From: Wietse Venema <wietse@porcupine.org>
Date: Thu, 4 May 2023 05:00:00 +0000 (-0500)
Subject: postfix-3.9-20230504
X-Git-Tag: v3.9.0~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=79518cc76efb465a19036f3bbd43a1ffe22a9649;p=thirdparty%2Fpostfix.git

postfix-3.9-20230504
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index d535f378f..00981aa30 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27081,15 +27081,15 @@ Apologies for any names omitted.
 
 20230428
 
-	Bugfix (defect introduced: Postfix 1.0): the command 'postconf
-	.. name=v1 .. name=v2 ..' (multiple instances of the same
+	Bugfix (defect introduced: Postfix 1.0): the command "postconf
+	.. name=v1 .. name=v2 .." (multiple instances of the same
 	parameter name) created multiple name=value entries with
 	the same parameter name. It now logs a warning and skips
 	the earlier update. Found during code maintenance. File:
 	postconf/postconf_edit.c
 
-	Bugfix (defect introduced: Postfix 3.3): the command 'postconf
-	-M name1/type1='name2 type2 ..." died with a segmentation
+	Bugfix (defect introduced: Postfix 3.3): the command "postconf
+	-M name1/type1='name2 type2 ...'" died with a segmentation
 	violation when the request matched multiple master.cf
 	entries. The master.cf file was not damaged. Problem reported
 	by SATOH Fumiyasu. File: postconf/postconf_master.c.
@@ -27097,10 +27097,26 @@ Apologies for any names omitted.
 20230502
 
 	Bugfix (defect introduced: Postfix 2.11): the command
-	'postconf -M name1/type1="name2 type2 ...'" could add a
+	"postconf -M name1/type1='name2 type2 ...'" could add a
 	service definition to master.cf that conflicted with an
 	already existing service definition. It now replaces all
 	existing service definitions that match the service pattern
 	'name1/type1' or the service name and type in 'name2 type2
 	...' with a single service definition 'name2 type2 ...'.
 	Problem reported by SATOH Fumiyasu. File: postconf/postconf_edit.c.
+
+20230503
+
+	Documentation: clarified the relationship between
+	smtp_bind*address, inet_interfaces, and system-chosen source
+	IP addresses for outbound SMTP/LMTP connections. File:
+	proto/postconf.proto.
+
+20230504
+
+	Documentation: clarified the relationships between
+	local_transport, virtual_mailbox_transport, relay_trainsport,
+	default_transport, relay_host, sender_dependent_relayhost_maps,
+	sender_dependent_default_transport_maps, and their precedences
+	when determining a delivery transport or next-hop destination.
+	Files: proto/postconf.5.html, proto/ADDRESS_REWRITING_README.html.
diff --git a/postfix/README_FILES/ADDRESS_REWRITING_README b/postfix/README_FILES/ADDRESS_REWRITING_README
index 78237b9ec..b7735f876 100644
--- a/postfix/README_FILES/ADDRESS_REWRITING_README
+++ b/postfix/README_FILES/ADDRESS_REWRITING_README
@@ -51,8 +51,7 @@ Topics covered in this document:
 
   * Address rewriting when mail is delivered
 
-      o Resolve address to destination
-      o Mail transport switch
+      o Resolve address to (transport, next-hop destination)
       o Relocated users table
 
   * Address rewriting with remote delivery
@@ -131,59 +130,57 @@ this document for the first time, skip forward to "Address rewriting when mail
 is received". Once you've finished reading the remainder of this document, the
 table will help you to quickly find what you need.
 
-     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
-    |AAddddrreessss     |SSccooppee   |DDaaeemmoonn  |GGlloobbaall ttuurrnn--oonn      |SSeelleeccttiivvee ttuurrnn--ooffff ccoonnttrrooll   |
-    |mmaanniippuullaattiioonn|        |        |ccoonnttrrooll             |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Rewrite     |        |trivial-|append_at_myorigin, |                             |
-    |addresses to|all mail|rewrite |append_dot_mydomain,|local_header_rewrite_clients,|
-    |standard    |        |(8)     |swap_bangpath,      |remote_header_rewrite_domain |
-    |form        |        |        |allow_percent_hack  |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Canonical   |        |cleanup |                    |receive_override_options,    |
-    |address     |all mail|(8)     |canonical_maps      |local_header_rewrite_clients,|
-    |mapping     |        |        |                    |remote_header_rewrite_domain |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Address     |        |cleanup |                    |receive_override_options,    |
-    |masquerading|all mail|(8)     |masquerade_domains  |local_header_rewrite_clients,|
-    |            |        |        |                    |remote_header_rewrite_domain |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Automatic   |        |cleanup |always_bcc,         |                             |
-    |BCC         |new mail|(8)     |sender_bcc_maps,    |receive_override_options     |
-    |recipients  |        |        |recipient_bcc_maps  |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Virtual     |all mail|cleanup |virtual_alias_maps  |receive_override_options     |
-    |aliasing    |        |(8)     |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Resolve     |        |trivial-|                    |                             |
-    |address to  |all mail|rewrite |none                |none                         |
-    |destination |        |(8)     |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Mail        |        |trivial-|                    |                             |
-    |transport   |all mail|rewrite |transport_maps      |none                         |
-    |switch      |        |(8)     |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Relocated   |        |trivial-|                    |                             |
-    |users table |all mail|rewrite |relocated_maps      |none                         |
-    |            |        |(8)     |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Generic     |outgoing|        |                    |                             |
-    |mapping     |SMTP    |smtp(8) |smtp_generic_maps   |none                         |
-    |table       |mail    |        |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Local alias |local   |        |                    |                             |
-    |database    |mail    |local(8)|alias_maps          |none                         |
-    |            |only    |        |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Local per-  |local   |        |                    |                             |
-    |user        |mail    |local(8)|forward_path        |none                         |
-    |.forward    |only    |        |                    |                             |
-    |files       |        |        |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
-    |Local catch-|local   |        |                    |                             |
-    |all address |mail    |local(8)|luser_relay         |none                         |
-    |            |only    |        |                    |                             |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
+    |AAddddrreessss     |SSccooppee   |DDaaeemmoonn  |TTuurrnn--oonn ccoonnttrroollss                       |TTuurrnn--ooffff ccoonnttrroollss            |
+    |mmaanniippuullaattiioonn|        |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Rewrite     |        |trivial-|append_at_myorigin,                    |                             |
+    |addresses to|all mail|rewrite |append_dot_mydomain, swap_bangpath,    |local_header_rewrite_clients,|
+    |standard    |        |(8)     |allow_percent_hack                     |remote_header_rewrite_domain |
+    |form        |        |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Canonical   |        |cleanup |                                       |receive_override_options,    |
+    |address     |all mail|(8)     |canonical_maps                         |local_header_rewrite_clients,|
+    |mapping     |        |        |                                       |remote_header_rewrite_domain |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Address     |        |cleanup |                                       |receive_override_options,    |
+    |masquerading|all mail|(8)     |masquerade_domains                     |local_header_rewrite_clients,|
+    |            |        |        |                                       |remote_header_rewrite_domain |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Automatic   |        |cleanup |always_bcc, sender_bcc_maps,           |                             |
+    |BCC         |new mail|(8)     |recipient_bcc_maps                     |receive_override_options     |
+    |recipients  |        |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Virtual     |all mail|cleanup |virtual_alias_maps                     |receive_override_options     |
+    |aliasing    |        |(8)     |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Resolve     |        |        |local_transport, virtual_transport,    |                             |
+    |address to  |        |trivial-|relay_transport, default_transport,    |                             |
+    |(transport, |all mail|rewrite |relayhost,                             |content_filter               |
+    |next-hop    |        |(8)     |sender_dependent_relayhost_maps,       |                             |
+    |destination)|        |        |sender_dependent_default_transport_maps|                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Relocated   |        |trivial-|                                       |                             |
+    |users table |all mail|rewrite |relocated_maps                         |none                         |
+    |            |        |(8)     |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Generic     |outgoing|        |                                       |                             |
+    |mapping     |SMTP    |smtp(8) |smtp_generic_maps                      |none                         |
+    |table       |mail    |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Local alias |local   |        |                                       |                             |
+    |database    |mail    |local(8)|alias_maps                             |none                         |
+    |            |only    |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Local per-  |local   |        |                                       |                             |
+    |user        |mail    |local(8)|forward_path                           |none                         |
+    |.forward    |only    |        |                                       |                             |
+    |files       |        |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Local catch-|local   |        |                                       |                             |
+    |all address |mail    |local(8)|luser_relay                            |none                         |
+    |            |only    |        |                                       |                             |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 
 AAddddrreessss rreewwrriittiinngg wwhheenn mmaaiill iiss rreecceeiivveedd
 
