Postfix 3.2.2 was released yesterday to address a security issue due to an undocumented feature of Berkeley DB Quote from http://www.postfix.org/announcements/postfix-3.2.2.html Fixed in all supported releases: Security: Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. This fix does not change Postfix behavior for Berkeley DB versions < 3, but it does reduce postmap and postalias 'create' performance with Berkeley DB versions 3.0 .. 4.6.
A commit references this bug: Author: ohauer Date: Wed Jun 21 19:38:47 UTC 2017 New revision: 444073 URL: https://svnweb.freebsd.org/changeset/ports/444073 Log: - update to 3.2.2 - adjust PORTSCOUT Changelog: 20170221 Compatibility fix (introduced: Postfix 3.1): some Milter applications do not recognize macros sent as {name} when macros have single-character names. Postfix now sends such macros without {} as it has done historically. Viktor Dukhovni. File: milter/milter.c. 20170402 Bugfix (introduced: Postfix 3.2): restore the SMTP server receive override options at the end of an SMTP session, after the options may have been modified by an smtpd_milter_maps setting of "DISABLE". Problem report by Christian R__ner, root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c. 20170430 Safety net: append a null byte to vstring buffers, so that C-style string operations won't scribble past the end. File: vstring.c. 20170531 Bugfix (introduced: Postfix 3.2): after the table lookup overhaul, the check_sender_access and check_recipient_access features ignored the parent_domain_matches_subdomains setting. Reported by Henrik Larsson. File: smtpd/smtpd_check.c. 20170610 Workaround (introduced: Postfix 3.0 20140718): prevent MIME downgrade of Postfix-generated message/delivery status. It's supposed to be 7bit, therefore quoted-printable encoding is not expected. Problem reported by Griff. File: bounce/bounce_notify_util.c. 20170611 Security: Berkeley DB 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. This fix does not change Postfix behavior for Berkeley DB < 3, but reduces file create performance for Berkeley DB 3 .. 4.6. File: util/dict_db.c. PR: 219996 Reported by: Markus Kohlmeyer MFH: 2017Q2 Changes: head/mail/postfix/Makefile head/mail/postfix/distinfo
Update to 3.2.2 was commited