The main thing that this new release adds is full support for the spamtest,
spamtestplus and virustest extensions. These extensions implement a uniform
means of testing the content spam/virus status headers in mail messages:
http://ietfreport.isoc.org/idref/rfc5235/
Not many people have tested these new features yet and therefore these are
currently considered experimental. Test these thoroughly before you start using
them! Documentation is available in share/doc/dovecot/spamtest-virustest.txt
Changelog Sieve v0.1.16:
* Finished implementation of spamtest, spamtestplus and virustest
extensions. These are not enabled by default and need to be
activated with the sieve_extensions setting. Documentation available
in doc/spamtest-virustest.txt
+ Vacation extension: the from address of the generated reply is now
by default equal to whatever known recipient alias matched the
headers of the message. If it is one of the aliases specified with
:addresses, it is used in stead of the envelope recipient address
that was used before.
+ Restructured and optimized the lexical scanner.
+ Added --with-docs configure option to allow disabling installation
of documentation.
- Accidentally omitted 'extern' in two declarations of global
variables in header files, causing compile failures on certain
systems.
- Deprecated imapflags extension: fixed implicit assignment of flags.
Turns out this never really worked, but the effect of this bug was
obscured by the removeflag bug fixed in the previous release.
- Fixed various memset argument mixups in enotify extension. This
caused warnings on certain systems, but luckily no adverse effects
at runtime.
mbox users really should upgrade, because by sending a message with a huge
header you could basically cause a DoS (this problem exists only with v1.2.x,
not with v1.0 or v1.1).
- mbox: Message header reading was unnecessarily slow. Fetching a huge header
could have resulted in Dovecot eating a lot of CPU. Also searching messages
was much slower than necessary.
- mbox, dbox, cydir: Mail root directory was created with 0770 permissions,
instead of 0700.
- maildir: Reading uidlist could have ended up in an infinite loop.
- IMAP IDLE: v1.2.7+ caused extra load by checking changes every 0.5 seconds
after a change had occurred in mailbox
Changelog for Dovecot 1.2.10:
+ %variables now support %{host}, %{pid} and %{env:ENVIRONMENT_NAME}
everywhere.
+ LIST-STATUS capability is now advertised
- maildir: Fixed several assert-crashes.
- imap: LIST "" inbox shouldn't crash when using namespace with
"INBOX." prefix.
- lazy_expunge now ignores non-private namespaces.
Changelog for Sieve 0.1.15:
* Enotify extension:
- Adjusted notify method API for addition of new notification
methods.
- Set default importance level to 'normal' (was 'high').
* Include extension: updated implementation towards most recent
specification (all should be backwards compatible):
- Implemented global variables namespace.
- Global command may now appear anywhere in a script.
- Implemented script name checking using the requirements specified
in the ManageSieve draft.
- One issue remains: ManageSieve currently requires included scripts
to be uploaded first, which is not according to specification.
* Changed envelope path parser to allow to and from envelope addresses
that have no domain part.
+ Added preliminary support for Sieve plugins and added support for
installing Sieve development headers.
+ Started work on the implementation of the spamtest, spamtestplus and
virustest extensions (unfinished).
+ Deprecated notify extension: implemented denotify command.
+ Variables extension: added support for variable namespaces.
+ Added configurable script size limit. Compiler will refuse to
compile files larger than sieve_max_script_size.
+ Testsuite changes:
- Added support for changing and testing an extension's
configuration.
- Added a command line parameter for copying errors to stderr.
- Fixed a bug in the i;ascii-numeric comparator. If one of the
strings started with a non-digit character, the comparator would
always yield less-than.
- Imap4flags extension: fixed bug in removeflag: removing a single
flag failed due to off-by-one error (bug report by Julian Cowley).
- Improved EACCES error messages for stat() and lstat() syscalls and
slightly improved error messages that may uccur when saving a
binary.
- Vacation extension: fixed typo in runtime log message (patch by
Julian Cowley).
- Fixed use of minus '-' in man pages; it is now properly escaped.
- Fixed parser recovery. In particular cases it would trigger spurious
errors after an initial valid error and sometimes additional errors
were inappropriately ignored.
