diff --git a/postfix/HISTORY b/postfix/HISTORY
index 92770b137..95b6d9fda 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -10766,7 +10766,7 @@ Apologies for any names omitted.
 	As of 20050525, DSN support does not involve new queue file
 	record types, so you can switch back to older Postfix
 	versions. Older non-production releases did introduce queue
-	file incompatibilty.
+	file incompatibility.
 
 	DSN support is selected via the SMTP port by extra parameters
 	to the MAIL FROM and RCPT TO commands, and with the Postfix
@@ -20521,3 +20521,28 @@ Apologies for any names omitted.
 	MTA" with "preferred MTA". The SMTP client was changed years
 	ago to try alternate MXes after a 4XX SMTP server response.
 	File: proto/ADDRES_VERIFY_README.html.
+
+20141001
+
+	Safety: backwards-compatibility safety net that forces Postfix
+	to run with backwards-compatible default settings after an
+	upgrade to a newer Postfix version.  Postfix logs all uses
+	of those backwards-compatible default settings so that the
+	system administator can determine whether or not some
+	backwards-compatible default settings need to be made
+	permanent in main.cf or master.cf.  All this is controlled
+	with a new compatibility_level parameter, default value 0.
+	Files: global/mail_params.[hc], trivial-rewrite/rewrite.c,
+	master/master_ent.c, smtpd/smtpd.c, postfix/postfix.c.
+
+	New defaults for master.cf chroot (n), append_dot_mydomain
+	(no) and smtputf8_enable (yes). File: global/mail_params.h,
+	global/mail_params.c, smtp/smtp.c (manpage), smtpd/smtpd.c
+	(manpage), trivial-rewrite/trivial-rewrite.c.
+
+	Simple relational expression evaluator so that main.cf
+	defaults can be made dependent on comparisons with the
+	compatibility_level parameter value. File: util/mac_expand.c.
+
+	Bugfix: do not reset the mail transaction after receiving
+	a non-ASCII recipient. File: smtpd/smtpd.c.
diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README
index b1fda465d..1e2216af2 100644
--- a/postfix/README_FILES/MILTER_README
+++ b/postfix/README_FILES/MILTER_README
@@ -354,8 +354,8 @@ Instead of a server endpoint, we now have a list enclosed in {}.
 
 Inside the list, syntax is similar to what we already know from main.cf: items
 separated by space or comma. There is one difference: yyoouu mmuusstt eenncclloossee aa
-sseettttiinngg iinn ppaarreenntthheesseess,, aass iinn ""{{ nnaammee == vvaalluuee }}"",, iiff yyoouu wwaanntt ttoo hhaavvee ssppaaccee
-wwiitthhiinn aa vvaalluuee oorr aarroouunndd ""=="".
+sseettttiinngg iinn ppaarreenntthheesseess,, aass iinn ""{{ nnaammee == vvaalluuee }}"",, iiff yyoouu wwaanntt ttoo hhaavvee ssppaaccee oorr
+ccoommmmaa wwiitthhiinn aa vvaalluuee oorr aarroouunndd ""=="".
 
 SSeennddmmaaiill mmaaccrroo eemmuullaattiioonn
 
diff --git a/postfix/README_FILES/SMTPD_ACCESS_README b/postfix/README_FILES/SMTPD_ACCESS_README
index 4a93df7e1..2e7a92d34 100644
--- a/postfix/README_FILES/SMTPD_ACCESS_README
+++ b/postfix/README_FILES/SMTPD_ACCESS_README
@@ -157,7 +157,7 @@ Examples of simple restriction lists are:
     smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
 
 Each restriction list is evaluated from left to right until some restriction
-produces a result of PERMIT, REJECT or DEFER (try again later). The end of the
+produces a result of PERMIT, REJECT or DEFER (try again later). The end of each
 list is equivalent to a PERMIT result. By placing a PERMIT restriction before a
 REJECT restriction you can make exceptions for specific clients or users. This
 is called whitelisting; the fourth example above allows mail from local
diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README
index 4b0e238ec..d2b02e016 100644
--- a/postfix/README_FILES/SMTPD_POLICY_README
+++ b/postfix/README_FILES/SMTPD_POLICY_README
@@ -315,9 +315,10 @@ Instead of a server endpoint, we now have a list enclosed in {}.
 
 Inside the list, syntax is similar to what we already know from main.cf: items
 separated by space or comma. There is one difference: yyoouu mmuusstt eenncclloossee aa
-sseettttiinngg iinn ppaarreenntthheesseess,, aass iinn ""{{ nnaammee == vvaalluuee }}"",, iiff yyoouu wwaanntt ttoo hhaavvee ssppaaccee
-wwiitthhiinn aa vvaalluuee oorr aarroouunndd ""=="". This comes in handy when different policy servers
-require different default actions with different SMTP status codes or text:
+sseettttiinngg iinn ppaarreenntthheesseess,, aass iinn ""{{ nnaammee == vvaalluuee }}"",, iiff yyoouu wwaanntt ttoo hhaavvee ssppaaccee oorr
+ccoommmmaa wwiitthhiinn aa vvaalluuee oorr aarroouunndd ""=="". This comes in handy when different policy
+servers require different default actions with different SMTP status codes or
+text:
 
     1 /etc/postfix/main.cf:
     2     smtpd_recipient_restrictions =
diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README
index 26d4d3f73..3d0d745a0 100644
--- a/postfix/README_FILES/SMTPUTF8_README
+++ b/postfix/README_FILES/SMTPUTF8_README
@@ -22,10 +22,15 @@ Topics covered in this document:
 
 EEnnaabblliinngg PPoossttffiixx SSMMTTPPUUTTFF88 ssuuppppoorrtt
 
-Before turning on SMTPUTF8 support in Postfix, you need to verify that the rest
-of your email infrastructure can handle UTF-8 email addresses and message
-header values, including SMTPUTF8 protocol support in SMTP-based content
-filters (Amavisd), LMTP servers (Dovecot), and down-stream SMTP servers.
+There is more to SMTPUTF8 than just Postfix itself. The rest of your email
+infrastructure also needs to be able to handle UTF-8 email addresses and
+message header values. This includes SMTPUTF8 protocol support in SMTP-based
+content filters (Amavisd), LMTP servers (Dovecot), and down-stream SMTP
+servers.
+
+Postfix SMTPUTF8 support is enabled by default, but it may be disabled as part
+of a backwards-compatibility safety net (see the Postfix 2.12 RELEASE_NOTES
+file).
 
 SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in
 main.cf:
@@ -33,7 +38,8 @@ main.cf:
     # ppoossttccoonnff ""ssmmttppuuttff88__eennaabbllee == yyeess""
     # ppoossttffiixx rreellooaadd
 
-With SMTPUTF8 support enabled, Postfix changes behavior as follows:
+With SMTPUTF8 support enabled, Postfix changes behavior with respect to earlier
+Postfix releases:
 
   * UTF-8 is permitted in the myorigin parameter value. However, the myhostname
     and mydomain parameters must specify ASCII-only domain names. This
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index bd1814121..8392b4ff6 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -19,6 +19,23 @@ before proceeding.
 Notes for distribution maintainers
 ----------------------------------
 
+* New backwards-compatibility safety net.
+
+Several Postfix default settings have changed with Postfix 2.12.
+To avoid massive breakage, Postfix comes with a safety net that
+forces Postfix to keep running with backwards-compatible main.cf
+and master.cf default settings.
+
+With NEW Postfix installs, you should install a main.cf file with
+the setting "compatibility_level = 1". See the stock main.cf file
+in the conf subdirectory.
+
+With existing Postfix UPGRADES, the main.cf compatibility_level
+setting (if any) MUST be left alone, to enable the backwards-compatibility
+safety net as discussed below.
+
+* New Postfix build system.
+
 The Postfix build/install procedure has changed to support Postfix
 shared libraries and database plugins.
 
