diff --git a/postfix/HISTORY b/postfix/HISTORY
index 53dffb506..4c118e437 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -10684,10 +10684,15 @@ Apologies for any names omitted.
 	Bugfix: don't panic when the fall-back relay can't be used
 	because it was already tried via a cached session. Produce
 	a default excuse instead. File: smtp/smtp_connect.c.
-	
+
 	Bugfix: postsuper could lose an error message after reporting
 	a fatal error.  File: postsuper/postsuper.c.
- 
+
+20050426
+
+	Bugfix: simplified and improved the 20050422 fall-back relay
+	fix. File: smtp/smtp_connect.c.
+
 Open problems:
 
 	Med: disable header address rewriting after XCLIENT?
diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index 5a2482a9f..0c5eb1112 100644
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -297,15 +297,19 @@ EEnnaabblliinngg SSAASSLL aauutthheennttiiccaattiioonn
 Turn on client-side SASL authentication, and specify a table with per-host or
 per-destination username and password information. Postfix first looks up the
 server hostname; if no entry is found, then Postfix looks up the destination
-domain name (usually, the right-hand part of an email address).
+domain name. Usually, this is the right-hand part of an email address, but it
+can also be a hostname or address enclosed in [], with an optional ":port", as
+specified with relayhost in with transport_maps.
 
     /etc/postfix/main.cf:
         smtp_sasl_auth_enable = yes
         smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 
     /etc/postfix/sasl_passwd:
-        foo.com             username:password
-        bar.com             username
+        foo.com                     username:password
+        bar.com                     username
+        [mail.myisp.net]            username:password
+        [mail.myisp.net]:submission username:password
 
 Note: some SMTP servers support PLAIN or LOGIN authentication only. By default,
 the Postfix SMTP client does not use authentication methods that send plaintext
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index 9d584b411..414aee0a4 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -441,11 +441,13 @@ then get back to Postfix. </p>
 <h2><a name="client_sasl">Enabling SASL authentication in the
 Postfix SMTP client</a></h2>
 
-<p> Turn on client-side SASL authentication, and specify a table with
-per-host or per-destination username and password information.
+<p> Turn on client-side SASL authentication, and specify a table
+with per-host or per-destination username and password information.
 Postfix first looks up the server hostname; if no entry is found,
-then Postfix looks up the destination domain name (usually, the
-right-hand part of an email address). </p>
+then Postfix looks up the destination domain name. Usually, this
+is the right-hand part of an email address, but it can also be a
+hostname or address enclosed in [], with an optional ":port", as
+specified with <a href="postconf.5.html#relayhost">relayhost</a> in with <a href="postconf.5.html#transport_maps">transport_maps</a>. </p>
 
 <blockquote>
 <pre>
@@ -454,8 +456,10 @@ right-hand part of an email address). </p>
     <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
 
 /etc/postfix/sasl_passwd:
-    foo.com             username:password
-    bar.com             username
+    foo.com                     username:password
+    bar.com                     username
+    [mail.myisp.net]            username:password
+    [mail.myisp.net]:submission username:password
 </pre>
 </blockquote>
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index e70eb9994..efdedf980 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -5994,6 +5994,8 @@ auth, etc.) that the SMTP client will ignore in the EHLO response
 from a remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for
 details. </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 
 </DD>
 
@@ -6004,6 +6006,8 @@ details. </p>
 auth, etc.) that the SMTP client will ignore in the EHLO response
 from a remote SMTP server. </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 <p> Notes: </p>
 
 <ul>
@@ -7467,6 +7471,8 @@ auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details.
 </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 
 </DD>
 
@@ -7477,6 +7483,8 @@ to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keyword
 auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client. </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 <p> Notes: </p>
 
 <ul>
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index b37063363..f1dd46cc6 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -3319,11 +3319,15 @@ case insensitive lists of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP client will ignore in the EHLO response
 from a remote SMTP server. See smtp_discard_ehlo_keywords for
 details.
+.PP
+This feature is available in Postfix 2.2 and later.
 .SH smtp_discard_ehlo_keywords (default: empty)
 A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP client will ignore in the EHLO response
 from a remote SMTP server.
 .PP
+This feature is available in Postfix 2.2 and later.
+.PP
 Notes:
 .IP \(bu
 Specify the \fBsilent-discard\fR pseudo keyword to prevent
@@ -4244,11 +4248,15 @@ Lookup tables, indexed by the remote SMTP client address, with
 case insensitive lists of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client. See smtpd_discard_ehlo_keywords for details.
+.PP
+This feature is available in Postfix 2.2 and later.
 .SH smtpd_discard_ehlo_keywords (default: empty)
 A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client.
 .PP
+This feature is available in Postfix 2.2 and later.
+.PP
 Notes:
 .IP \(bu
 Specify the \fBsilent-discard\fR pseudo keyword to prevent
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 4c9c64055..931eed9a6 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -441,11 +441,13 @@ then get back to Postfix. </p>
 <h2><a name="client_sasl">Enabling SASL authentication in the
 Postfix SMTP client</a></h2>
 
