Regarding section 4, please note that in clause 7.5.3, ISO 27001:2013 explicitly requires you to control documents of external origin that are important for your ISMS, and this section defines how you fulfill this requirement. External documents are any documents not owned or controlled by an organization that is required to its operation, either mandatory or voluntarily adopted. Examples of external documents to be controlled are Laws (e.g., SOX and EU GDPR), standards and regulations (e.g., the ISO 27001 itself), and documents and records from customers, suppliers, and partners (e.g., contracts, service agreements, product/service specification, operation manuals, etc.)
Regarding section 5, it defines how the incoming mail register is stored and protected. The incoming mail register is not a mandatory document, so you can simply have a table where you register who received some important external document, or where such a document is stored.
This article can provide you additional information: