+PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+ tls_require_ciphers is used as before.
+
+HS/03 Malware Avast: Better match the Avast multiline protocol.
+ Only tmpfails from the scanner are written to the paniclog, as
+ they may require admin intervention (permission denied, license
+ issues). Other scanner errors (like decompression bombs) do not
+ cause a paniclog entry.
+