@@ -41,6 +58,69 @@ Maintainers may also benefit from the makedefs documentation
 (mantools/srctoman - makedefs | nroff -man | less) with information
 about build options that are not described in the INSTALL instructions.
 
+Major changes with snapshot 20141001
+====================================
+
+A new backwards-compatibility safety net forces Postfix to keep
+running with backwards-compatible main.cf and master.cf default
+settings after an upgrade to a newer Postfix version.
+
+The following presents the messages that the backwards-compatibility
+safety net will log, what the messages mean, and what action the
+system adminstrator is expected to take.
+
+1) postfix/master[27664]: /etc/postfix/master.cf: line 72: using
+       legacy default setting chroot=y
+
+   chroot=n is the new default, but that may not always be disirable.
+   Postfix continues to use the backwards-compatible default,
+   chroot=y, until the system administrator has determined whether
+   or not the backwards-compatible chroot=y setting needs to be
+   made permanent in master.cf.
+
+2) postfix/trivial-rewrite[25835]: using legacy default setting
+       append_dot_mydomain=yes to rewrite "foo" to "foo.example.com"
+
+   append_dot_mydomain=no is the new default, but that change may
+   affect email from ancient clients that cannot be updated. Postfix
+   continues to use the backwards-compatible default,
+   append_dot_mydomain=yes, until the system administrator has
+   determined whether or not the backwards-compatible
+   append_dot_mydomain=yes setting needs to be made permanent in
+   main.cf.
+
+3) postfix/smtpd[27560]: using legacy default setting smtputf8_enable=no
+       to accept non-ASCII sender address "??@example.org" from
+       localhost[127.0.0.1]
+
+4) postfix/smtpd[27560]: using legacy default setting smtputf8_enable=no
+       to accept non-ASCII recipient address "??@example.com" from
+       localhost[127.0.0.1]
+
+   smtputf8_enable=yes is the new default, but that would break
+   existing email streams with non-ASCII localparts. Postfix continues
+   to use the backwards-compatible default, smtputf8_enable=no,
+   until the system administrator has determined whether or not the
+   backwards-compatible smtputf8_enable=no setting needs to be made
+   permanent in main.cf.
+
+It may take several weeks until all dependencies on backwards-compatible
+default settings are identified.  After the review is complete, and
+no more backwards-compatible settings need to be made permanent.
+the administrator should accept the remaining Postfix built-in
+default settings by updating the compatibility_level setting in
+main.cf.
+
+For the changes discussed above, the administrator should set:
+
+/etc/postfix/main.cf:
+    compatibility_level = 1
+
+This will stop all the warning messages shown above.
+
+Future incompatible changes will require setting "compatibility_level
+= 2", and so on.
+
 Major changes with snapshot 20140928
 ====================================
 
@@ -53,7 +133,7 @@ in the SMTPD_POLICY_README document.
 Here is an example that uses both old and new syntax:
 
     smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
-	inet:127.0.0.1:port2, ...
+        inet:127.0.0.1:port2, ...
 
 The per-milter settings are specified as attribute=value pairs
 separated by comma or space; specify { name = value } to allow
@@ -143,22 +223,22 @@ This logging will often be enough to diagnose a problem without
 verbose logging or network sniffer.
 
     Normal session, no TLS:
-	disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
+        disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
 
     Normal session. with TLS:
-	disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
+        disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
 
     All recipients rejected, no ESMTP command pipelining:
-	disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
+        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
 
     All recipients rejected, with ESMTP command pipelining:
-	disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
+        disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
 
     Password guessing bot, hangs up without QUIT:
-	disconnect from name[addr] ehlo=1 auth=0/1
+        disconnect from name[addr] ehlo=1 auth=0/1
 
     Mis-configured client trying to use TLS wrappermode on port 587:
-	disconnect from name[addr] unknown=0/1
+        disconnect from name[addr] unknown=0/1
 
 Logfile analyzers can trigger on the presence of "/". It indicates
 that Postfix rejected at least one command.
@@ -252,10 +332,10 @@ used to implement load balancing, for example:
 
 /etc/postfix/main.cf:
     transport_maps = 
-	# Deliver my own domain as usual.
-	hash:/etc/postfix/transport 
-	# Deliver other domains via randomly-selected relayhosts
-	randmap:!smtp:smtp0.example.com!smtp:smtp1.example.com
+        # Deliver my own domain as usual.
+        hash:/etc/postfix/transport 
+        # Deliver other domains via randomly-selected relayhosts
+        randmap:!smtp:smtp0.example.com!smtp:smtp1.example.com
 
 A variant of this can randomly select SMTP clients with different
 smtp_bind_address settings.
@@ -280,12 +360,12 @@ a sequence of tables. For example, the following prevents SMTP mail
 to system accounts that have "nologin" as their login shell:
 
     /etc/postfix/main.cf:
-	local_recipient_maps = 
-	    pipemap:!unix:passwd.byname!pcre:/etc/postfix/no-nologin.pcre
-	    alias_maps
+        local_recipient_maps = 
+            pipemap:!unix:passwd.byname!pcre:/etc/postfix/no-nologin.pcre
+            alias_maps
 
     /etc/postfix/no-nologin.pcre:
-	!/nologin/	whatever
+        !/nologin/      whatever
 
 The first ASCII character after "pipemap:" will be used as the
 separator between the lookup tables that follow (do not use space,
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 87fbb5992..80637fd4b 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,8 +6,15 @@ Wish list:
 
 	Remove this file from the stable release.
 
+	Consolidate import_env and export_env parsing code and
+	add support for { name = value with whitespace }.
+
 	Things to do after the stable release:
 
+	use "static const char myname[] ..."
+
+	Add milter_mumble_macros to the list of per-macro features.
+
 	The pickup daemon logs warnings only when the cleanup daemon
 	dit not provide a "reason" attribute. Is this logic right?
 
diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index dc58a1d85..82cb1b6a4 100644
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -10,6 +10,25 @@
 # For best results, change no more than 2-3 parameters at a time,
 # and test if Postfix still works after every change.
 
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+compatibility_level = 1
+
 # SOFT BOUNCE
 #
 # The soft_bounce parameter provides a limited safety net for
diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf
index 51a339834..1eda7b501 100644
--- a/postfix/conf/master.cf
+++ b/postfix/conf/master.cf
@@ -7,7 +7,7 @@
 #
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (yes)   (never) (100)
+#               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 smtp      inet  n       -       n       -       -       smtpd
 #smtp      inet  n       -       n       -       1       postscreen
diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html
index f424f13e4..dcb5defeb 100644
--- a/postfix/html/MILTER_README.html
+++ b/postfix/html/MILTER_README.html
@@ -583,8 +583,8 @@ have the same name as those parameters, without the "milter_" prefix.
 <p> Inside the list, syntax is similar to what we already know from
 <a href="postconf.5.html">main.cf</a>: items separated by space or comma. There is one difference:
 <b>you must enclose a setting in parentheses, as in "{ name = value
-}", if you want to have space within a value or around "="</b>.
-</p>
+}", if you want to have space or comma within a value or around
+"="</b>.  </p>
 
 <h3><a name="macros">Sendmail macro emulation</a></h3>
 
diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html
index 660060900..411440c7a 100644
--- a/postfix/html/SMTPD_ACCESS_README.html
+++ b/postfix/html/SMTPD_ACCESS_README.html
@@ -215,7 +215,7 @@ described in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
 