Changelog for ManageSieve 0.11.11:
* This release contains adjustments to match changes in the Sieve API.
This means that this release will only compile against Pigeonhole
Sieve v0.1.15.
+ Implemented ManageSieve QUOTA enforcement.
+ Added MAXREDIRECTS capability after login.
+ Implemented new script name rules specified in most recent
ManageSieve draft.
- Fixed assertion failure occuring with challenge-response SASL
mechanisms.
- Made configure complain about trying to compile against installed
Dovecot headers alone.
- Fixed compile warning for compilation against CMUSieve.
Changelog for Dovecot 1.2.9:
* maildir: When saving, filenames now always contain ,S=<size>.
Previously this was done only when quota plugin was loaded. It's
required for zlib plugin and may be useful for other things too.
+ lazy-expunge: Support a single-namespace configuration. If a mailbox
is deleted, its messages are merged with its old expunged messages
(if there were any).
+ expire: Settings now support spaces in mailbox names by using
quoted strings.
- maildir: v1.2.7 and v1.2.8 caused assert-crashes in
maildir_uidlist_records_drop_expunges()
- maildir_copy_preserve_filename=yes could have caused crashes.
- Maildir++ quota: % limits weren't updated when limits were read
from maildirsize.
- virtual: v1.2.8 didn't fully fix the "lots of mailboxes" bug
- virtual: Fixed updating virtual mailbox based on flag changes.
- fts-squat: Fixed searching multi-byte characters.
Changelog for Sieve 0.1.14:
* Made the imposed limits on the number of redirects and the number
of actions configurable. The settings are called sieve_max_actions
and sieve_max_redirects.
* Did a major rework of extension handling, making sure that no global
state is maintained. This change was triggered by problems that
global state info would cause for Dovecot v2.0, but it is also
important for v1.2 as it significantly cleans up the library
implementation.
+ Made LDA Sieve plugin recognize the deliver_log_format setting.
+ Message headers produced from user-supplied data are now
RFC2047-encoded if necessary for outgoing messages. This is for
example important for the :subject argument of the vacation action.
+ Added support for the $text$ substitution in the deprecated notify
extension.
+ The subaddress extension now also accepts recipient_delimiter
setting as an alias for sieve_subaddress_sep setting. This
anticipates the recipient_delimiter setting in v2.0.
- Fixed logging of mailbox names. It logged the converted mUTF7
version in stead of the original UTF8 version supplied by the user.
- Fixed a minor memory leak in the multiscript support.
- Fixed a bug in the recompilation of Sieve scripts. Made sure that
scripts are only recompiled when the script file - or the symlink
pointing to it - is strictly newer.
Changelog for ManageSieve 0.11.10:
* This release contains adjustments to match changes in the Sieve API.
This means that this release will only compile against Pigeonhole
Sieve v0.1.14.
- Fixed compilation of ManageSieve against CMUSieve.
Fuß <ef@math.uni-bonn.de>.
The package now contains Stephan Bosch' new Dovecot Sieve plugin as a pkgsrc
option (instead of the old CMU Sieve plugin that was a separate package), as
well as the ManageSieve extension. The dovecot-sieve package will be removed.
Upgrading from Dovecot 1.1.x may require changes to your configuration file,
see this webpage for more information: http://wiki.dovecot.org/Upgrading/1.2
Major changes since Dovecot 1.1:
* When creating files or directories to mailboxes, Dovecot now uses
the mailbox directory's permissions and GID for them. Previous
versions simply used 0600 mode always. For backwards compatibility
dovecot-shared file's permissions still override these with Maildir.
* SQL dictionary (quota) configuration file is different than in v1.1.
See doc/dovecot-dict-sql-example.conf for the new format.
* deliver -m: Mailbox name is now assumed to be in UTF-8 format,
not modified-UTF7. Stephan Bosch's new Sieve implementation also
assumes UTF-8 format in fileinto parameters.
+ Full support for shared mailboxes and IMAP ACL extension.
The code is mainly from Sascha Wilde and Bernhard Herzog.
