From cee08cce6c470e0c82c65bb53a972518f47bbda7 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 17 Jan 2010 00:00:00 -0500
Subject: [PATCH] postfix-2.7-20100117

---
 postfix/HISTORY                    |  25 +++--
 postfix/README_FILES/FILTER_README |  38 ++++----
 postfix/RELEASE_NOTES              |  22 +++--
 postfix/conf/access                | 135 +++++++++++++-------------
 postfix/conf/header_checks         | 151 +++++++++++++++--------------
 postfix/html/FILTER_README.html    |  41 ++++----
 postfix/html/access.5.html         | 133 ++++++++++++-------------
 postfix/html/header_checks.5.html  | 149 ++++++++++++++--------------
 postfix/html/oqmgr.8.html          |  75 +++++++-------
 postfix/html/pickup.8.html         |   4 +-
 postfix/html/postconf.5.html       |  54 ++++++-----
 postfix/html/qmgr.8.html           |  85 ++++++++--------
 postfix/html/qmqpd.8.html          |   4 +-
 postfix/html/smtpd.8.html          |   4 +-
 postfix/man/man5/access.5          |  22 +++--
 postfix/man/man5/header_checks.5   |  22 +++--
 postfix/man/man5/postconf.5        |  40 ++++----
 postfix/man/man8/oqmgr.8           |   7 +-
 postfix/man/man8/pickup.8          |   4 +-
 postfix/man/man8/qmgr.8            |   7 +-
 postfix/man/man8/qmqpd.8           |   4 +-
 postfix/man/man8/smtpd.8           |   4 +-
 postfix/mantools/postlink          |   2 +-
 postfix/proto/FILTER_README.html   |  41 ++++----
 postfix/proto/access               |  22 +++--
 postfix/proto/header_checks        |  22 +++--
 postfix/proto/postconf.proto       |  38 ++++----
 postfix/src/global/mail_params.h   |   6 +-
 postfix/src/global/mail_version.h  |   2 +-
 postfix/src/oqmgr/qmgr.c           |  11 ++-
 postfix/src/oqmgr/qmgr_message.c   |   4 +-
 postfix/src/pickup/pickup.c        |   4 +-
 postfix/src/qmgr/qmgr.c            |  11 ++-
 postfix/src/qmgr/qmgr_message.c    |   4 +-
 postfix/src/qmqpd/qmqpd.c          |   4 +-
 postfix/src/smtpd/smtpd.c          |  12 +--
 36 files changed, 628 insertions(+), 585 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 983f1ca47..4c0e83677 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -15648,21 +15648,30 @@ Apologies for any names omitted.
 	Cleanup: don't supply the "-o stress" command-line option
 	with a single-process service. File: master/master_ent.c.
 
-20100116
+20100115
 
 	Bugfix: the valid_hostname() fuction did not set the
 	"non-numeric" flag after encountering the '-' character.
 	Reported by Jan Schampera.  File: util/valid_hostname.c.
 
-	Cleanup: when a content_filter parameter or FILTER command
-	specifies an empty next-hop destination, the queue manager
-	now uses the recipient domain instead of $myhostname. Specify
-	"legacy_filter_nexthop = yes" for backwards compatibility
-	with Postfix 2.6 and earlier, or specify a non-empty next-hop
-	destination.  Files: *qmgr/qmgr_message.c proto/access,
-	proto/header_checks, proto/postconf.proto, proto/FILTER_README.
+20100116
 
 	Documentation: the content_filter and FILTER features never
 	supported the special cases of transport_maps. References
 	to transport_maps syntax are now removed from content filter
 	discussions.  Files: proto/postconf.proto, proto/FILTER_README.
+
+	Workaround: as of Postfix 2.3 the VRFY command did not allow
+	a mailbox address inside <>, which broke expectations.  RFC
+	2821 (and 5321) is vague about the VRFY request format, but
+	spends lots of text on the reply format.  File: smtpd/smtpd.c.
+
+20010117
+
+	Cleanup: when a content_filter parameter or FILTER command
+	specifies an empty next-hop destination, the queue manager
+	now uses the recipient domain instead of $myhostname. Specify
+	"default_filter_nexthop = $myhostname" for compatibility
+	with Postfix 2.6 and earlier, or specify a non-empty next-hop
+	filter destination.  Files: *qmgr/qmgr_message.c proto/access,
+	proto/header_checks, proto/postconf.proto, proto/FILTER_README.
diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README
index 872741515..abee2a526 100644
--- a/postfix/README_FILES/FILTER_README
+++ b/postfix/README_FILES/FILTER_README
@@ -221,17 +221,18 @@ Once you're satisfied with the content filtering script:
 
     The content_filter configuration parameter expects a value of the form
     transport:destination. The transport name specifies the first field of a
-    mail delivery agent definition in master.cf; the syntax of destination is
-    described in the manual page of the corresponding delivery agent.
+    mail delivery agent definition in master.cf; the syntax of the next-hop
+    destination is described in the manual page of the corresponding delivery
+    agent.
 
-    The meaning of an empty filter destination is version dependent. Postfix
-    2.7 and later will use the recipient domain; earlier versions will use
-    $myhostname. Specify "legacy_filter_nexthop = yes" for compatibility with
-    Postfix 2.6 or earlier, or specify a non-empty filter destination.
+    The meaning of an empty next-hop filter destination is version dependent.
+    Postfix 2.7 and later will use the recipient domain; earlier versions will
+    use $myhostname. Specify "default_filter_nexthop = $myhostname" for
+    compatibility with Postfix 2.6 or earlier, or specify a non-empty next-hop
+    filter destination.
 
-    The content_filter setting has a lower precedence than a content filter
-    that is specified with an access(5) table or in a header_checks(5) or
-    body_checks(5) table.
+    The content_filter setting has lower precedence than a FILTER action that
+    is specified in an access(5), header_checks(5) or body_checks(5) table.
 
   * Execute "ppoossttffiixx rreellooaadd" to complete the change.
 
@@ -340,17 +341,18 @@ To enable the advanced content filter method for all mail, specify in main.cf:
 
   * The content_filter configuration parameter expects a value of the form
     transport:destination. The transport name specifies the first field of a
-    mail delivery agent definition in master.cf; the syntax of destination is
-    described in the manual page of the corresponding delivery agent.
+    mail delivery agent definition in master.cf; the syntax of the next-hop
+    destination is described in the manual page of the corresponding delivery
+    agent.
 
-  * The meaning of an empty filter destination is version dependent. Postfix
-    2.7 and later will use the recipient domain; earlier versions will use
-    $myhostname. Specify "legacy_filter_nexthop = yes" for compatibility with
-    Postfix 2.6 or earlier, or specify a non-empty filter destination.
+  * The meaning of an empty next-hop filter destination is version dependent.
+    Postfix 2.7 and later will use the recipient domain; earlier versions will
+    use $myhostname. Specify "default_filter_nexthop = $myhostname" for
+    compatibility with Postfix 2.6 or earlier, or specify a non-empty next-hop
+    filter destination.
 
-  * The content_filter setting has a lower precedence than a content filter
-    that is specified with an access(5) table or in a header_checks(5) or
-    body_checks(5) table.
+  * The content_filter setting has lower precedence than a FILTER action that
+    is specified in an access(5), header_checks(5) or body_checks(5) table.
 
 AAddvvaanncceedd ccoonntteenntt ffiilltteerr:: sseennddiinngg uunnffiilltteerreedd mmaaiill ttoo tthhee ccoonntteenntt ffiilltteerr
 
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 337050ac0..db765d560 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -14,23 +14,27 @@ specifies the release date of a stable release or snapshot release.
 If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6
 before proceeding.
 
-Incompatibility with snapshot 20100116
+Incompatibility with snapshot 20100117
 ======================================
 
 The meaning of an empty content filter next-hop destination has
 changed.  Postfix now uses the recipient domain, instead of using
 $myhostname as in Postfix 2.6 and earlier.  To get the old behavior
-use "legacy_filter_nexthop = yes", or specify a non-empty next-hop
-filter destination.
+use "default_filter_nexthop = $myhostname", or specify a non-empty
+next-hop content filter destination.
 
-Major changes with snapshot 20100116
+Major changes with snapshot 20100117
 ====================================
 
-The FILTER command can now be used to implement sender reputation
-schemes that dynamically choose the SMTP source IP address.  This
-is implemented by specifying a FILTER with an empty next-hop
-destination, and by configuring SMTP transports in master.cf with
-appropriate "-o myhostname" and "-o smtp_bind_address" settings.
+The FILTER action in access maps or header/body_checks now supports
+sender reputation schemes that dynamically choose the SMTP source
+IP address.
+
+This is implemented by specifying FILTER actions with empty next-hop
+destinations in access maps or header/body_checks, and by configuring
+in master.cf one Postfix SMTP client for each SMTP source IP address,
+where each client has its own "-o myhostname" and "-o smtp_bind_address"
+settings.
 