 <p> Each restriction list is evaluated from left to right until
 some restriction produces a result of PERMIT, REJECT or DEFER (try
-again later).  The end of the list is equivalent to a PERMIT result.
+again later).  The end of each list is equivalent to a PERMIT result.
 By placing a PERMIT restriction before a REJECT restriction you
 can make exceptions for specific clients or users. This is called
 whitelisting; the fourth example above allows mail from local
diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html
index a783310f6..14f9fa030 100644
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@@ -425,9 +425,10 @@ and have the same name as those parameters, without the
 <p> Inside the list, syntax is similar to what we already know from
 <a href="postconf.5.html">main.cf</a>: items separated by space or comma. There is one difference:
 <b>you must enclose a setting in parentheses, as in "{ name = value
-}", if you want to have space within a value or around "="</b>.
-This comes in handy when different policy servers require different
-default actions with different SMTP status codes or text: </p>
+}", if you want to have space or comma within a value or around
+"="</b>.  This comes in handy when different policy servers require
+different default actions with different SMTP status codes or text:
+</p>
 
 <blockquote>
 <pre>
diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html
index 9d26c6c72..c2f7d67b9 100644
--- a/postfix/html/SMTPUTF8_README.html
+++ b/postfix/html/SMTPUTF8_README.html
@@ -50,12 +50,16 @@ header values. </p>
 
 <h2> <a name="enabling">Enabling Postfix SMTPUTF8 support</a> </h2>
 
-<p> Before turning on SMTPUTF8 support in Postfix, you need to
-verify that the rest of your email infrastructure can handle UTF-8
-email addresses and message header values, including SMTPUTF8
+<p> There is more to SMTPUTF8 than just Postfix itself. The rest
+of your email infrastructure also needs to be able to handle UTF-8
+email addresses and message header values. This includes SMTPUTF8
 protocol support in SMTP-based content filters (Amavisd), LMTP
 servers (Dovecot), and down-stream SMTP servers. </p>
 
+<p> Postfix SMTPUTF8 support is enabled by default, but it may be
+disabled as part of a backwards-compatibility safety net (see the
+Postfix 2.12 RELEASE_NOTES file). </p>
+
 <p> SMTPUTF8 support is enabled by setting the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>
 parameter in <a href="postconf.5.html">main.cf</a>:</p>
 
@@ -66,7 +70,8 @@ parameter in <a href="postconf.5.html">main.cf</a>:</p>
 </pre>
 </blockquote>
 
-<p> With SMTPUTF8 support enabled, Postfix changes behavior as follows: </p>
+<p> With SMTPUTF8 support enabled, Postfix changes behavior with
+respect to earlier Postfix releases: </p>
 
 <ul>
 
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html
index 92a57e071..f07bc31f1 100644
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -695,7 +695,7 @@ SMTP(8)                                                                SMTP(8)
 <b>SMTPUTF8 CONTROLS</b>
        Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
 
-       <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (no)</b>
+       <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
               Enable experimental SMTPUTF8 support for the protocols described
               in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
 
diff --git a/postfix/html/master.5.html b/postfix/html/master.5.html
index b61a7132d..91fd30ae5 100644
--- a/postfix/html/master.5.html
+++ b/postfix/html/master.5.html
@@ -124,7 +124,7 @@ MASTER(5)                                                            MASTER(5)
               The  <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons require
               privileges.
 
-       <b>Chroot (default: y)</b>
+       <b>Chroot (default: Postfix</b> &gt;<b>= 2.12: y, Postfix</b> &lt;<b>2.12: n)</b>
               Whether or not the service  runs  chrooted  to  the  mail  queue
               directory (pathname is controlled by the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> config-
               uration variable in the <a href="postconf.5.html">main.cf</a> file).
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 4f4dcb92d..1c58bea48 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -895,7 +895,7 @@ $<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_cli
 </DD>
 
 <DT><b><a name="append_dot_mydomain">append_dot_mydomain</a>
-(default: yes)</b></DT><DD>
+(default: Postfix &ge; 2.12: no, Postfix &lt; 2.12: yes)</b></DT><DD>
 
 <p>
 With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to
@@ -1534,6 +1534,33 @@ global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well.
 </p>
 
 
+</DD>
+
+<DT><b><a name="compatibility_level">compatibility_level</a>
+(default: 0)</b></DT><DD>
+
+<p> A safety net that forces Postfix to keep running with
+backwards-compatible <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> default settings after
+an upgrade to a newer but incompatible Postfix version. </p>
+
+<p> Depending on the <a href="postconf.5.html#compatibility_level">compatibility_level</a> parameter setting, Postfix
+continues to use backwards-compatible default settings, and logs
+the use of those backwards-compatible default settings with messages
+that contain the string "using legacy default setting".  Based on
+this logging the system administrator can determine that a new
+default setting breaks nothing or that a backwards-compatible
+default setting needs to be made permanent in <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a>.
+</p>
+
+<p> After this review is complete, and no more backwards-compatible
+settings need to be made permanent, the administrator should accept
+the remaining Postfix built-in default settings by updating the
+<a href="postconf.5.html#compatibility_level">compatibility_level</a> setting in <a href="postconf.5.html">main.cf</a> as recommended in the Postfix
+RELEASE_NOTES.  </p>
+
+<p> This feature is available in Postfix 2.12 and later. </p>
+
+
 </DD>
 
 <DT><b><a name="config_directory">config_directory</a>
@@ -16538,7 +16565,7 @@ mail. </dd>
 </DD>
 
 <DT><b><a name="smtputf8_enable">smtputf8_enable</a>
-(default: no)</b></DT><DD>
+(default: yes)</b></DT><DD>
 
 <p> Enable experimental SMTPUTF8 support for the protocols described
 in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. This requires that Postfix is built to support
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index 92a57e071..f07bc31f1 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -695,7 +695,7 @@ SMTP(8)                                                                SMTP(8)
 <b>SMTPUTF8 CONTROLS</b>
        Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
 
-       <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (no)</b>
+       <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
               Enable experimental SMTPUTF8 support for the protocols described
               in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
 
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index a8528abbe..2c7a2dba8 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -564,7 +564,7 @@ SMTPD(8)                                                              SMTPD(8)
 <b>SMTPUTF8 CONTROLS</b>
        Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
 
-       <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (no)</b>
+       <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
               Enable experimental SMTPUTF8 support for the protocols described
               in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
 
diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html
index 95e245fba..578f29429 100644
--- a/postfix/html/trivial-rewrite.8.html
+++ b/postfix/html/trivial-rewrite.8.html
@@ -119,7 +119,7 @@ TRIVIAL-REWRITE(8)                                          TRIVIAL-REWRITE(8)
               With locally submitted mail, append the string  "@$<a href="postconf.5.html#myorigin">myorigin</a>"  to
               mail addresses without domain information.
 
-       <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> (yes)</b>
+       <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> (Postfix</b> &amp;<b>ge; 2.12: no, Postfix</b> &lt; <b>2.12: yes)</b>
               With  locally  submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to
               addresses that have no ".domain" information.
 
