From: Wietse Z Venema <wietse@porcupine.org>
Date: Fri, 16 Feb 2024 05:00:00 +0000 (-0500)
Subject: postfix-3.9-20240216
X-Git-Tag: v3.9.0~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b33b3553dbe9e1fd2e4cb67b501aa84f348f8dc;p=thirdparty%2Fpostfix.git

postfix-3.9-20240216
---

diff --git a/postfix/.indent.pro b/postfix/.indent.pro
index 4ba45d081..414c65204 100644
--- a/postfix/.indent.pro
+++ b/postfix/.indent.pro
@@ -88,6 +88,7 @@
 -TDICT_LDAP
 -TDICT_LMDB
 -TDICT_MC
+-TDICT_MONGODB
 -TDICT_MYSQL
 -TDICT_NI
 -TDICT_NIS
@@ -411,6 +412,7 @@
 -TXSASL_SERVER_IMPL
 -TXSASL_SERVER_IMPL_INFO
 -Tbind_props
+-Tbson_iter_t
 -Tcipher_probe_t
 -Td2i_X509_t
 -Tdane_digest
diff --git a/postfix/HISTORY b/postfix/HISTORY
index c900cf302..1de0492d3 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27874,3 +27874,24 @@ Apologies for any names omitted.
 
 	Logging: indicate which (usually, substring) lookups are
 	skipped. File: global/maps.c.
+
+20240215
+
+	Portability: Clang versions that predate support for the
+	C23 standard do not allow a declaration immediately after
+	a (switch) label. The workaround is to add a null statement
+	between label and declaration. File: global/dict_mongodb.c.
+
+	Documentation: minor edits. Files: proto/mongodb_README.html,
+	proto/mongodb_table.html.
+
+20240216
+
+	Documentation: dropped text about partial matches from the
+	check_{client,helo,sender,recipient,etrn}_access summaries,
+	deferring to the access(5) manpage for details, for consistency
+	with the check_xx_yy_access features. File: proto/postconf.proto.
+
+	Cleanup: missing mongodb checks in the postconf command,
+	missing mongodb under "postconf -m" manpage entry. Files:
+	postconf/postconf.c, postconf/postconf_dbms.c.
diff --git a/postfix/README_FILES/MONGODB_README b/postfix/README_FILES/MONGODB_README
index aaeb71c07..c8b8fc64d 100644
--- a/postfix/README_FILES/MONGODB_README
+++ b/postfix/README_FILES/MONGODB_README
@@ -20,6 +20,7 @@ Topics covered in this document:
   * Example: Mailing lists
   * Example: MongoDB projections
   * Feedback
+  * Credits
 
 BBuuiillddiinngg PPoossttffiixx wwiitthh MMoonnggooDDBB ssuuppppoorrtt
 
@@ -27,10 +28,11 @@ These instructions assume that you build Postfix from source code as described
 in the INSTALL document. Some modification may be required if you build Postfix
 from a vendor-specific source package.
 
-The Postfix MongoDB client requires the mongo-c-driver library. This can be
-built from source code from the mongod-c project, or as a binary package from
-your OS distribution, typically named mmoonnggoo--cc--ddrriivveerr--ddeevveell or lliibbmmoonnggoocc--ddeevv.
-Installing the mongo-c-driver library may also install lliibbbbssoonn as a dependency.
+The Postfix MongoDB client requires the mmoonnggoo--cc--ddrriivveerr library. This can be
+built from source code from the mongod-c project, or this can be installed as a
+binary package from your OS distribution, typically named mmoonnggoo--cc--ddrriivveerr,
+mmoonnggoo--cc--ddrriivveerr--ddeevveell or lliibbmmoonnggoocc--ddeevv. Installing the mongo-c-driver library
+may also install lliibbbbssoonn as a dependency.
 
 To build Postfix with mongodb map support, add to the CCARGS environment
 variable the options -DHAS_MONGODB and -I for the directory containing the
@@ -95,6 +97,15 @@ provided credentials, and search for any entries whose username is, or alias
 field has "admin@example.com". It will return the username attribute of those
 found, and build a list of their email addresses.
 
+Notes:
+
+  * As with pprroojjeeccttiioonn (see below), the Postfix mongodb client automatically
+    removes the top-level '_id' field from a result_attribute result.
+
+  * The Postfix mongodb client will only parse result fields with data types
+    UTF8, INT32, INT64 and ARRAY. Other fields will be ignored, with a warning
+    in the logs.
+
 EExxaammppllee:: MMaaiilliinngg lliissttss
 
 When it comes to mailing lists, one way of implementing one would be as below:
@@ -110,8 +121,8 @@ addresses in this list.
 
 Notes:
 
-  * As with pprroojjeeccttiioonn, the Postfix mongodb client automatically removes the
-    top-level '_id' field from a result.
+  * As with pprroojjeeccttiioonn (see below), the Postfix mongodb client automatically
+    removes the top-level '_id' field from a result_attribute result.
 
   * The Postfix mongodb client will only parse result fields with data types
     UTF8, INT32, INT64 and ARRAY. Other fields will be ignored, with a warning
@@ -167,3 +178,11 @@ postconf, which libraries you built with, and such. If your question involves
 your database contents, please include the applicable bits of some database
 entries.
 