@@ -537,8 +534,7 @@ manipulations to the trivial-rewrite(8) server.
 
 Address manipulations at this stage are:
 
-  * Resolve address to destination
-  * Mail transport switch
+  * Resolve address to (transport, next-hop destination)
   * Relocated users table
 
 Each Postfix delivery agent tries to deliver the mail to its destination, while
@@ -560,49 +556,82 @@ Address manipulations when mail is delivered via the local(8) delivery agent:
 The remainder of this document presents each address manipulation step in more
 detail, with specific examples or with pointers to documentation with examples.
 
-RReessoollvvee aaddddrreessss ttoo ddeessttiinnaattiioonn
+RReessoollvvee aaddddrreessss ttoo ((ttrraannssppoorrtt,, nneexxtt--hhoopp ddeessttiinnaattiioonn))
 
 The Postfix qmgr(8) queue manager selects new mail from the incoming queue or
-old mail from the deferred queue, and asks the trivial-rewrite(8) address
-rewriting and resolving daemon where it should be delivered.
-
-As of version 2.0, Postfix distinguishes four major address classes. Each class
-has its own list of domain names, and each class has its own default delivery
+old mail from the deferred queue. First it looks for overrides:
+
+  * The REDIRECT action in access(5), header_checks(5) or body_checks(5)
+    overrides all recipients of the message, and overrides a content_filter
+    setting, and FILTER action in access(5), header_checks(5) or body_checks
+    (5). The REDIRECT action was implemented as a short-cut to retaliate for
+    abuse.
+
+  * A content_filter setting and FILTER action in access(5), header_checks(5)
+    or body_checks(5) provide their own (transport, next-hop destination)
+    information. This bypasses all the steps that are described in the
+    remainder of this section.
+
+When there is no content filter override, the qmgr(8) queue manager asks the
+trivial-rewrite(8) address rewriting and resolving daemon for each recipient
+how to deliver it (which message delivery transport) and where to deliver it
+(what next-hop destination).
+
+As of version 2.0, Postfix distinguishes four major domain classes. Each class
+has its own list of recipient domain names, and each class has its own delivery
 method, as shown in the table below. See the ADDRESS_CLASS_README document for
 the fine details. Postfix versions before 2.0 only distinguish between local
 delivery and everything else.
 
-     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
-    |DDeessttiinnaattiioonn ddoommaaiinn lliisstt          |DDeeffaauulltt ddeelliivveerryy mmeetthhoodd|AAvvaaiillaabbiilliittyy|
-    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
-    |$mydestination, $inet_interfaces,|$local_transport       |Postfix 1.0 |
-    |$proxy_interfaces                |                       |            |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
-    |$virtual_mailbox_domains         |$virtual_transport     |Postfix 2.0 |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
-    |$relay_domains                   |$relay_transport       |Postfix 2.0 |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
-    |none                             |$default_transport     |Postfix 1.0 |
-    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
-
-MMaaiill ttrraannssppoorrtt sswwiittcchh
-
-Once the trivial-rewrite(8) daemon has determined a default delivery method it
-searches the optional transport(5) table for information that overrides the
-message destination and/or delivery method. Typical use of the transport(5)
-table is to send mail to a system that is not connected to the Internet, or to
-use a special SMTP client configuration for destinations that have special
-requirements. See, for example, the STANDARD_CONFIGURATION_README and
-UUCP_README documents, and the examples in the transport(5) manual page.
-
-Transport table lookups are disabled by default. To enable, edit the
-transport_maps parameter in the main.cf file and specify one or more lookup
-tables, separated by whitespace or commas.
+Note that the table does not match recipients against virtual_alias_domains.
+The reason is that all valid recipients in a virtual alias domain must be
+aliased to an address in a different domain. All other recipients in a virtual
+alias domain are by definition undeliverable, and do not need to be considered
+here.
 
-Example:
-
-    /etc/postfix/main.cf:
-        transport_maps = hash:/etc/postfix/transport
+     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
+    |DDoommaaiinn ccllaassss   |RReecciippiieenntt ddoommaaiinn mmaattcchh |DDeelliivveerryy mmeetthhoodd  |AAvvaaiillaabbiilliittyy|
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+    |               |mydestination,         |                 |            |
+    |Local          |inet_interfaces,       |local_transport  |Postfix 1.0 |
+    |               |proxy_interfaces       |                 |            |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+    |Virtual mailbox|virtual_mailbox_domains|virtual_transport|Postfix 2.0 |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+    |Relay          |relay_domains          |relay_transport  |Postfix 2.0 |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+    |Default        |none                   |default_transport|Postfix 1.0 |
+    |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
+
+The delivery methods in the above table may include a next-hop destination in
+addition to a delivery transport. This may override the next-hop destination
+that is by default taken from the recipient domain.
+
+Over time, features have been added to override the above transport and/or
+next-hop destination information. The following table lists where a transport
+or next-hop destination may be taken from, depending on the recipient domain
+class.
+
+     _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
+    |DDoommaaiinn |TTrraannssppoorrtt ssoouurrcceess ((iinn oorrddeerr ooff          |NNeexxtt hhoopp ssoouurrcceess ((iinn oorrddeerr ooff ddeesscceennddiinngg|
+    |ccllaassss  |ddeesscceennddiinngg pprreecceeddeennccee))                  |pprreecceeddeennccee))                             |
+    |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Local  |transport_maps, local_transport         |transport_maps, local_transport,        |
+    |       |                                        |recipient domain                        |
+    |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |Virtual|transport_maps, virtual_transport       |transport_maps, virtual_transport,      |
+    |mailbox|                                        |recipient domain                        |
+    |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |       |                                        |transport_maps, relay_transport,        |
+    |Relay  |transport_maps, relay_transport         |sender_dependent_relayhost_maps,        |
+    |       |                                        |relayhost, recipient domain             |
+    |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+    |       |                                        |transport_maps,                         |
+    |       |transport_maps,                         |sender_dependent_default_transport_maps,|
+    |Default|sender_dependent_default_transport_maps,|default_transport,                      |
+    |       |default_transport                       |sender_dependent_relayhost_maps,        |
+    |       |                                        |relayhost, recipient domain             |
+    |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 
 RReellooccaatteedd uusseerrss ttaabbllee
 
diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html
index 85e296f8e..d2e3a6132 100644
--- a/postfix/html/ADDRESS_REWRITING_README.html
+++ b/postfix/html/ADDRESS_REWRITING_README.html
@@ -94,9 +94,7 @@ as invalid </a>
 