+ IMAP: Added support for extensions: CONDSTORE, QRESYNC, ESEARCH,
ESORT, SEARCHRES, WITHIN, ID and CONTEXT=SEARCH.
+ SEARCH supports INTHREAD search key, but the rest of the INTHREAD
draft isn't implemented yet so it's not advertised in capability.
+ THREAD REFS algorithm where threads are sorted by their latest
message instead of the thread root message. There is also no base
subject merging.
+ IMAP: Implemented imap-response-codes draft.
+ Thread indexes for optimizing IMAP THREAD command and INTHREAD
search key.
+ Added userdb checkpassword (by Sascha Wilde)
+ Virtual mailboxes: http://wiki.dovecot.org/Plugins/Virtual
+ Autocreate plugin: http://wiki.dovecot.org/Plugins/Autocreate
+ Listescape plugin: http://wiki.dovecot.org/Plugins/Listescape
* Upgraded to Unicode 5.2.0
- Maildir: Fixed crash when using a lot of keywords.
- file_set_size() was broken with OSes that didn't support posix_fallocate()
(almost everyone except Linux), causing all kinds of index file errors.
- file_set_size() was broken with OSes that didn't support posix_fallocate()
(almost everyone except Linux), causing all kinds of index file errors.
- ldap: Fixed hang when >128 requests were sent at once.
- Fixed a crash in saving messages where message contained a CR character that
wasn't followed by LF (and the CR happened to be the last character in an
internal buffer).
- deliver: Don't send rejects to any messages that have Auto-Submitted header.
This avoids emails loops.
- Message decoding fixes (mainly for IMAP SEARCH, Sieve).
+ dovecot -n/-a now outputs also lda settings.
- Maildir++ quota: Quota was sometimes updated wrong when it was
being recalculated.
- Searching quoted-printable message body internally converted "_"
characters to spaces and didn't match search keys with "_".
- Messages in year's first/last day may have had broken timezones
with OSes not having struct tm->tm_gmtoff (e.g. Solaris).
- IMAP: Don't crash if IDLE command is pipelined after a long-running
UID FETCH or UID SEARCH.
- IMAP: Some FETCH command parameters were broken with in some OSes.
- mbox: New mailboxes were created with UIDVALIDITY 1.
- mbox: Don't write garbage to mbox if message doesn't have a body.
- Maildir: Fixed using in-memory indexes when some required directory
was missing.
- auth: Don't assert-crash if trying to log in as master user but
with empty login username.
- Transaction log dotlocking ignored mail_nfs_index and
dotlock_use_excl settings.
- convert plugin / convert-tool: Fixed changing hierarchy separators
in mailbox names when alt_hierarchy_char isn't set.
- Several fixes to expire plugin / expire-tool
- zlib: Give better error messages on failures.
Fixes a couple of bugs in v1.1.15's changes. Hopefully the last v1.1 release
before v1.2.0.
- v1.1.15 could have crashed if mailbox-closing command was pipelined after a
mailbox-accessing command.
- v1.1.15's zlib plugin may have caused crashes when fetching INTERNALDATE.
- Maildir: If messages had been deleted externally from new/ directory and
mailbox was opened with EXAMINE, Dovecot didn't immediately notice that the
messages were deleted.
- If message body started with a space, some operations could have assert-
crashed.
v1.1.15 2009-05-17 Timo Sirainen <tss@iki.fi>
+ IMAP: When multiple commands are pipelined, try harder to combine their
mailbox syncing together. For example with Maildir pipelining STORE 1:*
+FLAGS \Deleted and EXPUNGE commands the files won't be unnecessarily
rename()d before being unlink()ed.
- IMAP: SEARCH command was slower than necessary in a large mailbox.
- deliver: When forwarding messages, if -f parameter was given, it should have
been used as the Return-Path.
- Maildir saving: Fixed race condition bugs in uidlist handling, causing files
to be given new UIDs sometimes.
- mbox: Don't crash when expunging all messages and file doesn't end with
[CR]LF.
- expire-tool: Use mail_uid and mail_gid settings if userdb doesn't return
uid/gid.
