diff --git a/postfix/BEWARE b/postfix/BEWARE
deleted file mode 100644
index 5b0b893aa..000000000
--- a/postfix/BEWARE
+++ /dev/null
@@ -1,38 +0,0 @@
-LINUX SYSLOGD PERFORMANCE
-=========================
-
-LINUX syslogd uses synchronous writes by default, which is very
-expensive. For services such as mail it is recommended that you
-disable synchronous logfile writes by prepending a - to the logfile
-name:
-
-    mail.*                          -/var/log/mail.log
-
-SPAM BLOCKING SOURCE ROUTED ADDRESSES
-=====================================
-
-If you relay mail for other domains, you must prevent unauthorized
-relay of addresses such as:
-
-    user@elsewhere@the.other.domain
-    user%elsewhere@the.other.domain
-    elsewhere!user@the.other.domain
-
-The simplest solution is to install a regular expression filter:
-
-    /etc/postfix/main.cf: 
-	smtpd_recipient_restrictions = regexp:/etc/postfix/regexp_access
-
-    /etc/postfix/regexp_access:
-	/[%!@].*@/ 550 Sender specified routing is not supported here.
-
-For the local domain, Postfix will do the right thing with:
-
-    user@elsewhere@my.own.domain
-    user%elsewhere@my.own.domain
-    elsewhere!user@my.own.domain
-
-That is, it bounces the first form because "user@elsewhere" is not
-a valid local user, and it accepts the second and third forms only
-when user@elsewhere is a valid relay destination.
-
diff --git a/postfix/HISTORY b/postfix/HISTORY
index 53f5976ad..224a62968 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -2600,7 +2600,7 @@ Apologies for any names omitted.
 19990410
 
 	Bugfix: auto-detection of changes to DB or DBM lookup
-	tables wan't done for TCP connections.
+	tables wasn't done for TCP connections.
 
 19990410
 
@@ -3412,7 +3412,12 @@ Apologies for any names omitted.
 
 19991217
 
-	Cleanup: no more UCE checks for VRFY commands.
+	Cleanup: no more UCE checks for VRFY commands. It still
+	reports unknown local/virtual users. File:  smtpd/smtpd_check.c.
+
+	Robustness: upon Postfix startup, report discrepancies
+	between system files inside and outside the chroot jail.
+	Files: conf/postfix-script-nosgid, conf/postfix-script-sgid.
 
 19991218
 
@@ -3422,17 +3427,47 @@ Apologies for any names omitted.
 19991219
 
 	Documentation: completely reorganized the FAQ and added
-	many new entries.
+	many new entries. Rewrote the UCE html documentation.
 
 	Cleanup: INSTALL.sh uses a configurable directory for
 	scratch files, so that it can install from a file system
 	that is not writable by the super-user.
 
+	Cleanup: INSTALL.sh gives helpful hints when the "mv"
+	command is unable to move symlinks across file system
+	boundaries.
+
 19991220
 
 	Cleanup: it is no longer necessary to list $virtual_maps
 	as part of the relay_domains definition. The SMTP server
-	now by default accepts mail for domains that match
-	$mydestination or $virtual_maps, or that resolve to a mail
-	delivery transport that is listed in $local_transport.
-	Files: smtpd/smtpd_check.c and lots of documentation.
+	now by default accepts mail for destinations that match
+	$inet_interfaces, $mydestination or $virtual_maps, whether
+	or not these are specified in relay_domains.  We still need
+	the ugly "virtual.domain whatever" hack in the virtual
+	maps. Files:  smtpd/smtpd_check.c and lots of documentation
+	and sample config files.
+
+19991221
+
+	Removed cyrus -q flag (ignore quotas) from the sample
+	master.cf file.
+
+19991223
+
+	Bugfix: smtpd should not check for unknown users when
+	running in stand-alone (sendmail -bs) mode. Problem
+	experienced by Chuck Mead.  File: smtpd/smtpd.c.
+
+	Retraction: the "local_transports" configuration parameter
+	is gone. Adjusted code and documentation accordingly.
+	Instead, use just one "local_transport" parameter with the
+	name of the default local transport. Files:  smtpd/smtpd_check.c,
+	qmgr/qmgr_message.c, trivial-rewrite/ resolve.c, local/resolve.c.
+
+	Feature: Postfix SMTPD now insists that the smtpd recipient
+	restrictions contain at least one restriction that by
+	default rejects mail. This should make it much more difficult
+	to change Postfix into an open relay.  File:  smtpd/smtpd_check.c.
+
+	Retraction: null-length inet_interfaces is too confusing.
diff --git a/postfix/INSTALL.sh b/postfix/INSTALL.sh
index 481f7957c..4bd312967 100644
--- a/postfix/INSTALL.sh
+++ b/postfix/INSTALL.sh
@@ -20,10 +20,10 @@ Before installing files, this script prompts you for some definitions.
 Most definitions will be remembered, so you have to specify them
 only once. All definitions have a reasonable default value.
 
-    tempdir - where to write scratch files
-
     install_root - prefix for installed file names (for package building)
 
+    tempdir - where to write scratch files
+
     config_directory - directory with Postfix configuration files.
     daemon_directory - directory with Postfix daemon programs.
     command_directory - directory with Postfix administrative commands.
@@ -60,9 +60,9 @@ compare_or_symlink() {
 	rm -f $tempdir/junk || exit 1
 	target=`echo $1 | sed '
 	    s;^'$install_root';;
-	    s;//;/;g
 	    s;/\./;/;g
-	    s;^/*;;
+	    s;//*;/;g
+	    s;^/;;
 	    H
 	    s;/[^/]*$;/;
 	    s;[^/]*/;../;g
@@ -72,7 +72,8 @@ compare_or_symlink() {
 	ln -s $target $tempdir/junk || exit 1
 	mv -f $tempdir/junk $2 || { 
 	    echo Error: your mv command is unable to rename symlinks. 1>&2
-	    echo If you run Linux, upgrade to GNU fileutils-4.0 or better. 1>&2
+	    echo If you run Linux, upgrade to GNU fileutils-4.0 or better, 1>&2
+	    echo or choose a tempdir that is in the same file system as $2. 1>&2
 	    exit 1
 	}
     }
@@ -94,8 +95,8 @@ esac
 
 # Default settings. Most are clobbered by remembered settings.
 
-tempdir=`pwd`
 install_root=/
+tempdir=`pwd`
 config_directory=/etc/postfix
 daemon_directory=/usr/libexec/postfix
 command_directory=/usr/sbin
@@ -109,7 +110,7 @@ manpages=/usr/local/man
 
 # Find out the location of configuration files.
 
-for name in tempdir install_root config_directory
+for name in install_root tempdir config_directory
 do
     while :
     do
diff --git a/postfix/Makefile.in b/postfix/Makefile.in
index 043ee7736..9733deb7e 100644
--- a/postfix/Makefile.in
+++ b/postfix/Makefile.in
@@ -39,7 +39,7 @@ depend_update:
 tidy:	clean
 	rm -f Makefile */Makefile
 	cp Makefile.init Makefile
-	-rm -f *core */*core .nfs* .pure bin/* lib/* include/* libexec/* \
+	-rm -f junk *core */*core .nfs* .pure bin/* lib/* include/* libexec/* \
 	*/.nfs* */.pure *.out */*.out */*.db */*.a *~ */*~ *- */*- *.orig \
 	*/*.orig *.bak */*.bak make.err conf/main.cf.default
 	find . -type s -print | xargs rm -f
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 49d31bf8a..016de3965 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,10 +1,10 @@
-Incompatible changes with snapshot 19991219
+Incompatible changes with snapshot 19991223
 ===========================================
 
-- The experimental permit_recipient_map feature is gone. It was
-never part of an official release.  It is replaced by a
-"local_recipient_map" parameter that allows the SMTP server to
-reject mail for unknown local users (see below).
+- The experimental permit_recipient_map and local_transports features
+are gone. They were never part of an official release.  Both are
+replaced by a "local_recipient_map" parameter that allows the SMTP
+server to reject mail for unknown local users (see below).
 