 <ul>
 
-<li> <a href="#resolve"> Resolve address to destination </a>
-
-<li> <a href="#transport"> Mail transport switch </a>
+<li> <a href="#resolve"> Resolve address to (transport, next-hop destination) </a>
 
 <li> <a href="#relocated"> Relocated users table </a>
 
@@ -312,8 +310,8 @@ find what you need.  </p>
 <table border="1">
 
 <tr> <th nowrap> Address manipulation </th> <th nowrap> Scope </th>
-<th> Daemon </th> <th nowrap> Global turn-on control </th> <th nowrap> Selective
-turn-off control </th> </tr>
+<th> Daemon </th> <th nowrap> Turn-on controls </th> <th nowrap> 
+Turn-off controls </th> </tr>
 
 <tr> <td> <a href="#standard"> Rewrite addresses to standard form</a>
 </td> <td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td>
@@ -340,13 +338,12 @@ nowrap> all mail </td> <td> <a href="cleanup.8.html">cleanup(8)</a> </td> <td> <
 nowrap> all mail </td> <td> <a href="cleanup.8.html">cleanup(8)</a> </td> <td> <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
 </td> <td> <a href="postconf.5.html#receive_override_options">receive_override_options</a> </td> </tr>
 
-<tr> <td> <a href="#resolve"> Resolve address to destination </a>
-</td> <td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td>
-<td> none </td> <td> none </td> </tr>
-
-<tr> <td> <a href="#transport"> Mail transport switch</a> </td>
-<td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td> <td>
-<a href="postconf.5.html#transport_maps">transport_maps</a> </td> <td> none </td> </tr>
+<tr> <td> <a href="#resolve"> Resolve address to (transport, next-hop
+destination) </a> </td> <td nowrap> all mail </td> <td>
+<a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td> <td> <a href="postconf.5.html#local_transport">local_transport</a>, <a href="postconf.5.html#virtual_transport">virtual_transport</a>,
+<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#relayhost">relayhost</a>,
+<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>
+</td> <td> <a href="postconf.5.html#content_filter">content_filter</a> </td> </tr>
 
 <tr> <td> <a href="#relocated"> Relocated users table</a> </td>
 <td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td> <td>
@@ -833,9 +830,8 @@ manager delegates the more complex address manipulations to the
 
 <ul>
 
-<li> <a href="#resolve"> Resolve address to destination </a>
-
-<li> <a href="#transport"> Mail transport switch</a>
+<li> <a href="#resolve"> Resolve address to (transport, next-hop
+destination) </a>
 
 <li> <a href="#relocated"> Relocated users table</a>
 
@@ -873,67 +869,108 @@ via the <a href="local.8.html">local(8)</a> delivery agent: </p>
 step in more detail, with specific examples or with pointers to
 documentation with examples. </p>
 
-<h3> <a name="resolve"> Resolve address to destination </a> </h3>
+<h3> <a name="resolve"> Resolve address to (transport, next-hop
+destination) </a> </h3>
 
 <p> The Postfix <a href="qmgr.8.html">qmgr(8)</a> queue manager selects new mail from the
-<a href="QSHAPE_README.html#incoming_queue">incoming queue</a> or old mail from the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>, and asks the
-<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting and resolving daemon where it
-should be delivered. </p>
+<a href="QSHAPE_README.html#incoming_queue">incoming queue</a> or old mail from the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>. First it
+looks for overrides: </p>
+
+<ul>
+
+<li> <p> The REDIRECT action in <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or
+<a href="header_checks.5.html">body_checks(5)</a> overrides all recipients of the message, and overrides
+a <a href="postconf.5.html#content_filter">content_filter</a> setting, and FILTER action in <a href="access.5.html">access(5)</a>,
+<a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a>. The REDIRECT action was implemented
+as a short-cut to retaliate for abuse. </p>
 
-<p> As of version 2.0, Postfix distinguishes four major address
-classes. Each class has its own list of domain names, and each
-class has its own default delivery method, as shown in the table
-below.  See the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document for the fine details.
-Postfix versions before 2.0 only distinguish between local delivery
-and everything else.  </p>
+<li> <p> A <a href="postconf.5.html#content_filter">content_filter</a> setting and FILTER action in <a href="access.5.html">access(5)</a>,
+<a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a> provide their own (transport,
+next-hop destination) information. This bypasses all the steps that
+are described in the remainder of this section. </p>
+
+</ul>
+
+<p> When there is no content filter override, the <a href="qmgr.8.html">qmgr(8)</a> queue
+manager asks the <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting and resolving
+daemon for each recipient how to deliver it (which message delivery
+transport) and where to deliver it (what next-hop destination). </p>
+
+<p> As of version 2.0, Postfix distinguishes four major domain
+classes. Each class has its own list of recipient domain names, and
+each class has its own delivery method, as shown in the table below.
+See the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document for the fine details.  Postfix
+versions before 2.0 only distinguish between local delivery and
+everything else. </p>
+
+<p> Note that the table does not match recipients against
+<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>. The reason is that all valid recipients in
+a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> must be aliased to an address in a different
+domain. All other recipients in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> are by
+definition undeliverable, and do not need to be considered here.
+</p>
 
 <blockquote>
 
 <table border="1">
 
-<tr><th align="left">Destination domain list </th> <th
-align="left">Default delivery method </th> <th>Availability
-</th> </tr>
+<tr> <th align="left">Domain class</th> <th align="left">Recipient
+domain match </th> <th> Delivery method </th> <th>Availability </th>
+</tr>
 
-<tr><td>$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> </td>
-<td>$<a href="postconf.5.html#local_transport">local_transport</a> </td> <td>Postfix 1.0</td></tr>
+<tr><td>Local</td> <td><a href="postconf.5.html#mydestination">mydestination</a>, <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>
+</td> <td><a href="postconf.5.html#local_transport">local_transport</a> </td> <td>Postfix 1.0</td></tr>
 
-<tr><td>$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> </td> <td>$<a href="postconf.5.html#virtual_transport">virtual_transport</a> </td>
-<td>Postfix 2.0</td> </tr>
+<tr><td>Virtual mailbox</td> <td><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> </td>
+<td><a href="postconf.5.html#virtual_transport">virtual_transport</a> </td> <td>Postfix 2.0</td> </tr>
 
-<tr><td>$<a href="postconf.5.html#relay_domains">relay_domains</a> </td> <td>$<a href="postconf.5.html#relay_transport">relay_transport</a> </td> <td>Postfix
-2.0</td> </tr>
+<tr><td>Relay</td> <td><a href="postconf.5.html#relay_domains">relay_domains</a> </td> <td><a href="postconf.5.html#relay_transport">relay_transport</a>
+</td> <td>Postfix 2.0</td> </tr>
 
