diff --git a/postfix/HISTORY b/postfix/HISTORY
index 4e0cbda9e..6eb9d6e4a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -15896,3 +15896,15 @@ Apologies for any names omitted.
 	discard, redirect) but disabled the non-flow actions (warn,
 	replace, prepend, ignore, dunno, ok).  File:
 	cleanup/cleanup_milter.c.
+
+20100827
+
+	Performance: fix for poor smtpd_proxy_filter TCP performance
+	over loopback (127.0.0.1) connections. Problem reported by
+	Mark Martinec.  Files: smtpd/smtpd_proxy.c.
+
+	Bugfix: the Postfix SMTP client no longer appends the local
+	domain when looking up a DNS name without ".".  Specify
+	"smtp_dns_resolver_options = res_defnames" to get the old
+	behavior, which can produce unexpected results. Files:
+	smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_addr.c.
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index f958f082f..ee2f3f90f 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -14,6 +14,14 @@ specifies the release date of a stable release or snapshot release.
 If you upgrade from Postfix 2.6 or earlier, read RELEASE_NOTES-2.7
 before proceeding.
 
+Incompatibility with snapshot 20100827
+======================================
+
+The Postfix SMTP client no longer appends the local domain when
+looking up a DNS name without ".".  Specify "smtp_dns_resolver_options
+= res_defnames" to get the old behavior, which may produce unexpected
+results.
+
 Incompatibility with snapshot 20100728
 ======================================
 
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index f7f4023a6..c1303201e 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,12 +6,33 @@ Wish list:
 
 	header_checks(5): document synopsis and feature subsets.
 
-	Would it help if there were different cleanup_server parameter
-	names for different message paths? smtpd(8) uses the same
-	cleanup_server value for receiving remote mail and for
-	sending postmaster problem reports. Do we need separate
-	mumble_cleanup_service_name parameters for "inject", "notify"
-	and "forward" (with backwards compatinble defaults)?
+	Consistency: in postconf.proto make <dt>..</dt> tags bold.
+
+	According to a paper by Ted Unangst at BSDCON09, kqueue
+	reports state changes, i.e. kqueue indicates when the socket
+	becomes readable. Specifically, he writes when kqueue reports
+	a socket becomes readable but no data is read from that
+	socket, later kqueue calls won't report the socket as
+	readable. That's not what happens on FreeBSD 8.0, where
+	kqueue will keep reporting the socket as readable when
+	nothing is read.  Also, FreeBSD 8.0 kqueue still reports
+	the socket as readable after a read operation does not empty
+	the kernel buffer.  We need a test program for this that 
+	repeats these tests with OpenBSD and NetBSD (and MacOS X
+	once they fix their kqueue implementation).
+
+	postscreen(8): need some option to wait for DNSBL lookup
+	(etc.) completion. For example, postscreen_greet_wait would
+	become a lower bound, while postscreen_dnsbl_wait would
+	become an upper bound (or should all features use a shared
+	postscreen_max_wait upper bound?).
+
+	Would it help if there were different cleanup_service
+	parameter names for different message paths? smtpd(8) uses
+	the same cleanup_service value for receiving remote mail
+	and for submitting postmaster problem reports. Do we need
+	separate mumble_cleanup_service_name parameters for "inject",
+	"notify" and "forward" (with backwards compatinble defaults)?
 
 	IF/ENDIF support for CIDR tables.
 
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html
index 6ba1cbace..1d14126e0 100644
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -290,6 +290,11 @@ SMTP(8)                                                                SMTP(8)
               An optional workaround for routers that  break  TCP
               window scaling.
 
+       Available in Postfix version 2.8 and later:
+
+       <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
+              DNS Resolver options for the Postfix SMTP client.
+
 <b>MIME PROCESSING CONTROLS</b>
        Available in Postfix version 2.0 and later:
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 976401fd2..c5a4be1a4 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -3843,6 +3843,17 @@ discard LHLO keywords selectively. </p>
 </ul>
 
 
+</DD>
+
+<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a>
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
+
 </DD>
 
 <DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a>
@@ -8600,6 +8611,35 @@ discard EHLO keywords selectively. </p>
 </ul>
 
 
+</DD>
+
+<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a>
+(default: empty)</b></DT><DD>
+
+<p> DNS Resolver options for the Postfix SMTP client.  Specify zero
+or more of the following, separated by comma or whitespace. Option
+names are case-sensitive. Some options refer to domain names that
+are specified in /etc/resolv.conf or equivalent. </p>
+
+<dl>
+
+<dt><b>res_defnames</b></dt>
+
+<dd> Append the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> name to single-component names (those
+that do not contain a dot). This can produce incorrect results,
+and was the behavior prior to Postfix 2.8. </dd>
+
+<dt><b>res_dnsrch</b></dt>
+
+<dd> Search for host names in the current domain and in parent
+domains. This can produce incorrect results and is therefore not
+recommended. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
+
 </DD>
 
 <DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a>
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index 6ba1cbace..1d14126e0 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -290,6 +290,11 @@ SMTP(8)                                                                SMTP(8)
               An optional workaround for routers that  break  TCP
               window scaling.
 