 Incompatibility with snapshot 20100101
 ======================================
diff --git a/postfix/conf/access b/postfix/conf/access
index e7691e5c8..e52790472 100644
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -282,10 +282,10 @@
 #               sage through the specified external content filter.
 #               The  transport  name specifies the first field of a
 #               mail delivery agent definition  in  master.cf;  the
-#               syntax  of  destination  is described in the manual
-#               page of the  corresponding  delivery  agent.   More
-#               information  about  external  content filters is in
-#               the Postfix FILTER_README file.
+#               syntax  of the next-hop destination is described in
+#               the  manual  page  of  the  corresponding  delivery
+#               agent.   More  information  about  external content
+#               filters is in the Postfix FILTER_README file.
 # 
 #               Note 1: do not use $number regular expression  sub-
 #               stitutions  for transport or destination unless you
@@ -298,135 +298,136 @@
 # 
 #               Note  3:  the  purpose  of the FILTER command is to
 #               override message routing.  To override the  recipi-
-#               ent's  transport  but  not  destination, specify an
-#               empty destination (Postfix 2.7 and later), or spec-
-#               ify a transport:destination that delivers through a
-#               different Postfix instance (Postfix  2.6  and  ear-
-#               lier). Other options are using the recipient-depen-
-#               dent transport_maps or the sender-dependent sender-
-#               _dependent_default_transport_maps features.
+#               ent's  transport  but not the next-hop destination,
+#               specify an empty filter  destination  (Postfix  2.7
+#               and later), or specify a transport:destination that
+#               delivers  through  a  different  Postfix   instance
+#               (Postfix  2.6 and earlier). Other options are using
+#               the recipient-dependent transport_maps or the  sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
 # 
 #               This feature is available in Postfix 2.0 and later.
 # 
 #        HOLD optional text...
-#               Place the message on the hold queue, where it  will
-#               sit  until someone either deletes it or releases it
-#               for delivery.  Log the optional text if  specified,
+#               Place  the message on the hold queue, where it will
+#               sit until someone either deletes it or releases  it
+#               for  delivery.  Log the optional text if specified,
 #               otherwise log a generic message.
 # 
-#               Mail  that  is  placed on hold can be examined with
-#               the postcat(1) command, and  can  be  destroyed  or
+#               Mail that is placed on hold can  be  examined  with
+#               the  postcat(1)  command,  and  can be destroyed or
 #               released with the postsuper(1) command.
 # 
-#               Note:  use  "postsuper -r" to release mail that was
-#               kept on hold for a significant fraction  of  $maxi-
+#               Note: use "postsuper -r" to release mail  that  was
+#               kept  on  hold for a significant fraction of $maxi-
 #               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
-#               longer. Use "postsuper -H" only for mail that  will
+#               longer.  Use "postsuper -H" only for mail that will
 #               not expire within a few delivery attempts.
 # 
-#               Note:  this action currently affects all recipients
+#               Note: this action currently affects all  recipients
 #               of the message.
 # 
 #               This feature is available in Postfix 2.0 and later.
 # 
 #        PREPEND headername: headervalue
-#               Prepend  the  specified  message header to the mes-
-#               sage.  When more than one PREPEND action  executes,
-#               the  first prepended header appears before the sec-
+#               Prepend the specified message header  to  the  mes-
+#               sage.   When more than one PREPEND action executes,
+#               the first prepended header appears before the  sec-
 #               ond etc. prepended header.
 # 
-#               Note: this action must execute before  the  message
-#               content  is received; it cannot execute in the con-
+#               Note:  this  action must execute before the message
+#               content is received; it cannot execute in the  con-
 #               text of smtpd_end_of_data_restrictions.
 # 
 #               This feature is available in Postfix 2.1 and later.
 # 
 #        REDIRECT user@domain
-#               After  the  message  is queued, send the message to
+#               After the message is queued, send  the  message  to
 #               the  specified  address  instead  of  the  intended
 #               recipient(s).
 # 
-#               Note:  this action overrides the FILTER action, and
+#               Note: this action overrides the FILTER action,  and
 #               currently affects all recipients of the message.
 # 
 #               This feature is available in Postfix 2.1 and later.
 # 
 #        WARN optional text...
 #               Log a warning with the optional text, together with
-#               client information and  if  available,  with  helo,
+#               client  information  and  if  available, with helo,
 #               sender, recipient and protocol information.
 # 
 #               This feature is available in Postfix 2.1 and later.
 # 
 # ENHANCED STATUS CODES
-#        Postfix version 2.3  and  later  support  enhanced  status
-#        codes  as  defined  in  RFC 3463.  When an enhanced status
-#        code is specified in an access table,  it  is  subject  to
-#        modification.  The  following  transformations  are needed
-#        when the same access  table  is  used  for  client,  helo,
-#        sender,  or  recipient  access  restrictions;  they happen
+#        Postfix  version  2.3  and  later  support enhanced status
+#        codes as defined in RFC 3463.   When  an  enhanced  status
+#        code  is  specified  in  an access table, it is subject to
+#        modification. The  following  transformations  are  needed
+#        when  the  same  access  table  is  used for client, helo,
+#        sender, or  recipient  access  restrictions;  they  happen
 #        regardless of whether Postfix replies to a MAIL FROM, RCPT
 #        TO or other SMTP command.
 # 
-#        o      When  a sender address matches a REJECT action, the
-#               Postfix SMTP server will transform a recipient  DSN
-#               status  (e.g.,  4.1.1-4.1.6) into the corresponding
+#        o      When a sender address matches a REJECT action,  the
+#               Postfix  SMTP server will transform a recipient DSN
+#               status (e.g., 4.1.1-4.1.6) into  the  corresponding
 #               sender DSN status, and vice versa.
 # 
-#        o      When  non-address  information  matches  a   REJECT
-#               action  (such  as  the HELO command argument or the
-#               client hostname/address), the Postfix  SMTP  server
-#               will  transform  a  sender  or recipient DSN status
-#               into  a  generic  non-address  DSN  status   (e.g.,
+#        o      When   non-address  information  matches  a  REJECT
+#               action (such as the HELO command  argument  or  the
+#               client  hostname/address),  the Postfix SMTP server
+#               will transform a sender  or  recipient  DSN  status
+#               into   a  generic  non-address  DSN  status  (e.g.,
 #               4.0.0).
 # 
 # REGULAR EXPRESSION TABLES
-#        This  section  describes how the table lookups change when
+#        This section describes how the table lookups  change  when
 #        the table is given in the form of regular expressions. For
-#        a  description  of regular expression lookup table syntax,
+#        a description of regular expression lookup  table  syntax,
 #        see regexp_table(5) or pcre_table(5).
 # 
-#        Each pattern is a regular expression that  is  applied  to
+#        Each  pattern  is  a regular expression that is applied to
 #        the entire string being looked up. Depending on the appli-
-#        cation, that string  is  an  entire  client  hostname,  an
+#        cation,  that  string  is  an  entire  client hostname, an
 #        entire client IP address, or an entire mail address. Thus,
 #        no  parent  domain  or  parent  network  search  is  done,
-#        user@domain  mail  addresses  are not broken up into their
+#        user@domain mail addresses are not broken  up  into  their
 #        user@ and domain constituent parts, nor is user+foo broken
 #        up into user and foo.
 # 
-#        Patterns  are applied in the order as specified in the ta-
-#        ble, until a pattern is  found  that  matches  the  search
+#        Patterns are applied in the order as specified in the  ta-
+#        ble,  until  a  pattern  is  found that matches the search
 #        string.
 # 
-#        Actions  are  the  same as with indexed file lookups, with
-#        the additional feature that parenthesized substrings  from
+#        Actions are the same as with indexed  file  lookups,  with
+#        the  additional feature that parenthesized substrings from
 #        the pattern can be interpolated as $1, $2 and so on.
 # 
 # TCP-BASED TABLES
-#        This  section  describes how the table lookups change when
+#        This section describes how the table lookups  change  when
 #        lookups are directed to a TCP-based server. For a descrip-
 #        tion of the TCP client/server lookup protocol, see tcp_ta-
 #        ble(5).  This feature is not available up to and including
 #        Postfix version 2.4.
 # 
-#        Each  lookup  operation uses the entire query string once.
-#        Depending on the application, that  string  is  an  entire
+#        Each lookup operation uses the entire query  string  once.
+#        Depending  on  the  application,  that string is an entire
 #        client hostname, an entire client IP address, or an entire
-#        mail address.  Thus, no parent domain  or  parent  network
-#        search  is done, user@domain mail addresses are not broken
-#        up into their user@ and domain constituent parts,  nor  is
+#        mail  address.   Thus,  no parent domain or parent network
+#        search is done, user@domain mail addresses are not  broken
+#        up  into  their user@ and domain constituent parts, nor is
 #        user+foo broken up into user and foo.
 # 
 #        Actions are the same as with indexed file lookups.
 # 
 # EXAMPLE
-#        The  following  example  uses an indexed file, so that the
-#        order of table entries does not matter. The  example  per-
-#        mits  access  by the client at address 1.2.3.4 but rejects
-#        all other clients in 1.2.3.0/24. Instead  of  hash  lookup
-#        tables,  some  systems use dbm.  Use the command "postconf
-#        -m" to find out what lookup  tables  Postfix  supports  on
+#        The following example uses an indexed file,  so  that  the
+#        order  of  table entries does not matter. The example per-
+#        mits access by the client at address 1.2.3.4  but  rejects
+#        all  other  clients  in 1.2.3.0/24. Instead of hash lookup
+#        tables, some systems use dbm.  Use the  command  "postconf
+#        -m"  to  find  out  what lookup tables Postfix supports on
 #        your system.
 # 
 #        /etc/postfix/main.cf:
@@ -437,11 +438,11 @@
 #            1.2.3   REJECT
 #            1.2.3.4 OK
 # 
-#        Execute  the  command  "postmap /etc/postfix/access" after
+#        Execute the command  "postmap  /etc/postfix/access"  after
 #        editing the file.
 # 
 # BUGS
-#        The table format does not understand quoting  conventions.
+#        The  table format does not understand quoting conventions.
 # 
 # SEE ALSO
 #        postmap(1), Postfix lookup table manager
@@ -450,13 +451,13 @@
 #        transport(5), transport:nexthop syntax
 # 
 # README FILES
-#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        Use "postconf readme_directory" or  "postconf  html_direc-
 #        tory" to locate this information.
 #        SMTPD_ACCESS_README, built-in SMTP server access control
 #        DATABASE_README, Postfix lookup table overview
 # 
 # LICENSE
-#        The Secure Mailer license must be  distributed  with  this
+#        The  Secure  Mailer  license must be distributed with this
 #        software.
 # 
 # AUTHOR(S)
diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks
index ba355ebc8..23d4972cc 100644
--- a/postfix/conf/header_checks
+++ b/postfix/conf/header_checks
@@ -170,11 +170,11 @@
 #               After the message is queued, send the  entire  mes-
 #               sage through the specified external content filter.
 #               The transport name specifies the first field  of  a
-#               mail  delivery agent definition master.cf; the syn-
-#               tax of destination is described in the manual  page
-#               of the corresponding delivery agent.  More informa-
-#               tion about external content filters is in the Post-
-#               fix FILTER_README file.
+#               mail  delivery  agent  definition in master.cf; the
+#               syntax of the next-hop destination is described  in
+#               the  manual  page  of  the  corresponding  delivery
+#               agent.  More  information  about  external  content
+#               filters is in the Postfix FILTER_README file.
 # 
 #               Note  1: do not use $number regular expression sub-
 #               stitutions for transport or destination unless  you
@@ -187,34 +187,35 @@
 # 
 #               Note 3: the purpose of the  FILTER  command  is  to
 #               override  message routing.  To override the recipi-
-#               ent's transport but  not  destination,  specify  an
-#               empty destination (Postfix 2.7 and later), or spec-
-#               ify a transport:destination that delivers through a
-#               different  Postfix  instance  (Postfix 2.6 and ear-
-#               lier). Other options are using the recipient-depen-
-#               dent transport_maps or the sender-dependent sender-
-#               _dependent_default_transport_maps features.
+#               ent's transport but not the  next-hop  destination,
+#               specify  an  empty  filter destination (Postfix 2.7
+#               and later), or specify a transport:destination that
+#               delivers   through  a  different  Postfix  instance
+#               (Postfix 2.6 and earlier). Other options are  using
+#               the  recipient-dependent transport_maps or the sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
 # 
 #               This feature is available in Postfix 2.0 and later.
 # 
 #        HOLD optional text...
-#               Arrange  for  the  message to be placed on the hold
-#               queue, and inspect the next input line.   The  mes-
-#               sage  remains  on hold until someone either deletes
-#               it or releases it for delivery.  Log  the  optional
+#               Arrange for the message to be placed  on  the  hold
+#               queue,  and  inspect the next input line.  The mes-
+#               sage remains on hold until someone  either  deletes
+#               it  or  releases it for delivery.  Log the optional
 #               text if specified, otherwise log a generic message.
 # 
-#               Mail that is placed on hold can  be  examined  with
-#               the  postcat(1)  command,  and  can be destroyed or
+#               Mail  that  is  placed on hold can be examined with
+#               the postcat(1) command, and  can  be  destroyed  or
 #               released with the postsuper(1) command.
 # 
-#               Note: use "postsuper -r" to release mail  that  was
-#               kept  on  hold for a significant fraction of $maxi-
+#               Note:  use  "postsuper -r" to release mail that was
+#               kept on hold for a significant fraction  of  $maxi-
 #               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
-#               longer.  Use "postsuper -H" only for mail that will
+#               longer. Use "postsuper -H" only for mail that  will
 #               not expire within a few delivery attempts.
 # 
-#               Note: this action affects  all  recipients  of  the
+#               Note:  this  action  affects  all recipients of the
 #               message.
 # 
 #               This feature is available in Postfix 2.0 and later.
@@ -223,23 +224,23 @@
 #               the next input line.
 # 
 #        PREPEND text...
-#               Prepend  one  line  with  the  specified  text, and
+#               Prepend one  line  with  the  specified  text,  and
 #               inspect the next input line.
 # 
 #               Notes:
 # 
-#               o      The prepended text is output on  a  separate
+#               o      The  prepended  text is output on a separate
 #                      line,  immediately  before  the  input  that
 #                      triggered the PREPEND action.
 # 
 #               o      The prepended text is not considered part of
-#                      the  input  stream:  it  is  not  subject to
+#                      the input  stream:  it  is  not  subject  to
 #                      header/body checks or address rewriting, and
 #                      it does not affect the way that Postfix adds
 #                      missing message headers.
 # 
 #               o      When prepending text before a message header
-#                      line,  the  prepended text must begin with a
+#                      line, the prepended text must begin  with  a
 #                      valid message header label.
 # 
 #               o      This action cannot be used to prepend multi-
@@ -248,46 +249,46 @@
 #               This feature is available in Postfix 2.1 and later.
 # 
 #        REDIRECT user@domain
-#               Write a message redirection request  to  the  queue
-#               file,  and  inspect  the next input line. After the
+#               Write  a  message  redirection request to the queue
+#               file, and inspect the next input  line.  After  the
 #               message is queued, it will be sent to the specified
 #               address instead of the intended recipient(s).
 # 
-#               Note:  this action overrides the FILTER action, and
-#               affects all recipients of the message. If  multiple
-#               REDIRECT  actions  fire,  only the last one is exe-
+#               Note: this action overrides the FILTER action,  and
+#               affects  all recipients of the message. If multiple
+#               REDIRECT actions fire, only the last  one  is  exe-
 #               cuted.
 # 
 #               This feature is available in Postfix 2.1 and later.
 # 
 #        REPLACE text...
-#               Replace  the  current line with the specified text,
+#               Replace the current line with the  specified  text,
 #               and inspect the next input line.
 # 
 #               This feature is available in Postfix 2.2 and later.
-#               The  description below applies to Postfix 2.2.2 and
+#               The description below applies to Postfix 2.2.2  and
 #               later.
 # 
 #               Notes:
 # 
-#               o      When replacing a message  header  line,  the
-#                      replacement  text  must  begin  with a valid
+#               o      When  replacing  a  message header line, the
+#                      replacement text must  begin  with  a  valid
 #                      header label.
 # 
-#               o      The replaced text remains part of the  input
-#                      stream.  Unlike  the result from the PREPEND
-#                      action, a replaced  message  header  may  be
-#                      subject  to address rewriting and may affect
-#                      the way that Postfix  adds  missing  message
+#               o      The  replaced text remains part of the input
+#                      stream. Unlike the result from  the  PREPEND
+#                      action,  a  replaced  message  header may be
+#                      subject to address rewriting and may  affect
+#                      the  way  that  Postfix adds missing message
 #                      headers.
 # 
 #        REJECT optional text...
-#               Reject  the  entire  message.  Reply  with optional
+#               Reject the  entire  message.  Reply  with  optional
 #               text... when the optional text is specified, other-
 #               wise reply with a generic error message.
 # 
-#               Note:   this  action  disables  further  header  or
-#               body_checks inspection of the current  message  and
+#               Note:  this  action  disables  further  header   or
+#               body_checks  inspection  of the current message and
 #               affects all recipients.
 # 
 #               Postfix version 2.3 and later support enhanced sta-
@@ -296,37 +297,37 @@
 #               enhanced status code of "5.7.1".
 # 
 #        WARN optional text...
-#               Log a warning with the optional text... (or  log  a
-#               generic  message), and inspect the next input line.
+#               Log  a  warning with the optional text... (or log a
+#               generic message), and inspect the next input  line.
 #               This action is useful for debugging and for testing
 #               a pattern before applying more drastic actions.
 # 
 # BUGS
 #        Empty lines never match, because some map types mis-behave
-#        when given a zero-length search string.   This  limitation
-#        may  be  removed for regular expression tables in a future
+#        when  given  a zero-length search string.  This limitation
+#        may be removed for regular expression tables in  a  future
 #        release.
 # 
-#        Many people overlook the main limitations  of  header  and
+#        Many  people  overlook  the main limitations of header and
 #        body_checks rules.
 # 
-#        o      These  rules  operate on one logical message header
+#        o      These rules operate on one logical  message  header
 #               or one body line at a time. A decision made for one
 #               line is not carried over to the next line.
 # 
-#        o      If  text  in the message body is encoded (RFC 2045)
+#        o      If text in the message body is encoded  (RFC  2045)
 #               then the rules need to be specified for the encoded
 #               form.
 # 
-#        o      Likewise,  when  message  headers  are encoded (RFC
-#               2047) then the rules need to be specified  for  the
+#        o      Likewise, when message  headers  are  encoded  (RFC
+#               2047)  then  the rules need to be specified for the
 #               encoded form.
 # 
-#        Message  headers added by the cleanup(8) daemon itself are
+#        Message headers added by the cleanup(8) daemon itself  are
 #        excluded from inspection. Examples of such message headers
 #        are From:, To:, Message-ID:, Date:.
 # 
-#        Message  headers  deleted by the cleanup(8) daemon will be
+#        Message headers deleted by the cleanup(8) daemon  will  be
 #        examined before they are deleted. Examples are: Bcc:, Con-
 #        tent-Length:, Return-Path:.
 # 
@@ -334,11 +335,11 @@
 #        body_checks
 #               Lookup tables with content filter rules for message
 #               body lines.  These filters see one physical line at
-#               a  time,  in  chunks  of at most $line_length_limit
+#               a time, in chunks  of  at  most  $line_length_limit
 #               bytes.
 # 
 #        body_checks_size_limit
-#               The amount of  content  per  message  body  segment
+#               The  amount  of  content  per  message body segment
 #               (attachment) that is subjected to $body_checks fil-
 #               tering.
 # 
@@ -348,35 +349,35 @@
 # 
 #        nested_header_checks (default: $header_checks)
 #               Lookup tables with content filter rules for message
-#               header  lines:  respectively,  these are applied to
-#               the initial message  headers  (not  including  MIME
-#               headers),  to the MIME headers anywhere in the mes-
-#               sage, and to the initial headers of  attached  mes-
+#               header lines: respectively, these  are  applied  to
+#               the  initial  message  headers  (not including MIME
+#               headers), to the MIME headers anywhere in the  mes-
+#               sage,  and  to the initial headers of attached mes-
 #               sages.
 # 
-#               Note:  these filters see one logical message header
-#               at a time, even when a message header spans  multi-
-#               ple  lines.  Message  headers  that are longer than
+#               Note: these filters see one logical message  header
+#               at  a time, even when a message header spans multi-
+#               ple lines. Message headers  that  are  longer  than
 #               $header_size_limit characters are truncated.
 # 
 #        disable_mime_input_processing
-#               While receiving mail, give no special treatment  to
-#               MIME  related  message  headers; all text after the
+#               While  receiving mail, give no special treatment to
+#               MIME related message headers; all  text  after  the
 #               initial message headers is considered to be part of
-#               the  message body. This means that header_checks is
-#               applied to all the  initial  message  headers,  and
+#               the message body. This means that header_checks  is
+#               applied  to  all  the  initial message headers, and
 #               that body_checks is applied to the remainder of the
 #               message.
 # 
-#               Note: when used in this  manner,  body_checks  will
-#               process  a  multi-line message header one line at a
+#               Note:  when  used  in this manner, body_checks will
+#               process a multi-line message header one line  at  a
 #               time.
 # 
 # EXAMPLES
-#        Header pattern to block attachments  with  bad  file  name
-#        extensions.   For  convenience, the PCRE /x flag is speci-
-#        fied, so that there is no need  to  collapse  the  pattern
-#        into   a   single  line  of  text.   The  purpose  of  the
+#        Header  pattern  to  block  attachments with bad file name
+#        extensions.  For convenience, the PCRE /x flag  is  speci-
+#        fied,  so  that  there  is no need to collapse the pattern
+#        into  a  single  line  of  text.   The  purpose   of   the
 #        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
 #        strings.
 # 
@@ -415,7 +416,7 @@
 #        RFC 2047, message header encoding for non-ASCII text
 # 
 # README FILES
-#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        Use  "postconf  readme_directory" or "postconf html_direc-
 #        tory" to locate this information.
 #        DATABASE_README, Postfix lookup table overview
 #        CONTENT_INSPECTION_README, Postfix content inspection overview
@@ -423,7 +424,7 @@
 #        BACKSCATTER_README, blocking returned forged mail
 # 
 # LICENSE
-#        The  Secure  Mailer  license must be distributed with this
+#        The Secure Mailer license must be  distributed  with  this
 #        software.
 # 
 # AUTHOR(S)
diff --git a/postfix/html/FILTER_README.html b/postfix/html/FILTER_README.html
index 5052c65ab..85ca1f888 100644
--- a/postfix/html/FILTER_README.html
+++ b/postfix/html/FILTER_README.html
@@ -399,18 +399,19 @@ and causes mail to be given to the content filter instead. </p>
 <p> The <a href="postconf.5.html#content_filter">content_filter</a> configuration parameter expects a value of
 the form <i>transport:destination</i>. The <i>transport</i> name
 specifies the first field of a mail delivery agent definition in
-<a href="master.5.html">master.cf</a>; the syntax of <i>destination</i> is described in the
-manual page of the corresponding delivery agent. </p>
+<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. </p>
 
