Documentation is probably the only important thing left before v1.0.
* deliver doesn't ever exit with Dovecot's internal exit codes anymore.
All its internal exit codes are changed to EX_TEMPFAIL.
* mbox: X-Delivery-ID header is now dropped when saving mails.
* mbox: If pop3_uidl_format=%m, we generate a unique X-Delivery-ID
header when saving mails to make sure the UIDL is unique.
+ PAM: blocking=yes in args uses an alternative way to do PAM checks.
Try it if you're having problems with PAM.
+ userdb passwd: blocking=yes in args makes the userdb lookups be done
in auth worker processes. Set it if you're doing remote NSS lookups
(eg. nss_ldap problems are fixed by this).
+ If PAM child process hasn't responded in two minutes, send KILL
signal to it (only with blocking=no)
- IMAP: APPEND ate all CPU while waiting for more data from the client
(broken in rc22)
- mbox: Broken X-UID headers assert-crashed sometimes
- mbox: When saving a message to an empty mbox file it got an UID
which immediately got incremented.
- mbox: Fixed some wrong "uid-last unexpectedly lost" errors.
- auth cache: In some situations we crashed if passdb had extra_fields.
- auth cache: Special extra_fields weren't saved to auth cache.
For example allow_nets restrictions were ignored for cached entries.
- A lot of initial login processes could cause auth socket errors
in log file at startup, if dovecot-auth started slowly. Now the
login processes are started only after dovecot-auth has finished
initializing itself.
- imap/pop3 proxy: Don't crash if the remote server disconnects before
we're logged in.
- deliver: Don't bother trying to save the mail twice into the default
mailbox (eg. if it's over quota).
- mmap_disable=yes + non-Linux was really slow with large
dovecot.index.cache files
- MySQL couldn't be used as a masterdb
- Trash plugin was more or less broken
- imap/pop3 couldn't load plugins if they chrooted
- imap/pop3-login process could crash in some conditions
- checkpassword-reply crashed if USER/HOME wasn't set
Found another bad bug in rc19 changes. Wonder why my imaptest catched
the bug only in CVS HEAD but not in branch_1_0 even though both had it.
Anyway, now the imaptest runs nicely for both, and I'm again optimistic
that the bug count is low enough for v1.0 to be released soon :)
+ pop3: Commit the transaction even if client didn't QUIT so cached
data gets saved.
- Fixed another indexing bug in rc19 and later which caused
transactions to be skipped in some situations, causing all kinds of
problems.
- mail_log_max_lines_per_sec was a bit broken and caused crashes with
dovecot -a
- BSD filesystem quota was counted wrong. Patch by Manuel Bouyer
- LIST: If namespace has a prefix and inbox=no, don't list
prefix.inbox if it happens to exist when listing for %.
Our patch-ah has been applied upstream and patch-ak was from dovecot CVS.
Changes in dovecot-1.0rc20:
+ dovecot: Added --log-error command line option to log an error, so
the error log is easily found.
+ Added mail_log_max_lines_per_sec setting. Change it to avoid log
throttling with mail_log plugin.
- Changing message flags was more or less broken in rc19
- ACL plugin still didn't work without separate control directory
- Some mbox handling fixes, including fixing an infinite loop
- Some index file handling fixes
- maildir quota: Fixed a file descriptor leak
- If auth_cache was enabled and userdb returned "user unknown"
(typically only deliver can do that), dovecot-auth crashed.
- mail_log plugin didn't work with pop3
Changes in dovecot-1.0rc21:
- Cache file handling could have crashed rc20
utility does). Without this, the ration used/total displayed by clients
is right but the absolute values are wrong.
Submitted to dovecot developers, OK'd by ghen@
bump PKGREVISION
Just did a few more fixes to index files. Do they help with anyone's problems?
- ACL plugin didn't work unless control dir was separate from maildir
- More index file handling fixes
I think we're quite near v1.0 now.
* ACL plugin + Maildir: Moved dovecot-acl file from control directory
to maildir. To prevent accidents caused by this change, Dovecot
kills itself if it finds dovecot-acl file from the control directory.
* When opening a maildir, check if tmp/'s atime is over 8h old. If it
is, delete files in it with ctime older than 36h. However if
atime - ctime > 36h, it means that there's nothing to be deleted and
the scanning isn't done. We update atime ourself if filesystem is
mounted with noatime.
* base_dir doesn't need to be group-readable, don't force it.
* mail_read_mmaped setting is deprecated and possibly broken. It's now
removed from dovecot-example.conf, but it still works for now.
* Removed also umask setting from dovecot-example.conf since currently
it doesn't do what it's supposed to.
+ Authentication cache caches now also userdb data.
+ Added mail_log plugin to log various mail operations. Currently it
logs mail copies, deletions, expunges and mailbox deletions.
- dict quota: messages=n parameter actually changed storage limit.
- A lot of fixes to handling index files. This should fix almost all
of the problems ever reported.
- LDAP: auth_bind=yes was more or less broken.
- Saved mails and dovecot-keywords file didn't set the group from
dovecot-shared file.
- Fixed potential assert-crash while searching messages
- Fixed some crashes with invalid X-UID headers in mboxes
- If you didn't have a namespace with empty prefix, giving STATUS
command for a non-existing namespace caused the connection to give
"NO Unknown namespace" errors for all the future commands.
If you've had problems with getting errors about index files
sometimes being corrupted, please try if this release fixes it. If
you've reported any bugs that this release hasn't fixed, please
report them again so I know they still didn't get fixed and that I
didn't forget them.
* IMAP: When trying to fetch an already expunged message, Dovecot used
to just disconnect client. Now it instead replies with dummy NIL
data.