+CCrreeddiittss
+
+  * Stephan Ferraro (Aionda GmbH) implemented an early version of the Postfix
+    MongoDB client.
+  * Hamid Maadani (Dextrous Technologies, LLC) added support for projections
+    and %letter interpolation, and added documentation.
+  * Wietse Venema adopted and restructured the code and documentation.
+
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index d9610bb91..88c66fb1e 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -1,5 +1,7 @@
 Wish list:
 
+	The postconf command needs more mongodb tests.
+
 	Things to do before the stable release:
 
 	make pre-release-check, HTML validator check.
diff --git a/postfix/html/MONGODB_README.html b/postfix/html/MONGODB_README.html
index 7835bab78..a05d1f5bf 100644
--- a/postfix/html/MONGODB_README.html
+++ b/postfix/html/MONGODB_README.html
@@ -28,6 +28,7 @@ without the hassle and delay of having to copy it to each. </p>
 <li><a href="#example_mailing_list">Example: Mailing lists</a>
 <li><a href="#example_projections">Example: MongoDB projections</a>
 <li><a href="#feedback">Feedback</a>
+<li><a href="#credits">Credits</a>
 </ul>
 
 <h2><a name="build">Building Postfix with MongoDB support</a></h2>
@@ -37,11 +38,12 @@ code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modif
 be required if you build Postfix from a vendor-specific source
 package. </p>
 
-<p>The Postfix MongoDB client requires the mongo-c-driver library.
-This can be built from source code from <a
+<p>The Postfix MongoDB client requires the <b>mongo-c-driver</b>
+library. This can be built from source code from <a
 href="https://github.com/mongodb/mongo-c-driver/releases">the
-mongod-c project</a>, or as a binary package from your OS distribution,
-typically named <b>mongo-c-driver-devel</b> or <b>libmongoc-dev</b>.
+mongod-c project</a>, or this can be installed as a binary package
+from your OS distribution, typically named <b>mongo-c-driver</b>,
+<b>mongo-c-driver-devel</b> or <b>libmongoc-dev</b>.
 Installing the mongo-c-driver library may also install <b>libbson</b>
 as a dependency. </p>
 
@@ -129,6 +131,20 @@ entries whose username is, or alias field has "admin@example.com".
 It will return the username attribute of those found, and build a
 list of their email addresses. </p>
 
+<p> Notes: </p>
+
+<ul>
+
+<li><p> As with <b>projection</b> (see below), the Postfix mongodb
+client automatically removes the top-level '_id' field from a
+result_attribute result. </p> </li>
+
+<li><p> The Postfix mongodb client will only parse result fields
+with data types UTF8, INT32, INT64 and ARRAY. Other fields will be
+ignored, with a warning in the logs. </p> </li>
+
+</ul>
+
 <h2><a name="example_mailing_list">Example: Mailing lists</a></h2>
 
 <p>When it comes to mailing lists, one way of implementing one would
@@ -155,9 +171,9 @@ result_attribute = address
 
 <ul>
 
-<li><p> As with <b>projection</b>, the Postfix mongodb client
-automatically removes the top-level '_id' field from a result. </p>
-</li>
+<li><p> As with <b>projection</b> (see below), the Postfix mongodb
+client automatically removes the top-level '_id' field from a
+result_attribute result. </p> </li>
 
 <li><p> The Postfix mongodb client will only parse result fields
 with data types UTF8, INT32, INT64 and ARRAY. Other fields will be
@@ -219,6 +235,7 @@ with a warning in the logs. It is suggested to exclude any unnecessary
 fields when using a projection. </p></li>
 
 </ul>
+
 <h2><a name="feedback">Feedback</a></h2>
 
 <p> If you have questions, send them to postfix-users@postfix.org.
@@ -227,6 +244,20 @@ MongoDB-related output from postconf, which libraries you built
 with, and such. If your question involves your database contents,
 please include the applicable bits of some database entries. </p>
 
+<h2><a name="credits">Credits</a></h2>
+
+<ul>
+
+<li> Stephan Ferraro (Aionda GmbH) implemented an early version of the
+Postfix MongoDB client.
+
+<li> Hamid Maadani (Dextrous Technologies, LLC) added support for
+projections and %<i>letter</i> interpolation, and added documentation.
+
+<li> Wietse Venema adopted and restructured the code and documentation.
+
+</ul>
+
 </body>
 
 </html>
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html
index 4269a5e12..25441c316 100644
--- a/postfix/html/postconf.1.html
+++ b/postfix/html/postconf.1.html
@@ -272,52 +272,58 @@ POSTCONF(1)                                                        POSTCONF(1)
 
                      This feature is available with Postfix 2.9 and later.
 
+              <b>mongodb</b>
+                     MongoDB database client. This is described in <a href="mongodb_table.5.html"><b>mongodb_ta-</b></a>
+                     <a href="mongodb_table.5.html"><b>ble</b>(5)</a>.
+
+                     This feature is available with Postfix 3.9 and later.
+
               <b>mysql</b> (read-only)
                      MySQL database client.  Available on systems with support
-                     for MySQL databases.   This  is  described  in  <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
+                     for  MySQL  databases.   This  is  described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
                      <a href="mysql_table.5.html"><b>ble</b>(5)</a>.
 
               <b>pcre</b> (read-only)
-                     A  lookup  table based on Perl Compatible Regular Expres-
+                     A lookup table based on Perl Compatible  Regular  Expres-
                      sions.  The file format is described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
 
               <b>pgsql</b> (read-only)
-                     PostgreSQL  database  client.  This   is   described   in
+                     PostgreSQL   database   client.   This  is  described  in
                      <a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
 
                      This feature is available with Postfix 2.1 and later.
 
