Fuß <ef@math.uni-bonn.de>.
The package now contains Stephan Bosch' new Dovecot Sieve plugin as a pkgsrc
option (instead of the old CMU Sieve plugin that was a separate package), as
well as the ManageSieve extension. The dovecot-sieve package will be removed.
Upgrading from Dovecot 1.1.x may require changes to your configuration file,
see this webpage for more information: http://wiki.dovecot.org/Upgrading/1.2
Major changes since Dovecot 1.1:
* When creating files or directories to mailboxes, Dovecot now uses
the mailbox directory's permissions and GID for them. Previous
versions simply used 0600 mode always. For backwards compatibility
dovecot-shared file's permissions still override these with Maildir.
* SQL dictionary (quota) configuration file is different than in v1.1.
See doc/dovecot-dict-sql-example.conf for the new format.
* deliver -m: Mailbox name is now assumed to be in UTF-8 format,
not modified-UTF7. Stephan Bosch's new Sieve implementation also
assumes UTF-8 format in fileinto parameters.
+ Full support for shared mailboxes and IMAP ACL extension.
The code is mainly from Sascha Wilde and Bernhard Herzog.
+ IMAP: Added support for extensions: CONDSTORE, QRESYNC, ESEARCH,
ESORT, SEARCHRES, WITHIN, ID and CONTEXT=SEARCH.
+ SEARCH supports INTHREAD search key, but the rest of the INTHREAD
draft isn't implemented yet so it's not advertised in capability.
+ THREAD REFS algorithm where threads are sorted by their latest
message instead of the thread root message. There is also no base
subject merging.
+ IMAP: Implemented imap-response-codes draft.
+ Thread indexes for optimizing IMAP THREAD command and INTHREAD
search key.
+ Added userdb checkpassword (by Sascha Wilde)
+ Virtual mailboxes: http://wiki.dovecot.org/Plugins/Virtual
+ Autocreate plugin: http://wiki.dovecot.org/Plugins/Autocreate
+ Listescape plugin: http://wiki.dovecot.org/Plugins/Listescape
- IMAP: Don't crash if IDLE command is pipelined after a long-running
UID FETCH or UID SEARCH.
- IMAP: Some FETCH command parameters were broken with in some OSes.
- mbox: New mailboxes were created with UIDVALIDITY 1.
- mbox: Don't write garbage to mbox if message doesn't have a body.
- Maildir: Fixed using in-memory indexes when some required directory
was missing.
- auth: Don't assert-crash if trying to log in as master user but
with empty login username.
- Transaction log dotlocking ignored mail_nfs_index and
dotlock_use_excl settings.
- convert plugin / convert-tool: Fixed changing hierarchy separators
in mailbox names when alt_hierarchy_char isn't set.
- Several fixes to expire plugin / expire-tool
- zlib: Give better error messages on failures.
v1.1.15 2009-05-17 Timo Sirainen <tss@iki.fi>
+ IMAP: When multiple commands are pipelined, try harder to combine their
mailbox syncing together. For example with Maildir pipelining STORE 1:*
+FLAGS \Deleted and EXPUNGE commands the files won't be unnecessarily
rename()d before being unlink()ed.
- IMAP: SEARCH command was slower than necessary in a large mailbox.
- deliver: When forwarding messages, if -f parameter was given, it should have
been used as the Return-Path.
- Maildir saving: Fixed race condition bugs in uidlist handling, causing files
to be given new UIDs sometimes.
- mbox: Don't crash when expunging all messages and file doesn't end with
[CR]LF.
- expire-tool: Use mail_uid and mail_gid settings if userdb doesn't return
uid/gid.
- Berkeley DB dict: Transaction rollbacking was implemented wrong.
- zlib plugin: Some email / FETCH command combinations could have disconnected
the client or sent compressed garbage.
Lots of small dbox fixes, hopefully migrations from Maildir are now working
correctly.
+ Sending SIGUSR2 to dovecot-auth now also logs statistics about cache inserts.
This could help figuring out auth cache size.
+ deliver: Added rejection_subject setting, which is used for rejected mails.
+ pop3: Prevent clients from looping forever trying to fetch an expunged
message.
+ If login process crashes, log the IP address that (maybe) caused it.
+ If core dump limit is 0, add "core dumps disabled" to startup log line.
+ Log better messages for "Permission denied" errors
- mbox: Fixed assert-crash with pop3_lock_session=yes
- dbox: Fixes to handling maildir-converted files.
- Auth cache wasn't working correctly for all fields (e.g. allow_nets) with
blocking passdbs (e.g. mysql).
- pgsql: Handle reconnecting to server without failing auth lookups.
- Berkeley DB memory/resource leak fixes.
- maildir: Fixes to handling over 26 keywords.
Most importantly mbox bugfixes. v1.1 should finally be as stable with
mboxes as it was with v1.0. Hopefully we'll also soon have the first
v1.2 beta release and the final v1.2.0 somewhat soon after that.