* Priority numbers in plugin names have changed. If you're installing
from source, you should delete the existing plugin files before
installing the new ones, otherwise you'll get errors.
* Maildir: We're using rename() to move files from tmp/ to new/ now.
See http://wiki.dovecot.org/MailboxFormat/Maildir -> "Issues with
the specification" for reasoning why this is safe. This makes saving
mails faster, and also makes Dovecot usable with Mac OS X's HFS+
(after you also set dotlock_use_excl=yes, see below).
+ Added dotlock_use_excl setting. If enabled, dotlocks are created
directly using O_EXCL flag, instead of by creating a temporary file
which is hardlinked. O_EXCL is faster, but may not work with NFS.
+ If Dovecot crashes with Linux or Solaris, it'll log a
"Raw backtrace". It's worse than gdb's backtrace, but better than
nothing.
+ Added maildir_copy_preserve_filename=yes setting.
+ Added a lazy-expunge plugin to allow users to unexpunge their mails.
+ maildir quota: Added ignore setting to maildir quota, which allows
ignoring quota in Trash mailbox.
+ dict quota: If dictionary doesn't yet contain the quota, calculate
it by going through all the mails in all the mailboxes.
+ login_log_format_elements: Added %a=local port and %b=remote port
+ Added -i and -o options to rawlog to restrict logging only to
input or output.
- Doing a STATUS command for a selected mailbox (not a recommended
IMAP client behavior) caused Dovecot to sync the mailbox silently.
This could have lost eg. EXPUNGE events from clients, causing them
to use wrong sequence numbers.
- deliver was treating boolean settings set to "no" as if they were
"yes" (they were supposed to be commented out for "no")
- Running "dovecot" with -a or -n option while Dovecot was running
deleted all authentication sockets, which caused all the future
logins to fail.
- maildir: RENAME and DELETE didn't touch control directory if it was
different from maildir or index dir.
- We treated internal userdb lookup errors as "user unknown" errors.
In such situations this caused deliver to think the user didn't
exist and the mail get bounced.
- pam: Setting cache_key crashed
- shared maildir: dovecot-keywords file's mode wasn't taken from
dovecot-shared file.
- dovecotpw wasn't working with PowerPC
* Fixed an off-by-one buffer overflow in cache file handling. The
code is executed only with mmap_disable=yes and only if index files
are used (ie. INDEX=MEMORY is safe).
* passdb checkpassword: Handle vpopmail's non-standard exit codes.
- rc14 sometimes assert-crashed if .log.2 file existed in a mailbox
(earlier versions leaked memory and file descriptors)
- io_add() assert-crashfixes
- Potential SSL hang fix at the beginning of the connection
For details on the security issue, see:
http://www.dovecot.org/list/dovecot-news/2006-November/000023.html
More fixes.
"Duplicate header extension keywords" is the only known problem (or if I
forgot something, remind me). I'll try to figure out a way to reproduce
it easily and then get it fixed.
* LDAP: Don't try to use ldap_bind() with empty passwords, since
Windows 2003 AD skips password checking with them and just returns
success.
* verbose_ssl=yes: Don't bother logging "syscall failed: EOF"
messages. No-one cares about them.
+ Dovecot sources should now compile without any warnings with gcc 3.2+
- rc13 crashed if client disconnected while IDLEing
- LDAP: auth_bind=yes fixes
- %variables: Fixed zero padding handling and documented it. %0.1n
shouldn't enable it, and it really shouldn't stay for the next
%variable. -sign also shouldn't stay for the next variable.
- Don't leak opened .log.2 transaction logs.
- Fixed a potential hang in IDLE command (probably really rare).
- Fixed potential problems with client disconnecting while master was
handling the login.
- quota plugin didn't work in Mac OS X
I'll just keep on making new releases now whenever something important
is fixed. Hopefully there shouldn't be many left anymore.
Most of the bugs fixed in this release were found by stress testing with
my imaptest tool (http://dovecot.org/tools/imaptest.c). If you're
interested in knowing how perfectly your Dovecot setup works (especially
if you're using NFS), you could try the tool yourself also.
I still see one crash with mmap_disable=yes, but it's pretty rare. Will
see if I get it fixed before v1.0, but it's not that important.
+ deliver: If we're executing as a normal system user, get the HOME
environment from passwd if it's not set. This makes it possible to
run deliver from .forward.
- Older compilers caused LDAP authentication to crash
- Dying LDAP connections weren't handled exactly correctly in rc11,
although it seemed to work usually
- Fixed crashes and memory leaks with AUTHENTICATE command
- Fixed crashes and leaks with IMAP/POP3 proxying
- maildir: Changing a mailbox while another process was saving a
message there at the same may have caused the changes to not be made
into the maildir, which could have caused other problems later..
From the release announcement mail:
Since rc11 has problems compiling with BSDs, here's a new release. Just
two changes:
- rc11 didn't compile with some compilers
- default_mail_env fallbacking was broken with --exec-mail
Hopefully the last RC release? As far as I know there are no major
problems left now. If nothing big shows up, v1.0 should be out in a
couple of weeks.
* Renamed default_mail_env to mail_location. default_mail_env still
works for backwards compatibility.
* deliver: When sending rejects, don't include Content-Type in the
rejected mail's headers.
* LDAP changes:
* If auth binds are used, bind back to the default dn before doing
a search. Otherwise it could fail if a user gave an invalid
password.
* Initial binding at connect is now done asynchronously.
* Use pass_attrs even with auth_bind=yes since it may contain
useful non-password fields.
+ passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP
environments to the checkpassword binary so we're UCSPI (and vchkpw)
compatible.
- mbox handling was a bit broken in rc10
- Using Dovecot via inetd kept crashing dovecot master
- deliver: Don't crash with -f "". Changed the default from envelope
to be "MAILER-DAEMON".
- INBOX wasn't shown with LSUB command if only prefixed namespaces
were used.
- passdb ldap: Reconnecting to LDAP server wasn't working with
auth binds.
- passdb sql: Non-plaintext authentication didn't work
- MySQL passdb ignored all non-password checks, such as allow_nets
- trash plugin was broken
I've finally read all the mails in the mailing list and in my INBOX. If
I haven't replied to some of your mail, please resend it.
Remember that since 1.0.rc9 release dovecot.index.cache files will get
rebuilt in 64bit systems, and it's probably better to delete them
manually so you don't get errors in log files.
There are only a couple of issues left in my v1.0-TODO list:
- Master process appears to be leaking log fds with kqueue. Could
someone again give me access to a system where this happens?
- Login process problems. How well does it work now? Hopefully well
enough that v1.0 could be released.
- LDAP authentication is leaking memory? Can anyone confirm this? Even
better, can someone figure out what exactly is leaking? :) Not a v1.0
blocker though.
I think v1.0 will be released once no-one has reported any major
problems for a Dovecot release in 2-4 weeks. I think login process
handling is the only potentially major problem left.
There are a few patches from people that I haven't forgotten, but I've
decided not to put them into v1.0 anymore:
- Filesystem quota group. I don't think it's that important feature,
and it might break something.
- HFS+ hardlink avoiding
- Managesieve
- vmailmgr support
And finally the changes in this release:
* When matching allowed_nets IPs, convert IPv6-mapped-IPv4 addresses
to actual IPv4 addresses first.
+ IMAP: Try to avoid sending duplicate/useless message flag updates
+ Added support for non-plaintext authentication for vpopmail if it
returns plaintext passwords. Based on patch by Remi Gacogne.
+ Added %D modified to return "sub.domain.org" as
"sub,dc=domain,dc=org" (for LDAP queries). Patch by Andrey Panin.
- rc9 broke cache files in 64bit systems
- deliver works now with mail_chroot
- auth cache didn't work properly with multiple passdbs
- Fixes to handling CRLF linefeeds in mboxes.
Most importantly this should fix the login process problems that people
have been reporting. There were also some bugs in the proxying feature.
Also note the 64bit change in dovecot.index.cache files. Unless you
delete dovecot.index.cache files manually, you'll these kind of error
messages into your logs:
Error: Corrupted index cache file ...dovecot.index.cache:
registered field date.sent size changed
They'll get fixed automatically of course, but it might be a bit
annoying to see them.
* 64bit systems: dovecot.index.cache file will be rebuilt because
some time fields have been changed from 64bit fields to 32bit
fields. Now the same cache file can be used in both 32bit and
64bit systems without it being rebuilt.
* Added libmysqlclient workaround to conflicting sha1_result symbol,
which caused Dovecot to fail logging into MySQL.
+ dovecot.index.cache file opening is delayed until it's actually
needed. This reduces disk accesses a bit with eg. STATUS commands.
+ auth_cache: Try to handle changing passwords automatically: If
password verification fails, but the last one had succeeded, don't
use the cache. This works only with plaintext auth.
- dovecot.index.cache: We didn't properly detect if some fields were
different length than we expected, which caused assert crashes
- Lots of fixes to login/master process handling
- mbox: Fixed a bug causing "X-IMAPbase uid-last unexpectedly lost
in mbox file" errors, and possibly others.
I've still over 200 mails unread in the mailing list, and important
things left in TODO. This release is an improvement over rc7 anyway,
hopefully I'll have time to fix the rest soon.
* GSSAPI: Changed POP3 service name to "pop", which is what the
standard says
* "mbox:/var/mail/%u" no longer works as the mail location. You'll
have to specify the mail root explicitly, just like the examples
always have: "mbox:~/mail:INBOX=/var/mail/%u"
+ SHA1, LDAP-MD5, PLAIN-MD5, PLAIN-MD4: The password can be now either
hex or base64 encoded. The encoding is detected automatically based
on the password string length.
+ Allow running only Dovecot master and dovecot-auth processes with
protocols=none setting
+ deliver: -f <envelope sender> parameter can be used to set mbox
From_-line's sender address
+ deliver: Log all mail saves and failures
+ Tru64 SIA passdb support. Patch by Simon L Jackson.
- INBOX was listed twice in mailbox list if namespace prefix was used
- INBOX-prefixed namespaces were a bit broken
- kqueue: Fix 100% CPU usage
- deliver: Duplicate storage was a bit broken
- dictionary code was broken (ie. dict quota)
- SIGHUP caused crashes sometimes
> Can everyone now agree that there are no more hangs? :)
>
> * Require that Dovecot master process's version number matches the
> child process's, unless version_ignore=yes. Usually it's an
> accidental installation problem if the version numbers don't match.
> * Maildir: Create maildirfolder file when creating new maildirs.
>
> + ldap+prefetch: Use global uid/gid settings if LDAP query doesn't
> return them
> + %variables: Negative offsets count from the end of the string.
> Patch by Johannes Berg.
> - kqueue ioloop code rewrite
> - notify=kqueue might have caused connection hangs sometimes
> - deliver: If message body contained a valid mbox From_ line, it
> and the rest of the message was skipped.
> - mbox: We got into infinite loops if trying to open a 2 byte sized
> file as mbox.
