Just got an email from the Postfix announcement mailinglist telling me that Wietse has released another update. It fixes minor problems and introduces one incompatibility.

  • postmap support for NIS maps was broken with Postfix 2.3.
  • Workaround to avoid breaking digital signatures for malformed MIME attachments.
  • Incorrect handling of ![address] forms in match lists. such as mynetworks, inet_interfaces etc.

from the announcement:

Incompatible changes with Postfix 2.3.7:
Postfix no longer inserts an empty-line header/body separator into malformed MIME attachments, to avoid breaking digital signatures.

This change introduces ambiguity. Postfix still treats the remainder of the attachment as body content; header_checks rules will therefore not detect forbidden MIME types inside a message/rfc822 attachment.

With the empty-line header/body separator no longer inserted by Postfix, other software may process the malformed attachment differently, and thus may become exposed to forbidden MIME types.

I see no problems in our setup for Postfix as we don’t do any header_checks inside Postfix, we only do that in DSpam and that is not affected as far as I can tell.