- mbox: Several bugfixes. Fixes "next message unexpectedly lost"
errors and perhaps some other problems as well.
- deliver: It wasn't possible to override boolean settings in
lda section by setting them to "no".
- Maildir++ quota didn't correctly check if maildirs had changed
during recalculation.
- kqueue notify: Fixed assert-crash in some situations
- dbox: Several fixes to handling Maildir migrations
- Logging/error message improvements
Development of new features in this release and the upcoming
multi-master replication are sponsored by Directi (www.directi.com).
Lucene indexing is currently deprecated in favor of the new Solr
indexing. I'm even considering removing the Lucene C++ library support,
so if you're interested in keeping it send me a mail. Note that the
current fts-lucene is somewhat broken as well as non-optimal.
Anyone interested in using zlib plugin with Maildir should read
http://wiki.dovecot.org/Plugins/Zlib.
I'm hoping to get the first v1.2 betas out in a couple of weeks and an
eventual v1.2.0 release in a couple of months.
+ Added full text search indexing support for Apache Lucene Solr
server: http://wiki.dovecot.org/Plugins/FTS/Solr
+ IMAP SORT: Added X-SCORE sort key for use with Solr searches.
+ zlib plugin supports now bzip2 also.
+ quota: All backends now take noenforcing parameter.
+ Maildir: Add ,S=3D<size> to maildir filename whenever quota plugin
is loaded, even when not using Maildir++ quota.
+ deliver: Allow lda section to override plugin settings.
+ deliver: Giving a -m <namespace prefix> parameter now silently saves
the mail to INBOX. This is useful for e.g. -m INBOX/${extension}
+ Added a new maildirlock utility for write-locking Dovecot Maildir.
+ dict-sql: Support non-MySQL databases by assuming they implement the
"INSERT .. ON DUPLICATE KEY" using an INSERT trigger.
- SORT: Fixed several crashes/errors with sort indexing.
- IMAP: BODYSTRUCTURE is finally RFC 3501 compliant. Earlier versions
didn't include Content-Location support.
- IMAP: Fixed bugs with listing INBOX.
- Maildir: maildirfolder file wasn't created when dovecot-shared
file existed on the root directory
- deliver didn't expand %variables in namespace location settings.
- zlib: Copying non-compressed messages resulted in empty mails
(except when hardlink-copying between maildirs).
- mbox-snarf plugin was somewhat broken
- deliver + Maildir: If uidlist couldn't be locked while saving,
we might have assert-crashed
- mbox: Fixed an assert-crash with \Recent flag handling
This release also fixes a NetBSD-specific bug, see the following thread:
http://www.dovecot.org/list/dovecot/2008-June/031680.html
copy from there.
Update the Sieve plugin accordingly to 1.1.5.
Major changes since 1.0:
* After Dovecot v1.1 has modified index or dovecot-uidlist files,
they can't be opened anymore with Dovecot versions earlier than
v1.0.2.
* See doc/wiki/Upgrading.1.1.txt (or for latest changes,
http://wiki.dovecot.org/Upgrading/1.1) for list of changes since
v1.0 that you should be aware of when upgrading.
+ IMAP: Added support for UIDPLUS and LIST-EXTENDED extensions.
+ IMAP SORT: Sort keys are indexed, which makes SORT commands faster.
+ When saving messages, update cache file immediately with the data
that we expect client to fetch later.
+ NFS caches are are flushed whenever needed. See mail_nfs_storage and
mail_nfs_index settings.
+ Out of order command execution (SEARCH, FETCH, LIST), nonstandard
command cancellation (X-CANCEL <tag>)
+ IMAP: STATUS-IN-LIST draft implementation
+ Expire plugin can be used to keep track of oldest messages in
specific mailboxes. A nightly run can then quickly expunge old
messages from the mailboxes that have them. The tracking is done
using lib-dict, so you can use either Berkeley DB or SQL database.
+ Namespaces are supported everywhere now.
+ Namespaces have new list and subscriptions settings.
+ Full text search indexing support with Lucene and Squat backends.
+ OTP and S/KEY authentication mechanisms (by Andrey Panin).
+ mbox and Maildir works with both Maildir++ and FS layouts. You can
change these by appending :LAYOUT=3Dmaildir++ or :LAYOUT=3Dfs to
mail_location.
+ LDAP: Support templates in pass_attrs and user_attrs
+ Support for listening in multiple IPs/ports.
+ Quota plugin rewrite: Support for multiple quota roots, warnings,
allow giving storage size in bytes or kilo/mega/giga/terabytes,
per-mailbox quota rules.
+ Filesystem quota backend supports inode limits, group quota and
RPC quota for NFS.
+ SEARCH and SORT finally compare non-ASCII characters
case-insensitively. We use i;unicode-casemap algorithm.
+ Config files support splitting values to multiple lines with \
v1.0.8 and v1.0.9 were a bit bad releases. Hopefully one day I've managed to
have written a proper test suite which can be run before doing any releases..
