- update to 3.5.9

========

20210116
  Feature: when a Postfix program makes a DNS query that
  requests DNSSEC validation (usually for Postfix DANE support)
  but the DNS response is not DNSSEC validated, Postfix will
  send a DNS query configured with the "dnssec_probe" parameter
  to determine if DNSSEC support is available, and logs a
  warning if it is not. By default, the probe has type "ns"
  and domain name ".". The probe is sent once per process
  lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c,
  test_dns_lookup.c, global/mail_params.[hc], mantools/postlink.

  The makedefs script no longer disables DNSSEC when Postfix
  is built with libc-musl. Instead Postfix will rely on the
  new dnssec_probe feature, and will log a warning when Postfix
  requests DNSSEC validation, but the infrastructure does not
  validate DNSSEC signatures. File: makedefs.

  The default "smtp_tls_dane_insecure_mx_policy = dane" was
  causing unnecessary dnssec_probe activity. The default is now
  "dane" when smtp_tls_security_level is "dane", otherwise it is
  "may". File: global/mail_params.h.

mail/postfix/Makefile

@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	postfix
-DISTVERSION=	3.5.8
+DISTVERSION=	3.5.9
 PORTREVISION?=	0
 PORTEPOCH=	1
 CATEGORIES=	mail

mail/postfix/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1604787932
-SHA256 (postfix/postfix-3.5.8.tar.gz) = 22582628cf3edc18c5155c9ff44543dd95a9435fb68135d76a99f572cb07456f
-SIZE (postfix/postfix-3.5.8.tar.gz) = 4614733
+TIMESTAMP = 1610898420
+SHA256 (postfix/postfix-3.5.9.tar.gz) = 51ced5a3165a415beba812b6c9ead0496b7172ac6c3beb654d2ccd9a1b00762b
+SIZE (postfix/postfix-3.5.9.tar.gz) = 4620852