-<p> The meaning of an empty filter <i>destination</i> is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>.  Specify "<a href="postconf.5.html#legacy_filter_nexthop">legacy_filter_nexthop</a>
-= yes" for compatibility with Postfix 2.6 or earlier, or specify a
-non-empty filter destination.  </p>
+<p> The meaning of an empty next-hop filter <i>destination</i> is
+version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>.  Specify
+"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
+2.6 or earlier, or specify a non-empty next-hop filter <i>destination</i>.
+</p>
 
-<p> The <a href="postconf.5.html#content_filter">content_filter</a> setting has a lower precedence than a content
-filter that is specified with an <a href="access.5.html">access(5)</a> table or in a <a href="header_checks.5.html">header_checks(5)</a>
-or <a href="header_checks.5.html">body_checks(5)</a> table. </p>
+<p> The <a href="postconf.5.html#content_filter">content_filter</a> setting has lower precedence than a FILTER
+action that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or
+<a href="header_checks.5.html">body_checks(5)</a> table. </p>
 
 <li> <p> Execute "<b>postfix reload</b>" to complete the change.
 </p>
@@ -625,18 +626,18 @@ of its final destination. </p>
 <li> <p> The <a href="postconf.5.html#content_filter">content_filter</a> configuration parameter expects a value
 of the form <i>transport:destination</i>. The <i>transport</i> name
 specifies the first field of a mail delivery agent definition in
-<a href="master.5.html">master.cf</a>; the syntax of <i>destination</i> is described in the
-manual page of the corresponding delivery agent. </p>
+<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. </p>
 
-<li> <p> The meaning of an empty filter <i>destination</i> is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>.  Specify "<a href="postconf.5.html#legacy_filter_nexthop">legacy_filter_nexthop</a>
-= yes" for compatibility with Postfix 2.6 or earlier, or specify a
-non-empty filter destination.  </p>
+<li> <p> The meaning of an empty next-hop filter <i>destination</i>
+is version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>.  Specify
+"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
+2.6 or earlier, or specify a non-empty next-hop filter <i>destination</i>.
 
-<li> <p> The <a href="postconf.5.html#content_filter">content_filter</a> setting has a lower precedence than a
-content filter that is specified with an <a href="access.5.html">access(5)</a> table or in a
-<a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a> table. </p>
+<li> <p> The <a href="postconf.5.html#content_filter">content_filter</a> setting has lower precedence than a
+FILTER action that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a>
+or <a href="header_checks.5.html">body_checks(5)</a> table. </p>
 
 </ul>
 
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html
index c2c6ca745..c284f86a4 100644
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -288,10 +288,10 @@ ACCESS(5)                                                            ACCESS(5)
               sage through the specified external content filter.
               The  <i>transport</i>  name specifies the first field of a
               mail delivery agent definition  in  <a href="master.5.html">master.cf</a>;  the
-              syntax  of  <i>destination</i>  is described in the manual
-              page of the  corresponding  delivery  agent.   More
-              information  about  external  content filters is in
-              the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
+              syntax  of the next-hop <i>destination</i> is described in
+              the  manual  page  of  the  corresponding  delivery
+              agent.   More  information  about  external content
+              filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
 
               Note 1: do not use $<i>number</i> regular expression  sub-
               stitutions  for <i>transport</i> or <i>destination</i> unless you
@@ -304,135 +304,136 @@ ACCESS(5)                                                            ACCESS(5)
 
               Note  3:  the  purpose  of the FILTER command is to
               override message routing.  To override the  recipi-
-              ent's  <i>transport</i>  but  not  <i>destination</i>, specify an
-              empty <i>destination</i> (Postfix 2.7 and later), or spec-
-              ify a <i>transport:destination</i> that delivers through a
-              different Postfix instance (Postfix  2.6  and  ear-
-              lier). Other options are using the recipient-depen-
-              dent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender</a>-</b>
-              <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_dependent_default_transport_maps</a></b> features.
+              ent's  <i>transport</i>  but not the next-hop <i>destination</i>,
+              specify an empty filter  <i>destination</i>  (Postfix  2.7
+              and later), or specify a <i>transport:destination</i> that
+              delivers  through  a  different  Postfix   instance
+              (Postfix  2.6 and earlier). Other options are using
+              the recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the  sen-
+              der-dependent   <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport</a>-</b>
+              <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_maps</a></b> features.
 
               This feature is available in Postfix 2.0 and later.
 
        <b>HOLD</b> <i>optional text...</i>
-              Place the message on the <b>hold</b> queue, where it  will
-              sit  until someone either deletes it or releases it
-              for delivery.  Log the optional text if  specified,
+              Place  the message on the <b>hold</b> queue, where it will
+              sit until someone either deletes it or releases  it
+              for  delivery.  Log the optional text if specified,
               otherwise log a generic message.
 
-              Mail  that  is  placed on hold can be examined with
-              the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and  can  be  destroyed  or
+              Mail that is placed on hold can  be  examined  with
+              the  <a href="postcat.1.html"><b>postcat</b>(1)</a>  command,  and  can be destroyed or
               released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
 
-              Note:  use  "<b>postsuper -r</b>" to release mail that was
-              kept on hold for a significant fraction  of  <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+              Note: use "<b>postsuper -r</b>" to release mail  that  was
+              kept  on  hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
               <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b>  or  <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>,  or
-              longer. Use "<b>postsuper -H</b>" only for mail that  will
+              longer.  Use "<b>postsuper -H</b>" only for mail that will
               not expire within a few delivery attempts.
 
-              Note:  this action currently affects all recipients
+              Note: this action currently affects all  recipients
               of the message.
 
               This feature is available in Postfix 2.0 and later.
 
        <b>PREPEND</b> <i>headername: headervalue</i>
-              Prepend  the  specified  message header to the mes-
-              sage.  When more than one PREPEND action  executes,
-              the  first prepended header appears before the sec-
+              Prepend the specified message header  to  the  mes-
+              sage.   When more than one PREPEND action executes,
+              the first prepended header appears before the  sec-
               ond etc. prepended header.
 
-              Note: this action must execute before  the  message
-              content  is received; it cannot execute in the con-
+              Note:  this  action must execute before the message
+              content is received; it cannot execute in the  con-
               text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
 
               This feature is available in Postfix 2.1 and later.
 
        <b>REDIRECT</b> <i>user@domain</i>
-              After  the  message  is queued, send the message to
+              After the message is queued, send  the  message  to
               the  specified  address  instead  of  the  intended
               recipient(s).
 
-              Note:  this action overrides the FILTER action, and
+              Note: this action overrides the FILTER action,  and
               currently affects all recipients of the message.
 
               This feature is available in Postfix 2.1 and later.
 
        <b>WARN</b> <i>optional text...</i>
               Log a warning with the optional text, together with
-              client information and  if  available,  with  helo,
+              client  information  and  if  available, with helo,
               sender, recipient and protocol information.
 
               This feature is available in Postfix 2.1 and later.
 