- Berkeley DB dict: Transaction rollbacking was implemented wrong.
- zlib plugin: Some email / FETCH command combinations could have disconnected
the client or sent compressed garbage.
* IMAP: Don't allow APPEND to specify INTERNALDATE more than 2 hours
into future. With Maildir future INTERNALDATEs may mess up incremental
backups.
- Date: header was always being added to cache file when saving messages,
even if clients didn't really want it. This caused POP3-only users to
have dovecot.index.cache file unneededly.
- Character set conversion in specific mails may have caused Dovecot to
allocate all the available memory (in default configuration dying after
having allocated 256 MB). This happened only while searching messages.
- Message address parser didn't handle empty group:; correctly.
- imap/pop3-login: Don't crash when shutting down and destroying clients.
- deliver wasn't using mail_access_groups setting.
- mbox: When doing autodetection, if mbox didn't find an existing mail
directory it just went and created it anyway, instead of failing the
storage creation.
- Fixed some error handling in maildir and index code.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
- v1.1.12's MAILBOXDIR changes broke accessing mails in some setups
- v1.1.12's login_executable -D checking changes caused dovecot to
crash at startup if protocols setting contained only pop3.
- mbox: pop3_lock_session=3Dyes was broken with mail_privileged_group.
* Added :MAILBOXDIR= to mail_location to specify the root dir for
mailboxes. dbox users should migrate to ":MAILBOXDIR=mailboxes",
because that's going to be the default in v1.2+.
+ Linux: Adding -D parameter to login_executable makes login processes
dump core to login_dir if they crash.
- IMAP: SELECT didn't always return first unseen message in reply
- POP3: pop3_lock_session=yes didn't use mail_privileged_group while
dotlocking.
- mbox: Don't crash if >=8192 bytes long line begins with "From ".
- Maildir: More fixes to handling over 26 keywords.
- Several logging fixes and improvements
- Fixed authentication caching with non-plaintext mechanisms when using
a blocking passdb (e.g. MySQL)
- Fixed DIGEST-MD5 authentication with user@domain style usernames.
- IMAP: PERMANENTFLAGS list didn't contain \*, causing some clients
not to save keywords.
- dbox: INTERNALDATE and save date was returned wrong for converted
maildir files.
- auth: Using "username" or "domain" passdb fields caused problems
with cache and blocking passdbs in v1.1.8 .. v1.1.10.
- userdb prefetch + blocking passdbs was broken with non-plaintext
auth in v1.1.8 .. v1.1.10.
- If mail_chroot is set, don't fail at startup in dump-capability.
- Maildir: Keyword handling was somewhat broken in v1.1.9
- userdb prefetch was broken with blocking passdbs in v1.1.9
- dict process didn't always die with the rest of Dovecot
- dict quota was somewhat broken with pgsql
Lots of small dbox fixes, hopefully migrations from Maildir are now working
correctly.
+ Sending SIGUSR2 to dovecot-auth now also logs statistics about cache inserts.
This could help figuring out auth cache size.
+ deliver: Added rejection_subject setting, which is used for rejected mails.
+ pop3: Prevent clients from looping forever trying to fetch an expunged
message.
+ If login process crashes, log the IP address that (maybe) caused it.
+ If core dump limit is 0, add "core dumps disabled" to startup log line.
+ Log better messages for "Permission denied" errors
- mbox: Fixed assert-crash with pop3_lock_session=yes
- dbox: Fixes to handling maildir-converted files.
- Auth cache wasn't working correctly for all fields (e.g. allow_nets) with
blocking passdbs (e.g. mysql).
- pgsql: Handle reconnecting to server without failing auth lookups.
- Berkeley DB memory/resource leak fixes.
- maildir: Fixes to handling over 26 keywords.
Most importantly mbox bugfixes. v1.1 should finally be as stable with
mboxes as it was with v1.0. Hopefully we'll also soon have the first
v1.2 beta release and the final v1.2.0 somewhat soon after that.
- mbox: Several bugfixes. Fixes "next message unexpectedly lost"
errors and perhaps some other problems as well.