 - In an SMTPD access map, an all-numeric right-hand side now means
 OK.  This is for better cooperation with out-of-band authentication
@@ -21,19 +21,30 @@ main.cf.
 SMTPD access control tables. Use the local_recipient_maps feature
 instead.
 
-- transport_maps entries override mydestination.  For every
-$mydestination domain that matches a transport map entry, or a
-parent domain of a transport map entry, you must now add a
-corresponding "domain.name local:" entry in your transport_maps.
-See the html/faq.html sections for firewalls and intranets.
+- transport_maps entries override mydestination.  If you use
+transport maps, it is better to always have explicit entries for
+all domain names you have in $mydestination.  See the html/faq.html
+sections for firewalls and intranets.
 
-Major changes with snapshot 19991219
+Major changes with snapshot 19991223
 ====================================
 
+- It is now much more difficult to configure Postfix as an open
+relay. The SMTP server requires that "smtpd_recipient_restrictions"
+contains at least one restriction that by default refuses mail (as
+is the default).  There were too many accidents with changes to
+the UCE restrictions.
+
+- The relay_domains parameter no longer needs to contain $virtual_maps.
+
 - Overhauled FAQ (html/faq.html) with many more examples.
 
+- Updated UCE documentation (html/uce.html) with more examples.
+More UCE configuration examples in sample configuration files.
+
 - Several little improvements to the installation procedure:
-relative symlinks, configurable directory for scratch files.
+relative symlinks, configurable directory for scratch files so the
+installation can be done without write access to the build tree.
 
 - Updated LDAP client code (John Hensley).
 
diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index bd414eaa1..7aa37deff 100644
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -277,14 +277,17 @@ mail_owner = postfix
 # mail to.  See the smtpd_recipient_restrictions restriction in the
 # file sample-smtpd.cf.
 #
-# By default, Postfix relays mail from clients whose IP address
-# matches $mynetworks, and from clients or to destination domains
-# matching $relay_domains or subdomains thereof. The default
-# relay_domains value is $mydestination.
+# By default, Postfix relays mail
+# - from clients whose IP address matches $mynetworks, 
+# - from clients matching $relay_domains or subdomains thereof,
+# - to destinations that match $relay_domains or subdomains thereof.
+# The default relay_domains value is $mydestination.
 # 
-# By default, the Postfix SMTP server accepts mail for domains listed
-# in $mydestination and in $virtual_maps, and for destinations that
-# resolve to a mail delivery transport listed in $local_transports.
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_maps.
 # These destinations do not need to be listed in $relay_domains.
 # 
 # Specify a list of hosts or domains, /file/name patterns or type:name
diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf
index 39ef93f26..e33946f03 100644
--- a/postfix/conf/master.cf
+++ b/postfix/conf/master.cf
@@ -65,7 +65,7 @@ showq     unix	n	-	n	-	-	showq
 error     unix	-	-	n	-	-	error
 local	  unix	-	n	n	-	-	local
 cyrus	  unix	-	n	n	-	-	pipe
-    flags=R user=cyrus argv=/cyrus/bin/deliver -e -q -m ${extension} ${user}
+    flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
 uucp	  unix	-	n	n	-	-	pipe
     flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 ifmail    unix  -       n       n       -       -       pipe
diff --git a/postfix/conf/sample-local.cf b/postfix/conf/sample-local.cf
index 3041f8214..5bc62a6bd 100644
--- a/postfix/conf/sample-local.cf
+++ b/postfix/conf/sample-local.cf
@@ -7,6 +7,19 @@
 # See the sample-aliases.cf file for parameters that are specific to
 # alias database lookup.
 
+#
+# OVERRIDE LOCAL TRANSPORT
+#
+
+# The local_transport parameter specifies the name of the transport
+# for delivery to destinations that match $mydestination or
+# $inet_interfaces.
+#
+# By default, local mail is delivered to the transport called "local",
+# which is just the name of a service that is defined the master.cf file.
+#
+local_transport = local
+
 #
 # SECURITY CONTROLS
 #
diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf
index 8a0613207..1f77a4290 100644
--- a/postfix/conf/sample-smtpd.cf
+++ b/postfix/conf/sample-smtpd.cf
@@ -38,9 +38,9 @@ smtpd_banner = $myhostname ESMTP $mail_name
 #   permit_mynetworks: permit if the client address matches $mynetworks.
 #   check_client_access maptype:mapname
 #   maptype:mapname: look up client name, parent domains, client address,
-#                   or networks obtained by stripping octets.
-#                   Reject if result is REJECT or "[45]xx text"
-#                   Permit otherwise.
+#	or networks obtained by stripping octets.
+#	Reject if result is REJECT or "[45]xx text"
+#	Permit otherwise.
 #   reject_maps_rbl: reject if the client is listed under $maps_rbl_domains.
 #   reject: reject the request. Place this at the end of a restriction.
 #   permit: permit the request. Place this at the end of a restriction.
@@ -97,9 +97,9 @@ smtpd_hard_error_limit = 100
 #   permit_mynetworks: permit if the client address matches $mynetworks.
 #   check_client_access maptype:mapname
 #   maptype:mapname: look up client name, parent domains, client address,
-#                   or networks obtained by stripping octets.
-#                   Reject if result is REJECT or "[45]xx text"
-#                   Permit otherwise.
+#	or networks obtained by stripping octets.
+#	Reject if result is REJECT or "[45]xx text"
+#	Permit otherwise.
 #   reject_maps_rbl: reject if the client is listed under $maps_rbl_domains.
 #   reject: reject the request. Place this at the end of a restriction.
 #   permit: permit the request. Place this at the end of a restriction.
@@ -110,6 +110,8 @@ smtpd_hard_error_limit = 100
 # Specify a list of restrictions, separated by commas and/or whitespace.
 # Continue long lines by starting the next line with whitespace.
 #
+#smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
+#smtpd_client_restrictions = reject_maps_rbl, reject_unknown_client
 smtpd_client_restrictions = 
 
 # The smtpd_helo_required parameter optionally turns on the requirement
@@ -133,8 +135,8 @@ smtpd_helo_required = no
 #   reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
 #   check_helo_access maptype:mapname
 #   maptype:mapname: look up HELO hostname or parent domains.
-#                   Reject if result is REJECT or "[45]xx text"
-#                   Permit otherwise.
+#	Reject if result is REJECT or "[45]xx text"
+#	Permit otherwise.
 #   check_client_access maptype:mapname: see smtpd_client_restrictions.
 #   reject: reject the request. Place this at the end of a restriction.
 #   permit: permit the request. Place this at the end of a restriction.
@@ -145,7 +147,7 @@ smtpd_helo_required = no
 # Specify a list of restrictions, separated by commas and/or whitespace.
 # Continue long lines by starting the next line with whitespace.
 #
-# smtpd_helo_restrictions = reject_invalid_hostname
+# smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
 # smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname
 smtpd_helo_restrictions = 
 
