<const std::string&,const std::string&> m_event_signal ;
 } ;
@@ -150,7 +152,7 @@ public:
 	G_EXCEPTION( SendError , "failed to send smtp response" ) ;
 
 	ServerPeer( GNet::ExceptionSinkUnbound , const GNet::ServerPeerInfo & peer_info , Server & server ,
-		const GAuth::Secrets & server_secrets , const Server::Config & server_config ,
+		const GAuth::SaslServerSecrets & server_secrets , const Server::Config & server_config ,
 		std::unique_ptr<ServerProtocol::Text> ptext ) ;
 			///< Constructor.
 
diff --git a/src/gsmtp/gsmtpserverprotocol.cpp b/src/gsmtp/gsmtpserverprotocol.cpp
index c21d368..30d593f 100644
--- a/src/gsmtp/gsmtpserverprotocol.cpp
+++ b/src/gsmtp/gsmtpserverprotocol.cpp
@@ -34,15 +34,14 @@
 #include <string>
 #include <tuple>
 
-GSmtp::ServerProtocol::ServerProtocol( GNet::ExceptionSink es , Sender & sender ,
+GSmtp::ServerProtocol::ServerProtocol( Sender & sender ,
 	Verifier & verifier , ProtocolMessage & pmessage ,
-	const GAuth::Secrets & secrets , const std::string & sasl_server_config ,
+	const GAuth::SaslServerSecrets & secrets , const std::string & sasl_server_config ,
 	Text & text , const GNet::Address & peer_address , const Config & config ) :
 		m_sender(sender) ,
 		m_verifier(verifier) ,
 		m_text(text) ,
 		m_message(pmessage) ,
-		m_process_timer(*this,&ServerProtocol::onProcessTimeout,es) ,
 		m_sasl(GAuth::SaslServerFactory::newSaslServer(secrets,sasl_server_config,false/*apop*/)) ,
 		m_config(config) ,
 		m_fsm(State::sStart,State::sEnd,State::s_Same,State::s_Any) ,
@@ -87,7 +86,6 @@ GSmtp::ServerProtocol::ServerProtocol( GNet::ExceptionSink es , Sender & sender
 	m_fsm( Event::eContent , State::sData , State::sData , &ServerProtocol::doContent , State::sDiscarding ) ;
 	m_fsm( Event::eEot , State::sData , State::sProcessing , &ServerProtocol::doEot ) ;
 	m_fsm( Event::eDone , State::sProcessing , State::sIdle , &ServerProtocol::doComplete ) ;
-	m_fsm( Event::eTimeout , State::sProcessing , State::sIdle , &ServerProtocol::doComplete ) ;
 	m_fsm( Event::eContent , State::sDiscarding , State::sDiscarding , &ServerProtocol::doDiscard ) ;
 	m_fsm( Event::eEot , State::sDiscarding , State::sIdle , &ServerProtocol::doDiscarded ) ;
 
@@ -248,19 +246,14 @@ void GSmtp::ServerProtocol::doEot( EventData , bool & )
 {
 	G_LOG( "GSmtp::ServerProtocol: rx<<: [message content not logged]" ) ;
 	G_LOG( "GSmtp::ServerProtocol: rx<<: \".\"" ) ;
-	if( m_config.filter_timeout != 0U )
-	{
-		G_DEBUG( "GSmtp::ServerProtocol: starting filter timer: " << m_config.filter_timeout ) ;
-		m_process_timer.startTimer( m_config.filter_timeout ) ;
-	}
 	m_message.process( m_sasl->id() , m_peer_address.hostPartString() , m_certificate ) ;
 }
 
-void GSmtp::ServerProtocol::processDone( bool success , unsigned long id ,
+void GSmtp::ServerProtocol::processDone( bool success , const MessageId & id ,
 	const std::string & response , const std::string & reason )
 {
 	GDEF_IGNORE_PARAMS( success , id , reason ) ;
-	G_DEBUG( "GSmtp::ServerProtocol::processDone: " << (success?1:0) << " " << id
+	G_DEBUG( "GSmtp::ServerProtocol::processDone: " << (success?1:0) << " " << id.str()
 		<< " [" << response << "] [" << reason << "]" ) ;
 	G_ASSERT( success == response.empty() ) ;
 
@@ -269,16 +262,6 @@ void GSmtp::ServerProtocol::processDone( bool success , unsigned long id ,
 		throw ProtocolDone( "protocol error" ) ;
 }
 
-void GSmtp::ServerProtocol::onProcessTimeout()
-{
-	G_WARNING( "GSmtp::ServerProtocol::onProcessTimeout: message filter timed out after "
-		<< m_config.filter_timeout << "s" ) ;
-	std::string response = "timed out" ;
-	State new_state = m_fsm.apply( *this , Event::eTimeout , EventData(response.data(),response.size()) ) ;
-	if( new_state == State::s_Any )
-		throw ProtocolDone( "protocol error" ) ;
-}
-
 void GSmtp::ServerProtocol::doComplete( EventData event_data , bool & )
 {
 	reset() ;
@@ -375,13 +358,13 @@ void GSmtp::ServerProtocol::verify( const std::string & to , const std::string &
 	m_verifier.verify( to , from , m_peer_address , mechanism , id ) ;
 }
 
-void GSmtp::ServerProtocol::verifyDone( const std::string & mbox , const VerifierStatus & status )
+void GSmtp::ServerProtocol::verifyDone( const VerifierStatus & status )
 {
-	G_DEBUG( "GSmtp::ServerProtocol::verifyDone: verify done: [" << status.str(mbox) << "]" ) ;
+	G_DEBUG( "GSmtp::ServerProtocol::verifyDone: verify done: [" << status.str() << "]" ) ;
 	if( status.abort )
 		throw ProtocolDone( "address verifier abort" ) ; // denial-of-service countermeasure
 
-	std::string status_str = status.str( mbox ) ;
+	std::string status_str = status.str() ;
 	State new_state = m_fsm.apply( *this , Event::eVrfyReply , EventData(status_str.data(),status_str.size()) ) ;
 	if( new_state == State::s_Any )
 		throw ProtocolDone( "protocol error" ) ;
@@ -390,13 +373,12 @@ void GSmtp::ServerProtocol::verifyDone( const std::string & mbox , const Verifie
 void GSmtp::ServerProtocol::doVrfyReply( EventData event_data , bool & )
 {
 	std::string line( event_data.ptr , event_data.size ) ;
-	std::string mbox ;
-	VerifierStatus status = VerifierStatus::parse( line , mbox ) ;
+	VerifierStatus status = VerifierStatus::parse( line ) ;
 
 	if( status.is_valid && status.is_local )
 		sendVerified( status.full_name ) ; // 250
 	else if( status.is_valid )
-		sendWillAccept( mbox ) ; // 252
+		sendWillAccept( status.recipient ) ; // 252
 	else
 		sendNotVerified( status.response , status.temporary ) ; // 550 or 450
 }
@@ -588,7 +570,8 @@ void GSmtp::ServerProtocol::doMail( EventData event_data , bool & predicate )
 		std::string from_address ;
 		std::string from_error_response ;
 		std::tie(from_address,from_error_response) = parseMailFrom( line ) ;
-		bool ok = from_error_response.empty() && m_message.setFrom( from_address , parseMailAuth(line) ) ;
+		bool ok = from_error_response.empty() ;
+		m_message.setFrom( from_address , parseMailAuth(line) ) ;
 		predicate = ok ;
 		if( ok )
 		{
@@ -620,10 +603,9 @@ void GSmtp::ServerProtocol::doRcpt( EventData event_data , bool & predicate )
 
 void GSmtp::ServerProtocol::doVrfyToReply( EventData event_data , bool & predicate )
 {
-	std::string to ;
-	VerifierStatus status = VerifierStatus::parse( std::string(event_data.ptr,event_data.size) , to ) ;
+	VerifierStatus status = VerifierStatus::parse( std::string(event_data.ptr,event_data.size) ) ;
 
-	bool ok = m_message.addTo( to , status ) ;
+	bool ok = m_message.addTo( status ) ;
 	if( ok )
 	{
 		sendRcptReply() ;
@@ -643,7 +625,6 @@ void GSmtp::ServerProtocol::doUnknown( EventData event_data , bool & )
 void GSmtp::ServerProtocol::reset()
 {
 	// cancel the current message transaction -- ehlo/quit session unaffected
-	m_process_timer.cancelTimer() ;
 	m_message.clear() ;
 	m_verifier.cancel() ;
 }
diff --git a/src/gsmtp/gsmtpserverprotocol.h b/src/gsmtp/gsmtpserverprotocol.h
index 81e6201..1e59751 100644
--- a/src/gsmtp/gsmtpserverprotocol.h
+++ b/src/gsmtp/gsmtpserverprotocol.h
@@ -28,9 +28,8 @@
 #include "gverifier.h"
 #include "gverifierstatus.h"
 #include "gsaslserver.h"
-#include "gsecrets.h"
+#include "gsaslserversecrets.h"
 #include "gstatemachine.h"
-#include "gtimer.h"
 #include "gexception.h"
 #include <utility>
 #include <memory>
@@ -122,8 +121,8 @@ public:
 		Config & set_allow_pipelining( bool = true ) ;
 	} ;
 
-	ServerProtocol( GNet::ExceptionSink , Sender & , Verifier & , ProtocolMessage & ,
-		const GAuth::Secrets & secrets , const std::string & sasl_server_config ,
+	ServerProtocol( Sender & , Verifier & , ProtocolMessage & ,
+		const GAuth::SaslServerSecrets & secrets , const std::string & sasl_server_config ,
 		Text & text , const GNet::Address & peer_address , const Config & config ) ;
 			///< Constructor.
 			///<
@@ -203,7 +202,6 @@ private:
 		eContent ,
 		eEot ,
 		eDone ,
-		eTimeout ,
 		eUnknown
 	} ;
 	enum class State
@@ -247,7 +245,6 @@ public:
 	void operator=( ServerProtocol && ) = delete ;
 
 private:
-	void onProcessTimeout() ;
 	void send( const char * ) ;
 	void send( std::string , bool = false ) ;
 	Event commandEvent( const std::string & ) const ;
@@ -257,7 +254,7 @@ private:
 	bool authenticationRequiresEncryption() const ;
 	void reset() ;
 	void badClientEvent() ;
-	void processDone( bool , unsigned long , const std::string & , const std::string & ) ; // ProtocolMessage::doneSignal()
+	void processDone( bool , const MessageId & , const std::string & , const std::string & ) ; // ProtocolMessage::doneSignal()
 	void prepareDone( bool , bool , std::string ) ;
 	bool isEndOfText( const EventData & ) const ;
 	bool isEscaped( const EventData & ) const ;
@@ -292,7 +289,7 @@ private:
 	void doStartTls( EventData , bool & ) ;
 	void doSecure( EventData , bool & ) ;
 	void doSecureGreeting( EventData , bool & ) ;
-	void verifyDone( const std::string & , const VerifierStatus & ) ;
+	void verifyDone( const VerifierStatus & ) ;
 	void sendBadFrom( const std::string & ) ;
 	void sendTooBig( bool disconnecting = false ) ;
 	void sendChallenge( const std::string & ) ;
@@ -336,7 +333,6 @@ private:
 	Verifier & m_verifier ;
 	Text & m_text ;
 	ProtocolMessage & m_message ;
-	GNet::Timer<ServerProtocol> m_process_timer ;
 	std::unique_ptr<GAuth::SaslServer> m_sasl ;
 	Config m_config ;
 	Fsm m_fsm ;
diff --git a/src/gsmtp/gspamclient.cpp b/src/gsmtp/gspamclient.cpp
index b7e0760..cbb05c7 100644
--- a/src/gsmtp/gspamclient.cpp
+++ b/src/gsmtp/gspamclient.cpp
@@ -147,7 +147,7 @@ void GSmtp::SpamClient::Request::send( const std::string & path , const std::str
 
 bool GSmtp::SpamClient::Request::sendMore()
 {
-	m_stream.read( &m_buffer[0] , m_buffer.size() ) ;
+	m_stream.read( &m_buffer[0] , m_buffer.size() ) ; // NOLINT narrowing
 	std::streamsize n = m_stream.gcount() ;
 	if( n <= 0 )
 	{
diff --git a/src/gsmtp/gspamfilter.cpp b/src/gsmtp/gspamfilter.cpp
index 4eeb928..a5d32a5 100644
--- a/src/gsmtp/gspamfilter.cpp
+++ b/src/gsmtp/gspamfilter.cpp
@@ -23,10 +23,11 @@
 #include "gstr.h"
 #include "glog.h"
 
-GSmtp::SpamFilter::SpamFilter( GNet::ExceptionSink es , const std::string & server ,
-	bool read_only , bool always_pass , unsigned int connection_timeout ,
-	unsigned int response_timeout ) :
+GSmtp::SpamFilter::SpamFilter( GNet::ExceptionSink es , FileStore & file_store ,
+	const std::string & server , bool read_only , bool always_pass ,
+	unsigned int connection_timeout , unsigned int response_timeout ) :
 		m_es(es) ,
+		m_file_store(file_store) ,
 		m_location(server) ,
 		m_read_only(read_only) ,
 		m_always_pass(always_pass) ,
@@ -53,14 +54,14 @@ bool GSmtp::SpamFilter::simple() const
 	return false ;
 }
 
-void GSmtp::SpamFilter::start( const std::string & path )
+void GSmtp::SpamFilter::start( const MessageId & message_id )
 {
 	// the spam client can do more than one request, but it is simpler to start fresh
 	m_client_ptr.reset( std::make_unique<SpamClient>( GNet::ExceptionSink(m_client_ptr,m_es.esrc()) ,
 		m_location , m_read_only , m_connection_timeout , m_response_timeout ) ) ;
 
 	m_text.erase() ;
-	m_client_ptr->request( path ) ; // (no need to wait for connection)
+	m_client_ptr->request( m_file_store.contentPath(message_id).str() ) ; // (no need to wait for connection)
 }
 
 void GSmtp::SpamFilter::clientDeleted( const std::string & reason )
diff --git a/src/gsmtp/gspamfilter.h b/src/gsmtp/gspamfilter.h
index 1cd2feb..51813e8 100644
--- a/src/gsmtp/gspamfilter.h
+++ b/src/gsmtp/gspamfilter.h
@@ -23,6 +23,7 @@
 
 #include "gdef.h"
 #include "gfilter.h"
+#include "gfilestore.h"
 #include "gclientptr.h"
 #include "gspamclient.h"
 
@@ -40,7 +41,7 @@ namespace GSmtp
 class GSmtp::SpamFilter : public Filter
 {
 public:
-	SpamFilter( GNet::ExceptionSink , const std::string & server_location ,
+	SpamFilter( GNet::ExceptionSink , FileStore & , const std::string & server_location ,
 		bool read_only , bool always_pass , unsigned int connection_timeout ,
 		unsigned int response_timeout ) ;
 			///< Constructor.
@@ -52,7 +53,7 @@ private: // overrides
 	std::string id() const override ; // Override from from GSmtp::Filter.
 	bool simple() const override ; // Override from from GSmtp::Filter.
 	G::Slot::Signal<int> & doneSignal() override ; // Override from from GSmtp::Filter.
-	void start( const std::string & path ) override ; // Override from from GSmtp::Filter.
+	void start( const MessageId & ) override ; // Override from from GSmtp::Filter.
 	void cancel() override ; // Override from from GSmtp::Filter.
 	bool abandoned() const override ; // Override from from GSmtp::Filter.
 	std::string response() const override ; // Override from from GSmtp::Filter.
@@ -73,6 +74,7 @@ private:
 private:
 	G::Slot::Signal<int> m_done_signal ;
 	GNet::ExceptionSink m_es ;
+	FileStore & m_file_store ;
 	GNet::Location m_location ;
 	bool m_read_only ;
 	bool m_always_pass ;
diff --git a/src/gsmtp/gstoredfile.cpp b/src/gsmtp/gstoredfile.cpp
index 62def43..3c4c34d 100644
--- a/src/gsmtp/gstoredfile.cpp
+++ b/src/gsmtp/gstoredfile.cpp
@@ -31,24 +31,31 @@
 GSmtp::StoredFile::StoredFile( FileStore & store , const G::Path & envelope_path ) :
 	m_store(store) ,
 	m_content(std::make_unique<std::ifstream>()) , // up-cast
-	m_envelope_path(envelope_path) ,
-	m_locked(false)
+	m_id(MessageId::none()) ,
+	m_state(State::Normal)
 {
-	m_name = m_envelope_path.basename() ;
-	std::size_t pos = m_name.rfind(".envelope") ;
-	if( pos != std::string::npos ) m_name.erase( pos ) ;
-	G_DEBUG( "GSmtp::StoredFile::ctor: name=[" << m_name << "]" ) ;
+	G_ASSERT( envelope_path.basename().find(".envelope") != std::string::npos ) ; // inc .bad
+	if( G::Str::tailMatch( envelope_path.basename() , ".bad" ) )
+	{
+		m_id = MessageId( envelope_path.withoutExtension().withoutExtension().basename() ) ;
+		m_state = State::Bad ;
+	}
+	else
+	{
+		m_id = MessageId( envelope_path.withoutExtension().basename() ) ;
+	}
+	G_DEBUG( "GSmtp::StoredFile::ctor: id=[" << m_id.str() << "]" ) ;
 }
 
 GSmtp::StoredFile::~StoredFile()
 {
 	try
 	{
-		if( m_locked )
+		if( m_state == State::Locked )
 		{
 			// unlock
 			FileWriter claim_writer ;
-			G::File::rename( m_envelope_path , m_old_envelope_path , std::nothrow ) ;
+			G::File::rename( epath(State::Locked) , epath(State::Normal) , std::nothrow ) ;
 		}
 	}
 	catch(...) // dtor
@@ -56,14 +63,28 @@ GSmtp::StoredFile::~StoredFile()
 	}
 }
 
-std::string GSmtp::StoredFile::name() const
+GSmtp::MessageId GSmtp::StoredFile::id() const
 {
-	return m_name ;
+	return m_id ;
 }
 
 std::string GSmtp::StoredFile::location() const
 {
-	return contentPath().str() ;
+	return cpath().str() ;
+}
+
+G::Path GSmtp::StoredFile::cpath() const
+{
+	return m_store.contentPath( m_id ) ;
+}
+
+G::Path GSmtp::StoredFile::epath( State state ) const
+{
+	if( state == State::Locked )
+		return m_store.envelopePath(m_id).str().append(".busy") ;
+	else if( state == State::Bad )
+		return m_store.envelopePath(m_id).str().append(".bad") ;
+	return m_store.envelopePath( m_id ) ;
 }
 
 int GSmtp::StoredFile::eightBit() const
@@ -104,10 +125,10 @@ void GSmtp::StoredFile::readEnvelopeCore( bool check_recipients )
 	std::ifstream stream ;
 	{
 		FileReader claim_reader ;
-		G::File::open( stream , m_envelope_path ) ;
+		G::File::open( stream , epath(m_state) ) ;
 	}
 	if( ! stream.good() )
-		throw ReadError( m_envelope_path.str() ) ;
+		throw ReadError( epath(m_state).str() ) ;
 
 	GSmtp::Envelope::read( stream , m_env ) ;
 
