OpenSMTPD before 6.6.4 allows local users to read arbitrary files because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.