@@ -163,8 +165,8 @@ smtpd_helo_restrictions =
 #   reject_unknown_sender_domain: reject sender domain without A or MX record.
 #   check_sender_access maptype:mapname
 #   maptype:mapname: look up sender address, parent domain, or localpart@.
-#                   Reject if result is REJECT or "[45]xx text"
-#                   Permit otherwise.
+#	Reject if result is REJECT or "[45]xx text"
+#	Permit otherwise.
 #   check_client_access maptype:mapname: see smtpd_client_restrictions.
 #   check_helo_access maptype:mapname: see smtpd_helo_restrictions.
 #   reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
@@ -185,14 +187,17 @@ smtpd_sender_restrictions =
 # The smtpd_recipient_restrictions parameter specifies restrictions on
 # recipient addresses that SMTP clients can send in RCPT TO commands.
 # 
-# By default, Postfix relays mail from clients whose IP address
-# matches $mynetworks, and from clients or to destination domains
-# matching $relay_domains or subdomains thereof. The default
-# relay_domains value is $mydestination.
+# By default, Postfix relays mail
+# - from clients whose IP address matches $mynetworks,
+# - from clients matching $relay_domains or subdomains thereof,
+# - to destinations that match $relay_domains or subdomains thereof.
+# The default relay_domains value is $mydestination.
 #
-# By default, the Postfix SMTP server accepts mail for domains listed
-# in $mydestination and in $virtual_maps, and for destinations that
-# resolve to a mail delivery transport listed in $local_transports.
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_maps.
 # These destinations do not need to be listed in $relay_domains.
 # 
 # The following restrictions are available (* is part of default setting):
@@ -203,19 +208,27 @@ smtpd_sender_restrictions =
 #   reject_invalid_hostname: reject HELO hostname with bad syntax.
 #   reject_unknown_hostname: reject HELO hostname without DNS A or MX record.
 #   reject_unknown_sender_domain: reject sender domain without A or MX record.
-#  *check_relay_domains: permit only mail from clients/to domains matching 
-#	$relay_domains, or to $mydestination, $virtual_maps or $local_transports
-#   permit_auth_destination: permit mail to domains matching $relay_domains,
-#	or to $mydestination, $virtual_maps or $local_transports.
-#   reject_unauth_destination: reject mail not to $relay_domains or to 
-#	$mydestination, $virtual_maps or $local_transports.
+#  *check_relay_domains: permit only mail 
+#	- from clients matching $relay_domains or subdomain thereof,
+#	- to destinations matching $relay_domains or subdomain thereof,
+#	- to destinations matching $inet_interfaces, $mydestination, 
+#	  or $virtual_maps.
+#	Reject anything else.
+#   permit_auth_destination: permit mail 
+#	- to destinations matching $relay_domains or subdomain thereof,
+#	- to destinations matching $inet_interfaces, $mydestination, 
+#	  or $virtual_maps.
+#   reject_unauth_destination: reject mail unless it is sent 
+#	- to destinations matching $relay_domains or subdomain thereof,
+#	- to destinations matching $inet_interfaces, $mydestination, 
+#	  or $virtual_maps.
 #   reject_unauth_pipelining: reject mail from improperly pipelining spamware
 #   permit_mx_backup: accept mail for sites that list me as MX host.
 #   reject_unknown_recipient_domain: reject domains without A or MX record.
 #   check_recipient_access maptype:mapname
 #   maptype:mapname: look up recipient address, parent domain, or localpart@.
-#                   Reject if result is REJECT or "[45]xx text"
-#                   Permit otherwise.
+#	Reject if result is REJECT or "[45]xx text"
+#	Permit otherwise.
 #   check_client_access maptype:mapname: see smtpd_client_restrictions.
 #   check_helo_access maptype:mapname: see smtpd_helo_restrictions.
 #   check_sender_access maptype:mapname: see smtpd_sender_restrictions.
@@ -231,6 +244,10 @@ smtpd_sender_restrictions =
 # Specify a list of restrictions, separated by commas and/or whitespace.
 # Continue long lines by starting the next line with whitespace.
 #
+# NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS
+# OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL:
+#	reject, check_relay_domains, reject_unauth_destination
+#
 smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
 
 #
@@ -254,14 +271,17 @@ maps_rbl_domains = rbl.maps.vix.com
 # and restricts what destination domains (and subdomains thereof)
 # this system will relay mail to.
 # 
-# By default, Postfix relays mail from clients whose IP address
-# matches $mynetworks, and from clients or to destination domains
-# matching $relay_domains or subdomains thereof. The default
-# relay_domains value is $mydestination.
-#
-# By default, the Postfix SMTP server accepts mail for domains listed
-# in $mydestination and in $virtual_maps, and for destinations that
-# resolve to a mail delivery transport listed in $local_transports.
+# By default, Postfix relays mail
+# - from clients whose IP address matches $mynetworks, 
+# - from clients matching $relay_domains or subdomains thereof,
+# - to destinations that match $relay_domains or subdomains thereof.
+# The default relay_domains value is $mydestination.  
+# 
+# In addition to the above, the Postfix SMTP server by default accepts mail 
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces, 
+# - destinations that match $mydestination 
+# - destinations that match $virtual_maps.
 # These destinations do not need to be listed in $relay_domains.
 #
 # Specify a list of hosts or domains, /file/name patterns or type:name
diff --git a/postfix/conf/sample-transport.cf b/postfix/conf/sample-transport.cf
index 0b6e94a7e..8ecd2b56b 100644
--- a/postfix/conf/sample-transport.cf
+++ b/postfix/conf/sample-transport.cf
@@ -4,14 +4,6 @@
 # This file contains example settings of Postfix configuration
 # parameters that control the optional transport table lookups.
 