@@ -115,19 +136,18 @@ void GSmtp::StoredFile::readEnvelopeCore( bool check_recipients )
 		throw FormatError( "no recipients" ) ;
 
 	if( ! stream.good() )
-		throw ReadError( m_envelope_path.str() ) ;
+		throw ReadError( epath(m_state).str() ) ;
 }
 
 bool GSmtp::StoredFile::openContent( std::string & reason )
 {
 	try
 	{
-		G::Path content_path = contentPath() ;
-		G_DEBUG( "GSmtp::FileStore::openContent: \"" << content_path << "\"" ) ;
+		G_DEBUG( "GSmtp::FileStore::openContent: \"" << cpath() << "\"" ) ;
 		auto stream = std::make_unique<std::ifstream>() ;
 		{
 			FileReader claim_reader ;
-			G::File::open( *stream , content_path ) ;
+			G::File::open( *stream , cpath() ) ;
 		}
 		if( !stream->good() )
 		{
@@ -155,8 +175,8 @@ const std::string & GSmtp::StoredFile::eol() const
 
 bool GSmtp::StoredFile::lock()
 {
-	const G::Path src = m_envelope_path ;
-	const G::Path dst( src.str() + ".busy" ) ;
+	const G::Path src = epath( m_state ) ;
+	const G::Path dst = epath( State::Locked ) ;
 	bool ok = false ;
 	{
 		FileWriter claim_writer ;
@@ -165,9 +185,7 @@ bool GSmtp::StoredFile::lock()
 	if( ok )
 	{
 		G_LOG( "GSmtp::StoredMessage: locking file \"" << src.basename() << "\"" ) ;
-		m_envelope_path = dst ;
-		m_old_envelope_path = src ;
-		m_locked = true ;
+		m_state = State::Locked ;
 	}
 	m_store.updated() ;
 	return ok ;
@@ -180,8 +198,8 @@ void GSmtp::StoredFile::edit( const G::StringArray & rejectees )
 	GSmtp::Envelope env_copy( m_env ) ;
 	env_copy.m_to_remote = rejectees ;
 
-	G::Path path_in( m_envelope_path.str() ) ;
-	G::Path path_out( m_envelope_path.str() + ".tmp" ) ;
+	const G::Path path_in = epath( m_state ) ;
+	const G::Path path_out = epath(m_state).str().append(".tmp") ;
 
 	// create new file
 	std::ofstream out ;
@@ -214,7 +232,7 @@ void GSmtp::StoredFile::edit( const G::StringArray & rejectees )
 		G_WARNING( "GSmtp::StoredFile::edit: unexpected change to envelope file detected: " << path_in ) ;
 
 	// copy the existing file's tail to the new file
-	in.seekg( env_check.m_endpos ) ;
+	in.seekg( env_check.m_endpos ) ; // NOLINT narrowing
 	if( !in.good() )
 		throw EditError( path_in.str() ) ;
 	GSmtp::Envelope::copy( in , out ) ;
@@ -244,43 +262,45 @@ void GSmtp::StoredFile::fail( const std::string & reason , int reason_code )
 	bool exists = false ;
 	{
 		FileReader claim_reader ;
-		exists = G::File::exists( m_envelope_path ) ;
+		exists = G::File::exists( epath(m_state) ) ;
 	}
 	if( exists ) // client-side preprocessing may have removed it
 	{
-		addReason( m_envelope_path , reason , reason_code ) ;
+		addReason( epath(m_state) , reason , reason_code ) ;
 
-		G::Path bad_path = badPath( m_envelope_path ) ;
+		G::Path bad_path = epath( State::Bad ) ;
 		G_LOG_S( "GSmtp::StoredMessage: failing file: "
-			<< "\"" << m_envelope_path.basename() << "\" -> "
+			<< "\"" << epath(m_state).basename() << "\" -> "
 			<< "\"" << bad_path.basename() << "\"" ) ;
 
 		FileWriter claim_writer ;
-		G::File::rename( m_envelope_path , bad_path , std::nothrow ) ;
+		G::File::rename( epath(m_state) , bad_path , std::nothrow ) ;
+		m_state = State::Bad ;
 	}
 }
 
 void GSmtp::StoredFile::unfail()
 {
-	G_DEBUG( "GSmtp::StoredMessage: unfailing file: " << m_envelope_path ) ;
-	if( m_envelope_path.extension() == "bad" )
+	G_DEBUG( "GSmtp::StoredMessage: unfailing file: " << epath(m_state) ) ;
+	if( m_state == State::Bad )
 	{
-		G::Path dst = m_envelope_path.withoutExtension() ; // "foo.envelope.bad" -> "foo.envelope"
+		const G::Path src = epath( m_state ) ;
+		const G::Path dst = epath( State::Normal ) ;
 		bool ok = false ;
 		{
 			FileWriter claim_writer ;
-			ok = G::File::rename( m_envelope_path , dst , std::nothrow ) ;
+			ok = G::File::rename( src , dst , std::nothrow ) ;
 		}
 		if( ok )
 		{
 			G_LOG( "GSmtp::StoredMessage: unfailed file: "
-				<< "\"" << m_envelope_path.basename() << "\" -> "
+				<< "\"" << src.basename() << "\" -> "
 				<< "\"" << dst.basename() << "\"" ) ;
-			m_envelope_path = dst ;
+			m_state = State::Normal ;
 		}
 		else
 		{
-			G_WARNING( "GSmtp::StoredMessage: failed to unfail file: \"" << m_envelope_path << "\"" ) ;
+			G_WARNING( "GSmtp::StoredMessage: failed to unfail file: \"" << src << "\"" ) ;
 		}
 	}
 }
@@ -292,29 +312,25 @@ void GSmtp::StoredFile::addReason( const G::Path & path , const std::string & re
 		FileWriter claim_writer ;
 		G::File::open( file , path , G::File::Append() ) ;
 	}
+	if( !file.is_open() )
+		G_ERROR( "GSmtp::StoredFile::addReason: cannot re-open envelope file to append the failure reason: " << path ) ;
 	file << FileStore::x() << "Reason: " << G::Str::toPrintableAscii(reason) << eol() ;
 	file << FileStore::x() << "ReasonCode:" ; if( reason_code ) file << " " << reason_code ; file << eol() ;
 }
 
-G::Path GSmtp::StoredFile::badPath( const G::Path & busy_path )
-{
-	return busy_path.withExtension("bad") ; ; // "foo.envelope.busy" -> "foo.envelope.bad"
-}
-
 void GSmtp::StoredFile::destroy()
 {
-	G_LOG( "GSmtp::StoredMessage: deleting file: \"" << m_envelope_path.basename() << "\"" ) ;
+	G_LOG( "GSmtp::StoredMessage: deleting file: \"" << epath(m_state).basename() << "\"" ) ;
 	{
 		FileWriter claim_writer ;
-		G::File::remove( m_envelope_path , std::nothrow ) ;
+		G::File::remove( epath(m_state) , std::nothrow ) ;
 	}
 
-	G::Path content_path = contentPath() ;
-	G_LOG( "GSmtp::StoredMessage: deleting file: \"" << content_path.basename() << "\"" ) ;
+	G_LOG( "GSmtp::StoredMessage: deleting file: \"" << cpath().basename() << "\"" ) ;
 	m_content.reset() ; // close it before deleting
 	{
 		FileWriter claim_writer ;
-		G::File::remove( content_path , std::nothrow ) ;
+		G::File::remove( cpath() , std::nothrow ) ;
 	}
 }
 
@@ -342,17 +358,6 @@ std::istream & GSmtp::StoredFile::contentStream()
 	return *m_content ;
 }
 
-G::Path GSmtp::StoredFile::contentPath() const
-{
-	std::string filename = m_envelope_path.str() ;
-
-	std::size_t pos = filename.rfind( ".envelope" ) ; // also works for ".envelope.bad" etc.
-	if( pos == std::string::npos )
-		throw FilenameError( filename ) ;
-
-	return G::Path( G::Str::head(filename,pos,std::string()) + ".content" ) ;
-}
-
 std::string GSmtp::StoredFile::authentication() const
 {
 	return m_env.m_authentication ;
diff --git a/src/gsmtp/gstoredfile.h b/src/gsmtp/gstoredfile.h
index 512b9bc..6be8bf8 100644
--- a/src/gsmtp/gstoredfile.h
+++ b/src/gsmtp/gstoredfile.h
@@ -67,7 +67,7 @@ public:
 		///< Opens the content file. Returns false on error.
 		///< Used by FileStore and FileIterator.
 
-	std::string name() const override ;
+	MessageId id() const override ;
 		///< Override from GSmtp::StoredMessage.
 
 	void edit( const G::StringArray & ) override ;
@@ -98,20 +98,20 @@ public:
 	void operator=( StoredFile && ) = delete ;
 
 private:
+	enum class State { Normal , Locked , Bad } ;
+	G::Path cpath() const ;
+	G::Path epath( State ) const ;
 	void readEnvelopeCore( bool check_recipients ) ;
 	const std::string & eol() const ;
 	G::Path contentPath() const ;
 	void addReason( const G::Path & path , const std::string & , int ) const ;
-	static G::Path badPath( const G::Path & ) ;
 
 private:
 	FileStore & m_store ;
 	std::unique_ptr<std::istream> m_content ;
-	G::Path m_envelope_path ;
-	G::Path m_old_envelope_path ;
-	std::string m_name ;
+	MessageId m_id ;
 	Envelope m_env ;
-	bool m_locked ;
+	State m_state ;
 } ;
 
 #endif
diff --git a/src/gsmtp/gstoredmessage.h b/src/gsmtp/gstoredmessage.h
index 62b407d..da8ed40 100644
--- a/src/gsmtp/gstoredmessage.h
+++ b/src/gsmtp/gstoredmessage.h
@@ -22,6 +22,7 @@
 #define G_SMTP_STORED_MESSAGE_H
 
 #include "gdef.h"
+#include "gmessagestore.h"
 #include "gstrings.h"
 #include "gpath.h"
 #include <iostream>
@@ -29,6 +30,7 @@
 
 namespace GSmtp
 {
+	class MessageId ;
 	class StoredMessage ;
 	class StoredMessageStub ;
 }
@@ -40,11 +42,11 @@ namespace GSmtp
 class GSmtp::StoredMessage
 {
 public:
-	virtual std::string name() const = 0 ;
-		///< Returns a readble identifier for internal logging.
+	virtual MessageId id() const = 0 ;
+		///< Returns the message identifier.
 
 	virtual std::string location() const = 0 ;
-		///< Returns a unique identifier for the message.
+		///< Returns the message location.
 
 	virtual std::string from() const = 0 ;
 		///< Returns the envelope 'from' field.
@@ -114,7 +116,7 @@ public:
 		///< Destructor.
 
 private: // overrides
-	std::string name() const override ;
+	MessageId id() const override ;
 	std::string location() const override ;
 	std::string from() const override ;
 	std::string to( std::size_t ) const override ;
@@ -142,7 +144,7 @@ private:
 	std::ifstream m_content_stream ;
 } ;
 
-inline std::string GSmtp::StoredMessageStub::name() const { return std::string() ; }
+inline GSmtp::MessageId GSmtp::StoredMessageStub::id() const { return MessageId::none() ; }
 inline std::string GSmtp::StoredMessageStub::location() const { return std::string() ; }
 inline std::string GSmtp::StoredMessageStub::from() const { return std::string() ; }
 inline std::string GSmtp::StoredMessageStub::to( std::size_t ) const { return std::string() ; }
diff --git a/src/gsmtp/gverifier.h b/src/gsmtp/gverifier.h
index 08fac9e..3d56449 100644
--- a/src/gsmtp/gverifier.h
+++ b/src/gsmtp/gverifier.h
@@ -52,10 +52,9 @@ public:
 			///< The 'mail-from' address is passed in for RCPT commands, but
 			///< not VRFY.
 
-	virtual G::Slot::Signal<const std::string&,const VerifierStatus&> & doneSignal() = 0 ;
+	virtual G::Slot::Signal<const VerifierStatus&> & doneSignal() = 0 ;
 		///< Returns a signal that is emit()ed when the verify() request
-		///< is complete. The first signal parameter is the mailbox
-		///< name (ie. rcpt_to_parameter).
+		///< is complete.
 
 	virtual void cancel() = 0 ;
 		///< Aborts any current processing.
diff --git a/src/gsmtp/gverifierfactory.h b/src/gsmtp/gverifierfactory.h
index 7a90d7a..090462a 100644
--- a/src/gsmtp/gverifierfactory.h
+++ b/src/gsmtp/gverifierfactory.h
@@ -26,6 +26,7 @@
 #include "gexceptionsink.h"
 #include <string>
 #include <utility>
+#include <memory>
 
 namespace GSmtp
 {
diff --git a/src/gsmtp/gverifierstatus.cpp b/src/gsmtp/gverifierstatus.cpp
index d0f424f..d8178ca 100644
--- a/src/gsmtp/gverifierstatus.cpp
+++ b/src/gsmtp/gverifierstatus.cpp
@@ -21,28 +21,60 @@
 #include "gdef.h"
 #include "gverifier.h"
 #include "gverifierstatus.h"
+#include "gstringview.h"
 #include "gstr.h"
 #include "glog.h"
 
 GSmtp::VerifierStatus::VerifierStatus()
 = default;
 
-GSmtp::VerifierStatus::VerifierStatus( const std::string & mbox ) :
-	is_valid(true) ,
-	address(mbox)
+GSmtp::VerifierStatus GSmtp::VerifierStatus::invalid( const std::string & recipient ,
+	bool temporary , const std::string & response , const std::string & reason )
 {
+	VerifierStatus status ;
+	status.is_valid = false ;
+	status.temporary = temporary ;
+	status.recipient = recipient ;
+	status.response = response ;
+	status.reason = reason ;
+	return status ;
 }
 
-GSmtp::VerifierStatus GSmtp::VerifierStatus::parse( const std::string & line , std::string & mbox )
+GSmtp::VerifierStatus GSmtp::VerifierStatus::remote( const std::string & recipient ,
+	const std::string & address )
+{
+	VerifierStatus status ;
+	status.is_valid = true ;
+	status.is_local = false ;
+	status.recipient = recipient ;
+	status.address = address.empty() ? recipient : address ;
+	return status ;
+}
+
+GSmtp::VerifierStatus GSmtp::VerifierStatus::local( const std::string & recipient ,
+	const std::string & full_name , const std::string & mbox )
+{
+	VerifierStatus status ;
+	status.is_valid = true ;
+	status.is_local = true ;
+	status.recipient = recipient ;
+	status.full_name = full_name ;
+	status.address = mbox ;
+	return status ;
+}
+
+GSmtp::VerifierStatus GSmtp::VerifierStatus::parse( const std::string & line )
 {
 	try
 	{
-		VerifierStatus s ;
 		G::StringArray part ;
-		G::Str::splitIntoFields( line , part , {"|",1U} ) ;
-		if( part.size() != 9U ) throw std::runtime_error( "incorrect number of parts" ) ;
+		G::Str::splitIntoFields( line , part , {"|",1U} , '\\' ) ;
+		if( part.size() != 9U )
+			throw InvalidStatus() ;
+
 		std::size_t i = 0U ;
-		mbox = part.at(i++) ;
+		VerifierStatus s ;
+		s.recipient = part.at(i++) ;
 		s.is_valid = part.at(i++) == "1" ;
 		s.is_local = part.at(i++) == "1" ;
 		s.temporary = part.at(i++) == "1" ;
@@ -55,25 +87,26 @@ GSmtp::VerifierStatus GSmtp::VerifierStatus::parse( const std::string & line , s
 	}
 	catch( std::exception & )
 	{
-		G_ERROR( "GSmtp::VerifierStatus::parse: invalid stringised status: [" << line << "]" ) ;
+		G_ERROR( "GSmtp::VerifierStatus::parse: invalid verifier status: [" << line << "]" ) ;
 		throw ;
 	}
 }
 
-std::string GSmtp::VerifierStatus::str( const std::string & mbox ) const
+std::string GSmtp::VerifierStatus::str() const
 {
-	std::string sep( 1U , '|' ) ;
-	std::string t( "1" ) ;
-	std::string f( "0" ) ;
-	return
-		mbox + sep +
-		(is_valid?t:f) + sep +
-		(is_local?t:f) + sep +
-		(temporary?t:f) + sep +
-		(abort?t:f) + sep +
-		full_name + sep +
-		address + sep +
-		response + sep +
-		reason ;
+	auto escape = [](const std::string &s){ return G::Str::escaped( s , '\\' , "\\|" , "\\|" ) ; } ;
+	const char sep = '|' ;
+	const char t = '1' ;
+	const char f = '0' ;
+	return escape(recipient)
+		.append(1U,sep)
+		.append(1U,is_valid?t:f).append(1U,sep)
+		.append(1U,is_local?t:f).append(1U,sep)
+		.append(1U,temporary?t:f).append(1U,sep)
+		.append(1U,abort?t:f).append(1U,sep)
+		.append(escape(full_name)).append(1U,sep)
+		.append(escape(address)).append(1U,sep)
+		.append(escape(response)).append(1U,sep)
+		.append(escape(reason)) ;
 }
 
diff --git a/src/gsmtp/gverifierstatus.h b/src/gsmtp/gverifierstatus.h
index 1dfdf16..848a4a4 100644
--- a/src/gsmtp/gverifierstatus.h
+++ b/src/gsmtp/gverifierstatus.h
@@ -22,6 +22,7 @@
 #define G_SMTP_VERIFIER_STATUS_H
 
 #include "gdef.h"
+#include "gexception.h"
 #include <string>
 
 namespace GSmtp
@@ -31,7 +32,7 @@ namespace GSmtp
 
 //| \class GSmtp::VerifierStatus
 /// A structure returned by GSmtp::Verifier to describe the status of
-/// a 'rcpt-to' recipient.
+/// a 'rcpt-to' or 'vrfy' recipient.
 ///
 /// If describing an invalid recipient then 'is_valid' is set false
 /// and a 'response' is supplied. The response is typically reported back
@@ -45,36 +46,46 @@ namespace GSmtp
 /// to the recipient's mailbox name (which should not have an at sign).
 ///
 /// If a valid remote recipient then 'is_local' is set false, 'full_name'
-/// is empty, and 'address' is copied from the original recipient 'to' address.
+/// is empty, and 'address' is typically a copy of the original recipient.
 ///
 class GSmtp::VerifierStatus
 {
 public:
-	VerifierStatus() ;
-		///< Default constructor for an invalid remote mailbox.
+	G_EXCEPTION( InvalidStatus , "invalid verifier status" ) ;
 
-	explicit VerifierStatus( const std::string & ) ;
-		///< Constructor for a valid remote mailbox with the
-		///< given 'address' field.
+	static VerifierStatus invalid( const std::string & recipient ,
+		bool temporary = false ,
+		const std::string & response = {} ,
+		const std::string & reason = {} ) ;
+			///< Factory for an invalid address.
 
-	static VerifierStatus parse( const std::string & str , std::string & to_ref ) ;
-		///< Parses a str() string into a structure and a
-		///< recipient 'to' address (by reference).
+	static VerifierStatus remote( const std::string & recipient ,
+		const std::string & address = {} ) ;
+			///< Constructor for a valid remote mailbox.
 