-<tr><td>none </td> <td>$<a href="postconf.5.html#default_transport">default_transport</a> </td> <td>Postfix 1.0</td>
-</tr>
+<tr><td>Default</td><td> none </td> <td><a href="postconf.5.html#default_transport">default_transport</a> </td>
+<td>Postfix 1.0</td> </tr>
 
 </table>
 
 </blockquote>
 
-<h3> <a name="transport"> Mail transport switch </a> </h3>
+<p> The delivery methods in the above table may include a next-hop
+destination in addition to a delivery transport. This may override
+the next-hop destination that is by default taken from the recipient
+domain. </p>
 
-<p> Once the <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon has determined a default
-delivery method it searches the optional <a href="transport.5.html">transport(5)</a> table for
-information that overrides the message destination and/or delivery
-method.  Typical use of the <a href="transport.5.html">transport(5)</a> table is to send mail to
-a system
-that is not connected to the Internet, or to use a special SMTP
-client configuration for destinations that have special requirements.
-See, for example, the <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> and <a href="UUCP_README.html">UUCP_README</a>
-documents, and the examples in the <a href="transport.5.html">transport(5)</a> manual page.  </p>
+<p> Over time, features have been added to override the above
+transport and/or next-hop destination information. The following
+table lists where a transport or next-hop destination may be taken
+from, depending on the recipient domain class. </p>
 
-<p> Transport table lookups are disabled by default. To enable,
-edit the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter in the <a href="postconf.5.html">main.cf</a> file and specify
-one or more lookup tables, separated by whitespace or commas. </p>
+<blockquote>
 
-<p> Example: </p>
+<table border="1">
+
+<tr> <th>Domain class</th> <th>Transport sources (in order of
+descending precedence)</th> <th> Next hop sources (in order of
+descending precedence)</th> </tr>
+
+<tr> <td> Local </td> <td> <a href="postconf.5.html#transport_maps">transport_maps</a>, <a href="postconf.5.html#local_transport">local_transport</a></td>
+<td> <a href="postconf.5.html#transport_maps">transport_maps</a>, <a href="postconf.5.html#local_transport">local_transport</a>, recipient domain</td> </tr>
+
+<tr> <td> Virtual mailbox </td> <td> <a href="postconf.5.html#transport_maps">transport_maps</a>,
+<a href="postconf.5.html#virtual_transport">virtual_transport</a></td> <td> <a href="postconf.5.html#transport_maps">transport_maps</a>, <a href="postconf.5.html#virtual_transport">virtual_transport</a>,
+recipient domain</td> </tr>
+
+<tr> <td> Relay </td> <td> <a href="postconf.5.html#transport_maps">transport_maps</a>, <a href="postconf.5.html#relay_transport">relay_transport</a></td>
+<td> <a href="postconf.5.html#transport_maps">transport_maps</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>,
+<a href="postconf.5.html#relayhost">relayhost</a>, recipient domain</td> </tr>
+
+<tr> <td> Default </td> <td> <a href="postconf.5.html#transport_maps">transport_maps</a>,
+<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a></td>
+<td> <a href="postconf.5.html#transport_maps">transport_maps</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,
+<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, <a href="postconf.5.html#relayhost">relayhost</a>,
+recipient domain</td> </tr>
+
+</table>
 
-<blockquote>
-<pre>
-/etc/postfix/<a href="postconf.5.html">main.cf</a>:
-    <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
-</pre>
 </blockquote>
 
 <h3> <a name="relocated"> Relocated users table </a> </h3>
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 848b30685..c5f0e1cce 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2698,19 +2698,30 @@ name of the message delivery transport.
 
 <p>
 The default mail delivery transport and next-hop destination for
-destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> class: recipient domains that do not match
+$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
 $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
-or $<a href="postconf.5.html#relay_domains">relay_domains</a>.  This information can be overruled with the
-<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the
-<a href="transport.5.html">transport(5)</a> table. </p>
+or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information will not be used when
+<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> returns a result, and may
+be overridden with the <a href="transport.5.html">transport(5)</a> table. </p>
 
-<p>
-In order of decreasing precedence, the nexthop destination is taken
-from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>,
-$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient
-domain.
+<p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> class: <p>
+
+<ul>
+
+<li> <p> In order of decreasing precedence, the delivery transport
+is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2)
+$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>.
 </p>
 
+<li> <p> In order of decreasing precedence, the nexthop destination
+is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2)
+$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>, 3)
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient
+domain. </p>
+
+</ul>
+
 <p>
 Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
 is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
@@ -4131,22 +4142,42 @@ Note 1: you need to stop and start Postfix when this parameter changes.
 <p> Note 2: address information may be enclosed inside <tt>[]</tt>,
 but this form is not required here. </p>
 
-<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address
-that is not a loopback address, the Postfix SMTP client will use
-this address as the IP source address for outbound mail. Support
-for IPv6 is available in Postfix version 2.2 and later. </p>
+<p> When <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> and/or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> are not
+specified, the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> setting may constrain the source IP
+address for an outbound SMTP or LMTP connection. </p>
 
-<p>
-On a multi-homed firewall with separate Postfix instances listening on the
-"inside" and "outside" interfaces, this can prevent each instance from
-being able to reach remote SMTP servers on the "other side" of the
-firewall. Setting
-<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for
-IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem
-for IPv6. </p>
+<ul>
+
+<li> <p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies one IPv4 address, and that
+is not a loopback address, the Postfix SMTP client uses that as the
+source address for outbound IPv4 connections. </p>
+
+<li> <p> Otherwise, the Postfix SMTP client does not constrain the
+source IPv4 address, and connects using a system-chosen source IPv4
+address. This includes the cases where <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> is empty,
+where it specifies <b>all</b>, or where it contains no IPv4 address,
+one IPv4 address that is a loopback address, or multiple IPv4
+addresses.  </p>
+
+<li> <p> The same reasoning as above applies to the IPv6 protocol,
+and to the Postfix LMTP client. To disable IPv4 or IPv6 support in
+the Postfix SMTP and LMTP client, use <a href="postconf.5.html#inet_protocols">inet_protocols</a>. </p>
+
+</ul>
+
+<p> A Postfix SMTP client may fail to reach some remote SMTP servers
+when the client source IP address is constrained explicitly with
+<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>, or implicitly with
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This can happen when Postfix runs on a multi-homed
+system such as a firewall, the Postfix SMTP source client IP address
+is constrained to one specific network interface, and the remote
+SMTP server must be reached through a different interface. Setting
+<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for IPv4,
+and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem for IPv6.
+</p>
 
 <p>
-A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+A better solution for multi-homed systems is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
 at the default value and instead use explicit IP addresses in
 the <a href="master.5.html">master.cf</a> SMTP server definitions.  This preserves the Postfix
 SMTP client's
@@ -10099,13 +10130,24 @@ This feature is available in Postfix 2.0 and later.
 