* Security hole with LDAP+auth cache: If base setting contained
%variables they weren't included in auth cache key, which broke
caching. This could have caused different users with same passwords
to log in as each other. [pkgsrc: this was fixed in dovecot-1.0.9nb1]
- LDAP: Fixed potential infinite looping when connection to LDAP
server was lost and there were queued requests.
- mbox: More changes to fix problems caused by v1.0.8 and v1.0.9.
- Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions
(caused by changes in v1.0.9)
- If protocols=none, don't require imap executables to exist
* deliver: If Return-Path doesn't contain user and domain, don't try
to bounce the mail (this is how it was supposed to work earlier too)
* deliver: %variables in mail setting coming from userdb aren't
expanded anymore (again how it should have worked). The expansion
could have caused problems if paths contained any '%' characters.
+ Print Dovecot version number with dovecot -n and -a
+ deliver: Added -e parameter to write rejection error to stderr and
exit with EX_NOPERM instead of sending the rejection by executing
sendmail.
+ dovecot --log-error logs now a warning, an error and a fatal
- Trying to start Dovecot while it's already running doesn't anymore
wipe out login_dir and break the running Dovecot.
- maildir: Fixed "UID larger than next_uid" errors which happened
sometimes when dovecot-uidlist file didn't exist but index files did
(usually because mailbox didn't have any messages when it was
selected for the first time)
- maildir: We violated maildir spec a bit by not having keyword
characters sorted in the filename.
- maildir: If we don't have write access to cur/ directory, treat the
mailbox as read-only. This fixes some internal error problems with
trying to use read-only maildirs.
- maildir: Deleting a symlinked maildir failed with internal error.
- mbox: pop3_uidl_format=%m wasn't working right
- mbox: If non-filesystem quota was enabled, we could have failed
with "Unexpectedly lost From-line" errors while saving new messages
- mysql auth: %c didn't work. Patch by Andrey Panin
- APPEND / SEARCH: If internaldate was outside valid value for time_t,
we returned BAD error for APPEND and SEARCH never matched. With 64bit
systems this shouldn't have happened. With 32bit systems the valid
range is usually for years 1902..2037.
- COPY: We sent "Hang in there.." too early sometimes and checked it
too often (didn't break anything, but was slower than needed).
- deliver: Postfix's sendmail binary wasn't working with mail_debug=yes
- Don't corrupt ssl-parameters.dat files when running multiple Dovecot
instances.
- Cache compression caused dovecot.index.cache to be completely deleted
with big endian CPUs if 64bit file offsets were used (default)
- Fixed "(index_mail_parse_header): assertion failed" crash
Probably one more RC after this.
* Security fix: If zlib plugin was loaded, it was possible to open
gzipped mbox files outside the user's mail directory.
+ Added auth_gssapi_hostname setting.
- IMAP: LIST "" "" didn't return anything if there didn't exist a
namespace with empty prefix. This broke some clients.
- If Dovecot is tried to be started when it's already running, don't
delete existing auth sockets and break the running Dovecot
- If deliver failed too early it still returned exit code 89 instead
of EX_TEMPFAIL.
- deliver: INBOX fallbacking with -n parameter wasn't working.
- passdb passwd and shadow couldn't be used as master or deny databases
- IDLE: inotify didn't notice changes in mbox file
- If index file directory couldn't be created, disable indexes instead
of failing to open the mailbox.
- Several other minor fixes
Still a bit more fixes. My coding TODO list is again empty. Unless
something special happens in the next few weeks, I'll still make rc29
with the documentation included and v1.0 will be released April 13.
* deliver + userdb static: Verify the user's existence from passdb,
unless allow_all_users=yes
* dovecot --exec-mail: Log to configured log files instead of stderr
* Added "-example" part to doc/dovecot-sql-example.conf and
doc/dovecot-ldap-example.conf. They are now also installed to
$sysconfdir with "make install".
+ When copying/syncing a lot of mails, send "* OK Hang in there"
replies to client every 15 seconds so it doesn't just timeout the
connection.
+ Added idxview and logview utilities to examine Dovecot's index files
+ passdb passwd and shadow support blocking=yes setting now also
+ mbox: If mbox file changes unexpectedly while we're writing to it,
log an error.
+ deliver: Ignore -m "" parameter to make calling it easier.
+ deliver: Added new -n parameter to disable autocreating mailboxes.
It affects both -m parameter and Sieve plugin's fileinto action
- mbox: Using ~/ in the mail root directory caused a ~ directory to be
created (instead of expanding it to home directory)
- auth cache: If unknown user was found from cache, we didn't properly
return "unknown user" status, which could have caused problems in
deliver.
- mbox: Fixed "UID inserted in the middle of mailbox" in some
conditions with broken X-UID headers
- Index view syncing fixes
- rc27 didn't compile with some non-GCC compilers
- vpopmail support didn't compile in rc27
- NFS check with chrooting broke home direcotry for the first login
- deliver: If user lookup returned "unknown user", it logged
"BUG: Unexpected input"
- convert plugin didn't convert INBOX
Documentation is probably the only important thing left before v1.0.