-# The local_transports parameter defines the name of the default
-# transport for local mail delivery, plus zero or more names of
-# additional transports that are known to deliver locally. By default,
-# the SMTP server's UCE restrictions permit mail for any destination
-# that resolves to a mail delivery transport in $local_transports.
-#
-local_transports = local,cyrus
-
 # The transport_maps parameter specifies optional tables with domain
 # to (transport, nexthop) mappings. See transport(5) for syntax details.
 #
diff --git a/postfix/global/Makefile.in b/postfix/global/Makefile.in
index eb810ae6d..1eefc0ee1 100644
--- a/postfix/global/Makefile.in
+++ b/postfix/global/Makefile.in
@@ -3,7 +3,7 @@ SRCS	= been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \
 	debug_peer.c debug_process.c defer.c deliver_completed.c \
 	deliver_flock.c deliver_pass.c deliver_request.c domain_list.c \
 	dot_lockfile.c dot_lockfile_as.c ext_prop.c file_id.c \
-	header_opts.c is_header.c local_transport.c mail_addr.c \
+	header_opts.c is_header.c mail_addr.c \
 	mail_addr_crunch.c mail_addr_find.c mail_addr_map.c \
 	mail_command_read.c mail_command_write.c mail_conf.c \
 	mail_conf_bool.c mail_conf_int.c mail_conf_raw.c mail_conf_str.c \
@@ -22,7 +22,7 @@ OBJS	= been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
 	debug_peer.o debug_process.o defer.o deliver_completed.o \
 	deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
 	dot_lockfile.o dot_lockfile_as.o ext_prop.o file_id.o \
-	header_opts.o is_header.o local_transport.o mail_addr.o \
+	header_opts.o is_header.o mail_addr.o \
 	mail_addr_crunch.o mail_addr_find.o mail_addr_map.o \
 	mail_command_read.o mail_command_write.o mail_conf.o \
 	mail_conf_bool.o mail_conf_int.o mail_conf_raw.o mail_conf_str.o \
@@ -41,7 +41,7 @@ HDRS	= been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
 	config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
 	deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
 	dot_lockfile.h dot_lockfile_as.h ext_prop.h file_id.h \
-	header_opts.h is_header.h local_transport.h mail_addr.h \
+	header_opts.h is_header.h mail_addr.h \
 	mail_addr_crunch.h mail_addr_find.h mail_addr_map.h mail_conf.h \
 	mail_copy.h mail_date.h mail_error.h mail_flush.h mail_open_ok.h \
 	mail_params.h mail_proto.h mail_queue.h mail_run.h mail_scan_dir.h \
diff --git a/postfix/global/mail_connect.c b/postfix/global/mail_connect.c
index 61309c741..388d67d2b 100644
--- a/postfix/global/mail_connect.c
+++ b/postfix/global/mail_connect.c
@@ -109,14 +109,12 @@ VSTREAM *mail_connect_wait(const char *class, const char *name)
      * XXX Solaris workaround for ECONNREFUSED on a busy socket.
      */
     while ((stream = mail_connect(class, name, BLOCKING)) == 0) {
-	if (errno == ECONNREFUSED || errno == ENOENT) {
-	    if (count++ >= 10) {
-		msg_fatal("connect #%d to subsystem %s/%s: %m",
-			  count, class, name);
-	    } else {
-		msg_warn("connect #%d to subsystem %s/%s: %m",
-			 count, class, name);
-	    }
+	if (count++ >= 10) {
+	    msg_fatal("connect #%d to subsystem %s/%s: %m",
+		      count, class, name);
+	} else {
+	    msg_warn("connect #%d to subsystem %s/%s: %m",
+		     count, class, name);
 	}
 	sleep(10);				/* XXX make configurable */
     }
diff --git a/postfix/global/mail_params.c b/postfix/global/mail_params.c
index 9cd1100fc..6a0c55456 100644
--- a/postfix/global/mail_params.c
+++ b/postfix/global/mail_params.c
@@ -57,7 +57,6 @@
 /*	time_t	var_starttime;
 /*	int	var_ownreq_special;
 /*	int	var_daemon_timeout;
-/*	char	*var_local_transports;
 /*
 /*	void	mail_params_init()
 /* DESCRIPTION
@@ -162,7 +161,6 @@ int     var_soft_bounce;
 time_t  var_starttime;
 int     var_ownreq_special;
 int     var_daemon_timeout;
-char   *var_local_transports;
 
 /* check_myhostname - lookup hostname and validate */
 
@@ -261,7 +259,7 @@ void    mail_params_init()
 	VAR_COMMAND_DIR, DEF_COMMAND_DIR, &var_command_dir, 1, 0,
 	VAR_QUEUE_DIR, DEF_QUEUE_DIR, &var_queue_dir, 1, 0,
 	VAR_PID_DIR, DEF_PID_DIR, &var_pid_dir, 1, 0,
-	VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, 0, 0,
+	VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, 1, 0,
 	VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
 	VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
 	VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 1, 0,
@@ -269,7 +267,6 @@ void    mail_params_init()
 	VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0,
 	VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0,
 	VAR_RCPT_DELIM, DEF_RCPT_DELIM, &var_rcpt_delim, 0, 1,
-	VAR_LOCAL_TRANSP, DEF_LOCAL_TRANSP, &var_local_transports, 1, 0,
 	0,
     };
     static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h
index 7b8efaa6c..f3a9797eb 100644
--- a/postfix/global/mail_params.h
+++ b/postfix/global/mail_params.h
@@ -81,11 +81,11 @@ extern char *var_myhostname;
 extern char *var_mydomain;
 
  /*
-  * Transports that deliver locally. Order matters.
+  * The default local delivery transport.
   */
-#define VAR_LOCAL_TRANSP	"local_transports"
-#define DEF_LOCAL_TRANSP	"local,cyrus"
-extern char *var_local_transports;
+#define VAR_LOCAL_TRANSPORT	"local_transport"
+#define DEF_LOCAL_TRANSPORT	"local"
+extern char *var_local_transport;
 
  /*
   * Where to send postmaster copies of bounced mail, and other notices.
diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h
index 2f1c01900..24dbfb450 100644
--- a/postfix/global/mail_version.h
+++ b/postfix/global/mail_version.h
@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-19991220"
+#define DEF_MAIL_VERSION	"Snapshot-19991223"
 extern char *var_mail_version;
 
 /* LICENSE
diff --git a/postfix/html/faq.html b/postfix/html/faq.html
index 631126b35..57063f189 100644
--- a/postfix/html/faq.html
+++ b/postfix/html/faq.html
@@ -72,8 +72,12 @@
 
 <li><a href="#verbose">Postfix breaks "sendmail -v"</a>
 
+<li><a href="#delayed">Postfix sends no "delayed mail" notices</a>
+
 <li><a href="#root">Root's mail is delivered to nobody</a>
 
+<li><a href="#bogus">Postfix accepts mail for non-existing users</a>
+
 <li><a href="#duplicate">Postfix sends duplicate mail</a>
 
 <li><a href="#metoo">Postfix sends mail to every member of a
@@ -89,6 +93,8 @@ distribution list</a>
 
 <ul>
 
+<li><a href="#open_relay">Help! Postfix is an open relay</a>
+
 <li><a href="#mobile">Relaying mail for mobile users</a>
 
 <li><a href="#relay_virtual">Postfix refuses to receive mail for some
@@ -112,6 +118,8 @@ virtual domains</a>
 
 <li><a href="#root">Root's mail is delivered to nobody</a>
 
+<li><a href="#bogus">Postfix accepts mail for non-existing users</a>
+
 <li><a href="#some_local">Delivering some users locally while
 sending mail as user@domain</a>
 
@@ -596,6 +604,35 @@ Postfix more secure than ordinary mailers.
 
 <hr>
 
+<a name="delayed"><h3>Postfix sends no "delayed mail" notices</h3>
+
+<blockquote>
+
+When I was using Sendmail, after 4 hours, it would always send a receipt
+back to the sender saying mail delivery is delayed.
+
+</blockquote>
+
+<p>
+
+In order to make Postfix send "delayed mail" notifications after
+four hours, specify:
+
+<p>
+
+<pre>
+    <b>/etc/postfix/main.cf</b>
+	delay_warning_time = 4
+</pre>
+
+<p>
+
+
+With Postfix, delayed mail notices are turned off by default -
+people get enough mail already.
+
+<hr>
+
 <a name="duplicate"><h3>Postfix sends duplicate mail</h3> </a>
 
 Some people will complain that Postfix sends duplicate messages.
@@ -650,6 +687,67 @@ aliasing loops.
 