-	std::string str( const std::string & to ) const ;
-		///< Returns a string representation of the structure
-		///< plus the original recipient 'to' address.
+	static VerifierStatus local( const std::string & recipient ,
+		const std::string & full_name , const std::string & mbox ) ;
+			///< Constructor for a valid local mailbox.
+
+	static VerifierStatus parse( const std::string & str ) ;
+		///< Parses a str() string into a structure.
+
+	std::string str() const ;
+		///< Returns a string representation of the structure.
 
 public:
 	bool is_valid{false} ;
 	bool is_local{false} ;
 	bool temporary{false} ;
 	bool abort{false} ;
-	std::string full_name ;
-	std::string address ;
+	std::string recipient ; // verifier input, even if not valid
+	std::string full_name ; // description iff local
+	std::string address ; // mailbox if local, output address if remote
 	std::string response ;
 	std::string reason ;
 
+private:
+	VerifierStatus() ;
 } ;
 
 #endif
diff --git a/src/gssl/gssl.h b/src/gssl/gssl.h
index 620b0cc..db48de6 100644
--- a/src/gssl/gssl.h
+++ b/src/gssl/gssl.h
@@ -28,6 +28,7 @@
 #include "greadwrite.h"
 #include <string>
 #include <utility>
+#include <memory>
 
 namespace GSsl
 {
diff --git a/src/gssl/gssl_mbedtls.cpp b/src/gssl/gssl_mbedtls.cpp
index b811594..f31781d 100644
--- a/src/gssl/gssl_mbedtls.cpp
+++ b/src/gssl/gssl_mbedtls.cpp
@@ -30,6 +30,7 @@
 #include "gfile.h"
 #include "gprocess.h"
 #include "gscope.h"
+#include "gstrmacros.h"
 #include "glog.h"
 #include "gassert.h"
 #include <mbedtls/ssl.h>
@@ -41,16 +42,14 @@
 #include <mbedtls/pem.h>
 #include <mbedtls/base64.h>
 #include <mbedtls/debug.h>
+#include <type_traits>
+#include <array>
 #include <sstream>
 #include <fstream>
 #include <vector>
 #include <exception>
 #include <iomanip>
-
-#ifndef G_STR_PASTE
-#define G_STR_PASTE_IMP(a,b) a##b
-#define G_STR_PASTE(a,b) G_STR_PASTE_IMP(a,b)
-#endif
+#include <limits>
 
 // macro magic to provide function-name/function-pointer arguments for call()
 #ifdef FN
@@ -188,7 +187,7 @@ const GSsl::Profile & GSsl::MbedTls::LibraryImp::profile( const std::string & pr
 {
 	auto p = m_profile_map.find( profile_name ) ;
 	if( p == m_profile_map.end() ) throw Error( "no such profile: [" + profile_name + "]" ) ;
-	return *(*p).second.get() ;
+	return *(*p).second ;
 }
 
 GSsl::Library::LogFn GSsl::MbedTls::LibraryImp::log() const
@@ -226,7 +225,7 @@ bool GSsl::MbedTls::LibraryImp::generateKeyAvailable() const
 
 std::string GSsl::MbedTls::LibraryImp::generateKey( const std::string & issuer_name ) const
 {
-	// see mbedtls/programs/pkey/gen_key.c ...
+	// see also mbedtls/programs/pkey/gen_key.c ...
 
 	X<mbedtls_entropy_context> entropy( mbedtls_entropy_init , mbedtls_entropy_free ) ;
 	if( !G::is_windows() )
@@ -260,7 +259,7 @@ std::string GSsl::MbedTls::LibraryImp::generateKey( const std::string & issuer_n
 		s_key = reinterpret_cast<const char*>( &pk_buffer[0] ) ;
 	}
 
-	// see mbedtls/programs/x509/cert_write.c ...
+	// see also mbedtls/programs/x509/cert_write.c ...
 
 	X<mbedtls_mpi> mpi( mbedtls_mpi_init , mbedtls_mpi_free ) ;
 	{
@@ -471,21 +470,21 @@ std::string GSsl::MbedTls::DigesterImp::value()
 {
 	if( m_hash_type == Type::Md5 )
 	{
-		unsigned char buffer[16] ;
-		call( FN_RETv3(mbedtls_md5_finish) , &m_md5 , buffer ) ;
-		return std::string( reinterpret_cast<const char*>(buffer) , sizeof(buffer) ) ;
+		std::array<unsigned char,16> buffer {} ;
+		call( FN_RETv3(mbedtls_md5_finish) , &m_md5 , &buffer[0] ) ;
+		return std::string( reinterpret_cast<const char*>(&buffer[0]) , buffer.size() ) ;
 	}
 	else if( m_hash_type == Type::Sha1 )
 	{
-		unsigned char buffer[20] ;
-		call( FN_RETv3(mbedtls_sha1_finish) , &m_sha1 , buffer ) ;
-		return std::string( reinterpret_cast<const char*>(buffer) , sizeof(buffer) ) ;
+		std::array<unsigned char,20> buffer {} ;
+		call( FN_RETv3(mbedtls_sha1_finish) , &m_sha1 , &buffer[0] ) ;
+		return std::string( reinterpret_cast<const char*>(&buffer[0]) , buffer.size() ) ;
 	}
 	else if( m_hash_type == Type::Sha256 )
 	{
-		unsigned char buffer[32] ;
-		call( FN_RETv3(mbedtls_sha256_finish) , &m_sha256 , buffer ) ;
-		return std::string( reinterpret_cast<const char*>(buffer) , sizeof(buffer) ) ;
+		std::array<unsigned char,32> buffer {} ;
+		call( FN_RETv3(mbedtls_sha256_finish) , &m_sha256 , &buffer[0] ) ;
+		return std::string( reinterpret_cast<const char*>(&buffer[0]) , buffer.size() ) ;
 	}
 	else
 	{
@@ -529,6 +528,7 @@ GSsl::MbedTls::ProfileImp::ProfileImp( const LibraryImp & library_imp , bool is_
 		m_library_imp(library_imp) ,
 		m_default_peer_certificate_name(default_peer_certificate_name) ,
 		m_default_peer_host_name(default_peer_host_name) ,
+		m_config{} ,
 		m_authmode(0)
 {
 	mbedtls_ssl_config * cleanup_ptr = nullptr ;
@@ -547,7 +547,6 @@ GSsl::MbedTls::ProfileImp::ProfileImp( const LibraryImp & library_imp , bool is_
 
 	// initialise the mbedtls_ssl_config structure
 	{
-		m_config = mbedtls_ssl_config{} ;
 		mbedtls_ssl_config_init( &m_config ) ;
 		cleanup_ptr = &m_config ;
 		int rc = mbedtls_ssl_config_defaults( &m_config ,
@@ -795,7 +794,7 @@ int GSsl::MbedTls::ProtocolImp::doRecv( void * This , unsigned char * p , std::s
 	ssize_t rc = io->read( reinterpret_cast<char*>(p) , n ) ;
 	if( rc < 0 && io->eWouldBlock() ) return MBEDTLS_ERR_SSL_WANT_READ ;
 	if( rc < 0 ) return MBEDTLS_ERR_NET_RECV_FAILED ; // or CONN_RESET for EPIPE or ECONNRESET
-	return rc ;
+	return static_cast<int>(rc) ;
 }
 
 int GSsl::MbedTls::ProtocolImp::doSend( void * This , const unsigned char * p , std::size_t n )
@@ -805,7 +804,7 @@ int GSsl::MbedTls::ProtocolImp::doSend( void * This , const unsigned char * p ,
 	ssize_t rc = io->write( reinterpret_cast<const char*>(p) , n ) ;
 	if( rc < 0 && io->eWouldBlock() ) return MBEDTLS_ERR_SSL_WANT_WRITE ;
 	if( rc < 0 ) return MBEDTLS_ERR_NET_SEND_FAILED ; // or CONN_RESET for EPIPE or ECONNRESET
-	return rc ;
+	return static_cast<int>(rc) ;
 }
 
 GSsl::Protocol::Result GSsl::MbedTls::ProtocolImp::convert( const char * fnname , int rc , bool more )
@@ -825,7 +824,7 @@ std::string GSsl::MbedTls::ProtocolImp::verifyResultString( int rc )
 {
 	if( rc == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
 	{
-		int verify_result = mbedtls_ssl_get_verify_result( m_ssl.ptr() ) ; // MBEDTLS_X509_BADCERT_...
+		auto verify_result = mbedtls_ssl_get_verify_result( m_ssl.ptr() ) ; // MBEDTLS_X509_BADCERT_...
 		std::vector<char> buffer( 1024U ) ;
 		mbedtls_x509_crt_verify_info( &buffer[0] , buffer.size() , "" , verify_result ) ;
 		buffer[buffer.size()-1U] = '\0' ;
@@ -863,8 +862,9 @@ GSsl::Protocol::Result GSsl::MbedTls::ProtocolImp::handshake()
 		}
 		else if( m_profile.authmode() == MBEDTLS_SSL_VERIFY_OPTIONAL )
 		{
-			int v = mbedtls_ssl_get_verify_result( m_ssl.ptr() ) ;
+			auto v = mbedtls_ssl_get_verify_result( m_ssl.ptr() ) ;
 			m_verified = v == 0 ;
+			// TODO see also mbedtls_x509_crt_verify_info() and X509_CRT_ERROR_INFO
 			vstr = v == 0 ? "peer certificate verified" : "peer certificate failed to verify" ;
 			if( v & MBEDTLS_X509_BADCERT_EXPIRED ) vstr = "peer certificate has expired" ;
 			if( v & MBEDTLS_X509_BADCERT_REVOKED ) vstr = "peer certificate has been revoked" ;
@@ -930,7 +930,7 @@ std::string GSsl::MbedTls::ProtocolImp::getPeerCertificate()
 			throw Error( "certificate error" ) ;
 
 		result = std::string( reinterpret_cast<const char *>(&buffer[0]) , n-1U ) ;
-		if( std::string(result.c_str()) != result || result.find(tail) == std::string::npos )
+		if( std::string(result.c_str()) != result || result.find(tail) == std::string::npos ) // NOLINT readability-redundant-string-cstr
 			throw Error( "certificate error" ) ;
 	}
 	return result ;
@@ -953,9 +953,9 @@ bool GSsl::MbedTls::ProtocolImp::verified() const
 
 // ==
 
-GSsl::MbedTls::Context::Context( const mbedtls_ssl_config * config_p )
+GSsl::MbedTls::Context::Context( const mbedtls_ssl_config * config_p ) :
+	x{}
 {
-	x = mbedtls_ssl_context{} ;
 	mbedtls_ssl_init( &x ) ;
 
 	int rc = mbedtls_ssl_setup( &x , config_p ) ;
@@ -979,7 +979,9 @@ mbedtls_ssl_context * GSsl::MbedTls::Context::ptr() const
 
 // ==
 
-GSsl::MbedTls::Rng::Rng()
+GSsl::MbedTls::Rng::Rng() :
+	x{} ,
+	entropy{}
 {
 	// quote: "in the default Mbed TLS the entropy collector tries to use what
 	// the platform you run can provide -- for Linux and UNIX-like systems this
@@ -987,14 +989,12 @@ GSsl::MbedTls::Rng::Rng()
 	// --  these are considered strong entropy sources -- when you run Mbed TLS
 	// on a different platform, such as an embedded platform, you have to add
 	// platform-specific or application-specific entropy sources"
-	entropy = mbedtls_entropy_context{} ;
 	mbedtls_entropy_init( &entropy ) ;
 
-	x = mbedtls_ctr_drbg_context{} ;
 	mbedtls_ctr_drbg_init( &x ) ;
 
-	unsigned char extra[] = "sdflkjsdlkjsdfkljxmvnxcvmxmncvx" ;
-	int rc = mbedtls_ctr_drbg_seed( &x , mbedtls_entropy_func , &entropy , extra , sizeof(extra) ) ;
+	static constexpr std::array<unsigned char,33> extra { "sdflkjsdlkjsdfkljxmvnxcvmxmncvxy" } ;
+	int rc = mbedtls_ctr_drbg_seed( &x , mbedtls_entropy_func , &entropy , &extra[0] , extra.size()-1U ) ;
 	if( rc != 0 )
 	{
 		mbedtls_entropy_free( &entropy ) ;
@@ -1020,45 +1020,68 @@ mbedtls_ctr_drbg_context * GSsl::MbedTls::Rng::ptr() const
 
 // ==
 
-static void scrub( unsigned char * p_in , std::size_t n )
+std::size_t GSsl::MbedTls::SecureFile::fileSize( std::filebuf & fp )
+{
+	std::streamoff pos = fp.pubseekoff( 0 , std::ios_base::end , std::ios_base::in ) ;
+	if( pos < 0 || static_cast<std::make_unsigned<std::streamoff>::type>(pos) >= std::numeric_limits<std::size_t>::max() ) // ">=" sic
+		return 0U ;
+	return static_cast<std::size_t>( pos ) ;
+}
+
+bool GSsl::MbedTls::SecureFile::fileRead( std::filebuf & fp , char * p , std::size_t n )
+{
+	if( p == nullptr || n == 0U )
+		return false ;
+	fp.pubseekpos( 0 , std::ios_base::in ) ;
+	auto rc = fp.sgetn( p , n ) ; // NOLINT narrowing
+	return rc > 0 && static_cast<std::size_t>(rc) == n ;
+}
+
+void GSsl::MbedTls::SecureFile::scrub( char * p_in , std::size_t n ) noexcept
 {
 	// see also SecureZeroMemory(), memset_s(3), explicit_bzero(BSD) and mbedtls_zeroize()
-	volatile unsigned char * p = p_in ;
+	volatile char * p = p_in ;
 	while( n-- )
-		*p++ = 0U ;
+		*p++ = 0 ;
+}
+
+void GSsl::MbedTls::SecureFile::clear( std::vector<char> & buffer )
+{
+	if( !buffer.empty() )
+	{
+		scrub( &buffer[0] , buffer.size() ) ;
+		buffer.clear() ;
+	}
 }
 
 GSsl::MbedTls::SecureFile::SecureFile( const std::string & path , bool with_nul )
 {
+	G::ScopeExit clearer( [&](){ clear(m_buffer); } ) ;
 	std::filebuf f ;
-	std::filebuf * fp = nullptr ;
-	try
 	{
-		{
-			G::Root claim_root ;
-			fp = G::File::open( f , path , G::File::InOut::In ) ;
-		}
-		std::streamoff n = 0 ;
-		bool ok = fp != nullptr ;
-		if( ok ) n = fp->pubseekoff( 0 , std::ios_base::end , std::ios_base::in ) ;
-		if( ok ) m_buffer.resize( static_cast<std::size_t>(n) ) ;
-		if( ok ) fp->pubseekpos( 0 , std::ios_base::in ) ;
-		if( ok ) ok = fp->sgetn( &m_buffer[0] , m_buffer.size() ) == static_cast<std::streamsize>(m_buffer.size()) ;
-		if( !ok ) scrub( pu() , size() ) ;
-		if( fp ) { fp->close() ; fp = nullptr ; }
-		if( ok && with_nul ) m_buffer.push_back( '\0' ) ;
-	}
-	catch(...)
-	{
-		scrub( pu() , size() ) ;
-		if( fp ) fp->close() ;
-		throw ;
+		G::Root claim_root ;
+		if( G::File::open( f , path , G::File::InOut::In ) == nullptr )
+			return ;
 	}
+
+	std::size_t n = fileSize( f ) ;
+	if( n == 0U )
+		return ;
+
+	m_buffer.resize( n+1U ) ;
+	bool ok = fileRead( f , &m_buffer[0] , n ) ;
+	if( !ok )
+		return ;
+
+	if( with_nul )
+		m_buffer.push_back( '\0' ) ;
+
+	clearer.release() ;
 }
 
 GSsl::MbedTls::SecureFile::~SecureFile()
 {
-	scrub( pu() , size() ) ;
+	clear( m_buffer ) ;
 }
 
 const char * GSsl::MbedTls::SecureFile::p() const
@@ -1069,12 +1092,12 @@ const char * GSsl::MbedTls::SecureFile::p() const
 
 const unsigned char * GSsl::MbedTls::SecureFile::pu() const
 {
-	return reinterpret_cast<const unsigned char*>(p()) ;
+	return reinterpret_cast<const unsigned char*>( p() ) ;
 }
 
 unsigned char * GSsl::MbedTls::SecureFile::pu()
 {
-	return const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(p())) ;
+	return const_cast<unsigned char*>( reinterpret_cast<const unsigned char*>(p()) ) ;
 }
 
 std::size_t GSsl::MbedTls::SecureFile::size() const
@@ -1089,7 +1112,8 @@ bool GSsl::MbedTls::SecureFile::empty() const
 
 // ==
 
-GSsl::MbedTls::Key::Key()
+GSsl::MbedTls::Key::Key() :
+	x{}
 {
 	mbedtls_pk_init( &x ) ;
 }
@@ -1121,12 +1145,13 @@ mbedtls_pk_context * GSsl::MbedTls::Key::ptr()
 
 mbedtls_pk_context * GSsl::MbedTls::Key::ptr() const
 {
-	return const_cast<mbedtls_pk_context*>(&x) ;
+	return const_cast<mbedtls_pk_context*>( &x ) ;
 }
 
 // ==
 
-GSsl::MbedTls::Certificate::Certificate()
+GSsl::MbedTls::Certificate::Certificate() :
+	x{}
 {
 	mbedtls_x509_crt_init( &x ) ;
 }
@@ -1164,7 +1189,7 @@ mbedtls_x509_crt * GSsl::MbedTls::Certificate::ptr()
 mbedtls_x509_crt * GSsl::MbedTls::Certificate::ptr() const
 {
 	if( loaded() )
-		return const_cast<mbedtls_x509_crt*>(&x) ;
+		return const_cast<mbedtls_x509_crt*>( &x ) ;
 	else
 		return nullptr ;
 }
diff --git a/src/gssl/gssl_mbedtls.h b/src/gssl/gssl_mbedtls.h
index 89b0230..700017e 100644
--- a/src/gssl/gssl_mbedtls.h
+++ b/src/gssl/gssl_mbedtls.h
@@ -187,6 +187,12 @@ public:
 	void operator=( const SecureFile & ) = delete ;
 	void operator=( SecureFile && ) = delete ;
 
+private:
+	static std::size_t fileSize( std::filebuf & ) ;
+	static bool fileRead( std::filebuf & , char * , std::size_t ) ;
+	static void scrub( char * , std::size_t ) noexcept ;
+	static void clear( std::vector<char> & ) ;
+
 private:
 	std::vector<char> m_buffer ;
 } ;
diff --git a/src/gssl/gssl_openssl.h b/src/gssl/gssl_openssl.h
index 6ba9de3..5115af5 100644
--- a/src/gssl/gssl_openssl.h
+++ b/src/gssl/gssl_openssl.h
@@ -33,6 +33,7 @@
 #include <stdexcept>
 #include <functional>
 #include <map>
+#include <memory>
 
 // debugging...
 //  * network logging
diff --git a/src/gui/Makefile.am b/src/gui/Makefile.am
index fdee588..a0e46c3 100644
--- a/src/gui/Makefile.am
+++ b/src/gui/Makefile.am
@@ -52,6 +52,7 @@ LIB_SOURCES = \
 	boot.h \
 	dir.cpp \
 	dir.h \
+	gcominit.h \
 	glibsources.cpp \
 	glink.h \
 	installer.h \
@@ -88,8 +89,8 @@ EXTRA_DIST=\
 	$(TS_FILES) \
 	$(QM_IN_FILES) \
 	emailrelay-gui.exe.manifest \
-	gcominit.h \
 	messages.mc \
+	emailrelay-gui.pro \
 	$(OS_EXTRA_DIST)
 
