diff --git a/postfix/HISTORY b/postfix/HISTORY
index ca858d60a..abae11cae 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -18064,3 +18064,18 @@ Apologies for any names omitted.
 	Bugfix (introduced 20101009) don't complain abuot stray -m
 	option if none of -[bhm] is specified. Ralf Hildebrandt.
 	File: postmap/postmap.c.
+
+20121029 
+
+	Strip datalink suffix from IPv6 addresses returned by the
+	system getaddrinfo() routine.  Such suffixes mess up the
+	default mynetworks value, host name/address verification
+	and possibly more. This change obsoletes the 20101108 change
+	that removes datalink suffixes in the SMTP and QMQP servers.
+	Files: util/myaddrinfo.c, smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
+
+20121031
+
+	Bugfix: smtpd_relay_restrictions compatibility shim did not
+	detect "empty" value.  Sahil Tandon. The same problem existed
+	with the inet_protocols shim. File: conf/post-install.
diff --git a/postfix/conf/post-install b/postfix/conf/post-install
index a6a4aeba0..80e9a99e9 100644
--- a/postfix/conf/post-install
+++ b/postfix/conf/post-install
@@ -799,7 +799,7 @@ EOF
     # when IPv6 support is not compiled in. See util/sys_defs.h.
 
     test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
-	test -n "`$POSTCONF -c $config_directory -nh inet_protocols`" || {
+	test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
 	cat <<EOF | ${FMT}
     COMPATIBILITY: editing $config_directory/main.cf, setting
     inet_protocols=ipv4.  Specify inet_protocols explicitly if you
@@ -816,7 +816,7 @@ EOF
     # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
     # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
     # POSTFIX BEFORE 2.10.
-    test -n "`$POSTCONF -c $config_directory -nh smtpd_relay_restrictions`" || {
+    test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
 	cat <<EOF | ${FMT}
     COMPATIBILITY: editing $config_directory/main.cf, overriding
     smtpd_relay_restrictions to prevent inbound mail from
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 15bd13c88..d8b20a616 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20121022"
+#define MAIL_RELEASE_DATE	"20121031"
 #define MAIL_VERSION_NUMBER	"2.10"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/qmqpd/qmqpd_peer.c b/postfix/src/qmqpd/qmqpd_peer.c
index 07c38c1e7..10afa8da6 100644
--- a/postfix/src/qmqpd/qmqpd_peer.c
+++ b/postfix/src/qmqpd/qmqpd_peer.c
@@ -152,11 +152,13 @@ void    qmqpd_peer_init(QMQPD_STATE *state)
 	state->port = mystrdup(client_port.buf);
 
 	/*
-	 * XXX Strip off the IPv6 datalink suffix to avoid false alarms with
-	 * strict address syntax checks.
+	 * XXX Require that the infrastructure strips off the IPv6 datalink
+	 * suffix to avoid false alarms with strict address syntax checks.
 	 */
 #ifdef HAS_IPV6
-	(void) split_at(client_addr.buf, '%');
+	if (strchr(client_addr.buf, '%') != 0)
+	    msg_panic("%s: address %s has datalink suffix",
+		      myname, client_addr.buf);
 #endif
 
 	/*
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index 5faa1e445..20e55d08e 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -208,11 +208,13 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
 	state->port = mystrdup(client_port.buf);
 
 	/*
-	 * XXX Strip off the IPv6 datalink suffix to avoid false alarms with
-	 * strict address syntax checks.
+	 * XXX Require that the infrastructure strips off the IPv6 datalink
+	 * suffix to avoid false alarms with strict address syntax checks.
 	 */
 #ifdef HAS_IPV6
-	(void) split_at(client_addr.buf, '%');
+	if (strchr(client_addr.buf, '%') != 0)
+	    msg_panic("%s: address %s has datalink suffix",
+		      myname, client_addr.buf);
 #endif
 
 	/*
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 4bef13123..ea44c4ae5 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -1526,6 +1526,7 @@ myaddrinfo.o: myaddrinfo.c
 myaddrinfo.o: myaddrinfo.h
 myaddrinfo.o: mymalloc.h
 myaddrinfo.o: sock_addr.h
+myaddrinfo.o: split_at.h
 myaddrinfo.o: stringops.h
 myaddrinfo.o: sys_defs.h
 myaddrinfo.o: valid_hostname.h
diff --git a/postfix/src/util/myaddrinfo.c b/postfix/src/util/myaddrinfo.c
index d4a6938c7..f1588ae23 100644
--- a/postfix/src/util/myaddrinfo.c
+++ b/postfix/src/util/myaddrinfo.c
@@ -78,6 +78,7 @@
 /*	into printable form. The result buffers should be large
 /*	enough to hold the printable address or port including the
 /*	null terminator.
+/*	This function strips off the IPv6 datalink suffix.
 /*
 /*	sockaddr_to_hostname() converts a binary network address
 /*	into a hostname or service.  The result buffer should be
@@ -202,6 +203,7 @@
 #include <msg.h>
 #include <inet_proto.h>
 #include <myaddrinfo.h>
+#include <split_at.h>
 
 /* Application-specific. */
 
@@ -607,16 +609,20 @@ int     sockaddr_to_hostaddr(const struct sockaddr * sa, SOCKADDR_SIZE salen,
     }
     return (0);
 #else
+    int     ret;
 
     /*
      * Native getnameinfo(3) version.
      */
-    return (getnameinfo(sa, salen,
-			hostaddr ? hostaddr->buf : (char *) 0,
-			hostaddr ? sizeof(hostaddr->buf) : 0,
-			portnum ? portnum->buf : (char *) 0,
-			portnum ? sizeof(portnum->buf) : 0,
-			NI_NUMERICHOST | NI_NUMERICSERV));
+    ret = getnameinfo(sa, salen,
+		      hostaddr ? hostaddr->buf : (char *) 0,
+		      hostaddr ? sizeof(hostaddr->buf) : 0,
+		      portnum ? portnum->buf : (char *) 0,
+		      portnum ? sizeof(portnum->buf) : 0,
+		      NI_NUMERICHOST | NI_NUMERICSERV);
+    if (hostaddr != 0 && ret == 0 && sa->sa_family == AF_INET6)
+	(void) split_at(hostaddr->buf, '%');
+    return (ret);
 #endif
 }