> - Don't crash with ssl_disable=yes
> - quota plugin caused compiling problems with some OSes
> - mbox: After saving a mail to a synced mbox, we lost the sync which
> caused worse performance
>
> I think my v1.0 TODO list is:
>
> - avoid duplicate flag change notifications, or in case the message is
> also expunged don't bother notifying its flag changes at all
> (shouldn't be hard)
> - HFS+ avoid-hardlinks patch?
> - 32bit -> 64bit upgrade still doesn't work without assert-crashing:
> mail-cache-transaction.c: line 709 (mail_cache_add): assertion failed:
> (fixed_size == (unsigned int)-1 || fixed_size == data_size)
> - Courier-compatible INBOX. namespace gives "invalid namespace" errors
>
> I'm still not sure about the last one though. Could someone give me
> specific commands that clients send that causes it?
>
> As for the 32bit -> 64bit upgrade fix, could someone give me access to a
> x86-64 machine for a while to test it out?
pkgsrc option for kqueue support. Hence, remove --with-ioloop=best again, and
enable the "kqueue" option by default on *BSD platforms (as already suggested
by grant when he first added the option). The pkg's default behaviour does
not change, so don't bump PKGREVISION.
I/O loop method was changed from kqueue(2) to poll(2) in 1.0rc2, which has
been reported to cause problems on *BSD. --with-ioloop=best selects kqueue
on platforms that implement it (*BSD), and poll on others. You can use
"dovecot --build-options" to see what your binary has been compiled with.
- Use (the newly defined) SSLDIR so we use .../certs & .../private
rather than .../certs/certs and .../certs/private
- Update ssl_cert_file & ssl_key_file in example dovecot.conf to match SSLDIR
- Update mkcert.sh to also match SSLDIR
Back to rc1's SSL proxying code with some improvements, which hopefully
now makes everyone happy.
I'm seeing all kinds of problems with namespace prefixes and LIST code.
I guess it would be important to fix it before v1.0 since it makes
upgrades from other servers easier..
I also tried looking into the "Unknown namespace" problems that happens
if you try to create only one namespace with "INBOX." prefix. I couldn't
really figure out what causes those errors. Could someone show me what
commands the client tries to use which causes it?
* Removed login_max_logging_users setting since it was somewhat weird
in how it worked. Added login_max_connections to replace it with
login_process_per_connection=no, and with =yes its functionality
is now within login_max_processes_count.
+ Added --with-linux-quota configure option to specify which Linux
quota version to use, in case it's not correct in sys/quota.h.
Usually used as --with-linux-quota=2
+ acl plugins: If .DEFAULT file exists in global ACL root directory,
use it as the default ACLs for all mailboxes.
- Fixes to login process handling, especially with
login_process_per_connection=no.
- Back to the original SSL proxy code but with one small fix, which
hopefully fixes the occational hangs with it
- Several fixes to handling LIST command more correctly.
- SSL connections hanged sometimes, especially when saving messages.
- mbox: Mail bodies were saved with CR+LF linefeeds
- Mail forwarding was broken with deliver/Sieve
- dbox fixes. Might actually be usable now.
- Index file handling fixes with keywords
- Cache file was incorrectly used in some situations, which probably
caused problems sometimes.
- Maildir++ quota: Don't count "." and ".." directory sizes to quota.
After rewriting maildirsize file keep its fd open so that we can
later update it. Patch by Alexander Zagrebin
* disable_plaintext_auth=yes: Removed hardcoded 127.* and ::1 IP
checks. Now we just assume that the connection is secure if the
local IP matches the remote IP address.
* SSL code rewrite which hopefully makes it work better than before.
Seems to work correctly, but if you suddently have trouble with SSL
connections this is likely the reason.
+ verbose_ssl=yes: Log also SSL alerts and BIO errors
- If namespace's location field wasn't set, the default location
was supposed to be used but it wasn't.
- When copying ssl-parameters.dat file from /var/lib to /var/run its
permissions went wrong if it couldn't be copied with hard linking.
- Fixed filesystem quota plugin to work with BSDs.
- Maildir: Saving mails didn't work if quota plugin was enabled (again)
- Maildir: Messages' received time wasn't saved properly when
saving/copying multiple messages at a time. Also if using quota
plugin the S= size was only set for the first saved file, and even
that was wrong.
- passdb passwd-file: Don't require valid uid/gid fields if file
isn't also being used as a userdb.
- PostgreSQL: Handle failures better so that there won't be
"invalid fd" errors in logs.
- Don't try to expunge messages if the mailbox is read-only. It'll
just cause our index files to go out of sync with the real
mailbox and cause errors.
- ANONYMOUS authentication mechanism couldn't work because
anonymous_username setting wasn't passed from master process.
* PAM: If user's password is expired, give "Password expired" error
message to the user. Now actually working thanks to Vaidas Pilkauskas
* Relicensed dovecot-auth, lib-sql and lib-ntlm to MIT license. See
COPYING file for more information.
* Abuse prevention: When creating a mailbox, limit the number of
hierarchies (up to 20) and the length of the mailbox name within
a hierarchy (up to 200 characters).
* mbox: If saved mail doesn't end with LF, add it ourself so that the
mails always have one empty line before the next From-line.
+ Added --with-statedir configure option which defaults to
$localstatedir/lib/dovecot. ssl-parameters.dat is permanently
stored in that directory and is copied to login_dirs from there.
+ IMAP: Support SASL-IR extension (SASL initial response)
+ Support initial SASL response with LOGIN mechanism. Patch by Anders
Karlsson
+ Added PLAIN-MD4 password scheme. Patch by Andrey Panin.