 <p>
 The default mail delivery transport and next-hop destination for
-remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of
-decreasing precedence, the nexthop destination is taken from
-$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or
-from the recipient domain. This information can be overruled with
-the <a href="transport.5.html">transport(5)</a> table.
+the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class: recipient domains that match
+$<a href="postconf.5.html#relay_domains">relay_domains</a>. </p>
+
+<p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class: </p>
+
+<ul>
+
+<li> <p> In order of decreasing precedence, the message delivery
+transport is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>.
 </p>
 
+<li> <p> In order of decreasing precedence, the nexthop destination
+is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>, 3)
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient
+domain.  </p>
+
+</ul>
+
 <p>
 Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
 is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
@@ -10129,13 +10171,31 @@ This feature is available in Postfix 2.0 and later.
 (default: empty)</b></DT><DD>
 
 <p>
-The next-hop destination(s) for non-local mail; overrides non-local
-domains in recipient addresses. This information is overruled with
-<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,
-<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
-and with the <a href="transport.5.html">transport(5)</a> table.
+The next-hop destination(s) for non-local mail; takes precedence
+over non-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> in recipient addresses. This information
+will not be used when the sender matches $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>.
 </p>
 
+<p> In order of decreasing precedence: </p>
+
+<ul>
+
+<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class
+(domains matching $<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken
+from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>, 3)
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient
+domain. <p>
+
+<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> address class
+(domains that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
+or $<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken from 1)
+$<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or
+$<a href="postconf.5.html#default_transport">default_transport</a>, 3) $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a>
+or the recipient domain. </p>
+
+</ul>
+
 <p>
 On an intranet, specify the organizational domain name. If your
 internal DNS uses no MX records, specify the name of the intranet
@@ -10552,18 +10612,38 @@ address and @domain. A lookup result of DUNNO terminates the search
 without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting.
 This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
 
-<p>
-Specify zero or more "type:name" lookup tables, separated by
-whitespace or comma. Tables will be searched in the specified order
-until a match is found.
+<p> This setting affects only the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> address class
+(recipient domains that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
+or $<a href="postconf.5.html#relay_domains">relay_domains</a>): </p>
+
+<ul>
+
+<li> <p> In order of decreasing precedence, the delivery transport
+is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2)
+$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>.
 </p>
 
+<li> <p> In order of decreasing precedence, the nexthop destination
+is taken from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2)
+$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or $<a href="postconf.5.html#default_transport">default_transport</a>, 3)
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient
+domain. </p>
+
+</ul>
+
 <p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and
 therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the
 syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>.  Specifically, this does not support the
 <a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null
 email addresses. </p>
 
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
 <p> For safety reasons, this feature does not allow $number
 substitutions in regular expression maps. </p>
 
@@ -10579,9 +10659,27 @@ substitutions in regular expression maps. </p>
 setting. The tables are searched by the envelope sender address and
 @domain. A lookup result of DUNNO terminates the search without
 overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and
-later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
-<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with
-the <a href="transport.5.html">transport(5)</a> table. </p>
+later). </p>
+
+<p> In order of decreasing precedence: </p>
+
+<ul>
+
+<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class
+(domains matching $<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken
+from 1) $<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#relay_transport">relay_transport</a>, 3)
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a> or the recipient
+domain. </p>
+
+<li> <p> For recipient domains in the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a> address class
+(domains that do not match <a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
+$<a href="postconf.5.html#relay_domains">relay_domains</a>), the nexthop destination is taken from 1)
+$<a href="postconf.5.html#transport_maps">transport_maps</a>, 2) $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> or
+$<a href="postconf.5.html#default_transport">default_transport</a>, 3) $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> or $<a href="postconf.5.html#relayhost">relayhost</a>
+or the recipient domain. </p>
+
+</ul>
 
 <p>
 Specify zero or more "type:name" lookup tables, separated by
@@ -20793,7 +20891,14 @@ built-in suffix (in this case: "_initial_destination_concurrency").
 <p>
 Optional lookup tables with mappings from recipient address to
 (message delivery transport, next-hop destination).  See <a href="transport.5.html">transport(5)</a>
-for details.
+for syntax details.
+</p>
+
+<p> This information may override the message delivery transport
+and/or next-hop destination that are specified with $<a href="postconf.5.html#local_transport">local_transport</a>,
+$<a href="postconf.5.html#virtual_transport">virtual_transport</a>, $<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#default_transport">default_transport</a>,
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>,
+$<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, or the recipient domain.
 </p>
 
