diff --git a/postfix/HISTORY b/postfix/HISTORY
index 4766e1711..85119166a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27172,3 +27172,11 @@ Apologies for any names omitted.
 	master/master.c, postlog/postlog.c, postlogd/postlogd.c,
 	util/logwriter.c, util/logwriter.h, util/Makefile.in,
 	util/vstream.c.
+
+20230517
+
+	Bugfix (defect introduced: Postfix 3.8) the posttls-finger
+	command could access uninitialized memory when reconnecting.
+	This also fixes a warning message when a destination contains
+	":service" information. Reported by Thomas Korbar. File:
+	posttls-finger/posttls-finger.c.
diff --git a/postfix/README_FILES/MAILLOG_README b/postfix/README_FILES/MAILLOG_README
index 6f8fead72..75fa4b567 100644
--- a/postfix/README_FILES/MAILLOG_README
+++ b/postfix/README_FILES/MAILLOG_README
@@ -30,8 +30,14 @@ problems for systemd-based systems.
  2. Configure Postfix to write logging, to, for example, /var/log/postfix.log.
     See also the "Logfile rotation" section below for logfile management.
 
+    In the example below, specifying maillog_file_permissions is optional
+    (Postfix 3.9 and later). The default value is 0600, i.e., only the super-
+    user can access the file; the value 0644 also adds 'group' and 'other' read
+    access.
+
         # postfix stop
         # postconf maillog_file=/var/log/postfix.log
+        # postconf maillog_file_permissions=0644 # (Postfix 3.9 and later)
         # postfix start
 
     By default, the logfile name must start with "/var" or "/dev/stdout" (the
@@ -71,6 +77,10 @@ implements the following steps:
   * After a brief pause, compress the old logfile. The compression program is
     configured with the maillog_file_compressor parameter (default: gzip).
 
+  * The next time it logs an event, postlogd(8) will create a new logfile, with
+    permissions specified with the maillog_file_permissions parameter (default:
+    0600).
+
 Notes:
 
   * This command will not rotate a logfile with a pathname under the /dev
diff --git a/postfix/html/MAILLOG_README.html b/postfix/html/MAILLOG_README.html
index be58e334f..ab751f4c6 100644
--- a/postfix/html/MAILLOG_README.html
+++ b/postfix/html/MAILLOG_README.html
@@ -63,10 +63,16 @@ Postfix version. </p>
 /var/log/postfix.log. See also the "<a href="#logrotate">Logfile
 rotation</a>" section below for logfile management. </p>
 
+<p> In the example below, specifying <a href="postconf.5.html#maillog_file_permissions">maillog_file_permissions</a> is
+optional (Postfix 3.9 and later). The default value is 0600, i.e.,
+only the super-user can access the file; the value 0644 also
+adds 'group' and 'other' read access. </p>
+
 <blockquote>
 <pre>
 # postfix stop
 # postconf <a href="postconf.5.html#maillog_file">maillog_file</a>=/var/log/postfix.log
+# postconf <a href="postconf.5.html#maillog_file_permissions">maillog_file_permissions</a>=0644 # (Postfix 3.9 and later)
 # postfix start
 </pre>
 </blockquote>
@@ -124,6 +130,10 @@ old logfile. </p>
 program is configured with the <a href="postconf.5.html#maillog_file_compressor">maillog_file_compressor</a> parameter
 (default: gzip). </p>
 
+<li> <p> The next time it logs an event, <a href="postlogd.8.html">postlogd(8)</a> will create a
+new logfile, with permissions specified with the <a href="postconf.5.html#maillog_file_permissions">maillog_file_permissions</a>
+parameter (default: 0600). </p>
+
 </ul>
 
 <p> Notes: </p>
diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html
index cacc80130..70e0063f6 100644
--- a/postfix/html/master.8.html
+++ b/postfix/html/master.8.html
@@ -148,15 +148,15 @@ MASTER(8)                                                            MASTER(8)
               invoked with the -D option.
 
        <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
-              The network interface addresses that this mail  system  receives
-              mail on.
+              The local network interface  addresses  that  this  mail  system
+              receives mail on.
 
        <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b>
               The  Internet  protocols Postfix will attempt to use when making
               or accepting connections.
 