+ Added support for XFS disk quotas. Patch by Pawel Jarosz
+ If another process deletes the opened mailbox, try to handle it
without writing errors to log file. Handles the most common cases.
+ Added TLS support for LDAP if the library supports it.
- SEARCH command was more or less broken with OR and NOT conditions
- Dovecot corrupted mbox files which had CR+LF linefeeds in headers
- MySQL code could have crashed while escaping strings
- MD4 code with NTLM authentication was broken with 64bit systems.
Patch by Andrey Panin
- Plugin loading was broken in some OSes (eg. FreeBSD)
- Several fixes to handling empty values in configuration file
- Several fixes to dictionary quota backend and dict server.
Also changed how they're configured.
- deliver: Fixed plugin handling settings
- mbox_min_index_size handling was somewhat broken
- passdb passwd-file: extra_args field wasn't read unless the file
was also used as userdb.
C++ and Fortran by default, but doing so does not bomb configure or build,
so there's no harm in the pkgsrc warnings.)
Because this changes the dependencies on systems using pkgsrc-supplied gcc,
bump PKGREVISION. <sigh>
Fixes a lot of bugs. The next release will be the first "release
candidate" instead of a beta.
* PAM: Don't call pam_setcred() unless setcred=yes PAM passdb
argument was given.
* Moved around settings in dovecot-example.conf to be in more logical
groups.
+ Local delivery agent (deliver binary) works again.
+ LDAP: Added support for SASL binding. Patch by Geert Jansen
+ ssl_verify_client_cert: Check CRLs. If auth_verbose=yes, log
invalid sent certificates. If verbose_ssl=yes, log even the valid
certificates. When using the username from the certificate, use
CommonName. Based on patch by HenkJan Wolthuis
+ PAM: Set PAM_TTY which is needed by some PAM plugins
+ dovecot --exec-mail ext <binary path> can now be used to start
binaries which want dovecot.conf to be read, for example the
convert-tool.
- Expunging needed to be done twice if client used STORE +FLAGS.SILENT
command to set the \Deleted flags
- Added sql_escape_string() to lib-sql API and use it instead of
normal \-escaping.
- ACL plugin fixes
- DIGEST-MD5: Trying to use subsequent authentication crashed
dovecot-auth.
- Fetching BODY when BODYSTRUCTURE was already cached caused the
reply to be broken in some cases
- Lots of fixes for index file handling
- dbox fixes and changes
- mbox syncing broke if some extraneous/broken headers were removed
(eg. extra X-IMAPbase headers in mails)
- Running Dovecot from inetd work now properly with POP3
- Quota plugin fixes for calculating the quota correctly
changes since 1.0beta7:
* Fixed a security hole with mbox: "1 LIST .. *" command could
list all directories and files under the mbox root directory, so
if your mails were stored in eg. /var/mail/%u/ directory, the
command would list everything under /var/mail.
+ Unless nfs_check=no or mmap_disable=yes, check for the first login
if the user's index directory exists in NFS mount. If so, refuse to
run. This is done only on first login to avoid constant extra
overhead.
+ If we have plugins set and imap_capability unset, figure out the
IMAP capabilities automatically by running imap binary at startup.
The generated capability list isn't updated until Dovecot is
restarted completely, so if you add or remove IMAP plugins you
should restart. If you have problems related to this, set
imap_capabilities setting manually to work around it.
+ Added auth_username_format setting
- pop3_lock_session setting wasn't really working
- Lots of fixes related to quota handling. It's still not working
perfectly though.
- Lots of index handling fixes, especially with mmap_disable=yes
- Maildir: saving mails could have sometimes caused "Append with UID
n, but next_uid = m" errors
- flock() locking never timeouted because ignoring SIGALRM caused the
system call just to be restarted when SIGALRM occurred (probably not
with all OSes though?)
- kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
+ Added shutdown_clients setting to control if existing imap/pop3 processes
should be killed when master is.
- Master login fixes, PLAIN authentication was still broken..
v1.0.beta6 2006-04-12
* The login and master usernames were reversed when using
master_user_separator (now the order is UW-IMAP compatible).
* Killing dovecot master process now kills all IMAP and POP3
processes also.
+ -a parameter to dovecot prints now all settings that Dovecot uses.
-n prints all settings that are different from defaults.
+ Added pop3_lock_session setting
+ %M modifier returns string's MD5 sum. Patch by Ben Winslow
- PLAIN SASL authentication wasn't working properly, causing failed
logins with some clients (broken in beta4)
- Fixes to Maildir++ quota, should actually work now
- Don't crash if passwd-file has entries without passwords
(eg. deny=yes databases)
- Fixed prefetch userdb to work nicely with other userdbs
- If master process runs out of file descriptors, don't go to
infinite loop (unlikely to have happened unless the OS's default
fd limit was too low)
- Fixed non-plaintext password lookups from LDAP. Patch by Lior Okman
- %U modifier was actually lowercasing the string. Patch by
Ben Winslow
which were fixed again in beta5.
patch-ac and patch-ad were taken from CVS and are not needed anymore.
Changes in Dovecot 1.0beta4:
* Changed the default lock_method back to fcntl. Apparently flock
gives problems with some systems.
* mbox: mailboxes beginning with '.' are now also listed
* Replaced mail_use_modules and mail_modules settings with mail_plugins
and mail_plugin_dir. Now instead of loading all plugins from the
directory, you'll have to give a list of plugins to load. If the
plugin couldn't be loaded, the process exits instead of just
ignoring the problem (this is important with ACL plugin).
+ Added support for "master users" who can log in as other people.
The master username can be given either in authorization ID
string with SASL PLAIN mechanism or by setting
auth_master_user_separator and giving it within the normal username
string.
+ Added ACL plugin with ACL file backend. This however doesn't mean
that there yet exists a proper shared folder support. If master user
logged in as someone else, the ACLs are checked as the master user.
+ Added some Dovecot extensions to checkpassword passdb, see ChangeLog
+ Updated passwd-file format to allow specifying any key=value fields
+ Maildir++ quota support and several quota fixes
+ passdb supporting extra fields: Added "allow_nets" option which takes
a comma separated list of IPs/networks where to allow user to log in.
+ NFS: Handle ESTALE errors the best way we can
+ IMAP now writes to log when client disconnects
+ In shared mailboxes (if dovecot-shared file exists) \Seen flags are
now kept only in index files, so as long as each user has a separate
index file they have separate \Seen flags.
- Fixes to DIGEST-MD5 realm handling so it works with more clients
- BODYSTRUCTURE -> BODY conversion from cache file was broken with
mails containing message/rfc822 parts.
- Fixed several memory leaks
- We could have sent client FETCH notifications about messages before
telling about them with EXISTS
- Compiling fixes for Solaris and some other OSes
- Fixed problem with internal timeout handling code, which caused eg.
outlook-idle workaround to break.
- If /dev/urandom didn't exist, we didn't seed OpenSSL's random number
generator properly. Patch by Vilmos Nebehaj.
- Maildir: Recent flags weren't always immediately removed from mails
when mailbox was opened.
- Several changes to SSL proxying code, hopefully making it work
better.
Changes in Dovecot 1.0beta5:
- Beta4's SSL proxying rewrite worked worse than I thought.
Reverted it back to original code.
- Filesystem quota plugin now looks up the mount path correctly.
(we've patched them). Wanted to wait with this for dovecot1.0beta4 but this
takes longer than I thought. Not worth bumping PKGREVISION, IMO.
Ok with tv.
default at the next version bump?)
- set SSL_{CFLAGS,LIBS} when calling configure script so they are
found correctly on Solaris, and make the configure script do what it
claims and ignore pkg-config when these are set.
- add lib-sql Makefile patch from Dovecot CVS so this builds correctly
when no SQL auth support is built.
as was done in wip/dovecot-nightly. That comment is misleading with
pkgsrc, since those paths are not what pkgsrc encodes into the conf file.
Bump PKGREVISION (unfortunate, but there will be another beta pretty
soon anyway).
* Dotlock code changed to timeout faster in some situations when
the lock file is old.
+ Added support for loading SQL drivers dynamically (see INSTALL file for how
to build them)
+ Keywords are stored to dboxes, and other dbox improvements.
+ dict-sql could actually work now, making quota-in-sql-database possibly
working now (not fully tested)
+ Added mail storage conversion plugin to convert automatically from one
mailbox format to another while user logs in. Doesn't preserve UIDVALIDITY/
UIDs though.
+ Added plugin { .. } section to dovecot.conf for passing parameters to
plugins (see dovecot-example.conf).
+ Added ssl-build-param binary which is used to generate ssl-parameters.dat.
Main dovecot binary doesn't anymore link to SSL libraries, and this also
makes the process title be clearer about why the process is eating all the
CPU.
- Fix building without OpenSSL
- Fixed memory leak in MySQL driver
- Fixes to checkpassword
- Broken Content-Length header could have broken mbox opening
- Fixed potential hangs after APPEND command
- Fixed potential crashes in dovecot-auth and imap/pop3-login
- zlib plugin now links with -lz so it could actually work
- kqueue fixes by Vaclav Haisman
Also, change the package's name to 1.0beta3 (from 1.0b2), since "beta" is what
pkgsrc recognizes according to pkg_info(1). (sorry tv, I thought it was "b".)
correct a mistake in my previous commit:
- add dependency on zlib
- add option for GNU TLS as an alternative to OpenSSL
- drop SASL option, it's no longer supported
- explicitly disable some options with --disable-*
- "s,/usr/pkg,@PREFIX@," in patch-ab -- I accidentally diffed it after the SUBST stage
- change SUBST_STAGE from post-patch to pre-configure to avoid this in the future
- bump PKGREVISION for all this
Thanks to tv@.
recommended by the Dovecot author (the 0.99.x series are deprecated).
Major changes:
v1.0.beta2 2006-01-22 Timo Sirainen <tss@iki.fi>
+ Added SQLite support. Patch by Jakob Hirsch.
+ Added auth_debug_passwords setting. If it's not enabled, hide all
password strings from logs.
+ Added mail_cache_min_mail_count and mbox_min_index_size settings
which can be used to make Dovecot do less disk writes in small
mailboxes where they don't benefit that much.
+ Added --build-ssl-parameters parameter to dovecot binary
- SSL parameters were being regenerated every 10 minutes, although not
with all systems.
- Fixed dovecot-auth crashing at startup. Happened only with some
specific compilers.
- base_dir was supposed to be set world-readable, not world-writable
v1.0.beta1 2006-01-16 Timo Sirainen <tss@iki.fi>
* Almost a complete rewrite since 0.99.x, but some of the major
changes are:
+ Index file code rewritten to do less disk I/O, wait locks less and in
generate be smarter. They also support being in clustered filesystems
and NFS support is mostly working also.
+ Mail caching is smarter. Only the data that client requests is
cached. Before Dovecot opened and cached all mails when mailbox was
opened the first time, which was slow.
+ Mbox handling code rewritten to be much faster, safer and correct
+ New authentication mechanisms: APOP, GSSAPI, LOGIN, NTLM and RPA.
+ LDAP supports authentication binds
+ Authentication server can cache password database lookups
+ Support for multiple authentication databases
+ Namespace configuration
+ Dovecot works with shared
- Add an option for sqlite support.