 <hr>
 
+<a name="open_relay"><h3>Help! Postfix is an open relay</h3>
+
+According to some relay checking software, Postfix accepts
+mail for arbitrary non-local destinations:
+
+<p>
+
+<pre>
+    &gt;&gt;&gt; MAIL FROM:&lt;someone@some.where&gt;
+    &lt;&lt;&lt; 250 Ok
+    &gt;&gt;&gt; RCPT TO:&lt;test@some.other.site@your.site&gt;
+    &lt;&lt;&lt; 250 Ok
+    &gt;&gt;&gt; DATA
+    &lt;&lt;&lt; 354 End data with &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;
+    &gt;&gt;&gt; (message body)
+    &lt;&lt;&lt; 250 Ok: queued as A958F5A15
+</pre>
+
+
+<p>
+
+Don't Panic!
+
+<p>
+
+If the mail for domain <i>your.site</i> is handled by a Postfix
+machine, the mail bounces because <i>test@some.other.site</i> is
+not a known user in domain <i>your.site</i>.  In fact, the above
+mail is rejected immediately when the Postfix SMTP server is
+configured to <a href="#bogus">reject mail for unknown local
+users</a>.
+
+<p>
+
+However, there will be a problem when you are backup MX host for
+a domain that runs Sendmail, because many Sendmail configurations
+will forward the above mail to <i>test@some.other.site</i>.  The
+bad news is that your machine will be put on the black list because
+it accepted the mail, even though the problem is with the configuration
+of a Sendmail machine that is not under your control.
+
+<p>
+
+So, if you're MX relay for other sites it is prudent to block
+addresses with multiple address operators at the SMTP port, even
+though you would also block legitimate addresses.
+
+<p>
+
+<pre>
+    <b>/etc/postfix/main.cf:</b> 
+        smtpd_recipient_restrictions = 
+                regexp:/etc/postfix/regexp_access
+                ...other UCE restrictions...
+
+    <b>/etc/postfix/regexp_access</b>:
+        /[%!@].*[%!@]/ 550 Sender specified routing is not supported here.
+</pre>
+
+<hr>
+
 <a name="mobile"><h3>Relaying mail for mobile users </h3>
 
 <blockquote>
@@ -939,6 +1037,49 @@ To find out the location for your system, execute the command
 
 <hr>
 
+<a name="bogus"><h3>Postfix accepts mail for non-existing users</h3>
+
+The information in this section applies to Postfix versions 19991216
+and later.
+
+<p>
+
+By default, the Postfix SMTP server does not know what local users
+exist, and will happily accept mail for <i>unknown@your.site</i>.
+The reason is that different local delivery agents have different
+types of user databases.
+
+<p>
+
+Of course mail for a non-existent local user will eventually bounce
+as undeliverable, but why accept such mail in the first place? You
+can tell the Postfix SMTP server how find out if a user exists by
+listing all tables with local addresses in the <b>local_recipient_maps</b>
+parameter:
+
+<p>
+
+<pre>
+    <b>/etc/postfix/main.cf</b>
+	local_recipient_maps = $alias_maps, unix:passwd.byname
+</pre>
+
+<p>
+
+The above should work on UNIX systems, provided that you use the
+Postfix local delivery agent. However, if you run the Postfix SMTP
+server chrooted, on some systems it will be necessary to have a
+copy of the passwd file inside the chroot jail (typically: in
+<b>/var/spool/postfix/etc</b>).
+
+<p>
+
+By default, the Postfix SMTP server does know about Postfix <a
+href="virtual.5.html">virtual</a> maps, and will reject mail for
+<i>unknown@virtual.domain</i> without further configuration.
+
+<hr>
+
 <a name="some_local"><h3>Delivering some users locally while sending
 mail as user@domain</h3></a>
 
@@ -1421,13 +1562,6 @@ domain name:
 
 <p>
 
-<li>Verify that
-the <a
-href="uce.html#relay_domains">relay_domains</a> parameter contains
-<b>$virtual_maps</b>. This is the default setting.
-
-<p>
-
 <li>Verify that the <a
 href="uce.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
 parameter contains a restriction that depends on <a
@@ -1648,7 +1782,7 @@ is willing to relay mail for.
 
 <pre>
     <b>/etc/postfix/main.cf</b>:
-        relay_domains = some.domain $mydestination $virtual_maps ...
+        relay_domains = some.domain $mydestination ...
 </pre>
 
 <p>
diff --git a/postfix/html/uce.html b/postfix/html/uce.html
index 0094a4fca..3050f536c 100644
--- a/postfix/html/uce.html
+++ b/postfix/html/uce.html
@@ -149,6 +149,10 @@ clients this system accepts SMTP connections from.
 
 <dt>Default:
 
+<dd><b>smtpd_client_restrictions =</b>
+
+<p>
+
 <dd>Allow SMTP connections from any client.
 
 <p>
@@ -246,6 +250,10 @@ SMTP session.  Requiring this will stop some UCE software.
 
 <dt>Default:
 
+<dd><b>smtpd_helo_required = no</b>
+
+<p>
+
 <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
 does not require the use of <b>HELO</b> (<b>EHLO</b>).
 
@@ -275,8 +283,13 @@ UCE software can be stopped by being strict here.
 
 <dt>Default:
 
+<dd><b>smtpd_helo_restrictions =</b>
+
+<p>
+
 <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
-accepts any garbage in the <b>HELO</b> (<b>EHLO</b>) command.
+accepts any garbage in the <b>HELO</b> (<b>EHLO</b>) command. There
+is a lot of broken or misconfigured software on the Internet.
 
 <p>
 
@@ -296,7 +309,8 @@ on the client hostname or network address.
 
 <dt>Example:
 
-<dd> <b>smtpd_helo_restrictions = reject_invalid_hostname</b>
+<dd> <b>smtpd_helo_restrictions = permit_mynetworks,
+reject_invalid_hostname</b>
 
 <p>
 
@@ -389,8 +403,11 @@ the response code for <b>REJECT</b> results (default:  <b>554</b>).
 
 The <b>strict_rfc821_envelopes</b> parameter controls how tolerant
 Postfix is with respect to addresses given in MAIL FROM or RCPT TO
-commands. Being strict to the RFC not only stops unwanted mail,
-but also blocks legitimate mail from poorly-written mail applications.
+commands. Unfortunately, the widely-used Sendmail program tolerates
+lots of non-standard behavior, so a lot of software expects to get
+away with it.  Being strict to the RFC not only stops unwanted
+mail, it also blocks legitimate mail from poorly-written mail
+applications.
 
 <p>
 
@@ -398,10 +415,15 @@ but also blocks legitimate mail from poorly-written mail applications.
 
 <dt> Default:
 
+<dd><b>strict_rfc821_envelopes = no</b>
+
+<p>
+
 <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
-accepts any address form that it can make sense of, including forms
-that contain RFC 822-style comments, or addresses not enclosed in
-&lt;&gt;.
+accepts any address form that it can make sense of, including
+address forms that contain RFC 822-style comments, or addresses
+not enclosed in &lt;&gt;. There is a lot of broken or misconfigured
+software out there on the Internet.
 
 <p>
 
@@ -424,6 +446,10 @@ addresses this system accepts in MAIL FROM commands.
 
 <dt> Default:
 
+<dd><b>smtpd_sender_restrictions =</b>
+
+<p>
+
 <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
 accepts any sender address.
 
@@ -446,7 +472,8 @@ network address.
 
 <dt> Example:
 
-<dd> <b>smtpd_sender_restrictions = reject_unknown_sender_domain</b>
+<dd> <b>smtpd_sender_restrictions = hash:/etc/postfix/access,
+reject_unknown_sender_domain</b>
 
 <p>
 
@@ -535,23 +562,49 @@ recipient addresses this system accepts in RCPT TO commands.
 