 <p>
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 45b363824..f8d4bed0a 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1747,16 +1747,25 @@ name of the message delivery transport.
 This feature is available in Postfix 2.4 and later.
 .SH default_transport (default: smtp)
 The default mail delivery transport and next\-hop destination for
-destinations that do not match $mydestination, $inet_interfaces,
+the default domain class: recipient domains that do not match
+$mydestination, $inet_interfaces,
 $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
-or $relay_domains.  This information can be overruled with the
-sender_dependent_default_transport_maps parameter and with the
-\fBtransport\fR(5) table.
+or $relay_domains. This information will not be used when
+sender_dependent_default_transport_maps returns a result, and may
+be overridden with the \fBtransport\fR(5) table.
 .PP
-In order of decreasing precedence, the nexthop destination is taken
-from $sender_dependent_default_transport_maps, $default_transport,
-$sender_dependent_relayhost_maps, $relayhost, or from the recipient
+For recipient domains in the default domain class:
+.IP \(bu
+In order of decreasing precedence, the delivery transport
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport.
+.IP \(bu
+In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
 domain.
+.br
 .PP
 Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
 is the name of a mail delivery transport defined in master.cf.
@@ -2610,20 +2619,37 @@ Note 1: you need to stop and start Postfix when this parameter changes.
 Note 2: address information may be enclosed inside [],
 but this form is not required here.
 .PP
-When inet_interfaces specifies just one IPv4 and/or IPv6 address
-that is not a loopback address, the Postfix SMTP client will use
-this address as the IP source address for outbound mail. Support
-for IPv6 is available in Postfix version 2.2 and later.
+When smtp_bind_address and/or smtp_bind_address6 are not
+specified, the inet_interfaces setting may constrain the source IP
+address for an outbound SMTP or LMTP connection.
+.IP \(bu
+When inet_interfaces specifies one IPv4 address, and that
+is not a loopback address, the Postfix SMTP client uses that as the
+source address for outbound IPv4 connections.
+.IP \(bu
+Otherwise, the Postfix SMTP client does not constrain the
+source IPv4 address, and connects using a system\-chosen source IPv4
+address. This includes the cases where inet_interfaces is empty,
+where it specifies \fBall\fR, or where it contains no IPv4 address,
+one IPv4 address that is a loopback address, or multiple IPv4
+addresses.
+.IP \(bu
+The same reasoning as above applies to the IPv6 protocol,
+and to the Postfix LMTP client. To disable IPv4 or IPv6 support in
+the Postfix SMTP and LMTP client, use inet_protocols.
+.br
 .PP
-On a multi\-homed firewall with separate Postfix instances listening on the
-"inside" and "outside" interfaces, this can prevent each instance from
-being able to reach remote SMTP servers on the "other side" of the
-firewall. Setting
-smtp_bind_address to 0.0.0.0 avoids the potential problem for
-IPv4, and setting smtp_bind_address6 to :: solves the problem
-for IPv6.
+A Postfix SMTP client may fail to reach some remote SMTP servers
+when the client source IP address is constrained explicitly with
+smtp_bind_address or smtp_bind_address6, or implicitly with
+inet_interfaces. This can happen when Postfix runs on a multi\-homed
+system such as a firewall, the Postfix SMTP source client IP address
+is constrained to one specific network interface, and the remote
+SMTP server must be reached through a different interface. Setting
+smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4,
+and setting smtp_bind_address6 to :: solves the problem for IPv6.
 .PP
-A better solution for multi\-homed firewalls is to leave inet_interfaces
+A better solution for multi\-homed systems is to leave inet_interfaces
 at the default value and instead use explicit IP addresses in
 the master.cf SMTP server definitions.  This preserves the Postfix
 SMTP client's
@@ -6379,11 +6405,19 @@ relay_recipient_maps = hash:/etc/postfix/relay_recipients
 This feature is available in Postfix 2.0 and later.
 .SH relay_transport (default: relay)
 The default mail delivery transport and next\-hop destination for
-remote delivery to domains listed with $relay_domains. In order of
-decreasing precedence, the nexthop destination is taken from
-$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
-from the recipient domain. This information can be overruled with
-the \fBtransport\fR(5) table.
+the relay domain address class: recipient domains that match
+$relay_domains.
+.PP
+For recipient domains in the relay domain address class:
+.IP \(bu
+In order of decreasing precedence, the message delivery
+transport is taken from 1) $transport_maps, 2) $relay_transport.
+.IP \(bu
+In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.br
 .PP
 Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
 is the name of a mail delivery transport defined in master.cf.
@@ -6395,11 +6429,26 @@ file.
 .PP
 This feature is available in Postfix 2.0 and later.
 .SH relayhost (default: empty)
-The next\-hop destination(s) for non\-local mail; overrides non\-local
-domains in recipient addresses. This information is overruled with
-relay_transport, sender_dependent_default_transport_maps,
-default_transport, sender_dependent_relayhost_maps
-and with the \fBtransport\fR(5) table.
+The next\-hop destination(s) for non\-local mail; takes precedence
+over non\-local domains in recipient addresses. This information
+will not be used when the sender matches $sender_dependent_relayhost_maps.
+.PP
+In order of decreasing precedence:
+.IP \(bu
+For recipient domains in the relay domain address class
+(domains matching $relay_domains), the nexthop destination is taken
+from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.IP \(bu
+For recipient domains in the default domain address class
+(domains that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains), the nexthop destination is taken from 1)
+$transport_maps, 2) $sender_dependent_default_transport_maps or
+$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost
+or the recipient domain.
+.br
 .PP
 On an intranet, specify the organizational domain name. If your
 internal DNS uses no MX records, specify the name of the intranet
@@ -6690,9 +6739,21 @@ address and @domain. A lookup result of DUNNO terminates the search
 without overriding the global default_transport parameter setting.
 This information is overruled with the \fBtransport\fR(5) table.
 .PP
-Specify zero or more "type:name" lookup tables, separated by
-whitespace or comma. Tables will be searched in the specified order
-until a match is found.
+This setting affects only the default domain address class
+(recipient domains that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains):
+.IP \(bu
+In order of decreasing precedence, the delivery transport
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport.
+.IP \(bu
+In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.br
 .PP
 Note: this overrides default_transport, not transport_maps, and
 therefore the expected syntax is that of default_transport, not the
@@ -6700,6 +6761,10 @@ syntax of transport_maps.  Specifically, this does not support the
 transport_maps syntax for null transport, null nexthop, or null
 email addresses.
 .PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
 For safety reasons, this feature does not allow $number
 substitutions in regular expression maps.
 .PP
@@ -6709,9 +6774,24 @@ A sender\-dependent override for the global relayhost parameter
 setting. The tables are searched by the envelope sender address and
 @domain. A lookup result of DUNNO terminates the search without
 overriding the global relayhost parameter setting (Postfix 2.6 and
-later). This information is overruled with relay_transport,
-sender_dependent_default_transport_maps, default_transport and with
-the \fBtransport\fR(5) table.
+later).
+.PP
+In order of decreasing precedence:
+.IP \(bu
+For recipient domains in the relay domain address class
+(domains matching $relay_domains), the nexthop destination is taken
+from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.IP \(bu
+For recipient domains in the default domain address class
+(domains that do not match mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+$relay_domains), the nexthop destination is taken from 1)
+$transport_maps, 2) $sender_dependent_default_transport_maps or
+$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost
+or the recipient domain.
+.br
 .PP
 Specify zero or more "type:name" lookup tables, separated by
 whitespace or comma. Tables will be searched in the specified order
@@ -14667,7 +14747,13 @@ This feature is available in Postfix 2.5 and later.
 .SH transport_maps (default: empty)
 Optional lookup tables with mappings from recipient address to
 (message delivery transport, next\-hop destination).  See \fBtransport\fR(5)
-for details.
+for syntax details.
+.PP
+This information may override the message delivery transport
+and/or next\-hop destination that are specified with $local_transport,
+$virtual_transport, $relay_transport, $default_transport,
+$sender_dependent_relayhost_maps, $relayhost,
+$sender_dependent_default_transport_maps, or the recipient domain.
 .PP
 Specify zero or more "type:table" lookup tables, separated by
 whitespace or comma. Tables will be searched in the specified order
diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html
index c8584104a..5cbde11a2 100644
--- a/postfix/proto/ADDRESS_REWRITING_README.html
+++ b/postfix/proto/ADDRESS_REWRITING_README.html
@@ -94,9 +94,7 @@ as invalid </a>
 
 <ul>
 
-<li> <a href="#resolve"> Resolve address to destination </a>
-
-<li> <a href="#transport"> Mail transport switch </a>
+<li> <a href="#resolve"> Resolve address to (transport, next-hop destination) </a>
 
 <li> <a href="#relocated"> Relocated users table </a>
 
@@ -312,8 +310,8 @@ find what you need.  </p>
 <table border="1">
 
 <tr> <th nowrap> Address manipulation </th> <th nowrap> Scope </th>
-<th> Daemon </th> <th nowrap> Global turn-on control </th> <th nowrap> Selective
-turn-off control </th> </tr>
+<th> Daemon </th> <th nowrap> Turn-on controls </th> <th nowrap> 
+Turn-off controls </th> </tr>
 
 <tr> <td> <a href="#standard"> Rewrite addresses to standard form</a>
 </td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td>
@@ -340,13 +338,12 @@ sender_bcc_maps, recipient_bcc_maps </td> <td> receive_override_options
 nowrap> all mail </td> <td> cleanup(8) </td> <td> virtual_alias_maps
 </td> <td> receive_override_options </td> </tr>
 
-<tr> <td> <a href="#resolve"> Resolve address to destination </a>
-</td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td>
-<td> none </td> <td> none </td> </tr>
-
-<tr> <td> <a href="#transport"> Mail transport switch</a> </td>
-<td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td>
-transport_maps </td> <td> none </td> </tr>
+<tr> <td> <a href="#resolve"> Resolve address to (transport, next-hop
+destination) </a> </td> <td nowrap> all mail </td> <td>
+trivial-<br>rewrite(8) </td> <td> local_transport, virtual_transport,
+relay_transport, default_transport, relayhost,
+sender_dependent_relayhost_maps, sender_dependent_default_transport_maps
+</td> <td> content_filter </td> </tr>
 
 <tr> <td> <a href="#relocated"> Relocated users table</a> </td>
 <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td>
@@ -833,9 +830,8 @@ trivial-rewrite(8) server. </p>
 
 <ul>
 
-<li> <a href="#resolve"> Resolve address to destination </a>
-
-<li> <a href="#transport"> Mail transport switch</a>
+<li> <a href="#resolve"> Resolve address to (transport, next-hop
+destination) </a>
 