-<p> Turn on client-side SASL authentication, and specify a table with
-per-host or per-destination username and password information.
+<p> Turn on client-side SASL authentication, and specify a table
+with per-host or per-destination username and password information.
 Postfix first looks up the server hostname; if no entry is found,
-then Postfix looks up the destination domain name (usually, the
-right-hand part of an email address). </p>
+then Postfix looks up the destination domain name. Usually, this
+is the right-hand part of an email address, but it can also be a
+hostname or address enclosed in [], with an optional ":port", as
+specified with relayhost in with transport_maps. </p>
 
 <blockquote>
 <pre>
@@ -454,8 +456,10 @@ right-hand part of an email address). </p>
     smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 
 /etc/postfix/sasl_passwd:
-    foo.com             username:password
-    bar.com             username
+    foo.com                     username:password
+    bar.com                     username
+    [mail.myisp.net]            username:password
+    [mail.myisp.net]:submission username:password
 </pre>
 </blockquote>
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 549bbc312..18bddab76 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -7616,6 +7616,8 @@ and virtual_alias_maps. </p>
 auth, etc.) that the SMTP client will ignore in the EHLO response
 from a remote SMTP server. </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 <p> Notes: </p>
 
 <ul>
@@ -7634,6 +7636,8 @@ discard EHLO keywords selectively. </p>
 auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client. </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 <p> Notes: </p>
 
 <ul>
@@ -7645,6 +7649,7 @@ this action from being logged. </p>
 to discard EHLO keywords selectively.  </p>
 
 </ul>
+
 %PARAM smtp_discard_ehlo_keyword_address_maps
 
 <p> Lookup tables, indexed by the remote SMTP server address, with
@@ -7653,6 +7658,8 @@ auth, etc.) that the SMTP client will ignore in the EHLO response
 from a remote SMTP server. See smtp_discard_ehlo_keywords for
 details. </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 %PARAM smtpd_discard_ehlo_keyword_address_maps
 
 <p> Lookup tables, indexed by the remote SMTP client address, with
@@ -7661,6 +7668,8 @@ auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client. See smtpd_discard_ehlo_keywords for details.
 </p>
 
+<p> This feature is available in Postfix 2.2 and later. </p>
+
 %PARAM connection_cache_service scache
 
 <p> The name of the scache(8) connection cache service.  This service
diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c
index e4b31661c..8396e10aa 100644
--- a/postfix/src/cleanup/cleanup_envelope.c
+++ b/postfix/src/cleanup/cleanup_envelope.c
@@ -298,6 +298,7 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
 		msg_warn("%s: message rejected: bad rewriting context: %.100s",
 			 state->queue_id, attr_value);
 		state->errs |= CLEANUP_STAT_BAD;
+		myfree(sbuf);
 		return;
 	    }
 	}
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0914990ea..b6236a6c9 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only.
   */
-#define MAIL_RELEASE_DATE	"20050422"
+#define MAIL_RELEASE_DATE	"20050426"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index 74b8d51a8..73fecccc2 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -568,7 +568,6 @@ int     smtp_connect(SMTP_STATE *state)
 	    (*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites))
 
     for (cpp = sites->argv; SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; cpp++) {
-	state->final_server = (cpp[1] == 0);
 
 	/*
 	 * Parse the destination. Default is to use the SMTP port. Look up
@@ -593,7 +592,11 @@ int     smtp_connect(SMTP_STATE *state)
 	    /* XXX We could be an MX host for this destination... */
 	} else {
 	    addr_list = smtp_domain_addr(domain, misc_flags, why, &i_am_mx);
+	    /* If we're MX host, don't connect to non-MX backups. */
+	    if (i_am_mx)
+		cpp[1] = 0;
 	}
+	state->final_server = (cpp[1] == 0);
 
 	/*
 	 * When session caching is enabled, store the first good session for
@@ -683,8 +686,7 @@ int     smtp_connect(SMTP_STATE *state)
 	    if ((state->session = session) != 0) {
 		if (++sess_count == var_smtp_mxsess_limit)
 		    next = 0;
-		state->final_server = (next == 0 && (cpp[1] == 0 || (i_am_mx
-		&& IS_FALLBACK_RELAY(cpp + 1, sites, non_fallback_sites))));
+		state->final_server = (cpp[1] == 0 && next == 0);
 		if (addr->pref == domain_best_pref)
 		    session->features |= SMTP_FEATURE_BEST_MX;
 		if ((session->features & SMTP_FEATURE_FROM_CACHE) != 0