+       Available in Postfix version 2.8 and later:
+
+       <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
+              DNS Resolver options for the Postfix SMTP client.
+
 <b>MIME PROCESSING CONTROLS</b>
        Available in Postfix version 2.0 and later:
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index dd373f27f..63d69b9b1 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2143,6 +2143,11 @@ this action from being logged.
 .IP \(bu
 Use the lmtp_discard_lhlo_keyword_address_maps feature to
 discard LHLO keywords selectively.
+.SH lmtp_dns_resolver_options (default: empty)
+The LMTP-specific version of the smtp_dns_resolver_options
+configuration parameter.  See there for details.
+.PP
+This feature is available in Postfix 2.8 and later.
 .SH lmtp_enforce_tls (default: no)
 The LMTP-specific version of the smtp_enforce_tls configuration
 parameter.  See there for details.
@@ -4896,6 +4901,21 @@ this action from being logged.
 .IP \(bu
 Use the smtp_discard_ehlo_keyword_address_maps feature to
 discard EHLO keywords selectively.
+.SH smtp_dns_resolver_options (default: empty)
+DNS Resolver options for the Postfix SMTP client.  Specify zero
+or more of the following, separated by comma or whitespace. Option
+names are case-sensitive. Some options refer to domain names that
+are specified in /etc/resolv.conf or equivalent.
+.IP "\fBres_defnames\fR"
+Append the default domain name to single-component names (those
+that do not contain a dot). This can produce incorrect results,
+and was the behavior prior to Postfix 2.8.
+.IP "\fBres_dnsrch\fR"
+Search for host names in the current domain and in parent
+domains. This can produce incorrect results and is therefore not
+recommended.
+.PP
+This feature is available in Postfix 2.8 and later.
 .SH smtp_enforce_tls (default: no)
 Enforcement mode: require that remote SMTP servers use TLS
 encryption, and never send mail in the clear.  This also requires
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 46fe5a65c..79c14c9b2 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -252,6 +252,10 @@ Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
 Available in Postfix version 2.6 and later:
 .IP "\fBtcp_windowsize (0)\fR"
 An optional workaround for routers that break TCP window scaling.
+.PP
+Available in Postfix version 2.8 and later:
+.IP "\fBsmtp_dns_resolver_options (empty)\fR"
+DNS Resolver options for the Postfix SMTP client.
 .SH "MIME PROCESSING CONTROLS"
 .na
 .nf
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 23cce4bfc..b52f16cc2 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -447,6 +447,7 @@ while (<>) {
     s;\bvir[-</bB>]*\n*[ <bB>]*tual_destination_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#virtual_destination_recipient_limit">$&</a>;g;
     s;\bsmtp_discard_ehlo_keyword_address_maps\b;<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">$&</a>;g;
     s;\bsmtp_discard_ehlo_keywords\b;<a href="postconf.5.html#smtp_discard_ehlo_keywords">$&</a>;g;
+    s;\bsmtp_dns_resolver_options\b;<a href="postconf.5.html#smtp_dns_resolver_options">$&</a>;g;
     s;\bsmtp_helo_name\b;<a href="postconf.5.html#smtp_helo_name">$&</a>;g;
     s;\bsmtp_helo_timeout\b;<a href="postconf.5.html#smtp_helo_timeout">$&</a>;g;
     s;\bsmtp_host_lookup\b;<a href="postconf.5.html#smtp_host_lookup">$&</a>;g;
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 923f1a222..e2d6e6215 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -12938,3 +12938,36 @@ unless the inet_protocols setting enables both IPv4 and IPv6.  </p>
 configuration parameter.  See there for details. </p>
 