diff --git a/postfix/man/man5/master.5 b/postfix/man/man5/master.5
index 882893ca8..47f3937fc 100644
--- a/postfix/man/man5/master.5
+++ b/postfix/man/man5/master.5
@@ -126,7 +126,7 @@ main.cf file).
 .sp
 The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and
 \fBvirtual\fR(8) daemons require privileges.
-.IP "\fBChroot (default: y)\fR"
+.IP "\fBChroot (default: Postfix >= 2.12: y, Postfix <2.12: n)\fR"
 Whether or not the service runs chrooted to the mail queue
 directory (pathname is controlled by the \fBqueue_directory\fR
 configuration variable in the main.cf file).
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 970608a44..86ebfd11b 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -515,7 +515,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value.
 .PP
 To get the behavior before Postfix version 2.2, specify
 "local_header_rewrite_clients = static:all".
-.SH append_dot_mydomain (default: yes)
+.SH append_dot_mydomain (default: Postfix >= 2.12: no, Postfix < 2.12: yes)
 With locally submitted mail, append the string ".$mydomain" to
 addresses that have no ".domain" information. With remotely submitted
 mail, append the string ".$remote_header_rewrite_domain"
@@ -889,6 +889,26 @@ delivery by the \fBpipe\fR(8) delivery agent.
 .PP
 Note: if you set this time limit to a large value you must update the
 global ipc_timeout parameter as well.
+.SH compatibility_level (default: 0)
+A safety net that forces Postfix to keep running with
+backwards-compatible main.cf and master.cf default settings after
+an upgrade to a newer but incompatible Postfix version.
+.PP
+Depending on the compatibility_level parameter setting, Postfix
+continues to use backwards-compatible default settings, and logs
+the use of those backwards-compatible default settings with messages
+that contain the string "using legacy default setting".  Based on
+this logging the system administrator can determine that a new
+default setting breaks nothing or that a backwards-compatible
+default setting needs to be made permanent in main.cf or master.cf.
+.PP
+After this review is complete, and no more backwards-compatible
+settings need to be made permanent, the administrator should accept
+the remaining Postfix built-in default settings by updating the
+compatibility_level setting in main.cf as recommended in the Postfix
+RELEASE_NOTES.
+.PP
+This feature is available in Postfix 2.12 and later.
 .SH config_directory (default: see "postconf -d" output)
 The default location of the Postfix main.cf and master.cf
 configuration files. This can be overruled via the following
@@ -11331,7 +11351,7 @@ mail.
 .br
 .PP
 This feature is available in Postfix 2.12 and later.
-.SH smtputf8_enable (default: no)
+.SH smtputf8_enable (default: yes)
 Enable experimental SMTPUTF8 support for the protocols described
 in RFC 6531..6533. This requires that Postfix is built to support
 these protocols.
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 7836549c2..c0c3ed2bc 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -613,7 +613,7 @@ limit).
 .ad
 .fi
 Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
-.IP "\fBsmtputf8_enable (no)\fR"
+.IP "\fBsmtputf8_enable (yes)\fR"
 Enable experimental SMTPUTF8 support for the protocols described
 in RFC 6531..6533.
 .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index b77072289..da88cc8f5 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -514,7 +514,7 @@ cipher list.
 .ad
 .fi
 Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
-.IP "\fBsmtputf8_enable (no)\fR"
+.IP "\fBsmtputf8_enable (yes)\fR"
 Enable experimental SMTPUTF8 support for the protocols described
 in RFC 6531..6533.
 .IP "\fBstrict_smtputf8 (no)\fR"
diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8
index 547d79066..ca81ee7d6 100644
--- a/postfix/man/man8/trivial-rewrite.8
+++ b/postfix/man/man8/trivial-rewrite.8
@@ -130,7 +130,7 @@ Enable the rewriting of the form "user%domain" to "user@domain".
 .IP "\fBappend_at_myorigin (yes)\fR"
 With locally submitted mail, append the string "@$myorigin" to mail
 addresses without domain information.
-.IP "\fBappend_dot_mydomain (yes)\fR"
+.IP "\fBappend_dot_mydomain (Postfix &ge; 2.12: no, Postfix < 2.12: yes)\fR"
 With locally submitted mail, append the string ".$mydomain" to
 addresses that have no ".domain" information.
 .IP "\fBrecipient_delimiter (empty)\fR"
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 733640dd4..2f978eb37 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -1061,6 +1061,10 @@ while (<>) {
     s;\bpolicy_time_limit\b;<a href="postconf.5.html#transport_time_limit">$&</a>;g;
     s;\bgreylist_time_limit\b;<a href="postconf.5.html#transport_time_limit">$&</a>;g;
 
+    # Compatibility and migration
+
+    s;\bcompatibility_level\b;<a href="postconf.5.html#compatibility_level">$&</a>;g;
+
     # Hyperlink URLs and RFC documents
 
     s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html
index 626f229e1..27984feca 100644
--- a/postfix/proto/MILTER_README.html
+++ b/postfix/proto/MILTER_README.html
@@ -583,8 +583,8 @@ have the same name as those parameters, without the "milter_" prefix.
 <p> Inside the list, syntax is similar to what we already know from
 main.cf: items separated by space or comma. There is one difference:
 <b>you must enclose a setting in parentheses, as in "{ name = value
-}", if you want to have space within a value or around "="</b>.
-</p>
+}", if you want to have space or comma within a value or around
+"="</b>.  </p>
 
 <h3><a name="macros">Sendmail macro emulation</a></h3>
 
diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html
index bc98424fc..ef45e1dd4 100644
--- a/postfix/proto/SMTPD_ACCESS_README.html
+++ b/postfix/proto/SMTPD_ACCESS_README.html
@@ -215,7 +215,7 @@ described in the postconf(5) manual page. </p>
 
 <p> Each restriction list is evaluated from left to right until
 some restriction produces a result of PERMIT, REJECT or DEFER (try
-again later).  The end of the list is equivalent to a PERMIT result.
+again later).  The end of each list is equivalent to a PERMIT result.
 By placing a PERMIT restriction before a REJECT restriction you
 can make exceptions for specific clients or users. This is called
 whitelisting; the fourth example above allows mail from local
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index e874c5598..3742e6462 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -425,9 +425,10 @@ and have the same name as those parameters, without the
 <p> Inside the list, syntax is similar to what we already know from
 main.cf: items separated by space or comma. There is one difference:
 <b>you must enclose a setting in parentheses, as in "{ name = value
-}", if you want to have space within a value or around "="</b>.
-This comes in handy when different policy servers require different
-default actions with different SMTP status codes or text: </p>
+}", if you want to have space or comma within a value or around
+"="</b>.  This comes in handy when different policy servers require
+different default actions with different SMTP status codes or text:
+</p>
 
 <blockquote>
 <pre>
diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html
index 41d845085..70522c4ce 100644
--- a/postfix/proto/SMTPUTF8_README.html
+++ b/postfix/proto/SMTPUTF8_README.html
@@ -50,12 +50,16 @@ header values. </p>
 
 <h2> <a name="enabling">Enabling Postfix SMTPUTF8 support</a> </h2>
 
-<p> Before turning on SMTPUTF8 support in Postfix, you need to
-verify that the rest of your email infrastructure can handle UTF-8
-email addresses and message header values, including SMTPUTF8
+<p> There is more to SMTPUTF8 than just Postfix itself. The rest
+of your email infrastructure also needs to be able to handle UTF-8
+email addresses and message header values. This includes SMTPUTF8
 protocol support in SMTP-based content filters (Amavisd), LMTP
 servers (Dovecot), and down-stream SMTP servers. </p>
 
+<p> Postfix SMTPUTF8 support is enabled by default, but it may be
+disabled as part of a backwards-compatibility safety net (see the
+Postfix 2.12 RELEASE_NOTES file). </p>
+
 <p> SMTPUTF8 support is enabled by setting the smtputf8_enable
 parameter in main.cf:</p>
 
@@ -66,7 +70,8 @@ parameter in main.cf:</p>
 </pre>
 </blockquote>
 
-<p> With SMTPUTF8 support enabled, Postfix changes behavior as follows: </p>
+<p> With SMTPUTF8 support enabled, Postfix changes behavior with
+respect to earlier Postfix releases: </p>
 
 <ul>
 
diff --git a/postfix/proto/master b/postfix/proto/master
index cc14916c6..a817b508b 100644
--- a/postfix/proto/master
+++ b/postfix/proto/master
@@ -120,7 +120,7 @@
 # .sp
 #	The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and
 #	\fBvirtual\fR(8) daemons require privileges.
-# .IP "\fBChroot (default: y)\fR"
+# .IP "\fBChroot (default: Postfix >= 2.12: y, Postfix <2.12: n)\fR"
 #	Whether or not the service runs chrooted to the mail queue
 #	directory (pathname is controlled by the \fBqueue_directory\fR
 #	configuration variable in the main.cf file).
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 35c944d45..fc345c7c5 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -7110,7 +7110,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value.
 <p> To get the behavior before Postfix version 2.2, specify
 "local_header_rewrite_clients = static:all". </p>
 