 <b>ENHANCED STATUS CODES</b>
-       Postfix version 2.3  and  later  support  enhanced  status
-       codes  as  defined  in  <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>.  When an enhanced status
-       code is specified in an access table,  it  is  subject  to
-       modification.  The  following  transformations  are needed
-       when the same access  table  is  used  for  client,  helo,
-       sender,  or  recipient  access  restrictions;  they happen
+       Postfix  version  2.3  and  later  support enhanced status
+       codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>.   When  an  enhanced  status
+       code  is  specified  in  an access table, it is subject to
+       modification. The  following  transformations  are  needed
+       when  the  same  access  table  is  used for client, helo,
+       sender, or  recipient  access  restrictions;  they  happen
        regardless of whether Postfix replies to a MAIL FROM, RCPT
        TO or other SMTP command.
 
-       <b>o</b>      When  a sender address matches a REJECT action, the
-              Postfix SMTP server will transform a recipient  DSN
-              status  (e.g.,  4.1.1-4.1.6) into the corresponding
+       <b>o</b>      When a sender address matches a REJECT action,  the
+              Postfix  SMTP server will transform a recipient DSN
+              status (e.g., 4.1.1-4.1.6) into  the  corresponding
               sender DSN status, and vice versa.
 
-       <b>o</b>      When  non-address  information  matches  a   REJECT
-              action  (such  as  the HELO command argument or the
-              client hostname/address), the Postfix  SMTP  server
-              will  transform  a  sender  or recipient DSN status
-              into  a  generic  non-address  DSN  status   (e.g.,
+       <b>o</b>      When   non-address  information  matches  a  REJECT
+              action (such as the HELO command  argument  or  the
+              client  hostname/address),  the Postfix SMTP server
+              will transform a sender  or  recipient  DSN  status
+              into   a  generic  non-address  DSN  status  (e.g.,
               4.0.0).
 
 <b>REGULAR EXPRESSION TABLES</b>
-       This  section  describes how the table lookups change when
+       This section describes how the table lookups  change  when
        the table is given in the form of regular expressions. For
-       a  description  of regular expression lookup table syntax,
+       a description of regular expression lookup  table  syntax,
        see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
 
-       Each pattern is a regular expression that  is  applied  to
+       Each  pattern  is  a regular expression that is applied to
        the entire string being looked up. Depending on the appli-
-       cation, that string  is  an  entire  client  hostname,  an
+       cation,  that  string  is  an  entire  client hostname, an
        entire client IP address, or an entire mail address. Thus,
        no  parent  domain  or  parent  network  search  is  done,
-       <i>user@domain</i>  mail  addresses  are not broken up into their
+       <i>user@domain</i> mail addresses are not broken  up  into  their
        <i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
        up into <i>user</i> and <i>foo</i>.
 
-       Patterns  are applied in the order as specified in the ta-
-       ble, until a pattern is  found  that  matches  the  search
+       Patterns are applied in the order as specified in the  ta-
+       ble,  until  a  pattern  is  found that matches the search
        string.
 
-       Actions  are  the  same as with indexed file lookups, with
-       the additional feature that parenthesized substrings  from
+       Actions are the same as with indexed  file  lookups,  with
+       the  additional feature that parenthesized substrings from
        the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
 
 <b>TCP-BASED TABLES</b>
-       This  section  describes how the table lookups change when
+       This section describes how the table lookups  change  when
        lookups are directed to a TCP-based server. For a descrip-
        tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
        <a href="tcp_table.5.html"><b>ble</b>(5)</a>.  This feature is not available up to and including
        Postfix version 2.4.
 
-       Each  lookup  operation uses the entire query string once.
-       Depending on the application, that  string  is  an  entire
+       Each lookup operation uses the entire query  string  once.
+       Depending  on  the  application,  that string is an entire
        client hostname, an entire client IP address, or an entire
-       mail address.  Thus, no parent domain  or  parent  network
-       search  is done, <i>user@domain</i> mail addresses are not broken
-       up into their <i>user@</i> and <i>domain</i> constituent parts,  nor  is
+       mail  address.   Thus,  no parent domain or parent network
+       search is done, <i>user@domain</i> mail addresses are not  broken
+       up  into  their <i>user@</i> and <i>domain</i> constituent parts, nor is
        <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
 
        Actions are the same as with indexed file lookups.
 
 <b>EXAMPLE</b>
-       The  following  example  uses an indexed file, so that the
-       order of table entries does not matter. The  example  per-
-       mits  access  by the client at address 1.2.3.4 but rejects
-       all other clients in 1.2.3.0/24. Instead  of  <b>hash</b>  lookup
-       tables,  some  systems use <b>dbm</b>.  Use the command "<b>postconf</b>
-       <b>-m</b>" to find out what lookup  tables  Postfix  supports  on
+       The following example uses an indexed file,  so  that  the
+       order  of  table entries does not matter. The example per-
+       mits access by the client at address 1.2.3.4  but  rejects
+       all  other  clients  in 1.2.3.0/24. Instead of <b>hash</b> lookup
+       tables, some systems use <b>dbm</b>.  Use the  command  "<b>postconf</b>
+       <b>-m</b>"  to  find  out  what lookup tables Postfix supports on
        your system.
 
        /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@@ -443,11 +444,11 @@ ACCESS(5)                                                            ACCESS(5)
            1.2.3   REJECT
            1.2.3.4 OK
 
-       Execute  the  command  "<b>postmap /etc/postfix/access</b>" after
+       Execute the command  "<b>postmap  /etc/postfix/access</b>"  after
        editing the file.
 
 <b>BUGS</b>
-       The table format does not understand quoting  conventions.
+       The  table format does not understand quoting conventions.
 
 <b>SEE ALSO</b>
        <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
@@ -460,7 +461,7 @@ ACCESS(5)                                                            ACCESS(5)
        <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index 542ec2937..1a406ba40 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -176,11 +176,11 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               After the message is queued, send the  entire  mes-
               sage through the specified external content filter.
               The <i>transport</i> name specifies the first field  of  a
-              mail  delivery agent definition <a href="master.5.html">master.cf</a>; the syn-
-              tax of <i>destination</i> is described in the manual  page
-              of the corresponding delivery agent.  More informa-
-              tion about external content filters is in the Post-
-              fix <a href="FILTER_README.html">FILTER_README</a> file.
+              mail  delivery  agent  definition in <a href="master.5.html">master.cf</a>; the
+              syntax of the next-hop <i>destination</i> is described  in
+              the  manual  page  of  the  corresponding  delivery
+              agent.  More  information  about  external  content
+              filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
 
               Note  1: do not use $<i>number</i> regular expression sub-
               stitutions for <i>transport</i> or <i>destination</i> unless  you
@@ -193,34 +193,35 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
               Note 3: the purpose of the  FILTER  command  is  to
               override  message routing.  To override the recipi-
-              ent's <i>transport</i> but  not  <i>destination</i>,  specify  an
-              empty <i>destination</i> (Postfix 2.7 and later), or spec-
-              ify a <i>transport:destination</i> that delivers through a
-              different  Postfix  instance  (Postfix 2.6 and ear-
-              lier). Other options are using the recipient-depen-
-              dent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender</a>-</b>
-              <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_dependent_default_transport_maps</a></b> features.
+              ent's <i>transport</i> but not the  next-hop  <i>destination</i>,
+              specify  an  empty  filter <i>destination</i> (Postfix 2.7
+              and later), or specify a <i>transport:destination</i> that
+              delivers   through  a  different  Postfix  instance
+              (Postfix 2.6 and earlier). Other options are  using
+              the  recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sen-
+              der-dependent   <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport</a>-</b>
+              <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_maps</a></b> features.
 
               This feature is available in Postfix 2.0 and later.
 
        <b>HOLD</b> <i>optional text...</i>
-              Arrange  for  the  message to be placed on the <b>hold</b>
-              queue, and inspect the next input line.   The  mes-
-              sage  remains  on <b>hold</b> until someone either deletes
-              it or releases it for delivery.  Log  the  optional
+              Arrange for the message to be placed  on  the  <b>hold</b>
+              queue,  and  inspect the next input line.  The mes-
+              sage remains on <b>hold</b> until someone  either  deletes
+              it  or  releases it for delivery.  Log the optional
               text if specified, otherwise log a generic message.
 
-              Mail that is placed on hold can  be  examined  with
-              the  <a href="postcat.1.html"><b>postcat</b>(1)</a>  command,  and  can be destroyed or
+              Mail  that  is  placed on hold can be examined with
+              the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and  can  be  destroyed  or
               released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
 
-              Note: use "<b>postsuper -r</b>" to release mail  that  was
-              kept  on  hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+              Note:  use  "<b>postsuper -r</b>" to release mail that was
+              kept on hold for a significant fraction  of  <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
               <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b>  or  <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>,  or
-              longer.  Use "<b>postsuper -H</b>" only for mail that will
+              longer. Use "<b>postsuper -H</b>" only for mail that  will
               not expire within a few delivery attempts.
 
-              Note: this action affects  all  recipients  of  the
+              Note:  this  action  affects  all recipients of the
               message.
 
               This feature is available in Postfix 2.0 and later.
@@ -229,23 +230,23 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               the next input line.
 
        <b>PREPEND</b> <i>text...</i>
-              Prepend  one  line  with  the  specified  text, and
+              Prepend one  line  with  the  specified  text,  and
               inspect the next input line.
 
               Notes:
 
-              <b>o</b>      The prepended text is output on  a  separate
+              <b>o</b>      The  prepended  text is output on a separate
                      line,  immediately  before  the  input  that
                      triggered the <b>PREPEND</b> action.
 
               <b>o</b>      The prepended text is not considered part of
-                     the  input  stream:  it  is  not  subject to
+                     the input  stream:  it  is  not  subject  to
                      header/body checks or address rewriting, and
                      it does not affect the way that Postfix adds
                      missing message headers.
 
               <b>o</b>      When prepending text before a message header
-                     line,  the  prepended text must begin with a
+                     line, the prepended text must begin  with  a
                      valid message header label.
 
               <b>o</b>      This action cannot be used to prepend multi-
@@ -254,46 +255,46 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is available in Postfix 2.1 and later.
 
        <b>REDIRECT</b> <i>user@domain</i>
-              Write a message redirection request  to  the  queue
-              file,  and  inspect  the next input line. After the
+              Write  a  message  redirection request to the queue
+              file, and inspect the next input  line.  After  the
               message is queued, it will be sent to the specified
               address instead of the intended recipient(s).
 
-              Note:  this action overrides the <b>FILTER</b> action, and
-              affects all recipients of the message. If  multiple
-              <b>REDIRECT</b>  actions  fire,  only the last one is exe-
+              Note: this action overrides the <b>FILTER</b> action,  and
+              affects  all recipients of the message. If multiple
+              <b>REDIRECT</b> actions fire, only the last  one  is  exe-
               cuted.
 
               This feature is available in Postfix 2.1 and later.
 
        <b>REPLACE</b> <i>text...</i>
-              Replace  the  current line with the specified text,
+              Replace the current line with the  specified  text,
               and inspect the next input line.
 
               This feature is available in Postfix 2.2 and later.
-              The  description below applies to Postfix 2.2.2 and
+              The description below applies to Postfix 2.2.2  and
               later.
 
               Notes:
 
-              <b>o</b>      When replacing a message  header  line,  the
-                     replacement  text  must  begin  with a valid
+              <b>o</b>      When  replacing  a  message header line, the
+                     replacement text must  begin  with  a  valid
                      header label.
 
-              <b>o</b>      The replaced text remains part of the  input
-                     stream.  Unlike  the result from the <b>PREPEND</b>
-                     action, a replaced  message  header  may  be
-                     subject  to address rewriting and may affect
-                     the way that Postfix  adds  missing  message
+              <b>o</b>      The  replaced text remains part of the input
+                     stream. Unlike the result from  the  <b>PREPEND</b>
+                     action,  a  replaced  message  header may be
+                     subject to address rewriting and may  affect
+                     the  way  that  Postfix adds missing message
                      headers.
 
        <b>REJECT</b> <i>optional text...</i>
-              Reject  the  entire  message.  Reply  with <i>optional</i>
+              Reject the  entire  message.  Reply  with  <i>optional</i>
               <i>text...</i> when the optional text is specified, other-
               wise reply with a generic error message.
 
-              Note:   this  action  disables  further  header  or
-              <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current  message  and
+              Note:  this  action  disables  further  header   or
+              <a href="postconf.5.html#body_checks">body_checks</a>  inspection  of the current message and
               affects all recipients.
 
               Postfix version 2.3 and later support enhanced sta-
@@ -302,37 +303,37 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               enhanced status code of "5.7.1".
 
        <b>WARN</b> <i>optional text...</i>
-              Log a warning with the <i>optional text...</i> (or  log  a
-              generic  message), and inspect the next input line.
+              Log  a  warning with the <i>optional text...</i> (or log a
+              generic message), and inspect the next input  line.
               This action is useful for debugging and for testing
               a pattern before applying more drastic actions.
 