* deliver doesn't ever exit with Dovecot's internal exit codes anymore.
All its internal exit codes are changed to EX_TEMPFAIL.
* mbox: X-Delivery-ID header is now dropped when saving mails.
* mbox: If pop3_uidl_format=%m, we generate a unique X-Delivery-ID
header when saving mails to make sure the UIDL is unique.
+ PAM: blocking=yes in args uses an alternative way to do PAM checks.
Try it if you're having problems with PAM.
+ userdb passwd: blocking=yes in args makes the userdb lookups be done
in auth worker processes. Set it if you're doing remote NSS lookups
(eg. nss_ldap problems are fixed by this).
+ If PAM child process hasn't responded in two minutes, send KILL
signal to it (only with blocking=no)
- IMAP: APPEND ate all CPU while waiting for more data from the client
(broken in rc22)
- mbox: Broken X-UID headers assert-crashed sometimes
- mbox: When saving a message to an empty mbox file it got an UID
which immediately got incremented.
- mbox: Fixed some wrong "uid-last unexpectedly lost" errors.
- auth cache: In some situations we crashed if passdb had extra_fields.
- auth cache: Special extra_fields weren't saved to auth cache.
For example allow_nets restrictions were ignored for cached entries.
- A lot of initial login processes could cause auth socket errors
in log file at startup, if dovecot-auth started slowly. Now the
login processes are started only after dovecot-auth has finished
initializing itself.
- imap/pop3 proxy: Don't crash if the remote server disconnects before
we're logged in.
- deliver: Don't bother trying to save the mail twice into the default
mailbox (eg. if it's over quota).
- mmap_disable=yes + non-Linux was really slow with large
dovecot.index.cache files
- MySQL couldn't be used as a masterdb
- Trash plugin was more or less broken
- imap/pop3 couldn't load plugins if they chrooted
- imap/pop3-login process could crash in some conditions
- checkpassword-reply crashed if USER/HOME wasn't set
Found another bad bug in rc19 changes. Wonder why my imaptest catched
the bug only in CVS HEAD but not in branch_1_0 even though both had it.
Anyway, now the imaptest runs nicely for both, and I'm again optimistic
that the bug count is low enough for v1.0 to be released soon :)
+ pop3: Commit the transaction even if client didn't QUIT so cached
data gets saved.
- Fixed another indexing bug in rc19 and later which caused
transactions to be skipped in some situations, causing all kinds of
problems.
- mail_log_max_lines_per_sec was a bit broken and caused crashes with
dovecot -a
- BSD filesystem quota was counted wrong. Patch by Manuel Bouyer
- LIST: If namespace has a prefix and inbox=no, don't list
prefix.inbox if it happens to exist when listing for %.
Our patch-ah has been applied upstream and patch-ak was from dovecot CVS.
utility does). Without this, the ration used/total displayed by clients
is right but the absolute values are wrong.
Submitted to dovecot developers, OK'd by ghen@
bump PKGREVISION
I'll just keep on making new releases now whenever something important
is fixed. Hopefully there shouldn't be many left anymore.
Most of the bugs fixed in this release were found by stress testing with
my imaptest tool (http://dovecot.org/tools/imaptest.c). If you're
interested in knowing how perfectly your Dovecot setup works (especially
if you're using NFS), you could try the tool yourself also.
I still see one crash with mmap_disable=yes, but it's pretty rare. Will
see if I get it fixed before v1.0, but it's not that important.
+ deliver: If we're executing as a normal system user, get the HOME
environment from passwd if it's not set. This makes it possible to
run deliver from .forward.
- Older compilers caused LDAP authentication to crash
- Dying LDAP connections weren't handled exactly correctly in rc11,
although it seemed to work usually
- Fixed crashes and memory leaks with AUTHENTICATE command
- Fixed crashes and leaks with IMAP/POP3 proxying
- maildir: Changing a mailbox while another process was saving a
message there at the same may have caused the changes to not be made
into the maildir, which could have caused other problems later..
Hopefully the last RC release? As far as I know there are no major
problems left now. If nothing big shows up, v1.0 should be out in a
couple of weeks.
* Renamed default_mail_env to mail_location. default_mail_env still
works for backwards compatibility.
* deliver: When sending rejects, don't include Content-Type in the
rejected mail's headers.
* LDAP changes:
* If auth binds are used, bind back to the default dn before doing
a search. Otherwise it could fail if a user gave an invalid
password.
* Initial binding at connect is now done asynchronously.
* Use pass_attrs even with auth_bind=yes since it may contain
useful non-password fields.
+ passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP
environments to the checkpassword binary so we're UCSPI (and vchkpw)
compatible.
- mbox handling was a bit broken in rc10
- Using Dovecot via inetd kept crashing dovecot master
- deliver: Don't crash with -f "". Changed the default from envelope
to be "MAILER-DAEMON".
- INBOX wasn't shown with LSUB command if only prefixed namespaces
were used.