               <b>pipemap</b> (read-only)
-                     A  lookup  table  that  constructs  a pipeline of tables.
-                     Example: "<b><a href="DATABASE_README.html#types">pipemap</a>:{</b><i>type</i><b>_</b><i>1:name</i><b>_</b><i>1,  ...,  type</i><b>_</b><i>n:name</i><b>_</b><i>n</i><b>}</b>".
-                     Each  "<a href="DATABASE_README.html#types">pipemap</a>:" query is given to the first table.  Each
+                     A lookup table that  constructs  a  pipeline  of  tables.
+                     Example:  "<b><a href="DATABASE_README.html#types">pipemap</a>:{</b><i>type</i><b>_</b><i>1:name</i><b>_</b><i>1,  ..., type</i><b>_</b><i>n:name</i><b>_</b><i>n</i><b>}</b>".
+                     Each "<a href="DATABASE_README.html#types">pipemap</a>:" query is given to the first table.   Each
                      lookup result becomes the query for the next table in the
-                     pipeline,  and  the last table produces the final result.
-                     When any table lookup produces no  result,  the  pipeline
-                     produces  no result. The first and last characters of the
+                     pipeline, and the last table produces the  final  result.
+                     When  any  table  lookup produces no result, the pipeline
+                     produces no result. The first and last characters of  the
                      "<a href="DATABASE_README.html#types">pipemap</a>:" table name must be "<b>{</b>" and "<b>}</b>".  Within these,
                      individual maps are separated with comma or whitespace.
 
                      This feature is available with Postfix 3.0 and later.
 
-              <b>proxy</b>  Postfix  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  client for shared access to Postfix
+              <b>proxy</b>  Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access  to  Postfix
                      databases. The table name syntax is <i>type</i><b>:</b><i>name</i>.
 
                      This feature is available with Postfix 2.0 and later.
 
               <b>randmap</b> (read-only)
-                     An in-memory table that performs random selection.  Exam-
+                     An  in-memory table that performs random selection. Exam-
                      ple:  "<b><a href="DATABASE_README.html#types">randmap</a>:{</b><i>result</i><b>_</b><i>1,  ...,  result</i><b>_</b><i>n</i><b>}</b>".  Each  table
                      query returns a random choice from the specified results.
-                     The  first  and  last  characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table
-                     name must be  "<b>{</b>"  and  "<b>}</b>".   Within  these,  individual
+                     The first and last characters  of  the  "<a href="DATABASE_README.html#types">randmap</a>:"  table
+                     name  must  be  "<b>{</b>"  and  "<b>}</b>".   Within these, individual
                      results are separated with comma or whitespace. To give a
                      specific result more weight, specify it multiple times.
 
                      This feature is available with Postfix 3.0 and later.
 
               <b>regexp</b> (read-only)
-                     A lookup table based on  regular  expressions.  The  file
+                     A  lookup  table  based  on regular expressions. The file
                      format is described in <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>.
 
               <b>sdbm</b>   An indexed file type based on hashing.  Available on sys-
@@ -326,9 +332,9 @@ POSTCONF(1)                                                        POSTCONF(1)
                      This feature is available with Postfix 2.2 and later.
 
               <b>socketmap</b> (read-only)
-                     Sendmail-style  socketmap  client.  The  table  name   is
-                     <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i>  for  a  TCP/IP server, or <b>unix</b>:<i>path-</i>
-                     <i>name</i>:<i>name</i> for a UNIX-domain server. This is described  in
+                     Sendmail-style   socketmap  client.  The  table  name  is
+                     <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP  server,  or  <b>unix</b>:<i>path-</i>
+                     <i>name</i>:<i>name</i>  for a UNIX-domain server. This is described in
                      <a href="socketmap_table.5.html"><b>socketmap_table</b>(5)</a>.
 
                      This feature is available with Postfix 2.10 and later.
@@ -339,11 +345,11 @@ POSTCONF(1)                                                        POSTCONF(1)
                      This feature is available with Postfix 2.8 and later.
 
               <b>static</b> (read-only)
-                     A  table  that  always returns its name as lookup result.
+                     A table that always returns its name  as  lookup  result.
                      For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo-</b>
-                     <b>bar</b>  as lookup result. Specify "<b><a href="DATABASE_README.html#types">static</a>:{</b> <i>text with white-</i>
-                     <i>space</i> <b>}</b>" when the result contains whitespace;  this  form
-                     ignores  whitespace  after the opening "<b>{</b>" and before the
+                     <b>bar</b> as lookup result. Specify "<b><a href="DATABASE_README.html#types">static</a>:{</b> <i>text with  white-</i>
+                     <i>space</i>  <b>}</b>"  when the result contains whitespace; this form
+                     ignores whitespace after the opening "<b>{</b>" and  before  the
                      closing "<b>}</b>". See also the <i><a href="DATABASE_README.html#types">inline</a>:</i> map.
 
                      The form "<b><a href="DATABASE_README.html#types">static</a>:{</b><i>text</i><b>}</b> is available with Postfix 3.0 and
@@ -353,66 +359,66 @@ POSTCONF(1)                                                        POSTCONF(1)
                      TCP/IP client. The protocol is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
 
               <b>texthash</b> (read-only)
-                     Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that  you
-                     don't  need  to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
-                     use the file, and that it does not detect  changes  after
+                     Produces  similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
+                     don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before  you  can
+                     use  the  file, and that it does not detect changes after
                      the file is read.
 
                      This feature is available with Postfix 2.8 and later.
 
               <b>unionmap</b> (read-only)
-                     A  table  that sends each query to multiple lookup tables
-                     and that concatenates all  found  results,  separated  by
+                     A table that sends each query to multiple  lookup  tables
+                     and  that  concatenates  all  found results, separated by
                      comma.  The table name syntax is the same as for <b>pipemap</b>.
 
                      This feature is available with Postfix 3.0 and later.
 
               <b>unix</b> (read-only)
-                     A limited view of the UNIX authentication  database.  The
+                     A  limited  view of the UNIX authentication database. The
                      following tables are implemented:
 
                      <b>unix:passwd.byname</b>
-                            The  table  is the UNIX password database. The key
-                            is a login name.  The result is  a  password  file
+                            The table is the UNIX password database.  The  key
+                            is  a  login  name.  The result is a password file
                             entry in <b>passwd</b>(5) format.
 