 # force symbol stripping on 'make install' -- see also make 'install-strip'
diff --git a/src/gui/Makefile.in b/src/gui/Makefile.in
index a184cdc..b1320a1 100644
--- a/src/gui/Makefile.in
+++ b/src/gui/Makefile.in
@@ -138,8 +138,8 @@ am__libguimain_a_SOURCES_DIST = access_unix.cpp dir_unix.cpp \
 	boot_unix.cpp glink_unix.cpp access_mac.cpp dir_mac.cpp \
 	boot_mac.cpp glink_mac.cpp access_win32.cpp dir_win32.cpp \
 	boot_win32.cpp glink_win32.cpp emailrelay-gui.rc access.h \
-	boot.h dir.cpp dir.h glibsources.cpp glink.h installer.h \
-	legal.cpp legal.h serverconfiguration.cpp \
+	boot.h dir.cpp dir.h gcominit.h glibsources.cpp glink.h \
+	installer.h legal.cpp legal.h serverconfiguration.cpp \
 	serverconfiguration.h
 am__objects_1 = access_unix.$(OBJEXT) dir_unix.$(OBJEXT) \
 	boot_unix.$(OBJEXT) glink_unix.$(OBJEXT)
@@ -430,6 +430,7 @@ LIB_SOURCES = \
 	boot.h \
 	dir.cpp \
 	dir.h \
+	gcominit.h \
 	glibsources.cpp \
 	glink.h \
 	installer.h \
@@ -454,8 +455,8 @@ EXTRA_DIST = \
 	$(TS_FILES) \
 	$(QM_IN_FILES) \
 	emailrelay-gui.exe.manifest \
-	gcominit.h \
 	messages.mc \
+	emailrelay-gui.pro \
 	$(OS_EXTRA_DIST)
 
 
diff --git a/src/gui/access_win32.cpp b/src/gui/access_win32.cpp
index 951d365..12a34be 100644
--- a/src/gui/access_win32.cpp
+++ b/src/gui/access_win32.cpp
@@ -35,8 +35,8 @@ bool Access::modify( const G::Path & path , bool b )
 	{
 		// this is used to open up permissions on ProgramData/E-MailRelay so
 		// that the installing-user can edit emailrelay-start.bat (etc) -- if
-		// it doesnt work then it doesn't stop anything working, it's just then
-		// a pain to modify startup options
+		// it fails then it doesn't stop anything else working, but it becomes
+		// a pain to modify server startup options
 		if( !b )
 			add_user_write_permissions_to_directory( path.str() ) ;
 		return true ;
@@ -106,7 +106,7 @@ namespace
 		std::string str() const
 		{
 			char * p = nullptr ;
-			ConvertSidToStringSid( ptr() , &p ) ;
+			ConvertSidToStringSidA( ptr() , &p ) ;
 			std::string s ;
 			if( p )
 			{
@@ -118,12 +118,12 @@ namespace
 		~UserSid() override = default ;
 		G::Buffer<char> m_buffer ;
 	} ;
-	struct DirectoryWriteAccessFor : public EXPLICIT_ACCESS
+	struct DirectoryWriteAccessFor : public EXPLICIT_ACCESS_A
 	{
 		explicit DirectoryWriteAccessFor( const Sid & sid )
 		{
-			EXPLICIT_ACCESS zero{} ;
-			*static_cast<EXPLICIT_ACCESS*>(this) = zero ;
+			EXPLICIT_ACCESS_A zero{} ;
+			*static_cast<EXPLICIT_ACCESS_A*>(this) = zero ;
 			grfAccessPermissions = GENERIC_ALL ;
 			grfAccessMode = GRANT_ACCESS ;
 			grfInheritance = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE ;
@@ -139,7 +139,7 @@ namespace
 			m_dacl(nullptr) ,
 			m_free_me(false)
 		{
-			DWORD rc = GetNamedSecurityInfo( path.c_str() , SE_FILE_OBJECT , DACL_SECURITY_INFORMATION ,
+			DWORD rc = GetNamedSecurityInfoA( path.c_str() , SE_FILE_OBJECT , DACL_SECURITY_INFORMATION ,
 				nullptr , nullptr , &m_dacl , nullptr , &m_sd ) ;
 			if( rc != ERROR_SUCCESS || m_dacl == nullptr )
 				throw Error() ;
@@ -151,10 +151,10 @@ namespace
 			if( m_free_me )
 				LocalFree( m_dacl ) ;
 		}
-		void add( const EXPLICIT_ACCESS & access )
+		void add( const EXPLICIT_ACCESS_A & access )
 		{
 			ACL * new_dacl = nullptr ;
-			DWORD rc = SetEntriesInAcl( 1 , const_cast<EXPLICIT_ACCESS*>(&access) , m_dacl , &new_dacl ) ;
+			DWORD rc = SetEntriesInAclA( 1 , const_cast<EXPLICIT_ACCESS_A*>(&access) , m_dacl , &new_dacl ) ;
 			if( rc != ERROR_SUCCESS || new_dacl == nullptr )
 				throw Error() ;
 			m_dacl = new_dacl ;
@@ -162,7 +162,7 @@ namespace
 		}
 		void applyTo( const std::string & path )
 		{
-			DWORD rc = SetNamedSecurityInfo( const_cast<char*>(path.c_str()) , SE_FILE_OBJECT ,
+			DWORD rc = SetNamedSecurityInfoA( const_cast<char*>(path.c_str()) , SE_FILE_OBJECT ,
 				DACL_SECURITY_INFORMATION , nullptr , nullptr , m_dacl , nullptr ) ;
 			if( rc != ERROR_SUCCESS )
 				throw Error() ;
diff --git a/src/gui/boot.h b/src/gui/boot.h
index e72d539..ccfff07 100644
--- a/src/gui/boot.h
+++ b/src/gui/boot.h
@@ -23,7 +23,6 @@
 
 #include "gdef.h"
 #include "gpath.h"
-#include "gstrings.h"
 
 //| \class Boot
 /// Provides support for installing as a boot-time service.
@@ -31,10 +30,10 @@
 class Boot
 {
 public:
-	static bool able( const G::Path & dir_boot ) ;
+	static bool installable( const G::Path & dir_boot ) ;
 		///< Returns true if the operating-system is supported and the supplied
-		///< boot-system directory is valid. The parameter normally comes
-		///< from Dir::boot().
+		///< boot-system directory is valid and accessible. The parameter normally
+		///< comes from Dir::boot().
 
 	static void install( const G::Path & dir_boot , const std::string & name ,
 		const G::Path & path_1 , const G::Path & path_2 ) ;
@@ -52,6 +51,9 @@ public:
 	static bool installed( const G::Path & dir_boot , const std::string & name ) ;
 		///< Returns true if currently installed.
 
+	static bool launchable( const G::Path & dir_boot , const std::string & name ) ;
+		///< Returns true if launch() is possible.
+
 	static void launch( const G::Path & dir_boot , const std::string & name ) ;
 		///< Starts the service.
 
diff --git a/src/gui/boot_mac.cpp b/src/gui/boot_mac.cpp
index c8df2c0..334b662 100644
--- a/src/gui/boot_mac.cpp
+++ b/src/gui/boot_mac.cpp
@@ -25,7 +25,7 @@
 #include "gdirectory.h"
 #include <stdexcept>
 
-bool Boot::able( const G::Path & dir )
+bool Boot::installable( const G::Path & dir )
 {
 	// nasty side-effect required because Library/StartupItems may not exist
 	if( !dir.empty() )
@@ -59,6 +59,11 @@ bool Boot::installed( const G::Path & dir_boot , const std::string & name )
 	return G::File::exists( dir_boot + name + name , std::nothrow ) ; // not tested
 }
 
+void Boot::launchable( const G::Path & , const std::string & )
+{
+	return false ;
+}
+
 void Boot::launch( const G::Path & , const std::string & )
 {
 	// TODO
diff --git a/src/gui/boot_unix.cpp b/src/gui/boot_unix.cpp
index 9f1d8ad..e4130f9 100644
--- a/src/gui/boot_unix.cpp
+++ b/src/gui/boot_unix.cpp
@@ -29,22 +29,43 @@
 #include <sstream>
 #include <stdexcept>
 
-bool Boot::able( const G::Path & dir )
+namespace BootImp
 {
-	// check /etc/init.d and /etc/rc?.d are writable
-	static bool result =
-		!dir.empty() &&
-		G::Directory(dir).valid(true) &&
-		G::Directory(dir+".."+"rc2.d").valid(true) &&
-		G::Directory(dir+".."+"rc3.d").valid(true) &&
-		G::Directory(dir+".."+"rc4.d").valid(true) &&
-		G::Directory(dir+".."+"rc5.d").valid(true) &&
-		G::Directory(dir).writeable() && // (creates a probe file)
-		G::Directory(dir+".."+"rc2.d").writeable() &&
-		G::Directory(dir+".."+"rc3.d").writeable() &&
-		G::Directory(dir+".."+"rc4.d").writeable() &&
-		G::Directory(dir+".."+"rc5.d").writeable() ;
-	return result ;
+	bool link( const G::Path & target , const G::Path & new_link , std::nothrow_t ) ;
+	bool remove( const G::Path & path , std::nothrow_t ) ;
+}
+
+bool BootImp::link( const G::Path & target , const G::Path & new_link , std::nothrow_t )
+{
+	return
+		G::File::isDirectory( new_link.dirname() , std::nothrow ) ?
+			G::File::link( target , new_link , std::nothrow ) :
+			true ; // do nothing successfully if no "/etc/rc?.d" directory
+}
+
+bool BootImp::remove( const G::Path & path , std::nothrow_t )
+{
+	return
+		G::File::isDirectory( path.dirname() , std::nothrow ) ?
+			G::File::remove( path , std::nothrow ) :
+			true ; // do nothing successfully if no "/etc/rc?.d" directory
+}
+
+bool Boot::installable( const G::Path & dir_boot )
+{
+	// check /etc/init.d and /etc/rc2.d etc are writable
+	return
+		!dir_boot.empty() &&
+		G::Directory(dir_boot).valid(true) &&
+		G::Directory(dir_boot+".."+"rc2.d").valid(true) &&
+		G::Directory(dir_boot+".."+"rc3.d").valid(true) &&
+		G::Directory(dir_boot+".."+"rc4.d").valid(true) &&
+		G::Directory(dir_boot+".."+"rc5.d").valid(true) &&
+		G::Directory(dir_boot).writeable() &&
+		G::Directory(dir_boot+".."+"rc2.d").writeable() &&
+		G::Directory(dir_boot+".."+"rc3.d").writeable() &&
+		G::Directory(dir_boot+".."+"rc4.d").writeable() &&
+		G::Directory(dir_boot+".."+"rc5.d").writeable() ;
 }
 
 void Boot::install( const G::Path & dir_boot , const std::string & name , const G::Path & startstop_src , const G::Path & )
@@ -52,12 +73,12 @@ void Boot::install( const G::Path & dir_boot , const std::string & name , const
 	G::Path startstop_dst = dir_boot + name ;
 	bool ok0 = G::File::copy( startstop_src , startstop_dst , std::nothrow ) ;
 
-	std::string symlink = "../" + dir_boot.basename() + "/" + name ;
+	std::string symlink = "../" + dir_boot.basename() + "/" + name ; // point to eg "../init.d/<name>"
 	std::string linkname = "S50" + name ;
-	bool ok1 = G::File::link( symlink , dir_boot+".."+"rc2.d"+linkname , std::nothrow ) ;
-	bool ok2 = G::File::link( symlink , dir_boot+".."+"rc3.d"+linkname , std::nothrow ) ;
-	bool ok3 = G::File::link( symlink , dir_boot+".."+"rc4.d"+linkname , std::nothrow ) ;
-	bool ok4 = G::File::link( symlink , dir_boot+".."+"rc5.d"+linkname , std::nothrow ) ;
+	bool ok1 = BootImp::link( symlink , dir_boot+".."+"rc2.d"+linkname , std::nothrow ) ;
+	bool ok2 = BootImp::link( symlink , dir_boot+".."+"rc3.d"+linkname , std::nothrow ) ;
+	bool ok3 = BootImp::link( symlink , dir_boot+".."+"rc4.d"+linkname , std::nothrow ) ;
+	bool ok4 = BootImp::link( symlink , dir_boot+".."+"rc5.d"+linkname , std::nothrow ) ;
 	bool ok = ok0 && ok1 && ok2 && ok3 && ok4 ;
 	if( !ok )
 		throw std::runtime_error( "failed to create symlinks [" + (dir_boot+".."+"rc2.d"+linkname).str() + "] etc" ) ;
@@ -66,20 +87,28 @@ void Boot::install( const G::Path & dir_boot , const std::string & name , const
 bool Boot::uninstall( const G::Path & dir_boot , const std::string & name , const G::Path & , const G::Path & )
 {
 	std::string linkname = "S50" + name ;
-	bool ok0 = G::File::remove( dir_boot+".."+"rc2.d"+linkname , std::nothrow ) ;
-	bool ok1 = G::File::remove( dir_boot+".."+"rc3.d"+linkname , std::nothrow ) ;
-	bool ok2 = G::File::remove( dir_boot+".."+"rc4.d"+linkname , std::nothrow ) ;
-	bool ok3 = G::File::remove( dir_boot+".."+"rc5.d"+linkname , std::nothrow ) ;
+	bool ok0 = BootImp::remove( dir_boot+".."+"rc2.d"+linkname , std::nothrow ) ;
+	bool ok1 = BootImp::remove( dir_boot+".."+"rc3.d"+linkname , std::nothrow ) ;
+	bool ok2 = BootImp::remove( dir_boot+".."+"rc4.d"+linkname , std::nothrow ) ;
+	bool ok3 = BootImp::remove( dir_boot+".."+"rc5.d"+linkname , std::nothrow ) ;
 	return ok0 && ok1 && ok2 && ok3 ;
 }
 
 bool Boot::installed( const G::Path & dir_boot , const std::string & name )
 {
-	return G::File::exists( dir_boot.dirname() + "rc2.d" + ( "S50" + name ) , std::nothrow ) ;
+	return G::File::exists( dir_boot + ".." + "rc2.d" + ( "S50" + name ) , std::nothrow ) ;
 }
 
-void Boot::launch( const G::Path & , const std::string & name )
+bool Boot::launchable( const G::Path & dir_boot , const std::string & )
 {
+	return dir_boot == "/etc/init.d" && G::File::exists( "/usr/sbin/service" , std::nothrow ) ;
+}
+
+void Boot::launch( const G::Path & dir_boot , const std::string & name )
+{
+	if( dir_boot != "/etc/init.d" )
+		throw std::runtime_error( "cannot launch from non-standard install directory ["+dir_boot.str()+"]" ) ;
+
 	G::ExecutableCommand cmd( "/usr/sbin/service" , {name,"start"} , false ) ;
 	G::NewProcess task(
 		G::NewProcessConfig( cmd.exe() )
diff --git a/src/gui/boot_win32.cpp b/src/gui/boot_win32.cpp
index ca732e0..c9a0959 100644
--- a/src/gui/boot_win32.cpp
+++ b/src/gui/boot_win32.cpp
@@ -41,7 +41,7 @@ namespace
 	}
 }
 
-bool Boot::able( const G::Path & )
+bool Boot::installable( const G::Path & )
 {
 	SC_HANDLE hmanager = OpenSCManager( nullptr , nullptr , SC_MANAGER_ALL_ACCESS ) ;
 	bool ok = hmanager != HNULL ;
@@ -69,13 +69,15 @@ void Boot::install( const G::Path & , const std::string & name , const G::Path &
 		throw std::runtime_error( reason ) ;
 
 	// create the config file
-	createConfigurationFile( bat , wrapper_exe , true/*do_throw*/ ) ;
+	bool do_throw = true ;
+	createConfigurationFile( bat , wrapper_exe , do_throw ) ;
 }
 
 bool Boot::uninstall( const G::Path & , const std::string & name , const G::Path & bat , const G::Path & wrapper_exe )
 {
 	// create an unused config file -- the user can edit it for a manual service install
-	createConfigurationFile( bat , wrapper_exe , false/*do_throw*/ ) ;
+	bool do_throw = false ;
+	createConfigurationFile( bat , wrapper_exe , do_throw ) ;
 
 	return ::service_remove(name).empty() ;
 }
@@ -85,6 +87,11 @@ bool Boot::installed( const G::Path & , const std::string & name )
 	return ::service_installed( name ) ;
 }
 
+bool Boot::launchable( const G::Path & dir , const std::string & )
+{
+	return installable( dir ) ;
+}
+
 void Boot::launch( const G::Path & , const std::string & name )
 {
 	std::string e = ::service_start( name ) ;
diff --git a/src/gui/emailrelay-gui.pro b/src/gui/emailrelay-gui.pro
new file mode 100644
index 0000000..5e12f14
--- /dev/null
+++ b/src/gui/emailrelay-gui.pro
@@ -0,0 +1,89 @@
+#
+# emailrelay-gui.pro
+#
+# QMake project file for the emailrelay gui.
+#
+# Eg:
+#   $ qmake --qt=5 CONFIG+=unix emailrelay-gui.pro
+#   $ make release
+#
+# On windows a static build of emailrelay-gui needs a
+# static build of the Qt library code.
+#
+# Eg:
+#	msvc> cd <qt-source>\qtbase
+#   msvc> edit mkspecs\common\msvc-desktop.conf (/MT)
+#   msvc> PATH=<qt-source>\qtbase\bin;%PATH%
+#   msvc> configure.bat -static -release -prefix "<qt-install>" ... etc
+#   msvc> nmake -f Makefile release
+#   msvc> nmake -f Makefile install
+#
+# Then:
+#   msvc> PATH=<qt-install>\bin;%PATH%
+#   msvc> qmake CONFIG+="win static" emailrelay-gui.pro
+#   msvc> copy ..\main\icon\*.ico .
+#   msvc> mc messages.mc
+#   msvc> nmake -f Makefile release
+#
+
+CONFIG += \
+	warn_on \
+	strict_c++ \
+	debug_and_release \
+	build_all
+
+TEMPLATE = app
+
+QT += widgets
+
+win {
+	QMAKE_LFLAGS += "/MANIFESTUAC:level='highestAvailable'"
+	LIBS += advapi32.lib ole32.lib oleaut32.lib
+	SOURCES += \
+		access_win32.cpp \
+		boot_win32.cpp \
+		dir_win32.cpp \
+		glink_win32.cpp
+}
+
+unix {
+	TARGET = emailrelay-gui.real
+	#LIBS += ...
+	SOURCES += \
+		access_unix.cpp \
+		boot_unix.cpp \
+		dir_unix.cpp \
+		glink_unix.cpp
+}
+
+RC_FILE = emailrelay-gui.rc
+
+build_pass:CONFIG(debug,debug|release) {
+	DEFINES += _DEBUG=1
+}
+
+build_pass:CONFIG(release,debug|release) {
+}
+
+SOURCES += \
+	guimain.cpp \
+	gdialog.cpp \
+	gpage.cpp \
+	pages.cpp \
+	installer.cpp \
+	dir.cpp \
+	glibsources.cpp \
+	legal.cpp \
+	serverconfiguration.cpp
+
+HEADERS += \
+	gdialog.h \
+	gpage.h \
+	pages.h
+
+INCLUDEPATH += \
+	.. \
+	../main \
+	../gssl \
+	../glib
+
diff --git a/src/gui/emailrelay-gui.rc b/src/gui/emailrelay-gui.rc
index 6e1c56e..7570990 100644
--- a/src/gui/emailrelay-gui.rc
+++ b/src/gui/emailrelay-gui.rc
@@ -7,8 +7,8 @@ LANGUAGE 0x9,0x1
 IDI_ICON1 ICON DISCARDABLE "emailrelay-icon.ico"
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2, 2, 1, 0
- PRODUCTVERSION 2, 2, 1, 0
+ FILEVERSION 2, 3, 0, 0
+ PRODUCTVERSION 2, 3, 0, 0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -26,12 +26,12 @@ BEGIN
             VALUE "Comments", "GPL v3 license"
             VALUE "CompanyName", " "
             VALUE "FileDescription", "E-MailRelay GUI Application"
-            VALUE "FileVersion", "2, 2, 1, 0"
+            VALUE "FileVersion", "2, 3, 0, 0"
             VALUE "InternalName", "emailrelay"
-            VALUE "LegalCopyright", "Copyright (C) 2001-2021 Graeme Walker <graeme_walker@users.sourceforge.net>"
+            VALUE "LegalCopyright", "Copyright (C) 2001-2022 Graeme Walker <graeme_walker@users.sourceforge.net>"
             VALUE "OriginalFilename", "emailrelay-gui.exe"
             VALUE "ProductName", "E-MailRelay"
-            VALUE "ProductVersion", "2, 2, 1, 0"
+            VALUE "ProductVersion", "2, 3, 0, 0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/src/gui/gcominit.h b/src/gui/gcominit.h
index 7f46703..2036411 100644
--- a/src/gui/gcominit.h
+++ b/src/gui/gcominit.h
@@ -26,12 +26,13 @@
 #include <objbase.h>
 struct GComInit
 {
-	GComInit() { GDEF_UNUSED HRESULT h = CoInitializeEx(0,0) ; }
+	static void init() { GDEF_UNUSED HRESULT h = CoInitializeEx(0,0) ; }
+	GComInit() { init() ; }
 	~GComInit() { CoUninitialize() ; }
 	GComInit( const GComInit & ) = delete ;
 	GComInit( GComInit && ) = delete ;
-	void operator=( const GComInit & ) = delete ;
-	void operator=( GComInit && ) = delete ;
+	GComInit & operator=( const GComInit & ) = delete ;
+	GComInit & operator=( GComInit && ) = delete ;
 } ;
 #else
 struct GComInit
diff --git a/src/gui/gdialog.cpp b/src/gui/gdialog.cpp
index fa1cf1d..2a526de 100644
--- a/src/gui/gdialog.cpp
+++ b/src/gui/gdialog.cpp
@@ -31,11 +31,17 @@ GDialog::GDialog( const G::Path & virgin_flag_file , bool with_launch ) :
 	m_first(true) ,
 	m_with_launch(with_launch) ,
 	m_next_is_launch(false) ,
+	m_help_button(nullptr) ,
 	m_cancel_button(nullptr) ,
 	m_back_button(nullptr) ,
 	m_next_button(nullptr) ,
 	m_finish_button(nullptr) ,
+	m_button_layout(nullptr) ,
+	m_main_layout(nullptr) ,
 	m_finishing(false) ,
+	m_back_state(false) ,
+	m_next_state(false) ,
+	m_finish_state(false) ,
 	m_virgin_flag_file(virgin_flag_file)
 {
 	m_cancel_button = new QPushButton(tr("Cancel")) ;
@@ -235,7 +241,7 @@ std::string GDialog::currentPageName() const
 