- passdb ldap: Reconnecting to LDAP server wasn't working with
auth binds.
- passdb sql: Non-plaintext authentication didn't work
- MySQL passdb ignored all non-password checks, such as allow_nets
- trash plugin was broken
I've finally read all the mails in the mailing list and in my INBOX. If
I haven't replied to some of your mail, please resend it.
Remember that since 1.0.rc9 release dovecot.index.cache files will get
rebuilt in 64bit systems, and it's probably better to delete them
manually so you don't get errors in log files.
There are only a couple of issues left in my v1.0-TODO list:
- Master process appears to be leaking log fds with kqueue. Could
someone again give me access to a system where this happens?
- Login process problems. How well does it work now? Hopefully well
enough that v1.0 could be released.
- LDAP authentication is leaking memory? Can anyone confirm this? Even
better, can someone figure out what exactly is leaking? :) Not a v1.0
blocker though.
I think v1.0 will be released once no-one has reported any major
problems for a Dovecot release in 2-4 weeks. I think login process
handling is the only potentially major problem left.
There are a few patches from people that I haven't forgotten, but I've
decided not to put them into v1.0 anymore:
- Filesystem quota group. I don't think it's that important feature,
and it might break something.
- HFS+ hardlink avoiding
- Managesieve
- vmailmgr support
And finally the changes in this release:
* When matching allowed_nets IPs, convert IPv6-mapped-IPv4 addresses
to actual IPv4 addresses first.
+ IMAP: Try to avoid sending duplicate/useless message flag updates
+ Added support for non-plaintext authentication for vpopmail if it
returns plaintext passwords. Based on patch by Remi Gacogne.
+ Added %D modified to return "sub.domain.org" as
"sub,dc=domain,dc=org" (for LDAP queries). Patch by Andrey Panin.
- rc9 broke cache files in 64bit systems
- deliver works now with mail_chroot
- auth cache didn't work properly with multiple passdbs
- Fixes to handling CRLF linefeeds in mboxes.
I've still over 200 mails unread in the mailing list, and important
things left in TODO. This release is an improvement over rc7 anyway,
hopefully I'll have time to fix the rest soon.
* GSSAPI: Changed POP3 service name to "pop", which is what the
standard says
* "mbox:/var/mail/%u" no longer works as the mail location. You'll
have to specify the mail root explicitly, just like the examples
always have: "mbox:~/mail:INBOX=/var/mail/%u"
+ SHA1, LDAP-MD5, PLAIN-MD5, PLAIN-MD4: The password can be now either
hex or base64 encoded. The encoding is detected automatically based
on the password string length.
+ Allow running only Dovecot master and dovecot-auth processes with
protocols=none setting
+ deliver: -f <envelope sender> parameter can be used to set mbox
From_-line's sender address
+ deliver: Log all mail saves and failures
+ Tru64 SIA passdb support. Patch by Simon L Jackson.
- INBOX was listed twice in mailbox list if namespace prefix was used
- INBOX-prefixed namespaces were a bit broken
- kqueue: Fix 100% CPU usage
- deliver: Duplicate storage was a bit broken
- dictionary code was broken (ie. dict quota)
- SIGHUP caused crashes sometimes
- SSL connections hanged sometimes, especially when saving messages.
- mbox: Mail bodies were saved with CR+LF linefeeds
- Mail forwarding was broken with deliver/Sieve
- dbox fixes. Might actually be usable now.
- Index file handling fixes with keywords
- Cache file was incorrectly used in some situations, which probably
caused problems sometimes.
- Maildir++ quota: Don't count "." and ".." directory sizes to quota.
After rewriting maildirsize file keep its fd open so that we can
later update it. Patch by Alexander Zagrebin
* PAM: If user's password is expired, give "Password expired" error
message to the user. Now actually working thanks to Vaidas Pilkauskas
* Relicensed dovecot-auth, lib-sql and lib-ntlm to MIT license. See
COPYING file for more information.
* Abuse prevention: When creating a mailbox, limit the number of
hierarchies (up to 20) and the length of the mailbox name within
a hierarchy (up to 200 characters).
* mbox: If saved mail doesn't end with LF, add it ourself so that the
mails always have one empty line before the next From-line.
+ Added --with-statedir configure option which defaults to
$localstatedir/lib/dovecot. ssl-parameters.dat is permanently
stored in that directory and is copied to login_dirs from there.
+ IMAP: Support SASL-IR extension (SASL initial response)
+ Support initial SASL response with LOGIN mechanism. Patch by Anders
Karlsson
+ Added PLAIN-MD4 password scheme. Patch by Andrey Panin.
+ Added support for XFS disk quotas. Patch by Pawel Jarosz
+ If another process deletes the opened mailbox, try to handle it
without writing errors to log file. Handles the most common cases.
+ Added TLS support for LDAP if the library supports it.
