diff --git a/postfix/HISTORY b/postfix/HISTORY
index e37bf54a4..5164f46d6 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -27366,3 +27366,16 @@ Apologies for any names omitted.
 	added error handling for the unlikely case that the legacy
 	mysql_real_escape_string() returns an error. File:
 	global/dict_mysql.c.
+
+20230906
+
+	Documentation: the postconf(5) manpage did not document
+	that the force_mime_input_conversion feature was introduced
+	in Postfix 3.9. Viktor Dukhovni. File: proto/postconf.proto.
+
+20230912
+
+	Cleanup: record the use of a raw public key in Received:
+	headers, when the Postfix SMTP server or the remote SMTP
+	client presents a raw public key. Viktor Dukhovni. File:
+	smtpd/smtpd.c.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 5588d2798..d78d3a5c6 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -12447,6 +12447,8 @@ until a match is found.
 results. Specify one non-whitespace character that does not appear in
 the username. </p>
 
+<p> This feature is available in Postfix &ge; 3.9. </p>
+
 
 </DD>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index d6e3d8c62..305ede165 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -8026,6 +8026,8 @@ until a match is found.
 The delimiter between username and password in sasl_passwd_maps lookup
 results. Specify one non\-whitespace character that does not appear in
 the username.
+.PP
+This feature is available in Postfix >= 3.9.
 .SH smtp_sasl_path (default: empty)
 Implementation\-specific information that the Postfix SMTP client
 passes through to
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index c8523a90a..d0f9c78f2 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -4712,6 +4712,8 @@ configuration parameter.  See there for details. </p>
 results. Specify one non-whitespace character that does not appear in
 the username. </p>
 
+<p> This feature is available in Postfix &ge; 3.9. </p>
+
 %PARAM smtp_sasl_security_options noplaintext, noanonymous
 
 <p> Postfix SMTP client SASL security options; as of Postfix 2.3
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history
index 2fb2cee88..4a4b59e0f 100644
--- a/postfix/proto/stop.double-history
+++ b/postfix/proto/stop.double-history
@@ -66,3 +66,4 @@ proto  proto aliases proto virtual proto ADDRESS_REWRITING_README html
  smtp lmtp_params c smtp smtp c smtp smtp_params c 
  plaintext Problem reported by Serg File smtp smtp h 
  cleanup cleanup c cleanup cleanup_init c proto postconf proto 
+ smtpd smtpd c 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 5a7640d85..77de2f57f 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20230903"
+#define MAIL_RELEASE_DATE	"20230912"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index f6ade16e3..dae151725 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -1485,7 +1485,7 @@ char   *var_smtpd_tls_eecdh;
 char   *var_smtpd_tls_eccert_file;
 char   *var_smtpd_tls_eckey_file;
 char   *var_smtpd_tls_chain_files;
-int    var_smtpd_tls_enable_rpk;
+int     var_smtpd_tls_enable_rpk;
 
 #endif
 
@@ -3459,11 +3459,15 @@ static void common_pre_message_handling(SMTPD_STATE *state,
 		}
 		if (state->tls_context->srvr_sig_curve
 		    && *state->tls_context->srvr_sig_curve)
-		    vstring_sprintf_append(state->buffer, " (%s)",
-					state->tls_context->srvr_sig_curve);
+		    vstring_sprintf_append(state->buffer, " (%s%s)",
+					 state->tls_context->srvr_sig_curve,
+					   state->tls_context->stoc_rpk ?
+					   " raw public key" : "");
 		else if (state->tls_context->srvr_sig_bits > 0)
-		    vstring_sprintf_append(state->buffer, " (%d bits)",
-					 state->tls_context->srvr_sig_bits);
+		    vstring_sprintf_append(state->buffer, " (%d bit%s)",
+					   state->tls_context->srvr_sig_bits,
+					   state->tls_context->stoc_rpk ?
+					   " raw public key" : "s");
 		if (state->tls_context->srvr_sig_dgst
 		    && *state->tls_context->srvr_sig_dgst)
 		    vstring_sprintf_append(state->buffer, " server-digest %s",
@@ -3477,11 +3481,15 @@ static void common_pre_message_handling(SMTPD_STATE *state,
 				state->tls_context->clnt_sig_name);
 		if (state->tls_context->clnt_sig_curve
 		    && *state->tls_context->clnt_sig_curve)
-		    vstring_sprintf_append(state->buffer, " (%s)",
-					state->tls_context->clnt_sig_curve);
+		    vstring_sprintf_append(state->buffer, " (%s%s)",
+					 state->tls_context->clnt_sig_curve,
+					   state->tls_context->ctos_rpk ?
+					   " raw public key" : "");
 		else if (state->tls_context->clnt_sig_bits > 0)
-		    vstring_sprintf_append(state->buffer, " (%d bits)",
-					 state->tls_context->clnt_sig_bits);
+		    vstring_sprintf_append(state->buffer, " (%d bit%s)",
+					   state->tls_context->clnt_sig_bits,
+					   state->tls_context->ctos_rpk ?
+					   " raw public key" : "s");
 		if (state->tls_context->clnt_sig_dgst
 		    && *state->tls_context->clnt_sig_dgst)
 		    vstring_sprintf_append(state->buffer, " client-digest %s",