 GPage & GDialog::previousPage( unsigned int distance )
 {
-	if( m_history.size() < (distance+1U) ) throw std::runtime_error("internal error") ;
+	if( m_history.size() < (std::size_t(distance)+1U) ) throw std::runtime_error("internal error") ;
 	auto p = m_history.rbegin() ;
 	while( distance-- ) ++p ;
 	G_DEBUG( "GDialog::previousPage: " << currentPageName() << " -> " << *p ) ;
diff --git a/src/gui/glink_unix.cpp b/src/gui/glink_unix.cpp
index 08ff717..e0dac17 100644
--- a/src/gui/glink_unix.cpp
+++ b/src/gui/glink_unix.cpp
@@ -108,7 +108,7 @@ void G::LinkImp::saveAs( const Path & path )
 	file << "Comment=" << m_description << eol ;
 	file << "Path=" << m_working_dir << eol ;
 	if( ! m_icon_source.str().empty() )
-	file << "Icon=" << m_icon_source << eol ;
+		file << "Icon=" << m_icon_source << eol ;
 	file << "Terminal=" << (m_terminal?"true":"false") << eol ;
 
 	file << "Categories=System;" << eol ;
diff --git a/src/gui/glink_win32.cpp b/src/gui/glink_win32.cpp
index 2571e58..6c00d33 100644
--- a/src/gui/glink_win32.cpp
+++ b/src/gui/glink_win32.cpp
@@ -23,6 +23,7 @@
 #include "glink.h"
 #include "gstr.h"
 #include "gfile.h"
+#include "gcominit.h"
 #include <stdexcept>
 #include <string>
 #include <sstream>
@@ -76,6 +77,7 @@ private:
 	void setShow( int ) ;
 
 private:
+	GComInit m_com_init ;
 	ComPtr<IShellLink> m_ilink ;
 	ComPtr<IPersistFile> m_ipf ;
 
diff --git a/src/gui/guimain.cpp b/src/gui/guimain.cpp
index 1382ea5..a6f7192 100644
--- a/src/gui/guimain.cpp
+++ b/src/gui/guimain.cpp
@@ -204,7 +204,7 @@ bool Application::notify( QObject * p1 , QEvent * p2 )
 		G_ERROR( "exception: " << e.what() ) ;
 		error( e.what() ) ;
 		std::string message = G::StringWrap::wrap( e.what() , "" , "" , 40U ) ;
-		qCritical( "exception: %s" , message.c_str() ) ;
+		qCritical( message.find(' ')==std::string::npos ? "exception: %s" : "%s" , message.c_str() ) ;
 		exit( 3 ) ;
 	}
 	return false ;
@@ -354,7 +354,7 @@ int main( int argc , char * argv [] )
 				if( G::File::exists(pointer_file) )
 				{
 					G_LOG_S( "main: reading directories from [" << pointer_file << "]" ) ;
-					pointer_map = G::MapFile( pointer_file ) ;
+					pointer_map = G::MapFile( pointer_file , "pointer" ) ;
 				}
 				else
 				{
@@ -413,6 +413,8 @@ int main( int argc , char * argv [] )
 			pages_config.add( "=dir-config" , dir_config.str() ) ;
 			pages_config.add( "=dir-install" , dir_install.str() ) ;
 			pages_config.add( "=dir-run" , dir_run.str() ) ;
+			pages_config.add( "=dir-boot" , Dir::boot().str() ) ;
+			pages_config.add( "=dir-boot-enabled" , Boot::installable(Dir::boot()) ? "y" : "n" ) ;
 
 			// set widget states based on the current file-system state
 			if( configure_mode )
@@ -481,7 +483,7 @@ int main( int argc , char * argv [] )
 			d.add( new FilterPage(d,pages_config,"filter","logging","",!configure_mode,isWindows()) ) ;
 			d.add( new ListeningPage(d,pages_config,"listening","startup","") ) ;
 			d.add( new LoggingPage(d,pages_config,"logging","listening","") ) ;
-			d.add( new StartupPage(d,pages_config,"startup","ready","",Boot::able(Dir::boot()),is_mac) ) ;
+			d.add( new StartupPage(d,pages_config,"startup","ready","",is_mac) ) ;
 			d.add( new ReadyPage(d,pages_config,"ready","progress","",!configure_mode) ) ;
 			d.add( new ProgressPage(d,pages_config,"progress","","",installer) ) ;
 			d.add() ;
diff --git a/src/gui/installer.cpp b/src/gui/installer.cpp
index 6e7032c..2b39c90 100644
--- a/src/gui/installer.cpp
+++ b/src/gui/installer.cpp
@@ -136,7 +136,7 @@ struct TrError : std::runtime_error
 #undef CreateDirectory
 #endif
 
-#ifdef G_GUI_DIR_H
+#ifdef G_MAIN_GUI_DIR_H
 #error do not use dir.h from installer.cpp
 #endif
 
@@ -301,12 +301,13 @@ struct UpdateLink : public ActionBase
 struct UpdateBootLink : public ActionBase
 {
 	bool m_active ;
+	bool m_start_on_boot ;
 	trstring m_ok ;
 	G::Path m_dir_boot ;
 	std::string m_name ;
 	G::Path m_startstop_src ;
 	G::Path m_exe ;
-	UpdateBootLink( bool active , G::Path dir_boot , std::string , G::Path startstop_src , G::Path exe ) ;
+	UpdateBootLink( bool active , bool start_on_boot , G::Path dir_boot , std::string , G::Path startstop_src , G::Path exe ) ;
 	void run() override ;
 	trstring text() const override ;
 	std::string subject() const override ;
@@ -317,10 +318,11 @@ struct UpdateBootLink : public ActionBase
 struct InstallService : public ActionBase
 {
 	bool m_active ;
+	bool m_start_on_boot ;
 	trstring m_ok ;
 	G::Path m_bat ;
 	G::Path m_service_wrapper ;
-	InstallService( bool active , G::Path bat , G::Path wrapper ) ;
+	InstallService( bool active , bool start_on_boot , G::Path bat , G::Path wrapper ) ;
 	void run() override ;
 	trstring text() const override ;
 	std::string subject() const override ;
@@ -428,7 +430,9 @@ public:
 
 public:
 	InstallerImp( const InstallerImp & ) = delete ;
-	void operator=( const InstallerImp & ) = delete ;
+	InstallerImp( InstallerImp && ) = delete ;
+	InstallerImp & operator=( const InstallerImp & ) = delete ;
+	InstallerImp & operator=( InstallerImp && ) = delete ;
 
 private:
 	Action & current() ;
@@ -587,7 +591,7 @@ void CopyPayloadFile::run()
 	G::File::mkdirs( m_dst.dirname() , std::nothrow , 8 ) ;
 	G::File::copy( m_src , m_dst ) ;
 
-	if( m_flags.find("x") != std::string::npos ||
+	if( m_flags.find('x') != std::string::npos ||
 		G::File::isExecutable(m_src,std::nothrow) ||
 		m_dst.extension() == "sh" || m_dst.extension() == "bat" ||
 		m_dst.extension() == "exe" || m_dst.extension() == "pl" )
@@ -668,7 +672,7 @@ void FileGroup::run()
 {
 	G::StringArray parts ;
 	G::Str::splitIntoTokens( m_tail , parts , G::Str::ws() ) ; // eg: "daemon 755 g+s"
-	if( parts.size() > 0U && !parts.at(0U).empty() )
+	if( !parts.empty() && !parts.at(0U).empty() )
 		m_ok = G::File::chgrp( m_path , parts.at(0U) , std::nothrow ) ? "" : "failed" ;
 	if( parts.size() > 1U )
 		G::File::chmod( m_path , parts.at(1U) ) ;
@@ -790,33 +794,6 @@ void CreateSecrets::run()
 		}
 	}
 
-	// impose the new field order - remove this eventually
-	{
-		G::StringArray result ;
-		for( auto & line : line_list )
-		{
-			using pos_t = std::string::size_type ;
-			const pos_t npos = std::string::npos ;
-			const std::string ws = G::sv_to_string(G::Str::ws()) ;
-			pos_t pos1 = line.find_first_not_of( ws ) ;
-			pos_t pos2 = pos1 == npos ? npos : line.find_first_of(ws,pos1) ;
-			pos_t pos3 = pos2 == npos ? npos : line.find_first_not_of(ws,pos2) ;
-			pos_t pos4 = pos3 == npos ? npos : line.find_first_of(ws,pos3) ;
-			if( pos4 != npos )
-			{
-				std::string f1 = G::Str::lower(line.substr(pos1,pos2-pos1)) ;
-				std::string f2 = G::Str::lower(line.substr(pos3,pos4-pos3)) ;
-				if( ( f1 == "apop" || f1 == "cram-md5" || f1 == "none" || f1 == "login" || f1 == "plain" ) &&
-					( f2 == "server" || f2 == "client" ) )
-				{
-					line.replace( pos1 , pos4-pos1 , line.substr(pos3,pos4-pos3)+" "+line.substr(pos1,pos2-pos1) ) ;
-				}
-			}
-			result.push_back( line ) ;
-		}
-		line_list.swap( result ) ;
-	}
-
 	// write a header if none
 	if( line_list.empty() )
 	{
@@ -836,10 +813,12 @@ void CreateSecrets::run()
 			line_list.push_back( "#" ) ;
 			line_list.push_back( std::string() + "# " + m_path.basename() ) ;
 			line_list.push_back( "#" ) ;
-			line_list.push_back( "# client plain <name> <password>" ) ;
-			line_list.push_back( "# client md5 <name> <password-hash>" ) ;
-			line_list.push_back( "# server plain <name> <password>" ) ;
-			line_list.push_back( "# server md5 <name> <password-hash>" ) ;
+			line_list.push_back( "# client plain <name(xtext)> <password(xtext)>" ) ;
+			line_list.push_back( "# client plain:b <name(base64)> <password(base64)>" ) ;
+			line_list.push_back( "# client md5 <name(xtext)> <password-hash>" ) ;
+			line_list.push_back( "# server plain <name(xtext)> <password(xtext)>" ) ;
+			line_list.push_back( "# server plain:b <name(base64)> <password(base64)>" ) ;
+			line_list.push_back( "# server md5 <name(xtext)> <password-hash>" ) ;
 			line_list.push_back( "# server none <address-range> <verifier-keyword>" ) ;
 			line_list.push_back( "#" ) ;
 		}
@@ -946,7 +925,7 @@ std::string UpdateLink::subject() const
 
 void UpdateLink::run()
 {
-	new GComInit ; // (leak ok)
+	GDEF_UNUSED GComInit com_init ;
 	if( m_active )
 	{
 		G::Link link( m_target , "E-MailRelay" , "Starts the E-MailRelay server in the background" ,
@@ -970,8 +949,9 @@ trstring UpdateLink::ok() const
 
 // ==
 
-InstallService::InstallService( bool active , G::Path bat , G::Path service_wrapper ) :
+InstallService::InstallService( bool active , bool start_on_boot , G::Path bat , G::Path service_wrapper ) :
 	m_active(active) ,
+	m_start_on_boot(start_on_boot) ,
 	m_bat(bat) ,
 	m_service_wrapper(service_wrapper)
 {
@@ -979,11 +959,15 @@ InstallService::InstallService( bool active , G::Path bat , G::Path service_wrap
 
 void InstallService::run()
 {
-	if( m_bat.empty() || m_service_wrapper.empty() )
+	if( !m_active )
+	{
+		m_ok = tr("nothing to do") ; // see Boot::installable()
+	}
+	else if( m_bat.empty() || m_service_wrapper.empty() )
 	{
 		m_ok = tr("nothing to do") ;
 	}
-	else if( m_active )
+	else if( m_start_on_boot )
 	{
 		Boot::install( G::Path() , "emailrelay" , m_bat , m_service_wrapper ) ;
 	}
@@ -996,7 +980,7 @@ void InstallService::run()
 
 trstring InstallService::text() const
 {
-	return m_active ? tr("installing service") : tr("uninstalling service") ;
+	return (!m_active || m_start_on_boot) ? tr("installing service") : tr("uninstalling service") ;
 }
 
 std::string InstallService::subject() const
@@ -1011,8 +995,9 @@ trstring InstallService::ok() const
 
 // ==
 
-UpdateBootLink::UpdateBootLink( bool active , G::Path dir_boot , std::string name , G::Path startstop_src , G::Path exe ) :
+UpdateBootLink::UpdateBootLink( bool active , bool start_on_boot , G::Path dir_boot , std::string name , G::Path startstop_src , G::Path exe ) :
 	m_active(active) ,
+	m_start_on_boot(start_on_boot) ,
 	m_dir_boot(dir_boot) ,
 	m_name(name) ,
 	m_startstop_src(startstop_src) ,
@@ -1032,11 +1017,15 @@ std::string UpdateBootLink::subject() const
 
 void UpdateBootLink::run()
 {
-	if( m_dir_boot.empty() || m_startstop_src.empty() || m_exe.empty() )
+	if( !m_active )
+	{
+		m_ok = tr("nothing to do") ; // see Boot::installable()
+	}
+	else if( m_dir_boot.empty() || m_startstop_src.empty() || m_exe.empty() )
 	{
 		m_ok = tr("nothing to do") ;
 	}
-	else if( m_active )
+	else if( m_start_on_boot )
 	{
 		Boot::install( m_dir_boot , m_name , m_startstop_src , m_exe ) ;
 	}
@@ -1265,19 +1254,13 @@ void Launcher::run()
 	}
 	else
 	{
-		G::NewProcess task(
-			G::NewProcessConfig( m_cmd )
-				.set_fd_stdout( G::NewProcess::Fd::devnull() )
-				.set_fd_stderr( G::NewProcess::Fd::pipe() )
-				.set_exec_error_format( "failed to execute ["+m_cmd.exe().str()+"]: __strerror__" ) ) ;
-
-		int rc = task.waitable().wait().get() ;
-		std::string output = G::Str::printable( G::Str::trimmed(task.waitable().output(),G::Str::ws()) ) ;
-		if( rc != 0 && output.empty() )
-			output = "exit " + G::Str::fromInt(rc) ;
-
-		if( rc != 0 )
-			throw std::runtime_error( output ) ;
+		// (keep it simple -- a console window will pop up to show
+		// problems running the batch file and the emailrelay log
+		// file is tail-ed by ProgressPage -- using G::NewProcess
+		// doesn't work well because stderr is not always inherited
+		// and then closed cleanly)
+		std::string s = m_cmd.exe().str() ;
+		(void) system( s.c_str() ) ;
 	}
 }
 
@@ -1299,8 +1282,7 @@ trstring Launcher::ok() const
 // ==
 
 JustTesting::JustTesting()
-{
-}
+= default ;
 
 trstring JustTesting::ok() const
 {
@@ -1546,20 +1528,20 @@ void InstallerImp::addActions()
 		G::MapFile payload_map( m_payload + "payload.cfg" ) ;
 
 		// add the file copy tasks
-		const G::StringArray keys = payload_map.keys() ;
+		G::StringArray keys = payload_map.keys() ;
 		for( const auto & key : keys )
 		{
 			const std::string & value = payload_map.value( key ) ;
-			if( key.find("+") == 0U && key.length() > 1U && value.find("group ") == 0U && value.length() > 6U )
+			if( key.find('+') == 0U && key.length() > 1U && value.find("group ") == 0U && value.length() > 6U )
 				addAction( new FileGroup(m_var.expand(key.substr(1U)),value.substr(6U)) ) ;
 			if( key.find_first_of("-+=") == 0U )
 				continue ;
 
 			std::string dst = m_var.expand( value ) ;
-			bool is_directory_tree = key.size() && key.at(key.size()-1U) == '/' ;
+			bool is_directory_tree = !key.empty() && key.at(key.size()-1U) == '/' ;
 
 			// allow for flags such as "+x" decorating the destination
-			std::string::size_type flags_pos = dst.find_last_of("+") ;
+			std::string::size_type flags_pos = dst.find_last_of('+') ;
 			std::string flags = G::Str::tail( dst , flags_pos , std::string() ) ;
 			dst = G::Str::trimmed( G::Str::head( dst , flags_pos , dst ) , G::Str::ws() ) ;
 
@@ -1647,6 +1629,7 @@ void InstallerImp::addActions()
 		bool do_menu = yes(pvalue("start-link-menu")) && !yes(pvalue("start-is-mac")) ;
 		bool do_login = yes(pvalue("start-at-login")) ;
 		bool do_boot = yes(pvalue("start-on-boot")) ;
+		bool do_boot_enabled = yes(pvalue("start-on-boot-enabled")) ; // see Boot::installable()
 
 		G::Path dir_desktop = pvalue( "dir-desktop" ) ;
 		G::Path dir_menu = pvalue( "dir-menu" ) ;
@@ -1666,14 +1649,14 @@ void InstallerImp::addActions()
 		{
 			addAction( new UpdateLink(UpdateLink::LinkType::BatchFile,true,dir_install,working_dir,target,args,icon) ) ;
 			G::Path service_wrapper = ivalue( "-servicewrapper" ) ;
-			addAction( new InstallService(do_boot,bat,service_wrapper) ) ;
+			addAction( new InstallService(do_boot_enabled,do_boot,bat,service_wrapper) ) ;
 		}
 		else
 		{
 			// install the startstop script and its config file
 			G::Path conftemplate_src = m_installing ? ivalue( "-conftemplate" ) : std::string() ;
 			G::MapFile server_config = ServerConfiguration::fromPages(m_pages_output).map() ;
-			addAction( new UpdateBootLink(do_boot,dir_boot,"emailrelay",ivalue("-startstop"),server_exe) ) ;
+			addAction( new UpdateBootLink(do_boot_enabled,do_boot,dir_boot,"emailrelay",ivalue("-startstop"),server_exe) ) ;
 			addAction( new CreateConfigFile(dir_config,"emailrelay.conf",conftemplate_src) ) ;
 			addAction( new EditConfigFile(dir_config,"emailrelay.conf",server_config,!m_installing) ) ;
 		}
@@ -1742,8 +1725,7 @@ Installer::Installer( bool installing , bool is_windows , bool is_mac , const G:
 }
 