- deliver: It wasn't possible to override boolean settings in
lda section by setting them to "no".
- Maildir++ quota didn't correctly check if maildirs had changed
during recalculation.
- kqueue notify: Fixed assert-crash in some situations
- dbox: Several fixes to handling Maildir migrations
- Logging/error message improvements
* IMAP QUOTA extension now returns "MESSAGE" quota, not "MESSAGES".
This makes Dovecot now RFC 2087 compliant. Hopefully this change
doesn't break anyone's Dovecot-specific quota checking code..
+ Added !include and !include_try directives to config file reader.
Note that !include doesn't currently work with deliver. The main
point here is that ssl_key_password can be placed to a different
file with !include_try that deliver can just ignore.
+ More error/debug message logging improvements.
- v1.1.6 gave "userdb didn't return a home directory" error at startup
- Some config file parsers (deliver, passwd-file, acl, trash) ignored
the file's last line if it didn't end with LF.
- fts: SEARCH SUBJECT didn't search messages that weren't already
in fts index.
- fts-solr: Don't assert-crash if we couldn't connect to Solr.
- IMAP: Mailbox deletion gave an error, but still worked, if mails'
control directory wasn't the same as index directory.
- Several fixes to rarely used mailbox list layout configurations.
Ok'ed geert@
The invalid message address parsing bug is pretty important since it
allows a remote user to send broken mail headers and prevent the
recipient from accessing the mailbox afterwards, because the process
will always just crash trying to parse the header. This is assuming that
the IMAP client uses FETCH ENVELOPE command, not all do. Note that it
doesn't affect versions older than v1.1.4.
+ dovecot -n and -a now prints some system information at the top.
+ More error/debug message logging improvements.
- pop3-login: Fixed assert-crash if a client sent USER+PASS+USER+PASS
commands in the same IP packet.
- Parsing an invalid message address like "From: (" caused an
assert-crash in v1.1.4 and v1.1.5.
- Folding whitespace wasn't handled correctly inside quoted-strings,
causing some messages to be parsed incorrectly.
- mbox: Fixed saving messages that begin with a valid From_-line.
* Dovecot prints an informational message about authentication problems
at startup. The message goes away after the first successful
authentication. This hopefully reduces the number of "Why doesn't
my authentication work?" questions.
+ Maildir/dbox: Try harder to assign unique UIDVALIDITY values to
mailboxes to avoid potential problems when recreating or renaming
mailboxes. The UIDVALIDITY is tracked using dovecot-uidvalidity*
files in the mail root directory.
+ Many logging improvements
- In some conditions Dovecot could have stopped using existing cache
file and never used it again until it was deleted.
- pop3 + Maildir: Make sure virtual sizes are always written to
dovecot-uidlist. This way if the indexes are lost Dovecot will never
do a huge amount of work to recalculate them.
- mbox: Fixed listing mailboxes in namespaces with prefix beginning
with '~' or '/' (i.e. UW-IMAP compatibility namespaces didn't work).
- dict quota: Don't crash when recalculating quota (when quota warnings
enabled).
- Fixes to handling "out of disk space/quota" failures.
- Blocking passdbs/userdbs (e.g. PAM, MySQL) could have failed lookups
sometimes when auth_worker_max_request_count was non-zero.
- Fixed compiling with OpenBSD
- SORT: Yet another assert-crashfix when renumbering index sort IDs.
- ACL plugin fixes: Negative rights were actually treated as positive rights.
'k' right didn't prevent creating parent/child/child mailbox. ACL groups
weren't working.
- Maildir++ quota: Fixes to rebuilding when quota limit wasn't specified in
Dovecot (0 limit or limit read from maildirsize).
- mbox: Several bugfixes causing errors and crashes.
- Several fixes to expire plugin / expire-tool.
- lock_method=dotlock could have deadlocked with itself.
- Many error handling fixes and log message improvements.
This fixes several mbox problems previous v1.1 releases have had.
* mail_max_userip_connections limit no longer applies to master user logins.
+ login_log_format_elements: Added %k to show SSL protocol/cipher information.
Not included by default.
+ imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
+ deliver: Added -s parameter to autosubscribe to autocreated mailboxes.
- message parser fixes - hopefully fixes an infinite looping problem
- SORT: One more assert-crashfix when renumbering index sort IDs.
- mbox: Saving may have truncated the mail being saved
- mbox: Several other bugfixes
- mail_full_filesystem_access=yes was broken when listing mailboxes (it still
is with maildir++ layout).
- maildirlock utility was somewhat broken
- zlib plugin: bzip2 support was somewhat broken
- NFS: Make sure writing to files via output streams don't assert-crash when
write() returns only partial success.
Development of new features in this release and the upcoming
multi-master replication are sponsored by Directi (www.directi.com).
Lucene indexing is currently deprecated in favor of the new Solr
indexing. I'm even considering removing the Lucene C++ library support,
so if you're interested in keeping it send me a mail. Note that the
current fts-lucene is somewhat broken as well as non-optimal.
Anyone interested in using zlib plugin with Maildir should read
http://wiki.dovecot.org/Plugins/Zlib.
I'm hoping to get the first v1.2 betas out in a couple of weeks and an
eventual v1.2.0 release in a couple of months.
+ Added full text search indexing support for Apache Lucene Solr
server: http://wiki.dovecot.org/Plugins/FTS/Solr
+ IMAP SORT: Added X-SCORE sort key for use with Solr searches.
+ zlib plugin supports now bzip2 also.
+ quota: All backends now take noenforcing parameter.
+ Maildir: Add ,S=3D<size> to maildir filename whenever quota plugin
is loaded, even when not using Maildir++ quota.
+ deliver: Allow lda section to override plugin settings.
+ deliver: Giving a -m <namespace prefix> parameter now silently saves
the mail to INBOX. This is useful for e.g. -m INBOX/${extension}
+ Added a new maildirlock utility for write-locking Dovecot Maildir.
+ dict-sql: Support non-MySQL databases by assuming they implement the
"INSERT .. ON DUPLICATE KEY" using an INSERT trigger.
- SORT: Fixed several crashes/errors with sort indexing.
- IMAP: BODYSTRUCTURE is finally RFC 3501 compliant. Earlier versions
didn't include Content-Location support.
- IMAP: Fixed bugs with listing INBOX.
- Maildir: maildirfolder file wasn't created when dovecot-shared
file existed on the root directory
- deliver didn't expand %variables in namespace location settings.
- zlib: Copying non-compressed messages resulted in empty mails
(except when hardlink-copying between maildirs).
- mbox-snarf plugin was somewhat broken
- deliver + Maildir: If uidlist couldn't be locked while saving,
we might have assert-crashed
- mbox: Fixed an assert-crash with \Recent flag handling
This release also fixes a NetBSD-specific bug, see the following thread:
http://www.dovecot.org/list/dovecot/2008-June/031680.html
copy from there.
Update the Sieve plugin accordingly to 1.1.5.
Major changes since 1.0:
* After Dovecot v1.1 has modified index or dovecot-uidlist files,
they can't be opened anymore with Dovecot versions earlier than
v1.0.2.
* See doc/wiki/Upgrading.1.1.txt (or for latest changes,
http://wiki.dovecot.org/Upgrading/1.1) for list of changes since
v1.0 that you should be aware of when upgrading.
+ IMAP: Added support for UIDPLUS and LIST-EXTENDED extensions.
+ IMAP SORT: Sort keys are indexed, which makes SORT commands faster.
+ When saving messages, update cache file immediately with the data
that we expect client to fetch later.
+ NFS caches are are flushed whenever needed. See mail_nfs_storage and
mail_nfs_index settings.
+ Out of order command execution (SEARCH, FETCH, LIST), nonstandard
command cancellation (X-CANCEL <tag>)
+ IMAP: STATUS-IN-LIST draft implementation
+ Expire plugin can be used to keep track of oldest messages in
specific mailboxes. A nightly run can then quickly expunge old
messages from the mailboxes that have them. The tracking is done
using lib-dict, so you can use either Berkeley DB or SQL database.
+ Namespaces are supported everywhere now.