 <p> This feature is available in Postfix 2.8 and later.  </p>
+
+%PARAM smtp_dns_resolver_options 
+
+<p> DNS Resolver options for the Postfix SMTP client.  Specify zero
+or more of the following, separated by comma or whitespace. Option
+names are case-sensitive. Some options refer to domain names that
+are specified in /etc/resolv.conf or equivalent. </p>
+
+<dl>
+
+<dt><b>res_defnames</b></dt>
+
+<dd> Append the default domain name to single-component names (those
+that do not contain a dot). This can produce incorrect results,
+and was the behavior prior to Postfix 2.8. </dd>
+
+<dt><b>res_dnsrch</b></dt>
+
+<dd> Search for host names in the current domain and in parent
+domains. This can produce incorrect results and is therefore not
+recommended. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
+%PARAM lmtp_dns_resolver_options
+
+<p> The LMTP-specific version of the smtp_dns_resolver_options
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 7afd598db..200f34888 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -213,7 +213,16 @@ extern bool var_disable_dns;
 #define DEF_SMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS
 #define VAR_LMTP_HOST_LOOKUP	"lmtp_host_lookup"
 #define DEF_LMTP_HOST_LOOKUP	SMTP_HOST_LOOKUP_DNS
-extern int var_smtp_dns_lookup;
+extern char *var_smtp_host_lookup;
+
+#define SMTP_DNS_RES_OPT_DEFNAMES "res_defnames"
+#define SMTP_DNS_RES_OPT_DNSRCH	"res_dnsrch"
+
+#define VAR_SMTP_DNS_RES_OPT	"smtp_dns_resolver_options"
+#define DEF_SMTP_DNS_RES_OPT	""
+#define VAR_LMTP_DNS_RES_OPT	"lmtp_dns_resolver_options"
+#define DEF_LMTP_DNS_RES_OPT	""
+extern char *var_smtp_dns_res_opt;
 
 #define VAR_SMTP_MXADDR_LIMIT	"smtp_mx_address_limit"
 #define DEF_SMTP_MXADDR_LIMIT	5
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 43b745aa9..3ee5e1529 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20100728"
+#define MAIL_RELEASE_DATE	"20100827"
 #define MAIL_VERSION_NUMBER	"2.8"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index ec8e11a28..4cfabad6c 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -425,8 +425,6 @@ typedef struct {
   * This program screens all inbound SMTP connections, so it better not waste
   * time.
   */
-#define PS_GREET_TIMEOUT		5
-#define PS_SMTP_WRITE_TIMEOUT		1
 #define PS_SEND_SOCK_CONNECT_TIMEOUT	1
 #define PS_SEND_SOCK_NOTIFY_TIMEOUT	100
 
diff --git a/postfix/src/smtp/Makefile.in b/postfix/src/smtp/Makefile.in
index 1c04146e1..1d5ed3a6a 100644
--- a/postfix/src/smtp/Makefile.in
+++ b/postfix/src/smtp/Makefile.in
@@ -93,6 +93,7 @@ smtp.o: ../../include/attr.h
 smtp.o: ../../include/debug_peer.h
 smtp.o: ../../include/deliver_request.h
 smtp.o: ../../include/dict.h
+smtp.o: ../../include/dns.h
 smtp.o: ../../include/dsn.h
 smtp.o: ../../include/dsn_buf.h
 smtp.o: ../../include/ext_prop.h
@@ -110,12 +111,14 @@ smtp.o: ../../include/match_ops.h
 smtp.o: ../../include/mime_state.h
 smtp.o: ../../include/msg.h
 smtp.o: ../../include/msg_stats.h
+smtp.o: ../../include/myaddrinfo.h
 smtp.o: ../../include/mymalloc.h
 smtp.o: ../../include/name_code.h
 smtp.o: ../../include/name_mask.h
 smtp.o: ../../include/recipient_list.h
 smtp.o: ../../include/resolve_clnt.h
 smtp.o: ../../include/scache.h
+smtp.o: ../../include/sock_addr.h
 smtp.o: ../../include/string_list.h
 smtp.o: ../../include/stringops.h
 smtp.o: ../../include/sys_defs.h
diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c
index 29c08475c..b13900fa0 100644
--- a/postfix/src/smtp/lmtp_params.c
+++ b/postfix/src/smtp/lmtp_params.c
@@ -53,6 +53,7 @@
 	VAR_LMTP_BODY_CHKS, DEF_LMTP_BODY_CHKS, &var_smtp_body_chks, 0, 0,
 	VAR_LMTP_RESP_FILTER, DEF_LMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0,
 	VAR_LMTP_ADDR_PREF, DEF_LMTP_ADDR_PREF, &var_smtp_addr_pref, 1, 0,
+	VAR_LMTP_DNS_RES_OPT, DEF_LMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE lmtp_time_table[] = {
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 3cf74660c..b58ad8436 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -230,6 +230,10 @@
 /*	Available in Postfix version 2.6 and later:
 /* .IP "\fBtcp_windowsize (0)\fR"
 /*	An optional workaround for routers that break TCP window scaling.
+/* .PP
+/*	Available in Postfix version 2.8 and later:
+/* .IP "\fBsmtp_dns_resolver_options (empty)\fR"
+/*	DNS Resolver options for the Postfix SMTP client.
 /* MIME PROCESSING CONTROLS
 /* .ad
 /* .fi
@@ -690,6 +694,10 @@
 #include <maps.h>
 #include <ext_prop.h>
 