 Installer::~Installer()
-{
-}
+= default ;
 
 void Installer::start( std::istream & input_stream )
 {
diff --git a/src/gui/pages.cpp b/src/gui/pages.cpp
index 74f73c9..4033297 100644
--- a/src/gui/pages.cpp
+++ b/src/gui/pages.cpp
@@ -41,16 +41,9 @@
 
 namespace
 {
-	std::string encode( const std::string & pwd_utf8 , const std::string & mechanism )
+	std::string encode( const std::string & s )
 	{
-		return
-			mechanism == "CRAM-MD5" ?
-				G::Base64::encode( G::Hash::mask(G::Md5::predigest,G::Md5::digest2,G::Md5::blocksize(),pwd_utf8) ) :
-				G::Xtext::encode( pwd_utf8 ) ;
-	}
-	std::string encode( const std::string & id_utf8 )
-	{
-		return G::Xtext::encode( id_utf8 ) ;
+		return G::Base64::encode( s ) ;
 	}
 }
 
@@ -712,16 +705,15 @@ void PopPage::dump( std::ostream & stream , bool for_install ) const
 	dumpItem( stream , for_install , "pop-shared-no-delete" , value(m_no_delete_checkbox) ) ;
 	dumpItem( stream , for_install , "pop-by-name" , value(m_pop_by_name) ) ;
 
-	std::string mechanism( "plain" ) ;
-	dumpItem( stream , for_install , "pop-auth-mechanism" , mechanism ) ;
+	dumpItem( stream , for_install , "pop-auth-mechanism" , std::string("plain:b") ) ;
 	if( for_install )
 	{
 		dumpItem( stream , for_install , "pop-account-1-name" , encode(value_utf8(m_name_1)) ) ;
-		dumpItem( stream , for_install , "pop-account-1-password" , encode(value_utf8(m_pwd_1),mechanism) ) ;
+		dumpItem( stream , for_install , "pop-account-1-password" , encode(value_utf8(m_pwd_1)) ) ;
 		dumpItem( stream , for_install , "pop-account-2-name" , encode(value_utf8(m_name_2)) ) ;
-		dumpItem( stream , for_install , "pop-account-2-password" , encode(value_utf8(m_pwd_2),mechanism) ) ;
+		dumpItem( stream , for_install , "pop-account-2-password" , encode(value_utf8(m_pwd_2)) ) ;
 		dumpItem( stream , for_install , "pop-account-3-name" , encode(value_utf8(m_name_3)) ) ;
-		dumpItem( stream , for_install , "pop-account-3-password" , encode(value_utf8(m_pwd_3),mechanism) ) ;
+		dumpItem( stream , for_install , "pop-account-3-password" , encode(value_utf8(m_pwd_3)) ) ;
 	}
 }
 
@@ -929,15 +921,14 @@ std::string SmtpServerPage::nextPage()
 
 void SmtpServerPage::dump( std::ostream & stream , bool for_install ) const
 {
-	std::string mechanism = "plain" ; // was value(m_mechanism_combo)
 	GPage::dump( stream , for_install ) ;
 	dumpItem( stream , for_install , "smtp-server-port" , value(m_port_edit_box) ) ;
 	dumpItem( stream , for_install , "smtp-server-auth" , value(m_auth_checkbox) ) ;
-	dumpItem( stream , for_install , "smtp-server-auth-mechanism" , mechanism ) ;
+	dumpItem( stream , for_install , "smtp-server-auth-mechanism" , std::string("plain:b") ) ;
 	if( for_install )
 	{
 		dumpItem( stream , for_install , "smtp-server-account-name" , encode(value_utf8(m_account_name)) ) ;
-		dumpItem( stream , for_install , "smtp-server-account-password" , encode(value_utf8(m_account_pwd),mechanism) ) ;
+		dumpItem( stream , for_install , "smtp-server-account-password" , encode(value_utf8(m_account_pwd)) ) ;
 	}
 	dumpItem( stream , for_install , "smtp-server-trust" , value(m_trust_address) ) ;
 	dumpItem( stream , for_install , "smtp-server-tls" , value(m_tls_checkbox->isChecked() && m_tls_starttls->isChecked()) ) ;
@@ -1361,17 +1352,16 @@ std::string SmtpClientPage::nextPage()
 void SmtpClientPage::dump( std::ostream & stream , bool for_install ) const
 {
 	GPage::dump( stream , for_install ) ;
-	std::string mechanism = "plain" ; // was value(m_mechanism_combo)
 	dumpItem( stream , for_install , "smtp-client-host" , value(m_server_edit_box) ) ;
 	dumpItem( stream , for_install , "smtp-client-port" , value(m_port_edit_box) ) ;
 	dumpItem( stream , for_install , "smtp-client-tls" , value(m_tls_checkbox->isChecked()&&!m_tls_tunnel->isChecked()) ) ;
 	dumpItem( stream , for_install , "smtp-client-tls-connection" , value(m_tls_checkbox->isChecked()&&m_tls_tunnel->isChecked()) ) ;
 	dumpItem( stream , for_install , "smtp-client-auth" , value(m_auth_checkbox) ) ;
-	dumpItem( stream , for_install , "smtp-client-auth-mechanism" , mechanism ) ;
+	dumpItem( stream , for_install , "smtp-client-auth-mechanism" , std::string("plain:b") ) ;
 	if( for_install )
 	{
 		dumpItem( stream , for_install , "smtp-client-account-name" , encode(value_utf8(m_account_name)) ) ;
-		dumpItem( stream , for_install , "smtp-client-account-password" , encode(value_utf8(m_account_pwd),mechanism) ) ;
+		dumpItem( stream , for_install , "smtp-client-account-password" , encode(value_utf8(m_account_pwd)) ) ;
 	}
 }
 
@@ -1488,10 +1478,10 @@ std::string LoggingPage::nextPage()
 
 bool LoggingPage::isComplete()
 {
-    G_DEBUG( "LoggingPage::isComplete: " << m_log_output_file_checkbox->isChecked() << " " << value(m_log_output_file_edit_box) ) ;
-    return
-        !m_log_output_file_checkbox->isChecked() ||
-        !m_log_output_file_edit_box->text().trimmed().isEmpty() ;
+	G_DEBUG( "LoggingPage::isComplete: " << m_log_output_file_checkbox->isChecked() << " " << value(m_log_output_file_edit_box) ) ;
+	return
+		!m_log_output_file_checkbox->isChecked() ||
+		!m_log_output_file_edit_box->text().trimmed().isEmpty() ;
 }
 
 void LoggingPage::browseLogFile()
@@ -1698,8 +1688,7 @@ void ListeningPage::dump( std::ostream & stream , bool for_install ) const
 // ==
 
 StartupPage::StartupPage( GDialog & dialog , const G::MapFile & config , const std::string & name ,
-	const std::string & next_1 , const std::string & next_2 ,
-	bool start_on_boot_able , bool is_mac ) :
+	const std::string & next_1 , const std::string & next_2 , bool is_mac ) :
 		GPage(dialog,name,next_1,next_2) ,
 		m_is_mac(is_mac)
 {
@@ -1722,12 +1711,12 @@ StartupPage::StartupPage( GDialog & dialog , const G::MapFile & config , const s
 		m_add_desktop_item_checkbox->setEnabled( false ) ;
 	}
 	m_at_login_checkbox->setEnabled( !Dir::autostart().str().empty() ) ;
-	m_on_boot_checkbox->setEnabled( start_on_boot_able ) ;
+	m_on_boot_checkbox->setEnabled( config.booleanValue("=dir-boot-enabled",false) ) ;
 
 	m_at_login_checkbox->setChecked( !Dir::autostart().str().empty() && config.booleanValue("start-at-login",false) ) ;
 	m_add_menu_item_checkbox->setChecked( !m_is_mac && config.booleanValue("start-link-menu",true) ) ;
 	m_add_desktop_item_checkbox->setChecked( !m_is_mac && config.booleanValue("start-link-desktop",false) ) ;
-	m_on_boot_checkbox->setChecked( start_on_boot_able && config.booleanValue("start-on-boot",false) ) ;
+	m_on_boot_checkbox->setChecked( config.booleanValue("start-on-boot",false) ) ;
 
 	QGroupBox * auto_group = new QGroupBox( tr("Automatic") ) ;
 	auto_group->setLayout( auto_layout ) ;
@@ -1760,6 +1749,7 @@ std::string StartupPage::nextPage()
 void StartupPage::dump( std::ostream & stream , bool for_install ) const
 {
 	GPage::dump( stream , for_install ) ;
+	dumpItem( stream , for_install , "start-on-boot-enabled" , std::string(m_on_boot_checkbox->isEnabled()?"y":"n") ) ;
 	dumpItem( stream , for_install , "start-on-boot" , value(m_on_boot_checkbox) ) ;
 	dumpItem( stream , for_install , "start-at-login" , value(m_at_login_checkbox) ) ;
 	dumpItem( stream , for_install , "start-link-menu" , value(m_add_menu_item_checkbox) ) ;
@@ -1961,7 +1951,7 @@ void ProgressPage::onInstallTimeout()
 					m_logwatch_thread->start() ;
 			}
 		}
-		emit pageUpdateSignal() ;
+		emit pageUpdateSignal() ; // NOLINT
 	}
 	catch( std::exception & e )
 	{
@@ -2032,7 +2022,7 @@ QString ProgressPage::format( const Installer::Output & output )
 			return tr("%1... %2","7").arg(action_tr,error_native) ;
 		else
 			//: installer progress item, untranslated subject, with native error result
-			return tr("%1 [%3]... %2","8").arg(action_tr,error_native,subject_native)  ;
+			return tr("%1 [%3]... %2","8").arg(action_tr,error_native,subject_native) ;
 	}
 	else
 	{
@@ -2041,7 +2031,7 @@ QString ProgressPage::format( const Installer::Output & output )
 			return tr("%1... %2: %3","9").arg(action_tr,error_tr,error_native) ;
 		else
 			//: installer progress item, untranslated subject, with translated error result and untranslated error subject
-			return tr("%1 [%3]... %2: %4","10").arg(action_tr,error_tr,subject_native,error_native)  ;
+			return tr("%1 [%3]... %2: %4","10").arg(action_tr,error_tr,subject_native,error_native) ;
 	}
 }
 
diff --git a/src/gui/pages.h b/src/gui/pages.h
index 626b1cb..bd0a0fa 100644
--- a/src/gui/pages.h
+++ b/src/gui/pages.h
@@ -105,22 +105,18 @@ private:
 
 private:
 	bool m_installing ;
-	QLabel * m_install_dir_title ;
 	QLabel * m_install_dir_label ;
 	QString m_install_dir_start ;
 	QLineEdit * m_install_dir_edit_box ;
 	QPushButton * m_install_dir_browse_button ;
-	QLabel * m_spool_dir_title ;
 	QLabel * m_spool_dir_label ;
 	QString m_spool_dir_start ;
 	QLineEdit * m_spool_dir_edit_box ;
 	QPushButton * m_spool_dir_browse_button ;
-	QLabel * m_config_dir_title ;
 	QLabel * m_config_dir_label ;
 	QString m_config_dir_start ;
 	QLineEdit * m_config_dir_edit_box ;
 	QPushButton * m_config_dir_browse_button ;
-	QLabel * m_runtime_dir_title ;
 	QLabel * m_runtime_dir_label ;
 	QString m_runtime_dir_start ;
 	QLineEdit * m_runtime_dir_edit_box ;
@@ -214,7 +210,6 @@ private:
 	QPushButton * m_tls_browse_button ;
 	QLabel * m_tls_certificate_label ;
 	QLineEdit * m_tls_certificate_edit_box ;
-	QHBoxLayout * m_tls_inner_layout ;
 
 private slots:
 	void onToggle() ;
@@ -295,8 +290,7 @@ class StartupPage : public GPage
 {Q_OBJECT
 public:
 	StartupPage( GDialog & dialog , const G::MapFile & config , const std::string & name ,
-		const std::string & next_1 , const std::string & next_2 ,
-		bool start_on_boot_able , bool is_mac ) ;
+		const std::string & next_1 , const std::string & next_2 , bool is_mac ) ;
 
 	std::string nextPage() override ;
 	void dump( std::ostream & , bool ) const override ;
diff --git a/src/gui/serverconfiguration.cpp b/src/gui/serverconfiguration.cpp
index 15842f4..5c5f70d 100644
--- a/src/gui/serverconfiguration.cpp
+++ b/src/gui/serverconfiguration.cpp
@@ -45,19 +45,18 @@ G::MapFile ServerConfiguration::read( const G::Path & config_file )
 	{
 		// read the batch file and parse the command-line
 		G::BatchFile batch_file( config_file , std::nothrow ) ;
-		G::StringArray const args = batch_file.args() ;
-		if( args.size() != 0U )
+		if( !batch_file.args().empty() )
 		{
 			G::OptionMap option_map ;
 			G::Options options = Main::Options::spec( G::is_windows() ) ;
 			G::OptionParser parser( options , option_map ) ;
-			parser.parse( args , 1U ) ; // ignore errors
+			parser.parse( batch_file.args() , 1U ) ; // ignore errors
 			config = G::MapFile( option_map , G::Str::positive() ) ;
 		}
 	}
 	else
 	{
-		config = G::MapFile( config_file ) ;
+		config = G::MapFile( config_file , "config" ) ;
 	}
 
 	// normalise by expanding "--as-whatever" etc.
diff --git a/src/main/configuration.cpp b/src/main/configuration.cpp
index 603fa8c..fe36199 100644
--- a/src/main/configuration.cpp
+++ b/src/main/configuration.cpp
@@ -770,12 +770,6 @@ G::StringArray Main::Configuration::semantics( bool want_errors ) const
 			gettext("the --show option is ignored when using --no-daemon, --as-client or --hidden") ) ;
 	}
 
-	if( m_map.contains("dnsblock") && !m_map.contains("remote-clients") )
-	{
-		warnings.push_back(
-			gettext("the --dnsblock option should be used with --remote-clients") ) ;
-	}
-
 	return want_errors ? errors : warnings ;
 }
 
diff --git a/src/main/emailrelay.rc b/src/main/emailrelay.rc
index e224b23..a7df416 100644
--- a/src/main/emailrelay.rc
+++ b/src/main/emailrelay.rc
@@ -43,8 +43,8 @@ BEGIN
 END
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2, 2, 1, 0
- PRODUCTVERSION 2, 2, 1, 0
+ FILEVERSION 2, 3, 0, 0
+ PRODUCTVERSION 2, 3, 0, 0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -62,12 +62,12 @@ BEGIN
             VALUE "Comments", "GPL v3 license"
             VALUE "CompanyName", " "
             VALUE "FileDescription", "E-MailRelay Application"
-            VALUE "FileVersion", "2, 2, 1, 0"
+            VALUE "FileVersion", "2, 3, 0, 0"
             VALUE "InternalName", "emailrelay"
             VALUE "LegalCopyright", "Copyright (C) 2001-2022 Graeme Walker <graeme_walker@users.sourceforge.net>"
             VALUE "OriginalFilename", "emailrelay.exe"
             VALUE "ProductName", "E-MailRelay"
-            VALUE "ProductVersion", "2, 2, 1, 0"
+            VALUE "ProductVersion", "2, 3, 0, 0"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/src/main/legal.cpp b/src/main/legal.cpp
index 32f7f79..95de8a9 100644
--- a/src/main/legal.cpp
+++ b/src/main/legal.cpp
@@ -25,7 +25,7 @@
 
 std::string Main::Legal::copyright()
 {
-	return "Copyright (C) 2001-2021 Graeme Walker" ;
+	return "Copyright (C) 2001-2022 Graeme Walker" ;
 }
 
 std::string Main::Legal::warranty( const std::string & prefix , const std::string & eol )
diff --git a/src/main/options.cpp b/src/main/options.cpp
index 15c5322..9f83953 100644
--- a/src/main/options.cpp
+++ b/src/main/options.cpp
@@ -52,7 +52,7 @@ G::Options Main::Options::spec( bool is_windows )
 			gettext("hides the application window and suppresses message boxes (requires --no-daemon)") ,
 			"0" , "" , "3" } , '!' ) ;
 				// Windows only. Hides the application window and disables all message
-				// boxes, overriding any "--show" option. This is useful when running
+				// boxes, overriding any --show option. This is useful when running
 				// as a windows service.
 
 		opt.add( { "" , "show" ,
@@ -60,8 +60,8 @@ G::Options Main::Options::spec( bool is_windows )
 			"1" , "style" , "3" } , '!' ) ;
 				// Windows only. Starts the application window in the given style: "hidden",
 				// "popup", "window", "window,tray", or "tray". Ignored if also using
-				// "--no-daemon" or "--hidden". If none of "--window", "--no-daemon" and
-				// "--hidden" are used then the default style is "tray".
+				// --no-daemon or --hidden. If none of --window, --no-daemon and
+				// --hidden are used then the default style is "tray".
 	}
 	else
 	{
@@ -91,9 +91,10 @@ G::Options Main::Options::spec( bool is_windows )
 			"1" , "username" , "3" } , '!' ) ;
 				//default: daemon
 				//example: nobody
-				// When started as root the program switches to an non-privileged effective
-				// user-id when idle. This option can be used to define which user-id is
-				// used. Specify "root" to disable all user-id switching. Ignored on Windows.
+				// When started as root the program switches to a non-privileged effective
+				// user-id when idle. This option can be used to define the idle user-id and
+				// also the group ownership of new files and sockets. Specify "root" to
+				// disable all user-id switching. Ignored on Windows.
 
 		opt.add( { "k" , "syslog" ,
 			gettext("forces syslog output if logging is enabled (overrides --no-syslog)") ,
@@ -112,8 +113,9 @@ G::Options Main::Options::spec( bool is_windows )
 			gettext("enables text localisation using the given locale base directory") ,
 				"1" , "dir" , "3" } , '!' ) ;
 					//example: /opt/share/locale
-					// Specifies a locale base directory where localisation message catalogues
-					// can be found. An empty directory can be used for the built-in default.
+					// Enables localisation and specifies the locale base directory where
+					// message catalogues can be found. An empty directory can be used
+					// for the built-in default.
 	}
 
 	{
diff --git a/src/main/passwd.cpp b/src/main/passwd.cpp
index 22cc426..a3f25e1 100644
--- a/src/main/passwd.cpp
+++ b/src/main/passwd.cpp
@@ -209,10 +209,10 @@ std::string as_dotted( const std::string & masked_key )
 	for( int i = 0 ; i < 8 ; i++ )
 	{
 		G::Md5::big_t d = 0U ;
-		for( int j = 0 ; j < 4 ; j++ )
+		for( unsigned int j = 0U ; j < 4U ; j++ )
 		{
 			G::Md5::big_t n = static_cast<unsigned char>( *p++ ) ;
-			n <<= (8*j) ;
+			n <<= (j*8U) ;
 			d |= n ;
 		}
 		ss << (i==0?"":".") << d ;
diff --git a/src/main/run.cpp b/src/main/run.cpp
index 68d703c..c521ee5 100644
--- a/src/main/run.cpp
+++ b/src/main/run.cpp
@@ -68,7 +68,7 @@ namespace { std::string localedir() { return std::string() ; } }
 
 std::string Main::Run::versionNumber()
 {
-	return "2.2.1" ;
+	return "2.3" ;
 }
 
 Main::Run::Run( Main::Output & output , const G::Arg & arg , bool is_windows , bool has_gui ) :
@@ -324,8 +324,9 @@ void Main::Run::run()
 