 <dl>
 
-<dt>Default:
+<dt>Default: 
 
-<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
-relays mail from any client whose IP address matches <a
-href="basic.html#mynetworks">$mynetworks</a> or whose hostname
-matches <a href="#relay_domains">$relay_domains</a> or a subdomain
-thereof, and relays mail to any destination that matches <a
-href="#relay_domains"> $relay_domains</a> or a subdomain thereof.
+<dd><b>smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains</b>
 
 <p>
 
-In addition, the Postfix <a href="smtpd.8.html">SMTP server</a> by
-default accepts mail for which Postfix is the final destination:
-anything that matches <a href="basic.html#mydomain">$mydomain</a>,
-<a href="basic.html#mynetworks">$mynetworks</a> or <a
-href="virtual.5.html">$virtual_maps</a>, or anything that resolves
-to a mail delivery transport whose name is listed in $local_transports.
+<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
+relays mail:
+
+<p>
+
+<ul>
+
+<li>from clients whose IP address matches <a
+href="basic.html#mynetworks">$mynetworks</a>,
+
+<li>from clients whose hostname matches <a
+href="#relay_domains">$relay_domains</a> or a subdomain thereof,
+
+<li>to destinations that match <a href="#relay_domains">
+$relay_domains</a> or a subdomain thereof.
+
+</ul>
+
+<p>
+
+In addition to the above, the Postfix <a href="smtpd.8.html">SMTP
+server</a> by default accepts mail for which Postfix is the final
+destination:
+
+<p>
+
+<ul>
+
+<li>to destinations that match <a
+href="basic.html#inet_interfaces">$inet_interfaces</a>,
+
+<li>to destinations that match <a
+href="basic.html#mydestination">$mydestination</a>,
+
+<li>to destinations that match <a href="virtual.5.html">$virtual_maps</a>.
+
+</ul>
 
 <p>
 
@@ -580,21 +633,36 @@ reject_unauth_destination</b>
 
 <p>
 
+<dd><i>Note: you must specify at least one of the following
+restrictions: </i><b>reject</b>, <b>check_relay_domains</b> or
+<b>reject_unauth_destination</b>. <i>Postfix will refuse to
+receive mail otherwise. </i>
+
+<p>
+
 <dt> Restrictions:
 
 <dl>
 
 <a name="check_relay_domains">
 
-<dt> <b>check_relay_domains</b> <dd> Permit the request when the
-client hostname matches <a href="#relay_domains">$relay_domains</a>
-or a subdomain thereof, or when the resolved destination address
-matches <a href="#relay_domains">$relay_domains</a> or a subdomain
-thereof, or when Postfix is the final destination:  anything that
-matches <a href="basic.html#mydomain">$mydomain</a>, <a
-href="basic.html#mynetworks">$mynetworks</a> or <a
-href="virtual.5.html">$virtual_maps</a>, or anything that resolves
-to a mail delivery transport whose name is listed in $local_transports.
+<dt> <b>check_relay_domains</b> <dd> Permit the request when 
+
+<ul>
+
+<li>the client hostname matches <a href="#relay_domains">$relay_domains</a>
+or a subdomain thereof,
+
+<li>the resolved destination address matches <a
+href="#relay_domains">$relay_domains</a> or a subdomain thereof,
+
+<li>Postfix is the final destination:  any destination that matches
+<a href="basic.html#mydestination">$mydestination</a>, <a
+href="basic.html#inet_interfaces">$inet_interfaces</a> or <a
+href="virtual.5.html">$virtual_maps</a>.
+
+</ul>
+
 Otherwise reject the request.  The <b>relay_domains_reject_code</b>
 parameter specifies the response code for rejected requests (default:
 <b>554</b>).
@@ -604,27 +672,41 @@ parameter specifies the response code for rejected requests (default:
 <a name="permit_auth_destination">
 
 <dt> <b>permit_auth_destination</b> <dd> Ignore the client hostname.
-Permit the request when the resolved destination address matches
-<a href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
-or when Postfix is the final destination:  anything that matches
-<a href="basic.html#mydomain">$mydomain</a>, <a
-href="basic.html#mynetworks">$mynetworks</a> or <a
-href="virtual.5.html">$virtual_maps</a>, or anything that resolves
-to a mail delivery transport whose name is listed in $local_transports.
+Permit the request when:
+
+<ul>
+
+<li>the resolved destination address matches <a
+href="#relay_domains">$relay_domains</a> or a subdomain thereof,
+
+<li>Postfix is the final destination:  any destination that matches
+<a href="basic.html#mydestination">$mydestination</a>, <a
+href="basic.html#inet_interfaces">$inet_interfaces</a> or <a
+href="virtual.5.html">$virtual_maps</a>.
+
+</ul>
+
+Otherwise proceed with the next restriction. 
 
 <p>
 
 <a name="reject_unauth_destination">
 
 <dt> <b>reject_unauth_destination</b> <dd> Ignore the client
-hostname.  Reject the request when the resolved destination address
-does not match <a href="#relay_domains"> $relay_domains</a> or a
-subdomain thereof, and when Postfix is not the final destination.
-Postfix is final destination for anything that matches <a
-href="basic.html#mydomain">$mydomain</a>, <a
-href="basic.html#mynetworks">$mynetworks</a> or <a
-href="virtual.5.html">$virtual_maps</a>, or anything that resolves
-to a mail delivery transport whose name is listed in $local_transports.
+hostname.  Reject the request unless:
+
+<ul>
+
+<li>the resolved destination address matches <a
+href="#relay_domains">$relay_domains</a> or a subdomain thereof,
+
+<li>Postfix is the final destination:  any destination that matches
+<a href="basic.html#mydestination">$mydestination</a>, <a
+href="basic.html#inet_interfaces">$inet_interfaces</a> or <a
+href="virtual.5.html">$virtual_maps</a>.
+
+</ul>
+
 The <b>relay_domains_reject_code</b> parameter specifies the response
 code for rejected requests (default:  <b>554</b>).
 
@@ -736,13 +818,17 @@ useful results with the <a href="aliases.5.html">aliases</a> and
 <h2> ETRN command restrictions</h2>
 
 Not really an UCE restriction, the <b>smtpd_etrn_restrictions</b>
-parameter restricts what domains may be specified in ETRN commands,
-and what clients may issue ETRN commands.
+parameter restricts what domains can be specified in ETRN commands,
+and what clients can issue ETRN commands.
 
 <dl>
 
 <dt>Default:
 
+<dd><b>smtpd_etrn_restrictions =</b>
+
+<p>
+
 <dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
 accepts any ETRN command from any client.
 
@@ -765,7 +851,8 @@ address.
 
 <dt> Example:
 
-<dd> <b>smtpd_etrn_restrictions = permit_mynetworks, reject</b>
+<dd> <b>smtpd_etrn_restrictions = permit_mynetworks,
+hash:/etc/postfix/etrn_access, reject</b>
 
 <p>
 
@@ -926,7 +1013,27 @@ restriction list.
 <dt>Default:
 
 <dd><b>relay_domains = <a href="basic.html#mydestination">
-$mydestination</a>, <a href="rewrite.html#virtual">$virtual_maps</a>.</b>
+$mydestination</a></b>
+
+<p>
+
+<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
+relays mail:
+
+<p>
+
+<ul>
+
+<li>from clients whose IP address matches <a
+href="basic.html#mynetworks">$mynetworks</a>,
+
+<li>from clients whose hostname matches <a
+href="#relay_domains">$relay_domains</a> or a subdomain thereof,
+
+<li>to destinations that match <a href="#relay_domains">
+$relay_domains</a> or a subdomain thereof.
+
+</ul>
 