 <b>BUGS</b>
        Empty lines never match, because some map types mis-behave
-       when given a zero-length search string.   This  limitation
-       may  be  removed for regular expression tables in a future
+       when  given  a zero-length search string.  This limitation
+       may be removed for regular expression tables in  a  future
        release.
 
-       Many people overlook the main limitations  of  header  and
+       Many  people  overlook  the main limitations of header and
        <a href="postconf.5.html#body_checks">body_checks</a> rules.
 
-       <b>o</b>      These  rules  operate on one logical message header
+       <b>o</b>      These rules operate on one logical  message  header
               or one body line at a time. A decision made for one
               line is not carried over to the next line.
 
-       <b>o</b>      If  text  in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>)
+       <b>o</b>      If text in the message body is encoded  (<a href="http://tools.ietf.org/html/rfc2045">RFC  2045</a>)
               then the rules need to be specified for the encoded
               form.
 
-       <b>o</b>      Likewise,  when  message  headers  are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a>
-              <a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified  for  the
+       <b>o</b>      Likewise, when message  headers  are  encoded  (<a href="http://tools.ietf.org/html/rfc2047">RFC</a>
+              <a href="http://tools.ietf.org/html/rfc2047">2047</a>)  then  the rules need to be specified for the
               encoded form.
 
-       Message  headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
+       Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself  are
        excluded from inspection. Examples of such message headers
        are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
 
-       Message  headers  deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
+       Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon  will  be
        examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
        <b>tent-Length:</b>, <b>Return-Path:</b>.
 
@@ -340,11 +341,11 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        <b><a href="postconf.5.html#body_checks">body_checks</a></b>
               Lookup tables with content filter rules for message
               body lines.  These filters see one physical line at
-              a  time,  in  chunks  of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
+              a time, in chunks  of  at  most  <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
               bytes.
 
        <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
-              The amount of  content  per  message  body  segment
+              The  amount  of  content  per  message body segment
               (attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
               tering.
 
@@ -354,35 +355,35 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
        <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
               Lookup tables with content filter rules for message
-              header  lines:  respectively,  these are applied to
-              the initial message  headers  (not  including  MIME
-              headers),  to the MIME headers anywhere in the mes-
-              sage, and to the initial headers of  attached  mes-
+              header lines: respectively, these  are  applied  to
+              the  initial  message  headers  (not including MIME
+              headers), to the MIME headers anywhere in the  mes-
+              sage,  and  to the initial headers of attached mes-
               sages.
 
-              Note:  these filters see one logical message header
-              at a time, even when a message header spans  multi-
-              ple  lines.  Message  headers  that are longer than
+              Note: these filters see one logical message  header
+              at  a time, even when a message header spans multi-
+              ple lines. Message headers  that  are  longer  than
               <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
 
        <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
-              While receiving mail, give no special treatment  to
-              MIME  related  message  headers; all text after the
+              While  receiving mail, give no special treatment to
+              MIME related message headers; all  text  after  the
               initial message headers is considered to be part of
-              the  message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
-              applied to all the  initial  message  headers,  and
+              the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b>  is
+              applied  to  all  the  initial message headers, and
               that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
               message.
 
-              Note: when used in this  manner,  <b><a href="postconf.5.html#body_checks">body_checks</a></b>  will
-              process  a  multi-line message header one line at a
+              Note:  when  used  in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
+              process a multi-line message header one line  at  a
               time.
 
 <b>EXAMPLES</b>
-       Header pattern to block attachments  with  bad  file  name
-       extensions.   For  convenience, the PCRE /x flag is speci-
-       fied, so that there is no need  to  collapse  the  pattern
-       into   a   single  line  of  text.   The  purpose  of  the
+       Header  pattern  to  block  attachments with bad file name
+       extensions.  For convenience, the PCRE /x flag  is  speci-
+       fied,  so  that  there  is no need to collapse the pattern
+       into  a  single  line  of  text.   The  purpose   of   the
        [[:xdigit:]] sub-expressions is to recognize Windows CLSID
        strings.
 
@@ -427,7 +428,7 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/oqmgr.8.html b/postfix/html/oqmgr.8.html
index e25247fbd..5e6db842b 100644
--- a/postfix/html/oqmgr.8.html
+++ b/postfix/html/oqmgr.8.html
@@ -195,14 +195,15 @@ OQMGR(8)                                                              OQMGR(8)
 
        Available with Postfix version 2.7 and later:
 
-       <b><a href="postconf.5.html#legacy_filter_nexthop">legacy_filter_nexthop</a> (no)</b>
-              When  a  FILTER command does not specify a destina-
-              tion, force  the  destination  to  be  $<a href="postconf.5.html#myhostname">myhostname</a>,
-              instead of using the recipient domain.
+       <b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
+              When  a  <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies
+              no explicit next-hop destination, use $default_fil-
+              ter_nexthop  instead; when that value is empty, use
+              the domain in the recipient address.
 
 <b>ACTIVE QUEUE CONTROLS</b>
        <b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
-              The  minimal delay between warnings that a specific
+              The minimal delay between warnings that a  specific
               destination  is  clogging  up  the  Postfix  active
               queue.
 
@@ -210,23 +211,23 @@ OQMGR(8)                                                              OQMGR(8)
               The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
 
        <b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
-              The maximal number of recipients held in memory  by
-              the  Postfix queue manager, and the maximal size of
+              The  maximal number of recipients held in memory by
+              the Postfix queue manager, and the maximal size  of
               the size of the short-term, in-memory "dead" desti-
               nation status cache.
 
 <b>DELIVERY CONCURRENCY CONTROLS</b>
        <b><a href="postconf.5.html#qmgr_fudge_factor">qmgr_fudge_factor</a> (100)</b>
-              Obsolete   feature:   the  percentage  of  delivery
-              resources that a busy mail system will use  up  for
+              Obsolete  feature:  the  percentage   of   delivery
+              resources  that  a busy mail system will use up for
               delivery of a large mailing  list message.
 
        <b><a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> (5)</b>
-              The  initial  per-destination concurrency level for
+              The initial per-destination concurrency  level  for
               parallel delivery to the same destination.
 
        <b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
-              The default maximal number of  parallel  deliveries
+              The  default  maximal number of parallel deliveries
               to the same destination.
 
        <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
@@ -241,9 +242,9 @@ OQMGR(8)                                                              OQMGR(8)
               sage <i>transport</i>.
 
        <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
-              How  many  pseudo-cohorts must suffer connection or
-              handshake failure before a specific destination  is
-              considered  unavailable  (and  further  delivery is
+              How many pseudo-cohorts must suffer  connection  or
+              handshake  failure before a specific destination is
+              considered unavailable  (and  further  delivery  is
               suspended).
 
        <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a></b>
@@ -251,8 +252,8 @@ OQMGR(8)                                                              OQMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
-              The  per-destination amount of delivery concurrency
-              negative feedback, after a delivery completes  with
+              The per-destination amount of delivery  concurrency
+              negative  feedback, after a delivery completes with
               a connection or handshake failure.
 
        <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
@@ -260,7 +261,7 @@ OQMGR(8)                                                              OQMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
-              The per-destination amount of delivery  concurrency
+              The  per-destination amount of delivery concurrency
               positive feedback, after a delivery completes with-
               out connection or handshake failure.
 
@@ -274,7 +275,7 @@ OQMGR(8)                                                              OQMGR(8)
 
 <b>RECIPIENT SCHEDULING CONTROLS</b>
        <b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
-              The default maximal number of recipients  per  mes-
+              The  default  maximal number of recipients per mes-
               sage delivery.
 
        <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b>
@@ -282,41 +283,41 @@ OQMGR(8)                                                              OQMGR(8)
 
 <b>OTHER RESOURCE AND RATE CONTROLS</b>
        <b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
-              The minimal time  between  attempts  to  deliver  a
-              deferred  message; prior to Postfix 2.4 the default
+              The  minimal  time  between  attempts  to deliver a
+              deferred message; prior to Postfix 2.4 the  default
               value was 1000s.
 
        <b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
-              The maximal time  between  attempts  to  deliver  a
+              The  maximal  time  between  attempts  to deliver a
               deferred message.
 
        <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
-              The  maximal  time a message is queued before it is
+              The maximal time a message is queued before  it  is
               sent back as undeliverable.
 
        <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the  queue
+              The  time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
               manager; prior to Postfix 2.4 the default value was
               1000s.
 
        <b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
               The time between attempts by the Postfix queue man-
-              ager  to  contact a malfunctioning message delivery
+              ager to contact a malfunctioning  message  delivery
               transport.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
-              The maximal time a bounce message is queued  before
+              The  maximal time a bounce message is queued before
               it is considered undeliverable.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
               The  default  amount  of  delay  that  is  inserted
-              between individual deliveries to the same  destina-
-              tion;  with  per-destination recipient limit &gt; 1, a
-              destination is a domain, otherwise it is a  recipi-
+              between  individual deliveries to the same destina-
+              tion; with per-destination recipient limit &gt;  1,  a
+              destination  is a domain, otherwise it is a recipi-
               ent.
 
        <b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a>         $<a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-</b>
@@ -325,7 +326,7 @@ OQMGR(8)                                                              OQMGR(8)
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
@@ -334,11 +335,11 @@ OQMGR(8)                                                              OQMGR(8)
               "<b>sendmail -q</b>" or equivalent.
 
        <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The  maximal  number  of  digits  after the decimal
+              The maximal number  of  digits  after  the  decimal
               point when logging sub-second delay values.
 
        <b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
-              Log warnings about problematic  configuration  set-
+              Log  warnings  about problematic configuration set-
               tings, and provide helpful suggestions.
 
        <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -346,23 +347,23 @@ OQMGR(8)                                                              OQMGR(8)
               over an internal communication channel.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The location of the Postfix top-level queue  direc-
+              The  location of the Postfix top-level queue direc-
               tory.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>FILES</b>
@@ -385,7 +386,7 @@ OQMGR(8)                                                              OQMGR(8)
        <a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/pickup.8.html b/postfix/html/pickup.8.html
index 3532a6628..ac1e147d2 100644
--- a/postfix/html/pickup.8.html
+++ b/postfix/html/pickup.8.html
@@ -53,8 +53,8 @@ PICKUP(8)                                                            PICKUP(8)
 
 <b>CONTENT INSPECTION CONTROLS</b>
        <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
-              The name of a mail delivery transport that  filters
-              mail after it is queued.
+              After the message is queued, send the  entire  mes-
+              sage to the specified <i>transport:destination</i>.
 
        <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
               Enable  or  disable  recipient validation, built-in
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index bffafa67e..db5c78f15 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -1540,24 +1540,25 @@ is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>.  </p>
 <p> After the message is queued, send the entire message to the
 specified <i>transport:destination</i>. The <i>transport</i> name
 specifies the first field of a mail delivery agent definition in
-<a href="master.5.html">master.cf</a>; the syntax of <i>destination</i> is described in the
-manual page of the corresponding delivery agent.  More information
-about external content filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
-</p>
+<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent.  More
+information about external content filters is in the Postfix
+<a href="FILTER_README.html">FILTER_README</a> file.  </p>
 
 <p> Notes: </p>
 
 <ul>
 
-<li> <p> This setting has a lower precedence than a content filter that
-is specified with an <a href="access.5.html">access(5)</a> table or in a <a href="header_checks.5.html">header_checks(5)</a> or
-<a href="header_checks.5.html">body_checks(5)</a> table. </p>
+<li> <p> This setting has lower precedence than a FILTER action
+that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a>
+table. </p>
 
-<li> <p> The meaning of an empty filter <i>destination</i> is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>.  Specify "<a href="postconf.5.html#legacy_filter_nexthop">legacy_filter_nexthop</a>
-= yes" for compatibility with Postfix 2.6 or earlier, or specify
-a non-empty filter <i>destination</i>.  </p>
+<li> <p> The meaning of an empty next-hop filter <i>destination</i>
+is version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>.  Specify
+"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
+2.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit
+next-hop <i>destination</i>.  </p>
 
 </ul>
 
@@ -2021,6 +2022,21 @@ name of the message delivery transport.
 </p>
 
 
+</DD>
+
+<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a>
+(default: empty)</b></DT><DD>
+
+<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+that value is empty, use the domain in the recipient address.
+Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility
+with Postfix version 2.6 and earlier, or specify an explicit next-hop
+destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p>
+
+<p> This feature is available in Postfix 2.7 and later.  </p>
+
+
 </DD>
 
 <DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a>
@@ -3502,20 +3518,6 @@ This feature is available in Postfix 2.1 and later.
 </p>
 
 
-</DD>
-
-<DT><b><a name="legacy_filter_nexthop">legacy_filter_nexthop</a>
-(default: no)</b></DT><DD>
-
-<p> When a FILTER command does not specify a destination, force the
-destination to be $<a href="postconf.5.html#myhostname">myhostname</a>, instead of using the recipient domain.
-Specify "<a href="postconf.5.html#legacy_filter_nexthop">legacy_filter_nexthop</a> = yes" for compatibility with Postfix
-version 2.6 and earlier, or specify a non-empty filter destination.
-</p>
-
-<p> This feature is available in Postfix 2.7 and later.  </p>
-
-
 </DD>
 
 <DT><b><a name="line_length_limit">line_length_limit</a>
diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html
index 9025c1cbb..7293c8645 100644
--- a/postfix/html/qmgr.8.html
+++ b/postfix/html/qmgr.8.html
@@ -201,14 +201,15 @@ QMGR(8)                                                                QMGR(8)
 
        Available with Postfix version 2.7 and later:
 
-       <b><a href="postconf.5.html#legacy_filter_nexthop">legacy_filter_nexthop</a> (no)</b>
-              When a FILTER command does not specify  a  destina-
-              tion,  force  the  destination  to  be $<a href="postconf.5.html#myhostname">myhostname</a>,
-              instead of using the recipient domain.
+       <b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
+              When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER  request  specifies
+              no explicit next-hop destination, use $default_fil-
+              ter_nexthop instead; when that value is empty,  use
+              the domain in the recipient address.
 