-%PARAM append_dot_mydomain yes
+%PARAM append_dot_mydomain Postfix &ge; 2.12: no, Postfix &lt; 2.12: yes
 
 <p>
 With locally submitted mail, append the string ".$mydomain" to
@@ -16123,7 +16123,7 @@ service request. Specify a value greater than zero. </p>
 
 <p> This feature is available in Postfix 2.12 and later. </p>
 
-%PARAM smtputf8_enable no
+%PARAM smtputf8_enable yes
 
 <p> Enable experimental SMTPUTF8 support for the protocols described
 in RFC 6531..6533. This requires that Postfix is built to support
@@ -16196,3 +16196,26 @@ mail. </dd>
 </dl>
 
 <p> This feature is available in Postfix 2.12 and later. </p>
+
+%PARAM compatibility_level 0
+
+<p> A safety net that forces Postfix to keep running with
+backwards-compatible main.cf and master.cf default settings after
+an upgrade to a newer but incompatible Postfix version. </p>
+
+<p> Depending on the compatibility_level parameter setting, Postfix
+continues to use backwards-compatible default settings, and logs
+the use of those backwards-compatible default settings with messages
+that contain the string "using legacy default setting".  Based on
+this logging the system administrator can determine that a new
+default setting breaks nothing or that a backwards-compatible
+default setting needs to be made permanent in main.cf or master.cf.
+</p>
+
+<p> After this review is complete, and no more backwards-compatible
+settings need to be made permanent, the administrator should accept
+the remaining Postfix built-in default settings by updating the
+compatibility_level setting in main.cf as recommended in the Postfix
+RELEASE_NOTES.  </p>
+
+<p> This feature is available in Postfix 2.12 and later. </p>
diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c
index 85682c7b4..318fbe2cd 100644
--- a/postfix/src/global/mail_params.c
+++ b/postfix/src/global/mail_params.c
@@ -127,10 +127,15 @@
 /*	int	var_smtputf8_enable
 /*	int	var_strict_smtputf8;
 /*	char	*var_smtputf8_autoclass;
+/*	int     var_compat_level;
 /*
 /*	void	mail_params_init()
 /*
 /*	const	char null_format_string[1];
+/*
+/*	int	warn_compat_break_app_dot_mydomain;
+/*	int	warn_compat_break_smtputf8_enable;
+/*	int	warn_compat_break_chroot;
 /* DESCRIPTION
 /*	This module (actually the associated include file) define the names
 /*	and defaults of all mail configuration parameters.
@@ -143,6 +148,9 @@
 /*
 /*	null_format_string is a workaround for gcc compilers that complain
 /*	about empty or null format strings.
+/*
+/*	The warn_compat_XXX variables enable warnings for the use
+/*	of legacy default settings after an incompatible change.
 /* DIAGNOSTICS
 /*	Fatal errors: out of memory; null system or domain name.
 /* LICENSE
@@ -322,9 +330,14 @@ char   *var_dsn_filter;
 int     var_smtputf8_enable;
 int     var_strict_smtputf8;
 char   *var_smtputf8_autoclass;
+int     var_compat_level;
 
 const char null_format_string[1] = "";
 
+int     warn_compat_break_app_dot_mydomain;
+int     warn_compat_break_smtputf8_enable;
+int     warn_compat_break_chroot;
+
 /* check_myhostname - lookup hostname and validate */
 
 static const char *check_myhostname(void)
@@ -525,10 +538,52 @@ static char *read_param_from_file(const char *path)
 
 #endif
 
+/* check_legacy_defaults - flag parameters that require safety-net logging */
+
+static void check_legacy_defaults(void)
+{
+
+    /*
+     * Basic idea: when an existing parameter default is changed, or a new
+     * parameter is introduced with incompatible default behavior, force
+     * Postfix to run with backwards-compatible default settings and log a
+     * warning when the backwards-compatible behavior is used.
+     * 
+     * Based on a review of Postfix logging the system administrator can decide
+     * whether or not to make backwards-compatible default settings permanent
+     * in main.cf or master.cf.
+     * 
+     * To turn off further warnings and deploy the new default settings, the
+     * system administrator should update the compatibility_level setting as
+     * recommended in the RELASE_NOTES file.
+     * 
+     * Each incompatible change has its own flag variable, instead of bit in a
+     * shared variable. We don't want to rip up code when we need more flag
+     * bits.
+     */
+
+    /*
+     * Look for specific parameters that were left behind at legacy defaults
+     * when the compatibility level changed for the first time, from 0 to 1.
+     */
+    if (var_compat_level < 1) {
+	/* Should inet_protocols also be listed here? */
+	if (mail_conf_lookup(VAR_APP_DOT_MYDOMAIN) == 0)
+	    warn_compat_break_app_dot_mydomain = 1;
+	if (mail_conf_lookup(VAR_SMTPUTF8_ENABLE) == 0)
+	    warn_compat_break_smtputf8_enable = 1;
+	warn_compat_break_chroot = 1;
+    }
+}
+
 /* mail_params_init - configure built-in parameters */
 
 void    mail_params_init()
 {
+    static const CONFIG_INT_TABLE first_int_defaults[] = {
+	VAR_COMPAT_LEVEL, DEF_COMPAT_LEVEL, &var_compat_level, 0, 0,
+	0,
+    };
     static const CONFIG_STR_TABLE first_str_defaults[] = {
 	/* $mail_version may appear in other parameters. */
 	VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0,
@@ -663,13 +718,23 @@ void    mail_params_init()
 	VAR_CYRUS_SASL_AUTHZID, DEF_CYRUS_SASL_AUTHZID, &var_cyrus_sasl_authzid,
 	VAR_MULTI_ENABLE, DEF_MULTI_ENABLE, &var_multi_enable,
 	VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
-	VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable,
 	VAR_STRICT_SMTPUTF8, DEF_STRICT_SMTPUTF8, &var_strict_smtputf8,
 	0,
     };
+    static const CONFIG_NBOOL_TABLE nbool_defaults[] = {
+	VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable,
+	0,
+    };
     const char *cp;
     INET_PROTO_INFO *proto_info;
 
+    /*
+     * Extract compatibility level first, so that we can determine what
+     * parameters of interest are left at their legacy defaults.
+     */
+    get_mail_conf_int_table(first_int_defaults);
+    check_legacy_defaults();
+
     /*
      * Extract syslog_facility early, so that from here on all errors are
      * logged with the proper facility.
@@ -732,6 +797,7 @@ void    mail_params_init()
     get_mail_conf_int_table(other_int_defaults);
     get_mail_conf_long_table(long_defaults);
     get_mail_conf_bool_table(bool_defaults);
+    get_mail_conf_nbool_table(nbool_defaults);
     get_mail_conf_time_table(time_defaults);
     check_default_privs();
     check_mail_owner();
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 1ae2a0114..5c0472f76 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -37,6 +37,18 @@ extern bool var_helpful_warnings;
 #define DEF_SHOW_UNK_RCPT_TABLE	1
 extern bool var_show_unk_rcpt_table;
 
+ /*
+  * Compatibility level and migration support.
+  */
+#define VAR_COMPAT_LEVEL	"compatibility_level"
+#define DEF_COMPAT_LEVEL	0
+#define CUR_COMPAT_LEVEL	1
+extern int var_compat_level;
+
+extern int warn_compat_break_app_dot_mydomain;
+extern int warn_compat_break_smtputf8_enable;
+extern int warn_compat_break_chroot;
+
  /*
   * What problem classes should be reported to the postmaster via email.
   * Default is bad problems only. See mail_error(3). Even when mail notices
@@ -467,7 +479,7 @@ extern bool var_swap_bangpath;
 extern bool var_append_at_myorigin;
 