 <p>
 
diff --git a/postfix/local/Makefile.in b/postfix/local/Makefile.in
index e14912d66..e1c8d8b64 100644
--- a/postfix/local/Makefile.in
+++ b/postfix/local/Makefile.in
@@ -377,7 +377,6 @@ resolve.o: ../include/resolve_clnt.h
 resolve.o: ../include/rewrite_clnt.h
 resolve.o: ../include/tok822.h
 resolve.o: ../include/mail_params.h
-resolve.o: ../include/local_transport.h
 resolve.o: local.h
 resolve.o: ../include/been_here.h
 resolve.o: ../include/deliver_request.h
diff --git a/postfix/local/resolve.c b/postfix/local/resolve.c
index e8b93fc64..b18d14da6 100644
--- a/postfix/local/resolve.c
+++ b/postfix/local/resolve.c
@@ -62,7 +62,6 @@
 #include <rewrite_clnt.h>
 #include <tok822.h>
 #include <mail_params.h>
-#include <local_transport.h>
 
 /* Application-specific. */
 
@@ -139,7 +138,7 @@ int     deliver_resolve_tree(LOCAL_STATE state, USER_ATTR usr_attr, TOK822 *addr
      * ugly code to force local recursive alias expansions on a host with no
      * authority over the local domain, but that code was just too unclean.
      */
-    if (match_def_local_transport(STR(reply.transport))) {
+    if (strcmp(state.msg_attr.relay, STR(reply.transport)) == 0) {
 	status = deliver_recipient(state, usr_attr);
     } else {
 	status = deliver_indirect(state);
diff --git a/postfix/qmgr/Makefile.in b/postfix/qmgr/Makefile.in
index f2df8573d..144e089f9 100644
--- a/postfix/qmgr/Makefile.in
+++ b/postfix/qmgr/Makefile.in
@@ -185,7 +185,7 @@ qmgr_message.o: ../include/deliver_completed.h
 qmgr_message.o: ../include/mail_addr_find.h
 qmgr_message.o: ../include/maps.h
 qmgr_message.o: ../include/opened.h
-qmgr_message.o: ../include/local_transport.h
+qmgr_message.o: ../include/resolve_local.h
 qmgr_message.o: ../include/resolve_clnt.h
 qmgr_message.o: qmgr.h
 qmgr_message.o: ../include/scan_dir.h
diff --git a/postfix/qmgr/qmgr_message.c b/postfix/qmgr/qmgr_message.c
index e3bb63f28..526566e30 100644
--- a/postfix/qmgr/qmgr_message.c
+++ b/postfix/qmgr/qmgr_message.c
@@ -110,7 +110,7 @@
 #include <deliver_completed.h>
 #include <mail_addr_find.h>
 #include <opened.h>
-#include <local_transport.h>
+#include <resolve_local.h>
 
 /* Client stubs. */
 
@@ -526,7 +526,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	 * job requires knowledge of local aliases. Yuck! I don't want to
 	 * duplicate delivery-agent specific knowledge in the queue manager.
 	 */
-	if (match_def_local_transport(STR(reply.transport))) {
+	if ((at = strrchr(STR(reply.recipient), '@')) == 0
+	    || resolve_local(at + 1)) {
 	    vstring_strcpy(reply.nexthop, STR(reply.recipient));
 	    (void) split_at_right(STR(reply.nexthop), '@');
 #if 0
diff --git a/postfix/smtpd/Makefile.in b/postfix/smtpd/Makefile.in
index bfbc0e7a9..7203499fc 100644
--- a/postfix/smtpd/Makefile.in
+++ b/postfix/smtpd/Makefile.in
@@ -179,7 +179,6 @@ smtpd_check.o: ../include/own_inet_addr.h
 smtpd_check.o: ../include/mail_conf.h
 smtpd_check.o: ../include/maps.h
 smtpd_check.o: ../include/mail_addr_find.h
-smtpd_check.o: ../include/local_transport.h
 smtpd_check.o: smtpd.h
 smtpd_check.o: ../include/mail_stream.h
 smtpd_check.o: smtpd_check.h
diff --git a/postfix/smtpd/smtpd.c b/postfix/smtpd/smtpd.c
index 23c110a9a..818e080d9 100644
--- a/postfix/smtpd/smtpd.c
+++ b/postfix/smtpd/smtpd.c
@@ -689,14 +689,15 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "452 Error: too many recipients");
 	return (-1);
     }
-    if (SMTPD_STAND_ALONE(state) == 0
-	&& (err = smtpd_check_rcpt(state, argv[2].strval)) != 0) {
-	smtpd_chat_reply(state, "%s", err);
-	return (-1);
-    }
-    if ((err = smtpd_check_rcptmap(state, argv[2].strval)) != 0) {
-	smtpd_chat_reply(state, "%s", err);
-	return (-1);
+    if (SMTPD_STAND_ALONE(state) == 0) {
+	if ((err = smtpd_check_rcpt(state, argv[2].strval)) != 0) {
+	    smtpd_chat_reply(state, "%s", err);
+	    return (-1);
+	}
+	if ((err = smtpd_check_rcptmap(state, argv[2].strval)) != 0) {
+	    smtpd_chat_reply(state, "%s", err);
+	    return (-1);
+	}
     }
 
     /*
@@ -962,7 +963,8 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
     }
-    if ((err = smtpd_check_rcptmap(state, argv[1].strval)) != 0) {
+    if (SMTPD_STAND_ALONE(state) == 0
+	&& (err = smtpd_check_rcptmap(state, argv[1].strval)) != 0) {
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
     }
diff --git a/postfix/smtpd/smtpd_check.c b/postfix/smtpd/smtpd_check.c
index 4c14c2632..a19165d28 100644
--- a/postfix/smtpd/smtpd_check.c
+++ b/postfix/smtpd/smtpd_check.c
@@ -122,20 +122,20 @@
 /*	Allow the request when either the client hostname or the resolved
 /*	recipient domain matches the \fIrelay_domains\fR configuration
 /*	parameter or a subdomain therereof, or when the destination somehow
-/*	resolves locally (see $mydestination, $virtual_maps or
-/*	$local_transports).  Reject the request otherwise.
+/*	resolves locally ($inet_interfaces, $mydestination or $virtual_maps).
+/*	Reject the request otherwise.
 /*	The \fIrelay_domains_reject_code\fR configuration parameter specifies
 /*	the reject status code (default: 554).
 /* .IP permit_auth_destination
 /*	Permit the request when the resolved recipient domain matches the
 /*	\fIrelay_domains\fR configuration parameter or a subdomain therereof,
-/*	or when the destination somehow resolves locally (see $mydestination,
-/*	$virtual_maps or $local_transports).
+/*	or when the destination somehow resolves locally ($inet_interfaces,
+/*	$mydestination or $virtual_maps).
 /* .IP reject_unauth_destination
 /*	Reject the request when the resolved recipient domain does not match
 /*	the \fIrelay_domains\fR configuration parameter or a subdomain
 /*	therereof, and when the destination does not somehow resolve locally
-/*	(see $mydestination, $virtual_maps or $local_transports).
+/*	($inet_interfaces, $mydestination or $virtual_maps).
 /*	Same error code as check_relay_domains.
 /* .IP reject_unauth_pipelining
 /*	Reject the request when the client has already sent the next request
@@ -277,7 +277,6 @@
 #include <mail_conf.h>
 #include <maps.h>
 #include <mail_addr_find.h>
-#include <local_transport.h>
 
 /* Application-specific. */
 
@@ -305,7 +304,9 @@ static VSTRING *query;
 static VSTRING *error_text;
 
  /*
-  * Pre-opened SMTP recipient maps.
+  * Pre-opened SMTP recipient maps so we can reject mail for unknown users.
+  * XXX This does not belong here and will eventually become part of the
+  * trivial-rewrite resolver.
   */
 static MAPS *local_rcpt_maps;
 static MAPS *rcpt_canon_maps;
@@ -376,6 +377,24 @@ static ARGV *smtpd_check_parse(const char *checks)
     return (argv);
 }
 