 <b>ACTIVE QUEUE CONTROLS</b>
        <b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
-              The minimal delay between warnings that a  specific
+              The  minimal delay between warnings that a specific
               destination  is  clogging  up  the  Postfix  active
               queue.
 
@@ -216,13 +217,13 @@ QMGR(8)                                                                QMGR(8)
               The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
 
        <b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
-              The  maximal number of recipients held in memory by
-              the Postfix queue manager, and the maximal size  of
+              The maximal number of recipients held in memory  by
+              the  Postfix queue manager, and the maximal size of
               the size of the short-term, in-memory "dead" desti-
               nation status cache.
 
        <b><a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> (10)</b>
-              The minimal number of in-memory recipients for  any
+              The  minimal number of in-memory recipients for any
               message.
 
        <b><a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> (20000)</b>
@@ -243,7 +244,7 @@ QMGR(8)                                                                QMGR(8)
        Available in Postfix version 2.4 and later:
 
        <b><a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> (100)</b>
-              The  default  per-transport  limit on the number of
+              The default per-transport limit on  the  number  of
               recipients refilled at once.
 
        <b><a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a>         ($<a href="postconf.5.html#default_recipient_refill_limit">default_recipi</a>-</b>
@@ -251,7 +252,7 @@ QMGR(8)                                                                QMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> (5s)</b>
-              The  default  per-transport  maximum  delay between
+              The default  per-transport  maximum  delay  between
               recipients refills.
 
        <b><a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a>         ($<a href="postconf.5.html#default_recipient_refill_delay">default_recipi</a>-</b>
@@ -260,11 +261,11 @@ QMGR(8)                                                                QMGR(8)
 
 <b>DELIVERY CONCURRENCY CONTROLS</b>
        <b><a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> (5)</b>
-              The  initial  per-destination concurrency level for
+              The initial per-destination concurrency  level  for
               parallel delivery to the same destination.
 
        <b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
-              The default maximal number of  parallel  deliveries
+              The  default  maximal number of parallel deliveries
               to the same destination.
 
        <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
@@ -279,9 +280,9 @@ QMGR(8)                                                                QMGR(8)
               sage <i>transport</i>.
 
        <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
-              How  many  pseudo-cohorts must suffer connection or
-              handshake failure before a specific destination  is
-              considered  unavailable  (and  further  delivery is
+              How many pseudo-cohorts must suffer  connection  or
+              handshake  failure before a specific destination is
+              considered unavailable  (and  further  delivery  is
               suspended).
 
        <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a></b>
@@ -289,8 +290,8 @@ QMGR(8)                                                                QMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
-              The  per-destination amount of delivery concurrency
-              negative feedback, after a delivery completes  with
+              The per-destination amount of delivery  concurrency
+              negative  feedback, after a delivery completes with
               a connection or handshake failure.
 
        <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
@@ -298,7 +299,7 @@ QMGR(8)                                                                QMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
-              The per-destination amount of delivery  concurrency
+              The  per-destination amount of delivery concurrency
               positive feedback, after a delivery completes with-
               out connection or handshake failure.
 
@@ -312,7 +313,7 @@ QMGR(8)                                                                QMGR(8)
 
 <b>RECIPIENT SCHEDULING CONTROLS</b>
        <b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
-              The default maximal number of recipients  per  mes-
+              The  default  maximal number of recipients per mes-
               sage delivery.
 
        <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a>   ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
@@ -321,8 +322,8 @@ QMGR(8)                                                                QMGR(8)
 
 <b>MESSAGE SCHEDULING CONTROLS</b>
        <b><a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> (5)</b>
-              How often the Postfix queue manager's scheduler  is
-              allowed  to  preempt  delivery  of one message with
+              How  often the Postfix queue manager's scheduler is
+              allowed to preempt delivery  of  one  message  with
               another.
 
        <b><a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> ($<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b>
@@ -338,7 +339,7 @@ QMGR(8)                                                                QMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> (50)</b>
-              The default value  for  transport-specific  _deliv-
+              The  default  value  for transport-specific _deliv-
               ery_slot_discount settings.
 
        <b><a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a>          ($<a href="postconf.5.html#default_delivery_slot_discount">default_deliv</a>-</b>
@@ -346,7 +347,7 @@ QMGR(8)                                                                QMGR(8)
               Idem, for delivery via the named message <i>transport</i>.
 
        <b><a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> (3)</b>
-              The default value  for  transport-specific  _deliv-
+              The  default  value  for transport-specific _deliv-
               ery_slot_loan settings.
 
        <b><a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> ($<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b>
@@ -354,41 +355,41 @@ QMGR(8)                                                                QMGR(8)
 
 <b>OTHER RESOURCE AND RATE CONTROLS</b>
        <b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
-              The minimal time  between  attempts  to  deliver  a
-              deferred  message; prior to Postfix 2.4 the default
+              The  minimal  time  between  attempts  to deliver a
+              deferred message; prior to Postfix 2.4 the  default
               value was 1000s.
 
        <b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
-              The maximal time  between  attempts  to  deliver  a
+              The  maximal  time  between  attempts  to deliver a
               deferred message.
 
        <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
-              The  maximal  time a message is queued before it is
+              The maximal time a message is queued before  it  is
               sent back as undeliverable.
 
        <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the  queue
+              The  time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
               manager; prior to Postfix 2.4 the default value was
               1000s.
 
        <b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
               The time between attempts by the Postfix queue man-
-              ager  to  contact a malfunctioning message delivery
+              ager to contact a malfunctioning  message  delivery
               transport.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
-              The maximal time a bounce message is queued  before
+              The  maximal time a bounce message is queued before
               it is considered undeliverable.
 
        Available in Postfix version 2.5 and later:
 
        <b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
               The  default  amount  of  delay  that  is  inserted
-              between individual deliveries to the same  destina-
-              tion;  with  per-destination recipient limit &gt; 1, a
-              destination is a domain, otherwise it is a  recipi-
+              between  individual deliveries to the same destina-
+              tion; with per-destination recipient limit &gt;  1,  a
+              destination  is a domain, otherwise it is a recipi-
               ent.
 
        <b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a>         $<a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-</b>
@@ -397,7 +398,7 @@ QMGR(8)                                                                QMGR(8)
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
@@ -406,11 +407,11 @@ QMGR(8)                                                                QMGR(8)
               "<b>sendmail -q</b>" or equivalent.
 
        <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The  maximal  number  of  digits  after the decimal
+              The maximal number  of  digits  after  the  decimal
               point when logging sub-second delay values.
 
        <b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
-              Log warnings about problematic  configuration  set-
+              Log  warnings  about problematic configuration set-
               tings, and provide helpful suggestions.
 
        <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -418,23 +419,23 @@ QMGR(8)                                                                QMGR(8)
               over an internal communication channel.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The location of the Postfix top-level queue  direc-
+              The  location of the Postfix top-level queue direc-
               tory.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
 <b>FILES</b>
@@ -458,7 +459,7 @@ QMGR(8)                                                                QMGR(8)
        <a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html
index c62b0d150..94eac6a42 100644
--- a/postfix/html/qmqpd.8.html
+++ b/postfix/html/qmqpd.8.html
@@ -52,8 +52,8 @@ QMQPD(8)                                                              QMQPD(8)
 
 <b>CONTENT INSPECTION CONTROLS</b>
        <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
-              The name of a mail delivery transport that  filters
-              mail after it is queued.
+              After the message is queued, send the  entire  mes-
+              sage to the specified <i>transport:destination</i>.
 
        <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
               Enable  or  disable  recipient validation, built-in
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index c5bf71c69..b47f92c0d 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -178,8 +178,8 @@ SMTPD(8)                                                              SMTPD(8)
        See the <a href="FILTER_README.html">FILTER_README</a> document for details.
 
        <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
-              The  name of a mail delivery transport that filters
-              mail after it is queued.
+              After  the  message is queued, send the entire mes-
+              sage to the specified <i>transport:destination</i>.
 