- SEARCH command was more or less broken with OR and NOT conditions
- Dovecot corrupted mbox files which had CR+LF linefeeds in headers
- MySQL code could have crashed while escaping strings
- MD4 code with NTLM authentication was broken with 64bit systems.
Patch by Andrey Panin
- Plugin loading was broken in some OSes (eg. FreeBSD)
- Several fixes to handling empty values in configuration file
- Several fixes to dictionary quota backend and dict server.
Also changed how they're configured.
- deliver: Fixed plugin handling settings
- mbox_min_index_size handling was somewhat broken
- passdb passwd-file: extra_args field wasn't read unless the file
was also used as userdb.
Fixes a lot of bugs. The next release will be the first "release
candidate" instead of a beta.
* PAM: Don't call pam_setcred() unless setcred=yes PAM passdb
argument was given.
* Moved around settings in dovecot-example.conf to be in more logical
groups.
+ Local delivery agent (deliver binary) works again.
+ LDAP: Added support for SASL binding. Patch by Geert Jansen
+ ssl_verify_client_cert: Check CRLs. If auth_verbose=yes, log
invalid sent certificates. If verbose_ssl=yes, log even the valid
certificates. When using the username from the certificate, use
CommonName. Based on patch by HenkJan Wolthuis
+ PAM: Set PAM_TTY which is needed by some PAM plugins
+ dovecot --exec-mail ext <binary path> can now be used to start
binaries which want dovecot.conf to be read, for example the
convert-tool.
- Expunging needed to be done twice if client used STORE +FLAGS.SILENT
command to set the \Deleted flags
- Added sql_escape_string() to lib-sql API and use it instead of
normal \-escaping.
- ACL plugin fixes
- DIGEST-MD5: Trying to use subsequent authentication crashed
dovecot-auth.
- Fetching BODY when BODYSTRUCTURE was already cached caused the
reply to be broken in some cases
- Lots of fixes for index file handling
- dbox fixes and changes
- mbox syncing broke if some extraneous/broken headers were removed
(eg. extra X-IMAPbase headers in mails)
- Running Dovecot from inetd work now properly with POP3
- Quota plugin fixes for calculating the quota correctly
which were fixed again in beta5.
patch-ac and patch-ad were taken from CVS and are not needed anymore.
Changes in Dovecot 1.0beta4:
* Changed the default lock_method back to fcntl. Apparently flock
gives problems with some systems.
* mbox: mailboxes beginning with '.' are now also listed
* Replaced mail_use_modules and mail_modules settings with mail_plugins
and mail_plugin_dir. Now instead of loading all plugins from the
directory, you'll have to give a list of plugins to load. If the
plugin couldn't be loaded, the process exits instead of just
ignoring the problem (this is important with ACL plugin).
+ Added support for "master users" who can log in as other people.
The master username can be given either in authorization ID
string with SASL PLAIN mechanism or by setting
auth_master_user_separator and giving it within the normal username
string.
+ Added ACL plugin with ACL file backend. This however doesn't mean
that there yet exists a proper shared folder support. If master user
logged in as someone else, the ACLs are checked as the master user.
+ Added some Dovecot extensions to checkpassword passdb, see ChangeLog
+ Updated passwd-file format to allow specifying any key=value fields
+ Maildir++ quota support and several quota fixes
+ passdb supporting extra fields: Added "allow_nets" option which takes
a comma separated list of IPs/networks where to allow user to log in.
+ NFS: Handle ESTALE errors the best way we can
+ IMAP now writes to log when client disconnects
+ In shared mailboxes (if dovecot-shared file exists) \Seen flags are
now kept only in index files, so as long as each user has a separate
index file they have separate \Seen flags.
- Fixes to DIGEST-MD5 realm handling so it works with more clients
- BODYSTRUCTURE -> BODY conversion from cache file was broken with
mails containing message/rfc822 parts.
- Fixed several memory leaks
- We could have sent client FETCH notifications about messages before
telling about them with EXISTS
- Compiling fixes for Solaris and some other OSes
- Fixed problem with internal timeout handling code, which caused eg.
outlook-idle workaround to break.
- If /dev/urandom didn't exist, we didn't seed OpenSSL's random number
generator properly. Patch by Vilmos Nebehaj.
- Maildir: Recent flags weren't always immediately removed from mails
when mailbox was opened.
- Several changes to SSL proxying code, hopefully making it work
better.
Changes in Dovecot 1.0beta5:
- Beta4's SSL proxying rewrite worked worse than I thought.
Reverted it back to original code.
- Filesystem quota plugin now looks up the mount path correctly.
(we've patched them). Wanted to wait with this for dovecot1.0beta4 but this
takes longer than I thought. Not worth bumping PKGREVISION, IMO.
Ok with tv.
default at the next version bump?)
- set SSL_{CFLAGS,LIBS} when calling configure script so they are
found correctly on Solaris, and make the configure script do what it
claims and ignore pkg-config when these are set.
- add lib-sql Makefile patch from Dovecot CVS so this builds correctly
when no SQL auth support is built.
as was done in wip/dovecot-nightly. That comment is misleading with
pkgsrc, since those paths are not what pkgsrc encodes into the conf file.