 	// create message store singletons
 	//
-	m_store = std::make_unique<GSmtp::FileStore>( configuration().spoolDir() , false ,
+	m_store = std::make_unique<GSmtp::FileStore>( configuration().spoolDir() ,
 		configuration().maxSize() , configuration().eightBitTest() ) ;
+	m_filter_factory = std::make_unique<GSmtp::FilterFactoryFileStore>( *m_store ) ;
 	m_store->messageStoreRescanSignal().connect( G::Slot::slot(*this,&Run::onStoreRescanEvent) ) ;
 	if( do_pop )
 	{
@@ -362,6 +363,7 @@ void Main::Run::run()
 		m_smtp_server = std::make_unique<GSmtp::Server>(
 			m_es_rethrow ,
 			*m_store ,
+			*m_filter_factory ,
 			*m_client_secrets ,
 			*m_server_secrets ,
 			smtpServerConfig() ,
@@ -394,6 +396,7 @@ void Main::Run::run()
 			m_es_rethrow ,
 			configuration() ,
 			*m_store ,
+			*m_filter_factory ,
 			m_forward_request_signal ,
 			GNet::ServerPeerConfig(0U) ,
 			netServerConfig() ,
@@ -479,31 +482,24 @@ void Main::Run::checkPort( bool check , const std::string & ip , unsigned int po
 	if( check )
 	{
 		const bool do_throw = true ;
-		try
+		if( ip.empty() )
 		{
-			if( ip.empty() )
+			if( GNet::Address::supports( GNet::Address::Family::ipv6 ) &&
+				GNet::StreamSocket::supports( GNet::Address::Family::ipv6 ) )
 			{
-				if( GNet::Address::supports( GNet::Address::Family::ipv6 ) &&
-					GNet::StreamSocket::supports( GNet::Address::Family::ipv6 ) )
-				{
-					GNet::Address address( GNet::Address::Family::ipv6 , port ) ;
-					GNet::Server::canBind( address , do_throw ) ;
-				}
-				if( GNet::Address::supports( GNet::Address::Family::ipv4 ) )
-				{
-					GNet::Address address( GNet::Address::Family::ipv4 , port ) ;
-					GNet::Server::canBind( address , do_throw ) ;
-				}
+				GNet::Address address( GNet::Address::Family::ipv6 , port ) ;
+				GNet::Server::canBind( address , do_throw ) ;
 			}
-			else if( GNet::Address::validStrings(ip,"0") )
+			if( GNet::Address::supports( GNet::Address::Family::ipv4 ) )
 			{
-				GNet::Address address = GNet::Address::parse( ip , port ) ;
+				GNet::Address address( GNet::Address::Family::ipv4 , port ) ;
 				GNet::Server::canBind( address , do_throw ) ;
 			}
 		}
-		catch( G::Exception & e )
+		else if( GNet::Address::validStrings(ip,"0") )
 		{
-			throw e.translated() ;
+			GNet::Address address = GNet::Address::parse( ip , port ) ;
+			GNet::Server::canBind( address , do_throw ) ;
 		}
 	}
 }
@@ -701,6 +697,7 @@ std::string Main::Run::startForwarding()
 			G_ASSERT( m_client_secrets != nullptr ) ;
 			m_client_ptr.reset( std::make_unique<GSmtp::Client>(
 				GNet::ExceptionSink(m_client_ptr,nullptr) ,
+				*m_filter_factory ,
 				GNet::Location(configuration().serverAddress(),resolverFamily()) ,
 				*m_client_secrets ,
 				clientConfig() ) ) ;
@@ -875,7 +872,7 @@ G::Path Main::Run::appDir() const
 }
 
 std::unique_ptr<GSmtp::AdminServer> Main::Run::newAdminServer( GNet::ExceptionSink es ,
-	const Configuration & cfg , GSmtp::MessageStore & store ,
+	const Configuration & cfg , GSmtp::MessageStore & store , GSmtp::FilterFactory & ff ,
 	G::Slot::Signal<const std::string&> & forward_request_signal ,
 	const GNet::ServerPeerConfig & server_peer_config , const GNet::ServerConfig & net_server_config ,
 	const GSmtp::Client::Config & client_config , const GAuth::Secrets & client_secrets ,
@@ -894,6 +891,7 @@ std::unique_ptr<GSmtp::AdminServer> Main::Run::newAdminServer( GNet::ExceptionSi
 	return std::make_unique<GSmtp::AdminServer>(
 			es ,
 			store ,
+			ff ,
 			forward_request_signal ,
 			server_peer_config ,
 			net_server_config ,
diff --git a/src/main/run.h b/src/main/run.h
index 54ecf1d..cdff031 100644
--- a/src/main/run.h
+++ b/src/main/run.h
@@ -166,7 +166,7 @@ private:
 	static std::string buildConfiguration() ;
 	G::Path appDir() const ;
 	std::unique_ptr<GSmtp::AdminServer> newAdminServer( GNet::ExceptionSink ,
-		const Configuration & , GSmtp::MessageStore & ,
+		const Configuration & , GSmtp::MessageStore & , GSmtp::FilterFactory & ,
 		G::Slot::Signal<const std::string&> & ,
 		const GNet::ServerPeerConfig & ,
 		const GNet::ServerConfig & , const GSmtp::Client::Config & ,
@@ -191,6 +191,7 @@ private:
 	std::unique_ptr<GSsl::Library> m_tls_library ;
 	std::unique_ptr<GNet::Monitor> m_monitor ;
 	std::unique_ptr<GSmtp::FileStore> m_store ;
+	std::unique_ptr<GSmtp::FilterFactory> m_filter_factory ;
 	std::unique_ptr<GAuth::Secrets> m_client_secrets ;
 	std::unique_ptr<GAuth::Secrets> m_server_secrets ;
 	std::unique_ptr<GAuth::Secrets> m_pop_secrets ;
diff --git a/src/main/servicecontrol.h b/src/main/servicecontrol.h
index 1aa0d1e..402245b 100644
--- a/src/main/servicecontrol.h
+++ b/src/main/servicecontrol.h
@@ -21,6 +21,7 @@
 #ifndef G_MAIN_SERVICE_CONTROL_H
 #define G_MAIN_SERVICE_CONTROL_H
 
+#include "gdef.h"
 #include <string>
 
 std::string service_install( const std::string & commandline , const std::string & name ,
diff --git a/src/main/servicecontrol_win32.cpp b/src/main/servicecontrol_win32.cpp
index 05034c1..325e195 100644
--- a/src/main/servicecontrol_win32.cpp
+++ b/src/main/servicecontrol_win32.cpp
@@ -18,8 +18,8 @@
 /// \file servicecontrol_win32.cpp
 ///
 
+#include "gdef.h"
 #include "servicecontrol.h"
-#include <windows.h>
 #include <sstream>
 #include <utility>
 #include <stdexcept>
@@ -89,13 +89,13 @@ public:
 
 private:
 	SC_HANDLE open( SC_HANDLE , const std::string & ) ;
-	void remove( SC_HANDLE ) ;
-	void remove( SC_HANDLE , std::nothrow_t ) ;
+	static void removeImp( SC_HANDLE ) ;
+	static void removeImp( SC_HANDLE , std::nothrow_t ) ;
 	void stop( SC_HANDLE ) ;
 	void stop( SC_HANDLE , std::nothrow_t ) ;
 	DWORD status() const ;
 	SC_HANDLE h() const ;
-	SC_HANDLE create_imp( SC_HANDLE , const std::string & , const std::string & , DWORD , const std::string & ) ;
+	SC_HANDLE createImp( SC_HANDLE , const std::string & , const std::string & , DWORD , const std::string & ) ;
 
 private:
 	SC_HANDLE m_h{0} ;
@@ -153,7 +153,7 @@ SC_HANDLE ServiceControl::Manager::h() const
 
 // ==
 
-ServiceControl::Service::Service( const Manager & manager , const std::string & name , DWORD access ) :
+ServiceControl::Service::Service( const Manager & manager , const std::string & name , DWORD /*access*/ ) :
 	m_h(open(manager.h(),name))
 {
 }
@@ -182,7 +182,7 @@ SC_HANDLE ServiceControl::Service::h() const
 	return m_h ;
 }
 
-SC_HANDLE ServiceControl::Service::create_imp( SC_HANDLE hmanager , const std::string & name ,
+SC_HANDLE ServiceControl::Service::createImp( SC_HANDLE hmanager , const std::string & name ,
 	const std::string & display_name , DWORD start_type , const std::string & commandline )
 {
 	return CreateServiceA( hmanager , name.c_str() , display_name.c_str() ,
@@ -194,7 +194,7 @@ SC_HANDLE ServiceControl::Service::create_imp( SC_HANDLE hmanager , const std::s
 void ServiceControl::Service::create( const Manager & manager , const std::string & name ,
 	const std::string & display_name , DWORD start_type , const std::string & commandline )
 {
-	m_h = create_imp( manager.h() , name , display_name , start_type , commandline ) ;
+	m_h = createImp( manager.h() , name , display_name , start_type , commandline ) ;
 	if( m_h == 0 )
 	{
 		DWORD e = GetLastError() ;
@@ -204,10 +204,10 @@ void ServiceControl::Service::create( const Manager & manager , const std::strin
 				SC_HANDLE h = open( manager.h() , name ) ;
 				ScopeExitCloser closer( h ) ;
 				stop( h , std::nothrow ) ;
-				remove( h , std::nothrow ) ;
+				removeImp( h , std::nothrow ) ;
 			}
 
-			m_h = create_imp( manager.h() , name , display_name , start_type , commandline ) ;
+			m_h = createImp( manager.h() , name , display_name , start_type , commandline ) ;
 			if( m_h == 0 )
 				e = GetLastError() ;
 		}
@@ -222,9 +222,10 @@ void ServiceControl::Service::configure( const std::string & description_in , co
 	if( description.empty() )
 		description = ( display_name + " service" ) ;
 
-	if( REG_SZ > 5 && (description.length()+5) > REG_SZ )
+	static constexpr std::size_t limit = 2048U ;
+	if( (description.length()+5U) > limit )
 	{
-		description.resize( REG_SZ-5 ) ;
+		description.resize( limit-5U ) ;
 		description.append( "..." ) ;
 	}
 
@@ -248,17 +249,17 @@ void ServiceControl::Service::stop( SC_HANDLE h , std::nothrow_t )
 
 void ServiceControl::Service::remove()
 {
-	remove( m_h ) ;
+	removeImp( m_h ) ;
 }
 
-void ServiceControl::Service::remove( SC_HANDLE h , std::nothrow_t )
+void ServiceControl::Service::removeImp( SC_HANDLE h , std::nothrow_t )
 {
 	DeleteService( h ) ;
 }
 
-void ServiceControl::Service::remove( SC_HANDLE h )
+void ServiceControl::Service::removeImp( SC_HANDLE h )
 {
-	bool delete_ok = !!DeleteService( m_h ) ;
+	bool delete_ok = !!DeleteService( h ) ;
 	if( !delete_ok )
 	{
 		DWORD e = GetLastError() ;
diff --git a/src/main/submit.cpp b/src/main/submit.cpp
index 177691b..101a0b5 100644
--- a/src/main/submit.cpp
+++ b/src/main/submit.cpp
@@ -64,7 +64,7 @@ G_EXCEPTION_CLASS( NoBody , "no body text" ) ;
 
 std::string versionNumber()
 {
-	return "2.2.1" ;
+	return "2.3" ;
 }
 
 static std::string writeFiles( const G::Path & spool_dir ,
@@ -75,7 +75,7 @@ static std::string writeFiles( const G::Path & spool_dir ,
 	// create the output file
 	//
 	std::string envelope_from = from.empty() ? "anonymous" : from ;
-	GSmtp::FileStore store( spool_dir , /*optimise_empty_test=*/true , /*max_size=*/0U , /*test_for_eight_bit=*/true ) ;
+	GSmtp::FileStore store( spool_dir , /*max_size=*/0U , /*test_for_eight_bit=*/true ) ;
 	std::unique_ptr<GSmtp::NewMessage> msg = store.newMessage( envelope_from , from_auth_in , from_auth_out ) ;
 
 	// add "To:" lines to the envelope
@@ -83,7 +83,7 @@ static std::string writeFiles( const G::Path & spool_dir ,
 	for( auto to : envelope_to_list )
 	{
 		G::Str::trim( to , {" \t\r\n",4U} ) ;
-		GSmtp::VerifierStatus status( to ) ;
+		GSmtp::VerifierStatus status = GSmtp::VerifierStatus::remote( to ) ;
 		msg->addTo( status.address , status.is_local ) ;
 	}
 
@@ -114,10 +114,10 @@ static std::string writeFiles( const G::Path & spool_dir ,
 	//
 	GNet::Address ip = GNet::Address::loopback( GNet::Address::Family::ipv4 ) ;
 	std::string auth_id = std::string() ;
-	std::string new_path = msg->prepare( auth_id , ip.hostPartString() , std::string() ) ;
+	msg->prepare( auth_id , ip.hostPartString() , std::string() ) ;
 	msg->commit( true ) ;
 
-	return new_path ; // content file
+	return store.contentPath(msg->id()).str() ;
 }
 
 static void copyIntoSubDirectories( const G::Path & content_path )
diff --git a/src/main/winform.cpp b/src/main/winform.cpp
index 2348cf7..39912ca 100644
--- a/src/main/winform.cpp
+++ b/src/main/winform.cpp
@@ -58,13 +58,14 @@ void Main::WinForm::addSystemMenuItem( const char * name , unsigned int id )
 	HMENU hmenu = GetSystemMenu( handle() , FALSE ) ;
 	if( hmenu )
 	{
-		MENUITEMINFO item{} ;
+		MENUITEMINFOA item{} ;
 		item.cbSize = sizeof( item ) ;
-		item.fMask = MIIM_STRING | MIIM_ID ;
+		item.fMask = MIIM_STRING | MIIM_ID ; // setting dwTypeData and wID
 		item.fType = MFT_STRING ;
 		item.wID = id ;
 		item.dwTypeData = const_cast<LPSTR>(name) ;
-		InsertMenuItem( hmenu , 0 , TRUE , &item ) ;
+		item.cch = static_cast<UINT>( std::strlen(name) ) ;
+		InsertMenuItemA( hmenu , 0 , TRUE , &item ) ;
 	}
 }
 
diff --git a/src/win32/gcontrol.cpp b/src/win32/gcontrol.cpp
index c939bfd..5a16b5f 100644
--- a/src/win32/gcontrol.cpp
+++ b/src/win32/gcontrol.cpp
@@ -53,7 +53,7 @@ GGui::Control::Control( HWND hdialog , int id , HWND hcontrol ) :
 
 void GGui::Control::load()
 {
-	::InitCommonControls() ;
+	InitCommonControls() ;
 }
 
 void GGui::Control::load( DWORD types )
@@ -62,13 +62,13 @@ void GGui::Control::load( DWORD types )
 	INITCOMMONCONTROLSEX controls{} ;
 	controls.dwSize = sizeof(controls) ;
 	controls.dwICC = types ; // ICC_LISTVIEW_CLASSES | ICC_STANDARD_CLASSES ;
-	if( ! ::InitCommonControlsEx( &controls ) )
+	if( ! InitCommonControlsEx( &controls ) )
 	{
 		G_ERROR( "GGui::Control::load: InitCommonControlsEx() failed: " << types ) ;
 		//throw std::runtime_error( "InitCommonControlsEx() failed" ) ;
 	}
  #else
-	::InitCommonControls() ;
+	InitCommonControls() ;
  #endif
 }
 
@@ -95,7 +95,7 @@ int GGui::Control::id() const
 
 LRESULT GGui::Control::sendMessage( unsigned int message , WPARAM wparam , LPARAM lparam ) const
 {
-	return ::SendMessage( handle() , message , wparam , lparam ) ;
+	return SendMessage( handle() , message , wparam , lparam ) ;
 }
 
 HWND GGui::Control::handle() const
@@ -103,7 +103,7 @@ HWND GGui::Control::handle() const
 	if( m_hwnd == 0 )
 	{
 		HWND hdialog_ = hdialog() ;
-		const_cast<Control*>(this)->m_hwnd = ::GetDlgItem( hdialog_ , m_id ) ;
+		const_cast<Control*>(this)->m_hwnd = GetDlgItem( hdialog_ , m_id ) ;
 		G_DEBUG( "GGui::Control::handle: GetDlgItem(" << m_id << ") -> " << m_hwnd ) ;
 		if( m_hwnd == HNULL )
 		{
@@ -124,9 +124,9 @@ GGui::Control::~Control()
 void GGui::Control::subClass( SubClassMap & map )
 {
 	G_ASSERT( handle() != 0 ) ;
-	SubClassMap::Proc old = reinterpret_cast<SubClassMap::Proc>( ::GetWindowLongPtr( handle() , GWLP_WNDPROC ) ) ;
+	SubClassMap::Proc old = reinterpret_cast<SubClassMap::Proc>( GetWindowLongPtr( handle() , GWLP_WNDPROC ) ) ;
 	map.add( handle() , old , static_cast<void*>(this) ) ;
-	::SetWindowLongPtr( handle() , GWLP_WNDPROC, reinterpret_cast<LONG_PTR>(gcontrol_wndproc_export) ) ;
+	SetWindowLongPtr( handle() , GWLP_WNDPROC, reinterpret_cast<LONG_PTR>(gcontrol_wndproc_export) ) ;
 }
 
 LRESULT GGui::Control::wndProc( unsigned int message , WPARAM wparam , LPARAM lparam , WNDPROC super_class )
@@ -157,15 +157,15 @@ LRESULT CALLBACK gcontrol_wndproc_export( HWND hwnd , UINT message , WPARAM wpar
 		if( hwnd_dialog == HNULL )
 		{
 			G_ASSERT( false ) ;
-			return ::DefWindowProc( hwnd , message , wparam , lparam ) ;
+			return DefWindowProc( hwnd , message , wparam , lparam ) ;
 		}
 
 		// find the dialog box object
-		GGui::Dialog * dialog = reinterpret_cast<GGui::Dialog*>( ::GetWindowLongPtr( hwnd_dialog , DWLP_USER ) ) ;
+		GGui::Dialog * dialog = reinterpret_cast<GGui::Dialog*>( GetWindowLongPtr( hwnd_dialog , DWLP_USER ) ) ;
 		if( dialog == nullptr )
 		{
 			G_ASSERT( false ) ;
-			return ::DefWindowProc( hwnd , message , wparam , lparam ) ;
+			return DefWindowProc( hwnd , message , wparam , lparam ) ;
 		}
 		G_ASSERT( dialog->isValid() ) ;
 
@@ -175,7 +175,7 @@ LRESULT CALLBACK gcontrol_wndproc_export( HWND hwnd , UINT message , WPARAM wpar
 		GGui::Control * control = static_cast<GGui::Control*>(context) ;
 		G_ASSERT( control != nullptr ) ;
 		G_ASSERT( control->handle() == hwnd ) ;
-		G_ASSERT( control->id() == ::GetDlgCtrlID(hwnd) ) ;
+		G_ASSERT( control->id() == GetDlgCtrlID(hwnd) ) ;
 
 		// remove the control from the map if it is being destroyed
 		if( message == WM_NCDESTROY )
@@ -185,7 +185,7 @@ LRESULT CALLBACK gcontrol_wndproc_export( HWND hwnd , UINT message , WPARAM wpar
 	}
 	catch(...) // callback
 	{
-		return ::DefWindowProc( hwnd , message , wparam , lparam ) ;
+		return DefWindowProc( hwnd , message , wparam , lparam ) ;
 	}
 }
 
@@ -356,14 +356,14 @@ GGui::EditBox::~EditBox()
 void GGui::EditBox::set( const std::string & text )
 {
 	NoRedraw no_redraw( *this ) ;
-	::SetWindowTextA( handle() , text.c_str() ) ;
+	SetWindowTextA( handle() , text.c_str() ) ;
 }
 
 void GGui::EditBox::set( const G::StringArray & list )
 {
 	if( list.size() == 0U )
 	{
-		::SetWindowTextA( handle() , "" ) ;
+		SetWindowTextA( handle() , "" ) ;
 	}
 	else
 	{
@@ -378,7 +378,7 @@ void GGui::EditBox::set( const G::StringArray & list )
 			total.append( *iter ) ;
 		}
 
-		::SetWindowTextA( handle() , total.c_str() ) ;
+		SetWindowTextA( handle() , total.c_str() ) ;
 		G_ASSERT( lines() >= list.size() ) ;
 	}
 }
@@ -386,7 +386,7 @@ void GGui::EditBox::set( const G::StringArray & list )
 unsigned int GGui::EditBox::lines()
 {
 	// handle an empty control since em_getlinecount returns one
-	int length = ::GetWindowTextLength( handle() ) ;
+	int length = GetWindowTextLength( handle() ) ;
 	if( length == 0 )
 		return 0 ;
 