        <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
-              The list of environment parameters  that  a  privileged  Postfix
+              The list of environment  variables  that  a  privileged  Postfix
               process  will  import  from  a  non-Postfix  parent  process, or
               name=value environment overrides.
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 4426f727b..51ed8ed69 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -6688,6 +6688,21 @@ first argument. </p>
 <p> This feature is available in Postfix 3.4 and later. </p>
 
 
+</DD>
+
+<DT><b><a name="maillog_file_permissions">maillog_file_permissions</a>
+(default: 0600)</b></DT><DD>
+
+<p> The file access permissions that will be set when the file
+$<a href="postconf.5.html#maillog_file">maillog_file</a> is created for the first time, or when the file is
+created after an existing file is rotated. Specify one of: <b>0600</b>
+(only super-user read/write access), <b>0640</b> (adds 'group' read
+access), or <b>0644</b> (also adds 'other' read access). The leading
+'0' is optional.  </p>
+
+<p> This feature is available in Postfix 3.9 and later. </p>
+
+
 </DD>
 
 <DT><b><a name="maillog_file_prefixes">maillog_file_prefixes</a>
diff --git a/postfix/html/postlog.1.html b/postfix/html/postlog.1.html
index 587edbc1d..617b78b0a 100644
--- a/postfix/html/postlog.1.html
+++ b/postfix/html/postlog.1.html
@@ -90,6 +90,13 @@ POSTLOG(1)                                                          POSTLOG(1)
        <b><a href="postconf.5.html#postlog_service_name">postlog_service_name</a> (postlog)</b>
               The name of the <a href="postlogd.8.html"><b>postlogd</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
 
+       Available in Postfix 3.9 and later:
+
+       <b><a href="postconf.5.html#maillog_file_permissions">maillog_file_permissions</a> (0600)</b>
+              The file access permissions that  will  be  set  when  the  file
+              $<a href="postconf.5.html#maillog_file">maillog_file</a> is created for the first time, or when the file is
+              created after an existing file is rotated.
+
 <b>SEE ALSO</b>
        <a href="postconf.5.html">postconf(5)</a>, configuration parameters
        <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
diff --git a/postfix/html/postlogd.8.html b/postfix/html/postlogd.8.html
index 58cdf017d..3ddbf6621 100644
--- a/postfix/html/postlogd.8.html
+++ b/postfix/html/postlogd.8.html
@@ -68,6 +68,13 @@ POSTLOGD(8)                                                        POSTLOGD(8)
               How  much  time  a  <a href="postlogd.8.html"><b>postlogd</b>(8)</a>  process  may  take to process a
               request before it is terminated by a built-in watchdog timer.
 