+/* DNS library. */
+
+#include <dns.h>
+
 /* Single server skeleton. */
 
 #include <mail_server.h>
@@ -802,6 +810,7 @@ char   *var_smtp_nest_chks;
 char   *var_smtp_body_chks;
 char   *var_smtp_resp_filter;
 bool    var_lmtp_assume_final;
+char   *var_smtp_dns_res_opt;
 
  /* Special handling of 535 AUTH errors. */
 char   *var_smtp_sasl_auth_cache_name;
@@ -817,6 +826,7 @@ SCACHE *smtp_scache;
 MAPS   *smtp_ehlo_dis_maps;
 MAPS   *smtp_generic_maps;
 int     smtp_ext_prop_mask;
+unsigned smtp_dns_res_opt;
 MAPS   *smtp_pix_bug_maps;
 HBC_CHECKS *smtp_header_checks;		/* limited header checks */
 HBC_CHECKS *smtp_body_checks;		/* limited body checks */
@@ -919,6 +929,11 @@ static void post_init(char *unused_name, char **unused_argv)
 	SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
 	0,
     };
+    static const NAME_MASK dns_res_opt_masks[] = {
+	SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES,
+	SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH,
+	0,
+    };
 
     /*
      * Select hostname lookup mechanisms.
@@ -945,6 +960,12 @@ static void post_init(char *unused_name, char **unused_argv)
 					 var_ipc_idle_limit,
 					 var_ipc_ttl_limit);
 #endif
+
+    /*
+     * Select DNS query flags.
+     */
+    smtp_dns_res_opt = name_mask(VAR_SMTP_DNS_RES_OPT, dns_res_opt_masks,
+				var_smtp_dns_res_opt);
 }
 
 /* pre_init - pre-jail initialization */
diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h
index 5174fe38d..7c087824d 100644
--- a/postfix/src/smtp/smtp.h
+++ b/postfix/src/smtp/smtp.h
@@ -179,6 +179,7 @@ extern MAPS *smtp_pix_bug_maps;		/* PIX workarounds */
 
 extern MAPS *smtp_generic_maps;		/* make internal address valid */
 extern int smtp_ext_prop_mask;		/* address externsion propagation */
+extern unsigned smtp_dns_res_opt;	/* DNS query flags */
 
 #ifdef USE_TLS
 
diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index efba64a4f..811d18461 100644
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -155,7 +155,7 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host,
      * should not clobber a soft error text and status code.
      */
     if (smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) {
-	switch (dns_lookup_v(host, RES_DEFNAMES, &addr, (VSTRING *) 0,
+	switch (dns_lookup_v(host, smtp_dns_res_opt, &addr, (VSTRING *) 0,
 			     why->reason, DNS_REQ_FLAG_NONE,
 			     proto_info->dns_atype_list)) {
 	case DNS_OK:
diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c
index 7aca14e8d..1d8abf015 100644
--- a/postfix/src/smtp/smtp_params.c
+++ b/postfix/src/smtp/smtp_params.c
@@ -54,6 +54,7 @@
 	VAR_SMTP_BODY_CHKS, DEF_SMTP_BODY_CHKS, &var_smtp_body_chks, 0, 0,
 	VAR_SMTP_RESP_FILTER, DEF_SMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0,
 	VAR_SMTP_ADDR_PREF, DEF_SMTP_ADDR_PREF, &var_smtp_addr_pref, 1, 0,
+	VAR_SMTP_DNS_RES_OPT, DEF_SMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE smtp_time_table[] = {
diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c
index deb752108..a6a13bb0c 100644
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@@ -356,6 +356,9 @@ static int smtpd_proxy_connect(SMTPD_STATE *state)
     /* Needed by our DATA-phase record emulation routines. */
     vstream_control(proxy->service_stream, VSTREAM_CTL_CONTEXT,
 		    (char *) state, VSTREAM_CTL_END);
+    /* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
+    if (connect_fn == inet_connect)
+	vstream_tweak_tcp(proxy->service_stream);
     smtp_timeout_setup(proxy->service_stream, proxy->timeout);
 
     /*