                      <b>unix:group.byname</b>
                             The table is the UNIX group database. The key is a
-                            group name.  The result is a group file  entry  in
+                            group  name.   The result is a group file entry in
                             <b>group</b>(5) format.
 
-              Other  table types may exist depending on how Postfix was built.
+              Other table types may exist depending on how Postfix was  built.
 
-       <b>-M</b>     Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a>  file  contents.
+       <b>-M</b>     Show  <a href="master.5.html"><b>master.cf</b></a>  file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
               Specify <b>-Mf</b> to fold long lines for human readability.
 
               Specify zero or more arguments, each with a <i>service-name</i> or <i>ser-</i>
-              <i>vice-name/service-type</i> pair, where  <i>service-name</i>  is  the  first
-              field  of  a  <a href="master.5.html">master.cf</a>  entry and <i>service-type</i> is one of (<b>inet</b>,
+              <i>vice-name/service-type</i>  pair,  where  <i>service-name</i>  is the first
+              field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i>  is  one  of  (<b>inet</b>,
               <b>unix</b>, <b>fifo</b>, or <b>pass</b>).
 
-              If <i>service-name</i> or <i>service-name/service-type</i> is specified,  only
-              the  matching  <a href="master.5.html">master.cf</a>  entries  will  be output. For example,
-              "<b>postconf -Mf smtp</b>" will output all services named  "smtp",  and
-              "<b>postconf  -Mf smtp/inet</b>" will output only the smtp service that
-              listens on the network.  Trailing service type fields  that  are
+              If  <i>service-name</i> or <i>service-name/service-type</i> is specified, only
+              the matching <a href="master.5.html">master.cf</a> entries  will  be  output.  For  example,
+              "<b>postconf  -Mf  smtp</b>" will output all services named "smtp", and
+              "<b>postconf -Mf smtp/inet</b>" will output only the smtp service  that
+              listens  on  the network.  Trailing service type fields that are
               omitted will be handled as "*" wildcard fields.
 
               This feature is available with Postfix 2.9 and later. The syntax
-              was changed from "<i>name.type</i>" to "<i>name/type</i>",  and  "*"  wildcard
+              was  changed  from  "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
               support was added with Postfix 2.11.
 
        <b>-n</b>     Show only configuration parameters that have explicit <i>name=value</i>
-              settings in <a href="postconf.5.html"><b>main.cf</b></a>.  Specify <b>-nf</b> to fold long lines  for  human
-              readability  (Postfix 2.9 and later). To show settings that dif-
+              settings  in  <a href="postconf.5.html"><b>main.cf</b></a>.  Specify <b>-nf</b> to fold long lines for human
+              readability (Postfix 2.9 and later). To show settings that  dif-
               fer from built-in defaults only, use the following bash syntax:
                   LANG=C comm -23 &lt;(postconf -n) &lt;(postconf -d)
               Replace  "-23"  with  "-12"  to  show  settings  that  duplicate
               built-in defaults.
 
        <b>-o</b> <i>name=value</i>
-              Override  <a href="postconf.5.html"><b>main.cf</b></a>  parameter  settings.   This  lets you see the
-              effect changing a parameter would have when it is used in  other
+              Override <a href="postconf.5.html"><b>main.cf</b></a> parameter settings.   This  lets  you  see  the
+              effect  changing a parameter would have when it is used in other
               configuration parameters, e.g.:
                   postconf -x -o stress=yes
 
@@ -422,38 +428,38 @@ POSTCONF(1)                                                        POSTCONF(1)
 
               This feature is available with Postfix 2.11 and later.
 
-       <b>-P</b>     Show  <a href="master.5.html"><b>master.cf</b></a>  service parameter settings (by default all ser-
-              vices and all parameters),  formatted  as  "<i>service/type/parame-</i>
+       <b>-P</b>     Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default  all  ser-
+              vices  and  all  parameters), formatted as "<i>service/type/parame-</i>
               <i>ter=value</i>", one per line.  Specify <b>-Pf</b> to fold long lines.
 
-              Specify  one  or  more "<i>service/type/parameter</i>" instances on the
-              <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output  to  parameters  of
-              interest.   Trailing  parameter name or service type fields that
+              Specify one or more "<i>service/type/parameter</i>"  instances  on  the
+              <a href="postconf.1.html"><b>postconf</b>(1)</a>  command  line  to limit the output to parameters of
+              interest.  Trailing parameter name or service type  fields  that
               are omitted will be handled as "*" wildcard fields.
 
               This feature is available with Postfix 2.11 and later.
 
        <b>-t</b> [<i>template</i><b>_</b><i>file</i>]
-              Display the templates for text that appears at the beginning  of
-              delivery  status  notification (DSN) messages, without expanding
+              Display  the templates for text that appears at the beginning of
+              delivery status notification (DSN) messages,  without  expanding
               $<b>name</b> expressions.
 
-              To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting,  specify
-              a  template  file  name  at the end of the "<b>postconf -t</b>" command
-              line. Specify an empty file name to display  built-in  templates
+              To  override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
+              a template file name at the end of  the  "<b>postconf  -t</b>"  command
+              line.  Specify  an empty file name to display built-in templates
               (in shell language: "").
 
               This feature is available with Postfix 2.3 and later.
 
        <b>-T</b> <i>mode</i>
-              If  Postfix  is compiled without TLS support, the <b>-T</b> option pro-
-              duces no output.  Otherwise, if an invalid  <i>mode</i>  is  specified,
-              the  <b>-T</b> option reports an error and exits with a non-zero status
+              If Postfix is compiled without TLS support, the <b>-T</b>  option  pro-
+              duces  no  output.   Otherwise, if an invalid <i>mode</i> is specified,
+              the <b>-T</b> option reports an error and exits with a non-zero  status
               code. The valid modes are:
 
               <b>compile-version</b>
                      Output the OpenSSL version that Postfix was compiled with
-                     (i.e.  the  OpenSSL version in a header file). The output
+                     (i.e. the OpenSSL version in a header file).  The  output
                      format is the same as with the command "<b>openssl version</b>".
 