 #define VAR_APP_DOT_MYDOMAIN	"append_dot_mydomain"
-#define DEF_APP_DOT_MYDOMAIN	1
+#define DEF_APP_DOT_MYDOMAIN	"${{$compatibility_level} < {1} ? {yes} : {no}}"
 extern bool var_append_dot_mydomain;
 
 #define VAR_PERCENT_HACK	"allow_percent_hack"
@@ -3830,7 +3842,7 @@ extern char *var_meta_dir;
   * SMTPUTF8 support.
   */
 #define VAR_SMTPUTF8_ENABLE		"smtputf8_enable"
-#define DEF_SMTPUTF8_ENABLE		0
+#define DEF_SMTPUTF8_ENABLE		"${{$compatibility_level} < {1} ? {no} : {yes}}"
 extern int var_smtputf8_enable;
 
 #define VAR_STRICT_SMTPUTF8		"strict_smtputf8"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index eb4fb97ae..464009f1f 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20140929"
+#define MAIL_RELEASE_DATE	"20141001"
 #define MAIL_VERSION_NUMBER	"2.12"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/master/master_ent.c b/postfix/src/master/master_ent.c
index f657a60fa..3681e038d 100644
--- a/postfix/src/master/master_ent.c
+++ b/postfix/src/master/master_ent.c
@@ -202,6 +202,10 @@ static char *get_str_ent(char **bufp, char *name, char *def_val)
     if (strcmp(value, "-") == 0) {
 	if (def_val == 0)
 	    fatal_with_context("field \"%s\" has no default value", name);
+	if (warn_compat_break_chroot && strcmp(name, "chroot") == 0)
+	    msg_info("%s: line %d: using legacy default setting %s=%s (" 
+		     VAR_COMPAT_LEVEL "<1)", master_path, master_line,
+		     name, def_val);
 	return (def_val);
     } else {
 	return (value);
@@ -469,7 +473,7 @@ MASTER_SERV *get_master_ent()
      * XXX Chroot cannot imply unprivileged service (for example, the pickup
      * service runs chrooted but needs privileges to open files as the user).
      */
-    chroot = get_bool_ent(&bufp, "chroot", "y");
+    chroot = get_bool_ent(&bufp, "chroot", var_compat_level < 1 ? "y" : "n");
 
     /*
      * Wakeup timer. XXX should we require that var_proc_limit == 1? Right
diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c
index 6909e1c24..bada7b928 100644
--- a/postfix/src/postfix/postfix.c
+++ b/postfix/src/postfix/postfix.c
@@ -495,6 +495,20 @@ int     main(int argc, char **argv)
     mail_conf_read();
     get_mail_conf_str_table(str_table);
 
+    /*
+     * Alert the sysadmin that the backwards-compatible settings are still
+     * in effect.
+     */
+    if (var_compat_level < CUR_COMPAT_LEVEL) {
+	msg_warn("Postfix is running with backwards-compatible default "
+		 "settings");
+	msg_warn("See http://www.postfix.org/postconf.5.html#"
+		 VAR_COMPAT_LEVEL " for details");
+	msg_warn("Use \"postconf " VAR_COMPAT_LEVEL "=%d\" to disable "
+		 "the backwards-compatible default settings",
+		 CUR_COMPAT_LEVEL);
+    }
+
     /*
      * Environment import filter, to enforce consistent behavior whether this
      * command is started by hand, or at system boot time. This is necessary
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 6e0ce6925..99d12085e 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -577,7 +577,7 @@
 /* .ad
 /* .fi
 /*	Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
-/* .IP "\fBsmtputf8_enable (no)\fR"
+/* .IP "\fBsmtputf8_enable (yes)\fR"
 /*	Enable experimental SMTPUTF8 support for the protocols described
 /*	in RFC 6531..6533.
 /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index ba9e77682..8245db982 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -476,7 +476,7 @@
 /* .ad
 /* .fi
 /*	Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
-/* .IP "\fBsmtputf8_enable (no)\fR"
+/* .IP "\fBsmtputf8_enable (yes)\fR"
 /*	Enable experimental SMTPUTF8 support for the protocols described
 /*	in RFC 6531..6533.
 /* .IP "\fBstrict_smtputf8 (no)\fR"
@@ -2483,12 +2483,19 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
      * Changing this would be a compatibility break. That can't happen in the
      * forseeable future.
      */
-    if (var_strict_smtputf8 && (state->flags & SMTPD_FLAG_SMTPUTF8) == 0) {
-	if (*STR(state->addr_buf) && !allascii(STR(state->addr_buf))) {
-	    mail_reset(state);
-	    smtpd_chat_reply(state, "553 5.6.7 Must declare SMTPUTF8 to send unicode address");
+    if ((var_strict_smtputf8 || warn_compat_break_smtputf8_enable)
+	&& (state->flags & SMTPD_FLAG_SMTPUTF8) == 0
+	&& *STR(state->addr_buf) && !allascii(STR(state->addr_buf))) {
+	if (var_strict_smtputf8) {
+	    smtpd_chat_reply(state, "553 5.6.7 Must declare SMTPUTF8 to "
+			     "send unicode address");
 	    return (-1);
 	}
+	if (warn_compat_break_smtputf8_enable)
+	    msg_info("using legacy default setting " VAR_SMTPUTF8_ENABLE
+		     "=no to accept non-ASCII sender address \"%s\" from "
+		     "%s (" VAR_COMPAT_LEVEL "<1)", STR(state->addr_buf),
+		     state->namaddr);
     }
 
     /*
@@ -2734,12 +2741,19 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
      * Changing this would be a compatibility break. That can't happen in the
      * forseeable future.
      */
-    if (var_strict_smtputf8 && (state->flags & SMTPD_FLAG_SMTPUTF8) == 0) {
-	if (*STR(state->addr_buf) && !allascii(STR(state->addr_buf))) {
-	    mail_reset(state);
-	    smtpd_chat_reply(state, "553 5.6.7 Must declare SMTPUTF8 to send unicode address");
+    if ((var_strict_smtputf8 || warn_compat_break_smtputf8_enable)
+	&& (state->flags & SMTPD_FLAG_SMTPUTF8) == 0
+	&& *STR(state->addr_buf) && !allascii(STR(state->addr_buf))) {
+	if (var_strict_smtputf8) {
+	    smtpd_chat_reply(state, "553 5.6.7 Must declare SMTPUTF8 to "
+			     "send unicode address");
 	    return (-1);
 	}
+	if (warn_compat_break_smtputf8_enable)
+	    msg_info("using legacy default setting " VAR_SMTPUTF8_ENABLE
+		     "=no to accept non-ASCII recipient address \"%s\" from"
+		     " %s (" VAR_COMPAT_LEVEL "<1)", STR(state->addr_buf),
+		     state->namaddr);
     }
     if (SMTPD_STAND_ALONE(state) == 0) {
 	const char *verify_sender;
diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c
index 60155de03..b09cc8cee 100644
--- a/postfix/src/trivial-rewrite/rewrite.c
+++ b/postfix/src/trivial-rewrite/rewrite.c
@@ -105,6 +105,7 @@ void    rewrite_tree(RWR_CONTEXT *context, TOK822 *tree)
     TOK822 *domain;
     TOK822 *bang;
     TOK822 *local;
+    VSTRING *vstringval;
 