 <li> <a href="#relocated"> Relocated users table</a>
 
@@ -873,67 +869,108 @@ via the local(8) delivery agent: </p>
 step in more detail, with specific examples or with pointers to
 documentation with examples. </p>
 
-<h3> <a name="resolve"> Resolve address to destination </a> </h3>
+<h3> <a name="resolve"> Resolve address to (transport, next-hop
+destination) </a> </h3>
 
 <p> The Postfix qmgr(8) queue manager selects new mail from the
-incoming queue or old mail from the deferred queue, and asks the
-trivial-rewrite(8) address rewriting and resolving daemon where it
-should be delivered. </p>
+incoming queue or old mail from the deferred queue. First it
+looks for overrides: </p>
+
+<ul>
+
+<li> <p> The REDIRECT action in access(5), header_checks(5) or
+body_checks(5) overrides all recipients of the message, and overrides
+a content_filter setting, and FILTER action in access(5),
+header_checks(5) or body_checks(5). The REDIRECT action was implemented
+as a short-cut to retaliate for abuse. </p>
 
-<p> As of version 2.0, Postfix distinguishes four major address
-classes. Each class has its own list of domain names, and each
-class has its own default delivery method, as shown in the table
-below.  See the ADDRESS_CLASS_README document for the fine details.
-Postfix versions before 2.0 only distinguish between local delivery
-and everything else.  </p>
+<li> <p> A content_filter setting and FILTER action in access(5),
+header_checks(5) or body_checks(5) provide their own (transport,
+next-hop destination) information. This bypasses all the steps that
+are described in the remainder of this section. </p>
+
+</ul>
+
+<p> When there is no content filter override, the qmgr(8) queue
+manager asks the trivial-rewrite(8) address rewriting and resolving
+daemon for each recipient how to deliver it (which message delivery
+transport) and where to deliver it (what next-hop destination). </p>
+
+<p> As of version 2.0, Postfix distinguishes four major domain
+classes. Each class has its own list of recipient domain names, and
+each class has its own delivery method, as shown in the table below.
+See the ADDRESS_CLASS_README document for the fine details.  Postfix
+versions before 2.0 only distinguish between local delivery and
+everything else. </p>
+
+<p> Note that the table does not match recipients against
+virtual_alias_domains. The reason is that all valid recipients in
+a virtual alias domain must be aliased to an address in a different
+domain. All other recipients in a virtual alias domain are by
+definition undeliverable, and do not need to be considered here.
+</p>
 
 <blockquote>
 
 <table border="1">
 
-<tr><th align="left">Destination domain list </th> <th
-align="left">Default delivery method </th> <th>Availability
-</th> </tr>
+<tr> <th align="left">Domain class</th> <th align="left">Recipient
+domain match </th> <th> Delivery method </th> <th>Availability </th>
+</tr>
 
-<tr><td>$mydestination, $inet_interfaces, $proxy_interfaces </td>
-<td>$local_transport </td> <td>Postfix 1.0</td></tr>
+<tr><td>Local</td> <td>mydestination, inet_interfaces, proxy_interfaces
+</td> <td>local_transport </td> <td>Postfix 1.0</td></tr>
 
-<tr><td>$virtual_mailbox_domains </td> <td>$virtual_transport </td>
-<td>Postfix 2.0</td> </tr>
+<tr><td>Virtual mailbox</td> <td>virtual_mailbox_domains </td>
+<td>virtual_transport </td> <td>Postfix 2.0</td> </tr>
 
-<tr><td>$relay_domains </td> <td>$relay_transport </td> <td>Postfix
-2.0</td> </tr>
+<tr><td>Relay</td> <td>relay_domains </td> <td>relay_transport
+</td> <td>Postfix 2.0</td> </tr>
 
-<tr><td>none </td> <td>$default_transport </td> <td>Postfix 1.0</td>
-</tr>
+<tr><td>Default</td><td> none </td> <td>default_transport </td>
+<td>Postfix 1.0</td> </tr>
 
 </table>
 
 </blockquote>
 
-<h3> <a name="transport"> Mail transport switch </a> </h3>
+<p> The delivery methods in the above table may include a next-hop
+destination in addition to a delivery transport. This may override
+the next-hop destination that is by default taken from the recipient
+domain. </p>
 
-<p> Once the trivial-rewrite(8) daemon has determined a default
-delivery method it searches the optional transport(5) table for
-information that overrides the message destination and/or delivery
-method.  Typical use of the transport(5) table is to send mail to
-a system
-that is not connected to the Internet, or to use a special SMTP
-client configuration for destinations that have special requirements.
-See, for example, the STANDARD_CONFIGURATION_README and UUCP_README
-documents, and the examples in the transport(5) manual page.  </p>
+<p> Over time, features have been added to override the above
+transport and/or next-hop destination information. The following
+table lists where a transport or next-hop destination may be taken
+from, depending on the recipient domain class. </p>
 
-<p> Transport table lookups are disabled by default. To enable,
-edit the transport_maps parameter in the main.cf file and specify
-one or more lookup tables, separated by whitespace or commas. </p>
+<blockquote>
 
-<p> Example: </p>
+<table border="1">
+
+<tr> <th>Domain class</th> <th>Transport sources (in order of
+descending precedence)</th> <th> Next hop sources (in order of
+descending precedence)</th> </tr>
+
+<tr> <td> Local </td> <td> transport_maps, local_transport</td>
+<td> transport_maps, local_transport, recipient domain</td> </tr>
+
+<tr> <td> Virtual mailbox </td> <td> transport_maps,
+virtual_transport</td> <td> transport_maps, virtual_transport,
+recipient domain</td> </tr>
+
+<tr> <td> Relay </td> <td> transport_maps, relay_transport</td>
+<td> transport_maps, relay_transport, sender_dependent_relayhost_maps,
+relayhost, recipient domain</td> </tr>
+
+<tr> <td> Default </td> <td> transport_maps,
+sender_dependent_default_transport_maps, default_transport</td>
+<td> transport_maps, sender_dependent_default_transport_maps,
+default_transport, sender_dependent_relayhost_maps, relayhost,
+recipient domain</td> </tr>
+
+</table>
 
-<blockquote>
-<pre>
-/etc/postfix/main.cf:
-    transport_maps = hash:/etc/postfix/transport
-</pre>
 </blockquote>
 
 <h3> <a name="relocated"> Relocated users table </a> </h3>
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index dffeab87f..74c6c1801 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1315,19 +1315,30 @@ name of the message delivery transport.
 