               <b>run-version</b>
@@ -461,40 +467,40 @@ POSTCONF(1)                                                        POSTCONF(1)
                      runtime (i.e. the OpenSSL version in a shared library).
 
               <b>public-key-algorithms</b>
-                     Output the lower-case names of the  supported  public-key
+                     Output  the  lower-case names of the supported public-key
                      algorithms, one per-line.
 
               This feature is available with Postfix 3.1 and later.
 
-       <b>-v</b>     Enable  verbose  logging  for  debugging  purposes.  Multiple <b>-v</b>
+       <b>-v</b>     Enable verbose  logging  for  debugging  purposes.  Multiple  <b>-v</b>
               options make the software increasingly verbose.
 
-       <b>-x</b>     Expand <i>$name</i> in  <a href="postconf.5.html"><b>main.cf</b></a>  or  <a href="master.5.html"><b>master.cf</b></a>  parameter  values.  The
+       <b>-x</b>     Expand  <i>$name</i>  in  <a href="postconf.5.html"><b>main.cf</b></a>  or  <a href="master.5.html"><b>master.cf</b></a>  parameter values. The
               expansion is recursive.
 
               This feature is available with Postfix 2.10 and later.
 
-       <b>-X</b>     Edit  the  <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
+       <b>-X</b>     Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove  the  parameters
               named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.  Specify a list of param-
               eter names, not "<i>name=value</i>" pairs.
 
-              With  <b>-M</b>,  edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
-              or more service entries as specified with "<i>service/type</i>" on  the
+              With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and  remove  one
+              or  more service entries as specified with "<i>service/type</i>" on the
               <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
 
-              With  <b>-P</b>,  edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+              With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and  remove  one
               or more service parameter settings (-o parameter=value settings)
-              as  specified  with  "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a>
+              as specified with "<i>service/type/parameter</i>"  on  the  <a href="postconf.1.html"><b>postconf</b>(1)</a>
               command line.
 
               In all cases the file is copied to a temporary file then renamed
               into place.  Specify quotes to protect special characters on the
               <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
 
-              There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform  the  reverse  opera-
+              There  is  no  <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
               tion.
 
-              This  feature is available with Postfix 2.10 and later.  Support
+              This feature is available with Postfix 2.10 and later.   Support
               for -M and -P was added with Postfix 2.11.
 
        <b>-#</b>     Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame-
@@ -502,18 +508,18 @@ POSTCONF(1)                                                        POSTCONF(1)
               eters revert to their default values.  Specify a list of parame-
               ter names, not "<i>name=value</i>" pairs.
 
-              With  <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
-              one or more service entries as specified with "<i>service/type</i>"  on
+              With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment  out
+              one  or more service entries as specified with "<i>service/type</i>" on
               the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
 
               In all cases the file is copied to a temporary file then renamed
               into place.  Specify quotes to protect special characters on the
               <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
 
-              There  is  no  <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+              There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform  the  reverse  opera-
               tion.
 
-              This feature is available with Postfix 2.6  and  later.  Support
+              This  feature  is  available with Postfix 2.6 and later. Support
               for -M was added with Postfix 2.11.
 
 <b>DIAGNOSTICS</b>
@@ -524,18 +530,18 @@ POSTCONF(1)                                                        POSTCONF(1)
               Directory with Postfix configuration files.
 
 <b>CONFIGURATION PARAMETERS</b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to  this  pro-
        gram.
 
-       The text below provides only a parameter summary. See  <a href="postconf.5.html"><b>postconf</b>(5)</a>  for
+       The  text  below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
        more details including examples.
 
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+              The default location of the Postfix <a href="postconf.5.html">main.cf</a> and  <a href="master.5.html">master.cf</a>  con-
               figuration files.
 
        <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
-              Pathname of a configuration file with bounce message  templates.
+              Pathname  of a configuration file with bounce message templates.
 
 <b>FILES</b>
        /etc/postfix/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 4feae4908..bdc88b4d7 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -15212,9 +15212,8 @@ pubkey_fingerprint } } </dd>
 
 <dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
-<dd>Search the specified access database for the client hostname,
-parent domains, client IP address, or networks obtained by stripping
-least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd>
+<dd>Search the specified access database for the client hostname
+or IP address. See the <a href="access.5.html">access(5)</a> manual page for details. </dd>
 
 <dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
@@ -15245,8 +15244,7 @@ available in Postfix 2.7 and later.  </dd>
 <dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access database for the unverified reverse
-client hostname, parent domains, client IP address, or networks
-obtained by stripping least significant octets. See the <a href="access.5.html">access(5)</a>
+client hostname or IP address. See the <a href="access.5.html">access(5)</a>
 manual page for details.  Note: a result of "OK" is not allowed for
 safety reasons.  Instead, use DUNNO in order to exclude specific
 hosts from denylists.  This feature is available in Postfix 2.6
@@ -15904,8 +15902,8 @@ received with the ETRN command.
 