     /*
      * XXX If you change this module, quote_822_local.c, or tok822_parse.c,
@@ -194,6 +195,12 @@ void    rewrite_tree(RWR_CONTEXT *context, TOK822 *tree)
 	&& domain != tree->tail
 	&& tok822_find_type(domain, TOK822_DOMLIT) == 0
 	&& tok822_find_type(domain, '.') == 0) {
+	if (warn_compat_break_app_dot_mydomain
+	    && (vstringval = domain->next->vstr) != 0)
+	    msg_info("using legacy default setting " VAR_APP_DOT_MYDOMAIN 
+		     "=yes to rewrite \"%s\" to \"%s.%s\" (" VAR_COMPAT_LEVEL 
+		     " < 1)", vstring_str(vstringval),
+		     vstring_str(vstringval), var_mydomain);
 	tok822_sub_append(tree, tok822_alloc('.', (char *) 0));
 	tok822_sub_append(tree, tok822_scan(REW_PARAM_VALUE(context->domain),
 					    (TOK822 **) 0));
diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c
index 6c1fb49e5..3b88be611 100644
--- a/postfix/src/trivial-rewrite/trivial-rewrite.c
+++ b/postfix/src/trivial-rewrite/trivial-rewrite.c
@@ -110,7 +110,7 @@
 /* .IP "\fBappend_at_myorigin (yes)\fR"
 /*	With locally submitted mail, append the string "@$myorigin" to mail
 /*	addresses without domain information.
-/* .IP "\fBappend_dot_mydomain (yes)\fR"
+/* .IP "\fBappend_dot_mydomain (Postfix &ge; 2.12: no, Postfix < 2.12: yes)\fR"
 /*	With locally submitted mail, append the string ".$mydomain" to
 /*	addresses that have no ".domain" information.
 /* .IP "\fBrecipient_delimiter (empty)\fR"
@@ -609,7 +609,6 @@ int     main(int argc, char **argv)
     };
     static const CONFIG_BOOL_TABLE bool_table[] = {
 	VAR_SWAP_BANGPATH, DEF_SWAP_BANGPATH, &var_swap_bangpath,
-	VAR_APP_DOT_MYDOMAIN, DEF_APP_DOT_MYDOMAIN, &var_append_dot_mydomain,
 	VAR_APP_AT_MYORIGIN, DEF_APP_AT_MYORIGIN, &var_append_at_myorigin,
 	VAR_PERCENT_HACK, DEF_PERCENT_HACK, &var_percent_hack,
 	VAR_RESOLVE_DEQUOTED, DEF_RESOLVE_DEQUOTED, &var_resolve_dequoted,
@@ -619,6 +618,10 @@ int     main(int argc, char **argv)
 	VAR_ALLOW_MIN_USER, DEF_ALLOW_MIN_USER, &var_allow_min_user,
 	0,
     };
+    static const CONFIG_NBOOL_TABLE nbool_table[] = {
+	VAR_APP_DOT_MYDOMAIN, DEF_APP_DOT_MYDOMAIN, &var_append_dot_mydomain,
+        0,
+    };
 
     /*
      * Fingerprint executables and core dumps.
@@ -628,6 +631,7 @@ int     main(int argc, char **argv)
     multi_server_main(argc, argv, rewrite_service,
 		      MAIL_SERVER_STR_TABLE, str_table,
 		      MAIL_SERVER_BOOL_TABLE, bool_table,
+		      MAIL_SERVER_NBOOL_TABLE, nbool_table,
 		      MAIL_SERVER_PRE_INIT, pre_jail_init,
 		      MAIL_SERVER_POST_INIT, post_jail_init,
 #ifdef CHECK_TABLE_STATS_BEFORE_ACCEPT
diff --git a/postfix/src/util/dict_union.c b/postfix/src/util/dict_union.c
index cb2300954..88091311b 100644
--- a/postfix/src/util/dict_union.c
+++ b/postfix/src/util/dict_union.c
@@ -145,7 +145,6 @@ DICT   *dict_union_open(const char *name, int open_flags, int dict_flags)
     /*
      * Split the table name into its constituent parts.
      */
-    saved_name = mystrdup(name + 1);		/* XXX ASCII delimiter */
     if ((len = balpar(name, "{}")) == 0 || name[len] != 0
 	|| *(saved_name = mystrndup(name + 1, len - 2)) == 0)
 	DICT_UNION_RETURN(dict_surrogate(DICT_TYPE_UNION, name,
diff --git a/postfix/src/util/mac_expand.c b/postfix/src/util/mac_expand.c
index f0934f94d..0e4cd7cdf 100644
--- a/postfix/src/util/mac_expand.c
+++ b/postfix/src/util/mac_expand.c
@@ -123,6 +123,7 @@
 #include <sys_defs.h>
 #include <ctype.h>
 #include <string.h>
+#include <stdlib.h>
 
 /* Utility library. */
 
@@ -173,17 +174,33 @@ typedef struct {
   */
 #define MAC_EXP_OP_STR_EQ	"=="
 #define MAC_EXP_OP_STR_NE	"!="
+#define MAC_EXP_OP_STR_LT	"<"
+#define MAC_EXP_OP_STR_LE	"<="
+#define MAC_EXP_OP_STR_GE	">="
+#define MAC_EXP_OP_STR_GT	">"
 #define MAC_EXP_OP_STR_ANY	"\"" MAC_EXP_OP_STR_EQ \
-				"\" or \"" MAC_EXP_OP_STR_NE "\""
+				"\" or \"" MAC_EXP_OP_STR_NE "\"" \
+				"\" or \"" MAC_EXP_OP_STR_LT "\"" \
+				"\" or \"" MAC_EXP_OP_STR_LE "\"" \
+				"\" or \"" MAC_EXP_OP_STR_GE "\"" \
+				"\" or \"" MAC_EXP_OP_STR_GT "\""
 
 #define MAC_EXP_OP_TOK_NONE	0
 #define MAC_EXP_OP_TOK_EQ	1
 #define MAC_EXP_OP_TOK_NE	2
+#define MAC_EXP_OP_TOK_LT	3
+#define MAC_EXP_OP_TOK_LE	4
+#define MAC_EXP_OP_TOK_GE	5
+#define MAC_EXP_OP_TOK_GT	6
 
 static const NAME_CODE mac_exp_op_table[] =
 {
     MAC_EXP_OP_STR_EQ, MAC_EXP_OP_TOK_EQ,
     MAC_EXP_OP_STR_NE, MAC_EXP_OP_TOK_NE,
+    MAC_EXP_OP_STR_LT, MAC_EXP_OP_TOK_LT,
+    MAC_EXP_OP_STR_LE, MAC_EXP_OP_TOK_LE,
+    MAC_EXP_OP_STR_GE, MAC_EXP_OP_TOK_GE,
+    MAC_EXP_OP_STR_GT, MAC_EXP_OP_TOK_GT,
     0, MAC_EXP_OP_TOK_NONE,
 };
 
@@ -192,6 +209,41 @@ static const NAME_CODE mac_exp_op_table[] =
   */
 #define MAC_EXP_WHITESPACE	" \t\r\n"
 