+ Namespaces have new list and subscriptions settings.
+ Full text search indexing support with Lucene and Squat backends.
+ OTP and S/KEY authentication mechanisms (by Andrey Panin).
+ mbox and Maildir works with both Maildir++ and FS layouts. You can
change these by appending :LAYOUT=3Dmaildir++ or :LAYOUT=3Dfs to
mail_location.
+ LDAP: Support templates in pass_attrs and user_attrs
+ Support for listening in multiple IPs/ports.
+ Quota plugin rewrite: Support for multiple quota roots, warnings,
allow giving storage size in bytes or kilo/mega/giga/terabytes,
per-mailbox quota rules.
+ Filesystem quota backend supports inode limits, group quota and
RPC quota for NFS.
+ SEARCH and SORT finally compare non-ASCII characters
case-insensitively. We use i;unicode-casemap algorithm.
+ Config files support splitting values to multiple lines with \
Since v1.1.0 release is getting near, this could well be the last v1.0
release. I'll still fix important bugs, but if the bugfix is large or
affects only few people it'll probably get fixed only in v1.1 releases.
* mbox: Enable mail_privileged_group while creating INBOX.
- IMAP: Fixed a rare crash in FETCH BODY/BODYSTRUCTURE
- IMAP: If mailbox is selected with EXAMINE, ignore flag changes
- proxy: Login success reply was sent in two IP packets, which
confused some IMAP/POP3 clients
- ACL plugin leaked memory a bit
- dovecot-auth: allow_nets setting with network masks didn't work
correctly with big endian machines.
Note that the changes for the security hole fix were quite large. I tested with
several auth configurations myself and they seemed to work, but it's possible I
left a bug somewhere in there breaking someone's configuration. So make sure to
test that it works after upgrading.
Of course it would be really nice if Dovecot had a proper test suite where
testing all configurations could be automated and run before each release. I've
already started this with my imaptest tool (http://imapwiki.org/ImapTest), but
it only does IMAP tests and a lot of things are still missing. Some help would
be nice here.
* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
and shadow if blocking=yes) where user could specify extra fields
in the password. The main problem here is when specifying
"skip_password_check" introduced in v1.0.11 for fixing master user
logins, allowing the user to log in as anyone without a valid
password.
- mail_privileged_group was broken in some systems (OS X, Solaris?)
- IMAP THREAD: Fixed some correctness problems
* mail_extra_groups setting was commonly used insecurely. This setting
is now deprecated. Most users should switch to using
mail_privileged_group setting, but if you really need the old
functionality use mail_access_groups instead.
- mbox: Dropped some of the physical size fetch optimizations added
in v1.0.8. This makes some commands slower, but should fix the rest
of the problems.
- IMAP: SEARCH BEFORE/ON/SINCE didn't handle timezones correctly.
- ldap: auth_bind was doing lookups using subtree scope instead of
the scope specified in config file.
- zlib plugin crashfixes by Richard Platel
- master passdbs: pass=yes setting was broken with blocking passdbs
(e.g. MySQL)
v1.0.8 and v1.0.9 were a bit bad releases. Hopefully one day I've managed to
have written a proper test suite which can be run before doing any releases..
* Security hole with LDAP+auth cache: If base setting contained
%variables they weren't included in auth cache key, which broke
caching. This could have caused different users with same passwords
to log in as each other. [pkgsrc: this was fixed in dovecot-1.0.9nb1]
- LDAP: Fixed potential infinite looping when connection to LDAP
server was lost and there were queued requests.
- mbox: More changes to fix problems caused by v1.0.8 and v1.0.9.
- Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions
(caused by changes in v1.0.9)
- If protocols=none, don't require imap executables to exist
+ Maildir: Don't wait on dovecot-uidlist.lock when we just want to
find out a new filename for the message.
- mbox: v1.0.8 changes sometimes caused FETCH to fail with
"got too little data", disconnecting the client.
- Fixed a memory leak when FETCHing message header/body multiple
times within a command (e.g. BODY[1] BODY[2])
- IMAP: Partial body fetching was still slow with mboxes