 <dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
-<dd>Search the specified access database for the ETRN domain name
-or its parent domains. See the <a href="access.5.html">access(5)</a> manual page for details.
+<dd>Search the specified access database for the ETRN domain name.
+See the <a href="access.5.html">access(5)</a> manual page for details.
 </dd>
 
 </dl>
@@ -16223,7 +16221,7 @@ received with the HELO or EHLO command.
 <dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO
-hostname or parent domains, and execute the corresponding action.
+hostname, and execute the corresponding action.
 Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
 restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
 simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO).  </dd>
@@ -16887,8 +16885,7 @@ that is received with the RCPT TO command.
 <dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT
-TO address, domain, parent domains, or localpart@, and execute the
-corresponding action.  </dd>
+TO address, and execute the corresponding action.  </dd>
 
 <dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
@@ -17735,8 +17732,7 @@ received with the MAIL FROM command.
 <dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM
-address, domain, parent domains, or localpart@, and execute the
-corresponding action. </dd>
+address, and execute the corresponding action. </dd>
 
 <dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1
index e4224299e..c5049432e 100644
--- a/postfix/man/man1/postconf.1
+++ b/postfix/man/man1/postconf.1
@@ -299,6 +299,11 @@ Memcache database client. This is described in
 \fBmemcache_table\fR(5).
 
 This feature is available with Postfix 2.9 and later.
+.IP "\fBmongodb\fR"
+MongoDB database client. This is described in
+\fBmongodb_table\fR(5).
+
+This feature is available with Postfix 3.9 and later.
 .IP "\fBmysql\fR (read\-only)"
 MySQL database client.  Available on systems with support
 for MySQL databases.  This is described in \fBmysql_table\fR(5).
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index ba46aecb8..d73298abb 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -10405,9 +10405,8 @@ pubkey_fingerprint } }
 The commas are optional.
 .br
 .IP "\fBcheck_client_access \fItype:table\fR\fR"
-Search the specified access database for the client hostname,
-parent domains, client IP address, or networks obtained by stripping
-least significant octets. See the \fBaccess\fR(5) manual page for details.
+Search the specified access database for the client hostname
+or IP address. See the \fBaccess\fR(5) manual page for details.
 .br
 .IP "\fBcheck_client_a_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the IP addresses for the
@@ -10434,8 +10433,7 @@ available in Postfix 2.7 and later.
 .br
 .IP "\fBcheck_reverse_client_hostname_access \fItype:table\fR\fR"
 Search the specified access database for the unverified reverse
-client hostname, parent domains, client IP address, or networks
-obtained by stripping least significant octets. See the \fBaccess\fR(5)
+client hostname or IP address. See the \fBaccess\fR(5)
 manual page for details.  Note: a result of "OK" is not allowed for
 safety reasons.  Instead, use DUNNO in order to exclude specific
 hosts from denylists.  This feature is available in Postfix 2.6
@@ -10998,8 +10996,8 @@ restriction that matches wins.
 The following restrictions are specific to the domain name information
 received with the ETRN command.
 .IP "\fBcheck_etrn_access \fItype:table\fR\fR"
-Search the specified access database for the ETRN domain name
-or its parent domains. See the \fBaccess\fR(5) manual page for details.
+Search the specified access database for the ETRN domain name.
+See the \fBaccess\fR(5) manual page for details.
 .br
 .br
 .PP
@@ -11251,7 +11249,7 @@ The following restrictions are specific to the hostname information
 received with the HELO or EHLO command.
 .IP "\fBcheck_helo_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the HELO or EHLO
-hostname or parent domains, and execute the corresponding action.
+hostname, and execute the corresponding action.
 Note: specify "smtpd_helo_required = yes" to fully enforce this
 restriction (without "smtpd_helo_required = yes", a client can
 simply skip check_helo_access by not sending HELO or EHLO).
@@ -11717,8 +11715,7 @@ The following restrictions are specific to the recipient address
 that is received with the RCPT TO command.
 .IP "\fBcheck_recipient_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the resolved RCPT
-TO address, domain, parent domains, or localpart@, and execute the
-corresponding action.
+TO address, and execute the corresponding action.
 .br
 .IP "\fBcheck_recipient_a_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the IP addresses for
@@ -12376,8 +12373,7 @@ The following restrictions are specific to the sender address
 received with the MAIL FROM command.
 .IP "\fBcheck_sender_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the MAIL FROM
-address, domain, parent domains, or localpart@, and execute the
-corresponding action.
+address, and execute the corresponding action.
 .br
 .IP "\fBcheck_sender_a_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the IP addresses for
diff --git a/postfix/proto/MONGODB_README.html b/postfix/proto/MONGODB_README.html
index c660fc199..f5e1d5f54 100644
--- a/postfix/proto/MONGODB_README.html
+++ b/postfix/proto/MONGODB_README.html
@@ -28,6 +28,7 @@ without the hassle and delay of having to copy it to each. </p>
 <li><a href="#example_mailing_list">Example: Mailing lists</a>
 <li><a href="#example_projections">Example: MongoDB projections</a>
 <li><a href="#feedback">Feedback</a>
+<li><a href="#credits">Credits</a>
 </ul>
 
 <h2><a name="build">Building Postfix with MongoDB support</a></h2>
@@ -37,11 +38,12 @@ code as described in the INSTALL document. Some modification may
 be required if you build Postfix from a vendor-specific source
 package. </p>
 
-<p>The Postfix MongoDB client requires the mongo-c-driver library.
-This can be built from source code from <a
+<p>The Postfix MongoDB client requires the <b>mongo-c-driver</b>
+library. This can be built from source code from <a
 href="https://github.com/mongodb/mongo-c-driver/releases">the
-mongod-c project</a>, or as a binary package from your OS distribution,
-typically named <b>mongo-c-driver-devel</b> or <b>libmongoc-dev</b>.
+mongod-c project</a>, or this can be installed as a binary package
+from your OS distribution, typically named <b>mongo-c-driver</b>,
+<b>mongo-c-driver-devel</b> or <b>libmongoc-dev</b>.
 Installing the mongo-c-driver library may also install <b>libbson</b>
 as a dependency. </p>
 
@@ -129,6 +131,20 @@ entries whose username is, or alias field has "admin@example.com".
 It will return the username attribute of those found, and build a
 list of their email addresses. </p>
 