 <b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
        As of version 2.1, the Postfix SMTP server can be  config-
diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5
index 17b816abb..f901b1c9e 100644
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@@ -269,10 +269,11 @@ This feature is available in Postfix 2.0 and later.
 After the message is queued, send the entire message through
 the specified external content filter. The \fItransport\fR
 name specifies the first field of a mail delivery agent
-definition in master.cf; the syntax of \fIdestination\fR
-is described in the manual page of the corresponding delivery
-agent.  More information about external content filters is
-in the Postfix FILTER_README file.
+definition in master.cf; the syntax of the next-hop
+\fIdestination\fR is described in the manual page of the
+corresponding delivery agent.  More information about
+external content filters is in the Postfix FILTER_README
+file.
 .sp
 Note 1: do not use $\fInumber\fR regular expression
 substitutions for \fItransport\fR or \fIdestination\fR
@@ -285,12 +286,13 @@ one is executed.
 .sp
 Note 3: the purpose of the FILTER command is to override
 message routing.  To override the recipient's \fItransport\fR
-but not \fIdestination\fR, specify an empty \fIdestination\fR
-(Postfix 2.7 and later), or specify a \fItransport:destination\fR
-that delivers through a different Postfix instance (Postfix
-2.6 and earlier). Other options are using the recipient-dependent
-\fBtrans\%port\%_maps\fR or the sen\%der-dependent
-\fBsender\%_de\%pen\%dent_default_trans\%port\%_maps\fR
+but not the next-hop \fIdestination\fR, specify an empty
+filter \fIdestination\fR (Postfix 2.7 and later), or specify
+a \fItransport:destination\fR that delivers through a
+different Postfix instance (Postfix 2.6 and earlier). Other
+options are using the recipient-dependent \fBtrans\%port\%_maps\fR
+or the sen\%der-dependent
+\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR
 features.
 .sp
 This feature is available in Postfix 2.0 and later.
diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5
index b99752c35..c1243c22d 100644
--- a/postfix/man/man5/header_checks.5
+++ b/postfix/man/man5/header_checks.5
@@ -171,10 +171,11 @@ This feature is available in Postfix 2.1 and later.
 After the message is queued, send the entire message through
 the specified external content filter. The \fItransport\fR
 name specifies the first field of a mail delivery agent
-definition master.cf; the syntax of \fIdestination\fR is
-described in the manual page of the corresponding delivery
-agent.  More information about external content filters is
-in the Postfix FILTER_README file.
+definition in master.cf; the syntax of the next-hop
+\fIdestination\fR is described in the manual page of the
+corresponding delivery agent.  More information about
+external content filters is in the Postfix FILTER_README
+file.
 .sp
 Note 1: do not use $\fInumber\fR regular expression
 substitutions for \fItransport\fR or \fIdestination\fR
@@ -187,12 +188,13 @@ one is executed.
 .sp
 Note 3: the purpose of the FILTER command is to override
 message routing.  To override the recipient's \fItransport\fR
-but not \fIdestination\fR, specify an empty \fIdestination\fR
-(Postfix 2.7 and later), or specify a \fItransport:destination\fR
-that delivers through a different Postfix instance (Postfix
-2.6 and earlier). Other options are using the recipient-dependent
-\fBtrans\%port\%_maps\fR or the sen\%der-dependent
-\fBsender\%_de\%pen\%dent_default_trans\%port\%_maps\fR
+but not the next-hop \fIdestination\fR, specify an empty
+filter \fIdestination\fR (Postfix 2.7 and later), or specify
+a \fItransport:destination\fR that delivers through a
+different Postfix instance (Postfix 2.6 and earlier). Other
+options are using the recipient-dependent \fBtrans\%port\%_maps\fR
+or the sen\%der-dependent
+\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR
 features.
 .sp
 This feature is available in Postfix 2.0 and later.
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 2a613a2f9..3ffbf62d8 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -853,21 +853,23 @@ is already bounded by $max_idle.
 After the message is queued, send the entire message to the
 specified \fItransport:destination\fR. The \fItransport\fR name
 specifies the first field of a mail delivery agent definition in
-master.cf; the syntax of \fIdestination\fR is described in the
-manual page of the corresponding delivery agent.  More information
-about external content filters is in the Postfix FILTER_README file.
+master.cf; the syntax of the next-hop \fIdestination\fR is described
+in the manual page of the corresponding delivery agent.  More
+information about external content filters is in the Postfix
+FILTER_README file.
 .PP
 Notes:
 .IP \(bu
-This setting has a lower precedence than a content filter that
-is specified with an \fBaccess\fR(5) table or in a \fBheader_checks\fR(5) or
-\fBbody_checks\fR(5) table.
+This setting has lower precedence than a FILTER action
+that is specified in an \fBaccess\fR(5), \fBheader_checks\fR(5) or \fBbody_checks\fR(5)
+table.
 .IP \(bu
-The meaning of an empty filter \fIdestination\fR is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $myhostname.  Specify "legacy_filter_nexthop
-= yes" for compatibility with Postfix 2.6 or earlier, or specify
-a non-empty filter \fIdestination\fR.
+The meaning of an empty next-hop filter \fIdestination\fR
+is version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $myhostname.  Specify
+"default_filter_nexthop = $myhostname" for compatibility with Postfix
+2.6 or earlier, or specify a content_filter value with an explicit
+next-hop \fIdestination\fR.
 .SH cyrus_sasl_config_path (default: empty)
 Search path for Cyrus SASL application configuration files,
 currently used only to locate the $smtpd_sasl_path.conf file.
@@ -1168,6 +1170,15 @@ degradation.
 Use \fItransport\fR_extra_recipient_limit to specify a
 transport-specific override, where \fItransport\fR is the master.cf
 name of the message delivery transport.
+.SH default_filter_nexthop (default: empty)
+When a content_filter or FILTER request specifies no explicit
+next-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
+Specify "default_filter_nexthop = $myhostname" for compatibility
+with Postfix version 2.6 and earlier, or specify an explicit next-hop
+destination with each content_filter value or FILTER action.
+.PP
+This feature is available in Postfix 2.7 and later.
 .SH default_minimum_delivery_slots (default: 3)
 How many recipients a message must have in order to invoke the
 Postfix queue manager's scheduling algorithm at all.  Messages
@@ -1956,13 +1967,6 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
 The default time unit is s (seconds).
 .PP
 This feature is available in Postfix 2.1 and later.
-.SH legacy_filter_nexthop (default: no)
-When a FILTER command does not specify a destination, force the
-destination to be $myhostname, instead of using the recipient domain.
-Specify "legacy_filter_nexthop = yes" for compatibility with Postfix
-version 2.6 and earlier, or specify a non-empty filter destination.
-.PP
-This feature is available in Postfix 2.7 and later.
 .SH line_length_limit (default: 2048)
 Upon input, long lines are chopped up into pieces of at most
 this length; upon delivery, long lines are reconstructed.
diff --git a/postfix/man/man8/oqmgr.8 b/postfix/man/man8/oqmgr.8
index 9b4fbfb33..00dda1311 100644
--- a/postfix/man/man8/oqmgr.8
+++ b/postfix/man/man8/oqmgr.8
@@ -185,9 +185,10 @@ Allow a sender or recipient address to have `-' as the first
 character.
 .PP
 Available with Postfix version 2.7 and later:
-.IP "\fBlegacy_filter_nexthop (no)\fR"
-When a FILTER command does not specify a destination, force the
-destination to be $myhostname, instead of using the recipient domain.
+.IP "\fBdefault_filter_nexthop (empty)\fR"
+When a content_filter or FILTER request specifies no explicit
+next-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
 .SH "ACTIVE QUEUE CONTROLS"
 .na
 .nf
diff --git a/postfix/man/man8/pickup.8 b/postfix/man/man8/pickup.8
index cd4efb5c8..4e0f79af7 100644
--- a/postfix/man/man8/pickup.8
+++ b/postfix/man/man8/pickup.8
@@ -64,8 +64,8 @@ The text below provides only a parameter summary. See
 .ad
 .fi
 .IP "\fBcontent_filter (empty)\fR"
-The name of a mail delivery transport that filters mail after
-it is queued.
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR.
 .IP "\fBreceive_override_options (empty)\fR"
 Enable or disable recipient validation, built-in content
 filtering, or address mapping.
diff --git a/postfix/man/man8/qmgr.8 b/postfix/man/man8/qmgr.8
index 4bbfd5777..83e7ea59b 100644
--- a/postfix/man/man8/qmgr.8
+++ b/postfix/man/man8/qmgr.8
@@ -189,9 +189,10 @@ Allow a sender or recipient address to have `-' as the first
 character.
 .PP
 Available with Postfix version 2.7 and later:
-.IP "\fBlegacy_filter_nexthop (no)\fR"
-When a FILTER command does not specify a destination, force the
-destination to be $myhostname, instead of using the recipient domain.
+.IP "\fBdefault_filter_nexthop (empty)\fR"
+When a content_filter or FILTER request specifies no explicit
+next-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
 .SH "ACTIVE QUEUE CONTROLS"
 .na
 .nf
diff --git a/postfix/man/man8/qmqpd.8 b/postfix/man/man8/qmqpd.8
index 72fcd4786..ca193b205 100644
--- a/postfix/man/man8/qmqpd.8
+++ b/postfix/man/man8/qmqpd.8
@@ -61,8 +61,8 @@ The text below provides only a parameter summary. See
 .ad
 .fi
 .IP "\fBcontent_filter (empty)\fR"
-The name of a mail delivery transport that filters mail after
-it is queued.
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR.
 .IP "\fBreceive_override_options (empty)\fR"
 Enable or disable recipient validation, built-in content
 filtering, or address mapping.
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 326500ed3..e8970b1f9 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -170,8 +170,8 @@ an external content filter AFTER the mail is queued. This content
 filter is expected to inject mail back into a (Postfix or other)
 MTA for further delivery. See the FILTER_README document for details.
 .IP "\fBcontent_filter (empty)\fR"
-The name of a mail delivery transport that filters mail after
-it is queued.
+After the message is queued, send the entire message to the
+specified \fItransport:destination\fR.
 .SH "BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
 .na
 .nf
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 7cd756375..583a66cb8 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -355,7 +355,7 @@ while (<>) {
     s;\bproxy_write_maps\b;<a href="postconf.5.html#proxy_write_maps">$&</a>;g;
     s;\bqmgr_clog_warn_time\b;<a href="postconf.5.html#qmgr_clog_warn_time">$&</a>;g;
     s;\bqmgr_fudge_factor\b;<a href="postconf.5.html#qmgr_fudge_factor">$&</a>;g;
-    s;\blegacy_filter_nexthop\b;<a href="postconf.5.html#legacy_filter_nexthop">$&</a>;g;
+    s;\bdefault_filter_nexthop\b;<a href="postconf.5.html#default_filter_nexthop">$&</a>;g;
     s;\bqmgr_message_active_limit\b;<a href="postconf.5.html#qmgr_message_active_limit">$&</a>;g;
     s;\bqmgr_message_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#qmgr_message_recipient_limit">$&</a>;g;
     s;\bqmgr_message_recip[-</bB>]*\n* *[<bB>]*ient_minimum\b;<a href="postconf.5.html#qmgr_message_recipient_minimum">$&</a>;g;
diff --git a/postfix/proto/FILTER_README.html b/postfix/proto/FILTER_README.html
index ac303ab8b..4635b7159 100644
--- a/postfix/proto/FILTER_README.html
+++ b/postfix/proto/FILTER_README.html
@@ -399,18 +399,19 @@ and causes mail to be given to the content filter instead. </p>
 <p> The content_filter configuration parameter expects a value of
 the form <i>transport:destination</i>. The <i>transport</i> name
 specifies the first field of a mail delivery agent definition in
-master.cf; the syntax of <i>destination</i> is described in the
-manual page of the corresponding delivery agent. </p>
+master.cf; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. </p>
 
-<p> The meaning of an empty filter <i>destination</i> is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $myhostname.  Specify "legacy_filter_nexthop
-= yes" for compatibility with Postfix 2.6 or earlier, or specify a
-non-empty filter destination.  </p>
+<p> The meaning of an empty next-hop filter <i>destination</i> is
+version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $myhostname.  Specify
+"default_filter_nexthop = $myhostname" for compatibility with Postfix
+2.6 or earlier, or specify a non-empty next-hop filter <i>destination</i>.
+</p>
 
-<p> The content_filter setting has a lower precedence than a content
-filter that is specified with an access(5) table or in a header_checks(5)
-or body_checks(5) table. </p>
+<p> The content_filter setting has lower precedence than a FILTER
+action that is specified in an access(5), header_checks(5) or
+body_checks(5) table. </p>
 
 <li> <p> Execute "<b>postfix reload</b>" to complete the change.
 </p>
@@ -625,18 +626,18 @@ of its final destination. </p>
 <li> <p> The content_filter configuration parameter expects a value
 of the form <i>transport:destination</i>. The <i>transport</i> name
 specifies the first field of a mail delivery agent definition in
-master.cf; the syntax of <i>destination</i> is described in the
-manual page of the corresponding delivery agent. </p>
+master.cf; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. </p>
 
-<li> <p> The meaning of an empty filter <i>destination</i> is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $myhostname.  Specify "legacy_filter_nexthop
-= yes" for compatibility with Postfix 2.6 or earlier, or specify a
-non-empty filter destination.  </p>
+<li> <p> The meaning of an empty next-hop filter <i>destination</i>
+is version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $myhostname.  Specify
+"default_filter_nexthop = $myhostname" for compatibility with Postfix
+2.6 or earlier, or specify a non-empty next-hop filter <i>destination</i>.
 
-<li> <p> The content_filter setting has a lower precedence than a
-content filter that is specified with an access(5) table or in a
-header_checks(5) or body_checks(5) table. </p>
+<li> <p> The content_filter setting has lower precedence than a
+FILTER action that is specified in an access(5), header_checks(5)
+or body_checks(5) table. </p>
 
 </ul>
 
diff --git a/postfix/proto/access b/postfix/proto/access
index 7ddacb81b..6e7007c64 100644
--- a/postfix/proto/access
+++ b/postfix/proto/access
@@ -274,10 +274,11 @@
 #	After the message is queued, send the entire message through
 #	the specified external content filter. The \fItransport\fR
 #	name specifies the first field of a mail delivery agent
-#	definition in master.cf; the syntax of \fIdestination\fR
-#	is described in the manual page of the corresponding delivery
-#	agent.  More information about external content filters is
-#	in the Postfix FILTER_README file.
+#	definition in master.cf; the syntax of the next-hop
+#	\fIdestination\fR is described in the manual page of the
+#	corresponding delivery agent.  More information about
+#	external content filters is in the Postfix FILTER_README
+#	file.
 # .sp
 #	Note 1: do not use $\fInumber\fR regular expression
 #	substitutions for \fItransport\fR or \fIdestination\fR
@@ -290,12 +291,13 @@
 # .sp
 #	Note 3: the purpose of the FILTER command is to override
 #	message routing.  To override the recipient's \fItransport\fR
-#	but not \fIdestination\fR, specify an empty \fIdestination\fR
-#	(Postfix 2.7 and later), or specify a \fItransport:destination\fR
-#	that delivers through a different Postfix instance (Postfix
-#	2.6 and earlier). Other options are using the recipient-dependent
-#	\fBtrans\%port\%_maps\fR or the sen\%der-dependent
-#	\fBsender\%_de\%pen\%dent_default_trans\%port\%_maps\fR
+#	but not the next-hop \fIdestination\fR, specify an empty
+#	filter \fIdestination\fR (Postfix 2.7 and later), or specify
+#	a \fItransport:destination\fR that delivers through a
+#	different Postfix instance (Postfix 2.6 and earlier). Other
+#	options are using the recipient-dependent \fBtrans\%port\%_maps\fR
+#	or the sen\%der-dependent
+#	\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR
 #	features.
 # .sp
 #	This feature is available in Postfix 2.0 and later.
diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks
index e1df4d97a..e01fe6219 100644
--- a/postfix/proto/header_checks
+++ b/postfix/proto/header_checks
@@ -182,10 +182,11 @@
 #	After the message is queued, send the entire message through
 #	the specified external content filter. The \fItransport\fR
 #	name specifies the first field of a mail delivery agent
-#	definition master.cf; the syntax of \fIdestination\fR is
-#	described in the manual page of the corresponding delivery
-#	agent.  More information about external content filters is
-#	in the Postfix FILTER_README file.
+#	definition in master.cf; the syntax of the next-hop
+#	\fIdestination\fR is described in the manual page of the
+#	corresponding delivery agent.  More information about
+#	external content filters is in the Postfix FILTER_README
+#	file.
 # .sp
 #	Note 1: do not use $\fInumber\fR regular expression
 #	substitutions for \fItransport\fR or \fIdestination\fR
@@ -198,12 +199,13 @@
 # .sp
 #	Note 3: the purpose of the FILTER command is to override
 #	message routing.  To override the recipient's \fItransport\fR
-#	but not \fIdestination\fR, specify an empty \fIdestination\fR
-#	(Postfix 2.7 and later), or specify a \fItransport:destination\fR
-#	that delivers through a different Postfix instance (Postfix
-#	2.6 and earlier). Other options are using the recipient-dependent
-#	\fBtrans\%port\%_maps\fR or the sen\%der-dependent
-#	\fBsender\%_de\%pen\%dent_default_trans\%port\%_maps\fR
+#	but not the next-hop \fIdestination\fR, specify an empty
+#	filter \fIdestination\fR (Postfix 2.7 and later), or specify
+#	a \fItransport:destination\fR that delivers through a
+#	different Postfix instance (Postfix 2.6 and earlier). Other
+#	options are using the recipient-dependent \fBtrans\%port\%_maps\fR
+#	or the sen\%der-dependent
+#	\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR
 #	features.
 # .sp
 #	This feature is available in Postfix 2.0 and later.
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 113c66c80..f827592fb 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -6864,24 +6864,25 @@ allowed set are replaced by underscores.
 <p> After the message is queued, send the entire message to the
 specified <i>transport:destination</i>. The <i>transport</i> name
 specifies the first field of a mail delivery agent definition in
-master.cf; the syntax of <i>destination</i> is described in the
-manual page of the corresponding delivery agent.  More information
-about external content filters is in the Postfix FILTER_README file.
-</p>
+master.cf; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent.  More
+information about external content filters is in the Postfix
+FILTER_README file.  </p>
 