- Take over maintainership.
All suggested (and ok'ed) by xtraeme.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
bump PKGREVISION since this is a change from the previous behaviour,
where PAM support was autodetected. it must now be explicitly enabled
via PKG_OPTIONS.dovecot.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
Changes:
o Message address fields are now parsed differently, fixing some
issues with spaces. Affects only clients which use FETCH ENVELOPE
command.
o Message MIME parser was somewhat broken with missing MIME boundaries
o mbox: Don't allow X-UID headers in mails to override the UIDs we
would otherwise set. Too large values can break some clients and
cause other trouble.
o passwd-file userdb wasn't working
o PAM crashed with 64bit systems
o non-SSL inetd startup wasn't working
o If UID FETCH notices and skips an expunged message, don't return
a NO reply. It's not needed and only makes clients give error
messages.
* GNUTLS support hasn't been working for a while, so it's not even
tried to be used anymore unless explicitly wanted.
+ Added CRAM-MD5 authentication mechanism. Patch by Joshua Goodall
+ Added SMD5 and LDAP-MD5 password schemes and changed MD5 scheme to
use LDAP-MD5 if the password isn't in MD5crypt format. Patch by
Joshua Goodall
+ Workaround for some POP3 client bugs: if message doesn't contain the
"end of headers" empty line, add it automatically.
+ vpopmail supports now all password schemes, most importantly
MD5crypt works now without support from libc's crypt()
- SQL and LDAP authentication was broken
- SEARCH UNKEYWORD wasn't working
pkgsrc changes:
* Disable GNU TLS support for the time being.
* Move the workaround for the gcc2 sparc64 ICE into hacks.mk.
* Format DESCR.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
Changes:
- Fix memory leaks in LDAP, MySQL and PGSQL userdb/passdb
- Fix hanging when parsing mails that have over 4096 bytes in one
line (SMTP servers normally don't allow over 1000 bytes so it
shouldn't be much of a problem)
- FETCH BODYSTRUCTURE sometimes gave a wrong reply
(eg. with FETCH (BODYSTRUCTURE RFC822.SIZE) if it wasn't cached)
- Never return more than one INBOX in LIST even if there are such
files. They don't work anyway and it just confuses clients.
- mbox: Don't allow creating INBOX directory by creating/renaming
mailboxes under it. They just wouldn't work.
- POP3: Don't return PLAIN in SASL list. We don't support initial SASL
responses, so it only breaks with most clients that try to use it.
- IMAP and POP3 login processes may have sent each line in two IP
packets, one with the data and another with CR+LF. Some clients
didn't work because of this.
v0.99.11 2004-09-04 Timo Sirainen <tss@iki.fi>
+ 127.* and ::1 IP addresses are treated as secured with
disable_plaintext_auth = yes
+ auth_debug setting for extra authentication debugging
+ Some documentation and error message updates
+ Create PID file in /var/run/dovecot/master.pid
+ home setting is now optional in static userdb
+ Added mail setting to static userdb
- After APPENDing to selected mailbox Dovecot didn't always notice the
new mail immediately which broke some clients
- THREAD and SORT commands crashed with some mails
- If APPENDed mail ended with CR character, Dovecot aborted the saving
- Output streams sometimes sent data duplicated and lost part of it.
This could have caused various strange problems, but looks like in
practise it rarely caused real problems.
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
0.99.10.9 2004-07-31 Timo Sirainen <tss at iki.fi>
- MySQL compiling got broken in last release
- More PostgreSQL reconnection fixing
0.99.10.8 2004-07-30 Timo Sirainen <tss at iki.fi>
+ LDAP support compiles now with Solaris LDAP library
- IMAP BODY and BODYSTRUCTURE replies were wrong for MIME parts which
didn't contain Content-Type header.
- MySQL and PostgreSQL auth didn't reconnect if connection was lost
to SQL server
- Linking fixes for dovecot-auth with some systems
- Last fix for disconnecting client when downloading mail longer than
30 seconds actually made it never disconnect client. Now it works
properly: disconnect when client hasn't read _any_ data for 30
seconds.
v0.99.10.7 2004-07-14 Timo Sirainen <tss@iki.fi>
+ Added outlook-pop3-no-nuls workaround to fix Outlook hang in
mails with NULs.
+ Config file lines can now contain quoted strings ("value ")
- If client didn't finish downloading a single mail in 30 seconds,
Dovecot closed the connection. This was supposed to work so that
if client hasn't read data at all in 30 seconds, it's disconnected.
- Maildir: LIST now doesn't skip symlinks
v0.99.10.5 2003-12-27 Timo Sirainen <tss@iki.fi>
+ MySQL authentication, patch by Matthew Reimer
+ --with-moduledir configure option
- mbox: APPEND reversed given \Draft and \Deleted flags
- mbox: "LF not found" errors happened sometimes when X-IMAPbase
header was updated. Possibly corrupted mbox sometimes.
Thanks to Fabrice Bellet for finding this bug.
- Custom flags couldn't be unset
- Maildir: make sure ":2," is appended to filename when moving mails
from new/ to cur/.
- Maildir: synchronization might have sometimes set wrong flags to
messages, or crash completely
- Maildir: RENAME xx inbox.xx didn't result as uppercased ".INBOX.xx"
directory which then couldn't be accessed
- Don't crash with RAND_bytes() error messages anymore. This mostly
happened with Fedora/RedHat.
pkgsrc changes:
o Disable crammd5 patch, doesn't apply cleanly anymore.
o Add a new option "DOVECOT_USE_MYSQL" to authenticate users
against a mysql database.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Changes:
v0.99.10.4 2003-11-24 Timo Sirainen <tss@iki.fi>
- Fixed reference counters in imap-login and pop3-login.