+<p> Notes: </p>
+
+<ul>
+
+<li><p> As with <b>projection</b> (see below), the Postfix mongodb
+client automatically removes the top-level '_id' field from a
+result_attribute result. </p> </li>
+
+<li><p> The Postfix mongodb client will only parse result fields
+with data types UTF8, INT32, INT64 and ARRAY. Other fields will be
+ignored, with a warning in the logs. </p> </li>
+
+</ul>
+
 <h2><a name="example_mailing_list">Example: Mailing lists</a></h2>
 
 <p>When it comes to mailing lists, one way of implementing one would
@@ -155,9 +171,9 @@ result_attribute = address
 
 <ul>
 
-<li><p> As with <b>projection</b>, the Postfix mongodb client
-automatically removes the top-level '_id' field from a result. </p>
-</li>
+<li><p> As with <b>projection</b> (see below), the Postfix mongodb
+client automatically removes the top-level '_id' field from a
+result_attribute result. </p> </li>
 
 <li><p> The Postfix mongodb client will only parse result fields
 with data types UTF8, INT32, INT64 and ARRAY. Other fields will be
@@ -219,6 +235,7 @@ with a warning in the logs. It is suggested to exclude any unnecessary
 fields when using a projection. </p></li>
 
 </ul>
+
 <h2><a name="feedback">Feedback</a></h2>
 
 <p> If you have questions, send them to postfix-users@postfix.org.
@@ -227,6 +244,20 @@ MongoDB-related output from postconf, which libraries you built
 with, and such. If your question involves your database contents,
 please include the applicable bits of some database entries. </p>
 
+<h2><a name="credits">Credits</a></h2>
+
+<ul>
+
+<li> Stephan Ferraro (Aionda GmbH) implemented an early version of the
+Postfix MongoDB client.
+
+<li> Hamid Maadani (Dextrous Technologies, LLC) added support for
+projections and %<i>letter</i> interpolation, and added documentation.
+
+<li> Wietse Venema adopted and restructured the code and documentation.
+
+</ul>
+
 </body>
 
 </html>
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 8ecd15a52..0da915282 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -5303,9 +5303,8 @@ pubkey_fingerprint } } </dd>
 
 <dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
-<dd>Search the specified access database for the client hostname,
-parent domains, client IP address, or networks obtained by stripping
-least significant octets. See the access(5) manual page for details. </dd>
+<dd>Search the specified access database for the client hostname
+or IP address. See the access(5) manual page for details. </dd>
 
 <dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
@@ -5336,8 +5335,7 @@ available in Postfix 2.7 and later.  </dd>
 <dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access database for the unverified reverse
-client hostname, parent domains, client IP address, or networks
-obtained by stripping least significant octets. See the access(5)
+client hostname or IP address. See the access(5)
 manual page for details.  Note: a result of "OK" is not allowed for
 safety reasons.  Instead, use DUNNO in order to exclude specific
 hosts from denylists.  This feature is available in Postfix 2.6
@@ -5810,8 +5808,8 @@ received with the ETRN command.
 
 <dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
-<dd>Search the specified access database for the ETRN domain name
-or its parent domains. See the access(5) manual page for details.
+<dd>Search the specified access database for the ETRN domain name.
+See the access(5) manual page for details.
 </dd>
 
 </dl>
@@ -5926,7 +5924,7 @@ received with the HELO or EHLO command.
 <dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access(5) database for the HELO or EHLO
-hostname or parent domains, and execute the corresponding action.
+hostname, and execute the corresponding action.
 Note: specify "smtpd_helo_required = yes" to fully enforce this
 restriction (without "smtpd_helo_required = yes", a client can
 simply skip check_helo_access by not sending HELO or EHLO).  </dd>
@@ -6221,8 +6219,7 @@ that is received with the RCPT TO command.
 <dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access(5) database for the resolved RCPT
-TO address, domain, parent domains, or localpart@, and execute the
-corresponding action.  </dd>
+TO address, and execute the corresponding action.  </dd>
 
 <dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
@@ -6736,8 +6733,7 @@ received with the MAIL FROM command.
 <dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
 <dd>Search the specified access(5) database for the MAIL FROM
-address, domain, parent domains, or localpart@, and execute the
-corresponding action. </dd>
+address, and execute the corresponding action. </dd>
 