 <p>
 The default mail delivery transport and next-hop destination for
-destinations that do not match $mydestination, $inet_interfaces,
+the default domain class: recipient domains that do not match
+$mydestination, $inet_interfaces,
 $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
-or $relay_domains.  This information can be overruled with the
-sender_dependent_default_transport_maps parameter and with the
-transport(5) table. </p>
+or $relay_domains. This information will not be used when
+sender_dependent_default_transport_maps returns a result, and may
+be overridden with the transport(5) table. </p>
 
-<p>
-In order of decreasing precedence, the nexthop destination is taken
-from $sender_dependent_default_transport_maps, $default_transport,
-$sender_dependent_relayhost_maps, $relayhost, or from the recipient
-domain. 
+<p> For recipient domains in the default domain class: <p>
+
+<ul>
+
+<li> <p> In order of decreasing precedence, the delivery transport
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport.
 </p>
 
+<li> <p> In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain. </p>
+
+</ul>
+
 <p>
 Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
 is the name of a mail delivery transport defined in master.cf.
@@ -2010,22 +2021,42 @@ Note 1: you need to stop and start Postfix when this parameter changes.
 <p> Note 2: address information may be enclosed inside <tt>[]</tt>,
 but this form is not required here. </p>
 
-<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address
-that is not a loopback address, the Postfix SMTP client will use
-this address as the IP source address for outbound mail. Support
-for IPv6 is available in Postfix version 2.2 and later. </p>
+<p> When smtp_bind_address and/or smtp_bind_address6 are not
+specified, the inet_interfaces setting may constrain the source IP
+address for an outbound SMTP or LMTP connection. </p>
 
-<p>
-On a multi-homed firewall with separate Postfix instances listening on the
-"inside" and "outside" interfaces, this can prevent each instance from
-being able to reach remote SMTP servers on the "other side" of the
-firewall. Setting
-smtp_bind_address to 0.0.0.0 avoids the potential problem for
-IPv4, and setting smtp_bind_address6 to :: solves the problem
-for IPv6. </p>
+<ul>
+
+<li> <p> When inet_interfaces specifies one IPv4 address, and that
+is not a loopback address, the Postfix SMTP client uses that as the
+source address for outbound IPv4 connections. </p>
+
+<li> <p> Otherwise, the Postfix SMTP client does not constrain the
+source IPv4 address, and connects using a system-chosen source IPv4
+address. This includes the cases where inet_interfaces is empty,
+where it specifies <b>all</b>, or where it contains no IPv4 address,
+one IPv4 address that is a loopback address, or multiple IPv4
+addresses.  </p>
+
+<li> <p> The same reasoning as above applies to the IPv6 protocol,
+and to the Postfix LMTP client. To disable IPv4 or IPv6 support in
+the Postfix SMTP and LMTP client, use inet_protocols. </p>
+
+</ul>
+
+<p> A Postfix SMTP client may fail to reach some remote SMTP servers
+when the client source IP address is constrained explicitly with
+smtp_bind_address or smtp_bind_address6, or implicitly with
+inet_interfaces. This can happen when Postfix runs on a multi-homed
+system such as a firewall, the Postfix SMTP source client IP address
+is constrained to one specific network interface, and the remote
+SMTP server must be reached through a different interface. Setting
+smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4,
+and setting smtp_bind_address6 to :: solves the problem for IPv6.
+</p>
 
 <p>
-A better solution for multi-homed firewalls is to leave inet_interfaces
+A better solution for multi-homed systems is to leave inet_interfaces
 at the default value and instead use explicit IP addresses in
 the master.cf SMTP server definitions.  This preserves the Postfix
 SMTP client's
@@ -3846,13 +3877,31 @@ This feature is available in Postfix 2.0 and later.
 %PARAM relayhost 
 
 <p>
-The next-hop destination(s) for non-local mail; overrides non-local
-domains in recipient addresses. This information is overruled with
-relay_transport, sender_dependent_default_transport_maps,
-default_transport, sender_dependent_relayhost_maps
-and with the transport(5) table.
+The next-hop destination(s) for non-local mail; takes precedence
+over non-local domains in recipient addresses. This information
+will not be used when the sender matches $sender_dependent_relayhost_maps.
 </p>
 
+<p> In order of decreasing precedence: </p>
+
+<ul>
+
+<li> <p> For recipient domains in the relay domain address class
+(domains matching $relay_domains), the nexthop destination is taken
+from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain. <p>
+
+<li> <p> For recipient domains in the default domain address class
+(domains that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains), the nexthop destination is taken from 1)
+$transport_maps, 2) $sender_dependent_default_transport_maps or
+$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost
+or the recipient domain. </p>
+
+</ul>
+
 <p>
 On an intranet, specify the organizational domain name. If your
 internal DNS uses no MX records, specify the name of the intranet
@@ -6964,7 +7013,14 @@ while accessing the Postfix main.cf configuration file.
 <p>
 Optional lookup tables with mappings from recipient address to
 (message delivery transport, next-hop destination).  See transport(5)
-for details.
+for syntax details.
+</p>
+
+<p> This information may override the message delivery transport
+and/or next-hop destination that are specified with $local_transport,
+$virtual_transport, $relay_transport, $default_transport,
+$sender_dependent_relayhost_maps, $relayhost,
+$sender_dependent_default_transport_maps, or the recipient domain.
 </p>
 
 <p>
@@ -8454,13 +8510,24 @@ configure or operate a specific Postfix subsystem or feature.
 
 <p>
 The default mail delivery transport and next-hop destination for
-remote delivery to domains listed with $relay_domains. In order of
-decreasing precedence, the nexthop destination is taken from
-$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
-from the recipient domain. This information can be overruled with
-the transport(5) table.
+the relay domain address class: recipient domains that match
+$relay_domains. </p>
+
+<p> For recipient domains in the relay domain address class: </p>
+
+<ul>
+
+<li> <p> In order of decreasing precedence, the message delivery
+transport is taken from 1) $transport_maps, 2) $relay_transport.
 </p>
 
+<li> <p> In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.  </p>
+
+</ul>
+
 <p>
 Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
 is the name of a mail delivery transport defined in master.cf.
@@ -10700,9 +10767,28 @@ is placed into the Postfix configuration directory.  </p>
 setting. The tables are searched by the envelope sender address and
 @domain. A lookup result of DUNNO terminates the search without
 overriding the global relayhost parameter setting (Postfix 2.6 and
-later). This information is overruled with relay_transport,
-sender_dependent_default_transport_maps, default_transport and with
-the transport(5) table. </p>
+later). </p>
+
+<p> In order of decreasing precedence: </p>
+
+<ul> 
+
+<li> <p> For recipient domains in the relay domain address class
+(domains matching $relay_domains), the nexthop destination is taken
+from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain. </p>
+
+<li> <p> For recipient domains in the default domain address class
+(domains that do not match mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+$relay_domains), the nexthop destination is taken from 1)
+$transport_maps, 2) $sender_dependent_default_transport_maps or
+$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost
+or the recipient domain. </p>
+
+</ul>
+
 
 <p>
 Specify zero or more "type:name" lookup tables, separated by
@@ -14810,18 +14896,38 @@ address and @domain. A lookup result of DUNNO terminates the search
 without overriding the global default_transport parameter setting.
 This information is overruled with the transport(5) table. </p>
 
-<p>
-Specify zero or more "type:name" lookup tables, separated by
-whitespace or comma. Tables will be searched in the specified order
-until a match is found.
+<p> This setting affects only the default domain address class
+(recipient domains that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains): </p>
+
+<ul>
+
+<li> <p> In order of decreasing precedence, the delivery transport
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport.
 </p>
 
+<li> <p> In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain. </p>
+
+</ul>
+
 <p> Note: this overrides default_transport, not transport_maps, and
 therefore the expected syntax is that of default_transport, not the
 syntax of transport_maps.  Specifically, this does not support the
 transport_maps syntax for null transport, null nexthop, or null
 email addresses. </p>
 
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
 <p> For safety reasons, this feature does not allow $number
 substitutions in regular expression maps. </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 202583f12..a9da79829 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20230502"
+#define MAIL_RELEASE_DATE	"20230504"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT