diff --git a/postfix/HISTORY b/postfix/HISTORY
index a68f8a7f3..096e7fb3a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -20435,3 +20435,13 @@ Apologies for any names omitted.
 	Feature: unionmap, based on contribution by Roel van Meer.
 	Files: mantools/postlink, postconf/postconf.c (manpage),
 	proto/DATABASE_README.html, util/dict_open.c, util/dict_union.[hc].
+
+20140924
+
+	Bugfix (introduced: 20060117): the escape function didn't
+	correctly convert non-ASCII. File: util/unescape.c.
+
+	Bugfix (introduced: 201407): missing conversions for non-ASCII
+	domain names in permit_mx_backup, check_mumble_{a,mx,ns}_access
+	and reject_unknown_{sender,recipient}_domain. Mark Martinec.
+	File: smtpd/smtpd_check.c.
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index 35967bebc..f31254009 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -305,7 +305,7 @@ POSTCONF(1)                                                        POSTCONF(1)
                      use the file, and that it does not detect  changes  after
                      the file is read.
 
-              <b>union</b> (read-only)
+              <b>unionmap</b> (read-only)
                      A  table  that sends each query to multiple lookup tables
                      and that concatenates all  found  results,  separated  by
                      comma.  The table name syntax is the same as for <b>pipemap</b>.
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index 49d68800d..8ba48b9b5 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -318,7 +318,7 @@ Produces similar results as hash: files, except that you
 don't need to run the \fBpostmap\fR(1) command before you
 can use the file, and that it does not detect changes after
 the file is read.
-.IP "\fBunion\fR (read-only)"
+.IP "\fBunionmap\fR (read-only)"
 A table that sends each query to multiple lookup tables and
 that concatenates all found results, separated by comma.
 The table name syntax is the same as for \fBpipemap\fR.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 026357a5e..07cfd0b54 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20140923"
+#define MAIL_RELEASE_DATE	"20140924"
 #define MAIL_VERSION_NUMBER	"2.12"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index ca5e9be14..19be3b2fe 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -312,7 +312,7 @@
 /*	don't need to run the \fBpostmap\fR(1) command before you
 /*	can use the file, and that it does not detect changes after
 /*	the file is read.
-/* .IP "\fBunion\fR (read-only)"
+/* .IP "\fBunionmap\fR (read-only)"
 /*	A table that sends each query to multiple lookup tables and
 /*	that concatenates all found results, separated by comma.
 /*	The table name syntax is the same as for \fBpipemap\fR.
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 42db60571..bddf5b3eb 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -1292,10 +1292,22 @@ static int reject_unknown_mailhost(SMTPD_STATE *state, const char *name,
     const char *myname = "reject_unknown_mailhost";
     int     dns_status;
     DNS_RR *dummy;
+    const char *aname;
 
     if (msg_verbose)
 	msg_info("%s: %s", myname, name);
 
+    /*
+     * Fix 20140924: convert domain to ASCII.
+     */
+#ifndef NO_EAI
+    if (!allascii(name) && (aname = midna_utf8_to_ascii(name)) != 0) {
+	if (msg_verbose)
+	    msg_info("%s asciified to %s", name, aname);
+	name = aname;
+    }
+#endif
+
 #define MAILHOST_LOOKUP_FLAGS	(DNS_REQ_FLAG_STOP_OK | DNS_REQ_FLAG_STOP_INVAL)
 
     dns_status = dns_lookup_l(name, 0, &dummy, (VSTRING *) 0,
@@ -1704,6 +1716,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
     const char *myname = "permit_mx_backup";
     const RESOLVE_REPLY *reply;
     const char *domain;
+    const char *adomain;
     DNS_RR *mx_list;
     DNS_RR *middle;
     DNS_RR *rest;
@@ -1747,6 +1760,17 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
     if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
 	return (SMTPD_CHECK_DUNNO);
 
+    /*
+     * Fix 20140924: convert domain to ASCII.
+     */
+#ifndef NO_EAI
+    if (!allascii(domain) && (adomain = midna_utf8_to_ascii(domain)) != 0) {
+	if (msg_verbose)
+	    msg_info("%s asciified to %s", domain, adomain);
+	domain = adomain;
+    }
+#endif
+
     /*
      * Look up the list of MX host names for this domain. If no MX host is
      * found, perhaps it is a CNAME for the local machine. Clients aren't
@@ -2670,6 +2694,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
 {
     const char *myname = "check_server_access";
     const char *domain;
+    const char *adomain;
     int     dns_status;
     DNS_RR *server_list;
     DNS_RR *server;
@@ -2730,6 +2755,17 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
 	return (status);
     }
 
+    /*
+     * Fix 20140924: convert domain to ASCII.
+     */
+#ifndef NO_EAI
+    if (!allascii(domain) && (adomain = midna_utf8_to_ascii(domain)) != 0) {
+	if (msg_verbose)
+	    msg_info("%s asciified to %s", domain, adomain);
+	domain = adomain;
+    }
+#endif
+
     /*
      * If the request is type A or AAAA, fabricate an MX record that points
      * to the domain name itself, and skip name-based access control.
@@ -3433,8 +3469,6 @@ static const SMTPD_RBL_STATE *find_dnsxl_domain(SMTPD_STATE *state,
 
     /*
      * Fix 20140706: convert domain to ASCII.
-     * 
-     * Caution: early returns must not leak adomain.
      */
 #ifndef NO_EAI
     if (!allascii(domain) && (adomain = midna_utf8_to_ascii(domain)) != 0) {
diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in
index 803535bea..17e77e32c 100644
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -529,6 +529,8 @@ mac_expand_test: mac_expand mac_expand.in mac_expand.ref
 unescape_test: unescape unescape.in unescape.ref
 	$(SHLIB_ENV) ./unescape <unescape.in | od -cb >unescape.tmp
 	diff -b unescape.ref unescape.tmp
+#	$(SHLIB_ENV) ./unescape <unescape.in | $(SHLIB_ENV) ./unescape -e >unescape.tmp
+#	diff unescape.in unescape.tmp
 	rm -f unescape.tmp
 
 hex_quote_test: hex_quote
diff --git a/postfix/src/util/unescape.c b/postfix/src/util/unescape.c
index 025df5674..4eacbba60 100644
--- a/postfix/src/util/unescape.c
+++ b/postfix/src/util/unescape.c
@@ -166,10 +166,7 @@ VSTRING *escape(VSTRING *result, const char *data, ssize_t len)
 		continue;
 	    }
 	}
-	if (ISDIGIT(*UCHAR(data)))
-	    vstring_sprintf_append(result, "\\%03d", ch);
-	else
-	    vstring_sprintf_append(result, "\\%d", ch);
+	vstring_sprintf_append(result, "\\%03o", ch);
     }
     VSTRING_TERMINATE(result);
     return (result);
@@ -195,11 +192,13 @@ int     main(int argc, char **argv)
 	while (vstring_fgets_nonl(in, VSTREAM_IN)) {
 	    unescape(out, vstring_str(in));
 	    vstream_fwrite(VSTREAM_OUT, vstring_str(out), VSTRING_LEN(out));
+	    VSTREAM_PUTC('\n', VSTREAM_OUT);
 	}
     } else {
-	while (vstring_fgets(in, VSTREAM_IN)) {
+	while (vstring_fgets_nonl(in, VSTREAM_IN)) {
 	    escape(out, vstring_str(in), VSTRING_LEN(in));
 	    vstream_fwrite(VSTREAM_OUT, vstring_str(out), VSTRING_LEN(out));
+	    VSTREAM_PUTC('\n', VSTREAM_OUT);
 	}
     }
     vstream_fflush(VSTREAM_OUT);
diff --git a/postfix/src/util/unescape.in b/postfix/src/util/unescape.in
index 824cb213d..41f24a72d 100644
--- a/postfix/src/util/unescape.in
+++ b/postfix/src/util/unescape.in
@@ -1,3 +1,4 @@
 \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
 \1\2\3\4\5\6\7\8\9
 \1234\2345\3456\4567
+rcpt to:<wietse@\317\200.porcupine.org>
diff --git a/postfix/src/util/unescape.ref b/postfix/src/util/unescape.ref
index 86b3aaa8f..db16fa879 100644
--- a/postfix/src/util/unescape.ref
+++ b/postfix/src/util/unescape.ref
@@ -1,7 +1,11 @@
 0000000   \a  \b   c   d   e  \f   g   h   i   j   k   l   m  \n   o   p
           007 010 143 144 145 014 147 150 151 152 153 154 155 012 157 160
-0000020    q  \r   s  \t   u  \v   w   x   y   z 001 002 003 004 005 006
-          161 015 163 011 165 013 167 170 171 172 001 002 003 004 005 006
-0000040   \a   8   9   S   4 234   5 345   6   .   7                    
-          007 070 071 123 064 234 065 345 066 056 067                    
-0000053
+0000020    q  \r   s  \t   u  \v   w   x   y   z  \n 001 002 003 004 005
+          161 015 163 011 165 013 167 170 171 172 012 001 002 003 004 005
+0000040  006  \a   8   9  \n   S   4 234   5 345   6   .   7  \n   r   c
+          006 007 070 071 012 123 064 234 065 345 066 056 067 012 162 143
+0000060    p   t       t   o   :   <   w   i   e   t   s   e   @   π  **
+          160 164 040 164 157 072 074 167 151 145 164 163 145 100 317 200
+0000100    .   p   o   r   c   u   p   i   n   e   .   o   r   g   >  \n
+          056 160 157 162 143 165 160 151 156 145 056 157 162 147 076 012
+0000120