 <dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
diff --git a/postfix/proto/stop b/postfix/proto/stop
index 37436858b..e3e8ac6c7 100644
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@@ -1596,3 +1596,9 @@ chunking
 allowlists
 FWS
 mongodb
+Aionda
+Ferraro
+GmbH
+Hamid
+LLC
+Maadani
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history
index e3b91b5fa..690f12b79 100644
--- a/postfix/proto/stop.double-history
+++ b/postfix/proto/stop.double-history
@@ -108,3 +108,4 @@ proto  proto aliases proto virtual proto ADDRESS_REWRITING_README html
  postlogd postlogd c 
  qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c 
  strategies File smtp smtp c 
+ postconf postconf c postconf postconf_dbms c 
diff --git a/postfix/src/global/dict_mongodb.c b/postfix/src/global/dict_mongodb.c
index 1aa36b3f2..18144b719 100644
--- a/postfix/src/global/dict_mongodb.c
+++ b/postfix/src/global/dict_mongodb.c
@@ -255,6 +255,7 @@ static char *get_result_string(DICT_MONGODB *dict_mongodb,
 					   resultString, expansion, key);
 	    break;
 	case BSON_TYPE_ARRAY:
+	    ;					/* For pre-C23 Clang. */
 	    const uint8_t *dataBuffer = NULL;
 	    unsigned int len = 0;
 	    bson_iter_t dataIter;
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0506725e4..94c51864f 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20240213"
+#define MAIL_RELEASE_DATE	"20240216"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index 0aa29e888..079824ab4 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -469,6 +469,9 @@ test29:	$(PROG) test29.ref
 	echo 'memcachexx = proxy:memcache:memcachefoo' >> main.cf
 	echo 'memcachefoo_domain = bar' >> main.cf
 	echo 'memcachefoo_domainx = bar' >> main.cf
+	echo 'mongodbxx = proxy:mongodb:mongodbfoo' >> main.cf
+	echo 'mongodbfoo_domain = bar' >> main.cf
+	echo 'mongodbfoo_domainx = bar' >> main.cf
 	touch -t 197101010000 main.cf
 	$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -nc . >test29.tmp 2>&1
 	diff test29.ref test29.tmp
@@ -1146,13 +1149,13 @@ postconf_dbms.o: ../../include/dict.h
 postconf_dbms.o: ../../include/dict_ht.h
 postconf_dbms.o: ../../include/dict_ldap.h
 postconf_dbms.o: ../../include/dict_memcache.h
+postconf_dbms.o: ../../include/dict_mongodb.h
 postconf_dbms.o: ../../include/dict_mysql.h
 postconf_dbms.o: ../../include/dict_pcre.h
 postconf_dbms.o: ../../include/dict_pgsql.h
 postconf_dbms.o: ../../include/dict_proxy.h
 postconf_dbms.o: ../../include/dict_regexp.h
 postconf_dbms.o: ../../include/dict_sqlite.h
-postconf_dbms.o: ../../include/dict_mongodb.h
 postconf_dbms.o: ../../include/htable.h
 postconf_dbms.o: ../../include/mac_expand.h
 postconf_dbms.o: ../../include/mac_parse.h
@@ -1171,10 +1174,10 @@ postconf_dbms.o: ../../include/vstream.h
 postconf_dbms.o: ../../include/vstring.h
 postconf_dbms.o: pcf_ldap_suffixes.h
 postconf_dbms.o: pcf_memcache_suffixes.h
+postconf_dbms.o: pcf_mongodb_suffixes.h
 postconf_dbms.o: pcf_mysql_suffixes.h
 postconf_dbms.o: pcf_pgsql_suffixes.h
 postconf_dbms.o: pcf_sqlite_suffixes.h
-postconf_dbms.o: pcf_mongodb_suffixes.h
 postconf_dbms.o: postconf.h
 postconf_dbms.o: postconf_dbms.c
 postconf_edit.o: ../../include/argv.h
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index f598a5be6..5a10f5e96 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -293,6 +293,11 @@
 /*	\fBmemcache_table\fR(5).
 /*
 /*	This feature is available with Postfix 2.9 and later.
+/* .IP "\fBmongodb\fR"
+/*	MongoDB database client. This is described in
+/*	\fBmongodb_table\fR(5).
+/*
+/*	This feature is available with Postfix 3.9 and later.
 /* .IP "\fBmysql\fR (read-only)"
 /*	MySQL database client.  Available on systems with support
 /*	for MySQL databases.  This is described in \fBmysql_table\fR(5).
diff --git a/postfix/src/postconf/postconf_dbms.c b/postfix/src/postconf/postconf_dbms.c
index 0ed5b5337..3320875d8 100644
--- a/postfix/src/postconf/postconf_dbms.c
+++ b/postfix/src/postconf/postconf_dbms.c
@@ -77,6 +77,7 @@
 #include <dict_pgsql.h>
 #include <dict_sqlite.h>
 #include <dict_memcache.h>
+#include <dict_mongodb.h>
 #include <dict_regexp.h>
 #include <dict_pcre.h>
 
@@ -131,6 +132,13 @@ static const char *pcf_memcache_suffixes[] = {
     0,
 };
 
+/* See mongodb_table(5). */
+
+static const char *pcf_mongodb_suffixes[] = {
+#include "pcf_mongodb_suffixes.h"
+    0,
+};
+
  /*
   * Bundle up the database types and their suffix lists.
   */
@@ -149,6 +157,7 @@ static const PCF_DBMS_INFO pcf_dbms_info[] = {
     {DICT_TYPE_PGSQL, PCF_DBMS_CLASS_CLIENT, pcf_pgsql_suffixes},
     {DICT_TYPE_SQLITE, PCF_DBMS_CLASS_CLIENT, pcf_sqlite_suffixes},
     {DICT_TYPE_MEMCACHE, PCF_DBMS_CLASS_CLIENT, pcf_memcache_suffixes},
+    {DICT_TYPE_MONGODB, PCF_DBMS_CLASS_CLIENT, pcf_mongodb_suffixes},
     {DICT_TYPE_REGEXP, PCF_DBMS_CLASS_REGEX},
     {DICT_TYPE_PCRE, PCF_DBMS_CLASS_REGEX},
     {0},
diff --git a/postfix/src/postconf/test29.ref b/postfix/src/postconf/test29.ref
index 646890aaa..c3bbaecab 100644
--- a/postfix/src/postconf/test29.ref
+++ b/postfix/src/postconf/test29.ref
@@ -2,15 +2,18 @@ config_directory = .
 ./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: ldapxx=proxy:ldap:ldapfoo
+./postconf: warning: ./main.cf: unused parameter: mongodbfoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitexx=proxy:sqlite:sqlitefoo
 ./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: memcachefoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: mongodbfoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: ldapfoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: ldapfoo_domain=bar
 ./postconf: warning: ./main.cf: unused parameter: memcachexx=proxy:memcache:memcachefoo
 ./postconf: warning: ./main.cf: unused parameter: memcachefoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domainx=bar
 ./postconf: warning: ./main.cf: unused parameter: mysqlxx=proxy:mysql:mysqlfoo
+./postconf: warning: ./main.cf: unused parameter: mongodbxx=proxy:mongodb:mongodbfoo
 ./postconf: warning: ./main.cf: unused parameter: pgsqlxx=proxy:pgsql:pgsqlfoo