Bump PKGREVISION (unfortunate, but there will be another beta pretty
soon anyway).
correct a mistake in my previous commit:
- add dependency on zlib
- add option for GNU TLS as an alternative to OpenSSL
- drop SASL option, it's no longer supported
- explicitly disable some options with --disable-*
- "s,/usr/pkg,@PREFIX@," in patch-ab -- I accidentally diffed it after the SUBST stage
- change SUBST_STAGE from post-patch to pre-configure to avoid this in the future
- bump PKGREVISION for all this
Thanks to tv@.
recommended by the Dovecot author (the 0.99.x series are deprecated).
Major changes:
v1.0.beta2 2006-01-22 Timo Sirainen <tss@iki.fi>
+ Added SQLite support. Patch by Jakob Hirsch.
+ Added auth_debug_passwords setting. If it's not enabled, hide all
password strings from logs.
+ Added mail_cache_min_mail_count and mbox_min_index_size settings
which can be used to make Dovecot do less disk writes in small
mailboxes where they don't benefit that much.
+ Added --build-ssl-parameters parameter to dovecot binary
- SSL parameters were being regenerated every 10 minutes, although not
with all systems.
- Fixed dovecot-auth crashing at startup. Happened only with some
specific compilers.
- base_dir was supposed to be set world-readable, not world-writable
v1.0.beta1 2006-01-16 Timo Sirainen <tss@iki.fi>
* Almost a complete rewrite since 0.99.x, but some of the major
changes are:
+ Index file code rewritten to do less disk I/O, wait locks less and in
generate be smarter. They also support being in clustered filesystems
and NFS support is mostly working also.
+ Mail caching is smarter. Only the data that client requests is
cached. Before Dovecot opened and cached all mails when mailbox was
opened the first time, which was slow.
+ Mbox handling code rewritten to be much faster, safer and correct
+ New authentication mechanisms: APOP, GSSAPI, LOGIN, NTLM and RPA.
+ LDAP supports authentication binds
+ Authentication server can cache password database lookups
+ Support for multiple authentication databases
+ Namespace configuration
+ Dovecot works with shared
- Add an option for sqlite support.
- Take over maintainership.
All suggested (and ok'ed) by xtraeme.
* GNUTLS support hasn't been working for a while, so it's not even
tried to be used anymore unless explicitly wanted.
+ Added CRAM-MD5 authentication mechanism. Patch by Joshua Goodall
+ Added SMD5 and LDAP-MD5 password schemes and changed MD5 scheme to
use LDAP-MD5 if the password isn't in MD5crypt format. Patch by
Joshua Goodall
+ Workaround for some POP3 client bugs: if message doesn't contain the
"end of headers" empty line, add it automatically.
+ vpopmail supports now all password schemes, most importantly
MD5crypt works now without support from libc's crypt()
- SQL and LDAP authentication was broken
- SEARCH UNKEYWORD wasn't working
pkgsrc changes:
* Disable GNU TLS support for the time being.
* Move the workaround for the gcc2 sparc64 ICE into hacks.mk.
* Format DESCR.
0.99.10.9 2004-07-31 Timo Sirainen <tss at iki.fi>
- MySQL compiling got broken in last release
- More PostgreSQL reconnection fixing
0.99.10.8 2004-07-30 Timo Sirainen <tss at iki.fi>
+ LDAP support compiles now with Solaris LDAP library
- IMAP BODY and BODYSTRUCTURE replies were wrong for MIME parts which
didn't contain Content-Type header.
- MySQL and PostgreSQL auth didn't reconnect if connection was lost
to SQL server
- Linking fixes for dovecot-auth with some systems
- Last fix for disconnecting client when downloading mail longer than
30 seconds actually made it never disconnect client. Now it works
properly: disconnect when client hasn't read _any_ data for 30
seconds.
v0.99.10.5 2003-12-27 Timo Sirainen <tss@iki.fi>
+ MySQL authentication, patch by Matthew Reimer
+ --with-moduledir configure option
- mbox: APPEND reversed given \Draft and \Deleted flags
- mbox: "LF not found" errors happened sometimes when X-IMAPbase
header was updated. Possibly corrupted mbox sometimes.
Thanks to Fabrice Bellet for finding this bug.
- Custom flags couldn't be unset
- Maildir: make sure ":2," is appended to filename when moving mails
from new/ to cur/.
- Maildir: synchronization might have sometimes set wrong flags to
messages, or crash completely
- Maildir: RENAME xx inbox.xx didn't result as uppercased ".INBOX.xx"
directory which then couldn't be accessed
- Don't crash with RAND_bytes() error messages anymore. This mostly
happened with Fedora/RedHat.
pkgsrc changes:
o Disable crammd5 patch, doesn't apply cleanly anymore.
o Add a new option "DOVECOT_USE_MYSQL" to authenticate users
against a mysql database.