+       Available in Postfix 3.9 and later:
+
+       <b><a href="postconf.5.html#maillog_file_permissions">maillog_file_permissions</a> (0600)</b>
+              The file access permissions that  will  be  set  when  the  file
+              $<a href="postconf.5.html#maillog_file">maillog_file</a> is created for the first time, or when the file is
+              created after an existing file is rotated.
+
 <b>SEE ALSO</b>
        <a href="postconf.5.html">postconf(5)</a>, configuration parameters
        syslogd(8), system logging
diff --git a/postfix/man/man1/postlog.1 b/postfix/man/man1/postlog.1
index 52bd815c3..d9723e7c4 100644
--- a/postfix/man/man1/postlog.1
+++ b/postfix/man/man1/postlog.1
@@ -94,6 +94,12 @@ The name of an optional logfile that is written by the Postfix
 \fBpostlogd\fR(8) service.
 .IP "\fBpostlog_service_name (postlog)\fR"
 The name of the \fBpostlogd\fR(8) service entry in master.cf.
+.PP
+Available in Postfix 3.9 and later:
+.IP "\fBmaillog_file_permissions (0600)\fR"
+The file access permissions that will be set when the file
+$maillog_file is created for the first time, or when the file is
+created after an existing file is rotated.
 .SH "SEE ALSO"
 .na
 .nf
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index bc0822bc0..48cb498bc 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4150,6 +4150,15 @@ logrotate". The command is run with the rotated logfile name as its
 first argument.
 .PP
 This feature is available in Postfix 3.4 and later.
+.SH maillog_file_permissions (default: 0600)
+The file access permissions that will be set when the file
+$maillog_file is created for the first time, or when the file is
+created after an existing file is rotated. Specify one of: \fB0600\fR
+(only super\-user read/write access), \fB0640\fR (adds 'group' read
+access), or \fB0644\fR (also adds 'other' read access). The leading
+\&'0' is optional.
+.PP
+This feature is available in Postfix 3.9 and later.
 .SH maillog_file_prefixes (default: /var, /dev/stdout)
 A list of allowed prefixes for a maillog_file value. This is a
 safety feature to contain the damage from a single configuration
diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8
index 8c37de4e1..c6ed9ac53 100644
--- a/postfix/man/man8/master.8
+++ b/postfix/man/man8/master.8
@@ -151,13 +151,13 @@ The directory with Postfix support programs and daemon programs.
 The external command to execute when a Postfix daemon program is
 invoked with the \-D option.
 .IP "\fBinet_interfaces (all)\fR"
-The network interface addresses that this mail system receives
-mail on.
+The local network interface addresses that this mail system
+receives mail on.
 .IP "\fBinet_protocols (see 'postconf -d output')\fR"
 The Internet protocols Postfix will attempt to use when making
 or accepting connections.
 .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-The list of environment parameters that a privileged Postfix
+The list of environment variables that a privileged Postfix
 process will import from a non\-Postfix parent process, or name=value
 environment overrides.
 .IP "\fBmail_owner (postfix)\fR"
diff --git a/postfix/man/man8/postlogd.8 b/postfix/man/man8/postlogd.8
index 9168a3429..df2f5c04d 100644
--- a/postfix/man/man8/postlogd.8
+++ b/postfix/man/man8/postlogd.8
@@ -66,6 +66,12 @@ The master.cf service name of a Postfix daemon process.
 .IP "\fBpostlogd_watchdog_timeout (10s)\fR"
 How much time a \fBpostlogd\fR(8) process may take to process a request
 before it is terminated by a built\-in watchdog timer.
+.PP
+Available in Postfix 3.9 and later:
+.IP "\fBmaillog_file_permissions (0600)\fR"
+The file access permissions that will be set when the file
+$maillog_file is created for the first time, or when the file is
+created after an existing file is rotated.
 .SH "SEE ALSO"
 .na
 .nf
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 4704e0ba6..fc2f3adc8 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20230516"
+#define MAIL_RELEASE_DATE	"20230517"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c
index f34df22e9..ec971ffa9 100644
--- a/postfix/src/master/master.c
+++ b/postfix/src/master/master.c
@@ -135,8 +135,8 @@
 /*	The external command to execute when a Postfix daemon program is
 /*	invoked with the -D option.
 /* .IP "\fBinet_interfaces (all)\fR"
-/*	The local network interface addresses that this mail system receives
-/*	mail on.
+/*	The local network interface addresses that this mail system
+/*	receives mail on.
 /* .IP "\fBinet_protocols (see 'postconf -d output')\fR"
 /*	The Internet protocols Postfix will attempt to use when making
 /*	or accepting connections.
diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c
index 2f3a58e82..b9a46999d 100644
--- a/postfix/src/posttls-finger/posttls-finger.c
+++ b/postfix/src/posttls-finger/posttls-finger.c
@@ -1590,12 +1590,13 @@ static char *parse_destination(char *destination, char *def_service,
 static void connect_remote(STATE *state, char *dest)
 {
     DNS_RR *addr;
-    char   *buf;
-    char   *domain;
-    char   *service;
 
     /* When reconnecting use IP address of previous session */
     if (state->addr == 0) {
+	char   *buf;
+	char   *domain;
+	char   *service;
+
 	buf = parse_destination(dest, state->smtp ? "smtp" : "24",
 				&domain, &service, &state->port);
 	if (!state->nexthop)
@@ -1622,8 +1623,8 @@ static void connect_remote(STATE *state, char *dest)
 
 	if (level == TLS_LEV_INVALID
 	    || (state->stream = connect_addr(state, addr)) == 0) {
-	    msg_info("Failed to establish session to %s:%s via %s:%u: %s",
-		     dest, service, HNAME(addr), addr->port,
+	    msg_info("Failed to establish session to %s via %s:%u: %s",
+		     dest, HNAME(addr), addr->port,
 		     vstring_str(state->why->reason));
 	    continue;
 	}