 <p> Notes: </p>
 
 <ul>
 
-<li> <p> This setting has a lower precedence than a content filter that
-is specified with an access(5) table or in a header_checks(5) or
-body_checks(5) table. </p>
+<li> <p> This setting has lower precedence than a FILTER action
+that is specified in an access(5), header_checks(5) or body_checks(5)
+table. </p>
 
-<li> <p> The meaning of an empty filter <i>destination</i> is version
-dependent.  Postfix 2.7 and later will use the recipient domain;
-earlier versions will use $myhostname.  Specify "legacy_filter_nexthop
-= yes" for compatibility with Postfix 2.6 or earlier, or specify
-a non-empty filter <i>destination</i>.  </p>
+<li> <p> The meaning of an empty next-hop filter <i>destination</i>
+is version dependent.  Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $myhostname.  Specify
+"default_filter_nexthop = $myhostname" for compatibility with Postfix
+2.6 or earlier, or specify a content_filter value with an explicit
+next-hop <i>destination</i>.  </p>
 
 </ul>
 
@@ -12832,13 +12833,14 @@ setting for address verification probes.  </p>
 
 <p> This feature is available in Postfix 2.7 and later.  </p>
 
-%PARAM legacy_filter_nexthop no
+%PARAM default_filter_nexthop 
 
-<p> When a FILTER command does not specify a destination, force the
-destination to be $myhostname, instead of using the recipient domain.
-Specify "legacy_filter_nexthop = yes" for compatibility with Postfix
-version 2.6 and earlier, or specify a non-empty filter destination.
-</p>
+<p> When a content_filter or FILTER request specifies no explicit
+next-hop destination, use $default_filter_nexthop instead; when
+that value is empty, use the domain in the recipient address.
+Specify "default_filter_nexthop = $myhostname" for compatibility
+with Postfix version 2.6 and earlier, or specify an explicit next-hop
+destination with each content_filter value or FILTER action. </p>
 
 <p> This feature is available in Postfix 2.7 and later.  </p>
 
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 71c2b3f9d..6952706dc 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -2253,9 +2253,9 @@ extern void mail_params_init(void);
 #define DEF_FILTER_XPORT		""
 extern char *var_filter_xport;
 
-#define VAR_LEGACY_FILTER_NEXTHOP	"legacy_filter_nexthop"
-#define DEF_LEGACY_FILTER_NEXTHOP	0
-extern bool var_legacy_filter_nexthop;
+#define VAR_DEF_FILTER_NEXTHOP		"default_filter_nexthop"
+#define DEF_DEF_FILTER_NEXTHOP		""
+extern char *var_def_filter_nexthop;
 
  /*
   * Fast flush service support.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 85a6d560f..ba98408e0 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20100116"
+#define MAIL_RELEASE_DATE	"20100117"
 #define MAIL_VERSION_NUMBER	"2.7"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/oqmgr/qmgr.c b/postfix/src/oqmgr/qmgr.c
index 2d6d84fbe..edff94dc8 100644
--- a/postfix/src/oqmgr/qmgr.c
+++ b/postfix/src/oqmgr/qmgr.c
@@ -159,9 +159,10 @@
 /*	character.
 /* .PP
 /*	Available with Postfix version 2.7 and later:
-/* .IP "\fBlegacy_filter_nexthop (no)\fR"
-/*	When a FILTER command does not specify a destination, force the
-/*	destination to be $myhostname, instead of using the recipient domain.
+/* .IP "\fBdefault_filter_nexthop (empty)\fR"
+/*	When a content_filter or FILTER request specifies no explicit
+/*	next-hop destination, use $default_filter_nexthop instead; when
+/*	that value is empty, use the domain in the recipient address.
 /* ACTIVE QUEUE CONTROLS
 /* .ad
 /* .fi
@@ -374,7 +375,7 @@ char   *var_conc_neg_feedback;
 int     var_conc_cohort_limit;
 int     var_conc_feedback_debug;
 int     var_dest_rate_delay;
-bool    var_legacy_filter_nexthop;
+char   *var_def_filter_nexthop;
 
 static QMGR_SCAN *qmgr_scans[2];
 
@@ -604,6 +605,7 @@ int     main(int argc, char **argv)
 	VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0,
 	VAR_CONC_POS_FDBACK, DEF_CONC_POS_FDBACK, &var_conc_pos_feedback, 1, 0,
 	VAR_CONC_NEG_FDBACK, DEF_CONC_NEG_FDBACK, &var_conc_neg_feedback, 1, 0,
+	VAR_DEF_FILTER_NEXTHOP, DEF_DEF_FILTER_NEXTHOP, &var_def_filter_nexthop, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE time_table[] = {
@@ -633,7 +635,6 @@ int     main(int argc, char **argv)
     static const CONFIG_BOOL_TABLE bool_table[] = {
 	VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
 	VAR_CONC_FDBACK_DEBUG, DEF_CONC_FDBACK_DEBUG, &var_conc_feedback_debug,
-	VAR_LEGACY_FILTER_NEXTHOP, DEF_LEGACY_FILTER_NEXTHOP, &var_legacy_filter_nexthop,
 	0,
     };
 
diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c
index cb7b87ce1..05e6a339a 100644
--- a/postfix/src/oqmgr/qmgr_message.c
+++ b/postfix/src/oqmgr/qmgr_message.c
@@ -1009,8 +1009,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	    reply.flags = 0;
 	    vstring_strcpy(reply.transport, message->filter_xport);
 	    if (FILTER_WITHOUT_NEXTHOP(STR(reply.transport), nexthop)
-		&& (var_legacy_filter_nexthop != 0
-		    || RCPT_WITHOUT_DOMAIN(recipient->address, nexthop)))
+		&& *(nexthop = var_def_filter_nexthop) == 0
+		&& RCPT_WITHOUT_DOMAIN(recipient->address, nexthop))
 		nexthop = var_myhostname;
 	    vstring_strcpy(reply.nexthop, nexthop);
 	    vstring_strcpy(reply.recipient, recipient->address);
diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c
index 921c07d91..5d9d78c24 100644
--- a/postfix/src/pickup/pickup.c
+++ b/postfix/src/pickup/pickup.c
@@ -46,8 +46,8 @@
 /* .ad
 /* .fi
 /* .IP "\fBcontent_filter (empty)\fR"
-/*	The name of a mail delivery transport that filters mail after
-/*	it is queued.
+/*	After the message is queued, send the entire message to the
+/*	specified \fItransport:destination\fR.
 /* .IP "\fBreceive_override_options (empty)\fR"
 /*	Enable or disable recipient validation, built-in content
 /*	filtering, or address mapping.
diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c
index e2ef6e540..d6d7fe541 100644
--- a/postfix/src/qmgr/qmgr.c
+++ b/postfix/src/qmgr/qmgr.c
@@ -163,9 +163,10 @@
 /*	character.
 /* .PP
 /*	Available with Postfix version 2.7 and later:
-/* .IP "\fBlegacy_filter_nexthop (no)\fR"
-/*	When a FILTER command does not specify a destination, force the
-/*	destination to be $myhostname, instead of using the recipient domain.
+/* .IP "\fBdefault_filter_nexthop (empty)\fR"
+/*	When a content_filter or FILTER request specifies no explicit
+/*	next-hop destination, use $default_filter_nexthop instead; when
+/*	that value is empty, use the domain in the recipient address.
 /* ACTIVE QUEUE CONTROLS
 /* .ad
 /* .fi
@@ -434,7 +435,7 @@ char   *var_conc_neg_feedback;
 int     var_conc_cohort_limit;
 int     var_conc_feedback_debug;
 int     var_dest_rate_delay;
-bool    var_legacy_filter_nexthop;
+char   *var_def_filter_nexthop;
 
 static QMGR_SCAN *qmgr_scans[2];
 
@@ -671,6 +672,7 @@ int     main(int argc, char **argv)
 	VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0,
 	VAR_CONC_POS_FDBACK, DEF_CONC_POS_FDBACK, &var_conc_pos_feedback, 1, 0,
 	VAR_CONC_NEG_FDBACK, DEF_CONC_NEG_FDBACK, &var_conc_neg_feedback, 1, 0,
+	VAR_DEF_FILTER_NEXTHOP, DEF_DEF_FILTER_NEXTHOP, &var_def_filter_nexthop, 0, 0,
 	0,
     };
     static const CONFIG_TIME_TABLE time_table[] = {
@@ -708,7 +710,6 @@ int     main(int argc, char **argv)
     static const CONFIG_BOOL_TABLE bool_table[] = {
 	VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
 	VAR_CONC_FDBACK_DEBUG, DEF_CONC_FDBACK_DEBUG, &var_conc_feedback_debug,
-	VAR_LEGACY_FILTER_NEXTHOP, DEF_LEGACY_FILTER_NEXTHOP, &var_legacy_filter_nexthop,
 	0,
     };
 
diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c
index 25ed0b75d..e54750849 100644
--- a/postfix/src/qmgr/qmgr_message.c
+++ b/postfix/src/qmgr/qmgr_message.c
@@ -1068,8 +1068,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	    reply.flags = 0;
 	    vstring_strcpy(reply.transport, message->filter_xport);
 	    if (FILTER_WITHOUT_NEXTHOP(STR(reply.transport), nexthop)
-		&& (var_legacy_filter_nexthop != 0
-		    || RCPT_WITHOUT_DOMAIN(recipient->address, nexthop)))
+		&& *(nexthop = var_def_filter_nexthop) == 0
+		&& RCPT_WITHOUT_DOMAIN(recipient->address, nexthop))
 		nexthop = var_myhostname;
 	    vstring_strcpy(reply.nexthop, nexthop);
 	    vstring_strcpy(reply.recipient, recipient->address);
diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c
index 28f4f2213..4c5c6cfa8 100644
--- a/postfix/src/qmqpd/qmqpd.c
+++ b/postfix/src/qmqpd/qmqpd.c
@@ -45,8 +45,8 @@
 /* .ad
 /* .fi
 /* .IP "\fBcontent_filter (empty)\fR"
-/*	The name of a mail delivery transport that filters mail after
-/*	it is queued.
+/*	After the message is queued, send the entire message to the
+/*	specified \fItransport:destination\fR.
 /* .IP "\fBreceive_override_options (empty)\fR"
 /*	Enable or disable recipient validation, built-in content
 /*	filtering, or address mapping.
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 57acbedac..6ea2abcde 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -150,8 +150,8 @@
 /*	filter is expected to inject mail back into a (Postfix or other)
 /*	MTA for further delivery. See the FILTER_README document for details.
 /* .IP "\fBcontent_filter (empty)\fR"
-/*	The name of a mail delivery transport that filters mail after
-/*	it is queued.
+/*	After the message is queued, send the entire message to the
+/*	specified \fItransport:destination\fR.
 /* BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
 /* .ad
 /* .fi
@@ -3227,9 +3227,9 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "501 5.1.3 Bad recipient address syntax");
 	return (-1);
     }
-    /* Not: state->addr_buf */
+    /* Use state->addr_buf, with the unquoted result from extract_addr() */
     if (SMTPD_STAND_ALONE(state) == 0
-	&& (err = smtpd_check_rcpt(state, argv[1].strval)) != 0) {
+	&& (err = smtpd_check_rcpt(state, STR(state->addr_buf))) != 0) {
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
     }
@@ -3237,8 +3237,8 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
     /*
      * XXX 2821 new feature: Section 3.5.1 requires that the VRFY response is
      * either "full name <user@domain>" or "user@domain". Postfix replies
-     * with the address that was provided by the client, whether or not it is
-     * in fully qualified domain form or not.
+     * with the string that was provided by the client, whether or not it is
+     * in fully qualified domain form and the address is in <>.
      * 
      * Reply code 250 is reserved for the case where the address is verified;
      * reply code 252 should be used when no definitive certainty exists.