+/* check_required - make sure minimally-required restriction is present */
+
+static void check_required(char *name, ARGV *restrictions, char **required)
+{
+    char  **rest;
+    char  **reqd;
+    VSTRING *example;
+
+    for (rest = restrictions->argv; *rest; rest++)
+	for (reqd = required; *reqd; reqd++)
+	    if (strcmp(*rest, *reqd) == 0)
+		return;
+    example = vstring_alloc(10);
+    for (reqd = required; *reqd; reqd++)
+	vstring_sprintf_append(example, "%s ", *reqd);
+    msg_fatal("%s requires at least one of %s", name, STR(example));
+}
+
 /* smtpd_check_init - initialize once during process lifetime */
 
 void    smtpd_check_init(void)
@@ -384,6 +403,12 @@ void    smtpd_check_init(void)
     const char *name;
     const char *value;
     char   *cp;
+    static char *rcpt_required[] = {
+	CHECK_RELAY_DOMAINS,
+	REJECT_UNAUTH_DEST,
+	REJECT_ALL,
+	0,
+    };
 
     /*
      * Pre-open access control lists before going to jail.
@@ -421,6 +446,12 @@ void    smtpd_check_init(void)
     rcpt_restrctions = smtpd_check_parse(var_rcpt_checks);
     etrn_restrctions = smtpd_check_parse(var_etrn_checks);
 
+    /*
+     * People screw up the relay restrictions too often. Require that they
+     * list at least one restriction that rejects mail by default.
+     */
+    check_required(VAR_RCPT_CHECKS, rcpt_restrctions, rcpt_required);
+
     /*
      * Parse the pre-defined restriction classes.
      */
@@ -441,7 +472,7 @@ void    smtpd_check_init(void)
      * as check_relay_domains in terms of more elementary restrictions.
      */
 #if 0
-    htable_enter("check_relay_domains",
+    htable_enter(smtpd_rest_classes, "check_relay_domains",
 	    smtpd_check_parse("permit_mydomain reject_unauth_destination"));
 #endif
 }
@@ -731,8 +762,7 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient,
      * mydestination or virtual_maps, or it resolves to any transport that
      * delivers locally.
      */
-    if (match_any_local_transport(STR(reply.transport))
-	|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
+    if ((domain = strrchr(STR(reply.recipient), '@')) == 0)
 	return (SMTPD_CHECK_OK);
     domain += 1;
     if (resolve_local(domain)
@@ -774,8 +804,7 @@ static int permit_auth_destination(char *recipient)
      * mydestination or virtual_maps, or it resolves to any transport that
      * delivers locally.
      */
-    if (match_any_local_transport(STR(reply.transport))
-	|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
+    if ((domain = strrchr(STR(reply.recipient), '@')) == 0)
 	return (SMTPD_CHECK_OK);
     domain += 1;
     if (resolve_local(domain)
@@ -815,8 +844,7 @@ static int reject_unauth_destination(SMTPD_STATE *state, char *recipient)
      * mydestination or virtual_maps, or it resolves to any transport that
      * delivers locally.
      */
-    if (match_any_local_transport(STR(reply.transport))
-	|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
+    if ((domain = strrchr(STR(reply.recipient), '@')) == 0)
 	return (SMTPD_CHECK_DUNNO);
     domain += 1;
     if (resolve_local(domain)
@@ -921,8 +949,7 @@ static int permit_mx_backup(SMTPD_STATE *unused_state, const char *recipient)
      * If the destination is local, it is acceptable, because we are
      * supposedly MX for our own address.
      */
-    if (match_any_local_transport(STR(reply.transport))
-	|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
+    if ((domain = strrchr(STR(reply.recipient), '@')) == 0)
 	return (SMTPD_CHECK_OK);
     domain += 1;
     if (resolve_local(domain)
@@ -1056,8 +1083,7 @@ static int reject_unknown_address(SMTPD_STATE *state, char *addr,
     /*
      * Skip local destinations and non-DNS forms.
      */
-    if (match_any_local_transport(STR(reply.transport))
-	|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
+    if ((domain = strrchr(STR(reply.recipient), '@')) == 0)
 	return (SMTPD_CHECK_DUNNO);
     domain += 1;
     if (resolve_local(domain)
@@ -1868,9 +1894,9 @@ char   *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
     char   *domain;
 
     /*
-     * XXX This module does a lot of unnecessary guessing. The SMTP server
-     * (and presumably, pickup daemon) should run the envelopes through a
-     * rewriting service that does all the canonical and virtual mapping.
+     * XXX This module does a lot of unnecessary guessing. This functionality
+     * will eventually become part of the trivial-rewrite resolver, including
+     * the canonical and virtual mapping.
      */
     if (msg_verbose)
 	msg_info("%s: %s", myname, recipient);
diff --git a/postfix/trivial-rewrite/Makefile.in b/postfix/trivial-rewrite/Makefile.in
index d6a724a4e..8dcbb0c6b 100644
--- a/postfix/trivial-rewrite/Makefile.in
+++ b/postfix/trivial-rewrite/Makefile.in
@@ -77,7 +77,6 @@ resolve.o: ../include/mail_conf.h
 resolve.o: ../include/quote_822_local.h
 resolve.o: ../include/tok822.h
 resolve.o: ../include/resolve_clnt.h
-resolve.o: ../include/local_transport.h
 resolve.o: trivial-rewrite.h
 resolve.o: transport.h
 rewrite.o: rewrite.c
diff --git a/postfix/trivial-rewrite/resolve.c b/postfix/trivial-rewrite/resolve.c
index db7df1942..cc32a0f5b 100644
--- a/postfix/trivial-rewrite/resolve.c
+++ b/postfix/trivial-rewrite/resolve.c
@@ -72,7 +72,6 @@
 #include <mail_conf.h>
 #include <quote_822_local.h>
 #include <tok822.h>
-#include <local_transport.h>
 
 /* Application-specific. */
 
@@ -181,8 +180,8 @@ void    resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
 
     /*
      * Non-local delivery, presumably. Set up the default remote transport
-     * specified with var_local_transports. Use the destination's mail
-     * exchanger unless a default mail relay is specified with var_relayhost.
+     * specified with var_def_transport. Use the destination's mail exchanger
+     * unless a default mail relay is specified with var_relayhost.
      */
     else if (domain != 0) {
 	vstring_strcpy(channel, var_def_transport);
@@ -197,7 +196,7 @@ void    resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
      * next-hop hostname (myself).
      */
     else {
-	vstring_strcpy(channel, get_def_local_transport());
+	vstring_strcpy(channel, var_local_transport);
 	vstring_strcpy(nexthop, var_myhostname);
     }
 
diff --git a/postfix/trivial-rewrite/trivial-rewrite.c b/postfix/trivial-rewrite/trivial-rewrite.c
index a6a870f59..bcba49154 100644
--- a/postfix/trivial-rewrite/trivial-rewrite.c
+++ b/postfix/trivial-rewrite/trivial-rewrite.c
@@ -152,6 +152,7 @@ bool    var_swap_bangpath;
 bool    var_append_dot_mydomain;
 bool    var_append_at_myorigin;
 bool    var_percent_hack;
+char   *var_local_transport;
 
 /* rewrite_service - read request and send reply */
 
@@ -210,6 +211,7 @@ int     main(int argc, char **argv)
     static CONFIG_STR_TABLE str_table[] = {
 	VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0,
 	VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0,
+	VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 0, 0,
 	0,
     };
     static CONFIG_BOOL_TABLE bool_table[] = {