+/* mac_exp_eval - evaluate binary expression */
+
+static int mac_exp_eval(const char *left, int tok_val,
+			        const char *rite)
+{
+    static const char myname[] = "mac_exp_eval";
+    long    delta;
+
+    /*
+     * Numerical or string comparison.
+     */
+    if (alldig(left) && alldig(rite)) {
+	delta = atol(left) - atol(rite);
+    } else {
+	delta = strcmp(left, rite);
+    }
+    switch (tok_val) {
+    case MAC_EXP_OP_TOK_EQ:
+	return (delta == 0);
+    case MAC_EXP_OP_TOK_NE:
+	return (delta != 0);
+    case MAC_EXP_OP_TOK_LT:
+	return (delta < 0);
+    case MAC_EXP_OP_TOK_LE:
+	return (delta <= 0);
+    case MAC_EXP_OP_TOK_GE:
+	return (delta >= 0);
+    case MAC_EXP_OP_TOK_GT:
+	return (delta > 0);
+    default:
+	msg_panic("%s: unknown operator: %d",
+		  myname, tok_val);
+    }
+}
+
 /* mac_exp_parse_error - report parse error, set error flag, return status */
 
 static int PRINTFLIKE(2, 3) mac_exp_parse_error(MAC_EXP_CONTEXT *mc,
@@ -274,7 +326,6 @@ static char *mac_exp_extract_curly_payload(MAC_EXP_CONTEXT *mc, char **bp)
 static int mac_exp_parse_logical(MAC_EXP_CONTEXT *mc, const char **lookup,
 				         char **bp)
 {
-    const char myname[] = "mac_exp_parse_logical";
     char   *cp = *bp;
     VSTRING *left_op_buf;
     VSTRING *rite_op_buf;
@@ -324,8 +375,8 @@ static int mac_exp_parse_logical(MAC_EXP_CONTEXT *mc, const char **lookup,
     mc->status |=
 	mac_expand(rite_op_buf = vstring_alloc(100), rite_op_strval,
 		   mc->flags, mc->filter, mc->lookup, mc->context);
-    op_result =
-	strcmp(vstring_str(left_op_buf), vstring_str(rite_op_buf));
+    op_result = mac_exp_eval(vstring_str(left_op_buf), op_tokval,
+			     vstring_str(rite_op_buf));
     vstring_free(left_op_buf);
     vstring_free(rite_op_buf);
     if (mc->status & MAC_PARSE_ERROR)
@@ -336,19 +387,7 @@ static int mac_exp_parse_logical(MAC_EXP_CONTEXT *mc, const char **lookup,
      * for compatibility with the historical code that looks named parameter
      * values.
      */
-    switch (op_tokval) {
-    case MAC_EXP_OP_TOK_EQ:
-	*lookup = op_result == 0 ?
-	    MAC_EXP_BVAL_TRUE : MAC_EXP_BVAL_FALSE;
-	break;
-    case MAC_EXP_OP_TOK_NE:
-	*lookup = op_result != 0 ?
-	    MAC_EXP_BVAL_TRUE : MAC_EXP_BVAL_FALSE;
-	break;
-    default:
-	msg_panic("%s: unknown macro operator code %d",
-		  myname, op_tokval);
-    }
+    *lookup = (op_result ? MAC_EXP_BVAL_TRUE : MAC_EXP_BVAL_FALSE);
     *bp = cp;
     return (0);
 }
diff --git a/postfix/src/util/mac_expand.in b/postfix/src/util/mac_expand.in
index deff16b7c..29f78f20f 100644
--- a/postfix/src/util/mac_expand.in
+++ b/postfix/src/util/mac_expand.in
@@ -58,3 +58,25 @@ ${{$name2} != {}?{name 2 defined, |$name1|$name2|}:name 2 undefined, |$name1|$na
 ${{$name2} != {} ? {name 2 defined, |$name1|$name2|} : name 2 undefined, |$name1|$name2|}
 ${{$name2} != {}}
 ${{$name2} == {}}
+
+
+${{1} == {1}}
+${{1} <  {1}}
+${{1} <= {1}}
+${{1} >= {1}}
+${{1} >  {1}}
+${{1} == {2}}
+${{1} <  {2}}
+${{1} <= {2}}
+${{1} >= {2}}
+${{1} >  {2}}
+${{a} == {a}}
+${{a} <  {a}}
+${{a} <= {a}}
+${{a} >= {a}}
+${{a} >  {a}}
+${{a} == {b}}
+${{a} <  {b}}
+${{a} <= {b}}
+${{a} >= {b}}
+${{a} >  {b}}
diff --git a/postfix/src/util/mac_expand.ref b/postfix/src/util/mac_expand.ref
index 1489a1616..d004b6c16 100644
--- a/postfix/src/util/mac_expand.ref
+++ b/postfix/src/util/mac_expand.ref
@@ -16,13 +16,13 @@ stat=1 result=
 unknown: warning: attribute name syntax error at: "...>>> ${name1} ?name 1 de"
 stat=1 result=
 << ${{$name1} ? {name 1 defined, |$name1|$name2|} : {name 1 undefined, |$name1|$name2|} }
-unknown: warning: "==" or "!=" expected at: "...$name1}>>>? {name 1 defined, |"
+unknown: warning: "==" or "!="" or "<"" or "<="" or ">="" or ">" expected at: "...$name1}>>>? {name 1 defined, |"
 stat=1 result=
 << ${x{$name1} != {}?{name 1 defined, |$name1|$name2|}}
 unknown: warning: attribute name syntax error at: "...x>>>{$name1} != {}?{name"
 stat=1 result=
 << ${{$name1}x?{name 1 defined, |$name1|$name2|}}
-unknown: warning: "==" or "!=" expected at: "...$name1}>>>x?{name 1 defined, |"
+unknown: warning: "==" or "!="" or "<"" or "<="" or ">="" or ">" expected at: "...$name1}>>>x?{name 1 defined, |"
 stat=1 result=
 << ${{$name1} != {}x{name 1 defined, |$name1|$name2|}}
 unknown: warning: "?" or ":" expected at: "...}>>>x{name 1 defined, |$"
@@ -42,13 +42,13 @@ stat=2 result=name 1 defined, |name1-value||
 << ${{$name2} != {}?{name 2 defined, |$name1|$name2|}:x{name 2 undefined, |$name1|$name2|}}
 stat=2 result=x{name 2 undefined, |name1-value||}
 << ${{text}}
-unknown: warning: "==" or "!=" expected at: "...text}>>>"
+unknown: warning: "==" or "!="" or "<"" or "<="" or ">="" or ">" expected at: "...text}>>>"
 stat=1 result=
 << ${{text}?{non-empty}:{empty}}
-unknown: warning: "==" or "!=" expected at: "...text}>>>?{non-empty}:{empty}"
+unknown: warning: "==" or "!="" or "<"" or "<="" or ">="" or ">" expected at: "...text}>>>?{non-empty}:{empty}"
 stat=1 result=
 << ${{text} = {}}
-unknown: warning: "==" or "!=" expected at: "...text}>>>= {}"
+unknown: warning: "==" or "!="" or "<"" or "<="" or ">="" or ">" expected at: "...text}>>>= {}"
 stat=1 result=
 << ${{${ name1}} == {}}
 unknown: warning: attribute name syntax error at: "...>>> name1"
@@ -134,3 +134,46 @@ stat=2 result= name 2 undefined, |name1-value||
 stat=2 result=
 << ${{$name2} == {}}
 stat=2 result=true
+<< 
+
+<< 
+<< ${{1} == {1}}
+stat=0 result=true
+<< ${{1} <  {1}}
+stat=0 result=
+<< ${{1} <= {1}}
+stat=0 result=true
+<< ${{1} >= {1}}
+stat=0 result=true
+<< ${{1} >  {1}}
+stat=0 result=
+<< ${{1} == {2}}
+stat=0 result=
+<< ${{1} <  {2}}
+stat=0 result=true
+<< ${{1} <= {2}}
+stat=0 result=true
+<< ${{1} >= {2}}
+stat=0 result=
+<< ${{1} >  {2}}
+stat=0 result=
+<< ${{a} == {a}}
+stat=0 result=true
+<< ${{a} <  {a}}
+stat=0 result=
+<< ${{a} <= {a}}
+stat=0 result=true
+<< ${{a} >= {a}}
+stat=0 result=true
+<< ${{a} >  {a}}
+stat=0 result=
+<< ${{a} == {b}}
+stat=0 result=
+<< ${{a} <  {b}}
+stat=0 result=true
+<< ${{a} <= {b}}
+stat=0 result=true
+<< ${{a} >= {b}}
+stat=0 result=
+<< ${{a} >  {b}}
+stat=0 result=