@@ -418,7 +418,7 @@ void GGui::EditBox::scrollBack( int lines )
 void GGui::EditBox::scrollToEnd()
 {
 	// (add ten just to make sure)
-	sendMessage( EM_LINESCROLL , 0 , lines() + 10U ) ;
+	sendMessage( EM_LINESCROLL , 0 , lines() + WPARAM(10U) ) ;
 }
 
 std::string GGui::EditBox::get() const
@@ -458,7 +458,7 @@ unsigned int GGui::EditBox::characterHeight()
 	{
 		DeviceContext dc( handle() ) ;
 		TEXTMETRIC tm ;
-		::GetTextMetrics( dc() , &tm ) ;
+		GetTextMetrics( dc() , &tm ) ;
 		m_character_height = static_cast<unsigned int>( tm.tmHeight + tm.tmExternalLeading ) ;
 		G_ASSERT( m_character_height != 0 ) ;
 	}
@@ -468,7 +468,7 @@ unsigned int GGui::EditBox::characterHeight()
 unsigned int GGui::EditBox::windowHeight()
 {
 	RECT rect ;
-	::GetWindowRect( handle() , &rect ) ;
+	GetWindowRect( handle() , &rect ) ;
 	G_ASSERT( rect.bottom >= rect.top ) ;
 	return static_cast<unsigned int>( rect.bottom - rect.top ) ;
 }
@@ -498,12 +498,12 @@ GGui::CheckBox::~CheckBox()
 
 bool GGui::CheckBox::get() const
 {
-	return !! ::IsDlgButtonChecked( hdialog() , id() ) ;
+	return !! IsDlgButtonChecked( hdialog() , id() ) ;
 }
 
 void GGui::CheckBox::set( bool b )
 {
-	::CheckDlgButton( hdialog() , id() , b ) ;
+	CheckDlgButton( hdialog() , id() , b ) ;
 }
 
 // ==
@@ -519,16 +519,16 @@ GGui::Button::~Button()
 
 bool GGui::Button::enabled() const
 {
-	return !!::IsWindowEnabled( handle() ) ;
+	return !!IsWindowEnabled( handle() ) ;
 }
 
 void GGui::Button::enable( bool b )
 {
-	::EnableWindow( handle() , !!b ) ;
+	EnableWindow( handle() , !!b ) ;
 }
 
 void GGui::Button::disable()
 {
-	::EnableWindow( handle() , false ) ;
+	EnableWindow( handle() , false ) ;
 }
 
diff --git a/src/win32/gdialog.cpp b/src/win32/gdialog.cpp
index 2539cd9..82f6d04 100644
--- a/src/win32/gdialog.cpp
+++ b/src/win32/gdialog.cpp
@@ -24,7 +24,7 @@
 #include "gassert.h"
 #include <algorithm> // find
 
-BOOL CALLBACK gdialog_dlgproc_export( HWND hwnd , UINT message , WPARAM wparam , LPARAM lparam )
+BOOL CALLBACK gdialog_export( HWND hwnd , UINT message , WPARAM wparam , LPARAM lparam )
 {
 	try
 	{
@@ -75,7 +75,7 @@ GGui::Dialog::~Dialog()
 
 GGui::Dialog::DialogList::iterator GGui::Dialog::find( HWND h )
 {
-	return std::find( m_list.begin() , m_list.end() , DialogHandle(h) ) ;
+	return std::find( m_list.begin() , m_list.end() , h ) ;
 }
 
 void GGui::Dialog::cleanup()
@@ -86,7 +86,7 @@ void GGui::Dialog::cleanup()
 		G_DEBUG( "GGui::Dialog::cleanup" ) ;
 
 		// reset the object pointer
-		SetWindowLongPtr( handle() , DWLP_USER , LPARAM(0) ) ;
+		SetWindowLongPtr( handle() , DWLP_USER , LONG_PTR(0) ) ;
 
 		// remove from the modeless list
 		if( !m_modal && find(handle()) != m_list.end() )
@@ -119,8 +119,8 @@ BOOL GGui::Dialog::dlgProc( HWND hwnd , UINT message , WPARAM wparam , LPARAM lp
 {
 	if( message == WM_INITDIALOG )
 	{
-		Dialog * dialog = from_lparam( lparam ) ;
-		SetWindowLongPtr( hwnd , DWLP_USER , to_lparam(dialog) ) ;
+		Dialog * dialog = fromLongParam( lparam ) ;
+		SetWindowLongPtr( hwnd , DWLP_USER , toLongPtr(dialog) ) ;
 		dialog->privateInit( hwnd ) ;
 		G_DEBUG( "GGui::Dialog::dlgProc: WM_INITDIALOG" ) ;
 		if( !dialog->onInit() )
@@ -133,7 +133,7 @@ BOOL GGui::Dialog::dlgProc( HWND hwnd , UINT message , WPARAM wparam , LPARAM lp
 		if( !dialog->m_modal )
 		{
 			G_DEBUG( "GGui::Dialog::dlgProc: adding modeless dialog box window " << hwnd ) ;
-			m_list.push_front( DialogHandle(hwnd) ) ;
+			m_list.push_front( hwnd ) ;
 			G_DEBUG( "GGui::Dialog::dlgProc: now " << m_list.size() << " modeless dialog box(es)" ) ;
 		}
 
@@ -141,15 +141,15 @@ BOOL GGui::Dialog::dlgProc( HWND hwnd , UINT message , WPARAM wparam , LPARAM lp
 	}
 	else
 	{
-		Dialog * dialog = from_long_ptr( GetWindowLongPtr(hwnd,DWLP_USER) ) ;
+		Dialog * dialog = fromLongPtr( GetWindowLongPtr(hwnd,DWLP_USER) ) ;
 		if( dialog != nullptr )
-			return dialog->dlgProc( message , wparam , lparam ) ;
+			return dialog->dlgProcImp( message , wparam , lparam ) ;
 		else
 			return 0 ; // WM_SETFONT etc.
 	}
 }
 
-BOOL GGui::Dialog::dlgProc( UINT message , WPARAM wparam , LPARAM lparam )
+BOOL GGui::Dialog::dlgProcImp( UINT message , WPARAM wparam , LPARAM lparam )
 {
 	switch( message )
 	{
@@ -296,9 +296,9 @@ bool GGui::Dialog::run( int resource_id )
 	return runStart() && runCore( MAKEINTRESOURCE(resource_id) ) ;
 }
 
-bool GGui::Dialog::run( const char * f_name )
+bool GGui::Dialog::run( const char * template_name )
 {
-	return runStart() && runCore( f_name ) ;
+	return runStart() && runCore( template_name ) ;
 }
 
 bool GGui::Dialog::runStart()
@@ -312,20 +312,20 @@ bool GGui::Dialog::runStart()
 	return true ;
 }
 
-bool GGui::Dialog::runCore( const char * f_name )
+bool GGui::Dialog::runCore( const char * resource )
 {
 	m_modal = true ;
-	INT_PTR end_dialog_value = DialogBoxParamA( m_hinstance , f_name ,
-		m_hwnd_parent , dlgproc_export_fn() , to_lparam(this) ) ;
+	INT_PTR end_dialog_value = DialogBoxParamA( m_hinstance , resource ,
+		m_hwnd_parent , toDlgProc(gdialog_export) , toLongParam(this) ) ;
 	int rc = static_cast<int>(end_dialog_value) ;
 	return runEnd( rc ) ;
 }
 
-bool GGui::Dialog::runCore( const wchar_t * f_name )
+bool GGui::Dialog::runCore( const wchar_t * resource )
 {
 	m_modal = true ;
-	INT_PTR end_dialog_value = DialogBoxParamW( m_hinstance , f_name ,
-		m_hwnd_parent , dlgproc_export_fn() , to_lparam(this) ) ;
+	INT_PTR end_dialog_value = DialogBoxParamW( m_hinstance , resource ,
+		m_hwnd_parent , toDlgProc(gdialog_export) , toLongParam(this) ) ;
 	int rc = static_cast<int>(end_dialog_value) ;
 	return runEnd( rc ) ;
 }
@@ -352,24 +352,24 @@ bool GGui::Dialog::runModeless( int resource_id , bool visible )
 	return runStart() && runModelessCore( MAKEINTRESOURCE(resource_id) , visible ) ;
 }
 
-bool GGui::Dialog::runModeless( const char * f_name , bool visible )
+bool GGui::Dialog::runModeless( const char * resource_name , bool visible )
 {
-	return runStart() && runModelessCore( f_name , visible ) ;
+	return runStart() && runModelessCore( resource_name , visible ) ;
 }
 
-bool GGui::Dialog::runModelessCore( const char * f_name , bool visible )
+bool GGui::Dialog::runModelessCore( const char * resource , bool visible )
 {
 	m_modal = false ;
-	HWND hwnd = CreateDialogParamA( m_hinstance , f_name ,
-		m_hwnd_parent , dlgproc_export_fn() , to_lparam(this) ) ;
+	HWND hwnd = CreateDialogParamA( m_hinstance , resource ,
+		m_hwnd_parent , toDlgProc(gdialog_export) , toLongParam(this) ) ;
 	return runModelessEnd( hwnd , visible ) ;
 }
 
-bool GGui::Dialog::runModelessCore( const wchar_t * f_name , bool visible )
+bool GGui::Dialog::runModelessCore( const wchar_t * resource , bool visible )
 {
 	m_modal = false ;
-	HWND hwnd = CreateDialogParamW( m_hinstance , f_name ,
-		m_hwnd_parent , dlgproc_export_fn() , to_lparam(this) ) ;
+	HWND hwnd = CreateDialogParamW( m_hinstance , resource ,
+		m_hwnd_parent , toDlgProc(gdialog_export) , toLongParam(this) ) ;
 	return runModelessEnd( hwnd , visible ) ;
 }
 
@@ -391,9 +391,9 @@ bool GGui::Dialog::runModelessEnd( HWND hwnd , bool visible )
 
 bool GGui::Dialog::dialogMessage( MSG & msg )
 {
-	for( DialogList::iterator p = m_list.begin() ; p != m_list.end() ; ++p )
+	for( HWND hdialog : m_list )
 	{
-		if( IsDialogMessage( (*p).h , &msg ) )
+		if( IsDialogMessage( hdialog , &msg ) )
 			return true ;
 	}
 	return false ;
@@ -455,23 +455,24 @@ BOOL GGui::Dialog::onControlColour_( WPARAM wparam , LPARAM lparam , WORD type )
 	return 0 != onControlColour( reinterpret_cast<HDC>(wparam) , reinterpret_cast<HWND>(lparam) , type ) ;
 }
 
-GGui::Dialog * GGui::Dialog::from_lparam( LPARAM lparam )
-{
-	return reinterpret_cast<Dialog*>( reinterpret_cast<void*>(lparam) ) ;
-}
-
-GGui::Dialog * GGui::Dialog::from_long_ptr( LONG_PTR p )
-{
-	return static_cast<Dialog*>( reinterpret_cast<void*>(p) ) ;
-}
-
-LPARAM GGui::Dialog::to_lparam( Dialog * p )
+LPARAM GGui::Dialog::toLongParam( Dialog * p )
 {
 	return reinterpret_cast<LPARAM>( static_cast<void*>(p) ) ;
 }
 
-DLGPROC GGui::Dialog::dlgproc_export_fn()
+LONG_PTR GGui::Dialog::toLongPtr( Dialog * p )
 {
-	return reinterpret_cast<DLGPROC>(gdialog_dlgproc_export) ;
+	return reinterpret_cast<LONG_PTR>( static_cast<void*>(p) ) ;
 }
 
+GGui::Dialog * GGui::Dialog::fromLongParam( LPARAM lparam )
+{
+	return reinterpret_cast<Dialog*>( reinterpret_cast<void*>(lparam) ) ;
+}
+
+GGui::Dialog * GGui::Dialog::fromLongPtr( LONG_PTR p )
+{
+	return static_cast<Dialog*>( reinterpret_cast<void*>(p) ) ;
+}
+
+
diff --git a/src/win32/gdialog.h b/src/win32/gdialog.h
index ba66702..55525a9 100644
--- a/src/win32/gdialog.h
+++ b/src/win32/gdialog.h
@@ -29,21 +29,9 @@
 
 namespace GGui
 {
-	class DialogHandle ;
 	class Dialog ;
 }
 
-//| \class GGui::DialogHandle
-/// A private implementation class used by GGui::Dialog.
-///
-class GGui::DialogHandle
-{
-public:
-	HWND h ;
-	explicit DialogHandle( HWND ) ;
-	bool operator==( const DialogHandle & rhs ) const ;
-} ;
-
 //| \class GGui::Dialog
 /// A dialog box class for modal and modeless operation.
 /// \see GGui::Control
@@ -51,7 +39,7 @@ public:
 class GGui::Dialog : public WindowBase
 {
 public:
-	Dialog( HINSTANCE hinstance , HWND hwnd_parent , const std::string & title = std::string() ) ;
+	Dialog( HINSTANCE hinstance , HWND hwnd_parent , const std::string & title = {} ) ;
 		///< Constructor. After contruction just call run() or
 		///< runModeless() with the appropriate dialog resource
 		///< id or name. The hdialog returned by WindowBase::handle()
@@ -179,18 +167,14 @@ public:
 	void operator=( Dialog && ) = delete ;
 
 private:
-	using DialogList = std::list<DialogHandle> ;
-	BOOL dlgProc( UINT message , WPARAM wparam , LPARAM lparam ) ;
+	using DialogList = std::list<HWND> ;
+	BOOL dlgProcImp( UINT message , WPARAM wparam , LPARAM lparam ) ;
 	void privateInit( HWND hwnd ) ;
 	void privateEnd( int n ) ;
 	bool privateFocusSet() const ;
 	void cleanup() ;
 	DialogList::iterator find( HWND h ) ;
 	BOOL onControlColour_( WPARAM wparam , LPARAM lparam , WORD type ) ;
-	static Dialog * from_lparam( LPARAM lparam ) ;
-	static Dialog * from_long_ptr( LONG_PTR l ) ;
-	static LPARAM to_lparam( Dialog * p ) ;
-	static DLGPROC dlgproc_export_fn() ;
 	bool runStart() ;
 	bool runCore( const char * ) ;
 	bool runCore( const wchar_t * ) ;
@@ -198,10 +182,14 @@ private:
 	bool runModelessCore( const char * , bool ) ;
 	bool runModelessCore( const wchar_t * , bool ) ;
 	bool runModelessEnd( HWND , bool ) ;
+	static LPARAM toLongParam( Dialog * p ) ;
+	static LONG_PTR toLongPtr( Dialog * p ) ;
+	static Dialog * fromLongParam( LPARAM ) ;
+	static Dialog * fromLongPtr( LONG_PTR ) ;
+	template <typename T> static DLGPROC toDlgProc( T ) ;
 
 private:
 	static constexpr int Magic = 4567 ;
-	std::string m_name ;
 	std::string m_title ;
 	bool m_modal ;
 	bool m_focus_set ;
@@ -212,16 +200,13 @@ private:
 	static DialogList m_list ;
 } ;
 
-inline
-GGui::DialogHandle::DialogHandle( HWND h_ ) :
-	h(h_)
+namespace GGui
 {
-}
-
-inline
-bool GGui::DialogHandle::operator==( const DialogHandle & rhs ) const
-{
-	return h == rhs.h ;
+	template <typename T>
+	DLGPROC Dialog::toDlgProc( T export_fn )
+	{
+		return reinterpret_cast<DLGPROC>(export_fn) ;
+	}
 }
 
 #endif
diff --git a/test/OpensslCast.pm b/test/OpensslCast.pm
index e263191..5ffab27 100644
--- a/test/OpensslCast.pm
+++ b/test/OpensslCast.pm
@@ -44,7 +44,7 @@
 #	$keyfile = $fs->infile( "alice.key" ) ;
 #	$pemfile = $fs->catfile( "alice.key" , "alice.crt" ) ;
 #
-# Each actor has a ".key" file for their private key and a ".csr"
+# Each actor has a ".key" file for their private key and a ".crt"
 # file for their certificate.
 #
 # When creating a concatenated certificate the component
diff --git a/test/Scanner.pm b/test/Scanner.pm
index 396f98c..0462006 100644
--- a/test/Scanner.pm
+++ b/test/Scanner.pm
@@ -30,8 +30,8 @@ package Scanner ;
 
 sub new
 {
-	my ( $classname , $port ) = @_ ;
-	return bless { h => new Helper( "emailrelay-test-scanner" , $port ) } , $classname ;
+	my ( $classname , $address ) = @_ ;
+	return bless { h => new Helper( "emailrelay-test-scanner" , $address ) } , $classname ; # "--port <address>"
 }
 
 sub port { return shift->{h}->port(@_) }
diff --git a/test/emailrelay-test.pl b/test/emailrelay-test.pl
old mode 100644
new mode 100755
index 6629997..01f728c
--- a/test/emailrelay-test.pl
+++ b/test/emailrelay-test.pl
@@ -1298,7 +1298,8 @@ sub testScannerTimeout
 	$smtp_client->submit_line( "send foobar" ) ;
 	$smtp_client->submit_end( 1 ) ;
 	Check::fileDoesNotContain( $server->stderr() , "452 foobar" ) ;
-	Check::fileContains( $server->stderr() , "452 .*time.*out" ) ;
+	Check::fileContains( $server->stderr() , "filter done: ok=0 response=.failed. reason=.*timeout" ) ;
+	Check::fileContains( $server->stderr() , "452 failed" ) ;
 
 	# tear down
 	$server->kill() ;
diff --git a/test/emailrelay-test.sh b/test/emailrelay-test.sh
old mode 100644
new mode 100755
diff --git a/test/emailrelay_test_client.cpp b/test/emailrelay_test_client.cpp
index 39c62ac..2d4d0b4 100644
--- a/test/emailrelay_test_client.cpp
+++ b/test/emailrelay_test_client.cpp
@@ -181,7 +181,7 @@ void Test::sendMessage( int lines , int length , bool last )
 	send( "DATA\r\n" ) ;
 	waitline() ;
 
-	std::vector<char> buffer( static_cast<unsigned>(length+2) ) ;
+	std::vector<char> buffer( static_cast<std::size_t>(length)+2U ) ;
 	std::fill( buffer.begin() , buffer.end() , 't' ) ;
 	buffer[buffer.size()-1U] = '\n' ;
 	buffer[buffer.size()-2U] = '\r' ;
diff --git a/test/emailrelay_test_server.cpp b/test/emailrelay_test_server.cpp
index 85eb84f..3a8f7e1 100644
--- a/test/emailrelay_test_server.cpp
+++ b/test/emailrelay_test_server.cpp
@@ -334,7 +334,7 @@ int main( int argc , char * argv [] )
 			"q!quiet!less logging!!0!!1" "|"
 			"f!fail-at!fail from the n'th message! of the session (zero-based index)!1!n!1" "|"
 			"d!drop!drop the connection when content has DROP or when failing!!0!!1" "|"
-			"i!idle-timeout!idle timeout!!1!<seconds>!1" "|"
+			"i!idle-timeout!idle timeout!!1!seconds!1" "|"
 			"P!port!port number!!1!port!1" "|"
 			"f!pid-file!pid file!!1!path!1" "|"
 			"6!ipv6!use ipv6!!0!!1" "|"
diff --git a/winbuild.pl b/winbuild.pl
index ec555c8..c07ab60 100644
--- a/winbuild.pl
+++ b/winbuild.pl
@@ -69,7 +69,7 @@ my $cmake_args = {
 } ;
 
 # version
-chomp( my $version = eval { FileHandle->new("VERSION")->gets() } || "2.2.1" ) ;
+chomp( my $version = eval { FileHandle->new("VERSION")->gets() } || "2.3" ) ;
 
 # makefile conditionals
 my %switches = (