IMAP AUTHENTICATE and POP3 AUTH commands could have left the
process stuck doing nothing forever.
v0.99.10.3 2003-11-24 Timo Sirainen <tss@iki.fi>
- FETCH RFC822.HEADER returned message body as well
- SUBSCRIBE broke subscription lists
- LIST code rewritten, children flags should be correct now
- SORT and THREAD could have given invalid replies
- Partial BODY[...] fetches might have returned wrong data or at
least performed worse than was necessary
v0.99.10.1 2003-11-10 Timo Sirainen <tss@iki.fi>
* mbox: \Draft and \Deleted flags used opposite flag chars in
X-Status header. We were incompatible with other mbox accessing
software.
WARNING: Upgrading from previous version doesn't automatically
swap the flags, so be careful not to accidentally expunge messages
that had their \Draft flag changed to \Deleted.
* Configuration file changes:
- Whitespace at end of line is stripped, use quotes if you need it
- # comments are supported after key=value lines. if you need '#'
character, quote the value
- Both " and ' quotes are supported. If you need to use them, '\'
can be used for escaping.
- mbox: COPY into same mailbox didn't work and could have corrupted
the mailbox
- Using Dovecot without index files would crash after using a while
- Partial BODY[header] or BODY[part] fetches were buggy if client
requested more data than was available in the header/part.
- Partial BODY[...] fetches were buggy with messages that had CRLFs
- Some BODY and BODYSTRUCTURE replies missed data for message/rfc822
MIME parts causing clients to break
- SORT (SUBJECT) was buggy
- Timezone fixes with Date-header
This also includes Joshua Goodall's patch (now in the CVS tree) for
CRAM-MD5 for the -release tag.
Apply bugfix patches for the following problems:
- Searching address fields can crash sometimes.
- Auth process crashes if user doesn't have home directory set.
- Some BODY and BODYSTRUCTURE replies missed data for message/rfc822
MIME parts causing clients to break.
Based on PR pkg/22028 by MAINTAINER, Tom Hensel.
Changes:
- Default PAM service name changed to "dovecot". This means that
if you're using PAM, you most likely have to do
mv /etc/pam.d/imap /etc/pam.d/dovecot
If you wish to keep using imap, see doc/auth.txt.
- ~/rawlog directory changed to ~/dovecot.rawlog
- Faster and better maildir synchronization. We support read-only
maildirs and out-of-quota conditions are handled a lot better.
dovecot-uidlist file still isn't out-of-quota-safe though, but you
can keep it in another location where quota isn't checked. For
example:
default_mail_env = Maildir:~/Maildir:
INDEX=/noquota/%u:CONTROL=/noquota/%u
- Read-only mboxes are supported now.
- Only NOOP and CHECK now always do a mailbox sync checking. Other
commands sync max. once in 5 seconds, plus always from indexes.
This should reduce I/O a bit.
- All NUL characters are translated to ascii #128 before sending to
client. RFC prohibits sending NULs and this is how UW-IMAP handles
it as well.
- Make ENVELOPE, BODY and BODYSTRUCTURE replies more compact by
removing multiple LWSPs and translating TABs to spaces. RFC doesn't
specifically require this, but this seems to be the wanted
behaviour..
- Added ANONYMOUS SASL mechanism.
- More flexible user chrooting configuration in home directories:
"<chroot>/./<homedir>"
- Added support for dynamically loadable IMAP/POP3 modules. See
INSTALL file for more information.
- Partial fetches were broken if mails had CR+LF linefeeds
- SEARCH DELETED didn't return anything if all messages were deleted
- OpenSSL support was broken in many installations because we were
chrooted and it couldn't open /dev/urandom.
- PAM: Giving wrong password blocked the whole process for two
seconds. Now we create a new process for each check.
- Lots of other smaller bugfixes and better error handling
From MAINTAINER, Tom Hensel.
Changes:
- Dovecot may now be compiled with Cyrus-SASL2, specify
USE_SASL2=YES for this to happen.
- use generic USE_OPENLDAP instead of DOVECOT_USE_LDAP
- minor cleanups
0.99.10rc2:
===========
- Minor bugs corrected, one possible crash when using hardlinks
for copying fixed.
- Minor fix for the 'linebreak-problem' - should be history now
even on non-i386.
- PostgreSQL server will be reconnected on failure.
This will be a stable 0.99.10 release if no new bugs popup.
From Tom Hensel via tech-pkg and private mail.
Changes:
- new MAINTAINER, Tom Hensel
0.99.10-test14:
===============
- IMAP over SSL works now without having to install (patched) OpenSSL from
pkgsrc or patching dovecot itself. For instance, OpenSSL gets initalized
before chrooting so it can open /dev/urandom, even some possible crashes
have been fixed.
- Many changes to the Maildir synchronization and expiration code, diffrent
bugs and flaws are fixed. Improved indexing and hashing of Maildirs and
mboxes.
- Changes to improve overall perfomance have been incorparated.
- The authorization daemon now supports the ANONYMOUS SASL mechanism,
a few bugs were fixed.
- Many flaws and glitches are gone, please see dovecot's ChangeLog for
a complete list of changes.
Dovecot is a secure and compact IMAP/POP3 server which is in the early stages
of developement. It supports Maildirs and mbox formats and much of the IMAP
v4 protocol including SSL/TLS. IPv6 support is also included.
Package provided by Juan RP via pkgsrc-wip with modifications by me.