Changes:
v0.99.10.4 2003-11-24 Timo Sirainen <tss@iki.fi>
- Fixed reference counters in imap-login and pop3-login.
IMAP AUTHENTICATE and POP3 AUTH commands could have left the
process stuck doing nothing forever.
v0.99.10.3 2003-11-24 Timo Sirainen <tss@iki.fi>
- FETCH RFC822.HEADER returned message body as well
- SUBSCRIBE broke subscription lists
- LIST code rewritten, children flags should be correct now
- SORT and THREAD could have given invalid replies
- Partial BODY[...] fetches might have returned wrong data or at
least performed worse than was necessary
v0.99.10.1 2003-11-10 Timo Sirainen <tss@iki.fi>
* mbox: \Draft and \Deleted flags used opposite flag chars in
X-Status header. We were incompatible with other mbox accessing
software.
WARNING: Upgrading from previous version doesn't automatically
swap the flags, so be careful not to accidentally expunge messages
that had their \Draft flag changed to \Deleted.
* Configuration file changes:
- Whitespace at end of line is stripped, use quotes if you need it
- # comments are supported after key=value lines. if you need '#'
character, quote the value
- Both " and ' quotes are supported. If you need to use them, '\'
can be used for escaping.
- mbox: COPY into same mailbox didn't work and could have corrupted
the mailbox
- Using Dovecot without index files would crash after using a while
- Partial BODY[header] or BODY[part] fetches were buggy if client
requested more data than was available in the header/part.
- Partial BODY[...] fetches were buggy with messages that had CRLFs
- Some BODY and BODYSTRUCTURE replies missed data for message/rfc822
MIME parts causing clients to break
- SORT (SUBJECT) was buggy
- Timezone fixes with Date-header
This also includes Joshua Goodall's patch (now in the CVS tree) for
CRAM-MD5 for the -release tag.
Apply bugfix patches for the following problems:
- Searching address fields can crash sometimes.
- Auth process crashes if user doesn't have home directory set.
- Some BODY and BODYSTRUCTURE replies missed data for message/rfc822
MIME parts causing clients to break.
Based on PR pkg/22028 by MAINTAINER, Tom Hensel.
Changes:
- Default PAM service name changed to "dovecot". This means that
if you're using PAM, you most likely have to do
mv /etc/pam.d/imap /etc/pam.d/dovecot
If you wish to keep using imap, see doc/auth.txt.
- ~/rawlog directory changed to ~/dovecot.rawlog
- Faster and better maildir synchronization. We support read-only
maildirs and out-of-quota conditions are handled a lot better.
dovecot-uidlist file still isn't out-of-quota-safe though, but you
can keep it in another location where quota isn't checked. For
example:
default_mail_env = Maildir:~/Maildir:
INDEX=/noquota/%u:CONTROL=/noquota/%u
- Read-only mboxes are supported now.
- Only NOOP and CHECK now always do a mailbox sync checking. Other
commands sync max. once in 5 seconds, plus always from indexes.
This should reduce I/O a bit.
- All NUL characters are translated to ascii #128 before sending to
client. RFC prohibits sending NULs and this is how UW-IMAP handles
it as well.
- Make ENVELOPE, BODY and BODYSTRUCTURE replies more compact by
removing multiple LWSPs and translating TABs to spaces. RFC doesn't
specifically require this, but this seems to be the wanted
behaviour..
- Added ANONYMOUS SASL mechanism.
- More flexible user chrooting configuration in home directories:
"<chroot>/./<homedir>"
- Added support for dynamically loadable IMAP/POP3 modules. See
INSTALL file for more information.
- Partial fetches were broken if mails had CR+LF linefeeds
- SEARCH DELETED didn't return anything if all messages were deleted
- OpenSSL support was broken in many installations because we were
chrooted and it couldn't open /dev/urandom.
- PAM: Giving wrong password blocked the whole process for two
seconds. Now we create a new process for each check.
- Lots of other smaller bugfixes and better error handling
From Tom Hensel via tech-pkg and private mail.
Changes:
- new MAINTAINER, Tom Hensel
0.99.10-test14:
===============
- IMAP over SSL works now without having to install (patched) OpenSSL from
pkgsrc or patching dovecot itself. For instance, OpenSSL gets initalized
before chrooting so it can open /dev/urandom, even some possible crashes
have been fixed.
- Many changes to the Maildir synchronization and expiration code, diffrent
bugs and flaws are fixed. Improved indexing and hashing of Maildirs and
mboxes.
- Changes to improve overall perfomance have been incorparated.
- The authorization daemon now supports the ANONYMOUS SASL mechanism,
a few bugs were fixed.
- Many flaws and glitches are gone, please see dovecot's ChangeLog for
a complete list of changes.
Dovecot is a secure and compact IMAP/POP3 server which is in the early stages
of developement. It supports Maildirs and mbox formats and much of the IMAP
v4 protocol including SSL/TLS. IPv6 support is also included.
Package provided by Juan RP via pkgsrc-wip with modifications by me.
